add ARM to NUMA platform exlcludes

Fix for CVE-2011-2178, regression introduced in disk probe logic,
Bug 709775

.cvsignore

@@ -1,19 +0,0 @@
-.build*.log
-*.rpm
-i686
-x86_64
-libvirt-*.tar.gz
-libvirt-0.6.0.tar.gz
-libvirt-0.6.1.tar.gz
-libvirt-0.6.2.tar.gz
-libvirt-0.6.3.tar.gz
-libvirt-0.6.4.tar.gz
-libvirt-0.6.5.tar.gz
-libvirt-0.7.0.tar.gz
-libvirt-0.7.1.tar.gz
-libvirt-0.7.2.tar.gz
-libvirt-0.7.3.tar.gz
-libvirt-0.7.4.tar.gz
-libvirt-0.7.5.tar.gz
-libvirt-0.7.6.tar.gz
-libvirt-0.7.7.tar.gz

.gitignore

@@ -0,0 +1,5 @@
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz

libvirt-0.7.7-fix-usb-product.patch

@@ -1,233 +0,0 @@
-From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Fri, 12 Mar 2010 12:36:56 -0500
-Subject: [PATCH] qemu: Add some debugging at domain startup
-
----
- src/qemu/qemu_driver.c |   24 +++++++++++++++++++++++-
- 1 files changed, 23 insertions(+), 1 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index f8ab545..040d645 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
- 
-     FD_ZERO(&keepfd);
- 
-+    DEBUG0("Beginning VM startup process");
-+
-     if (virDomainObjIsActive(vm)) {
-         qemuReportError(VIR_ERR_OPERATION_INVALID,
-                         "%s", _("VM is already active"));
-@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,
- 
-     /* If you are using a SecurityDriver with dynamic labelling,
-        then generate a security label for isolation */
-+    DEBUG0("Generating domain security label (if required)");
-     if (driver->securityDriver &&
-         driver->securityDriver->domainGenSecurityLabel &&
-         driver->securityDriver->domainGenSecurityLabel(vm) < 0)
-         return -1;
- 
-+    DEBUG0("Generating setting domain security labels (if required)");
-     if (driver->securityDriver &&
-         driver->securityDriver->domainSetSecurityAllLabel &&
-         driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
-         goto cleanup;
- 
--    /* Ensure no historical cgroup for this VM is lieing around bogus settings */
-+    /* Ensure no historical cgroup for this VM is lying around bogus
-+     * settings */
-+    DEBUG0("Ensuring no historical cgroup is lying around");
-     qemuRemoveCgroup(driver, vm, 1);
- 
-     if ((vm->def->ngraphics == 1) &&
-         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
-         vm->def->graphics[0]->data.vnc.autoport) {
-+        DEBUG0("Determining VNC port");
-         int port = qemudNextFreeVNCPort(driver);
-         if (port < 0) {
-             qemuReportError(VIR_ERR_INTERNAL_ERROR,
-@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-         goto cleanup;
-     }
- 
-+    DEBUG0("Creating domain log file");
-     if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)
-         goto cleanup;
- 
-@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-         goto cleanup;
-     }
- 
-+    DEBUG0("Determing emulator version");
-     if (qemudExtractVersionInfo(emulator,
-                                 NULL,
-                                 &qemuCmdFlags) < 0)
-         goto cleanup;
- 
-+    DEBUG0("Setting up domain cgroup (if required)");
-     if (qemuSetupCgroup(driver, vm) < 0)
-         goto cleanup;
- 
-+    DEBUG0("Preparing host devices");
-     if (qemuPrepareHostDevices(driver, vm->def) < 0)
-         goto cleanup;
- 
-@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-         goto cleanup;
-     }
- 
-+    DEBUG0("Preparing monitor state");
-     if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)
-         goto cleanup;
- 
-@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-      * use in hotplug
-      */
-     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
-+        DEBUG0("Assigning domain PCI addresses");
-         /* Populate cache with current addresses */
-         if (priv->pciaddrs) {
-             qemuDomainPCIAddressSetFree(priv->pciaddrs);
-@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-         priv->persistentAddrs = 0;
-     }
- 
-+    DEBUG0("Building emulator command line");
-     vm->def->id = driver->nextvmid++;
-     if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,
-                               priv->monJSON, qemuCmdFlags, &argv, &progenv,
-@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-     if (ret == -1) /* The VM failed to start */
-         goto cleanup;
- 
-+    DEBUG0("Waiting for monitor to show up");
-     if (qemudWaitForMonitor(driver, vm, pos) < 0)
-         goto abort;
- 
-+    DEBUG0("Detecting VCPU PIDs");
-     if (qemuDetectVcpuPIDs(driver, vm) < 0)
-         goto abort;
- 
-+    DEBUG0("Setting CPU affinity");
-     if (qemudInitCpuAffinity(vm) < 0)
-         goto abort;
- 
-+    DEBUG0("Setting any required VM passwords");
-     if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)
-         goto abort;
- 
-     /* If we have -device, then addresses are assigned explicitly.
-      * If not, then we have to detect dynamic ones here */
-     if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
-+        DEBUG0("Determining domain device PCI addresses");
-         if (qemuInitPCIAddresses(driver, vm) < 0)
-             goto abort;
-     }
- 
-+    DEBUG0("Setting initial memory amount");
-     qemuDomainObjEnterMonitorWithDriver(driver, vm);
-     if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {
-         qemuDomainObjExitMonitorWithDriver(driver, vm);
-@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-     }
- 
-     if (migrateFrom == NULL) {
-+        DEBUG0("Starting domain CPUs");
-         /* Allow the CPUS to start executing */
-         if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {
-             if (virGetLastError() == NULL)
-@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-     qemuDomainObjExitMonitorWithDriver(driver, vm);
- 
- 
-+    DEBUG0("Writing domain status to disk");
-     if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
-         goto abort;
- 
--- 
-1.6.6.1
-
-From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Fri, 12 Mar 2010 12:37:52 -0500
-Subject: [PATCH] qemu: Fix USB by product with security enabled
-
-We need to call PrepareHostdevs to determine the USB device path before
-any security calls. PrepareHostUSBDevices was also incorrectly skipping
-all USB devices.
----
- src/qemu/qemu_driver.c |   11 ++++++-----
- 1 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 040d645..b17d26d 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
- 
-         if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
-             continue;
--        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
-+        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
-             continue;
- 
-         /* Resolve a vendor/product to bus/device */
-@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-         return -1;
-     }
- 
-+    /* Must be run before security labelling */
-+    DEBUG0("Preparing host devices");
-+    if (qemuPrepareHostDevices(driver, vm->def) < 0)
-+        goto cleanup;
-+
-     /* If you are using a SecurityDriver with dynamic labelling,
-        then generate a security label for isolation */
-     DEBUG0("Generating domain security label (if required)");
-@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
-     if (qemuSetupCgroup(driver, vm) < 0)
-         goto cleanup;
- 
--    DEBUG0("Preparing host devices");
--    if (qemuPrepareHostDevices(driver, vm->def) < 0)
--        goto cleanup;
--
-     if (VIR_ALLOC(priv->monConfig) < 0) {
-         virReportOOMError();
-         goto cleanup;
--- 
-1.6.6.1
-
-From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Mon, 22 Mar 2010 10:45:36 -0400
-Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label
-
-This can be triggered by the qemuStartVMDaemon cleanup path if a
-VM references a non-existent USB device (by product) in the XML.
-
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/security/security_selinux.c |    3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 975b315..6680e2d 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
- {
-     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- 
--    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
-+    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||
-+        secdef->label == NULL)
-         return 0;
- 
-     context_t con = context_new(secdef->label);
--- 
-1.6.6.1
-

libvirt-0.7.7-set-kernel-perms.patch

@@ -1,87 +0,0 @@
-From 3f1aa08af6580c215d973bc6bf57f505dbf8b926 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Fri, 12 Mar 2010 13:38:39 -0500
-Subject: [PATCH] security: Set permissions for kernel/initrd
-
-Fixes URL installs when running virt-install as root on Fedora.
----
- src/qemu/qemu_security_dac.c    |   21 +++++++++++++++++++++
- src/security/security_selinux.c |   16 ++++++++++++++++
- 2 files changed, 37 insertions(+), 0 deletions(-)
-
-diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
-index 6911f48..1883fbe 100644
---- a/src/qemu/qemu_security_dac.c
-+++ b/src/qemu/qemu_security_dac.c
-@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
-                                                      vm->def->disks[i]) < 0)
-             rc = -1;
-     }
-+
-+    if (vm->def->os.kernel &&
-+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
-+        rc = -1;
-+
-+    if (vm->def->os.initrd &&
-+        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
-+        rc = -1;
-+
-     return rc;
- }
- 
-@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
-             return -1;
-     }
- 
-+    if (vm->def->os.kernel &&
-+        qemuSecurityDACSetOwnership(vm->def->os.kernel,
-+                                    driver->user,
-+                                    driver->group) < 0)
-+        return -1;
-+
-+    if (vm->def->os.initrd &&
-+        qemuSecurityDACSetOwnership(vm->def->os.initrd,
-+                                    driver->user,
-+                                    driver->group) < 0)
-+        return -1;
-+
-     return 0;
- }
- 
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index b2c8581..975b315 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
-             rc = -1;
-     }
- 
-+    if (vm->def->os.kernel &&
-+        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
-+        rc = -1;
-+
-+    if (vm->def->os.initrd &&
-+        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
-+        rc = -1;
-+
-     return rc;
- }
- 
-@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
-             return -1;
-     }
- 
-+    if (vm->def->os.kernel &&
-+        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
-+        return -1;
-+
-+    if (vm->def->os.initrd &&
-+        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
-+        return -1;
-+
-     return 0;
- }
- 
--- 
-1.6.6.1
-

libvirt-0.8.3-avoid-resetting-errors.patch

@@ -0,0 +1,51 @@
+From 452bf160e5bbe0789d706fda95f5919551eb2cac Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 25 Mar 2011 16:45:45 +0100
+Subject: [PATCH 2/2] daemon: Avoid resetting errors before they are reported
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690733
+
+Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
+*Free) is called before remoteDispatchConnError() is called on error.
+However, the patch missed two instances.
+(cherry picked from commit 55cc591fc18e87b29febf78dc5b424b7c12f7349)
+---
+ daemon/remote.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index a8258ca..7464957 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -4547,12 +4547,13 @@ remoteDispatchStoragePoolListVolumes (struct qemud_server *server ATTRIBUTE_UNUS
+     ret->names.names_len =
+         virStoragePoolListVolumes (pool,
+                                    ret->names.names_val, args->maxnames);
+-    virStoragePoolFree(pool);
+     if (ret->names.names_len == -1) {
+         VIR_FREE(ret->names.names_val);
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+@@ -4576,11 +4577,12 @@ remoteDispatchStoragePoolNumOfVolumes (struct qemud_server *server ATTRIBUTE_UNU
+     }
+ 
+     ret->num = virStoragePoolNumOfVolumes (pool);
+-    virStoragePoolFree(pool);
+     if (ret->num == -1) {
+         remoteDispatchConnError(rerr, conn);
++        virStoragePoolFree(pool);
+         return -1;
+     }
++    virStoragePoolFree(pool);
+ 
+     return 0;
+ }
+-- 
+1.7.3.4
+

libvirt-0.8.3-boot-menu.patch

@@ -0,0 +1,12 @@
+diff -rup libvirt-0.8.3.orig/src/qemu/qemu_conf.c libvirt-0.8.3.new/src/qemu/qemu_conf.c
+--- libvirt-0.8.3.orig/src/qemu/qemu_conf.c	2010-08-04 13:21:27.000000000 +0100
++++ libvirt-0.8.3.new/src/qemu/qemu_conf.c	2010-08-23 21:08:13.239794362 +0100
+@@ -3651,7 +3651,7 @@ int qemudBuildCommandLine(virConnectPtr 
+ {
+     int i;
+     char memory[50];
+-    char boot[VIR_DOMAIN_BOOT_LAST];
++    char boot[VIR_DOMAIN_BOOT_LAST+1];
+     struct utsname ut;
+     int disableKQEMU = 0;
+     int disableKVM = 0;

libvirt-0.8.3-fix-var-lib-libvirt-permissions.patch

@@ -0,0 +1,44 @@
+From f970d802ab805f1a37af384f148f34e108714034 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 3 Nov 2010 15:20:24 -0600
+Subject: [PATCH] rpm: fix /var/lib/libvirt permissions
+
+https://bugzilla.redhat.com/show_bug.cgi?id=649511
+
+Regression of forcing 0700 permissions (which breaks guest startup
+because the qemu user can't see /var/lib/libvirt/*.monitor) was
+introduced in commit 66823690e, as part of libvirt 0.8.2.
+
+* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
+since libvirt depends on libvirt-client.
+(%files client): Guarantee 755 permissions on
+%(_localstatedir}/lib/libvirt, since the qemu user must be able to
+do pathname resolution to a subdirectory.
+---
+ libvirt.spec.in |    3 +--
+ 1 files changed, 1 insertions(+), 2 deletions(-)
+
+diff --git a/libvirt.spec.in b/libvirt.spec.in
+index 813e0c0..f77626e 100644
+--- a/libvirt.spec.in
++++ b/libvirt.spec.in
+@@ -793,7 +793,6 @@ fi
+ 
+ %dir %{_localstatedir}/run/libvirt/
+ 
+-%dir %{_localstatedir}/lib/libvirt/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
+ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
+ %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
+@@ -883,7 +882,7 @@ fi
+ 
+ %{_sysconfdir}/rc.d/init.d/libvirt-guests
+ %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt
++%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+ 
+ %if %{with_sasl}
+ %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
+-- 
+1.7.3.4
+

libvirt-0.8.3-octal-addresses.patch

@@ -0,0 +1,53 @@
+From 8efebd1761700a0cc32736829aead7807cc7865d Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Tue, 26 Oct 2010 14:45:03 +0200
+Subject: [PATCH] qemu: don't use %.3d format for bus/addr of USB devices
+
+When using 0-prefixed numbers, QEmu will interpret them as octal numbers
+(as C convention says); this means that if you attach a device that has
+addr > 10 (decimal) you're going to attach a different device.
+---
+ src/qemu/qemu_conf.c                               |    4 ++--
+ .../qemuxml2argv-hostdev-usb-address-device.args   |    2 +-
+ .../qemuxml2argv-hostdev-usb-address.args          |    2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 00e89a1..5bd3d4c 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -3266,7 +3266,7 @@ qemuBuildUSBHostdevDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "usb-host,hostbus=%.3d,hostaddr=%.3d,id=%s",
++    if (virAsprintf(&ret, "usb-host,hostbus=%d,hostaddr=%d,id=%s",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device,
+                     dev->info.alias) < 0)
+@@ -3288,7 +3288,7 @@ qemuBuildUSBHostdevUsbDevStr(virDomainHostdevDefPtr dev)
+         return NULL;
+     }
+ 
+-    if (virAsprintf(&ret, "host:%.3d.%.3d",
++    if (virAsprintf(&ret, "host:%d.%d",
+                     dev->source.subsys.u.usb.bus,
+                     dev->source.subsys.u.usb.device) < 0)
+         virReportOOMError();
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+index 6900fd3..7e42542 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=014,hostaddr=006,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -nodefconfig -nodefaults -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -usb -device usb-host,hostbus=14,hostaddr=6,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+index e57bec1..96e004d 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
++++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
+@@ -1 +1 @@
+-LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:014.006
++LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -usbdevice host:14.6
+-- 
+1.7.3.4
+

libvirt-0.8.3-read-only-checks.patch

@@ -0,0 +1,95 @@
+From: Guido Günther <agx@sigxcpu.org>
+Date: Mon, 14 Mar 2011 02:56:28 +0000 (+0800)
+Subject: Add missing checks for read only connections
+X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=commitdiff_plain;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad
+
+Add missing checks for read only connections
+
+As pointed on CVE-2011-1146, some API forgot to check the read-only
+status of the connection for entry point which modify the state
+of the system or may lead to a remote execution using user data.
+The entry points concerned are:
+  - virConnectDomainXMLToNative
+  - virNodeDeviceDettach
+  - virNodeDeviceReAttach
+  - virNodeDeviceReset
+  - virDomainRevertToSnapshot
+  - virDomainSnapshotDelete
+
+* src/libvirt.c: fix the above set of entry points to error on read-only
+                 connections
+
+Rebased to 0.8.2, mostly changed the call of the error routines
+---
+
+--- src/libvirt.c.orig	2011-03-14 17:03:45.000000000 +0800
++++ src/libvirt.c	2011-03-14 17:10:41.000000000 +0800
+@@ -3190,6 +3190,10 @@ char *virConnectDomainXMLToNative(virCon
+         virDispatchError(NULL);
+         return (NULL);
+     }
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(NULL, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (nativeFormat == NULL || domainXml == NULL) {
+         virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
+@@ -9432,6 +9436,11 @@ virNodeDeviceDettach(virNodeDevicePtr de
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceDettach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceDettach (dev);
+@@ -9475,6 +9484,11 @@ virNodeDeviceReAttach(virNodeDevicePtr d
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReAttach) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReAttach (dev);
+@@ -9520,6 +9534,11 @@ virNodeDeviceReset(virNodeDevicePtr dev)
+         return (-1);
+     }
+ 
++    if (dev->conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
++
+     if (dev->conn->driver->nodeDeviceReset) {
+         int ret;
+         ret = dev->conn->driver->nodeDeviceReset (dev);
+@@ -12775,6 +12794,10 @@ virDomainRevertToSnapshot(virDomainSnaps
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainRevertToSnapshot) {
+         int ret = conn->driver->domainRevertToSnapshot(snapshot, flags);
+@@ -12821,6 +12844,10 @@ virDomainSnapshotDelete(virDomainSnapsho
+     }
+ 
+     conn = snapshot->domain->conn;
++    if (conn->flags & VIR_CONNECT_RO) {
++        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++        goto error;
++    }
+ 
+     if (conn->driver->domainSnapshotDelete) {
+         int ret = conn->driver->domainSnapshotDelete(snapshot, flags);

libvirt-0.8.3-remote-protect-against-integer-overflow.patch

@@ -0,0 +1,106 @@
+From 584f9cee6926b57a19cc8bb36ea77124bdcfed94 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Jun 2011 12:16:05 -0600
+Subject: [PATCH] remote: protect against integer overflow
+
+https://bugzilla.redhat.com/show_bug.cgi?id=717204
+CVE-2011-2511 - integer overflow in VirDomainGetVcpus
+
+Integer overflow and remote code are never a nice mix.
+
+This has existed since commit 56cd414.
+
+* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
+* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
+  on sending rpc.
+* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
+  receiving rpc.
+
+(cherry picked from commit 774b21c163845170c9ffa873f5720d318812eaf6)
+
+Conflicts:
+
+	daemon/remote.c
+	src/remote/remote_driver.c
+        src/libvirt.c
+
+Change to internal.h required to avoid backporting 89d994ad.
+---
+ daemon/remote.c            |    3 ++-
+ src/internal.h             |   17 +++++++++++++++++
+ src/libvirt.c              |    4 ++--
+ src/remote/remote_driver.c |    3 ++-
+ 4 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 7464957..c6f7007 100644
+--- a/daemon/remote.c
++++ b/daemon/remote.c
+@@ -1697,7 +1697,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+         return -1;
+     }
+ 
+-    if (args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(args->maxinfo, args->maplen) ||
++        args->maxinfo * args->maplen > REMOTE_CPUMAPS_MAX) {
+         virDomainFree(dom);
+         remoteDispatchFormatError (rerr, "%s", _("maxinfo * maplen > REMOTE_CPUMAPS_MAX"));
+         return -1;
+diff --git a/src/internal.h b/src/internal.h
+index fab3e11..53447a9 100644
+--- a/src/internal.h
++++ b/src/internal.h
+@@ -226,4 +226,21 @@
+         }                                                               \
+     } while (0)
+ 
++/* branch-specific: we don't want to update gnulib on the branch, so this
++ * backports just one required macro from newer gnulib's intprops.h.
++ * This version requires that both a and b are 'int', rather than
++ * the fully type-generic version from gnulib.  */
++# define INT_MULTIPLY_OVERFLOW(a, b)            \
++    ((b) < 0                                    \
++     ? ((a) < 0                                 \
++        ? (a) < INT_MAX / (b)                   \
++        : (b) == -1                             \
++        ? 0                                     \
++        : INT_MIN / (b) < (a))                  \
++     : (b) == 0                                 \
++     ? 0                                        \
++     : ((a) < 0                                 \
++        ? (a) < INT_MIN / (b)                   \
++        : INT_MAX / (b) < (a)))
++
+ #endif                          /* __VIR_INTERNAL_H__ */
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 1213ecf..6a584fb 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -5218,8 +5218,8 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
+ 
+     /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+        try to memcpy anything into a NULL pointer.  */
+-    if ((cpumaps == NULL && maplen != 0)
+-        || (cpumaps && maplen <= 0)) {
++    if (!cpumaps ? maplen != 0
++        : (maplen <= 0 || INT_MULTIPLY_OVERFLOW(maxinfo, maplen))) {
+         virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
+         goto error;
+     }
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index cb0d8e1..0d9b425 100644
+--- a/src/remote/remote_driver.c
++++ b/src/remote/remote_driver.c
+@@ -2467,7 +2467,8 @@ remoteDomainGetVcpus (virDomainPtr domain,
+                     maxinfo, REMOTE_VCPUINFO_MAX);
+         goto done;
+     }
+-    if (maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
++    if (INT_MULTIPLY_OVERFLOW(maxinfo, maplen) ||
++        maxinfo * maplen > REMOTE_CPUMAPS_MAX) {
+         remoteError(VIR_ERR_RPC,
+                     _("vCPU map buffer length exceeds maximum: %d > %d"),
+                     maxinfo * maplen, REMOTE_CPUMAPS_MAX);
+-- 
+1.7.3.4
+

libvirt.spec

@@ -61,6 +61,9 @@
 %define with_udev          0%{!?_without_udev:0}
 %define with_hal           0%{!?_without_hal:0}
 %define with_yajl          0%{!?_without_yajl:0}
+%define with_nwfilter      0%{!?_without_nwfilter:0}
+%define with_libpcap       0%{!?_without_libpcap:0}
+%define with_macvtap       0%{!?_without_macvtap:0}
 
 # Non-server/HV driver defaults which are always enabled
 %define with_python        0%{!?_without_python:1}
@@ -74,8 +77,8 @@
 %define with_xen 0
 %endif
 
-# Numactl is not available on s390[x]
-%ifarch s390 s390x
+# Numactl is not available on s390[x] or ARM
+%ifarch s390 s390x %{arm}
 %define with_numactl 0
 %endif
 
@@ -147,6 +150,19 @@
 %define with_yajl     0%{!?_without_yajl:%{server_drivers}}
 %endif
 
+# Enable libpcap library
+%if %{with_qemu}
+%define with_nwfilter 0%{!?_without_nwfilter:%{server_drivers}}
+%define with_libpcap  0%{!?_without_libpcap:%{server_drivers}}
+%define with_macvtap  0%{!?_without_macvtap:%{server_drivers}}
+%endif
+
+%if %{with_macvtap}
+%define with_libnl 1
+%else
+%define with_libnl 0
+%endif
+
 # Force QEMU to run as non-root
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 %define qemu_user  qemu
@@ -168,21 +184,27 @@
 
 Summary: Library providing a simple API virtualization
 Name: libvirt
-Version: 0.7.7
-Release: 3%{?dist}%{?extra_release}
+Version: 0.8.3
+Release: 11%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
-# Fix USB devices by product with security enabled (bz 574136)
-Patch1: %{name}-%{version}-fix-usb-product.patch
-# Set kernel/initrd in security driver, fixes some URL installs (bz 566425)
-Patch2: %{name}-%{version}-set-kernel-perms.patch
+Patch1: %{name}-%{version}-boot-menu.patch
+Patch2: %{name}-%{version}-octal-addresses.patch
+Patch3: %{name}-%{version}-read-only-checks.patch
+Patch4: %{name}-%{version}-fix-var-lib-libvirt-permissions.patch
+# Patches 5, 6  CVE-2011-1486
+Patch5: %{name}-%{version}-threadsafe-libvirtd-error-reporting.patch
+Patch6: %{name}-%{version}-avoid-resetting-errors.patch
+# Patch 7  CVE-2011-2511
+Patch7: %{name}-%{version}-remote-protect-against-integer-overflow.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
 BuildRequires: python-devel
 
 # The client side, i.e. shared libs and virsh are in a subpackage
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 
 # Used by many of the drivers, so turn it on whenever the
 # daemon is present
@@ -190,9 +212,14 @@ Requires: libvirt-client = %{version}-%{release}
 Requires: bridge-utils
 %endif
 %if %{with_network}
-Requires: dnsmasq
+Requires: dnsmasq >= 2.41
 Requires: iptables
 %endif
+%if %{with_nwfilter}
+Requires: ebtables
+Requires: iptables
+Requires: iptables-ipv6
+%endif
 # needed for device enumeration
 %if %{with_hal}
 Requires: hal
@@ -252,7 +279,7 @@ Requires: device-mapper
 BuildRequires: xen-devel
 %endif
 %if %{with_one}
-BuildRequires: xmlrpc-c-devel >= 1.14.0 xmlrpc-c-client
+BuildRequires: xmlrpc-c-devel >= 1.14.0
 %endif
 BuildRequires: libxml2-devel
 BuildRequires: xhtml1-dtds
@@ -270,6 +297,12 @@ BuildRequires: libpciaccess-devel >= 0.10.9
 %if %{with_yajl}
 BuildRequires: yajl-devel
 %endif
+%if %{with_libpcap}
+BuildRequires: libpcap-devel
+%endif
+%if %{with_libnl}
+BuildRequires: libnl-devel
+%endif
 %if %{with_avahi}
 BuildRequires: avahi-devel
 %endif
@@ -277,7 +310,7 @@ BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 %endif
 %if %{with_network}
-BuildRequires: dnsmasq
+BuildRequires: dnsmasq >= 2.41
 %endif
 BuildRequires: bridge-utils
 %if %{with_sasl}
@@ -342,6 +375,9 @@ BuildRequires: libssh2-devel
 %if %{with_netcf}
 BuildRequires: netcf-devel >= 0.1.4
 %endif
+%if %{with_esx}
+BuildRequires: libcurl-devel
+%endif
 
 # Fedora build root suckage
 BuildRequires: gawk
@@ -373,7 +409,7 @@ virtualization capabilities of recent versions of Linux (and other OSes).
 %package devel
 Summary: Libraries, includes, etc. to compile with the libvirt library
 Group: Development/Libraries
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 Requires: pkgconfig
 %if %{with_xen}
 Requires: xen-devel
@@ -387,7 +423,7 @@ the virtualization capabilities of recent versions of Linux (and other OSes).
 %package python
 Summary: Python bindings for the libvirt library
 Group: Development/Libraries
-Requires: libvirt-client = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
 
 %description python
 The libvirt-python package contains a module that permits applications
@@ -400,6 +436,11 @@ of recent versions of Linux (and other OSes).
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p0
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 
 %build
 %if ! %{with_xen}
@@ -514,6 +555,14 @@ of recent versions of Linux (and other OSes).
 %define _without_yajl --without-yajl
 %endif
 
+%if ! %{with_libpcap}
+%define _without_libpcap --without-libpcap
+%endif
+
+%if ! %{with_macvtap}
+%define _without_macvtap --without-macvtap
+%endif
+
 %configure %{?_without_xen} \
            %{?_without_qemu} \
            %{?_without_openvz} \
@@ -542,6 +591,8 @@ of recent versions of Linux (and other OSes).
            %{?_without_hal} \
            %{?_without_udev} \
            %{?_without_yajl} \
+           %{?_without_libpcap} \
+           %{?_without_macvtap} \
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
            --with-init-script=redhat \
@@ -553,7 +604,7 @@ gzip -9 ChangeLog
 rm -fr %{buildroot}
 
 %makeinstall
-for i in domain-events/events-c dominfo domsuspend hellolibvirt python
+for i in domain-events/events-c dominfo domsuspend hellolibvirt openauth python xml/nwfilter
 do
   (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
 done
@@ -563,6 +614,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.a
 
 %if %{with_network}
+install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/lib/libvirt/dnsmasq/
 # We don't want to install /etc/libvirt/qemu/networks in the main %files list
 # because if the admin wants to delete the default network completely, we don't
 # want to end up re-incarnating it on every RPM upgrade.
@@ -596,11 +648,20 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}
 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}
 %endif
 
+%if ! %{with_libvirtd}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter
+%endif
+
 %if ! %{with_qemu}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
 %if ! %{with_lxc}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc
+%endif
+%if ! %{with_uml}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
 %endif
 
 %if %{with_libvirtd}
@@ -610,6 +671,24 @@ chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
 %clean
 rm -fr %{buildroot}
 
+%check
+cd tests
+# These 3 tests don't current work in a mock build root
+for i in nodeinfotest daemon-conf seclabeltest
+do
+  rm -f $i
+  printf "#!/bin/sh\nexit 0\n" > $i
+  chmod +x $i
+done
+# Temp hack till we figure out why its broken on ppc and s390(x)
+# a big endian issue?
+%ifarch ppc s390 s390x
+rm -f nwfilterxml2xmltest
+printf "#!/bin/sh\nexit 0\n" > nwfilterxml2xmltest
+chmod +x nwfilterxml2xmltest
+%endif
+make check
+
 %pre
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
 # Normally 'setup' adds this in /etc/passwd, but this is
@@ -630,7 +709,7 @@ getent passwd qemu >/dev/null || \
 # or on the first upgrade from a non-network aware libvirt only.
 # We check this by looking to see if the daemon is already installed
 /sbin/chkconfig --list libvirtd 1>/dev/null 2>&1
-if [ $? != 0 -a ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ]
+if test $? != 0 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml
 then
     UUID=`/usr/bin/uuidgen`
     sed -e "s,</name>,</name>\n  <uuid>$UUID</uuid>," \
@@ -654,7 +733,22 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%post client -p /sbin/ldconfig
+%preun client
+
+if [ $1 = 0 ]; then
+    /sbin/chkconfig --del libvirt-guests
+    rm -f /var/lib/libvirt/libvirt-guests
+fi
+
+%post client
+
+/sbin/ldconfig
+/sbin/chkconfig --add libvirt-guests
+if [ $1 -ge 1 ]; then
+    # this doesn't do anything but allowing for libvirt-guests to be
+    # stopped on the first shutdown
+    /sbin/service libvirt-guests start > /dev/null 2>&1 || true
+fi
 
 %postun client -p /sbin/ldconfig
 
@@ -671,19 +765,26 @@ fi
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
 %endif
 
+%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
+%{_sysconfdir}/libvirt/nwfilter/*.xml
+
 %{_sysconfdir}/rc.d/init.d/libvirtd
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
 
 %if %{with_qemu}
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
 %endif
 %if %{with_lxc}
 %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
+%endif
+%if %{with_uml}
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
 %endif
 
 %dir %{_datadir}/libvirt/
@@ -695,7 +796,6 @@ fi
 
 %dir %{_localstatedir}/run/libvirt/
 
-%dir %{_localstatedir}/lib/libvirt/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
@@ -716,6 +816,7 @@ fi
 %if %{with_network}
 %dir %{_localstatedir}/run/libvirt/network/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/
+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/dnsmasq/
 %endif
 
 %if %{with_qemu}
@@ -752,6 +853,8 @@ fi
 %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
 %attr(0755, root, root) %{_sbindir}/libvirtd
 
+%{_mandir}/man8/libvirtd.8*
+
 %doc docs/*.xml
 %endif
 
@@ -771,6 +874,7 @@ fi
 %dir %{_datadir}/libvirt/schemas/
 
 %{_datadir}/libvirt/schemas/domain.rng
+%{_datadir}/libvirt/schemas/domainsnapshot.rng
 %{_datadir}/libvirt/schemas/network.rng
 %{_datadir}/libvirt/schemas/storagepool.rng
 %{_datadir}/libvirt/schemas/storagevol.rng
@@ -779,9 +883,14 @@ fi
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storageencryption.rng
+%{_datadir}/libvirt/schemas/nwfilter.rng
 
 %{_datadir}/libvirt/cpu_map.xml
 
+%{_sysconfdir}/rc.d/init.d/libvirt-guests
+%config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
+%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt
+
 %if %{with_sasl}
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %endif
@@ -805,6 +914,7 @@ fi
 %doc examples/domain-events/events-c
 %doc examples/dominfo
 %doc examples/domsuspend
+%doc examples/openauth
 %doc examples/xml
 
 %if %{with_python}
@@ -821,6 +931,86 @@ fi
 %endif
 
 %changelog
+* Wed Jul  6 2011 Peter Robinson <pbrobinson@gmail.com> - 0.8.3-11
+- add ARM to NUMA platform exlcludes
+
+* Tue Jul  5 2011 Laine Stump <laine@redhat.com> 0.8.3-10
+- Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus,
+  Bug 717204
+
+* Tue Apr  5 2011 Laine Stump <laine@redhat.com> 0.8.3-9
+- Fix incorrect release version in specfile ChangeLog
+
+* Tue Apr  5 2011 Laine Stump <laine@redhat.com> 0.8.3-8
+- Fix for CVE-2011-1486, error reporting in libvirtd is not thread safe,
+  bug 693457
+
+* Mon Apr  4 2011 Laine Stump <laine@redhat.com> 0.8.3-7
+- fix permissions on /var/lib/libvirt
+
+* Wed Mar 16 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-6
+- fix one crash in the the error handling for previous patch
+
+* Tue Mar 15 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-5
+- fix a lack of API check on read-only connections 683655
+- CVE-2011-1146
+
+* Fri Mar  4 2011 Daniel Veillard <veillard@redhat.com> 0.8.3-4
+- fix problem parsing octal addresses bug 653883
+
+* Wed Sep 29 2010 jkeating - 0.8.3-3.1
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 16 2010 Dan Horák <dan[at]danny.cz> - 0.8.3-3
+- disable the nwfilterxml2xmltest also on s390(x)
+
+* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-2
+- Fix potential overflow in boot menu code
+
+* Mon Aug 23 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.3-1
+- Upstream release 0.8.3
+
+* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.8.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Mon Jul 12 2010 Daniel P. Berrange <berrange@redhat.com> - 0.8.2-2
+- CVE-2010-2237 ignoring defined main disk format when looking up disk backing stores
+- CVE-2010-2238 ignoring defined disk backing store format when recursing into disk
+  image backing stores
+- CVE-2010-2239 not setting user defined backing store format when creating new image
+- CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for
+  obtaining privileged resources on the host
+
+* Mon Jul  5 2010 Daniel Veillard <veillard@redhat.com> - 0.8.2-1
+- Upstream release 0.8.2
+- phyp: adding support for IVM
+- libvirt: introduce domainCreateWithFlags API
+- add 802.1Qbh and 802.1Qbg switches handling
+- Support for VirtualBox version 3.2
+- Init script for handling guests on shutdown/boot
+- qemu: live migration with non-shared storage for kvm
+
+* Fri Apr 30 2010 Daniel Veillard <veillard@redhat.com> - 0.8.1-1
+- Upstream release 0.8.1
+- Starts dnsmasq from libvirtd with --dhcp-hostsfile
+- Add virDomainGetBlockInfo API to query disk sizing
+- a lot of bug fixes and cleanups
+
+* Mon Apr 12 2010 Daniel Veillard <veillard@redhat.com> - 0.8.0-1
+- Upstream release 0.8.0
+- Snapshotting support (QEmu/VBox/ESX)
+- Network filtering API
+- XenAPI driver
+- new APIs for domain events
+- Libvirt managed save API
+- timer subselection for domain clock
+- synchronous hooks
+- API to update guest CPU to host CPU
+- virDomainUpdateDeviceFlags new API
+- migrate max downtime API
+- volume wiping API
+- and many bug fixes
+
 * Tue Mar 30 2010 Richard W.M. Jones <rjones@redhat.com> - 0.7.7-3.fc14
 - No change, just rebuild against new libparted with bumped soname.
 

sources

@@ -1 +1 @@
-5f315b0bf20e3964f7657ba1e630cd67  libvirt-0.7.7.tar.gz
+ae8535ce119d32a2e9fb1f46e2c8f325  libvirt-0.8.3.tar.gz