Accepting request 176049 from Virtualization

New libvirt package for Factory. - fix leak after listing all volumes - CVE-2013-1962 ca697e90-CVE-2013-1962.patch bnc#820397 - Fix iohelper usage with streams opened for read a2214c52-iohelper.patch - Cope with missing swap cgroup controls f493d83f-cgroup-swap-control.patch bnc#819976 - Fix cgroup handling when setting VCPU BW 0471637d-cgroups-vcpu-bw.patch rhb#963592 - Escape a leading '.' with '_' in the cgroup names 0ced83dc-cgroup-escape-dot.patch - Add missing documentation on new cgroup layout 486a86eb-cgroups-docs.patch - Another fix related to systems with no cgroups c2cf5f1c-no-cgroups-fix.patch bnc#819963 - Fix botched backport of commit bbe97ae9 - Fix starting domains when kernel has no cgroups support bbe97ae9-no-cgroups.patch - Update to libvirt 1.0.5 - PPC64: Add NVRAM device - Add XML config for resource partitions - Add support for TPM - NPIV storage migration support - Many incremental improvements and bug fixes, see OBS-URL: https://build.opensuse.org/request/show/176049 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=117
2013-05-27 07:52:23 +00:00 · 2013-05-27 07:52:23 +00:00 · eb797057ed
commit eb797057ed
parent 4fd2367872 8806eb20b1
27 changed files with 858 additions and 237 deletions
--- a/0471637d-cgroups-vcpu-bw.patch
+++ b/0471637d-cgroups-vcpu-bw.patch
@ -0,0 +1,63 @@
 commit 0471637d5628106d058f0eb5516ffa7d5285cc6f
 Author: Martin Kletzander <mkletzan@redhat.com>
 Date:   Thu May 16 14:37:54 2013 +0200
    qemu: Fix cgroup handling when setting VCPU BW
    Commit 632f78c introduced a regression which causes schedinfo being
    unable to set some parameters.  When migrating to priv->cgroup there
    was missing variable left out and due to passed NULL to underlying
    function, the setting failed.
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963592
 Index: libvirt-1.0.5/src/qemu/qemu_driver.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/qemu/qemu_driver.c
 +++ libvirt-1.0.5/src/qemu/qemu_driver.c
@@ -7721,7 +7721,6 @@ qemuDomainSetSchedulerParametersFlags(vi
 {
     virQEMUDriverPtr driver = dom->conn->privateData;
     int i;
 -    virCgroupPtr group = NULL;
     virDomainObjPtr vm = NULL;
     virDomainDefPtr vmdef = NULL;
     unsigned long long value_ul;
@@ -7799,7 +7798,7 @@ qemuDomainSetSchedulerParametersFlags(vi
                               QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD);
             if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) {
 -                if ((rc = qemuSetVcpusBWLive(vm, group, value_ul, 0)))
 +                if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, value_ul, 0)))
                     goto cleanup;
                 vm->def->cputune.period = value_ul;
@@ -7813,7 +7812,7 @@ qemuDomainSetSchedulerParametersFlags(vi
                               QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA);
             if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) {
 -                if ((rc = qemuSetVcpusBWLive(vm, group, 0, value_l)))
 +                if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, 0, value_l)))
                     goto cleanup;
                 vm->def->cputune.quota = value_l;
@@ -7827,7 +7826,8 @@ qemuDomainSetSchedulerParametersFlags(vi
                               QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD);
             if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) {
 -                if ((rc = qemuSetEmulatorBandwidthLive(vm, group, value_ul, 0)))
 +                if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup,
 +                                                       value_ul, 0)))
                     goto cleanup;
                 vm->def->cputune.emulator_period = value_ul;
@@ -7841,7 +7841,8 @@ qemuDomainSetSchedulerParametersFlags(vi
                               QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA);
             if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) {
 -                if ((rc = qemuSetEmulatorBandwidthLive(vm, group, 0, value_l)))
 +                if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup,
 +                                                       0, value_l)))
                     goto cleanup;
                 vm->def->cputune.emulator_quota = value_l;
--- a/0ced83dc-cgroup-escape-dot.patch
+++ b/0ced83dc-cgroup-escape-dot.patch
@ -0,0 +1,24 @@
 commit 0ced83dcfbb19af1201202e1af0a7073c338aabd
 Author: Daniel P. Berrange <berrange@redhat.com>
 Date:   Fri May 3 20:56:50 2013 +0100
    Escaping leading '.' in cgroup names
    Escaping a leading '.' with '_' in the cgroup names
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 Index: libvirt-1.0.5/src/util/vircgroup.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/util/vircgroup.c
 +++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1106,7 +1106,8 @@ static int virCgroupPartitionNeedsEscapi
     if (STRPREFIX(path, "cgroup."))
         return 1;
 -    if (path[0] == '_')
 +    if (path[0] == '_' ||
 +        path[0] == '.')
         return 1;
     if (!(fp = fopen("/proc/cgroups", "r")))
--- a/486a86eb-cgroups-docs.patch
+++ b/486a86eb-cgroups-docs.patch
@ -0,0 +1,317 @@
 commit 486a86eb184c008c5957fb68c63f163289f3344b
 Author: Daniel P. Berrange <berrange@redhat.com>
 Date:   Fri May 3 16:58:26 2013 +0100
    Add docs about cgroups layout and usage
    Describe the new cgroups layout, how to customize placement
    of guests and what virsh commands are used to access the
    parameters.
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 Index: libvirt-1.0.5/docs/cgroups.html.in
 ===================================================================
 --- /dev/null
 +++ libvirt-1.0.5/docs/cgroups.html.in
@@ -0,0 +1,285 @@
 +<?xml version="1.0" encoding="UTF-8"?>
 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 +<html xmlns="http://www.w3.org/1999/xhtml">
 +  <body>
 +    <h1>Control Groups Resource Management</h1>
 +
 +    <ul id="toc"></ul>
 +
 +    <p>
 +      The QEMU and LXC drivers make use of the Linux "Control Groups" facility
 +      for applying resource management to their virtual machines and containers.
 +    </p>
 +
 +    <h2><a name="requiredControllers">Required controllers</a></h2>
 +
 +    <p>
 +      The control groups filesystem supports multiple "controllers". By default
 +      the init system (such as systemd) should mount all controllers compiled
 +      into the kernel at <code>/sys/fs/cgroup/$CONTROLLER-NAME</code>. Libvirt
 +      will never attempt to mount any controllers itself, merely detect where
 +      they are mounted.
 +    </p>
 +
 +    <p>
 +      The QEMU driver is capable of using the <code>cpuset</code>,
 +      <code>cpu</code>, <code>memory</code>, <code>blkio</code> and
 +      <code>devices</code> controllers. None of them are compulsory.
 +      If any controller is not mounted, the resource management APIs
 +      which use it will cease to operate. It is possible to explicitly
 +      turn off use of a controller, even when mounted, via the
 +      <code>/etc/libvirt/qemu.conf</code> configuration file.
 +    </p>
 +
 +    <p>
 +      The LXC driver is capable of using the <code>cpuset</code>,
 +      <code>cpu</code>, <code>cpuset</code>, <code>freezer</code>,
 +      <code>memory</code>, <code>blkio</code> and <code>devices</code>
 +      controllers. The <code>cpuset</code>, <code>devices</code>
 +      and <code>memory</code> controllers are compulsory. Without
 +      them mounted, no containers can be started. If any of the
 +      other controllers are not mounted, the resource management APIs
 +      which use them will cease to operate.
 +    </p>
 +
 +    <h2><a name="currentLayout">Current cgroups layout</a></h2>
 +
 +    <p>
 +      As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been
 +      simplified, in order to facilitate the setup of resource control policies by
 +      administrators / management applications. The layout is based on the concepts of
 +      "partitions" and "consumers". Each virtual machine or container is a consumer,
 +      and has a corresponding cgroup named <code>$VMNAME.libvirt-{qemu,lxc}</code>.
 +      Each consumer is associated with exactly one partition, which also have a
 +      corresponding cgroup usually named <code>$PARTNAME.partition</code>. The
 +      exceptions to this naming rule are the three top level default partitions,
 +      named <code>/system</code> (for system services), <code>/user</code> (for
 +      user login sessions) and <code>/machine</code> (for virtual machines and
 +      containers). By default every consumer will of course be associated with
 +      the <code>/machine</code> partition. This leads to a hierarchy that looks
 +      like
 +    </p>
 +
 +    <pre>
 +$ROOT
 +  |
 +  +- system
 +  |   |
 +  |   +- libvirtd.service
 +  |
 +  +- machine
 +      |
 +      +- vm1.libvirt-qemu
 +      |   |
 +      |   +- emulator
 +      |   +- vcpu0
 +      |   +- vcpu1
 +      |
 +      +- vm2.libvirt-qemu
 +      |   |
 +      |   +- emulator
 +      |   +- vcpu0
 +      |   +- vcpu1
 +      |
 +      +- vm3.libvirt-qemu
 +      |   |
 +      |   +- emulator
 +      |   +- vcpu0
 +      |   +- vcpu1
 +      |
 +      +- container1.libvirt-lxc
 +      |
 +      +- container2.libvirt-lxc
 +      |
 +      +- container3.libvirt-lxc
 +    </pre>
 +
 +    <p>
 +      The default cgroups layout ensures that, when there is contention for
 +      CPU time, it is shared equally between system services, user sessions
 +      and virtual machines / containers. This prevents virtual machines from
 +      locking the administrator out of the host, or impacting execution of
 +      system services. Conversely, when there is no contention from
 +      system services / user sessions, it is possible for virtual machines
 +      to fully utilize the host CPUs.
 +    </p>
 +
 +    <h2><a name="customPartiton">Using custom partitions</a></h2>
 +
 +    <p>
 +      If there is a need to apply resource constraints to groups of
 +      virtual machines or containers, then the single default
 +      partition <code>/machine</code> may not be sufficiently
 +      flexible. The administrator may wish to sub-divide the
 +      default partition, for example into "testing" and "production"
 +      partitions, and then assign each guest to a specific
 +      sub-partition. This is achieved via a small element addition
 +      to the guest domain XML config, just below the main <code>domain</code>
 +      element
 +    </p>
 +
 +    <pre>
 +  ...
 +  &lt;resource&gt;
 +    &lt;partition&gt;/machine/production&lt;/partition&gt;
 +  &lt;/resource&gt;
 +  ...
 +    </pre>
 +
 +    <p>
 +      Libvirt will not auto-create the cgroups directory to back
 +      this partition. In the future, libvirt / virsh will provide
 +      APIs / commands to create custom partitions, but currently
 +      this is left as an exercise for the administrator. For
 +      example, given the XML config above, the admin would need
 +      to create a cgroup named '/machine/production.partition'
 +    </p>
 +
 +    <pre>
 +# cd /sys/fs/cgroup
 +# for i in blkio cpu,cpuacct cpuset devices freezer memory net_cls perf_event
 +  do
 +    mkdir $i/machine/production.partition
 +  done
 +# for i in cpuset.cpus  cpuset.mems
 +  do
 +    cat cpuset/machine/$i > cpuset/machine/production.partition/$i
 +  done
 +</pre>
 +
 +    <p>
 +      <strong>Note:</strong> the cgroups directory created as a ".partition"
 +      suffix, but the XML config does not require this suffix.
 +    </p>
 +
 +    <p>
 +      <strong>Note:</strong> the ability to place guests in custom
 +      partitions is only available with libvirt &gt;= 1.0.5, using
 +      the new cgroup layout. The legacy cgroups layout described
 +      later did not support customization per guest.
 +    </p>
 +
 +    <h2><a name="resourceAPIs">Resource management APIs/commands</a></h2>
 +
 +    <p>
 +      Since libvirt aims to provide an API which is portable across
 +      hypervisors, the concept of cgroups is not exposed directly
 +      in the API or XML configuration. It is considered to be an
 +      internal implementation detail. Instead libvirt provides a
 +      set of APIs for applying resource controls, which are then
 +      mapped to corresponding cgroup tunables
 +    </p>
 +
 +    <h3>Scheduler tuning</h3>
 +
 +    <p>
 +     Parameters from the "cpu" controller are exposed via the
 +     <code>schedinfo</code> command in virsh.
 +    </p>
 +
 +    <pre>
 +# virsh schedinfo demo
 +Scheduler      : posix
 +cpu_shares     : 1024
 +vcpu_period    : 100000
 +vcpu_quota     : -1
 +emulator_period: 100000
 +emulator_quota : -1</pre>
 +
 +
 +    <h3>Block I/O tuning</h3>
 +
 +    <p>
 +     Parameters from the "blkio" controller are exposed via the
 +     <code>bkliotune</code> command in virsh.
 +    </p>
 +
 +
 +    <pre>
 +# virsh blkiotune demo
 +weight         : 500
 +device_weight  : </pre>
 +
 +    <h3>Memory tuning</h3>
 +
 +    <p>
 +     Parameters from the "memory" controller are exposed via the
 +     <code>memtune</code> command in virsh.
 +    </p>
 +
 +    <pre>
 +# virsh memtune demo
 +hard_limit     : 580192
 +soft_limit     : unlimited
 +swap_hard_limit: unlimited
 +    </pre>
 +
 +    <h3>Network tuning</h3>
 +
 +    <p>
 +      The <code>net_cls</code> is not currently used. Instead traffic
 +      filter policies are set directly against individual virtual
 +      network interfaces.
 +    </p>
 +
 +    <h2><a name="legacyLayout">Legacy cgroups layout</a></h2>
 +
 +    <p>
 +      Prior to libvirt 1.0.5, the cgroups layout created by libvirt was different
 +      from that described above, and did not allow for administrator customization.
 +      Libvirt used a fixed, 3-level hierarchy <code>libvirt/{qemu,lxc}/$VMNAME</code>
 +      which was rooted at the point in the hierarchy where libvirtd itself was
 +      located. So if libvirtd was placed at <code>/system/libvirtd.service</code>
 +      by systemd, the groups for each virtual machine / container would be located
 +      at <code>/system/libvirtd.service/libvirt/{qemu,lxc}/$VMNAME</code>. In addition
 +      to this, the QEMU drivers further child groups for each vCPU thread and the
 +      emulator thread(s). This leads to a hierarchy that looked like
 +    </p>
 +
 +
 +    <pre>
 +$ROOT
 +  |
 +  +- system
 +      |
 +      +- libvirtd.service
 +           |
 +           +- libvirt
 +               |
 +               +- qemu
 +               |   |
 +               |   +- vm1
 +               |   |   |
 +               |   |   +- emulator
 +               |   |   +- vcpu0
 +               |   |   +- vcpu1
 +               |   |
 +               |   +- vm2
 +               |   |   |
 +               |   |   +- emulator
 +               |   |   +- vcpu0
 +               |   |   +- vcpu1
 +               |   |
 +               |   +- vm3
 +               |       |
 +               |       +- emulator
 +               |       +- vcpu0
 +               |       +- vcpu1
 +               |
 +               +- lxc
 +                   |
 +                   +- container1
 +                   |
 +                   +- container2
 +                   |
 +                   +- container3
 +    </pre>
 +
 +    <p>
 +      Although current releases are much improved, historically the use of deep
 +      hierarchies has had a significant negative impact on the kernel scalability.
 +      The legacy libvirt cgroups layout highlighted these problems, to the detriment
 +      of the performance of virtual machines and containers.
 +    </p>
 +  </body>
 +</html>
 Index: libvirt-1.0.5/docs/sitemap.html.in
 ===================================================================
 --- libvirt-1.0.5.orig/docs/sitemap.html.in
 +++ libvirt-1.0.5/docs/sitemap.html.in
@@ -87,6 +87,10 @@
                 <span>Ensuring exclusive guest access to disks</span>
               </li>
               <li>
 +                <a href="cgroups.html">CGroups</a>
 +                <span>Control groups integration</span>
 +              </li>
 +              <li>
                 <a href="hooks.html">Hooks</a>
                 <span>Hooks for system specific management</span>
               </li>
--- a/a2214c52-iohelper.patch
+++ b/a2214c52-iohelper.patch
@ -0,0 +1,28 @@
 commit a2214c5257d3bd7b086ce04aca1648e8ff05ee96
 Author: Daniel P. Berrange <berrange@redhat.com>
 Date:   Fri May 10 14:45:05 2013 +0100
    Fix iohelper usage with streams opened for read
    In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
    flag when opening files in the stream code. Unfortunately a later
    piece of code was comparing the flags == O_RDONLY, without masking
    out the non-access mode flags. This broke the iohelper when used
    with streams for read, since it caused us to attach the stream
    output pipe to the stream input FD instead of output FD :-(
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 Index: libvirt-1.0.5/src/fdstream.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/fdstream.c
 +++ libvirt-1.0.5/src/fdstream.c
@@ -640,7 +640,7 @@ virFDStreamOpenFileInternal(virStreamPtr
         virCommandTransferFD(cmd, fd);
         virCommandAddArgFormat(cmd, "%d", fd);
 -        if (oflags == O_RDONLY) {
 +        if ((oflags & O_ACCMODE) == O_RDONLY) {
             childfd = fds[1];
             fd = fds[0];
             virCommandSetOutputFD(cmd, &childfd);
--- a/bbe97ae9-no-cgroups.patch
+++ b/bbe97ae9-no-cgroups.patch
@ -0,0 +1,102 @@
 commit bbe97ae968eba60b71e0066d49f9fc909966d9d6
 Author: Jim Fehlig <jfehlig@suse.com>
 Date:   Fri May 10 12:05:00 2013 -0600
    Fix starting domains when kernel has no cgroups support
    Found that I was unable to start existing domains after updating
    to a kernel with no cgroups support
      # zgrep CGROUP /proc/config.gz
      # CONFIG_CGROUPS is not set
      # virsh start test
      error: Failed to start domain test
      error: Unable to initialize /machine cgroup: Cannot allocate memory
    virCgroupPartitionNeedsEscaping() correctly returns errno (ENOENT) when
    attempting to open /proc/cgroups on such a system, but it was being
    dropped in virCgroupSetPartitionSuffix().
    Change virCgroupSetPartitionSuffix() to propagate errors returned by
    its callees.  Also check for ENOENT in qemuInitCgroup() when determining
    if cgroups support is available.
 Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c
 +++ libvirt-1.0.5/src/qemu/qemu_cgroup.c
@@ -415,7 +415,8 @@ int qemuInitCgroup(virQEMUDriverPtr driv
         if (rc != 0) {
             if (rc == -ENXIO ||
                 rc == -EPERM ||
 -                rc == -EACCES) { /* No cgroups mounts == success */
 +                rc == -EACCES ||
 +                rc == -ENOENT) { /* No cgroups mounts == success */
                 VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
                 goto done;
             }
 Index: libvirt-1.0.5/src/util/vircgroup.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/util/vircgroup.c
 +++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1168,14 +1168,14 @@ static int virCgroupPartitionEscape(char
     return 0;
 }
 -static char *virCgroupSetPartitionSuffix(const char *path)
 +static int virCgroupSetPartitionSuffix(const char *path, char **res)
 {
     char **tokens = virStringSplit(path, "/", 0);
     size_t i;
 -    char *ret = NULL;
 +    int ret = -1;
     if (!tokens)
 -        return NULL;
 +        return ret;
     for (i = 0 ; tokens[i] != NULL ; i++) {
         /* Whitelist the 3 top level fixed dirs
@@ -1194,20 +1194,27 @@ static char *virCgroupSetPartitionSuffix
             !strchr(tokens[i], '.')) {
             if (VIR_REALLOC_N(tokens[i],
                               strlen(tokens[i]) + strlen(".partition") + 1) < 0) {
 +                ret = -ENOMEM;
                 virReportOOMError();
                 goto cleanup;
             }
             strcat(tokens[i], ".partition");
         }
 -        if (virCgroupPartitionEscape(&(tokens[i])) < 0) {
 -            virReportOOMError();
 +        ret = virCgroupPartitionEscape(&(tokens[i]));
 +        if (ret < 0) {
 +            if (ret == -ENOMEM)
 +                virReportOOMError();
             goto cleanup;
         }
     }
 -    if (!(ret = virStringJoin((const char **)tokens, "/")))
 +    if (!(*res = virStringJoin((const char **)tokens, "/"))) {
 +        ret = -ENOMEM;
         goto cleanup;
 +    }
 +
 +    ret = 0;
 cleanup:
     virStringFreeList(tokens);
@@ -1242,9 +1249,9 @@ int virCgroupNewPartition(const char *pa
     /* XXX convert all cgroups APIs to use error report
      * APIs instead of returning errno */
 -    if (!(newpath = virCgroupSetPartitionSuffix(path))) {
 +    rc = virCgroupSetPartitionSuffix(path, &newpath);
 +    if (rc < 0) {
         virResetLastError();
 -        rc = -ENOMEM;
         goto cleanup;
     }
--- a/c2cf5f1c-no-cgroups-fix.patch
+++ b/c2cf5f1c-no-cgroups-fix.patch
@ -0,0 +1,49 @@
 commit c2cf5f1c2abc81d607abe34bf5dc4c615a9b8b4d
 Author: Daniel P. Berrange <berrange@redhat.com>
 Date:   Thu May 16 18:47:07 2013 +0100
    Fix failure to detect missing cgroup partitions
    Change bbe97ae968eba60b71e0066d49f9fc909966d9d6 caused the
    QEMU driver to ignore ENOENT errors from cgroups, in order
    to cope with missing /proc/cgroups. This is not good though
    because many other things can cause ENOENT and should not
    be ignored. The callers expect to see ENXIO when cgroups
    are not present, so adjust the code to report that errno
    when /proc/cgroups is missing
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c
 +++ libvirt-1.0.5/src/qemu/qemu_cgroup.c
@@ -415,8 +415,7 @@ int qemuInitCgroup(virQEMUDriverPtr driv
         if (rc != 0) {
             if (rc == -ENXIO ||
                 rc == -EPERM ||
 -                rc == -EACCES ||
 -                rc == -ENOENT) { /* No cgroups mounts == success */
 +                rc == -EACCES) { /* No cgroups mounts == success */
                 VIR_DEBUG("No cgroups present/configured/accessible, ignoring error");
                 goto done;
             }
 Index: libvirt-1.0.5/src/util/vircgroup.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/util/vircgroup.c
 +++ libvirt-1.0.5/src/util/vircgroup.c
@@ -1110,8 +1110,13 @@ static int virCgroupPartitionNeedsEscapi
         path[0] == '.')
         return 1;
 -    if (!(fp = fopen("/proc/cgroups", "r")))
 +    if (!(fp = fopen("/proc/cgroups", "r"))) {
 +        /* The API contract is that we return ENXIO
 +         * if cgroups are not available on a host */
 +        if (errno == ENOENT)
 +            errno = ENXIO;
         return -errno;
 +    }
     /*
      * Data looks like this:
--- a/ca697e90-CVE-2013-1962.patch
+++ b/ca697e90-CVE-2013-1962.patch
@ -0,0 +1,26 @@
 commit ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
 Author: Ján Tomko <jtomko@redhat.com>
 Date:   Fri Apr 12 17:30:56 2013 +0200
    daemon: fix leak after listing all volumes
    CVE-2013-1962
    remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
    The pool also held a reference to the connection, preventing it from
    getting freed and closing the netcf interface driver, which held two
    sockets open.
 Index: libvirt-1.0.5/daemon/remote.c
 ===================================================================
 --- libvirt-1.0.5.orig/daemon/remote.c
 +++ libvirt-1.0.5/daemon/remote.c
@@ -4226,6 +4226,8 @@ cleanup:
             virStorageVolFree(vols[i]);
         VIR_FREE(vols);
     }
 +    if (pool)
 +        virStoragePoolFree(pool);
     return rv;
 }
--- a/ce4557c3-apparmor-tapfd-label.patch
+++ b/ce4557c3-apparmor-tapfd-label.patch
@ -1,68 +0,0 @@
 commit ce4557c3ab3702639db73615dd144ddf036321ed
 Author: Guannan Ren <gren@redhat.com>
 Date:   Fri Mar 8 00:16:59 2013 +0800
    apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
    Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
    be used as a common function for *ALL* fd relabelling in Linux.
    In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
    Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
    The last line is for the tapfd relabelling.
     # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
      "/var/log/libvirt/**/rhel6qcow2.log" w,
      "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
      "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
      "/run/libvirt/**/rhel6qcow2.pid" rwk,
      "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
      "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
      "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
      "/dev/tap45" rw,
 Index: libvirt-1.0.3/src/security/security_apparmor.c
 ===================================================================
 --- libvirt-1.0.3.orig/src/security/security_apparmor.c
 +++ libvirt-1.0.3/src/security/security_apparmor.c
@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecuri
 }
 static int
 -AppArmorSetImageFDLabel(virSecurityManagerPtr mgr,
 -                        virDomainDefPtr def,
 -                        int fd)
 +AppArmorSetFDLabel(virSecurityManagerPtr mgr,
 +                   virDomainDefPtr def,
 +                   int fd)
 {
     int rc = -1;
     char *proc = NULL;
@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManag
     return reload_profile(mgr, def, fd_path, true);
 }
 -/* TODO need code here */
 -static int
 -AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 -                      virDomainDefPtr def ATTRIBUTE_UNUSED,
 -                      int fd ATTRIBUTE_UNUSED)
 -{
 -    return 0;
 -}
 -
 -
 static char *
 AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
                         virDomainDefPtr vm ATTRIBUTE_UNUSED)
@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDri
     .domainSetSavedStateLabel           = AppArmorSetSavedStateLabel,
     .domainRestoreSavedStateLabel       = AppArmorRestoreSavedStateLabel,
 -    .domainSetSecurityImageFDLabel      = AppArmorSetImageFDLabel,
 -    .domainSetSecurityTapFDLabel        = AppArmorSetTapFDLabel,
 +    .domainSetSecurityImageFDLabel      = AppArmorSetFDLabel,
 +    .domainSetSecurityTapFDLabel        = AppArmorSetFDLabel,
     .domainGetSecurityMountOptions      = AppArmorGetMountOptions,
 };
--- a/clone.patch
+++ b/clone.patch
@ -2,7 +2,7 @@ Index: src/lxc/lxc_container.c
 ===================================================================
 --- src/lxc/lxc_container.c.orig
 +++ src/lxc/lxc_container.c
-@@ -136,6 +136,7 @@ int lxcContainerHasReboot(void)
+@@ -138,6 +138,7 @@ int lxcContainerHasReboot(void)
     int cmd, v;
     int status;
     char *tmp;
@ -10,7 +10,7 @@ Index: src/lxc/lxc_container.c
     if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0)
         return -1;
-@@ -152,14 +153,21 @@ int lxcContainerHasReboot(void)
+@@ -154,14 +155,21 @@ int lxcContainerHasReboot(void)
     VIR_FREE(buf);
     cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF;
@ -34,7 +34,7 @@ Index: src/lxc/lxc_container.c
     VIR_FREE(stack);
     if (cpid < 0) {
         virReportSystemError(errno, "%s",
-@@ -2358,6 +2366,9 @@ int lxcContainerStart(virDomainDefPtr de
+@@ -2116,6 +2124,9 @@ int lxcContainerStart(virDomainDefPtr de
                               ttyPaths, nttyPaths, handshakefd};
     /* allocate a stack for the container */
@ -44,7 +44,7 @@ Index: src/lxc/lxc_container.c
     if (VIR_ALLOC_N(stack, stacksize) < 0) {
         virReportOOMError();
         return -1;
-@@ -2377,7 +2388,11 @@ int lxcContainerStart(virDomainDefPtr de
+@@ -2134,7 +2145,11 @@ int lxcContainerStart(virDomainDefPtr de
         cflags |= CLONE_NEWNET;
     }
@ -56,7 +56,7 @@ Index: src/lxc/lxc_container.c
     VIR_FREE(stack);
     VIR_DEBUG("clone() completed, new container PID is %d", pid);
-@@ -2403,6 +2418,7 @@ int lxcContainerAvailable(int features)
+@@ -2160,6 +2175,7 @@ int lxcContainerAvailable(int features)
     int cpid;
     char *childStack;
     char *stack;
@ -64,7 +64,7 @@ Index: src/lxc/lxc_container.c
     if (features & LXC_CONTAINER_FEATURE_USER)
         flags |= CLONE_NEWUSER;
-@@ -2410,14 +2426,21 @@ int lxcContainerAvailable(int features)
+@@ -2167,14 +2183,21 @@ int lxcContainerAvailable(int features)
     if (features & LXC_CONTAINER_FEATURE_NET)
         flags |= CLONE_NEWNET;
--- a/f493d83f-cgroup-swap-control.patch
+++ b/f493d83f-cgroup-swap-control.patch
@ -0,0 +1,34 @@
 commit f493d83fbd3257453e63f2f32ee90a216fd531c1
 Author: Daniel P. Berrange <berrange@redhat.com>
 Date:   Thu May 9 13:53:39 2013 +0100
    Cope with missing swap cgroup controls
    It is possible to build a kernel without swap cgroup controls
    present. This causes a fatal error when querying memory
    parameters. Treat missing swap controls as meaning "unlimited".
    The fatal error remains if the user tries to actually change
    the limit.
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 Index: libvirt-1.0.5/src/qemu/qemu_driver.c
 ===================================================================
 --- libvirt-1.0.5.orig/src/qemu/qemu_driver.c
 +++ libvirt-1.0.5/src/qemu/qemu_driver.c
@@ -7351,9 +7351,12 @@ qemuDomainGetMemoryParameters(virDomainP
         case 2: /* fill swap hard limit here */
             rc = virCgroupGetMemSwapHardLimit(priv->cgroup, &val);
             if (rc != 0) {
 -                virReportSystemError(-rc, "%s",
 -                                     _("unable to get swap hard limit"));
 -                goto cleanup;
 +                if (rc != -ENOENT) {
 +                    virReportSystemError(-rc, "%s",
 +                                         _("unable to get swap hard limit"));
 +                    goto cleanup;
 +                }
 +                val = VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
             }
             if (virTypedParameterAssign(param,
                                         VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT,
--- a/fix-pci-attach-xen-driver.patch
+++ b/fix-pci-attach-xen-driver.patch
@ -8,10 +8,10 @@ uses the 'device_configure' RPC.
 This patch changes the xend driver to always call 'device_configure' for
 PCI devices to be consistent with the usage in the xen tools.
-Index: libvirt-1.0.3/src/xen/xend_internal.c
+Index: libvirt-1.0.5/src/xen/xend_internal.c
 ===================================================================
--- libvirt-1.0.3.orig/src/xen/xend_internal.c
+--- libvirt-1.0.5.orig/src/xen/xend_internal.c
-+++ libvirt-1.0.3/src/xen/xend_internal.c
+++ libvirt-1.0.5/src/xen/xend_internal.c
@@ -2473,6 +2473,7 @@ xenDaemonAttachDeviceFlags(virDomainPtr
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     char class[8], ref[80];
--- a/install-apparmor-profiles.patch
+++ b/install-apparmor-profiles.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.0.3/examples/apparmor/Makefile.am
+Index: libvirt-1.0.5/examples/apparmor/Makefile.am
 ===================================================================
--- libvirt-1.0.3.orig/examples/apparmor/Makefile.am
+--- libvirt-1.0.5.orig/examples/apparmor/Makefile.am
-+++ libvirt-1.0.3/examples/apparmor/Makefile.am
+++ libvirt-1.0.5/examples/apparmor/Makefile.am
@@ -1,8 +1,45 @@
 ## Copyright (C) 2005-2011 Red Hat, Inc.
 ## See COPYING.LIB for the License of this software
@ -53,10 +53,10 @@ Index: libvirt-1.0.3/examples/apparmor/Makefile.am
 +	rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
 +
 +endif
-Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+Index: libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 ===================================================================
 --- /dev/null
-+++ libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,40 @@
 +# Last Modified: Fri Aug 19 11:21:48 2011
 +#include <tunables/global>
@ -98,9 +98,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 +  /var/lib/kvm/images/ r,
 +  /var/lib/kvm/images/** r,
 +}
-Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+Index: libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 ===================================================================
--- libvirt-1.0.3.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+--- libvirt-1.0.5.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 +++ /dev/null
@@ -1,38 +0,0 @@
 -# Last Modified: Mon Apr  5 15:10:27 2010
@ -141,9 +141,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 -  /var/lib/libvirt/images/ r,
 -  /var/lib/libvirt/images/** r,
 -}
-Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd
+Index: libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd
 ===================================================================
--- libvirt-1.0.3.orig/examples/apparmor/usr.sbin.libvirtd
+--- libvirt-1.0.5.orig/examples/apparmor/usr.sbin.libvirtd
 +++ /dev/null
@@ -1,52 +0,0 @@
 -# Last Modified: Mon Apr  5 15:03:58 2010
@ -198,10 +198,10 @@ Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd
 -  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 -
 -}
-Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in
+Index: libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd.in
 ===================================================================
 --- /dev/null
-+++ libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in
+++ libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd.in
@@ -0,0 +1,58 @@
 +# Last Modified: Fri Aug 19 11:20:36 2011
 +#include <tunables/global>
@ -261,9 +261,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in
 +  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 +
 +}
-Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu
+Index: libvirt-1.0.5/examples/apparmor/libvirt-qemu
 ===================================================================
--- libvirt-1.0.3.orig/examples/apparmor/libvirt-qemu
+--- libvirt-1.0.5.orig/examples/apparmor/libvirt-qemu
 +++ /dev/null
@@ -1,129 +0,0 @@
 -# Last Modified: Fri Mar 9 14:43:22 2012
@ -395,10 +395,10 @@ Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu
 -
 -   /usr/libexec/qemu-bridge-helper rmix,
 -  }
-Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu.in
+Index: libvirt-1.0.5/examples/apparmor/libvirt-qemu.in
 ===================================================================
 --- /dev/null
-+++ libvirt-1.0.3/examples/apparmor/libvirt-qemu.in
+++ libvirt-1.0.5/examples/apparmor/libvirt-qemu.in
@@ -0,0 +1,132 @@
 +# Last Modified: Fri Mar 9 14:43:22 2012
 +
--- a/libvirt-1.0.3.tar.bz2
+++ b/libvirt-1.0.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8d085259072879ba1c9956dcfb4f016a7a6c938e0a06becf2a5817db4abe215a
 size 16567568
--- a/libvirt-1.0.5.tar.bz2
+++ b/libvirt-1.0.5.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:dd0ba7e6866c35a7df15d88526c1c1fb1de12b8ad577cc92aa3eb1f859e9f3b5
 size 17170054
--- a/libvirt-guests-init-script.patch
+++ b/libvirt-guests-init-script.patch
@ -1,9 +1,9 @@
 Adjust libvirt-guests init files to conform to SUSE standards
-Index: libvirt-1.0.3/tools/libvirt-guests.init.in
+Index: libvirt-1.0.5/tools/libvirt-guests.init.in
 ===================================================================
--- libvirt-1.0.3.orig/tools/libvirt-guests.init.in
+--- libvirt-1.0.5.orig/tools/libvirt-guests.init.in
-+++ libvirt-1.0.3/tools/libvirt-guests.init.in
+++ libvirt-1.0.5/tools/libvirt-guests.init.in
@@ -3,15 +3,15 @@
 # the following is the LSB init header
 #
@ -28,10 +28,10 @@ Index: libvirt-1.0.3/tools/libvirt-guests.init.in
 ### END INIT INFO
 # the following is chkconfig init header
-Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
+Index: libvirt-1.0.5/tools/libvirt-guests.sh.in
 ===================================================================
--- libvirt-1.0.3.orig/tools/libvirt-guests.sh.in
+--- libvirt-1.0.5.orig/tools/libvirt-guests.sh.in
-+++ libvirt-1.0.3/tools/libvirt-guests.sh.in
+++ libvirt-1.0.5/tools/libvirt-guests.sh.in
@@ -1,13 +1,12 @@
 #!/bin/sh
@ -130,7 +130,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
         eval_gettext "Resuming guests on \$uri URI..."; echo
         for guest in $list; do
             name=$(guest_name "$uri" "$guest")
-@@ -377,7 +403,7 @@ shutdown_guests_parallel()
+@@ -378,7 +404,7 @@ shutdown_guests_parallel()
             timeout=$(($timeout - 1))
             if [ $timeout -le 0 ]; then
                 eval_gettext "Timeout expired while shutting down domains"; echo
@ -139,7 +139,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
                 return
             fi
         else
-@@ -405,7 +431,7 @@ stop() {
+@@ -406,7 +432,7 @@ stop() {
         if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then
             gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0"
             echo
@ -148,7 +148,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
             return
         fi
     fi
-@@ -453,14 +479,14 @@ stop() {
+@@ -454,14 +480,14 @@ stop() {
                 if [ $? -ne 0 ]; then
                     eval_gettext "Failed to list persistent guests on \$uri"
                     echo
@ -165,7 +165,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
                 set +f
                 return
             fi
-@@ -519,14 +545,13 @@ gueststatus() {
+@@ -520,14 +546,13 @@ gueststatus() {
 rh_status() {
     if [ -f "$LISTFILE" ]; then
         gettext "stopped, with saved guests"; echo
@ -174,23 +174,24 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in
     else
         if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then
             gettext "started"; echo
 -            RETVAL=0
         else
             gettext "stopped, with no saved guests"; echo
 -            RETVAL=3
 +            rc_failed 3
         fi
 -        RETVAL=0
     fi
 }
- 
+@@ -572,4 +597,4 @@ case "$1" in
@@ -570,4 +595,4 @@ case "$1" in
         usage
         ;;
 esac
 -exit $RETVAL
 +rc_exit
-Index: libvirt-1.0.3/tools/libvirt-guests.sysconf
+Index: libvirt-1.0.5/tools/libvirt-guests.sysconf
 ===================================================================
--- libvirt-1.0.3.orig/tools/libvirt-guests.sysconf
+--- libvirt-1.0.5.orig/tools/libvirt-guests.sysconf
-+++ libvirt-1.0.3/tools/libvirt-guests.sysconf
+++ libvirt-1.0.5/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
 +## Path: System/Virtualization/libvirt-guests
 +
--- a/libvirt-iptables-1.4.18.diff
+++ b/libvirt-iptables-1.4.18.diff
@ -1,31 +0,0 @@
 Index: b/src/util/viriptables.c
 ===================================================================
 --- a/src/util/viriptables.c
 +++ b/src/util/viriptables.c
@@ -478,22 +478,22 @@ iptablesForwardAllowRelatedIn(iptablesCo
                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
                                     action,
                                     "--destination", networkstr,
                                     "--in-interface", physdev,
                                     "--out-interface", iface,
 -                                    "--match", "state",
 -                                    "--state", "ESTABLISHED,RELATED",
 +                                    "--match", "conntrack",
 +                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     } else {
         ret = iptablesAddRemoveRule(ctx->forward_filter,
                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
                                     action,
                                     "--destination", networkstr,
                                     "--out-interface", iface,
 -                                    "--match", "state",
 -                                    "--state", "ESTABLISHED,RELATED",
 +                                    "--match", "conntrack",
 +                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     }
     VIR_FREE(networkstr);
     return ret;
--- a/libvirt-suse-netcontrol.patch
+++ b/libvirt-suse-netcontrol.patch
@ -1,8 +1,8 @@
-Index: libvirt-1.0.3/configure.ac
+Index: libvirt-1.0.5/configure.ac
 ===================================================================
--- libvirt-1.0.3.orig/configure.ac
+--- libvirt-1.0.5.orig/configure.ac
-+++ libvirt-1.0.3/configure.ac
+++ libvirt-1.0.5/configure.ac
-@@ -153,6 +153,7 @@ LIBVIRT_CHECK_DBUS
+@@ -159,6 +159,7 @@ LIBVIRT_CHECK_DBUS
 LIBVIRT_CHECK_FUSE
 LIBVIRT_CHECK_HAL
 LIBVIRT_CHECK_NETCF
@ -10,7 +10,7 @@ Index: libvirt-1.0.3/configure.ac
 LIBVIRT_CHECK_NUMACTL
 LIBVIRT_CHECK_OPENWSMAN
 LIBVIRT_CHECK_PCIACCESS
-@@ -2199,11 +2200,12 @@ if test "$with_libvirtd" = "no" ; then
+@@ -2205,11 +2206,12 @@ if test "$with_libvirtd" = "no" ; then
   with_interface=no
 fi
@ -26,7 +26,7 @@ Index: libvirt-1.0.3/configure.ac
 esac
 if test "$with_interface" = "yes" ; then
-@@ -2473,6 +2475,7 @@ LIBVIRT_RESULT_DBUS
+@@ -2488,6 +2490,7 @@ LIBVIRT_RESULT_DBUS
 LIBVIRT_RESULT_FUSE
 LIBVIRT_RESULT_HAL
 LIBVIRT_RESULT_NETCF
@ -34,11 +34,11 @@ Index: libvirt-1.0.3/configure.ac
 LIBVIRT_RESULT_NUMACTL
 LIBVIRT_RESULT_OPENWSMAN
 LIBVIRT_RESULT_PCIACCESS
-Index: libvirt-1.0.3/src/Makefile.am
+Index: libvirt-1.0.5/src/Makefile.am
 ===================================================================
--- libvirt-1.0.3.orig/src/Makefile.am
+--- libvirt-1.0.5.orig/src/Makefile.am
-+++ libvirt-1.0.3/src/Makefile.am
+++ libvirt-1.0.5/src/Makefile.am
-@@ -643,6 +643,10 @@ if WITH_NETCF
+@@ -715,6 +715,10 @@ if WITH_NETCF
 INTERFACE_DRIVER_SOURCES +=					\
 		interface/interface_backend_netcf.c
 endif
@ -49,7 +49,7 @@ Index: libvirt-1.0.3/src/Makefile.am
 if WITH_UDEV
 INTERFACE_DRIVER_SOURCES +=					\
 		interface/interface_backend_udev.c
-@@ -1130,11 +1134,16 @@ if WITH_NETCF
+@@ -1200,11 +1204,16 @@ if WITH_NETCF
 libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
 libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
 else
@ -66,11 +66,11 @@ Index: libvirt-1.0.3/src/Makefile.am
 if WITH_DRIVER_MODULES
 libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
 libvirt_driver_interface_la_LDFLAGS += -module -avoid-version
-Index: libvirt-1.0.3/tools/virsh.c
+Index: libvirt-1.0.5/tools/virsh.c
 ===================================================================
--- libvirt-1.0.3.orig/tools/virsh.c
+--- libvirt-1.0.5.orig/tools/virsh.c
-+++ libvirt-1.0.3/tools/virsh.c
+++ libvirt-1.0.5/tools/virsh.c
-@@ -2812,6 +2812,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
+@@ -2888,6 +2888,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
     vshPrint(ctl, " Interface");
 # if defined(WITH_NETCF)
     vshPrint(ctl, " netcf");
@ -79,10 +79,10 @@ Index: libvirt-1.0.3/tools/virsh.c
 # elif defined(WITH_UDEV)
     vshPrint(ctl, " udev");
 # endif
-Index: libvirt-1.0.3/src/interface/interface_backend_netcf.c
+Index: libvirt-1.0.5/src/interface/interface_backend_netcf.c
 ===================================================================
--- libvirt-1.0.3.orig/src/interface/interface_backend_netcf.c
+--- libvirt-1.0.5.orig/src/interface/interface_backend_netcf.c
-+++ libvirt-1.0.3/src/interface/interface_backend_netcf.c
+++ libvirt-1.0.5/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@
 #include <config.h>
@ -135,7 +135,7 @@ Index: libvirt-1.0.3/src/interface/interface_backend_netcf.c
 static int netcf_to_vir_err(int netcf_errcode)
 {
     switch (netcf_errcode)
-@@ -137,6 +173,10 @@ static virDrvOpenStatus interfaceOpenInt
+@@ -137,6 +173,10 @@ static virDrvOpenStatus netcfInterfaceOp
         goto mutex_error;
     }
@ -146,10 +146,10 @@ Index: libvirt-1.0.3/src/interface/interface_backend_netcf.c
     /* open netcf */
     if (ncf_init(&driverState->netcf, NULL) != 0)
     {
-Index: libvirt-1.0.3/src/interface/interface_driver.c
+Index: libvirt-1.0.5/src/interface/interface_driver.c
 ===================================================================
--- libvirt-1.0.3.orig/src/interface/interface_driver.c
+--- libvirt-1.0.5.orig/src/interface/interface_driver.c
-+++ libvirt-1.0.3/src/interface/interface_driver.c
+++ libvirt-1.0.5/src/interface/interface_driver.c
@@ -28,8 +28,15 @@ interfaceRegister(void) {
     if (netcfIfaceRegister() == 0)
         return 0;
@ -167,10 +167,10 @@ Index: libvirt-1.0.3/src/interface/interface_driver.c
     if (udevIfaceRegister() == 0)
         return 0;
 #endif /* WITH_UDEV */
-Index: libvirt-1.0.3/m4/virt-netcontrol.m4
+Index: libvirt-1.0.5/m4/virt-netcontrol.m4
 ===================================================================
 --- /dev/null
-+++ libvirt-1.0.3/m4/virt-netcontrol.m4
+++ libvirt-1.0.5/m4/virt-netcontrol.m4
@@ -0,0 +1,35 @@
 +dnl The libnetcontrol library
 +dnl
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,60 @@
 -------------------------------------------------------------------
 Sat May 18 09:15:00 MDT 2013 - jfehlig@suse.com
 - fix leak after listing all volumes - CVE-2013-1962
  ca697e90-CVE-2013-1962.patch
  bnc#820397
 - Fix iohelper usage with streams opened for read
  a2214c52-iohelper.patch
 - Cope with missing swap cgroup controls
  f493d83f-cgroup-swap-control.patch
  bnc#819976
 - Fix cgroup handling when setting VCPU BW
  0471637d-cgroups-vcpu-bw.patch
  rhb#963592
 - Escape a leading '.' with '_' in the cgroup names
  0ced83dc-cgroup-escape-dot.patch
 - Add missing documentation on new cgroup layout
  486a86eb-cgroups-docs.patch
 - Another fix related to systems with no cgroups
  c2cf5f1c-no-cgroups-fix.patch
  bnc#819963
 -------------------------------------------------------------------
 Thu May 16 16:25:13 MDT 2013 - jfehlig@suse.com
 - Fix botched backport of commit bbe97ae9
 -------------------------------------------------------------------
 Mon May 13 09:32:56 MDT 2013 - jfehlig@suse.com
 - Fix starting domains when kernel has no cgroups support
  bbe97ae9-no-cgroups.patch
 -------------------------------------------------------------------
 Thu May  2 13:14:00 MDT 2013 - jfehlig@suse.com
 - Update to libvirt 1.0.5
  - PPC64: Add NVRAM device
  - Add XML config for resource partitions
  - Add support for TPM
  - NPIV storage migration support
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
 -------------------------------------------------------------------
 Tue Apr  2 15:26:18 MDT 2013 - jfehlig@suse.com
 - Update to libvirt 1.0.4
  - qemu: support passthrough for iscsi disks
  - various S390 improvements
  - various LXC bugs fixes and improvements
  - add API for thread cancellation
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Drop upstream patches: ce4557c3-apparmor-tapfd-label.patch
    libvirt-iptables-1.4.18.diff
 -------------------------------------------------------------------
 Sun Mar 24 20:05:28 UTC 2013 - seife+obs@b1-systems.com
--- a/libvirt.spec
+++ b/libvirt.spec
@ -334,10 +334,16 @@ BuildRequires:  sanlock-devel >= 2.4
 %if %{with_systemd}
 BuildRequires:  systemd
 %endif
 %if %{with_libvirtd}
 %if 0%{?suse_version} >= 1210
 # For pool-build probing for existing pools
 BuildRequires:  libblkid-devel >= 2.17
 %endif
 %endif
 Name:           libvirt
 Url:            http://libvirt.org/
-Version:        1.0.3
+Version:        1.0.5
 Release:        0
 Summary:        A C toolkit to interact with the virtualization capabilities of Linux
 License:        LGPL-2.1+
@ -417,12 +423,18 @@ Source1:        libvirtd.init
 Source2:        libvirtd-relocation-server.fw
 Source99:       baselibs.conf
 # Upstream patches
-Patch0:         ce4557c3-apparmor-tapfd-label.patch
+Patch0:         f493d83f-cgroup-swap-control.patch
 Patch1:         486a86eb-cgroups-docs.patch
 Patch2:         0ced83dc-cgroup-escape-dot.patch
 Patch3:         bbe97ae9-no-cgroups.patch
 Patch4:         0471637d-cgroups-vcpu-bw.patch
 Patch5:         c2cf5f1c-no-cgroups-fix.patch
 Patch6:         a2214c52-iohelper.patch
 Patch7:         ca697e90-CVE-2013-1962.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
 Patch102:       xen-pv-cdrom.patch
 Patch103:       libvirt-iptables-1.4.18.diff
 # Our patches
 Patch200:       libvirtd-defaults.patch
 Patch201:       libvirtd-init-script.patch
@ -560,10 +572,16 @@ Authors:
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1
 %patch103 -p1
 %patch200 -p1
 %patch201 -p1
 %patch202 -p1
@ -1070,6 +1088,7 @@ fi
 %{_datadir}/libvirt/schemas/storagepool.rng
 %{_datadir}/libvirt/schemas/storagevol.rng
 %{_datadir}/libvirt/cpu_map.xml
 %{_datadir}/libvirt/libvirtLogo.png
 %if %{with_sasl}
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %endif
--- a/libvirtd-defaults.patch
+++ b/libvirtd-defaults.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.0.3/daemon/libvirtd.conf
+Index: libvirt-1.0.5/daemon/libvirtd.conf
 ===================================================================
--- libvirt-1.0.3.orig/daemon/libvirtd.conf
+--- libvirt-1.0.5.orig/daemon/libvirtd.conf
-+++ libvirt-1.0.3/daemon/libvirtd.conf
+++ libvirt-1.0.5/daemon/libvirtd.conf
@@ -18,8 +18,8 @@
 # It is necessary to setup a CA and issue server certificates before
 # using this capability.
@ -13,10 +13,10 @@ Index: libvirt-1.0.3/daemon/libvirtd.conf
 # Listen for unencrypted TCP connections on the public TCP/IP port.
 # NB, must pass the --listen flag to the libvirtd process for this to
-Index: libvirt-1.0.3/daemon/libvirtd-config.c
+Index: libvirt-1.0.5/daemon/libvirtd-config.c
 ===================================================================
--- libvirt-1.0.3.orig/daemon/libvirtd-config.c
+--- libvirt-1.0.5.orig/daemon/libvirtd-config.c
-+++ libvirt-1.0.3/daemon/libvirtd-config.c
+++ libvirt-1.0.5/daemon/libvirtd-config.c
@@ -233,7 +233,7 @@ daemonConfigNew(bool privileged ATTRIBUT
         return NULL;
     }
--- a/libvirtd-init-script.patch
+++ b/libvirtd-init-script.patch
@ -1,9 +1,9 @@
 Adjust libvirtd sysconfig file to conform to SUSE standards
-Index: libvirt-1.0.3/daemon/libvirtd.sysconf
+Index: libvirt-1.0.5/daemon/libvirtd.sysconf
 ===================================================================
--- libvirt-1.0.3.orig/daemon/libvirtd.sysconf
+--- libvirt-1.0.5.orig/daemon/libvirtd.sysconf
-+++ libvirt-1.0.3/daemon/libvirtd.sysconf
+++ libvirt-1.0.5/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@
 +## Path: System/Virtualization/libvirt
 +
--- a/relax-qemu-usergroup-check.patch
+++ b/relax-qemu-usergroup-check.patch
@ -7,11 +7,11 @@ drivers as loadable modules instead of built-in to the
 daemon.  Then the qemu driver would only be loaded when needed,
 which would never be the case on a xen-only configuration.
-Index: libvirt-1.0.3/src/qemu/qemu_conf.c
+Index: libvirt-1.0.5/src/qemu/qemu_conf.c
 ===================================================================
--- libvirt-1.0.3.orig/src/qemu/qemu_conf.c
+--- libvirt-1.0.5.orig/src/qemu/qemu_conf.c
-+++ libvirt-1.0.3/src/qemu/qemu_conf.c
+++ libvirt-1.0.5/src/qemu/qemu_conf.c
-@@ -439,15 +439,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD
+@@ -435,15 +435,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD
     p = virConfGetValue(conf, "user");
     CHECK_TYPE("user", VIR_CONF_STRING);
--- a/support-managed-pci-xen-driver.patch
+++ b/support-managed-pci-xen-driver.patch
@ -8,15 +8,15 @@ Subject: [PATCH] support managed pci devices in xen driver
 src/xenxs/xen_xm.c   |   28 +++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 15 deletions(-)
-Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c
+Index: libvirt-1.0.5/src/xenxs/xen_sxpr.c
 ===================================================================
--- libvirt-1.0.3.orig/src/xenxs/xen_sxpr.c
+--- libvirt-1.0.5.orig/src/xenxs/xen_sxpr.c
-+++ libvirt-1.0.3/src/xenxs/xen_sxpr.c
+++ libvirt-1.0.5/src/xenxs/xen_sxpr.c
@@ -1035,6 +1035,7 @@ xenParseSxprPCI(virDomainDefPtr def,
         int busID;
         int slotID;
         int funcID;
-+        int managed;
+        bool managed;
         node = cur->u.s.car;
         if (!sexpr_lookup(node, "dev"))
@ -30,28 +30,29 @@ Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c
            goto error;
         dev->mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS;
-        dev->managed = 0;
+-        dev->managed = false;
-+        dev->managed = managed;
+        dev->managed = managed ? true : false;
         dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
-         dev->source.subsys.u.pci.domain = domainID;
+         dev->source.subsys.u.pci.addr.domain = domainID;
-         dev->source.subsys.u.pci.bus = busID;
+         dev->source.subsys.u.pci.addr.bus = busID;
-@@ -2044,11 +2047,14 @@ static void
+@@ -2042,11 +2045,15 @@ static void
 xenFormatSxprPCI(virDomainHostdevDefPtr def,
                  virBufferPtr buf)
 {
 -    virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x))",
 +    virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x)",
-                       def->source.subsys.u.pci.domain,
+                       def->source.subsys.u.pci.addr.domain,
-                       def->source.subsys.u.pci.bus,
+                       def->source.subsys.u.pci.addr.bus,
-                       def->source.subsys.u.pci.slot,
+                       def->source.subsys.u.pci.addr.slot,
-                       def->source.subsys.u.pci.function);
+                       def->source.subsys.u.pci.addr.function);
 +
 +    if (def->managed)
 +        virBufferAddLit(buf, "(opts (managed 1))");
 +    virBufferAddLit(buf, ")");
 }
-@@ -2067,12 +2073,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
+@@ -2065,12 +2072,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
                     virBufferPtr buf,
                     int detach)
 {
@ -64,7 +65,7 @@ Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c
     virBufferAddLit(buf, "(pci ");
     xenFormatSxprPCI(def, buf);
     if (detach)
-@@ -2127,12 +2127,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
+@@ -2125,12 +2126,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
     for (i = 0 ; i < def->nhostdevs ; i++) {
         if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
             def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
@ -77,16 +78,16 @@ Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c
             xenFormatSxprPCI(def->hostdevs[i], buf);
         }
     }
-Index: libvirt-1.0.3/src/xenxs/xen_xm.c
+Index: libvirt-1.0.5/src/xenxs/xen_xm.c
 ===================================================================
--- libvirt-1.0.3.orig/src/xenxs/xen_xm.c
+--- libvirt-1.0.5.orig/src/xenxs/xen_xm.c
-+++ libvirt-1.0.3/src/xenxs/xen_xm.c
+++ libvirt-1.0.5/src/xenxs/xen_xm.c
@@ -815,6 +815,8 @@ xenParseXM(virConfPtr conf, int xendConf
             int busID;
             int slotID;
             int funcID;
 +            char *opt;
-+            int managed=0;
+            int managed = 0;
             domain[0] = bus[0] = slot[0] = func[0] = '\0';
@ -129,8 +130,8 @@ Index: libvirt-1.0.3/src/xenxs/xen_xm.c
             if (!(hostdev = virDomainHostdevDefAlloc()))
                goto cleanup;
-            hostdev->managed = 0;
+-            hostdev->managed = false;
-+            hostdev->managed = managed;
+            hostdev->managed = managed ? true : false;
             hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
-             hostdev->source.subsys.u.pci.domain = domainID;
+             hostdev->source.subsys.u.pci.addr.domain = domainID;
-             hostdev->source.subsys.u.pci.bus = busID;
+             hostdev->source.subsys.u.pci.addr.bus = busID;
--- a/suse-qemu-conf.patch
+++ b/suse-qemu-conf.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.0.3/src/qemu/qemu.conf
+Index: libvirt-1.0.5/src/qemu/qemu.conf
 ===================================================================
--- libvirt-1.0.3.orig/src/qemu/qemu.conf
+--- libvirt-1.0.5.orig/src/qemu/qemu.conf
-+++ libvirt-1.0.3/src/qemu/qemu.conf
+++ libvirt-1.0.5/src/qemu/qemu.conf
@@ -169,7 +169,16 @@
 # a special value; security_driver can be set to that value in
 # isolation, but it cannot appear in a list of drivers.
@ -19,7 +19,7 @@ Index: libvirt-1.0.3/src/qemu/qemu.conf
 # If set to non-zero, then the default security labeling
 # will make guests confined. If set to zero, then guests
-@@ -357,6 +366,15 @@
+@@ -365,6 +374,15 @@
 #allow_disk_format_probing = 1
--- a/virtlockd-init-script.patch
+++ b/virtlockd-init-script.patch
@ -1,9 +1,9 @@
 Adjust virtlockd init files to conform to SUSE standards
-Index: libvirt-1.0.3/src/locking/virtlockd.sysconf
+Index: libvirt-1.0.5/src/locking/virtlockd.sysconf
 ===================================================================
--- libvirt-1.0.3.orig/src/locking/virtlockd.sysconf
+--- libvirt-1.0.5.orig/src/locking/virtlockd.sysconf
-+++ libvirt-1.0.3/src/locking/virtlockd.sysconf
+++ libvirt-1.0.5/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
 +## Path: System/Virtualization/virtlockd
 +
@ -12,10 +12,10 @@ Index: libvirt-1.0.3/src/locking/virtlockd.sysconf
 #
 # Pass extra arguments to virtlockd
 #VIRTLOCKD_ARGS=
-Index: libvirt-1.0.3/src/locking/virtlockd.init.in
+Index: libvirt-1.0.5/src/locking/virtlockd.init.in
 ===================================================================
--- libvirt-1.0.3.orig/src/locking/virtlockd.init.in
+--- libvirt-1.0.5.orig/src/locking/virtlockd.init.in
-+++ libvirt-1.0.3/src/locking/virtlockd.init.in
+++ libvirt-1.0.5/src/locking/virtlockd.init.in
@@ -4,11 +4,13 @@
 # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
 #
--- a/xen-name-for-devid.patch
+++ b/xen-name-for-devid.patch
@ -14,10 +14,10 @@
    is inactive.  We obviously can't search xenstore when the domain is
    inactive.
-Index: libvirt-1.0.3/src/xen/xend_internal.c
+Index: libvirt-1.0.5/src/xen/xend_internal.c
 ===================================================================
--- libvirt-1.0.3.orig/src/xen/xend_internal.c
+--- libvirt-1.0.5.orig/src/xen/xend_internal.c
-+++ libvirt-1.0.3/src/xen/xend_internal.c
+++ libvirt-1.0.5/src/xen/xend_internal.c
@@ -60,8 +60,8 @@
 #define XEND_RCV_BUF_MAX_LEN (256 * 1024)
@ -48,7 +48,7 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
                        _("requested device does not exist"));
         goto cleanup;
@@ -2790,7 +2790,7 @@ xenDaemonDetachDeviceFlags(virDomainPtr
-                                         def, xml, VIR_DOMAIN_XML_INACTIVE)))
+                                         VIR_DOMAIN_XML_INACTIVE)))
         goto cleanup;
 -    if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref)))
@ -56,7 +56,7 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
         goto cleanup;
     if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
-@@ -3682,21 +3682,22 @@ struct xenUnifiedDriver xenDaemonDriver
+@@ -3682,31 +3682,32 @@ struct xenUnifiedDriver xenDaemonDriver
 /**
  * virDomainXMLDevID:
  * @domain: pointer to domain object
@ -83,10 +83,10 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
                   virDomainDeviceDefPtr dev,
                   char *class,
                   char *ref,
-@@ -3704,9 +3705,11 @@ virDomainXMLDevID(virDomainPtr domain,
+                   int ref_len)
 {
-     xenUnifiedPrivatePtr priv = domain->conn->privateData;
+-    xenUnifiedPrivatePtr priv = domain->conn->privateData;
-     char *xref;
+-    char *xref;
 -    char *tmp;
 +    unsigned int i;
@ -96,7 +96,7 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
         if (dev->data.disk->driverName &&
             STREQ(dev->data.disk->driverName, "tap"))
             strcpy(class, "tap");
-@@ -3716,19 +3719,17 @@ virDomainXMLDevID(virDomainPtr domain,
+@@ -3716,19 +3717,17 @@ virDomainXMLDevID(virDomainPtr domain,
         else
             strcpy(class, "vbd");
@ -125,15 +125,14 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
 +        }
 +        return -1;
     } else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
-         char mac[30];
+         char mac[VIR_MAC_STRING_BUFLEN];
         virDomainNetDefPtr def = dev->data.net;
-@@ -3738,17 +3739,22 @@ virDomainXMLDevID(virDomainPtr domain,
+@@ -3736,16 +3735,22 @@ virDomainXMLDevID(virDomainPtr domain,
         strcpy(class, "vif");
 -        xenUnifiedLock(priv);
-        xref = xenStoreDomainGetNetworkID(domain->conn, domain->id,
+-        xref = xenStoreDomainGetNetworkID(domain->conn, domain->id, mac);
 -                                          mac);
 -        xenUnifiedUnlock(priv);
 -        if (xref == NULL)
 -            return -1;
@ -161,7 +160,7 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
     } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
                dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
                dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
-@@ -3766,17 +3772,44 @@ virDomainXMLDevID(virDomainPtr domain,
+@@ -3763,17 +3768,44 @@ virDomainXMLDevID(virDomainPtr domain,
         strcpy(class, "pci");
@ -182,10 +181,10 @@ Index: libvirt-1.0.3/src/xen/xend_internal.c
 +                continue;
 +
 +            if (virAsprintf(&dst_bdf, "%04x:%02x:%02x.%0x",
-+                            hostdev->source.subsys.u.pci.domain,
+                            hostdev->source.subsys.u.pci.addr.domain,
-+                            hostdev->source.subsys.u.pci.bus,
+                            hostdev->source.subsys.u.pci.addr.bus,
-+                            hostdev->source.subsys.u.pci.slot,
+                            hostdev->source.subsys.u.pci.addr.slot,
-+                            hostdev->source.subsys.u.pci.function) < 0) {
+                            hostdev->source.subsys.u.pci.addr.function) < 0) {
 +                virReportOOMError();
 +                VIR_FREE(bdf);
 +                return -1;
--- a/xen-pv-cdrom.patch
+++ b/xen-pv-cdrom.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c
+Index: libvirt-1.0.5/src/xenxs/xen_sxpr.c
 ===================================================================
--- libvirt-1.0.3.orig/src/xenxs/xen_sxpr.c
+--- libvirt-1.0.5.orig/src/xenxs/xen_sxpr.c
-+++ libvirt-1.0.3/src/xenxs/xen_sxpr.c
+++ libvirt-1.0.5/src/xenxs/xen_sxpr.c
@@ -341,7 +341,7 @@ error:
 static int
 xenParseSxprDisks(virDomainDefPtr def,