commit dbb85e0c15593661ee8e5d95a6160ebdbaa2c9b5
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Fri May 19 15:52:04 2017 -0600

    libxl: add default listen address for VNC and spice
    
    If a VNC listen address is not specified in domXML, libxl
    will default to 127.0.0.1, but this is never reflected in the domXML.
    In the case of spice, a missing listen address resulted in listening
    on all interfaces, i.e. '0.0.0.0'. If not specified, set the listen
    address in virDomainGraphicsDef struct to the libxl default when
    creating the frame buffer device. Additionally, set default spice
    listen address to 127.0.0.1.

Index: libvirt-3.3.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-3.3.0.orig/src/libxl/libxl_conf.c
+++ libvirt-3.3.0/src/libxl/libxl_conf.c
@@ -1227,13 +1227,18 @@ libxlMakeVfb(virPortAllocatorPtr graphic
             }
             x_vfb->vnc.display = l_vfb->data.vnc.port - LIBXL_VNC_PORT_MIN;
 
-            if ((glisten = virDomainGraphicsGetListen(l_vfb, 0)) &&
-                glisten->address) {
-                /* libxl_device_vfb_init() does VIR_STRDUP("127.0.0.1") */
-                VIR_FREE(x_vfb->vnc.listen);
-                if (VIR_STRDUP(x_vfb->vnc.listen, glisten->address) < 0)
-                    return -1;
+            if ((glisten = virDomainGraphicsGetListen(l_vfb, 0))) {
+                if (glisten->address) {
+                    /* libxl_device_vfb_init() does VIR_STRDUP("127.0.0.1") */
+                    VIR_FREE(x_vfb->vnc.listen);
+                    if (VIR_STRDUP(x_vfb->vnc.listen, glisten->address) < 0)
+                        return -1;
+                } else {
+                    if (VIR_STRDUP(glisten->address, VIR_LOOPBACK_IPV4_ADDR) < 0)
+                        return -1;
+                }
             }
+
             if (VIR_STRDUP(x_vfb->vnc.passwd, l_vfb->data.vnc.auth.passwd) < 0)
                 return -1;
             if (VIR_STRDUP(x_vfb->keymap, l_vfb->data.vnc.keymap) < 0)
@@ -1335,10 +1340,16 @@ libxlMakeBuildInfoVfb(virPortAllocatorPt
         }
         b_info->u.hvm.spice.port = l_vfb->data.spice.port;
 
-        if ((glisten = virDomainGraphicsGetListen(l_vfb, 0)) &&
-            glisten->address &&
-            VIR_STRDUP(b_info->u.hvm.spice.host, glisten->address) < 0)
-            return -1;
+        if ((glisten = virDomainGraphicsGetListen(l_vfb, 0))) {
+            if (glisten->address) {
+                if (VIR_STRDUP(b_info->u.hvm.spice.host, glisten->address) < 0)
+                    return -1;
+            } else {
+                if (VIR_STRDUP(b_info->u.hvm.spice.host, VIR_LOOPBACK_IPV4_ADDR) < 0 ||
+                    VIR_STRDUP(glisten->address, VIR_LOOPBACK_IPV4_ADDR) < 0)
+                    return -1;
+            }
+        }
 
         if (VIR_STRDUP(b_info->u.hvm.keymap, l_vfb->data.spice.keymap) < 0)
             return -1;