api: disallow virConnect*HypervisorCPU on read-only connections

These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> (cherry picked from commit bf6c2830b6) Signed-off-by: Ján Tomko <jtomko@redhat.com>
api: disallow virConnectGetDomainCapabilities on read-only connections
2025-10-16 23:33:52 +03:00 · 2019-06-24 09:36:00 +02:00 · 2019-06-24 09:35:56 +02:00 · 2019-06-24 09:35:53 +02:00 · 2019-06-24 09:35:48 +02:00 · 2019-05-21 13:27:45 +01:00
2395 changed files with 104215 additions and 36214 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,6 @@
 *.gcov
 *.html
 *.i
-*.init
 *.la
 *.lo
 *.loT
@@ -190,7 +189,6 @@
 /tools/virt-admin
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
-/tools/wireshark/src/plugin.c
 /tools/wireshark/src/libvirt
 /update.log
 GPATH
--- a/.gnulib
+++ b/.gnulib
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,13 +11,11 @@ matrix:
        - docker
      env:
        - IMAGE="ubuntu-18"
-        - DISTCHECK_CONFIGURE_FLAGS="--with-init-script=systemd"
        - DOCKER_CMD="$LINUX_CMD"
    - services:
        - docker
      env:
        - IMAGE="centos-7"
-        - DISTCHECK_CONFIGURE_FLAGS="--with-init-script=upstart"
        - DOCKER_CMD="$LINUX_CMD"
    - services:
        - docker
@@ -45,7 +43,6 @@ script:
      -w /build
      -e VIR_TEST_DEBUG="$VIR_TEST_DEBUG"
      -e MINGW="$MINGW"
-      -e DISTCHECK_CONFIGURE_FLAGS="$DISTCHECK_CONFIGURE_FLAGS"
      "quay.io/libvirt/buildenv-$IMAGE:master"
      /bin/sh -xc "$DOCKER_CMD"

@@ -58,7 +55,7 @@ env:
    - LINUX_CMD="
        ./autogen.sh &&
        make -j3 syntax-check &&
-        make -j3 distcheck DISTCHECK_CONFIGURE_FLAGS=\"\$DISTCHECK_CONFIGURE_FLAGS\" ||
+        make -j3 distcheck ||
        (
          echo '=== LOG FILE(S) START ===';
          find -name test-suite.log | xargs cat;
--- a/Makefile.am
+++ b/Makefile.am
@@ -16,15 +16,15 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.

-LCOV = lcov
-GENHTML = genhtml
-
 SUBDIRS = . gnulib/lib include/libvirt src tools docs gnulib/tests \
  tests po examples

 XZ_OPT ?= -v -T0
 export XZ_OPT

+# have gnulib 'make coverage' output to 'cov' dir
+COVERAGE_OUT = "cov"
+
 ACLOCAL_AMFLAGS = -I m4

 EXTRA_DIST = \
@@ -77,20 +77,6 @@ check-local: all tests
 check-access:
 	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)

-cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
-	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
-	  -d $(top_builddir)/src \
-	  -d $(top_builddir)/tests
-	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
-	  -o $(top_builddir)/coverage/libvirt.info
-	rm $(top_builddir)/coverage/libvirt.info.tmp
-	$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
-	  --legend $(top_builddir)/coverage/libvirt.info
-
-clean-cov:
-	rm -rf $(top_builddir)/coverage
-
 MAINTAINERCLEANFILES = .git-module-status

 dist-hook: gen-ChangeLog gen-AUTHORS
--- a/37
+++ b/37
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2018-07-01.02; # UTC
+scriptversion=2019-01-04.17; # UTC

 # Bootstrap this package from checked-out sources.

-# Copyright (C) 2003-2018 Free Software Foundation, Inc.
+# Copyright (C) 2003-2019 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -142,6 +142,9 @@ die() { warn_ "$@"; exit 1; }

 # Configuration.

+# Name of the Makefile.am
+gnulib_mk=gnulib.mk
+
 # List of gnulib modules needed.
 gnulib_modules=

@@ -159,18 +162,11 @@ bootstrap_post_import_hook() { :; }
 # Override it via your own definition in bootstrap.conf.
 bootstrap_epilogue() { :; }

-# The command to download all .po files for a specified domain into
-# a specified directory.  Fill in the first %s is the domain name, and
-# the second with the destination directory.  Use rsync's -L and -r
-# options because the latest/%s directory and the .po files within are
-# all symlinks.
+# The command to download all .po files for a specified domain into a
+# specified directory.  Fill in the first %s with the destination
+# directory and the second with the domain name.
 po_download_command_format=\
-"rsync --delete --exclude '*.s1' -Lrtvz \
- 'translationproject.org::tp/latest/%s/' '%s'"
-
-# Fallback for downloading .po files (if rsync fails).
-po_download_command_format2=\
-"wget --mirror -nd -q -np -A.po -P '%s' \
+"wget --mirror --level=1 -nd -q -A.po -P '%s' \
 https://translationproject.org/latest/%s/"

 # Prefer a non-empty tarname (4th argument of AC_INIT if given), else
@@ -738,10 +734,7 @@ download_po_files() {
  subdir=$1
  domain=$2
  echo "$me: getting translations into $subdir for $domain..."
-  cmd=$(printf "$po_download_command_format" "$domain" "$subdir")
-  eval "$cmd" && return
-  # Fallback to HTTPS.
-  cmd=$(printf "$po_download_command_format2" "$subdir" "$domain")
+  cmd=$(printf "$po_download_command_format" "$subdir" "$domain")
  eval "$cmd"
 }

@@ -970,6 +963,16 @@ fi
 bootstrap_post_import_hook \
  || die "bootstrap_post_import_hook failed"

+# Don't proceed if there are uninitialized submodules.  In particular,
+# the next step will remove dangling links, which might be links into
+# uninitialized submodules.
+#
+# Uninitialized submodules are listed with an initial dash.
+if $use_git && git submodule | grep '^-' >/dev/null; then
+  die "some git submodules are not initialized. "     \
+      "Run 'git submodule init' and bootstrap again."
+fi
+
 # Remove any dangling symlink matching "*.m4" or "*.[ch]" in some
 # gnulib-populated directories.  Such .m4 files would cause aclocal to fail.
 # The following requires GNU find 4.2.3 or newer.  Considering the usual
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -10,7 +10,7 @@
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# GNU Lesser General Public License for more details.

 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
--- a/build-aux/augeas-gentest.pl
+++ b/build-aux/augeas-gentest.pl
@@ -16,9 +16,6 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>

 use strict;
 use warnings;
--- a/build-aux/check-spacing.pl
+++ b/build-aux/check-spacing.pl
@@ -16,9 +16,6 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>

 use strict;
 use warnings;
--- a/build-aux/header-ifdef.pl
+++ b/build-aux/header-ifdef.pl
@@ -0,0 +1,156 @@
+#!/usr/bin/perl
+#
+# Validate that header files follow a standard layout:
+#
+# /*
+#  ...copyright header...
+#  */
+# <one blank line>
+# #ifndef SYMBOL
+# # define SYMBOL
+# ....content....
+# #endif /* SYMBOL */
+#
+# For any file ending priv.h, before the #ifndef
+# We will have a further section
+#
+# #ifndef SYMBOL_ALLOW
+# # error ....
+# #endif /* SYMBOL_ALLOW */
+# <one blank line>
+
+use strict;
+use warnings;
+
+my $STATE_COPYRIGHT_COMMENT = 0;
+my $STATE_COPYRIGHT_BLANK = 1;
+my $STATE_PRIV_START = 2;
+my $STATE_PRIV_ERROR = 3;
+my $STATE_PRIV_END = 4;
+my $STATE_PRIV_BLANK = 5;
+my $STATE_GUARD_START = 6;
+my $STATE_GUARD_DEFINE = 7;
+my $STATE_GUARD_END = 8;
+my $STATE_EOF = 9;
+
+my $file = " ";
+my $ret = 0;
+my $ifdef = "";
+my $ifdefpriv = "";
+
+my $state = $STATE_EOF;
+my $mistake = 0;
+
+sub mistake {
+    my $msg = shift;
+    warn $msg;
+    $mistake = 1;
+    $ret = 1;
+}
+
+while (<>) {
+    if (not $file eq $ARGV) {
+        if ($state == $STATE_COPYRIGHT_COMMENT) {
+            &mistake("$file: missing copyright comment");
+        } elsif ($state == $STATE_COPYRIGHT_BLANK) {
+            &mistake("$file: missing blank line after copyright header");
+        } elsif ($state == $STATE_PRIV_START) {
+            &mistake("$file: missing '#ifndef $ifdefpriv'");
+        } elsif ($state == $STATE_PRIV_ERROR) {
+            &mistake("$file: missing '# error ...priv allow...'");
+        } elsif ($state == $STATE_PRIV_END) {
+            &mistake("$file: missing '#endif /* $ifdefpriv */'");
+        } elsif ($state == $STATE_PRIV_BLANK) {
+            &mistake("$file: missing blank line after priv header check");
+        } elsif ($state == $STATE_GUARD_START) {
+            &mistake("$file: missing '#ifndef $ifdef'");
+        } elsif ($state == $STATE_GUARD_DEFINE) {
+            &mistake("$file: missing '# define $ifdef'");
+        } elsif ($state == $STATE_GUARD_END) {
+            &mistake("$file: missing '#endif /* $ifdef */'");
+        }
+
+        $ifdef = uc $ARGV;
+        $ifdef =~ s,.*/,,;
+        $ifdef =~ s,[^A-Z0-9],_,g;
+        $ifdef =~ s,__+,_,g;
+        unless ($ifdef =~ /^LIBVIRT_/ && $ARGV !~ /libvirt_internal.h/) {
+            $ifdef = "LIBVIRT_" . $ifdef;
+        }
+        $ifdefpriv = $ifdef . "_ALLOW";
+
+        $file = $ARGV;
+        $state = $STATE_COPYRIGHT_COMMENT;
+        $mistake = 0;
+    }
+
+    if ($mistake ||
+        $ARGV =~ /config-post\.h$/ ||
+        $ARGV =~ /vbox_(CAPI|XPCOM)/) {
+        $state = $STATE_EOF;
+        next;
+    }
+
+    if ($state == $STATE_COPYRIGHT_COMMENT) {
+        if (m,\*/,) {
+            $state = $STATE_COPYRIGHT_BLANK;
+        }
+    } elsif ($state == $STATE_COPYRIGHT_BLANK) {
+        if (! /^$/) {
+            &mistake("$file: missing blank line after copyright header");
+        }
+        if ($ARGV =~ /priv\.h$/) {
+            $state = $STATE_PRIV_START;
+        } else {
+            $state = $STATE_GUARD_START;
+        }
+    } elsif ($state == $STATE_PRIV_START) {
+        if (/^$/) {
+            &mistake("$file: too many blank lines after coyright header");
+        } elsif (/#ifndef $ifdefpriv$/) {
+            $state = $STATE_PRIV_ERROR;
+        } else {
+            &mistake("$file: missing '#ifndef $ifdefpriv'");
+        }
+    } elsif ($state == $STATE_PRIV_ERROR) {
+        if (/# error ".*"$/) {
+            $state = $STATE_PRIV_END;
+        } else {
+            &mistake("$file: missing '#error ...priv allow...'");
+        }
+    } elsif ($state == $STATE_PRIV_END) {
+        if (m,#endif /\* $ifdefpriv \*/,) {
+            $state = $STATE_PRIV_BLANK;
+        } else {
+            &mistake("$file: missing '#endif /* $ifdefpriv */'");
+        }
+    } elsif ($state == $STATE_PRIV_BLANK) {
+        if (! /^$/) {
+            &mistake("$file: missing blank line after priv guard");
+        }
+        $state = $STATE_GUARD_START;
+    } elsif ($state == $STATE_GUARD_START) {
+        if (/^$/) {
+            &mistake("$file: too many blank lines after coyright header");
+        } elsif (/#ifndef $ifdef$/) {
+            $state = $STATE_GUARD_DEFINE;
+        } else {
+            &mistake("$file: missing '#ifndef $ifdef'");
+        }
+    } elsif ($state == $STATE_GUARD_DEFINE) {
+        if (/# define $ifdef$/) {
+            $state = $STATE_GUARD_END;
+        } else {
+            &mistake("$file: missing '# define $ifdef'");
+        }
+    } elsif ($state == $STATE_GUARD_END) {
+        if (m,#endif /\* $ifdef \*/$,) {
+            $state = $STATE_EOF;
+        }
+    } elsif ($state == $STATE_EOF) {
+        die "$file: unexpected content after '#endif /* $ifdef */'";
+    } else {
+        die "$file: unexpected state $state";
+    }
+}
+exit $ret;
--- a/cfg.mk
+++ b/cfg.mk
@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2015 Red Hat, Inc.
+# Copyright (C) 2008-2019 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
@@ -120,7 +120,6 @@ useless_free_options = \
  --name=virConfFreeValue \
  --name=virDomainActualNetDefFree \
  --name=virDomainChrDefFree \
-  --name=virDomainChrSourceDefFree \
  --name=virDomainControllerDefFree \
  --name=virDomainDefFree \
  --name=virDomainDeviceDefFree \
@@ -305,10 +304,11 @@ sc_flags_usage:
 	    $(srcdir)/include/libvirt/libvirt-qemu.h \
 	    $(srcdir)/include/libvirt/libvirt-lxc.h \
 	    $(srcdir)/include/libvirt/libvirt-admin.h \
-	  | grep -c '\(long\|unsigned\) flags')" != 4 && \
+	  | $(GREP) -c '\(long\|unsigned\) flags')" != 4 && \
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2; \
 	    exit 1; } || :
 	@prohibit=' flags ATTRIBUTE_UNUSED' \
+	exclude='virSecurityDomainImageLabelFlags' \
 	halt='flags should be checked with virCheckFlags' \
 	  $(_sc_search_regexp)
 	@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]' \
@@ -639,10 +639,12 @@ sc_libvirt_unmarked_diagnostics:
 	exclude='_\(' \
 	halt='found unmarked diagnostic(s)' \
 	  $(_sc_search_regexp)
-	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT)); \
-	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | $(SED) 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//' \
-	   | grep '[	 ]"' && \
+	@{ $(VC_LIST_EXCEPT) | xargs \
+		$(GREP)     -nE '\<$(func_re) *\(.*;$$' /dev/null; \
+	   $(VC_LIST_EXCEPT) | xargs \
+		$(GREP) -A1 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
+	   | $(SED) -E 's/_\("([^\"]|\\.)+"//;s/"%s"//' \
+	   | $(GREP) '"' && \
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2; \
 	    exit 1; } || :

@@ -654,9 +656,9 @@ sc_libvirt_unmarked_diagnostics:
 # there are functions to which this one applies but that do not get marked
 # diagnostics.
 sc_prohibit_newline_at_end_of_diagnostic:
-	@grep -A2 -nE \
-	    '\<$(func_re) *\(' $$($(VC_LIST_EXCEPT)) \
-	    | grep '\\n"' \
+	@$(VC_LIST_EXCEPT) | xargs $(GREP) -A2 -nE \
+	    '\<$(func_re) *\(' /dev/null \
+	    | $(GREP) '\\n"' \
 	  && { echo '$(ME): newline at end of message(s)' 1>&2; \
 	    exit 1; } || :

@@ -664,12 +666,14 @@ sc_prohibit_newline_at_end_of_diagnostic:
 # allow VIR_ERROR to do this, and ignore functions that take a single
 # string rather than a format argument.
 sc_prohibit_diagnostic_without_format:
-	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT)); \
-	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
+	@{ $(VC_LIST_EXCEPT) | xargs \
+		$(GREP)     -nE '\<$(func_re) *\(.*;$$' /dev/null; \
+	   $(VC_LIST_EXCEPT) | xargs \
+		$(GREP) -A2 -nE '\<$(func_re) *\(.*,$$' /dev/null; } \
 	   | $(SED) -rn -e ':l; /[,"]$$/ {N;b l;}' \
 		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d' \
 		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p' \
-           | grep -vE 'VIR_ERROR' && \
+           | $(GREP) -vE 'VIR_ERROR' && \
 	  { echo '$(ME): found diagnostic without %' 1>&2; \
 	    exit 1; } || :

@@ -687,16 +691,16 @@ sc_prohibit_useless_translation:
 # When splitting a diagnostic across lines, ensure that there is a space
 # or \n on one side of the split.
 sc_require_whitespace_in_translation:
-	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT)) \
+	@$(VC_LIST_EXCEPT) | xargs $(GREP) -n -A1 '"$$' /dev/null \
 	   | $(SED) -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g' \
-		-e '/_(.*[^\ ]""[^\ ]/p' | grep . && \
+		-e '/_(.*[^\ ]""[^\ ]/p' | $(GREP) . && \
 	  { echo '$(ME): missing whitespace at line split' 1>&2; \
 	    exit 1; } || :

 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then \
-	  $(VC_LIST_EXCEPT) | grep -E '\.[ch](\.in)?$$' | xargs cppi -a -c \
+	  $(VC_LIST_EXCEPT) | $(GREP) -E '\.[ch](\.in)?$$' | xargs cppi -a -c \
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
 		exit 1; }; \
 	else \
@@ -707,13 +711,13 @@ sc_preprocessor_indentation:
 # (comment-only) C file that mirrors the same layout as the spec file.
 sc_spec_indentation:
 	@if cppi --version >/dev/null 2>&1; then \
-	  for f in $$($(VC_LIST_EXCEPT) | grep '\.spec\.in$$'); do \
+	  for f in $$($(VC_LIST_EXCEPT) | $(GREP) '\.spec\.in$$'); do \
 	    $(SED) -e 's|#|// #|; s|%ifn*\(arch\)* |#if a // |' \
 		-e 's/%\(else\|endif\|define\)/#\1/' \
 		-e 's/^\( *\)\1\1\1#/#\1/' \
 		-e 's|^\( *[^#/ ]\)|// \1|; s|^\( */[^/]\)|// \1|' $$f \
 	    | cppi -a -c 2>&1 | $(SED) "s|standard input|$$f|"; \
-	  done | { if grep . >&2; then false; else :; fi; } \
+	  done | { if $(GREP) . >&2; then false; else :; fi; } \
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2; \
 		exit 1; }; \
 	else \
@@ -803,11 +807,12 @@ sc_prohibit_cross_inclusion:
 # When converting an enum to a string, make sure that we track any new
 # elements added to the enum by using a _LAST marker.
 sc_require_enum_last_marker:
-	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT)) \
+	@$(VC_LIST_EXCEPT) | xargs \
+		$(GREP) -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' /dev/null \
 	   | $(SED) -ne '/VIR_ENUM_IMPL[^,]*,$$/N' \
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p' \
 	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p' \
-	   | grep . && \
+	   | $(GREP) . && \
 	  { echo '$(ME): enum impl needs to use _LAST marker' 1>&2; \
 	    exit 1; } || :

@@ -866,8 +871,7 @@ sc_prohibit_atoi:
 	  $(_sc_search_regexp)

 sc_prohibit_wrong_filename_in_comment:
-	@fail=0; \
-	awk 'BEGIN { \
+	@$(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$'	| xargs awk 'BEGIN { \
 	  fail=0; \
 	} FNR < 3 { \
 	  n=match($$0, /[[:space:]][^[:space:]]*[.][ch][[:space:]:]/); \
@@ -883,11 +887,8 @@ sc_prohibit_wrong_filename_in_comment:
 	  if (fail == 1) { \
 	    exit 1; \
 	  } \
-	}' $$($(VC_LIST_EXCEPT) | grep '\.[ch]$$') || fail=1; \
-	if test $$fail -eq 1; then \
-	  { echo '$(ME): The file name in comments must match the' \
-	    'actual file name' 1>&2; exit 1; } \
-	fi;
+	}' || { echo '$(ME): The file name in comments must match the' \
+	    'actual file name' 1>&2; exit 1; }

 sc_prohibit_virConnectOpen_in_virsh:
 	@prohibit='\bvirConnectOpen[a-zA-Z]* *\(' \
@@ -918,22 +919,21 @@ sc_require_if_else_matching_braces:
 	  $(_sc_search_regexp)

 sc_curly_braces_style:
-	@files=$$($(VC_LIST_EXCEPT) | grep '\.[ch]$$'); \
-	if $(GREP) -nHP \
+	@if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs $(GREP) -nHP \
 '^\s*(?!([a-zA-Z_]*for_?each[a-zA-Z_]*) ?\()([_a-zA-Z0-9]+( [_a-zA-Z0-9]+)* ?\()?(\*?[_a-zA-Z0-9]+(,? \*?[_a-zA-Z0-9\[\]]+)+|void)\) ?\{' \
-	$$files; then \
+	/dev/null; then \
 	  echo '$(ME): Non-K&R style used for curly braces around' \
 	    'function body' 1>&2; exit 1; \
 	fi; \
-	if $(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$'\
-	  $$files | $(GREP) '^[^ ]*- *{'; then \
+	if $(VC_LIST_EXCEPT) | $(GREP) '\.[ch]$$' | xargs \
+	    $(GREP) -A1 -En ' ((if|for|while|switch) \(|(else|do)\b)[^{]*$$' \
+	    /dev/null | $(GREP) '^[^ ]*- *{'; then \
 	  echo '$(ME): Use hanging braces for compound statements' 1>&2; exit 1; \
 	fi

 sc_prohibit_windows_special_chars_in_filename:
-	@files=$$($(VC_LIST_EXCEPT) | grep '[:*?"<>|]'); \
-	test -n "$$files" && { echo '$(ME): Windows special chars' \
-	  'in filename not allowed:' 1>&2; echo $$files 1>&2; exit 1; } || :
+	@$(VC_LIST_EXCEPT) | $(GREP) '[:*?"<>|]' && \
+	{ echo '$(ME): Windows special chars in filename not allowed' 1>&2; echo exit 1; } || :

 sc_prohibit_mixed_case_abbreviations:
 	@prohibit='Pci|Usb|Scsi' \
@@ -949,11 +949,11 @@ sc_require_locale_h:
 	  $(_sc_search_regexp)

 sc_prohibit_empty_first_line:
-	@awk 'BEGIN { fail=0; } \
+	@$(VC_LIST_EXCEPT) | xargs awk 'BEGIN { fail=0; } \
 	FNR == 1 { if ($$0 == "") { print FILENAME ":1:"; fail=1; } } \
 	END { if (fail == 1) { \
 	  print "$(ME): Prohibited empty first line" > "/dev/stderr"; \
-	} exit fail; }' $$($(VC_LIST_EXCEPT));
+	} exit fail; }'

 sc_prohibit_paren_brace:
 	@prohibit='\)\{$$' \
@@ -996,8 +996,9 @@ sc_prohibit_sysconf_pagesize:
 	  $(_sc_search_regexp)

 sc_prohibit_virSecurity:
-	@grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep 'src/qemu/' | \
-		grep -v 'src/qemu/qemu_security') && \
+	@$(VC_LIST_EXCEPT) | $(GREP) 'src/qemu/' | \
+		$(GREP) -v 'src/qemu/qemu_security' | \
+		xargs $(GREP) -Pn 'virSecurityManager(?!Ptr)' /dev/null && \
 		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :

 sc_prohibit_pthread_create:
@@ -1050,6 +1051,11 @@ sc_prohibit_http_urls:
 	halt='Links must use https:// protocol' \
 	  $(_sc_search_regexp)

+sc_prohibit_author:
+	@prohibit="(\*|#)\s*(A|a)uthors?:" \
+	halt="Author: statements are prohibited in source comments" \
+	  $(_sc_search_regexp)
+
 # Alignment is usually achieved through spaces (at least two of them)
 # or tabs (at least one of them) right before the trailing backslash
 sc_prohibit_backslash_alignment:
@@ -1061,14 +1067,23 @@ sc_prohibit_backslash_alignment:
 # Some syntax rules pertaining to the usage of cleanup macros
 # implementing GNU C's cleanup attribute

-# Rule to ensure that varibales declared using a cleanup macro are
+# Rule to ensure that variables declared using a cleanup macro are
 # always initialized.
 sc_require_attribute_cleanup_initialization:
-	@prohibit='VIR_AUTO((FREE|PTR)\(.+\)|CLOSE) *[^=]+;' \
+	@prohibit='VIR_AUTO((FREE|PTR|UNREF|CLEAN)\(.+\)|CLOSE|STRINGLIST) *[^=]+;' \
 	in_vc_files='\.[chx]$$' \
 	halt='variable declared with a cleanup macro must be initialized' \
 	  $(_sc_search_regexp)

+# "class" in headers is not good because by default Vim treats it as a keyword
+# Let's prohibit it in source files as well.
+sc_prohibit_class:
+	@prohibit=' +_?class *;' \
+	in_vc_files='\.[chx]$$' \
+	halt='use klass instead of class or _class' \
+	  $(_sc_search_regexp)
+
+
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null

@@ -1117,29 +1132,34 @@ _autogen_error:

 ifneq ($(_gl-Makefile),)
 syntax-check: spacing-check test-wrap-argv \
-	prohibit-duplicate-header mock-noinline group-qemu-caps
+	prohibit-duplicate-header mock-noinline group-qemu-caps \
+        header-ifdef
 endif

 # Don't include duplicate header in the source (either *.c or *.h)
 prohibit-duplicate-header:
-	$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
-	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
+	$(AM_V_GEN)$(VC_LIST_EXCEPT) | $(GREP) '\.[chx]$$' | xargs \
+	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl

 spacing-check:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
+	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.c$$' | xargs \
+	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl || \
 	  { echo '$(ME): incorrect formatting' 1>&2; exit 1; }

 mock-noinline:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.[ch]$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/mock-noinline.pl $$files
+	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[ch]$$' | xargs \
+	$(PERL) $(top_srcdir)/build-aux/mock-noinline.pl
+
+header-ifdef:
+	$(AM_V_GEN)$(VC_LIST) | $(GREP) '\.[h]$$' | xargs \
+	$(PERL) $(top_srcdir)/build-aux/header-ifdef.pl

 test-wrap-argv:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
+	$(AM_V_GEN)$(VC_LIST) | $(GREP) -E '\.(ldargs|args)' | xargs \
+	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check

 group-qemu-caps:
-	$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/
+	$(AM_V_GEN)$(PERL) $(top_srcdir)/tests/group-qemu-caps.pl --check $(top_srcdir)/

 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
@@ -1178,7 +1198,7 @@ exclude_file_name_regexp--sc_copyright_usage = \
  ^COPYING(|\.LESSER)$$

 exclude_file_name_regexp--sc_flags_usage = \
-  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock|virfilewrapper)\.c$$)
+  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/((vir(cgroup|pci|test|usb)|nss|qemuxml2argv|qemusecurity)mock|virfilewrapper)\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1201,7 +1221,7 @@ exclude_file_name_regexp--sc_prohibit_strdup = \
  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c|tests/commandhelper\.c$$)

 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c|tests/commandhelper\.c)$$)
+  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/(vir.+mock\.c|commandhelper\.c|qemusecuritymock\.c))$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
  (^tests/(virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
@@ -1222,7 +1242,7 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
  ^src/rpc/gendispatch\.pl$$

 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
+  ^((po|tests|examples/admin)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)

 exclude_file_name_regexp--sc_prohibit_select = \
 	^cfg\.mk$$
@@ -1271,7 +1291,7 @@ exclude_file_name_regexp--sc_correct_id_types = \
 exclude_file_name_regexp--sc_m4_quote_check = m4/virt-lib.m4

 exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
-  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)
+  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.c$$)

 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
  ^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)
--- a/config-post.h
+++ b/config-post.h
@@ -19,7 +19,7 @@
 /*
 * Since virt-login-shell will be setuid, we must do everything
 * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __atttribute__((constructor)).
+ * unsafe things in functions marked __attribute__((constructor)).
 * The only way to avoid such deps is to re-compile the
 * functions with the code in question disabled, and for that we
 * must override the main config.h rules. Hence this file :-(
@@ -69,7 +69,6 @@
 # undef WITH_VIRTUALPORT
 # undef WITH_SECDRIVER_SELINUX
 # undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
 #endif /* LIBVIRT_NSS */

 #ifndef __GNUC__
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@ dnl You should have received a copy of the GNU Lesser General Public
 dnl License along with this library.  If not, see
 dnl <http://www.gnu.org/licenses/>.

-AC_INIT([libvirt], [4.10.0], [libvir-list@redhat.com], [], [https://libvirt.org])
+AC_INIT([libvirt], [5.2.0], [libvir-list@redhat.com], [], [https://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@@ -225,7 +225,6 @@ if test "$with_libvirtd" = "no" ; then
  with_qemu=no
  with_lxc=no
  with_libxl=no
-  with_uml=no
  with_vbox=no
 fi

@@ -247,6 +246,7 @@ LIBVIRT_ARG_CAPNG
 LIBVIRT_ARG_CURL
 LIBVIRT_ARG_DBUS
 LIBVIRT_ARG_FIREWALLD
+LIBVIRT_ARG_FIREWALLD_ZONE
 LIBVIRT_ARG_FUSE
 LIBVIRT_ARG_GLUSTER
 LIBVIRT_ARG_HAL
@@ -287,6 +287,7 @@ LIBVIRT_CHECK_DBUS
 LIBVIRT_CHECK_DEVMAPPER
 LIBVIRT_CHECK_DLOPEN
 LIBVIRT_CHECK_FIREWALLD
+LIBVIRT_CHECK_FIREWALLD_ZONE
 LIBVIRT_CHECK_FUSE
 LIBVIRT_CHECK_GLUSTER
 LIBVIRT_CHECK_GNUTLS
@@ -445,7 +446,6 @@ LIBVIRT_DRIVER_ARG_VBOX
 LIBVIRT_DRIVER_ARG_LXC
 LIBVIRT_DRIVER_ARG_VZ
 LIBVIRT_DRIVER_ARG_BHYVE
-LIBVIRT_DRIVER_ARG_UML
 LIBVIRT_DRIVER_ARG_ESX
 LIBVIRT_DRIVER_ARG_HYPERV
 LIBVIRT_DRIVER_ARG_TEST
@@ -464,7 +464,6 @@ LIBVIRT_DRIVER_CHECK_VBOX
 LIBVIRT_DRIVER_CHECK_LXC
 LIBVIRT_DRIVER_CHECK_VZ
 LIBVIRT_DRIVER_CHECK_BHYVE
-LIBVIRT_DRIVER_CHECK_UML
 LIBVIRT_DRIVER_CHECK_ESX
 LIBVIRT_DRIVER_CHECK_HYPERV
 LIBVIRT_DRIVER_CHECK_TEST
@@ -739,23 +738,6 @@ fi
 AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
 AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])

-LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
-case "$enable_test_coverage" in
-  yes|no) ;;
-  *) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
-esac
-
-if test "$enable_test_coverage" = yes; then
-  save_WARN_CFLAGS=$WARN_CFLAGS
-  WARN_CFLAGS=
-  gl_WARN_ADD([-fprofile-arcs])
-  gl_WARN_ADD([-ftest-coverage])
-  COVERAGE_FLAGS=$WARN_CFLAGS
-  AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
-  AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
-  WARN_CFLAGS=$save_WARN_CFLAGS
-fi
-
 LIBVIRT_ARG_ENABLE([TEST_OOM], [memory allocation failure checking], [no])
 case "$enable_test_oom" in
  yes|no) ;;
@@ -947,7 +929,6 @@ AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Drivers])
 AC_MSG_NOTICE([])
 LIBVIRT_DRIVER_RESULT_QEMU
-LIBVIRT_DRIVER_RESULT_UML
 LIBVIRT_DRIVER_RESULT_OPENVZ
 LIBVIRT_DRIVER_RESULT_VMWARE
 LIBVIRT_DRIVER_RESULT_VBOX
@@ -1004,6 +985,7 @@ LIBVIRT_RESULT_CURL
 LIBVIRT_RESULT_DBUS
 LIBVIRT_RESULT_DLOPEN
 LIBVIRT_RESULT_FIREWALLD
+LIBVIRT_RESULT_FIREWALLD_ZONE
 LIBVIRT_RESULT_FUSE
 LIBVIRT_RESULT_GLUSTER
 LIBVIRT_RESULT_GNUTLS
@@ -1042,7 +1024,6 @@ LIBVIRT_WIN_RESULT_WINDRES
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Test suite])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([         Coverage: $enable_test_coverage])
 AC_MSG_NOTICE([        Alloc OOM: $enable_test_oom])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -381,10 +381,6 @@
          <td>storage</td>
          <td>storage</td>
        </tr>
-        <tr>
-          <td>uml</td>
-          <td>UML</td>
-        </tr>
        <tr>
          <td>vbox</td>
          <td>VBOX</td>
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -1003,6 +1003,8 @@ class CParser:
                # skip hidden macros
                if name in hidden_macros:
                    return token
+                if name[-2:] == "_H" or name[-8:] == "_H_ALLOW":
+                    return token

                strValue = None
                if len(lst) == 1 and lst[0][0] == '"' and lst[0][-1] == '"':
@@ -2115,12 +2117,22 @@ class docBuilder:
                     self.modulename_file(id.header)))
        if id.info is not None:
            info = id.info
+            valhex = ""
            if info[0] is not None and info[0] != '':
                try:
                    val = eval(info[0])
+                    valhex = hex(val)
                except:
                    val = info[0]
                output.write(" value='%s'" % (val))
+
+                if valhex != "":
+                    output.write(" value_hex='%s'" % (valhex))
+
+                m = re.match("\(?1<<(\d+)\)?", info[0])
+                if m:
+                    output.write(" value_bitshift='%s'" % (m.group(1)))
+
            if info[2] is not None and info[2] != '':
                output.write(" type='%s'" % info[2])
            if info[1] is not None and info[1] != '':
@@ -2270,7 +2282,7 @@ class docBuilder:
        output.write("    <file name='%s'>\n" % (module))
        dict = self.headers[file]
        if dict.info is not None:
-            for data in ('Summary', 'Description', 'Author'):
+            for data in ('Summary', 'Description'):
                try:
                    output.write("     <%s>%s</%s>\n" % (
                                 data.lower(),
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -30,26 +30,6 @@
      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
    </p>

-    <h2><a id="clientserver">Client/Server applications</a></h2>
-
-    <dl>
-      <dt><a href="http://archipelproject.org">Archipel</a></dt>
-      <dd>
-        Archipel is a libvirt-based solution to manage and supervise virtual
-        machines.  It uses XMPP for all communication. There is no web
-        service or custom protocol.  You just need at least one XMPP server,
-        like eJabberd, to start playing with it.  This allows Archipel to
-        work completely real time.  You never have to refresh the user
-        interface, you'll be notified as soon as something happens. You can
-        even use your favorite chat clients to command your infrastructure.
-      </dd>
-      <dd>
-        Isn't it great to be able to open a chat conversation with your
-        virtual machine and say things like "How are you today?" or "Hey,
-        please reboot"?
-      </dd>
-    </dl>
-
    <h2><a id="command">Command line tools</a></h2>

    <dl>
@@ -142,7 +122,7 @@
    <h2><a id="continuousintegration">Continuous Integration</a></h2>

    <dl>
-      <dt><a href="https://buildbot.net/buildbot/docs/current/Libvirt.html">BuildBot</a></dt>
+      <dt><a href="http://docs.buildbot.net/latest/manual/configuration/workers-libvirt.html">BuildBot</a></dt>
      <dd>
        BuildBot is a system to automate the compile/test cycle required
        by most software projects.  CVS commits trigger new builds, run on
@@ -373,12 +353,6 @@
        metrics. It supports pCPU, vCPU, memory, block device, network interface,
        and performance event metrics for each virtual guest.
      </dd>
-      <dt><a href="https://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
-      <dd>
-        The Zenoss libvirt Zenpack adds support for monitoring virtualization
-        servers.  It has been tested with KVM, QEMU, VMware ESX, and VMware
-        GSX.
-      </dd>
    </dl>

    <h2><a id="provisioning">Provisioning</a></h2>
@@ -483,17 +457,6 @@
      </dd>
    </dl>

-    <h2><a id="mobile">Mobile applications</a></h2>
-
-    <dl>
-      <dt><a href="https://market.android.com/details?id=vm.manager">VM Manager</a></dt>
-      <dd>
-        VM Manager is VM (libvirt) manager (over SSH) application. VM Manager
-        is an application for libvirt VM / Domain management over SSH.
-        Please keep in mind that this software is under heavy development.
-      </dd>
-    </dl>
-
    <h2><a id="other">Other</a></h2>

    <dl>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -184,15 +184,29 @@ Default policy will still allow any application to connect to the RO socket.
 </p>
    <p>
 The default policy can be overridden by creating a new policy file in the
-local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
-Policy files should have a unique name ending with .pkla.  Using reverse DNS
-naming works well. Information on the options available can be found by
-reading the pklocalauthority man page. The two libvirt daemon actions
-available are named <code>org.libvirt.unix.manage</code> for full management
-access, and <code>org.libvirt.unix.monitor</code> for read-only access.
-    </p>
+<code>/etc/polkit-1/rules.d</code> directory. Information on the options
+available can be found by reading the <code>polkit(8)</code> man page. The
+two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
+management access, and <code>org.libvirt.unix.monitor</code> for read-only
+access.
+</p>
    <p>
-As an example, this gives the user <code>fred</code> full management access:
+As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
+with the following gives the user <code>fred</code> full management access
+when accessing from an active local session:
+    </p>
+<pre>polkit.addRule(function(action, subject) {
+  if (action.id == "org.libvirt.unix.manage" &amp;&amp;
+      subject.local &amp;&amp; subject.active &amp;&amp; subject.user == "fred") {
+      return polkit.Result.YES;
+  }
+});</pre>
+    <p>
+Older versions of PolicyKit used policy files ending with .pkla in the
+local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
+Compatibility with this older format is provided by <a
+href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
+example, this gives the user <code>fred</code> full management access:
    </p>
 <pre>[Allow fred libvirt management permissions]
 Identity=unix-user:fred
@@ -200,10 +214,6 @@ Action=org.libvirt.unix.manage
 ResultAny=yes
 ResultInactive=yes
 ResultActive=yes</pre>
-    <p>
-Further examples of PolicyKit setup can be found on the
-<a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
-    </p>
    <h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>

    <p>
--- a/docs/devhelp/devhelp.xsl
+++ b/docs/devhelp/devhelp.xsl
@@ -72,7 +72,6 @@
 	  <xsl:if test="deprecated">
 	    <p> WARNING: this module is deprecated !</p>
 	  </xsl:if>
-	  <p>Author(s): <xsl:value-of select="author"/></p>
 	  <div class="refsynopsisdiv">
 	  <h2>Synopsis</h2>
 	  <pre class="synopsis">
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -77,6 +77,7 @@
          <a href="formatstorageencryption.html">storage encryption</a>,
          <a href="formatcaps.html">capabilities</a>,
          <a href="formatdomaincaps.html">domain capabilities</a>,
+          <a href="formatstoragecaps.html">storage pool capabilities</a>,
          <a href="formatnode.html">node devices</a>,
          <a href="formatsecret.html">secrets</a>,
          <a href="formatsnapshot.html">snapshots</a></dd>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@@ -29,7 +29,6 @@
      <li><strong><a href="drvopenvz.html">OpenVZ</a></strong></li>
      <li><strong><a href="drvqemu.html">QEMU</a></strong></li>
      <li><strong><a href="drvtest.html">Test</a></strong> - Used for testing</li>
-      <li><strong><a href="drvuml.html">UML</a></strong> - User Mode Linux</li>
      <li><strong><a href="drvvbox.html">VirtualBox</a></strong></li>
      <li><strong><a href="drvesx.html">VMware ESX</a></strong></li>
      <li><strong><a href="drvvmware.html">VMware Workstation/Player</a></strong></li>
--- a/docs/drvbhyve.html.in
+++ b/docs/drvbhyve.html.in
@@ -462,5 +462,32 @@ Example:</p>
 &lt;/domain&gt;
 </pre>

+<h3><a id="bhyvecommand">Pass-through of arbitrary bhyve commands</a></h3>
+
+<p><span class="since">Since 5.1.0</span>, it's possible to pass additional command-line
+arguments to the bhyve process when starting the domain using the
+<code>&lt;bhyve:commandline&gt;</code> element under <code>domain</code>.
+To supply an argument, use the element <code>&lt;bhyve:arg&gt;</code> with
+the attribute <code>value</code> set to additional argument to be added.
+The arg element may be repeated multiple times. To use this XML addition, it is necessary
+to issue an XML namespace request (the special <code>xmlns:<i>name</i></code> attribute)
+that pulls in <code>http://libvirt.org/schemas/domain/bhyve/1.0</code>;
+typically, the namespace is given the name of <code>bhyve</code>.
+</p>
+<p>Example:</p>
+<pre>
+&lt;domain type="bhyve" xmlns:bhyve="http://libvirt.org/schemas/domain/bhyve/1.0"&gt;
+  ...
+  &lt;bhyve:commandline&gt;
+    &lt;bhyve:arg value='-somebhyvearg'/&gt;
+  &lt;/bhyve:commandline&gt;
+&lt;/domain&gt;
+</pre>
+
+<p>Note that these extensions are for testing and development purposes only.
+They are <b>unsupported</b>, using them may result in inconsistent state,
+and upgrading either bhyve or libvirtd maybe break behavior of a domain that
+was relying on a specific commands pass-through.</p>
+
  </body>
 </html>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -395,9 +395,8 @@ chmod o+x /path/to/directory
 <pre>
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
-/dev/ptmx, /dev/kvm, /dev/kqemu,
-/dev/rtc, /dev/hpet, /dev/net/tun,
-/dev/sev
+/dev/ptmx, /dev/kvm,
+/dev/rtc, /dev/hpet
 </pre>

    <p>
--- a/docs/drvuml.html.in
+++ b/docs/drvuml.html.in
@@ -1,93 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>User Mode Linux driver</h1>
-
-    <p>
-    The UML driver for libvirt allows use and management of paravirtualized
-    guests built for User Mode Linux. UML requires no special support in
-    the host kernel, so can be used by any user of any linux system, provided
-    they have enough free RAM for their guest's needs, though there are
-    certain restrictions on network connectivity unless the administrator
-    has pre-created TAP devices.
-    </p>
-
-    <h2><a id="project">Project Links</a></h2>
-
-    <ul>
-      <li>
-        The <a href="http://user-mode-linux.sourceforge.net/">User
-        Mode Linux</a> paravirtualized kernel
-      </li>
-    </ul>
-
-    <h2>Connections to UML driver</h2>
-
-    <p>
-    The libvirt UML driver follows the QEMU driver in providing two
-    types of connection. There is one privileged instance per host,
-    which runs as root. This is called the "system" instance, and allows
-    full use of all host resources. Then, there is a per-user unprivileged
-    "session", instance. This has more restricted capabilities, and may
-    require the host administrator to setup certain resources ahead of
-    time to allow full integration with the network. Example connection
-    URIs are
-    </p>
-
-<pre>
-uml:///session                       (local access to per-user instance)
-uml+unix:///session                  (local access to per-user instance)
-
-uml:///system                        (local access to system instance)
-uml+unix:///system                   (local access to system instance)
-uml://example.com/system             (remote access, TLS/x509)
-uml+tcp://example.com/system         (remote access, SASl/Kerberos)
-uml+ssh://root@example.com/system    (remote access, SSH tunnelled)
-</pre>
-
-    <h2>Example XML configuration</h2>
-
-    <p>
-      User mode Linux driver only supports directly kernel boot at
-      this time. A future driver enhancement may allow a paravirt
-      bootloader in a similar style to Xen's pygrub. For now though,
-      the UML kernel must be stored on the host and referenced
-      explicitly in the "os" element. Since UML is a paravirtualized
-      technology, the kernel "type" is set to "uml"
-    </p>
-
-    <p>
-      There is not yet support for networking in the driver, but
-      disks can be specified in the usual libvirt manner. The main
-      variation is the target device naming scheme "ubd0", and
-      bus type of "uml".
-    </p>
-
-    <p>
-      Once booted the primary console is connected to a PTY, and
-      thus accessible with "virsh console" or equivalent tools
-    </p>
-
-<pre>
-&lt;domain type='uml'&gt;
-  &lt;name&gt;demo&lt;/name&gt;
-  &lt;uuid&gt;b4433fc2-a22e-ffb3-0a3d-9c173b395800&lt;/uuid&gt;
-  &lt;memory&gt;500000&lt;/memory&gt;
-  &lt;currentMemory&gt;500000&lt;/currentMemory&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;uml&lt;/type&gt;
-    &lt;kernel&gt;/home/berrange/linux-uml-2.6.26-x86_64&lt;/kernel&gt;
-  &lt;/os&gt;
-  &lt;devices&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;source file='/home/berrange/FedoraCore6-AMD64-root_fs'/&gt;
-      &lt;target dev='ubd0' bus='uml'/&gt;
-    &lt;/disk&gt;
-    &lt;console type='pty'/&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>
-  </body>
-</html>
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -129,6 +129,44 @@ MASQUERADE all  --  *      *       192.168.122.0/24    !192.168.122.0/24</pre>
      </li>
    </ul>

+    <h3><a id="fw-firewalld-and-virtual-network-driver">firewalld and the virtual network driver</a>
+    </h3>
+    <p>
+      If <a href="https://firewalld.org">firewalld</a> is active on
+      the host, libvirt will attempt to place the bridge interface of
+      a libvirt virtual network into the firewalld zone named
+      "libvirt" (thus making all guest->host traffic on that network
+      subject to the rules of the "libvirt" zone). This is done
+      because, if firewalld is using its nftables backend (available
+      since firewalld 0.6.0) the default firewalld zone (which would
+      be used if libvirt didn't explicitly set the zone) prevents
+      forwarding traffic from guests through the bridge, as well as
+      preventing DHCP, DNS, and most other traffic from guests to
+      host. The zone named "libvirt" is installed into the firewalld
+      configuration by libvirt (not by firewalld), and allows
+      forwarded traffic through the bridge as well as DHCP, DNS, TFTP,
+      and SSH traffic to the host - depending on firewalld's backend
+      this will be implemented via either iptables or nftables
+      rules. libvirt's own rules outlined above will *always* be
+      iptables rules regardless of which backend is in use by
+      firewalld.
+    </p>
+    <p>
+      NB: It is possible to manually set the firewalld zone for a
+      network's interface with the "zone" attribute of the network's
+      "bridge" element.
+    </p>
+    <p>
+      NB: Prior to libvirt 5.1.0, the firewalld "libvirt" zone did not
+      exist, and prior to firewalld 0.7.0 a feature crucial to making
+      the "libvirt" zone operate properly (rich rule priority
+      settings) was not implemented in firewalld. In cases where one
+      or the other of the two packages is missing the necessary
+      functionality, it's still possible to have functional guest
+      networking by setting the firewalld backend to "iptables" (in
+      firewalld prior to 0.6.0, this was the only backend available).
+    </p>
+
    <h3><a id="fw-network-filter-driver">The network filter driver</a>
    </h3>
    <p>This driver provides a fully configurable network filtering capability
--- a/docs/format.html.in
+++ b/docs/format.html.in
@@ -21,6 +21,7 @@
      <li><a href="formatstorageencryption.html">Storage encryption</a></li>
      <li><a href="formatcaps.html">Capabilities</a></li>
      <li><a href="formatdomaincaps.html">Domain capabilities</a></li>
+      <li><a href="formatstoragecaps.html">Storage Pool capabilities</a></li>
      <li><a href="formatnode.html">Node devices</a></li>
      <li><a href="formatsecret.html">Secrets</a></li>
      <li><a href="formatsnapshot.html">Snapshots</a></li>
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@@ -87,9 +87,6 @@

          <dt><code>exe</code></dt>
          <dd>Container based virtualization</dd>
-
-          <dt><code>uml</code></dt>
-          <dd>User Mode Linux</dd>
        </dl>
        </dd>

--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -22,7 +22,7 @@
      <a id="attributeDomainType"><code>type</code></a>
      specifies the hypervisor used for running
      the domain. The allowed values are driver specific, but
-      include "xen", "kvm", "qemu", "lxc" and "kqemu". The
+      include "xen", "kvm", "qemu" and "lxc". The
      second attribute is <code>id</code> which is a unique
      integer identifier for the running guest machine. Inactive
      machines have no id value.
@@ -128,7 +128,7 @@

 <pre>
 ...
-&lt;os&gt;
+&lt;os firmware='uefi'&gt;
  &lt;type&gt;hvm&lt;/type&gt;
  &lt;loader readonly='yes' secure='no' type='rom'&gt;/usr/lib/xen/boot/hvmloader&lt;/loader&gt;
  &lt;nvram template='/usr/share/OVMF/OVMF_VARS.fd'&gt;/var/lib/libvirt/nvram/guest_VARS.fd&lt;/nvram&gt;
@@ -141,6 +141,26 @@
 ...</pre>

    <dl>
+      <dt><code>firmware</code></dt>
+      <dd>The <code>firmware</code> attribute allows management
+        applications to automatically fill <code>&lt;loader/&gt;</code>
+        and <code>&lt;nvram/&gt;</code> elements and possibly enable
+        some features required by selected firmware. Accepted values are
+        <code>bios</code> and <code>efi</code>.<br/>
+        The selection process scans for files describing installed
+        firmware images in specified location and uses the most specific
+        one which fulfils domain requirements. The locations in order of
+        preference (from generic to most specific one) are:
+        <ul>
+          <li><code>/usr/share/qemu/firmware</code></li>
+          <li><code>/etc/qemu/firmware</code></li>
+          <li><code>$XDG_CONFIG_HOME/qemu/firmware</code></li>
+        </ul>
+        For more information refer to firmware metadata specification as
+        described in <code>docs/interop/firmware.json</code> in QEMU
+        repository. Regular users do not need to bother.
+        <span class="since">Since 5.2.0 (QEMU and KVM only)</span>
+      </dd>
      <dt><code>type</code></dt>
      <dd>The content of the <code>type</code> element specifies the
        type of operating system to be booted in the virtual machine.
@@ -1243,9 +1263,9 @@
        <a href="#elementsMemoryBacking">memory backing</a> because your
        workload demands it, you'll have to take into account the specifics of
        your deployment and figure out a value for <code>hard_limit</code> that
-        balances the risk of your guest being killed because the limit was set
-        too low and the risk of your host crashing because it cannot reclaim
-        the memory used by the guest due to <code>locked</code>. Good luck!</dd>
+        is large enough to support the memory requirements of your guest, but
+        small enough to protect your host against a malicious guest locking all
+        memory.</dd>
      <dt><code>soft_limit</code></dt>
      <dd> The optional <code>soft_limit</code> element is the memory limit to
        enforce during memory contention. The units for this value are
@@ -2010,6 +2030,7 @@
    &lt;tlbflush state='on'/&gt;
    &lt;ipi state='on'/&gt;
    &lt;evmcs state='on'/&gt;
+    &lt;msrs unknown='ignore'/&gt;
  &lt;/hyperv&gt;
  &lt;kvm&gt;
    &lt;hidden state='on'/&gt;
@@ -2307,6 +2328,15 @@
          defined, the hypervisor default will be used.
          <span class="since">Since 4.10.0</span> (QEMU/KVM only)
      </dd>
+      <dt><code>msrs</code></dt>
+      <dd>Some guests might require ignoring unknown
+          Model Specific Registers (MSRs) reads and writes. It's possible
+          to switch this by setting <code>unknown</code> attribute
+          of <code>msrs</code> to <code>ignore</code>. If the attribute is
+          not defined, or set to <code>fault</code>, unknown reads and writes
+          will not be ignored.
+          <span class="since">Since 5.1.0</span> (bhyve only)
+      </dd>
    </dl>

    <h3><a id="elementsTime">Time keeping</a></h3>
@@ -2922,6 +2952,17 @@
            <span class="since">Since 0.1.4</span>
            </p>
            </dd>
+          <dt><code>model</code></dt>
+            <dd>
+            Indicates the emulated device model of the disk. Typically
+            this is indicated solely by the <code>bus</code> property but
+            for <code>bus</code> "virtio" the model can be specified further
+            with "virtio-transitional", "virtio-non-transitional", or
+            "virtio". See
+            <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+            for more details.
+            <span class="since">Since 5.2.0</span>
+            </dd>
          <dt><code>rawio</code></dt>
            <dd>
            Indicates whether the disk needs rawio capability. Valid
@@ -3870,6 +3911,11 @@
        </dd>
        </dl>

+      <span class="since">Since 5.2.0</span>, the filesystem element
+      has an optional attribute <code>model</code> with supported values
+      "virtio-transitional", "virtio-non-transitional", or "virtio".
+      See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+      for more details.
      </dd>

      <dt><code>driver</code></dt>
@@ -4074,6 +4120,63 @@
      <span class="since">Since 3.5.0</span>
    </p>

+    <h4><a id="elementsVirtioTransitional">Virtio transitional devices</a></h4>
+
+    <p>
+      <span class="since">Since 5.2.0</span>, some of QEMU's virtio devices,
+      when used with PCI/PCIe machine types, accept the following
+      <code>model</code> values:
+    </p>
+
+    <dl>
+      <dt><code>virtio-transitional</code></dt>
+      <dd>This device can work both with virtio 0.9 and virtio 1.0 guest
+      drivers, so it's the best choice when compatibility with older
+      guest operating systems is desired. libvirt will plug the device
+      into a conventional PCI slot.
+      </dd>
+      <dt><code>virtio-non-transitional</code></dt>
+      <dd>This device can only work with virtio 1.0 guest drivers, and it's
+      the recommended option unless compatibility with older guest
+      operating systems is necessary. libvirt will plug the device into
+      either a PCI Express slot or a conventional PCI slot based on the
+      machine type, resulting in a more optimized PCI topology.
+      </dd>
+      <dt><code>virtio</code></dt>
+      <dd>This device will work like a <code>virtio-non-transitional</code>
+      device when plugged into a PCI Express slot, and like a
+      <code>virtio-transitional</code> device otherwise; libvirt will
+      pick one or the other based on the machine type. This is the best
+      choice when compatibility with libvirt versions older than 5.2.0
+      is necessary, but it's otherwise not recommended to use it.
+      </dd>
+    </dl>
+
+    <p>
+      While the information outlined above applies to most virtio devices,
+      there are a few exceptions:
+    </p>
+
+    <ul>
+      <li>
+        for SCSI controllers, <code>virtio-scsi</code> must be used instead
+        of <code>virtio</code> for backwards compatibility reasons;
+      </li>
+      <li>
+        some devices, such as GPUs and input devices (keyboard, tablet and
+        mouse), are only defined in the virtio 1.0 spec and as such don't
+        have a transitional variant: the only accepted model is
+        <code>virtio</code>, which will result in a non-transitional device.
+      </li>
+    </ul>
+
+    <p>
+      For more details see the
+      <a href="https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00923.html">qemu patch posting</a> and the
+      <a href="http://docs.oasis-open.org/virtio/virtio/v1.0/virtio-v1.0.html">virtio-1.0 spec</a>.
+    </p>
+
+
    <h4><a id="elementsControllers">Controllers</a></h4>

    <p>
@@ -4098,6 +4201,7 @@
    &lt;driver iothread='4'/&gt;
    &lt;address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/&gt;
  &lt;/controller&gt;
+  &lt;controller type='xenbus' maxGrantFrames='64'/&gt;
  ...
 &lt;/devices&gt;
 ...</pre>
@@ -4121,12 +4225,20 @@
        <dd>The <code>virtio-serial</code> controller has two additional
        optional attributes <code>ports</code> and <code>vectors</code>,
        which control how many devices can be connected through the
-        controller.</dd>
+        controller. <span class="since">Since 5.2.0</span>, it
+        supports an optional attribute <code>model</code> which can
+        be 'virtio', 'virtio-transitional', or 'virtio-non-transitional'. See
+        <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+        for more details.
+        </dd>
        <dt><code>scsi</code></dt>
        <dd>A <code>scsi</code> controller has an optional attribute
        <code>model</code>, which is one of 'auto', 'buslogic', 'ibmvscsi',
-        'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi' or
-        'vmpvscsi'.</dd>
+        'lsilogic', 'lsisas1068', 'lsisas1078', 'virtio-scsi',
+        'vmpvscsi', 'virtio-transitional', 'virtio-non-transitional'. See
+        <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+        for more details.
+        </dd>
        <dt><code>usb</code></dt>
        <dd>A <code>usb</code> controller has an optional attribute
        <code>model</code>, which is one of "piix3-uhci", "piix4-uhci",
@@ -4145,6 +4257,11 @@
        <dd><span class="since">Since 3.10.0</span> for the vbox driver, the
        <code>ide</code> controller has an optional attribute
        <code>model</code>, which is one of "piix3", "piix4" or "ich6".</dd>
+        <dt><code>xenbus</code></dt>
+        <dd><span class="since">Since 5.2.0</span>, the <code>xenbus</code>
+        controller has an optional attribute <code>maxGrantFrames</code>,
+        which specifies the maximum number of grant frames the controller
+        makes available for connected devices.</dd>
      </dl>

    <p>
@@ -4670,7 +4787,12 @@
          <dd><span class="since">since 2.5.0</span>For SCSI devices, user
            is responsible to make sure the device is not used by host. This
            <code>type</code> passes all LUNs presented by a single HBA to
-            the guest.
+            the guest. <span class="since">Since 5.2.0,</span> the
+            <code>model</code> attribute can be specified further
+            with "virtio-transitional", "virtio-non-transitional", or
+            "virtio". See
+            <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+            for more details.
          </dd>
          <dt><code>mdev</code></dt>
          <dd>For mediated devices (<span class="since">Since 3.2.0</span>)
@@ -5704,7 +5826,11 @@ qemu-kvm -net nic,model=? /dev/null

    <p>
      Typical values for QEMU and KVM include:
-      ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio
+      ne2k_isa i82551 i82557b i82559er ne2k_pci pcnet rtl8139 e1000 virtio.
+      <span class="since">Since 5.2.0</span>, <code>virtio-transitional</code>
+      and <code>virtio-non-transitional</code> values are supported.
+      See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+      for more details.
    </p>

    <h5><a id="elementsDriverBackendOptions">Setting NIC driver-specific options</a></h5>
@@ -6414,6 +6540,12 @@ qemu-kvm -net nic,model=? /dev/null
      For type <code>passthrough</code>, the mandatory sub-element <code>source</code>
      must have an <code>evdev</code> attribute containing the absolute path to the
      event device passed through to guests. (KVM only)
+
+      <span class="since">Since 5.2.0</span>, the <code>input</code> element
+      accepts a <code>model</code> attribute which has the values 'virtio',
+      'virtio-transitional' and 'virtio-non-transitional'. See
+      <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+      for more details.
    </p>

    <p>
@@ -6704,12 +6836,17 @@ qemu-kvm -net nic,model=? /dev/null
              the other types, for practical reasons it should be paired with
              either <code>vnc</code> or <code>spice</code> graphics types.
              This display type is only supported by QEMU domains
-              (needs QEMU <span class="since">2.10</span> or newer) and doesn't
-              accept any attributes.
+              (needs QEMU <span class="since">2.10</span> or newer).
+              <span class="Since">5.0.0</span> this element accepts a
+              <code>&lt;gl/&gt;</code> sub-element with an optional attribute
+              <code>rendernode</code> which can be used to specify an absolute
+              path to a host's DRI device to be used for OpenGL rendering.
            </p>
            <pre>
 &lt;graphics type='spice' autoport='yes'/&gt;
-&lt;graphics type='egl-headless'/&gt;
+&lt;graphics type='egl-headless'&gt;
+  &lt;gl rendernode='/dev/dri/renderD128'/&gt;
+&lt;/graphics&gt;
            </pre>
          </dd>
        </dl>
@@ -7156,9 +7293,9 @@ qemu-kvm -net nic,model=? /dev/null
      Valid values for the <code>type</code> attribute are:
      <code>serial</code> (described below);
      <code>virtio</code> (usable whenever VirtIO support is available);
-      <code>xen</code>, <code>lxc</code>, <code>uml</code> and
-      <code>openvz</code> (available when the corresponding hypervisor is in
-      use). <code>sclp</code> and <code>sclplm</code> (usable for s390 and
+      <code>xen</code>, <code>lxc</code> and <code>openvz</code>
+      (available when the corresponding hypervisor is in use).
+      <code>sclp</code> and <code>sclplm</code> (usable for s390 and
      s390x QEMU guests) are supported for compatibility reasons but should
      not be used for new guests: use the <code>sclpconsole</code> and
      <code>sclplmconsole</code> target models, respectively, with the
@@ -7880,8 +8017,12 @@ qemu-kvm -net nic,model=? /dev/null
        </p>
        <ul>
          <li>'virtio' - default with QEMU/KVM</li>
+          <li>'virtio-transitional' <span class="since">Since 5.2.0</span></li>
+          <li>'virtio-non-transitional' <span class="since">Since 5.2.0</span></li>
          <li>'xen' - default with Xen</li>
        </ul>
+        See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+        for more details.
      </dd>
      <dt><code>autodeflate</code></dt>
      <dd>
@@ -7953,7 +8094,11 @@ qemu-kvm -net nic,model=? /dev/null
        </p>
        <ul>
          <li>'virtio' - supported by qemu and virtio-rng kernel module</li>
+          <li>'virtio-transitional' <span class='since'>Since 5.2.0</span></li>
+          <li>'virtio-non-transitional' <span class='since'>Since 5.2.0</span></li>
        </ul>
+        See <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+        for more details.
      </dd>
      <dt><code>rate</code></dt>
      <dd>
@@ -8317,6 +8462,21 @@ qemu-kvm -net nic,model=? /dev/null
  &lt;memory model='nvdimm'&gt;
    &lt;source&gt;
      &lt;path&gt;/tmp/nvdimm&lt;/path&gt;
+      &lt;alignsize unit='KiB'&gt;2048&lt;/alignsize&gt;
+    &lt;/source&gt;
+    &lt;target&gt;
+      &lt;size unit='KiB'&gt;524288&lt;/size&gt;
+      &lt;node&gt;1&lt;/node&gt;
+      &lt;label&gt;
+        &lt;size unit='KiB'&gt;128&lt;/size&gt;
+      &lt;/label&gt;
+      &lt;readonly/&gt;
+    &lt;/target&gt;
+  &lt;/memory&gt;
+  &lt;memory model='nvdimm'&gt;
+    &lt;source&gt;
+      &lt;path&gt;/dev/dax0.0&lt;/path&gt;
+      &lt;pmem/&gt;
    &lt;/source&gt;
    &lt;target&gt;
      &lt;size unit='KiB'&gt;524288&lt;/size&gt;
@@ -8398,10 +8558,36 @@ qemu-kvm -net nic,model=? /dev/null
        </dl>

        <p>
-          For model <code>nvdimm</code> this element is mandatory and has a
-          single child element <code>path</code> that represents a path
-          in the host that backs the nvdimm module in the guest.
+          For model <code>nvdimm</code> this element is mandatory. The
+          mandatory child element <code>path</code> represents a path in
+          the host that backs the nvdimm module in the guest. The following
+          optional elements may be used:
        </p>
+
+        <dl>
+          <dt><code>alignsize</code></dt>
+          <dd>
+            <p>
+              The <code>alignsize</code> element defines the page size
+              alignment used to mmap the address range for the backend
+              <code>path</code>. If not supplied the host page size is used.
+              For example, to mmap a real NVDIMM device a 2M-aligned page may
+              be required.
+              <span class="since">Since 5.0.0</span>
+            </p>
+          </dd>
+
+          <dt><code>pmem</code></dt>
+          <dd>
+            <p>
+              If persistent memory is supported and enabled by the hypervisor
+              in order to guarantee the persistence of writes to the vNVDIMM
+              backend, then use the <code>pmem</code> element in order to
+              utilize the feature.
+              <span class="since">Since 5.0.0</span>
+            </p>
+          </dd>
+        </dl>
      </dd>

      <dt><code>target</code></dt>
@@ -8420,19 +8606,39 @@ qemu-kvm -net nic,model=? /dev/null
          NUMA nodes configured.
        </p>
        <p>
-          For NVDIMM type devices one can optionally use
-          <code>label</code> and its subelement <code>size</code>
-          to configure the size of namespaces label storage
-          within the NVDIMM module. The <code>size</code> element
-          has usual meaning described
-          <a href="#elementsMemoryAllocation">here</a>.
-          For QEMU domains the following restrictions apply:
+          The following optional elements may be used:
        </p>
-        <ol>
-          <li>the minimum label size is 128KiB,</li>
-          <li>the remaining size (total-size - label-size) has to be aligned to
-            4KiB</li>
-        </ol>
+
+        <dl>
+          <dt><code>label</code></dt>
+          <dd>
+            <p>
+              For NVDIMM type devices one can optionally use
+              <code>label</code> and its subelement <code>size</code>
+              to configure the size of namespaces label storage
+              within the NVDIMM module. The <code>size</code> element
+              has usual meaning described
+              <a href="#elementsMemoryAllocation">here</a>.
+              For QEMU domains the following restrictions apply:
+            </p>
+            <ol>
+              <li>the minimum label size is 128KiB,</li>
+              <li>the remaining size (total-size - label-size) will be aligned
+                to 4KiB as default.</li>
+            </ol>
+          </dd>
+
+          <dt><code>readonly</code></dt>
+          <dd>
+            <p>
+              The <code>readonly</code> element is used to mark the vNVDIMM
+              as read-only. Only the real NVDIMM device backend can guarantee
+              the guest write persistence, so other backend types should use
+              the <code>readonly</code> element.
+              <span class="since">Since 5.0.0</span>
+            </p>
+          </dd>
+        </dl>
      </dd>
    </dl>

@@ -8519,7 +8725,11 @@ qemu-kvm -net nic,model=? /dev/null
    <h3><a id="vsock">Vsock</a></h3>

    <p>A vsock host/guest interface. The <code>model</code> attribute
-    defaults to <code>virtio</code>.
+    defaults to <code>virtio</code>. <span class="since">Since 5.2.0</span>
+    <code>model</code> can also be 'virtio-transitional' and
+    'virtio-non-transitional', see
+    <a href="#elementsVirtioTransitional">Virtio transitional devices</a>
+    for more details.
    The optional attribute <code>address</code> of the <code>cid</code>
    element specifies the CID assigned to the guest. If the attribute
    <code>auto</code> is set to <code>yes</code>, libvirt
@@ -8719,8 +8929,8 @@ qemu-kvm -net nic,model=? /dev/null
       different entity using a different key the encrypted guests data will
       be incorrectly decrypted, leading to unintelligible data.

-       For more information see various input parameters and its format see the SEV API spec
-       <a href="https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf"> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf </a>
+       For more information see various input parameters and its format see the
+       <a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">SEV API spec</a>
       <span class="since">Since 4.4.0</span>
       </p>
    <pre>
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -37,6 +37,17 @@
    management application to choose an appropriate mode for a pass-through
    host device as well as which adapter to utilize.</p>

+    <p>Some XML elements may be entirely omitted from the domaincapabilities
+    XML, depending on what the libvirt driver has filled in. Applications
+    should only act on what is explicitly reported in the domaincapabilities
+    XML. For example, if &lt;disk supported='yes'/&gt; is present, you can safely
+    assume the driver supports &lt;disk&gt; devices. If &lt;disk supported='no'/&gt; is
+    present, you can safely assume the driver does NOT support &lt;disk&gt;
+    devices. If the &lt;disk&gt; block is omitted entirely, the driver is not
+    indicating one way or the other whether it supports &lt;disk&gt; devices, and
+    applications should not interpret the missing block to mean any thing in
+    particular.</p>
+
    <h2><a id="elements">Element and attribute overview</a></h2>

    <p> A new query interface was added to the virConnect API's to retrieve the
@@ -278,7 +289,6 @@
        &lt;value&gt;virtio&lt;/value&gt;
        &lt;value&gt;xen&lt;/value&gt;
        &lt;value&gt;usb&lt;/value&gt;
-        &lt;value&gt;uml&lt;/value&gt;
        &lt;value&gt;sata&lt;/value&gt;
        &lt;value&gt;sd&lt;/value&gt;
      &lt;/enum&gt;
@@ -482,7 +492,7 @@

    <p>
    For more details on SEV feature see:
-      <a href="https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf">
+      <a href="https://support.amd.com/TechDocs/55766_SEV-KM_API_Specification.pdf">
        SEV API spec</a> and <a href="http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf">
        SEV White Paper</a>
    </p>
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -107,13 +107,13 @@
        may also be connected to the LAN. When defining
        a new network with a <code>&lt;forward&gt;</code> mode of

-        "nat" or "route" (or an isolated network with
+        "nat", "route", or "open" (or an isolated network with
        no <code>&lt;forward&gt;</code> element), libvirt will
        automatically generate a unique name for the bridge device if
        none is given, and this name will be permanently stored in the
        network configuration so that that the same name will be used
        every time the network is started. For these types of networks
-        (nat, routed, and isolated), a bridge name beginning with the
+        (nat, route, open, and isolated), a bridge name beginning with the
        prefix "virbr" is recommended (and that is what is
        auto-generated), but not enforced.
        Attribute <code>stp</code> specifies if Spanning Tree Protocol
@@ -152,6 +152,23 @@
          <span class="since">Since 1.2.11, requires kernel 3.17 or
          newer</span>
        </p>
+
+        <p>
+          The optional <code>zone</code> attribute of
+          the <code>bridge</code> element is used to specify
+          the <a href="https://firewalld.org">firewalld</a>
+          zone for the bridge of a network with <code>forward</code>
+          mode of "nat", "route", "open", or one with
+          no <code>forward</code> specified. By default, the bridges
+          of all virtual networks with these forward modes are placed
+          in the firewalld zone named "libvirt", which permits
+          incoming DNS, DHCP, TFTP, and SSH to the host from guests on
+          the network. This behavior can be changed either by
+          modifying the libvirt zone (using firewalld management
+          tools), or by placing the network in a different zone (which
+          will also be managed using firewalld tools).
+          <span class="since">Since 5.1.0</span>
+        </p>
      </dd>

      <dt><code>mtu</code></dt>
--- a/docs/formatnode.html.in
+++ b/docs/formatnode.html.in
@@ -70,6 +70,10 @@
          <dd>Describes a device on the host's PCI bus.  Sub-elements
            include:
            <dl>
+              <dt><code>class</code></dt>
+              <dd>Optional element for combined class, subclass and
+                programming interface codes as 6-digit hexadecimal number.
+                <span class="since">Since 5.2.0</span></dd>
              <dt><code>domain</code></dt>
              <dd>Which domain the device belongs to.</dd>
              <dt><code>bus</code></dt>
@@ -381,6 +385,7 @@
    &lt;name&gt;igb&lt;/name&gt;
  &lt;/driver&gt;
  &lt;capability type='pci'&gt;
+    &lt;class&gt;0x020000&lt;/class&gt;
    &lt;domain&gt;0&lt;/domain&gt;
    &lt;bus&gt;2&lt;/bus&gt;
    &lt;slot&gt;0&lt;/slot&gt;
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -2265,7 +2265,7 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     to the incoming and outgoing direction. All this is related to the ftp
     data traffic originating from TCP port 20 of the VM. This then leads to
     the following solution
-     <span class="since">(since 0.8.5 (QEMU, KVM, UML))</span>:
+     <span class="since">(since 0.8.5 (QEMU, KVM))</span>:
    </p>
 <pre>
 &lt;filter name='test-eth0'&gt;
--- a/docs/formatsnapshot.html.in
+++ b/docs/formatsnapshot.html.in
@@ -33,7 +33,7 @@
        resume in a consistent state; but if the disks are modified
        externally in the meantime, this is likely to lead to data
        corruption.</dd>
-      <dt>system checkpoint</dt>
+      <dt>full system</dt>
      <dd>A combination of disk snapshots for all disks as well as VM
        memory state, which can be used to resume the guest from where it
        left off with symptoms similar to hibernation (that is, TCP
@@ -55,11 +55,12 @@
      as <code>virDomainSaveImageGetXMLDesc()</code> to work with
      those files.
    </p>
-    <p>System checkpoints are created
-      by <code>virDomainSnapshotCreateXML()</code> with no flags, and
+    <p>Full system snapshots are created
+      by <code>virDomainSnapshotCreateXML()</code> with no flags, while
      disk snapshots are created by the same function with
-      the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code> flag; in
-      both cases, they are restored by
+      the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code>
+      flag. Regardless of the flags provided, restoration of the
+      snapshot is handled by
      the <code>virDomainRevertToSnapshot()</code> function.  For
      these types of snapshots, libvirt tracks each snapshot as a
      separate <code>virDomainSnapshotPtr</code> object, and maintains
@@ -78,7 +79,8 @@
      redefining a snapshot (<span class="since">since 0.9.5</span>),
      with the <code>VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE</code> flag
      of <code>virDomainSnapshotCreateXML()</code>, all of the XML
-      described here is relevant.
+      described here is relevant on input, even the fields that are
+      normally described as readonly for output.
    </p>
    <p>
      Snapshots are maintained in a hierarchy.  A domain can have a
@@ -97,16 +99,14 @@
    </p>
    <dl>
      <dt><code>name</code></dt>
-      <dd>The name for this snapshot.  If the name is specified when
-        initially creating the snapshot, then the snapshot will have
-        that particular name.  If the name is omitted when initially
-        creating the snapshot, then libvirt will make up a name for
-        the snapshot, based on the time when it was created.
+      <dd>The optional name for this snapshot.  If the name is
+        omitted, libvirt will create a name based on the time of the
+        creation.
      </dd>
      <dt><code>description</code></dt>
-      <dd>A human-readable description of the snapshot.  If the
-        description is omitted when initially creating the snapshot,
-        then this field will be empty.
+      <dd>An optional human-readable description of the snapshot.  If
+        the description is omitted when initially creating the
+        snapshot, then this field will be empty.
      </dd>
      <dt><code>memory</code></dt>
      <dd>On input, this is an optional request for how to handle VM
@@ -128,13 +128,10 @@
        what file name is created in an external snapshot.  On output,
        this is fully populated to show the state of each disk in the
        snapshot, including any properties that were generated by the
-        hypervisor defaults.  For system checkpoints, this field is
-        ignored on input and omitted on output (a system checkpoint
-        implies that all disks participate in the snapshot process,
-        and since the current implementation only does internal system
-        checkpoints, there are no extra details to add); a future
-        release may allow the use of <code>disks</code> with a system
-        checkpoint.  This element has a list of <code>disk</code>
+        hypervisor defaults.  For full system snapshots, this field is
+        ignored on input and omitted on output (a full system snapshot
+        implies that all disks participate in the snapshot process).
+        This element has a list of <code>disk</code>
        sub-elements, describing anywhere from zero to all of the
        disks associated with the domain.  <span class="since">Since
        0.9.5</span>
@@ -201,45 +198,52 @@
        </dl>
      </dd>
      <dt><code>creationTime</code></dt>
-      <dd>The time this snapshot was created.  The time is specified
-        in seconds since the Epoch, UTC (i.e. Unix time).  Readonly.
+      <dd>A readonly representation of the time this snapshot was
+        created.  The time is specified in seconds since the Epoch,
+        UTC (i.e. Unix time).
      </dd>
      <dt><code>state</code></dt>
-      <dd>The state of the domain at the time this snapshot was taken.
-        If the snapshot was created as a system checkpoint, then this
-        is the state of the domain at that time; when the domain is
-        reverted to this snapshot, the domain's state will default to
-        whatever is in this field unless additional flags are passed
-        to <code>virDomainRevertToSnapshot()</code>.  Additionally,
-        this field can be the value "disk-snapshot"
-        (<span class="since">since 0.9.5</span>) when it represents
-        only a disk snapshot (no VM memory state), and reverting to this
-        snapshot will default to an inactive guest.  Readonly.
+      <dd>A readonly representation of the state of the domain at the
+        time this snapshot was taken.  If a full system snapshot was
+        created, then this is the state of the domain at that
+        time. When the domain is reverted to this snapshot, the
+        domain's state will default to this state, unless overridden
+        by <code>virDomainRevertToSnapshot()</code> flags to revert to
+        a running or paused state. Additionally, this field can be the
+        value "disk-snapshot" (<span class="since">since 0.9.5</span>)
+        when it represents only a disk snapshot (no VM memory state),
+        and reverting to this snapshot will default to an inactive
+        guest.
      </dd>
      <dt><code>parent</code></dt>
-      <dd>The parent of this snapshot.  If present, this element
-        contains exactly one child element, name.  This specifies the
-        name of the parent snapshot of this snapshot, and is used to
-        represent trees of snapshots.  Readonly.
+      <dd>An optional readonly representation of the parent of this
+        snapshot.  If present, this element contains exactly one child
+        element, <code>name</code>.  This specifies the name of the
+        parent snapshot of this snapshot, and is used to represent
+        trees of snapshots.
      </dd>
      <dt><code>domain</code></dt>
-      <dd>The domain that this snapshot was taken against.  Older
-        versions of libvirt stored only a single child element, uuid;
-        reverting to a snapshot like this is risky if the current
-        state of the domain differs from the state that the domain was
-        created in, and requires the use of the
-        <code>VIR_DOMAIN_SNAPSHOT_REVERT_FORCE</code> flag
+      <dd>A readonly representation of the domain that this snapshot
+        was taken against.  Older versions of libvirt stored only a
+        single child element, uuid; reverting to a snapshot like this
+        is risky if the current state of the domain differs from the
+        state that the domain was created in, and requires the use of
+        the <code>VIR_DOMAIN_SNAPSHOT_REVERT_FORCE</code> flag
        in <code>virDomainRevertToSnapshot()</code>.  Newer versions
-        of libvirt (<span class="since">since 0.9.5</span>) store the entire
-        inactive <a href="formatdomain.html">domain configuration</a>
-        at the time of the snapshot (<span class="since">since
-        0.9.5</span>).  Readonly.
+        of libvirt (<span class="since">since 0.9.5</span>) store the
+        entire inactive <a href="formatdomain.html">domain
+        configuration</a> at the time of the snapshot
+        (<span class="since">since 0.9.5</span>). The domain will have
+        security-sensitive information omitted
+        unless the flag <code>VIR_DOMAIN_SNAPSHOT_XML_SECURE</code> is
+        provided on a read-write connection.
      </dd>
      <dt><code>cookie</code></dt>
-      <dd>Save image cookie containing additional data libvirt may need to
-        properly restore a domain from an active snapshot when such data
-        cannot be stored directly in the <code>domain</code> to maintain
-        compatibility with older libvirt or hypervisor. Readonly.
+      <dd>An optional readonly representation of a save image cookie
+        containing additional data libvirt may need to properly
+        restore a domain from an active snapshot when such data cannot
+        be stored directly in the <code>domain</code> to maintain
+        compatibility with older libvirt or hypervisor.
      </dd>
    </dl>

--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -19,14 +19,15 @@
      a single attribute <code>type</code>, which is one of <code>dir</code>,
      <code>fs</code>, <code>netfs</code>, <code>disk</code>,
      <code>iscsi</code>, <code>logical</code>, <code>scsi</code>
-      (all <span class="since">since 0.4.1</span>), <code>mpath</code>
-      (<span class="since">since 0.7.1</span>), <code>rbd</code>
-      (<span class="since">since 0.9.13</span>), <code>sheepdog</code>
-      (<span class="since">since 0.10.0</span>),
-      <code>gluster</code> (<span class="since">since
-      1.2.0</span>),  <code>zfs</code> (<span class="since">since
-      1.2.8</span>) or <code>vstorage</code> (<span class="since">since
-      3.1.0</span>). This corresponds to the
+      (all <span class="since">since 0.4.1</span>),
+      <code>mpath</code> (<span class="since">since 0.7.1</span>),
+      <code>rbd</code> (<span class="since">since 0.9.13</span>),
+      <code>sheepdog</code> (<span class="since">since 0.10.0</span>),
+      <code>gluster</code> (<span class="since">since 1.2.0</span>),
+      <code>zfs</code> (<span class="since">since 1.2.8</span>),
+      <code>vstorage</code> (<span class="since">since 3.1.0</span>),
+      or <code>iscsi-direct</code> (<span class="since">since 4.7.0</span>).
+      This corresponds to the
      storage backend drivers listed further along in this document.
    </p>
    <h3><a id="StoragePoolFirst">General metadata</a></h3>
@@ -121,15 +122,26 @@
 &lt;/source&gt;
 ...</pre>

+    <pre>
+...
+  &lt;source&gt;
+    &lt;host name='localhost'/&gt;
+    &lt;dir path='/var/lib/libvirt/images'/&gt;
+    &lt;format type='nfs'/&gt;
+    &lt;protocol ver='3'/&gt;
+  &lt;/source&gt;
+...</pre>
+
    <dl>
      <dt><code>device</code></dt>
      <dd>Provides the source for pools backed by physical devices
        (pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
-        <code>iscsi</code>, <code>zfs</code>, <code>vstorage</code>).
+        <code>iscsi</code>, <code>iscsi-direct</code>, <code>zfs</code>,
+        <code>vstorage</code>).
        May be repeated multiple times depending on backend driver. Contains
        a required attribute <code>path</code> which is either the fully
        qualified path to the block device node or for <code>iscsi</code>
-        the iSCSI Qualified Name (IQN).
+        or <code>iscsi-direct</code> the iSCSI Qualified Name (IQN).
        <span class="since">Since 0.4.1</span>
        <p>An optional attribute <code>part_separator</code> for each
        <code>path</code> may be supplied. Valid values for the attribute
@@ -334,6 +346,7 @@
      <dt><code>host</code></dt>
      <dd>Provides the source for pools backed by storage from a
        remote server (pool types <code>netfs</code>, <code>iscsi</code>,
+        <code>iscsi-direct</code>,
        <code>rbd</code>, <code>sheepdog</code>, <code>gluster</code>). Will be
        used in combination with a <code>directory</code>
        or <code>device</code> element. Contains an attribute <code>name</code>
@@ -348,11 +361,19 @@
        server. See the <a href="storage.html">storage driver page</a> for
        any restrictions for specific storage backends.
        <span class="since">Since 0.4.1</span></dd>
+      <dt><code>initiator</code></dt>
+      <dd>Required by the <code>iscsi-direct</code> pool in order to provide
+        the iSCSI Qualified Name (IQN) to communicate with the pool's
+        <code>device</code> target IQN. There is one sub-element
+        <code>iqn</code> with the <code>name</code> attribute to describe
+        the IQN for the initiator.
+        <span class="since">Since 4.7.0</span></dd>
      <dt><code>auth</code></dt>
      <dd>If present, the <code>auth</code> element provides the
        authentication credentials needed to access the source by the
        setting of the <code>type</code> attribute (pool
-        types <code>iscsi</code>, <code>rbd</code>). The <code>type</code>
+        types <code>iscsi</code>, <code>iscsi-direct</code>, <code>rbd</code>).
+        The <code>type</code>
        must be either "chap" or "ceph". Use "ceph" for
        Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
        (Challenge-Handshake Authentication Protocol) iSCSI
@@ -386,6 +407,12 @@
        LVM metadata type. All drivers are required to have a default
        value for this, so it is optional. <span class="since">Since 0.4.1</span></dd>

+      <dt><code>protocol</code></dt>
+      <dd>For a <code>netfs</code> Storage Pool provide a mechanism to
+        define which NFS protocol version number will be used to contact
+        the server's NFS service. The attribute <code>ver</code> accepts
+        an unsigned integer as the version number to use.
+        <span class="since">Since 5.1.0</span></dd>
      <dt><code>vendor</code></dt>
      <dd>Provides optional information about the vendor of the
        storage device. This contains a single
@@ -451,8 +478,8 @@
        The <code>owner</code> element contains the numeric user ID.
        The <code>group</code> element contains the numeric group ID.
        If <code>owner</code> or <code>group</code> aren't specified when
-        creating a directory, the values are inherited from the parent
-        directory. The <code>label</code> element contains the MAC (eg SELinux)
+        creating a directory, the UID and GID of the libvirtd process are used.
+        The <code>label</code> element contains the MAC (eg SELinux)
        label string.
        <span class="since">Since 0.4.1</span>
        For running directory or filesystem based pools, these fields
@@ -481,6 +508,145 @@
      device, measured in bytes.  <span class="since">Since 0.4.1</span>
    </p>

+    <h3><a id="StoragePoolRefresh">Refresh overrides</a></h3>
+
+    <p>
+      The optional <code>refresh</code> element can control how the pool and
+      associated volumes are refreshed (pool type <code>rbd</code>). The
+      <code>allocation</code> attribute of the <code>volume</code> child element
+      controls the method used for computing the allocation of a volume. The
+      valid attribute values are <code>default</code> to compute the actual
+      usage or <code>capacity</code> to use the logical capacity for cases where
+      computing the allocation is too expensive. The following XML snippet
+      shows the syntax:
+      <pre>
+&lt;pool type="rbd"&gt;
+  &lt;name&gt;myrbdpool&lt;/name&gt;
+...
+  &lt;source/&gt;
+...
+  &lt;refresh&gt;
+    &lt;volume allocation='capacity'/&gt;
+  &lt;/refresh&gt;
+...
+&lt;/pool&gt;
+</pre>
+      <span class="since">Since 5.2.0</span>
+    </p>
+
+    <h3><a id="StoragePoolNamespaces">Storage Pool Namespaces</a></h3>
+
+    <p>
+      Usage of Storage Pool Namespaces provides a mechanism to provide
+      pool type specific data in a free form or arbitrary manner via
+      XML syntax targeted solely for the needs of the specific pool type
+      which is not otherwise supported in standard XML. For the "fs" and
+      "netfs" pool types this provides a mechanism to provide additional
+      mount options on the command line. For the "rbd" pool this provides
+      a mechanism to override default settings for RBD configuration options.
+    </p>
+    <p>
+      Usage of namespaces comes with no support guarantees. It is intended
+      for developers testing out a concept prior to requesting an explicitly
+      supported XML option in libvirt, and thus should never be used in
+      production.
+    </p>
+    <dl>
+      <dt><code>fs:mount_opts</code></dt>
+      <dd>Provides an XML namespace mechanism to optionally utilize
+        specifically named options for the mount command via the "-o"
+        option for the <code>fs</code> or <code>netfs</code> type storage
+        pools. In order to designate that the Storage Pool will be using
+        the mechanism, the <code>pool</code> element must be modified to
+        provide the XML namespace attribute syntax as follows:
+
+        <p>
+        xmlns:fs='http://libvirt.org/schemas/storagepool/fs/1.0'
+        </p>
+
+        <p>
+        The <code>fs:mount_opts</code> defines the mount options by
+        specifying multiple <code>fs:option</code> subelements with
+        the attribute <code>name</code> specifying the mount option to
+        be added. The value of the named option is not checked since
+        it's possible options don't exist on all distributions. It is
+        expected that proper and valid options will be supplied for the
+        target host.
+        </p>
+
+        The following XML snippet shows the syntax required in order to
+        utilize for a netfs pool:
+      <pre>
+&lt;pool type="netfs" xmlns:fs='http://libvirt.org/schemas/storagepool/fs/1.0'&gt;
+  &lt;name&gt;nfsimages&lt;/name&gt;
+...
+  &lt;source&gt;
+...
+  &lt;/source&gt;
+...
+  &lt;target&gt;
+...
+  &lt;/target&gt;
+  &lt;fs:mount_opts&gt;
+    &lt;fs:option name='sync'/&gt;
+    &lt;fs:option name='lazytime'/&gt;
+  &lt;/fs:mount_opts&gt;
+&lt;/pool&gt;
+...</pre>
+
+      <span class="since">Since 5.1.0.</span></dd>
+
+      <dt><code>rbd:config_opts</code></dt>
+      <dd>Provides an XML namespace mechanism to optionally utilize
+        specifically named options for the RBD configuration options
+        via the rados_conf_set API for the <code>rbd</code> type
+        storage pools. In order to designate that the Storage Pool
+        will be using the mechanism, the <code>pool</code> element
+        must be modified to provide the XML namespace attribute
+        syntax as follows:
+
+        <p>
+        xmlns:rbd='http://libvirt.org/schemas/storagepool/rbd/1.0'
+        </p>
+
+        <p>
+        The <code>rbd:config_opts</code> defines the configuration options
+        by specifying multiple <code>rbd:option</code> subelements with
+        the attribute <code>name</code> specifying the configuration option
+        to be added and <code>value</code> specifying the configuration
+        option value. The name and value for each option is only checked
+        to be not empty. The name and value provided are not checked since
+        it's possible options don't exist on all distributions. It is
+        expected that proper and valid options will be supplied for the
+        target host.
+        </p>
+
+        The following XML snippet shows the syntax required in order to
+        utilize
+      <pre>
+&lt;pool type="rbd" xmlns:rbd='http://libvirt.org/schemas/storagepool/rbd/1.0'&gt;
+  &lt;name&gt;myrbdpool&lt;/name&gt;
+...
+  &lt;source&gt;
+...
+  &lt;/source&gt;
+...
+  &lt;target&gt;
+...
+  &lt;/target&gt;
+...
+  &lt;rbd:config_opts&gt;
+    &lt;rbd:option name='client_mount_timeout' value='45'/&gt;
+    &lt;rbd:option name='rados_mon_op_timeout' value='20'/&gt;
+    &lt;rbd:option name='rados_osd_op_timeout' value='10'/&gt;
+  &lt;/rbd:config_opts&gt;
+&lt;/pool&gt;
+</pre>
+
+      <span class="since">Since 5.1.0.</span></dd>
+
+    </dl>
+
    <h2><a id="StorageVol">Storage volume XML</a></h2>
    <p>
      A storage volume will generally be either a file or a device
@@ -636,8 +802,8 @@
        The <code>owner</code> element contains the numeric user ID.
        The <code>group</code> element contains the numeric group ID.
        If <code>owner</code> or <code>group</code> aren't specified when
-        creating a supported volume, the values are inherited from the parent
-        directory. The <code>label</code> element contains the MAC (eg SELinux)
+        creating a supported volume, the UID and GID of the libvirtd process
+        are used. The <code>label</code> element contains the MAC (eg SELinux)
        label string.
        For existing directory or filesystem based volumes, these fields
        will be filled with the values used by the existing file.
--- a/docs/formatstoragecaps.html.in
+++ b/docs/formatstoragecaps.html.in
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Storage Pool Capabilities XML format</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a id="Overview">Overview</a></h2>
+
+    <p>The Storage Pool Capabilities XML will provide the information
+    to determine what types of Storage Pools exist, whether the pool is
+    supported, and if relevant the source format types, the required
+    source elements, and the target volume format types. </p>
+
+    <p>The Storage Pool Capabilities XML provides more information than the
+      <a href="/html/libvirt-libvirt-host.html#virConnectGetCapabilities">
+        <code>virConnectGetCapabilities</code>
+      </a>
+    which only provides an enumerated list of supported pool types.</p>
+
+    <h2><a id="elements">Element and attribute overview</a></h2>
+
+    <p>A query interface was added to the virConnect API's to retrieve the
+    XML listing of the set of Storage Pool Capabilities
+    (<span class="since">Since 5.2.0</span>):</p>
+
+<pre>
+<a href="/html/libvirt-libvirt-domain.html#virConnectGetStoragePoolCapabilities">virConnectGetStoragePoolCapabilities</a>
+</pre>
+
+    <p>The root element that emulator capability XML document starts with is
+    named <code>storagepoolCapabilities</code>. There will be any number of
+    <code>pool</code> child elements with two attributes <code>type</code>
+    and <code>supported</code>. Each <code>pool</code> element may have
+    a <code>poolOptions</code> or <code>volOptions</code> subelements to
+    describe the available features. Sample XML output is:</p>
+
+<pre>
+&lt;storagepoolCapabilities&gt;
+  &lt;pool type='dir' supported='yes'&gt;
+    &lt;volOptions&gt;
+      &lt;defaultFormat type='raw'&lt;/&gt;
+      &lt;enum name='targetFormatType'&gt;
+        &lt;value&gt;none&lt;/value&gt;
+        &lt;value&gt;raw&lt;/value&gt;
+        ...
+      &lt;/enum&gt;
+    &lt;/volOptions&gt;
+  &lt;/pool&gt;
+  &lt;pool type='fs' supported='yes'&gt;
+    &lt;poolOptions&gt;
+      &lt;defaultFormat type='auto'&lt;/&gt;
+      &lt;enum name='sourceFormatType'&gt;
+        &lt;value&gt;auto&lt;/value&gt;
+        &lt;value&gt;ext2&lt;/value&gt;
+        ...
+      &lt;/enum&gt;
+    &lt;/poolOptions&gt;
+    &lt;volOptions&gt;
+      &lt;defaultFormat type='raw'&lt;/&gt;
+      &lt;enum name='targetFormatType'&gt;
+        &lt;value&gt;none&lt;/value&gt;
+        &lt;value&gt;raw&lt;/value&gt;
+        ...
+      &lt;/enum&gt;
+    &lt;/volOptions&gt;
+  &lt;/pool&gt;
+  ...
+&lt;/storagepoolCapabilities&gt;
+</pre>
+
+    <p>The following section decribes subelements of the
+    <code>poolOptions</code> and <code>volOptions</code> subelements </p>:
+
+    <dl>
+      <dt><code>defaultFormat</code></dt>
+      <dd>For the <code>poolOptions</code>, the <code>type</code> attribute
+      describes the default format name used for the pool source. For the
+      <code>volOptions</code>, the <code>type</code> attribute describes
+      the default volume name used for each volume.
+      </dd>
+      <dl>
+        <dt><code>enum</code></dt>
+        <dd>Each enum uses a name from the list below with any number of
+        <code>value</code> value subelements describing the valid values.
+          <dl>
+            <dt><code>sourceFormatType</code></dt>
+            <dd>Lists all the possible <code>poolOptions</code> source
+            pool format types.
+            </dd>
+            <dt><code>targetFormatType</code></dt>
+            <dd>Lists all the possible <code>volOptions</code> target volume
+            format types.
+            </dd>
+          </dl>
+        </dd>
+      </dl>
+    </dl>
+  </body>
+</html>
--- a/docs/governance.html.in
+++ b/docs/governance.html.in
@@ -155,7 +155,7 @@
      also implicitly stating that they have the legal right to make the
      contribution, if doing so on behalf of a broader organization /
      company. Most of the project's code is distributed under the GNU
-      Lesser General Public License, version 2 or later. Details of the
+      Lesser General Public License, version 2.1 or later. Details of the
      exact license under which contributions will be presumed to be
      covered are found in the source repositories, or website in question.
    </p>
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@@ -1412,5 +1412,34 @@ int foo()
        in the same way, but still make sure they get reviewed if non-trivial.
      </li>
    </ul>
+    <h2><a id="coverage">Code coverage reports</a></h2>
+
+    <p>
+      Code coverage HTML reports can be generated with:
+    </p>
+
+<pre>
+  make coverage
+</pre>
+
+    <p>
+      Reports will be generated in the <code>cov/</code> directory. Point a
+      web browser at <code>cov/index.html</code> for the full report.
+    </p>
+
+    <p>
+      The <code>make coverage</code> target is provided by <code>gnulib</code>.
+      It is a convenience helper for calling the following 3 targets in order.
+      It may be useful to occasionally call these directly.
+
+    <ul>
+      <li><code>make init-coverage</code>: run <code>make clean</code> and
+          remove all code coverage counter files (*.gcno, etc.)</li>
+      <li><code>make build-coverage</code>: run <code>make</code> and
+          <code>make check</code> with <code>CFLAGS</code> filled in with
+          necessary coverage flags</li>
+      <li><code>make gen-coverage</code>: generate the HTML report</li>
+    </ul>
+    </p>
  </body>
 </html>
--- a/docs/index.html.in
+++ b/docs/index.html.in
@@ -66,6 +66,7 @@
          <a href="formatstorageencryption.html">storage encryption</a>,
          <a href="formatcaps.html">capabilities</a>,
          <a href="formatdomaincaps.html">domain capabilities</a>,
+          <a href="formatstoragecaps.html">storage pool capabilities</a>,
          <a href="formatnode.html">node devices</a>,
          <a href="formatsecret.html">secrets</a>,
          <a href="formatsnapshot.html">snapshots</a></dd>
--- a/docs/internals/command.html.in
+++ b/docs/internals/command.html.in
@@ -426,7 +426,7 @@ dprintf(logfd, "%s: ", timestamp);
 VIR_FREE(timestamp);
 virCommandWriteArgLog(cmd, logfd);

-string = virCommandToString(cmd);
+string = virCommandToString(cmd, false);
 if (string)
    VIR_DEBUG("about to run %s", string);
 VIR_FREE(string);
--- a/docs/libvirt.css
+++ b/docs/libvirt.css
@@ -100,14 +100,15 @@
    margin-right: auto;
    padding: 0px;
    padding-bottom: 1em;
-    max-width: 60em;
+    max-width: 95%;
+    width: 70em;
 }

 body.index #content,
 body.docs #content,
 body.hvsupport #content
 {
-    max-width: inherit;
+    width: inherit;
 }

 pre {
@@ -537,3 +538,7 @@ dl.mail dt a:hover {
    color:  rgb(255, 230, 0);
    text-decoration: none;
 }
+
+td.enumvalue {
+    white-space: nowrap;
+}
--- a/docs/newapi.xsl
+++ b/docs/newapi.xsl
@@ -288,6 +288,24 @@
    </xsl:choose>
  </xsl:template>

+  <xsl:template name="enumvalue">
+    <xsl:param name="value" select="@value"/>
+    <xsl:param name="valuehex" select="@value_hex"/>
+    <xsl:param name="valuebitshift" select="@value_bitshift"/>
+    <xsl:value-of select="@value"/>
+    <xsl:if test="$valuehex != '' or $valuebitshift != ''">
+      <xsl:text> (</xsl:text>
+      <xsl:if test="$valuehex != ''">
+        <xsl:value-of select="@value_hex"/>
+      </xsl:if>
+      <xsl:if test="$valuebitshift != ''">
+        <xsl:text>; 1 &lt;&lt; </xsl:text>
+        <xsl:value-of select="@value_bitshift"/>
+      </xsl:if>
+      <xsl:text>)</xsl:text>
+    </xsl:if>
+  </xsl:template>
+
  <xsl:template match="typedef[@type = 'enum']">
    <xsl:variable name="name" select="string(@name)"/>
    <h3><a name="{$name}"><code><xsl:value-of select="$name"/></code></a></h3>
@@ -306,7 +324,7 @@
            <td><xsl:text> = </xsl:text></td>
            <xsl:choose>
              <xsl:when test="@info != ''">
-                <td><xsl:value-of select="@value"/></td>
+                <td class="enumvalue"><xsl:call-template name="enumvalue"/></td>
                <td>
                  <div class="comment">
                    <xsl:call-template name="dumptext">
@@ -316,7 +334,7 @@
                </td>
              </xsl:when>
              <xsl:otherwise>
-                <td colspan="2"><xsl:value-of select="@value"/></td>
+                <td colspan="2" class="enumvalue"><xsl:call-template name="enumvalue"/></td>
              </xsl:otherwise>
            </xsl:choose>
          </tr>
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -33,6 +33,586 @@
     -->

 <libvirt>
+  <release version="v5.2.0" date="2019-04-03">
+    <section title="New features">
+      <change>
+        <summary>
+          Add Storage Pool Capabilities output
+        </summary>
+        <description>
+          Add support to list an enumerated list of supported Storage
+          Pools via the virConnectGetCapabilities API when connected
+          via a Storage Driver. Add support to get a more detailed
+          list XML output Storage Pool Capabilities vis the
+          virConnectGetStoragePoolCapabilites API.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Support virtio-{non-}transitional device models
+        </summary>
+        <description>
+          <code>virtio-transitional</code> and
+          <code>virtio-non-transitional</code> <code>model</code> values
+          were added to the QEMU driver for the following devices:
+          <code>disk</code>, <code>interface</code>, <code>filesystem</code>,
+          <code>rng</code>, <code>vsock</code>, <code>memballoon</code>,
+          <code>controller</code> type <code>scsi</code>,
+          <code>controller</code> type <code>virtio-serial</code>,
+          <code>input</code> bus <code>virtio</code>
+          type <code>passthrough</code>,
+          <code>hostdev</code> type <code>scsi_host</code>. These new
+          models can be used to give fine grained control over what
+          virtio device version is presented to the guest.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Enable firmware autoselection
+        </summary>
+        <description>
+          Libvirt allows users to provide loader path for some time now.
+          However, this puts some burden on users because they need to
+          know what firmware meets their requirements. Now that QEMU
+          ships firmware description files this burden can be moved onto
+          libvirt. It is as easy as setting the <code>firmware</code>
+          attribute in the <code>os</code> element (accepted values are
+          <code>bios</code> and <code>efi</code>). Moreover, libvirt
+          automatically enables domain features needed for firmware it
+          chooses.
+        </description>
+      </change>
+      <change>
+        <summary>
+          snapshots: Add support for topological listings
+        </summary>
+        <description>
+          A new flag VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL is available
+          for the various snapshot listing APIs such as
+          virDomainListAllSnapshots(). For drivers that support the
+          flag, the listed snapshots are guaranteed to be sorted such
+          that parents occur before children.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Xen: Add support for max grant frames setting
+        </summary>
+        <description>
+          Add support for Xen's max_grant_frames setting by adding a
+          new xenbus controller type with a maxGrantFrames attribute.
+          E.g. <code>&lt;controller type='xenbus' maxGrantFrames='64'/&gt;</code>
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for parallel migration
+        </summary>
+        <description>
+          With QEMU 4.0.0 libvirt can enable parallel migration which causes
+          the memory pages to be processed in parallel by several threads and
+          sent to the destination host using several connections at the same
+          time. This may increase migration speed in case a single thread is
+          unable to saturate the network link.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          Drop support for Upstart and "Red Hat" init scripts
+        </summary>
+        <description>
+          Not a single one of the platforms we target still uses Upstart,
+          and the Upstart project itself has been abandoned for several years
+          now; the same is true for the "Red Hat" (really System V) init
+          scripts, since RHEL 7 and later releases use systemd.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          Report class information for PCI node device capability.
+        </summary>
+      </change>
+      <change>
+        <summary>
+          Split setup of IPv4 and IPv6 top level chain
+        </summary>
+        <description>
+          The requirement resulting from private chains improvement done
+          in <code>v5.1.0</code> was refined so that only tables from
+          corresponding IP version are required. This means that if a
+          network doesn't have <code>IPv6</code> enabled then those
+          tables are not required.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Don't default to building the QEMU driver
+        </summary>
+        <description>
+          Historically, the QEMU driver has been special in that it was
+          enabled by default, with the option to explicitly opt-out of it;
+          starting now, we're enabling it opportunistically if we detect that
+          all requirements are available, just like we do with other drivers.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          virt-host-validate: Fix IOMMU check on s390x
+        </summary>
+      </change>
+      <change>
+        <summary>
+          qemu: Allow creating pSeries guests with graphics and no USB mouse
+        </summary>
+        <description>
+          It's now possible to prevent libvirt from automatically adding a
+          USB mouse to pSeries guests by including a USB tablet in the input
+          XML: doing so is desiderable as using a tablet results in a much
+          better user experience when working with GUIs.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Set $HOME and XGD variables for qemu:///system guests
+        </summary>
+        <description>
+          This avoids files being accidentally created under <code>/</code> or
+          the guests not being able to start because they lack the necessary
+          permissions to write to that location.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.1.0" date="2019-03-04">
+    <section title="New features">
+      <change>
+        <summary>
+          bhyve: Add support for additional command-line arguments
+        </summary>
+        <description>
+          The bhyve driver now supports passing additional command-line
+          arguments to the bhyve process using the new
+          <code>&lt;bhyve:commandline&gt;</code> element in domain
+          configuration.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Support setting a firewalld "zone" for virtual network bridges
+        </summary>
+        <description>
+          All libvirt virtual networks with bridges managed by libvirt
+          (i.e. those with forward mode of "nat", "route", "open", or
+          no forward mode) will now be placed in a special firewalld
+          zone called "libvirt" by default. The zone of any network
+          bridge can be changed using the <code>zone</code> attribute
+          of the network's <code>bridge</code> element.
+        </description>
+      </change>
+      <change>
+        <summary>
+          bhyve: Support for ignoring unknown MSRs reads and writes
+        </summary>
+        <description>
+          A new &lt;features&gt; element &lt;msrs unknown='ignore'/&gt; was
+          introduced and the bhyve driver supports it to control unknown
+          Model Specific Registers (MSRs) reads and writes.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for encrypted VNC TLS keys
+        </summary>
+        <description>
+          Use the password stored in the secret driver under the uuid
+          specified by the <code>vnc_tls_x509_secret_uuid</code> option
+          in qemu.conf.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Add storage pool namespace options
+        </summary>
+        <description>
+          Allow for adjustment of RBD configuration options via Storage
+          Pool XML Namespace adjustments.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for setting post-copy migration bandwidth
+        </summary>
+        <description>
+          Users can now limit the bandwidth of post-copy migration, e.g.
+          via <code>virsh migrate --postcopy-bandwidth</code>.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          Create private chains for virtual network firewall rules
+        </summary>
+        <description>
+          Historically firewall rules for virtual networks were added
+          straight into the base chains. This works but has a number of
+          bugs and design limitations. To address them, libvirt now puts
+          firewall rules into its own chains. Note that with this change the
+          <code>filter</code>, <code>nat</code> and <code>mangle</code> tables
+          are required for both <code>IPv4</code> and <code>IPv6</code>.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Detect CEPH and GPFS as shared FS
+        </summary>
+        <description>
+          When starting a migration libvirt performs some sanity checks
+          to make sure domain will be able to run on the destination.
+          One of the requirements is that the disk has to either be
+          migrated too or be accessible from a network filesystem. CEPH
+          and GPFS weren't detected as a network filesystem.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Advertise network MTU via DHCP when specified
+        </summary>
+        <description>
+          If network MTU is set and the network has DHCP enabled,
+          advertise the MTU in DHCP transaction too so that clients can
+          adjust their link accordingly.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Allocate memory at the configured NUMA nodes from start
+        </summary>
+        <description>
+          Libvirt used to just start QEMU, let it allocate memory for
+          the guest, and then use CGroups to move the memory to
+          configured NUMA nodes. This is suboptimal as huge chunks of
+          memory have to be moved. Moreover, this relies on ability to
+          move memory later which is not always true. A change was made
+          to set process affinity correctly from the start so that memory
+          is allocated on the configured nodes from the beginning.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Support for newer Wireshark
+        </summary>
+        <description>
+          Adapt libvirt to use the more recent release requiring a
+          source build configuration of libvirt
+          <code>--with-wireshark</code> to upgrade to the more recent
+          version.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Batch mode virsh and virt-admin parsing improvements
+        </summary>
+        <description>
+          When parsing a single-argument command_string in batch mode,
+          virsh and virt-admin now permit newlines in addition to
+          semicolons for splitting commands, and backslash-newline for
+          splitting long lines, to be more like shell parsing.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing
+        </summary>
+        <description>
+          By default, libvirt runs the QEMU process as <code>qemu:qemu</code>
+          which could cause issues during probing as some features like AMD SEV
+          might be inaccessible to QEMU because of file system permissions.
+          Therefore, <code>CAP_DAC_OVERRIDE</code> is granted to overcome these
+          for the purposes of probing.
+        </description>
+      </change>
+      <change>
+        <summary>
+          storage: Add default mount options for fs/netfs storage pools
+        </summary>
+        <description>
+          Altered the command line generation for fs/netfs storage pools to
+          add some default options. For Linux based systems, the options
+          added are "nodev, nosuid, noexec". For FreeBSD based systems,
+          the options added are "nosuid, noexec".
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Allow use of PCI for RISC-V guests
+        </summary>
+        <description>
+          This works with QEMU 4.0.0+ only and is opt-in at the moment, since
+          it requires users to manually assign PCI addresses, but is otherwise
+          fully functional.
+        </description>
+      </change>
+      <change>
+        <summary>
+          network: Fix virtual networks on systems using firewalld+nftables
+        </summary>
+        <description>
+          Because of the transitional state of firewalld's new support
+          for nftables, not all iptables features required by libvirt
+          are yet available, so libvirt must continue to use iptables
+          for its own packet filtering rules even when the firewalld
+          backend is set to use nftables. However, due to the way
+          iptables support is implemented in kernels using nftables
+          (iptables rules are converted to nftables rules and
+          processed in a separate hook from the native nftables
+          rules), guest networking was broken on hosts with firewalld
+          configured to use nftables as the backend. This has been
+          fixed by putting libvirt-managed bridges in their own
+          firewalld zone, so that guest traffic can be forwarded
+          beyond the host and host services can be exposed to guests
+          on the virtual network without opening up those same
+          services to the rest of the physical network. This means
+          that host access from virtual machines is no longer
+          controlled by the firewalld default zone (usually "public"),
+          but rather by the new firewalld zone called "libvirt"
+          (unless configured otherwise using the new zone
+          attribute of the network bridge element).
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix i6300esb watchdog hotplug on Q35
+        </summary>
+        <description>
+          Ensure that libvirt allocates a PCI address for the device so
+          that QEMU did not default to an address that would not allow
+          for device hotplug.
+        </description>
+      </change>
+      <change>
+        <summary>
+          lxc: Don't reboot host on virDomainReboot
+        </summary>
+        <description>
+          If the container is really a simple one (init is just bash and
+          the whole root is passed through) then virDomainReboot and
+          virDomainShutdown would reboot or shutdown the host. The
+          solution is to use different method to reboot or shutdown the
+          container in that case (e.g. signal).
+        </description>
+      </change>
+      <change>
+        <summary>
+          rpc: Various stream fixes
+        </summary>
+        <description>
+          One particular race was fixed, one locking problem and error
+          reporting from streams was made better.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix guestfwd hotplug/hotunplug
+        </summary>
+        <description>
+          Fixed the generation of the guestfwd hotplug/unplug command
+          sent to QEMU to match the syntax used when creating the
+          initial command line.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Forbid CDROMs on virtio bus
+        </summary>
+        <description>
+          Attempting to create an empty virtio-blk drive or attempting
+          to eject it results into an error.  Forbid configurations
+          where users would attempt to use CDROMs in virtio bus.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Use 'raw' for 'volume' disks without format
+        </summary>
+        <description>
+          Storage pools might want to specify format of the image when
+          translating the volume thus libvirt can't add any default
+          format when parsing the XML. Add an explicit format when
+          starting the VM and format is not present neither by user
+          specifying it nor by the storage pool translation function.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Assume 'raw' default storage format also for network storage
+        </summary>
+        <description>
+          Post parse callback adds the 'raw' type only for local files.
+          Remote files can also have backing store (even local) so we
+          should do this also for network backed storage.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix block job progress reporting and advocate for READY event
+        </summary>
+        <description>
+          In some cases QEMU can get to 100% and still not reach the
+          synchronised phase. Initiating a pivot in that case will fail.
+          Therefore it is strongly advised to wait for
+          <code>VIR_DOMAIN_BLOCK_JOB_READY</code> event which does not
+          suffer from this problem.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Don't format image properties for empty drive
+        </summary>
+        <description>
+          If a <code>-drive</code> has no image, then formatting
+          attributes such as cache, readonly, etc. would cause errors to
+          be reported from QEMU. This was fixed by not supplying the
+          attributes for devices without an image.
+        </description>
+      </change>
+      <change>
+        <summary>
+          External snapshot metadata redefinition is fixed
+        </summary>
+        <description>
+          Attempting to use VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE to
+          reinstate the metadata describing an external snapshot
+          created earlier for an offline domain no longer fails.
+        </description>
+      </change>
+    </section>
+  </release>
+  <release version="v5.0.0" date="2019-01-15">
+    <section title="New features">
+      <change>
+        <summary>
+          Xen: Add support for openvswitch
+        </summary>
+        <description>
+          The libxl driver now supports virtual interfaces that connect to
+          an openvswitch bridge, including interfaces with VLAN tagging and
+          trunking configuration.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Report whether KVM nesting is available
+        </summary>
+        <description>
+          Running nested KVM guests requires specific configuration steps to
+          be performed on the host; libvirt will now report in the host
+          capabilities whether KVM nesting support is available.
+        </description>
+      </change>
+    </section>
+    <section title="Removed features">
+      <change>
+        <summary>
+          Drop UML driver
+        </summary>
+        <description>
+          The UML driver was unmaintained and not tested for
+          quite some time now. Worse, there is a bug that causes
+          it to deadlock on some very basic operations (e.g.
+          dumping domain XML). These facts make us believe no one
+          uses it.
+        </description>
+      </change>
+    </section>
+    <section title="Improvements">
+      <change>
+        <summary>
+          qemu: Add support for ARMv6l guests
+        </summary>
+      </change>
+      <change>
+        <summary>
+          Support more NVDIMM configuration options
+        </summary>
+        <description>
+          Introduce more configuration options. For the source element, add
+          the 'alignsize' and 'pmem' subelements. For the target element, add
+          the 'readonly' subelement.
+        </description>
+      </change>
+      <change>
+        <summary>
+          cpu: Add support for "stibp" x86_64 feature
+        </summary>
+        <description>
+          Add cpu flag stibp (Single Thread Indirect Branch Predictors) to
+          prevent indirect branch predictions from being controlled by the
+          sibling Hyperthread.
+        </description>
+      </change>
+      <change>
+        <summary>
+          libxl: Handle external domain destroy
+        </summary>
+        <description>
+          Historically, if a domain was destroyed using <code>xl</code>
+          rather than through libvirt APIs, libvirt would not be aware of
+          the fact and keep considering it as running. This is no longer the
+          case.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Start selecting the first available DRI device for OpenGL operations
+        </summary>
+        <description>
+          If OpenGL support is needed (either with SPICE gl enabled or with
+          egl-headless), libvirt is now able to pick the first available DRI
+          device for the job. At the same time, this improvement is also a
+          bugfix as it prevents permission-related issues with regards to our
+          mount namespaces and the default DRI render node's permissions which
+          would normally prevent QEMU from accessing such a device.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for postcopy-requests migration statistics
+        </summary>
+        <description>
+          The <code>virDomainJobInfo</code> can get number page requests
+          received from the destination host during post-copy migration.
+        </description>
+      </change>
+    </section>
+    <section title="Bug fixes">
+      <change>
+        <summary>
+          lxc: Don't forbid interfaces with type=direct
+        </summary>
+        <description>
+          Such interfaces are supported by lxc and should be allowed.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fully clean up RNG devices on detach
+        </summary>
+        <description>
+          Some RNG device types, such as those using EGD, might need extra
+          clean up on the host in addition to removing the guest-side device.
+        </description>
+      </change>
+    </section>
+  </release>
  <release version="v4.10.0" date="2018-12-03">
    <section title="New features">
      <change>
--- a/docs/page.xsl
+++ b/docs/page.xsl
@@ -175,7 +175,6 @@
            <h3>Community</h3>
            <ul>
              <li><a href="https://twitter.com/hashtag/libvirt">twitter</a></li>
-              <li><a href="https://plus.google.com/communities/109522598353007505282">google+</a></li>
              <li><a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow</a></li>
              <li><a href="http://serverfault.com/questions/tagged/libvirt">serverfault</a></li>
            </ul>
--- a/docs/reformat-news.py
+++ b/docs/reformat-news.py
@@ -17,9 +17,6 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Andrea Bolognani <abologna@redhat.com>

 from __future__ import print_function

--- a/docs/schemas/basictypes.rng
+++ b/docs/schemas/basictypes.rng
@@ -279,6 +279,12 @@
    </data>
  </define>

+  <define name="zoneName">
+    <data type="string">
+      <param name="pattern">[a-zA-Z0-9_\-]+</param>
+    </data>
+  </define>
+
  <define name="filePath">
    <data type="string">
      <param name="pattern">.+</param>
@@ -406,6 +412,7 @@
    <choice>
      <value>aarch64</value>
      <value>alpha</value>
+      <value>armv6l</value>
      <value>armv7l</value>
      <value>cris</value>
      <value>i686</value>
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@@ -412,7 +412,7 @@
                                  but is also used by phyp driver -->
        <value>hvm</value> <!-- unmodified OS -->
        <value>exe</value> <!-- For container based virt -->
-        <value>uml</value> <!-- user mode linux -->
+        <value>uml</value> <!-- user mode linux; NOT USED ANYMORE -->
      </choice>
    </element>
  </define>
@@ -484,7 +484,7 @@
          <value>kqemu</value>
          <value>kvm</value>
          <value>xen</value>
-          <value>uml</value>
+          <value>uml</value> <!-- NOT USED ANYMORE -->
          <value>lxc</value>
          <value>openvz</value>
          <value>test</value>
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -142,12 +142,18 @@

  <define name='devices'>
    <element name='devices'>
-      <interleave>
+      <optional>
        <ref name='disk'/>
+      </optional>
+      <optional>
        <ref name='graphics'/>
+      </optional>
+      <optional>
        <ref name='video'/>
+      </optional>
+      <optional>
        <ref name='hostdev'/>
-      </interleave>
+      </optional>
    </element>
  </define>

@@ -181,12 +187,18 @@

  <define name='features'>
    <element name='features'>
-      <interleave>
+      <optional>
        <ref name='gic'/>
+      </optional>
+      <optional>
        <ref name='vmcoreinfo'/>
+      </optional>
+      <optional>
        <ref name='vmgenid'/>
+      </optional>
+      <optional>
        <ref name='sev'/>
-      </interleave>
+      </optional>
    </element>
  </define>

--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -81,6 +81,9 @@
        <optional>
          <ref name='launchSecurity'/>
        </optional>
+        <optional>
+          <ref name='bhyvecmdline'/>
+        </optional>
      </interleave>
    </element>
  </define>
@@ -204,7 +207,7 @@
        <value>kvm</value>
        <value>xen</value>
        <value>lxc</value>
-        <value>uml</value>
+        <value>uml</value> <!-- NOT USED ANYMORE -->
        <value>openvz</value>
        <value>test</value>
        <value>vmware</value>
@@ -253,6 +256,14 @@
    </optional>
    <element name="os">
      <interleave>
+        <optional>
+          <attribute name="firmware">
+            <choice>
+              <value>bios</value>
+              <value>efi</value>
+            </choice>
+          </attribute>
+        </optional>
        <ref name="ostypehvm"/>
        <optional>
          <element name="loader">
@@ -280,7 +291,9 @@
                </choice>
              </attribute>
            </optional>
-            <ref name="absFilePath"/>
+            <optional>
+              <ref name="absFilePath"/>
+            </optional>
          </element>
        </optional>
        <optional>
@@ -1506,6 +1519,15 @@
          </interleave>
        </group>
      </choice>
+      <optional>
+        <attribute name="model">
+          <choice>
+            <value>virtio</value>
+            <value>virtio-transitional</value>
+            <value>virtio-non-transitional</value>
+          </choice>
+        </attribute>
+      </optional>
      <optional>
        <ref name="snapshot"/>
      </optional>
@@ -1907,7 +1929,7 @@
            <value>virtio</value>
            <value>xen</value>
            <value>usb</value>
-            <value>uml</value>
+            <value>uml</value> <!-- NOT USED ANYMORE -->
            <value>sata</value>
            <value>sd</value>
          </choice>
@@ -2144,6 +2166,8 @@
                  <value>ibmvscsi</value>
                  <value>virtio-scsi</value>
                  <value>lsisas1078</value>
+                  <value>virtio-transitional</value>
+                  <value>virtio-non-transitional</value>
                </choice>
              </attribute>
            </optional>
@@ -2301,6 +2325,15 @@
            <attribute name="type">
              <value>virtio-serial</value>
            </attribute>
+            <optional>
+              <attribute name="model">
+                <choice>
+                  <value>virtio</value>
+                  <value>virtio-transitional</value>
+                  <value>virtio-non-transitional</value>
+                </choice>
+              </attribute>
+            </optional>
            <optional>
              <attribute name="ports">
                <ref name="unsignedInt"/>
@@ -2312,6 +2345,17 @@
              </attribute>
            </optional>
          </group>
+          <!-- xenbus has an optional attribute "maxGrantFrames" -->
+          <group>
+            <attribute name="type">
+              <value>xenbus</value>
+            </attribute>
+            <optional>
+              <attribute name="maxGrantFrames">
+                <ref name="unsignedInt"/>
+              </attribute>
+            </optional>
+          </group>
        </choice>
        <optional>
          <element name="driver">
@@ -2490,6 +2534,15 @@
          </element>
        </optional>
      </interleave>
+      <optional>
+        <attribute name="model">
+          <choice>
+            <value>virtio</value>
+            <value>virtio-transitional</value>
+            <value>virtio-non-transitional</value>
+          </choice>
+        </attribute>
+      </optional>
    </element>
  </define>
  <define name="fsDriver">
@@ -2765,7 +2818,7 @@
                        <ref name="usbAddr"/>
                      </attribute>
                      <attribute name="device">
-                        <ref name="usbPort"/>
+                        <ref name="usbAddr"/>
                      </attribute>
                    </group>
                  </choice>
@@ -3418,9 +3471,20 @@
            </attribute>
          </optional>
        </group>
-        <attribute name="type">
-          <value>egl-headless</value>
-        </attribute>
+        <group>
+          <attribute name="type">
+            <value>egl-headless</value>
+          </attribute>
+          <optional>
+            <element name="gl">
+              <optional>
+                <attribute name="rendernode">
+                  <ref name="absFilePath"/>
+                </attribute>
+              </optional>
+            </element>
+          </optional>
+        </group>
      </choice>
    </element>
  </define>
@@ -3714,7 +3778,7 @@
      <choice>
        <value>xen</value>
        <value>serial</value>
-        <value>uml</value>
+        <value>uml</value> <!-- NOT USED ANYMORE -->
        <value>virtio</value>
        <value>lxc</value>
        <value>openvz</value>
@@ -4061,6 +4125,8 @@
      <attribute name="model">
        <choice>
          <value>virtio</value>
+          <value>virtio-transitional</value>
+          <value>virtio-non-transitional</value>
          <value>xen</value>
          <value>none</value>
        </choice>
@@ -4270,7 +4336,11 @@
    <element name="vsock">
      <optional>
        <attribute name="model">
-          <value>virtio</value>
+          <choice>
+            <value>virtio</value>
+            <value>virtio-transitional</value>
+            <value>virtio-non-transitional</value>
+          </choice>
        </attribute>
      </optional>
      <interleave>
@@ -4371,6 +4441,15 @@
            </element>
          </group>
        </choice>
+        <optional>
+          <attribute name="model">
+            <choice>
+              <value>virtio</value>
+              <value>virtio-transitional</value>
+              <value>virtio-non-transitional</value>
+            </choice>
+          </attribute>
+        </optional>
        <optional>
          <ref name="alias"/>
        </optional>
@@ -4607,6 +4686,15 @@
    <attribute name="type">
      <value>scsi_host</value>
    </attribute>
+    <optional>
+      <attribute name="model">
+        <choice>
+          <value>virtio</value>
+          <value>virtio-transitional</value>
+          <value>virtio-non-transitional</value>
+        </choice>
+      </attribute>
+    </optional>
    <element name="source">
      <choice>
        <group>
@@ -4698,7 +4786,7 @@
        <ref name="usbAddr"/>
      </attribute>
      <attribute name="device">
-        <ref name="usbPort"/>
+        <ref name="usbAddr"/>
      </attribute>
    </element>
  </define>
@@ -4983,6 +5071,9 @@
              <ref name="featurestate"/>
            </element>
          </optional>
+          <optional>
+            <ref name="msrs"/>
+          </optional>
        </interleave>
      </element>
    </optional>
@@ -5231,6 +5322,17 @@
    </element>
  </define>

+  <define name="msrs">
+    <element name="msrs">
+      <attribute name="unknown">
+        <choice>
+          <value>ignore</value>
+          <value>fault</value>
+        </choice>
+      </attribute>
+    </element>
+  </define>
+
  <define name="address">
    <element name="address">
      <choice>
@@ -5373,9 +5475,21 @@
          </interleave>
        </group>
        <group>
-          <element name="path">
-            <ref name="absFilePath"/>
-          </element>
+          <interleave>
+            <element name="path">
+              <ref name="absFilePath"/>
+            </element>
+            <optional>
+              <element name="alignsize">
+                <ref name="scaledInteger"/>
+              </element>
+            </optional>
+            <optional>
+              <element name="pmem">
+                <empty/>
+              </element>
+            </optional>
+          </interleave>
        </group>
      </choice>
    </element>
@@ -5399,6 +5513,11 @@
            </element>
          </element>
        </optional>
+        <optional>
+          <element name="readonly">
+            <empty/>
+          </element>
+        </optional>
      </interleave>
    </element>
  </define>
@@ -5406,7 +5525,11 @@
  <define name="rng">
    <element name="rng">
      <attribute name="model">
-        <value>virtio</value>
+        <choice>
+          <value>virtio</value>
+          <value>virtio-transitional</value>
+          <value>virtio-non-transitional</value>
+        </choice>
      </attribute>
      <interleave>
        <ref name="rng-backend"/>
@@ -5470,6 +5593,8 @@
      <attribute name="iommu">
        <ref name="virOnOff"/>
      </attribute>
+    </optional>
+    <optional>
      <attribute name="ats">
        <ref name="virOnOff"/>
      </attribute>
@@ -6097,6 +6222,20 @@
    </element>
  </define>

+  <!--
+       Optional hypervisor extensions in their own namespace:
+         Bhyve
+    -->
+  <define name="bhyvecmdline">
+    <element name="commandline" ns="http://libvirt.org/schemas/domain/bhyve/1.0">
+      <zeroOrMore>
+        <element name="arg">
+          <attribute name='value'/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
  <!--
       Type library
    -->
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@@ -58,6 +58,12 @@
              </attribute>
            </optional>

+            <optional>
+              <attribute name="zone">
+                <ref name="zoneName"/>
+              </attribute>
+            </optional>
+
            <optional>
              <attribute name="stp">
                <ref name="virOnOff"/>
--- a/docs/schemas/nodedev.rng
+++ b/docs/schemas/nodedev.rng
@@ -133,6 +133,13 @@
      <value>pci</value>
    </attribute>

+    <optional>
+      <element name='class'>
+        <data type="string">
+          <param name="pattern">0x[0-9a-fA-F]{6}</param>
+        </data>
+      </element>
+    </optional>
    <element name='domain'>
      <ref name='unsignedLong'/>
    </element>
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -24,9 +24,7 @@
        </choice>
      </attribute>
      <interleave>
-        <zeroOrMore>
-          <ref name='secret'/>
-        </zeroOrMore>
+        <ref name='secret'/>
        <optional>
          <element name='cipher'>
            <ref name='keycipher'/>
@@ -238,4 +236,11 @@
    </optional>
  </define>

+  <define name='refreshVolumeAllocation'>
+    <choice>
+      <value>default</value>
+      <value>capacity</value>
+    </choice>
+  </define>
+
 </grammar>
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@@ -52,6 +52,9 @@
      <ref name='sourcefs'/>
      <ref name='target'/>
    </interleave>
+    <optional>
+      <ref name='fs_mount_opts'/>
+    </optional>
  </define>

  <define name='poolnetfs'>
@@ -64,6 +67,9 @@
      <ref name='sourcenetfs'/>
      <ref name='target'/>
    </interleave>
+    <optional>
+      <ref name='fs_mount_opts'/>
+    </optional>
  </define>

  <define name='poollogical'>
@@ -149,7 +155,11 @@
      <ref name='commonMetadataNameOptional'/>
      <ref name='sizing'/>
      <ref name='sourcerbd'/>
+      <ref name='refresh'/>
    </interleave>
+    <optional>
+      <ref name='rbd_config_opts'/>
+    </optional>
  </define>

  <define name='poolsheepdog'>
@@ -531,6 +541,13 @@
            <ref name='sourceinfohost'/>
            <ref name='sourceinfodir'/>
            <ref name='sourcefmtnetfs'/>
+            <optional>
+              <element name='protocol'>
+                <attribute name='ver'>
+                  <ref name='unsignedInt'/>
+                </attribute>
+              </element>
+            </optional>
            <optional>
              <ref name='sourceinfovendor'/>
            </optional>
@@ -675,4 +692,63 @@
    </data>
  </define>

+  <define name='refresh'>
+    <optional>
+      <element name='refresh'>
+        <interleave>
+          <ref name='refreshVolume'/>
+        </interleave>
+      </element>
+    </optional>
+  </define>
+
+  <define name='refreshVolume'>
+    <optional>
+      <element name='volume'>
+        <optional>
+          <attribute name='allocation'>
+            <ref name="refreshVolumeAllocation"/>
+          </attribute>
+        </optional>
+      </element>
+    </optional>
+  </define>
+
+  <!--
+       Optional storage pool extensions in their own namespace:
+         "fs" or "netfs"
+    -->
+
+  <define name="fs_mount_opts">
+    <element name="mount_opts" ns="http://libvirt.org/schemas/storagepool/fs/1.0">
+      <zeroOrMore>
+        <element name="option">
+          <attribute name='name'>
+            <text/>
+          </attribute>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
+  <!--
+       Optional storage pool extensions in their own namespace:
+         RBD
+    -->
+
+  <define name="rbd_config_opts">
+    <element name="config_opts" ns="http://libvirt.org/schemas/storagepool/rbd/1.0">
+      <zeroOrMore>
+        <element name="option">
+          <attribute name='name'>
+            <text/>
+          </attribute>
+          <attribute name='value'>
+            <text/>
+          </attribute>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
 </grammar>
--- a/docs/schemas/storagepoolcaps.rng
+++ b/docs/schemas/storagepoolcaps.rng
@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<!-- A Relax NG schema for the libvirt storage pool capabilities XML format -->
+<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <include href='basictypes.rng'/>
+  <start>
+    <ref name='storagepoolCapabilities'/>
+  </start>
+
+
+  <define name='storagepoolCapabilities'>
+    <element name='storagepoolCapabilities'>
+      <zeroOrMore>
+        <ref name='poolCapsType'/>
+      </zeroOrMore>
+    </element>
+  </define>
+
+  <define name='poolCapsType'>
+    <element name='pool'>
+      <ref name='poolCapsTypes'/>
+      <ref name='poolCapsSupported'/>
+      <optional>
+        <ref name='poolCapsPoolOptions'/>
+      </optional>
+      <optional>
+        <ref name='poolCapsVolOptions'/>
+      </optional>
+    </element>
+  </define>
+
+  <define name='poolCapsTypes'>
+    <attribute name='type'>
+      <text/>
+    </attribute>
+  </define>
+
+  <define name='poolCapsSupported'>
+    <attribute name='supported'>
+      <ref name="virYesNo"/>
+    </attribute>
+  </define>
+
+  <define name='poolCapsPoolOptions'>
+    <element name='poolOptions'>
+      <optional>
+        <ref name='poolDefaultFormat'/>
+      </optional>
+      <optional>
+        <ref name='poolCapsEnum'/>
+      </optional>
+    </element>
+  </define>
+
+  <define name='poolCapsVolOptions'>
+    <element name='volOptions'>
+      <ref name='poolDefaultFormat'/>
+      <ref name='poolCapsEnum'/>
+    </element>
+  </define>
+
+  <define name='poolDefaultFormat'>
+    <element name='defaultFormat'>
+      <attribute name='type'>
+        <text/>
+      </attribute>
+    </element>
+  </define>
+
+  <define name='poolCapsEnum'>
+    <zeroOrMore>
+      <element name='enum'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+        <ref name='value'/>
+      </element>
+    </zeroOrMore>
+  </define>
+
+  <define name='value'>
+    <zeroOrMore>
+      <element name='value'>
+        <text/>
+      </element>
+    </zeroOrMore>
+  </define>
+
+</grammar>
--- a/docs/storage.html.in
+++ b/docs/storage.html.in
@@ -437,9 +437,9 @@

    <h2><a id="StorageBackendISCSIDirect">iSCSI direct pool</a></h2>
    <p>
-      This is a variant of the iSCSI pool. Instead of unsing iscsiadm, it uses
+      This is a variant of the iSCSI pool. Instead of using iscsiadm, it uses
      libiscsi.
-      It require a host, a path which is the target iqn and an initiator iqn.
+      It requires a host, a path which is the target IQN, and an initiator IQN.
    </p>

    <h3>Example pool input</h3>
@@ -457,12 +457,12 @@

    <h3>Valid pool format types</h3>
    <p>
-      The iSCSI volume pool does not use the pool format type element.
+      The iSCSI direct volume pool does not use the pool format type element.
    </p>

    <h3>Valid volume format types</h3>
    <p>
-      The iSCSI volume pool does not use the volume format type element.
+      The iSCSI direct volume pool does not use the volume format type element.
    </p>

    <h2><a id="StorageBackendSCSI">SCSI pool</a></h2>
@@ -782,7 +782,7 @@
      The ZFS volume pool does not use the pool format type element.
    </p>

-    <h3>Valid pool format types</h3>
+    <h3>Valid volume format types</h3>
    <p>
      The ZFS volume pool does not use the volume format type element.
    </p>
@@ -810,6 +810,12 @@
    &lt;path&gt;/mnt/clustername&lt;/path&gt;
  &lt;/target&gt;
 &lt;/pool&gt;</pre>
+
+    <h3>Valid pool format types</h3>
+    <p>
+      The Vstorage volume pool does not use the pool format type element.
+    </p>
+
    <h3>Valid volume format types</h3>
    <p>The valid volume types are the same as for the directory pool.</p>
  </body>
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -19,12 +19,6 @@
 FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)

 EXTRA_DIST = \
-	apparmor/TEMPLATE.qemu \
-	apparmor/TEMPLATE.lxc \
-	apparmor/libvirt-qemu \
-	apparmor/libvirt-lxc \
-	apparmor/usr.lib.libvirt.virt-aa-helper \
-	apparmor/usr.sbin.libvirtd \
 	lxcconvert/virt-lxc-convert \
 	polkit/libvirt-acl.rules \
 	$(wildcard $(srcdir)/systemtap/*.stp) \
@@ -33,10 +27,10 @@ EXTRA_DIST = \
 	$(wildcard $(srcdir)/xml/test/*.xml)


-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) \
-	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
-LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) \
-	$(top_builddir)/src/libvirt.la $(top_builddir)/gnulib/lib/libgnu.la \
+AM_CPPFLAGS = \
+	-I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
+LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) \
+	$(top_builddir)/src/libvirt.la \
 	$(top_builddir)/src/libvirt-admin.la

 noinst_PROGRAMS=dominfo/info1 dommigrate/dommigrate domsuspend/suspend \
@@ -70,40 +64,6 @@ admin_logging_SOURCES = admin/logging.c
 INSTALL_DATA_LOCAL =
 UNINSTALL_LOCAL =

-if WITH_APPARMOR_PROFILES
-apparmordir = $(sysconfdir)/apparmor.d/
-apparmor_DATA = \
-	apparmor/usr.lib.libvirt.virt-aa-helper \
-	apparmor/usr.sbin.libvirtd \
-	$(NULL)
-
-abstractionsdir = $(apparmordir)/abstractions
-abstractions_DATA = \
-	apparmor/libvirt-qemu \
-	apparmor/libvirt-lxc \
-	$(NULL)
-
-templatesdir = $(apparmordir)/libvirt
-templates_DATA = \
-	apparmor/TEMPLATE.qemu \
-	apparmor/TEMPLATE.lxc \
-	$(NULL)
-
-APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
-install-apparmor-local:
-	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
-	echo "# Site-specific additions and overrides for \
-		'usr.lib.libvirt.virt-aa-helper'" \
-		>"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
-
-uninstall-apparmor-local:
-	rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
-	rmdir "$(APPARMOR_LOCAL_DIR)" || :
-
-INSTALL_DATA_LOCAL += install-apparmor-local
-UNINSTALL_LOCAL += uninstall-apparmor-local
-endif WITH_APPARMOR_PROFILES
-
 if WITH_NWFILTER
 NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"

--- a/examples/admin/client_close.c
+++ b/examples/admin/client_close.c
@@ -1,7 +1,7 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<libvirt/libvirt.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libvirt/libvirt.h>
+#include <libvirt/libvirt-admin.h>

 int main(void)
 {
--- a/examples/admin/client_info.c
+++ b/examples/admin/client_info.c
@@ -1,9 +1,9 @@
 #define _GNU_SOURCE
-#include<stdio.h>
-#include<stdlib.h>
-#include<time.h>
-#include<string.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <libvirt/libvirt-admin.h>

 static const char *
 exampleTransportToString(int transport)
@@ -30,9 +30,13 @@ exampleGetTimeStr(time_t then)
 {
    char *ret = NULL;
    struct tm timeinfo;
+    struct tm *timeinfop;

-    if (!localtime_r(&then, &timeinfo))
+    /* localtime_r() is smarter, but since mingw lacks it and this
+     * example is single-threaded, we can get away with localtime */
+    if (!(timeinfop = localtime(&then)))
        return NULL;
+    timeinfo = *timeinfop;

    if (!(ret = calloc(64, sizeof(char))))
        return NULL;
--- a/examples/admin/client_limits.c
+++ b/examples/admin/client_limits.c
@@ -1,6 +1,6 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libvirt/libvirt-admin.h>

 int main(int argc, char **argv)
 {
--- a/examples/admin/list_clients.c
+++ b/examples/admin/list_clients.c
@@ -1,7 +1,7 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<time.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <libvirt/libvirt-admin.h>

 static const char *
 exampleTransportToString(int transport)
@@ -28,9 +28,13 @@ exampleGetTimeStr(time_t then)
 {
    char *ret = NULL;
    struct tm timeinfo;
+    struct tm *timeinfop;

-    if (!localtime_r(&then, &timeinfo))
+    /* localtime_r() is smarter, but since mingw lacks it and this
+     * example is single-threaded, we can get away with localtime */
+    if (!(timeinfop = localtime(&then)))
        return NULL;
+    timeinfo = *timeinfop;

    if (!(ret = calloc(64, sizeof(char))))
        return NULL;
--- a/examples/admin/list_servers.c
+++ b/examples/admin/list_servers.c
@@ -1,6 +1,6 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libvirt/libvirt-admin.h>

 int main(void)
 {
--- a/examples/admin/logging.c
+++ b/examples/admin/logging.c
@@ -1,11 +1,10 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>

-#include "config.h"
-#include<unistd.h>
-#include<libvirt/libvirt-admin.h>
-#include<libvirt/virterror.h>
+#include <unistd.h>
+#include <libvirt/libvirt-admin.h>
+#include <libvirt/virterror.h>

 static void printHelp(const char *argv0)
 {
--- a/examples/admin/threadpool_params.c
+++ b/examples/admin/threadpool_params.c
@@ -1,6 +1,6 @@
-#include<stdio.h>
-#include<stdlib.h>
-#include<libvirt/libvirt-admin.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libvirt/libvirt-admin.h>

 int main(int argc, char **argv)
 {
--- a/examples/dominfo/info1.c
+++ b/examples/dominfo/info1.c
@@ -5,7 +5,6 @@
 *          hypervisor and extract domain information.
 * usage: info1
 * test: info1
- * author: Daniel Veillard
 * copy: see Copyright for the status of this software.
 */

--- a/examples/dommigrate/dommigrate.c
+++ b/examples/dommigrate/dommigrate.c
@@ -18,8 +18,6 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Sahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
 */

 #include <stdio.h>
@@ -81,8 +79,7 @@ main(int argc, char *argv[])
 cleanup:
    if (dom != NULL)
        virDomainFree(dom);
-    if (conn != NULL)
-        virConnectClose(conn);
+    virConnectClose(conn);

 out:
    return ret;
--- a/examples/domsuspend/suspend.c
+++ b/examples/domsuspend/suspend.c
@@ -17,12 +17,8 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Michal Privoznik <mprivozn@redhat.com>
 */

-#include <config.h>
-
 #include <errno.h>
 #include <getopt.h>
 #include <libvirt/libvirt.h>
--- a/examples/domtop/domtop.c
+++ b/examples/domtop/domtop.c
@@ -16,12 +16,8 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Michal Privoznik <mprivozn@redhat.com>
 */

-#include <config.h>
-
 #include <errno.h>
 #include <getopt.h>
 #include <libvirt/libvirt.h>
@@ -245,7 +241,8 @@ print_cpu_usage(const char *dom_name,

        if (delim)
            printf("\t");
-        printf("CPU%zu: %.2lf", cpu + i, usage);
+        /* mingw lacks %zu */
+        printf("CPU%u: %.2lf", (unsigned)(cpu + i), usage);
        delim = true;
    }

@@ -269,10 +266,6 @@ do_top(virConnectPtr conn,
    int max_id = 0;
    int nparams = 0, then_nparams = 0, now_nparams = 0;
    virTypedParameterPtr then_params = NULL, now_params = NULL;
-    struct sigaction action_stop;
-
-    memset(&action_stop, 0, sizeof(action_stop));
-    action_stop.sa_handler = stop;

    /* Lookup the domain */
    if (!(dom = virDomainLookupByName(conn, dom_name))) {
@@ -298,8 +291,10 @@ do_top(virConnectPtr conn,
        goto cleanup;
    }

-    sigaction(SIGTERM, &action_stop, NULL);
-    sigaction(SIGINT, &action_stop, NULL);
+    /* The ideal program would use sigaction to set this handler, but
+     * this way is portable to mingw. */
+    signal(SIGTERM, stop);
+    signal(SIGINT, stop);

    run_top = true;
    while (run_top) {
--- a/examples/lxcconvert/virt-lxc-convert
+++ b/examples/lxcconvert/virt-lxc-convert
@@ -17,7 +17,6 @@
 #  License along with this library.  If not, see
 #  <http://www.gnu.org/licenses/>.
 #
-#  Author: Cedric Bosdonnat <cbosdonnat@suse.com>

 handler_cleanup()
 {
--- a/examples/object-events/event-test.c
+++ b/examples/object-events/event-test.c
@@ -1,13 +1,9 @@
-#include <config.h>
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
 #include <inttypes.h>

-#include <verify.h>
-
 #define VIR_ENUM_SENTINELS

 #include <libvirt/libvirt.h>
@@ -17,6 +13,14 @@
 #define STREQ(a, b) (strcmp(a, b) == 0)
 #define NULLSTR(s) ((s) ? (s) : "<null>")

+#if (4 < __GNUC__ + (6 <= __GNUC_MINOR__) \
+     && (201112L <= __STDC_VERSION__  || !defined __STRICT_ANSI__) \
+     && !defined __cplusplus)
+# define verify(cond) _Static_assert(cond, "verify (" #cond ")")
+#else
+# define verify(cond)
+#endif
+
 #ifndef ATTRIBUTE_UNUSED
 # define ATTRIBUTE_UNUSED __attribute__((__unused__))
 #endif
@@ -944,10 +948,11 @@ myDomainEventBlockThresholdCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
                                    unsigned long long excess,
                                    void *opaque ATTRIBUTE_UNUSED)
 {
+    /* Casts to uint64_t to work around mingw not knowing %lld */
    printf("%s EVENT: Domain %s(%d) block threshold callback dev '%s'(%s), "
-           "threshold: '%llu', excess: '%llu'",
+           "threshold: '%" PRIu64 "', excess: '%" PRIu64 "'",
           __func__, virDomainGetName(dom), virDomainGetID(dom),
-           dev, NULLSTR(path), threshold, excess);
+           dev, NULLSTR(path), (uint64_t)threshold, (uint64_t)excess);
    return 0;
 }

@@ -1142,13 +1147,8 @@ main(int argc, char **argv)
    virConnectPtr dconn = NULL;
    int callback1ret = -1;
    int callback16ret = -1;
-    struct sigaction action_stop;
    size_t i;

-    memset(&action_stop, 0, sizeof(action_stop));
-
-    action_stop.sa_handler = stop;
-
    if (argc > 1 && STREQ(argv[1], "--help")) {
        printf("%s uri\n", argv[0]);
        goto cleanup;
@@ -1179,8 +1179,10 @@ main(int argc, char **argv)
        goto cleanup;
    }

-    sigaction(SIGTERM, &action_stop, NULL);
-    sigaction(SIGINT, &action_stop, NULL);
+    /* The ideal program would use sigaction to set this handler, but
+     * this way is portable to mingw. */
+    signal(SIGTERM, stop);
+    signal(SIGINT, stop);

    printf("Registering event callbacks\n");

--- a/examples/systemtap/events.stp
+++ b/examples/systemtap/events.stp
@@ -16,7 +16,6 @@
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
-# Author: Daniel P. Berrange <berrange@redhat.com>
 #
 # This script will monitor all operation of the libvirt event loop
 # in both client and server. Example output is:
--- a/examples/systemtap/lock-debug.stp
+++ b/examples/systemtap/lock-debug.stp
@@ -16,7 +16,6 @@
 #
 # Debug RWLock mechanisms as well.
 #
-# Author: Martin Kletzander <mkletzan@redhat.com>


 global mx_tolock
--- a/examples/systemtap/qemu-monitor.stp
+++ b/examples/systemtap/qemu-monitor.stp
@@ -16,7 +16,6 @@
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
-# Author: Daniel P. Berrange <berrange@redhat.com>
 #
 # This script will monitor all messages sent/received between libvirt
 # and the QEMU monitor
--- a/examples/systemtap/rpc-monitor.stp
+++ b/examples/systemtap/rpc-monitor.stp
@@ -16,7 +16,6 @@
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
 #
-# Author: Daniel P. Berrange <berrange@redhat.com>
 #
 # This script will monitor all RPC messages going in/out of libvirtd and
 # any connected clients. Example output:
--- a/gnulib/lib/Makefile.am
+++ b/gnulib/lib/Makefile.am
@@ -27,4 +27,4 @@ noinst_LTLIBRARIES =

 include gnulib.mk

-INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS)
+AM_CPPFLAGS = -I$(top_srcdir)
--- a/gnulib/tests/Makefile.am
+++ b/gnulib/tests/Makefile.am
@@ -18,8 +18,6 @@

 include gnulib.mk

-INCLUDES = $(GETTEXT_CPPFLAGS)
-
 GNULIB_TESTS0 =
 GNULIB_TESTS1 = $(GNULIB_TESTS)
 if WITH_EXPENSIVE_TESTS
--- a/include/libvirt/libvirt-admin.h
+++ b/include/libvirt/libvirt-admin.h
@@ -19,12 +19,10 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
 */

-#ifndef __VIR_ADMIN_H__
-# define __VIR_ADMIN_H__
+#ifndef LIBVIRT_ADMIN_H
+# define LIBVIRT_ADMIN_H

 # ifdef __cplusplus
 extern "C" {
@@ -424,4 +422,4 @@ int virAdmConnectSetLoggingFilters(virAdmConnectPtr conn,
 }
 # endif

-#endif /* __VIR_ADMIN_H__ */
+#endif /* LIBVIRT_ADMIN_H */
--- a/include/libvirt/libvirt-common.h.in
+++ b/include/libvirt/libvirt-common.h.in
@@ -3,7 +3,6 @@
 * Summary: common macros and enums for the libvirt and libvirt-admin library
 * Description: Provides common macros and enums needed by both libvirt and
 *              libvirt-admin libraries
- * Author: Erik Skultety <eskultet@redhat.com>
 *
 * Copyright (C) 2015 Red Hat, Inc.
 *
--- a/include/libvirt/libvirt-domain-snapshot.h
+++ b/include/libvirt/libvirt-domain-snapshot.h
@@ -2,7 +2,6 @@
 * libvirt-domain-snapshot.h
 * Summary: APIs for management of domain snapshots
 * Description: Provides APIs for the management of domain snapshots
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__
-# define __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__
+#ifndef LIBVIRT_DOMAIN_SNAPSHOT_H
+# define LIBVIRT_DOMAIN_SNAPSHOT_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -60,7 +59,7 @@ typedef enum {
    VIR_DOMAIN_SNAPSHOT_CREATE_HALT        = (1 << 3), /* Stop running guest
                                                          after snapshot */
    VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY   = (1 << 4), /* disk snapshot, not
-                                                          system checkpoint */
+                                                          full system */
    VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT   = (1 << 5), /* reuse any existing
                                                          external files */
    VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE     = (1 << 6), /* use guest agent to
@@ -79,6 +78,10 @@ virDomainSnapshotPtr virDomainSnapshotCreateXML(virDomainPtr domain,
                                                const char *xmlDesc,
                                                unsigned int flags);

+typedef enum {
+    VIR_DOMAIN_SNAPSHOT_XML_SECURE         = VIR_DOMAIN_XML_SECURE, /* dump security sensitive information too */
+} virDomainSnapshotXMLFlags;
+
 /* Dump the XML of a snapshot */
 char *virDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
                                  unsigned int flags);
@@ -132,6 +135,10 @@ typedef enum {
    VIR_DOMAIN_SNAPSHOT_LIST_EXTERNAL    = (1 << 9), /* Filter by snapshots
                                                        that use files external
                                                        to disk images */
+
+    VIR_DOMAIN_SNAPSHOT_LIST_TOPOLOGICAL = (1 << 10), /* Ensure parents occur
+                                                         before children in
+                                                         the resulting list */
 } virDomainSnapshotListFlags;

 /* Return the number of snapshots for this domain */
@@ -211,4 +218,4 @@ int virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
 int virDomainSnapshotRef(virDomainSnapshotPtr snapshot);
 int virDomainSnapshotFree(virDomainSnapshotPtr snapshot);

-#endif /* __VIR_LIBVIRT_DOMAIN_SNAPSHOT_H__ */
+#endif /* LIBVIRT_DOMAIN_SNAPSHOT_H */
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -2,7 +2,6 @@
 * libvirt-domain.h
 * Summary: APIs for management of domains
 * Description: Provides APIs for the management of domains
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2015 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_DOMAIN_H__
-# define __VIR_LIBVIRT_DOMAIN_H__
+#ifndef LIBVIRT_DOMAIN_H
+# define LIBVIRT_DOMAIN_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -832,6 +831,12 @@ typedef enum {
     */
    VIR_MIGRATE_TLS               = (1 << 16),

+    /* Send memory pages to the destination host through several network
+     * connections. See VIR_MIGRATE_PARAM_PARALLEL_* parameters for
+     * configuring the parallel migration.
+     */
+    VIR_MIGRATE_PARALLEL          = (1 << 17),
+
 } virDomainMigrateFlags;


@@ -904,6 +909,15 @@ typedef enum {
 */
 # define VIR_MIGRATE_PARAM_BANDWIDTH         "bandwidth"

+/**
+ * VIR_MIGRATE_PARAM_BANDWIDTH_POSTCOPY:
+ *
+ * virDomainMigrate* params field: the maximum bandwidth (in MiB/s) that will
+ * be used for post-copy phase of a migration as VIR_TYPED_PARAM_ULLONG. If set
+ * to 0 or omitted, post-copy migration speed will not be limited.
+ */
+# define VIR_MIGRATE_PARAM_BANDWIDTH_POSTCOPY "bandwidth.postcopy"
+
 /**
 * VIR_MIGRATE_PARAM_GRAPHICS_URI:
 *
@@ -1017,6 +1031,14 @@ typedef enum {
 */
 # define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT  "auto_converge.increment"

+/**
+ * VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS:
+ *
+ * virDomainMigrate* params field: number of connections used during parallel
+ * migration. As VIR_TYPED_PARAM_INT.
+ */
+# define VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS     "parallel.connections"
+
 /* Domain migration. */
 virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
                               unsigned long flags, const char *dname,
@@ -1063,6 +1085,12 @@ int virDomainMigrateSetCompressionCache(virDomainPtr domain,
                                        unsigned long long cacheSize,
                                        unsigned int flags);

+/* Domain migration speed flags. */
+typedef enum {
+    /* Set or get maximum speed of post-copy migration. */
+    VIR_DOMAIN_MIGRATE_MAX_SPEED_POSTCOPY = (1 << 0),
+} virDomainMigrateMaxSpeedFlags;
+
 int virDomainMigrateSetMaxSpeed(virDomainPtr domain,
                                unsigned long bandwidth,
                                unsigned int flags);
@@ -1205,6 +1233,7 @@ int                     virDomainRestoreFlags   (virConnectPtr conn,
                                                 const char *dxml,
                                                 unsigned int flags);

+/* See below for virDomainSaveImageXMLFlags */
 char *          virDomainSaveImageGetXMLDesc    (virConnectPtr conn,
                                                 const char *file,
                                                 unsigned int flags);
@@ -1557,6 +1586,10 @@ typedef enum {
    VIR_DOMAIN_XML_MIGRATABLE   = (1 << 3), /* dump XML suitable for migration */
 } virDomainXMLFlags;

+typedef enum {
+    VIR_DOMAIN_SAVE_IMAGE_XML_SECURE         = VIR_DOMAIN_XML_SECURE, /* dump security sensitive information too */
+} virDomainSaveImageXMLFlags;
+
 char *                  virDomainGetXMLDesc     (virDomainPtr domain,
                                                 unsigned int flags);

@@ -2376,7 +2409,8 @@ int virDomainSetPerfEvents(virDomainPtr dom,
 * Describes various possible block jobs.
 */
 typedef enum {
-    VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN = 0, /* Placeholder */
+    /* Placeholder */
+    VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN = 0,

    /* Block Pull (virDomainBlockPull, or virDomainBlockRebase without
     * flags), job ends on completion */
@@ -3423,6 +3457,16 @@ typedef enum {
 */
 # define VIR_DOMAIN_JOB_MEMORY_ITERATION         "memory_iteration"

+/**
+ * VIR_DOMAIN_JOB_MEMORY_POSTCOPY_REQS:
+ *
+ * virDomainGetJobStats field: number page requests received from the
+ * destination host during post-copy migration, as VIR_TYPED_PARAM_ULLONG.
+ * This counter is incremented whenever the migrated domain tries to access
+ * a memory page which has not been transferred from the source host yet.
+ */
+# define VIR_DOMAIN_JOB_MEMORY_POSTCOPY_REQS     "memory_postcopy_requests"
+
 /**
 * VIR_DOMAIN_JOB_DISK_TOTAL:
 *
@@ -4840,4 +4884,4 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
                                   int *nparams,
                                   unsigned int flags);

-#endif /* __VIR_LIBVIRT_DOMAIN_H__ */
+#endif /* LIBVIRT_DOMAIN_H */
--- a/include/libvirt/libvirt-event.h
+++ b/include/libvirt/libvirt-event.h
@@ -2,7 +2,6 @@
 * libvirt-event.h
 * Summary: APIs for management of events
 * Description: Provides APIs for the management of events
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_EVENT_H__
-# define __VIR_LIBVIRT_EVENT_H__
+#ifndef LIBVIRT_EVENT_H
+# define LIBVIRT_EVENT_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -60,7 +59,7 @@ typedef void (*virEventHandleCallback)(int watch, int fd, int events, void *opaq
 * virEventAddHandleFunc:
 * @fd: file descriptor to listen on
 * @event: bitset of events on which to fire the callback
- * @cb: the callback to be called when an event occurrs
+ * @cb: the callback to be called when an event occurs
 * @opaque: user data to pass to the callback
 * @ff: the callback invoked to free opaque data blob
 *
@@ -187,4 +186,4 @@ void virEventUpdateTimeout(int timer, int frequency);
 int virEventRemoveTimeout(int timer);


-#endif /* __VIR_LIBVIRT_EVENT_H__ */
+#endif /* LIBVIRT_EVENT_H */
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -2,7 +2,6 @@
 * libvirt-host.h
 * Summary: APIs for management of hosts
 * Description: Provides APIs for the management of hosts
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_HOST_H__
-# define __VIR_LIBVIRT_HOST_H__
+#ifndef LIBVIRT_HOST_H
+# define LIBVIRT_HOST_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -744,4 +743,4 @@ int virNodeAllocPages(virConnectPtr conn,
                      unsigned int flags);


-#endif /* __VIR_LIBVIRT_HOST_H__ */
+#endif /* LIBVIRT_HOST_H */
--- a/include/libvirt/libvirt-interface.h
+++ b/include/libvirt/libvirt-interface.h
@@ -2,7 +2,6 @@
 * libvirt-interface.h
 * Summary: APIs for management of interfaces
 * Description: Provides APIs for the management of interfaces
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_INTERFACE_H__
-# define __VIR_LIBVIRT_INTERFACE_H__
+#ifndef LIBVIRT_INTERFACE_H
+# define LIBVIRT_INTERFACE_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -107,4 +106,4 @@ int                     virInterfaceChangeRollback(virConnectPtr conn,
 int virInterfaceIsActive(virInterfacePtr iface);


-#endif /* __VIR_LIBVIRT_INTERFACE_H__ */
+#endif /* LIBVIRT_INTERFACE_H */
--- a/include/libvirt/libvirt-lxc.h
+++ b/include/libvirt/libvirt-lxc.h
@@ -19,12 +19,10 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
 */

-#ifndef __VIR_LXC_H__
-# define __VIR_LXC_H__
+#ifndef LIBVIRT_LXC_H
+# define LIBVIRT_LXC_H

 # include <libvirt/libvirt.h>

@@ -53,4 +51,4 @@ int virDomainLxcEnterCGroup(virDomainPtr domain,
 }
 # endif

-#endif /* __VIR_LXC_H__ */
+#endif /* LIBVIRT_LXC_H */
--- a/include/libvirt/libvirt-network.h
+++ b/include/libvirt/libvirt-network.h
@@ -2,7 +2,6 @@
 * libvirt-network.h
 * Summary: APIs for management of networks
 * Description: Provides APIs for the management of networks
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_NETWORK_H__
-# define __VIR_LIBVIRT_NETWORK_H__
+#ifndef LIBVIRT_NETWORK_H
+# define LIBVIRT_NETWORK_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -334,4 +333,4 @@ int virConnectNetworkEventRegisterAny(virConnectPtr conn,
 int virConnectNetworkEventDeregisterAny(virConnectPtr conn,
                                        int callbackID);

-#endif /* __VIR_LIBVIRT_NETWORK_H__ */
+#endif /* LIBVIRT_NETWORK_H */
--- a/include/libvirt/libvirt-nodedev.h
+++ b/include/libvirt/libvirt-nodedev.h
@@ -2,7 +2,6 @@
 * libvirt-nodedev.h
 * Summary: APIs for management of nodedevs
 * Description: Provides APIs for the management of nodedevs
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_NODEDEV_H__
-# define __VIR_LIBVIRT_NODEDEV_H__
+#ifndef LIBVIRT_NODEDEV_H
+# define LIBVIRT_NODEDEV_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -217,4 +216,4 @@ typedef void (*virConnectNodeDeviceEventLifecycleCallback)(virConnectPtr conn,
                                                           int detail,
                                                           void *opaque);

-#endif /* __VIR_LIBVIRT_NODEDEV_H__ */
+#endif /* LIBVIRT_NODEDEV_H */
--- a/include/libvirt/libvirt-nwfilter.h
+++ b/include/libvirt/libvirt-nwfilter.h
@@ -2,7 +2,6 @@
 * libvirt-nwfilter.h
 * Summary: APIs for management of nwfilters
 * Description: Provides APIs for the management of nwfilters
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_NWFILTER_H__
-# define __VIR_LIBVIRT_NWFILTER_H__
+#ifndef LIBVIRT_NWFILTER_H
+# define LIBVIRT_NWFILTER_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -131,4 +130,4 @@ int                     virNWFilterBindingDelete(virNWFilterBindingPtr binding);
 int                     virNWFilterBindingRef(virNWFilterBindingPtr binding);
 int                     virNWFilterBindingFree(virNWFilterBindingPtr binding);

-#endif /* __VIR_LIBVIRT_NWFILTER_H__ */
+#endif /* LIBVIRT_NWFILTER_H */
--- a/include/libvirt/libvirt-qemu.h
+++ b/include/libvirt/libvirt-qemu.h
@@ -19,12 +19,10 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Chris Lalancette <clalance@redhat.com>
 */

-#ifndef __VIR_QEMU_H__
-# define __VIR_QEMU_H__
+#ifndef LIBVIRT_QEMU_H
+# define LIBVIRT_QEMU_H

 # include <libvirt/libvirt.h>

@@ -103,4 +101,4 @@ int virConnectDomainQemuMonitorEventDeregister(virConnectPtr conn,
 }
 # endif

-#endif /* __VIR_QEMU_H__ */
+#endif /* LIBVIRT_QEMU_H */
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -2,7 +2,6 @@
 * libvirt-secret.h
 * Summary: APIs for management of secrets
 * Description: Provides APIs for the management of secrets
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014, 2016 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_SECRET_H__
-# define __VIR_LIBVIRT_SECRET_H__
+#ifndef LIBVIRT_SECRET_H
+# define LIBVIRT_SECRET_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -203,4 +202,4 @@ typedef void (*virConnectSecretEventLifecycleCallback)(virConnectPtr conn,
                                                       void *opaque);


-#endif /* __VIR_LIBVIRT_SECRET_H__ */
+#endif /* LIBVIRT_SECRET_H */
--- a/include/libvirt/libvirt-storage.h
+++ b/include/libvirt/libvirt-storage.h
@@ -2,7 +2,6 @@
 * libvirt-storage.h
 * Summary: APIs for management of storage pools and volumes
 * Description: Provides APIs for the management of storage pools and volumes
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2016 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_STORAGE_H__
-# define __VIR_LIBVIRT_STORAGE_H__
+#ifndef LIBVIRT_STORAGE_H
+# define LIBVIRT_STORAGE_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -194,6 +193,10 @@ typedef enum {
 */
 virConnectPtr           virStoragePoolGetConnect        (virStoragePoolPtr pool);

+/* Storage Pool capabilities */
+char *virConnectGetStoragePoolCapabilities(virConnectPtr conn,
+                                           unsigned int flags);
+
 /*
 * List active storage pools
 */
@@ -496,4 +499,4 @@ typedef void (*virConnectStoragePoolEventLifecycleCallback)(virConnectPtr conn,
                                                            int detail,
                                                            void *opaque);

-#endif /* __VIR_LIBVIRT_STORAGE_H__ */
+#endif /* LIBVIRT_STORAGE_H */
--- a/include/libvirt/libvirt-stream.h
+++ b/include/libvirt/libvirt-stream.h
@@ -2,7 +2,6 @@
 * libvirt-stream.h
 * Summary: APIs for management of streams
 * Description: Provides APIs for the management of streams
- * Author: Daniel Veillard <veillard@redhat.com>
 *
 * Copyright (C) 2006-2014 Red Hat, Inc.
 *
@@ -21,8 +20,8 @@
 * <http://www.gnu.org/licenses/>.
 */

-#ifndef __VIR_LIBVIRT_STREAM_H__
-# define __VIR_LIBVIRT_STREAM_H__
+#ifndef LIBVIRT_STREAM_H
+# define LIBVIRT_STREAM_H

 # ifndef __VIR_LIBVIRT_H_INCLUDES__
 #  error "Don't include this file directly, only use libvirt/libvirt.h"
@@ -267,4 +266,4 @@ int virStreamAbort(virStreamPtr st);

 int virStreamFree(virStreamPtr st);

-#endif /* __VIR_LIBVIRT_STREAM_H__ */
+#endif /* LIBVIRT_STREAM_H */
--- a/include/libvirt/libvirt.h
+++ b/include/libvirt/libvirt.h
@@ -4,7 +4,7 @@
 * Description: Provides the interfaces of the libvirt library to handle
 *              virtualized domains
 *
- * Copyright (C) 2005-2006, 2010-2014 Red Hat, Inc.
+ * Copyright (C) 2005-2019 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -19,12 +19,10 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel Veillard <veillard@redhat.com>
 */

-#ifndef __VIR_VIRLIB_H__
-# define __VIR_VIRLIB_H__
+#ifndef LIBVIRT_H
+# define LIBVIRT_H

 # include <sys/types.h>

@@ -36,6 +34,10 @@ extern "C" {
 # include <libvirt/libvirt-common.h>
 # include <libvirt/libvirt-host.h>
 # include <libvirt/libvirt-domain.h>
+/* FIXME: Temporary hack until later patch creates new
+ * libvirt-domain-checkpoint.h file */
+typedef struct _virDomainCheckpoint virDomainCheckpoint;
+typedef virDomainCheckpoint *virDomainCheckpointPtr;
 # include <libvirt/libvirt-domain-snapshot.h>
 # include <libvirt/libvirt-event.h>
 # include <libvirt/libvirt-interface.h>
@@ -51,4 +53,4 @@ extern "C" {
 }
 # endif

-#endif /* __VIR_VIRLIB_H__ */
+#endif /* LIBVIRT_H */
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@@ -4,7 +4,7 @@
 * Description: Provides the interfaces of the libvirt library to handle
 *              errors raised while using the library.
 *
- * Copyright (C) 2006-2016 Red Hat, Inc.
+ * Copyright (C) 2006-2019 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -19,12 +19,10 @@
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel Veillard <veillard@redhat.com>
 */

-#ifndef __VIR_VIRERR_H__
-# define __VIR_VIRERR_H__
+#ifndef LIBVIRT_VIRTERROR_H
+# define LIBVIRT_VIRTERROR_H

 # include <libvirt/libvirt.h>

@@ -76,7 +74,7 @@ typedef enum {
    VIR_FROM_NETWORK = 19,      /* Error from network config */

    VIR_FROM_DOMAIN = 20,       /* Error from domain config */
-    VIR_FROM_UML = 21,          /* Error at the UML driver */
+    VIR_FROM_UML = 21,          /* Error at the UML driver; unused since 5.0.0 */
    VIR_FROM_NODEDEV = 22,      /* Error from node device monitor */
    VIR_FROM_XEN_INOTIFY = 23,  /* Error from xen inotify layer */
    VIR_FROM_SECURITY = 24,     /* Error from security framework */
@@ -133,6 +131,8 @@ typedef enum {
    VIR_FROM_PERF = 65,         /* Error from perf */
    VIR_FROM_LIBSSH = 66,       /* Error from libssh connection transport */
    VIR_FROM_RESCTRL = 67,      /* Error from resource control */
+    VIR_FROM_FIREWALLD = 68,    /* Error from firewalld */
+    VIR_FROM_DOMAIN_CHECKPOINT = 69, /* Error from domain checkpoint */

 # ifdef VIR_ENUM_SENTINELS
    VIR_ERR_DOMAIN_LAST
@@ -323,6 +323,13 @@ typedef enum {
    VIR_ERR_DEVICE_MISSING = 99,        /* fail to find the desired device */
    VIR_ERR_INVALID_NWFILTER_BINDING = 100,  /* invalid nwfilter binding */
    VIR_ERR_NO_NWFILTER_BINDING = 101,  /* no nwfilter binding */
+    VIR_ERR_INVALID_DOMAIN_CHECKPOINT = 102, /* invalid domain checkpoint */
+    VIR_ERR_NO_DOMAIN_CHECKPOINT = 103, /* domain checkpoint not found */
+    VIR_ERR_NO_DOMAIN_BACKUP = 104,     /* domain backup job id not found */
+
+# ifdef VIR_ENUM_SENTINELS
+    VIR_ERR_NUMBER_LAST
+# endif
 } virErrorNumber;

 /**
@@ -366,4 +373,4 @@ int                     virConnCopyLastError    (virConnectPtr conn,
 }
 # endif

-#endif /* __VIR_VIRERR_H__ */
+#endif /* LIBVIRT_VIRTERROR_H */
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -20,7 +20,6 @@
 # The hypervisor drivers that run in libvirtd
 %define with_qemu          0%{!?_without_qemu:1}
 %define with_lxc           0%{!?_without_lxc:1}
-%define with_uml           0%{!?_without_uml:1}
 %define with_libxl         0%{!?_without_libxl:1}
 %define with_vbox          0%{!?_without_vbox:1}

@@ -83,6 +82,7 @@
 %define with_sanlock       0%{!?_without_sanlock:0}
 %define with_numad         0%{!?_without_numad:0}
 %define with_firewalld     0%{!?_without_firewalld:0}
+%define with_firewalld_zone 0%{!?_without_firewalld_zone:0}
 %define with_libssh2       0%{!?_without_libssh2:0}
 %define with_wireshark     0%{!?_without_wireshark:0}
 %define with_libssh        0%{!?_without_libssh:0}
@@ -110,14 +110,19 @@
    %define with_storage_zfs 0
 %endif

+# Ceph dropping support for 32-bit hosts
+%if 0%{?fedora} >= 30
+    %ifarch %{arm} %{ix86}
+        %define with_storage_rbd 0
+    %endif
+%endif

-# RHEL doesn't ship OpenVZ, VBox, UML, PowerHypervisor,
+# RHEL doesn't ship OpenVZ, VBox, PowerHypervisor,
 # VMware, libxenserver (xenapi), libxenlight (Xen 4.1 and newer),
 # or HyperV.
 %if 0%{?rhel}
    %define with_openvz 0
    %define with_vbox 0
-    %define with_uml 0
    %define with_phyp 0
    %define with_vmware 0
    %define with_xenapi 0
@@ -132,6 +137,11 @@

 %define with_firewalld 1

+%if 0%{?fedora} >= 30 || 0%{?rhel} > 7
+    %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
+%endif
+
+
 # fuse is used to provide virtualized /proc for LXC
 %if %{with_lxc}
    %define with_fuse      0%{!?_without_fuse:1}
@@ -156,11 +166,7 @@
 # Enable wireshark plugins for all distros shipping libvirt 1.2.2 or newer
 %if 0%{?fedora}
    %define with_wireshark 0%{!?_without_wireshark:1}
-%endif
-%if 0%{?fedora} || 0%{?rhel} > 7
-    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)
-%else
-    %define wireshark_plugindir %{_libdir}/wireshark/plugins
+    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan
 %endif

 # Enable libssh transport for new enough distros
@@ -178,7 +184,7 @@
 %endif


-%if %{with_qemu} || %{with_lxc} || %{with_uml}
+%if %{with_qemu} || %{with_lxc}
 # numad is used to manage the CPU and memory placement dynamically,
 # it's not available on many non-x86 architectures.
    %ifnarch s390 s390x %{arm} riscv64
@@ -210,7 +216,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: @VERSION@
-Release: 1%{?dist}%{?extra_release}
+Release: 1%{?dist}
 License: LGPLv2+
 URL: https://libvirt.org/

@@ -231,9 +237,9 @@ Requires: libvirt-daemon-driver-lxc = %{version}-%{release}
 %if %{with_qemu}
 Requires: libvirt-daemon-driver-qemu = %{version}-%{release}
 %endif
-%if %{with_uml}
-Requires: libvirt-daemon-driver-uml = %{version}-%{release}
-%endif
+# We had UML driver, but we've removed it.
+Obsoletes: libvirt-daemon-driver-uml <= 5.0.0
+Obsoletes: libvirt-daemon-uml <= 5.0.0
 %if %{with_vbox}
 Requires: libvirt-daemon-driver-vbox = %{version}-%{release}
 %endif
@@ -320,6 +326,8 @@ BuildRequires: libiscsi-devel
 BuildRequires: parted-devel
 # For Multipath support
 BuildRequires: device-mapper-devel
+# For XFS reflink clone support
+BuildRequires: xfsprogs-devel
 %if %{with_storage_rbd}
 BuildRequires: librados2-devel
 BuildRequires: librbd1-devel
@@ -379,7 +387,7 @@ BuildRequires: numad
 %endif

 %if %{with_wireshark}
-BuildRequires: wireshark-devel >= 2.1.0
+BuildRequires: wireshark-devel >= 2.4.0
 %endif

 %if %{with_libssh}
@@ -391,6 +399,10 @@ BuildRequires: rpcgen
 BuildRequires: libtirpc-devel
 %endif

+%if %{with_firewalld_zone}
+BuildRequires: firewalld-filesystem
+%endif
+
 Provides: bundled(gnulib)

 %description
@@ -538,6 +550,9 @@ Requires: util-linux
 # From QEMU RPMs
 Requires: /usr/bin/qemu-img
 %endif
+%if !%{with_storage_rbd}
+Obsoletes: libvirt-daemon-driver-storage-rbd < %{version}-%{release}
+%endif

 %description daemon-driver-storage-core
 The storage driver plugin for the libvirtd daemon, providing
@@ -743,19 +758,6 @@ the Linux kernel
 %endif


-%if %{with_uml}
-%package daemon-driver-uml
-Summary: Uml driver plugin for the libvirtd daemon
-Requires: libvirt-daemon = %{version}-%{release}
-Requires: libvirt-libs = %{version}-%{release}
-
-%description daemon-driver-uml
-The UML driver plugin for the libvirtd daemon, providing
-an implementation of the hypervisor driver APIs using
-User Mode Linux
-%endif
-
-
 %if %{with_vbox}
 %package daemon-driver-vbox
 Summary: VirtualBox driver plugin for the libvirtd daemon
@@ -843,26 +845,6 @@ capabilities of LXC
 %endif


-%if %{with_uml}
-%package daemon-uml
-Summary: Server side daemon & driver required to run UML guests
-
-Requires: libvirt-daemon = %{version}-%{release}
-Requires: libvirt-daemon-driver-uml = %{version}-%{release}
-Requires: libvirt-daemon-driver-interface = %{version}-%{release}
-Requires: libvirt-daemon-driver-network = %{version}-%{release}
-Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
-Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
-Requires: libvirt-daemon-driver-secret = %{version}-%{release}
-Requires: libvirt-daemon-driver-storage = %{version}-%{release}
-# There are no UML kernel RPMs in Fedora/RHEL to depend on.
-
-%description daemon-uml
-Server side daemon and driver required to manage the virtualization
-capabilities of UML
-%endif
-
-
 %if %{with_libxl}
 %package daemon-xen
 Summary: Server side daemon & driver required to run XEN guests
@@ -954,7 +936,7 @@ Bash completion script stub.
 %if %{with_wireshark}
 %package wireshark
 Summary: Wireshark dissector plugin for libvirt RPC transactions
-Requires: wireshark >= 1.12.6-4
+Requires: wireshark >= 2.4.0
 Requires: %{name}-libs = %{version}-%{release}

 %description wireshark
@@ -1068,12 +1050,6 @@ exit 1
    %define arg_vmware --without-vmware
 %endif

-%if %{with_uml}
-    %define arg_uml --with-uml
-%else
-    %define arg_uml --without-uml
-%endif
-
 %if %{with_storage_rbd}
    %define arg_storage_rbd --with-storage-rbd
 %else
@@ -1128,6 +1104,12 @@ exit 1
    %define arg_firewalld --without-firewalld
 %endif

+%if %{with_firewalld_zone}
+    %define arg_firewalld_zone --with-firewalld-zone
+%else
+    %define arg_firewalld_zone --without-firewalld-zone
+%endif
+
 %if %{with_wireshark}
    %define arg_wireshark --with-wireshark-dissector
 %else
@@ -1187,7 +1169,6 @@ rm -f po/stamp-po
           --with-avahi \
           --with-polkit \
           --with-libvirtd \
-           %{?arg_uml} \
           %{?arg_phyp} \
           %{?arg_esx} \
           %{?arg_hyperv} \
@@ -1227,6 +1208,7 @@ rm -f po/stamp-po
           --with-dtrace \
           --with-driver-modules \
           %{?arg_firewalld} \
+           %{?arg_firewalld_zone} \
           %{?arg_wireshark} \
           --without-pm-utils \
           --with-nss-plugin \
@@ -1316,9 +1298,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
 %endif
-%if ! %{with_uml}
-rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
-%endif

 # Copied into libvirt-docs subpackage eventually
 mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs
@@ -1349,6 +1328,16 @@ then
  exit 1
 fi

+%post libs
+%if 0%{?rhel} == 7
+/sbin/ldconfig
+%endif
+
+%postun libs
+%if 0%{?rhel} == 7
+/sbin/ldconfig
+%endif
+
 %pre daemon
 # 'libvirt' group is just to allow password-less polkit access to
 # libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1397,6 +1386,16 @@ if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
 fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :

+%post daemon-driver-network
+%if %{with_firewalld}
+    %firewalld_reload
+%endif
+
+%postun daemon-driver-network
+%if %{with_firewalld}
+    %firewalld_reload
+%endif
+
 %post daemon-config-network
 if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then
    # see if the network used by default network creates a conflict,
@@ -1458,16 +1457,6 @@ fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :


-%triggerun -- libvirt < 0.9.4
-%{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
-
-# If the package is allowed to autostart:
-/bin/systemctl --no-reload enable libvirtd.service >/dev/null 2>&1 ||:
-
-# Run these because the SysV package being removed won't do them
-/sbin/chkconfig --del libvirtd >/dev/null 2>&1 || :
-/bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
-
 %if %{with_qemu}
 %pre daemon-driver-qemu
 # We want soft static allocation of well-known ids, as disk images
@@ -1490,24 +1479,11 @@ exit 0
 %systemd_preun libvirt-guests.service

 %post client
-
-/sbin/ldconfig
 %systemd_post libvirt-guests.service

 %postun client
-
-/sbin/ldconfig
 %systemd_postun libvirt-guests.service

-%triggerun client -- libvirt < 0.9.4
-%{_bindir}/systemd-sysv-convert --save libvirt-guests >/dev/null 2>&1 ||:
-
-# If the package is allowed to autostart:
-/bin/systemctl --no-reload enable libvirt-guests.service >/dev/null 2>&1 ||:
-
-# Run this because the SysV package being removed won't do them
-/sbin/chkconfig --del libvirt-guests >/dev/null 2>&1 || :
-
 %if %{with_sanlock}
 %post lock-sanlock
 if getent group sanlock > /dev/null ; then
@@ -1635,6 +1611,10 @@ exit 0
 %attr(0755, root, root) %{_libexecdir}/libvirt_leaseshelper
 %{_libdir}/%{name}/connection-driver/libvirt_driver_network.so

+%if %{with_firewalld_zone}
+%{_prefix}/lib/firewalld/zones/libvirt.xml
+%endif
+
 %files daemon-driver-nodedev
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so

@@ -1725,15 +1705,6 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_lxc.so
 %endif

-%if %{with_uml}
-%files daemon-driver-uml
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
-%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
-%ghost %dir %{_localstatedir}/run/libvirt/uml/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
-%{_libdir}/%{name}/connection-driver/libvirt_driver_uml.so
-%endif
-
 %if %{with_libxl}
 %files daemon-driver-libxl
 %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf
@@ -1764,10 +1735,6 @@ exit 0
 %files daemon-lxc
 %endif

-%if %{with_uml}
-%files daemon-uml
-%endif
-
 %if %{with_libxl}
 %files daemon-xen
 %endif
@@ -1847,6 +1814,7 @@ exit 0
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storagecommon.rng
 %{_datadir}/libvirt/schemas/storagepool.rng
+%{_datadir}/libvirt/schemas/storagepoolcaps.rng
 %{_datadir}/libvirt/schemas/storagevol.rng

 %{_datadir}/libvirt/cpu_map/*.xml
--- a/m4/virt-driver-qemu.m4
+++ b/m4/virt-driver-qemu.m4
@@ -18,7 +18,7 @@ dnl <http://www.gnu.org/licenses/>.
 dnl

 AC_DEFUN([LIBVIRT_DRIVER_ARG_QEMU], [
-  LIBVIRT_ARG_WITH_FEATURE([QEMU], [QEMU/KVM], [yes])
+  LIBVIRT_ARG_WITH_FEATURE([QEMU], [QEMU/KVM], [check])
  LIBVIRT_ARG_WITH([QEMU_USER], [username to run QEMU system instance as],
                   ['platform dependent'])
  LIBVIRT_ARG_WITH([QEMU_GROUP], [groupname to run QEMU system instance as],
@@ -26,6 +26,15 @@ AC_DEFUN([LIBVIRT_DRIVER_ARG_QEMU], [
 ])

 AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [
+  dnl There is no way qemu driver will work without JSON support
+  AC_REQUIRE([LIBVIRT_CHECK_YAJL])
+  if test "$with_qemu:$with_yajl" = "yes:no"; then
+    AC_MSG_ERROR([YAJL or YAJL2 is required to build QEMU driver])
+  fi
+  if test "$with_qemu" = "check"; then
+    with_qemu=$with_yajl
+  fi
+
  if test "$with_qemu" = "yes" ; then
    AC_DEFINE_UNQUOTED([WITH_QEMU], 1, [whether QEMU driver is enabled])
  fi
@@ -35,8 +44,42 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [
    default_qemu_user=root
    default_qemu_group=wheel
  else
-    default_qemu_user=root
-    default_qemu_group=root
+    # Try to integrate gracefully with downstream packages by running QEMU
+    # processes using the same user and group they would
+    case $(grep ^ID= /etc/os-release 2>/dev/null) in
+      *arch*)
+        default_qemu_user=nobody
+        default_qemu_group=nobody
+        ;;
+      *centos*|*fedora*|*gentoo*|*rhel*|*suse*)
+        default_qemu_user=qemu
+        default_qemu_group=qemu
+        ;;
+      *debian*)
+        default_qemu_user=libvirt-qemu
+        default_qemu_group=libvirt-qemu
+        ;;
+      *ubuntu*)
+        default_qemu_user=libvirt-qemu
+        default_qemu_group=kvm
+        ;;
+      *)
+        default_qemu_user=root
+        default_qemu_group=root
+        ;;
+    esac
+    # If the expected user and group don't exist, or we haven't hit any
+    # of the cases above because we're running on an unknown OS, the only
+    # sensible fallback is root:root
+    AC_MSG_CHECKING([for QEMU credentials ($default_qemu_user:$default_qemu_group)])
+    if getent passwd "$default_qemu_user" >/dev/null 2>&1 && \
+       getent group "$default_qemu_group" >/dev/null 2>&1; then
+      AC_MSG_RESULT([ok])
+    else
+      AC_MSG_RESULT([not found, using root:root instead])
+      default_qemu_user=root
+      default_qemu_group=root
+    fi
  fi

  if test "x$with_qemu_user" = "xplatform dependent" ; then
@@ -69,5 +112,10 @@ AC_DEFUN([LIBVIRT_DRIVER_RESULT_QEMU], [
 ])

 AC_DEFUN([LIBVIRT_RESULT_QEMU_PRIVILEGES], [
-  LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP])
+  if test "$QEMU_USER" = "root"; then
+    LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP],
+                   [!!! running QEMU as root is strongly discouraged !!!])
+  else
+    LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP])
+  fi
 ])
--- a/m4/virt-driver-uml.m4
+++ b/m4/virt-driver-uml.m4
@@ -1,54 +0,0 @@
-dnl The UML driver
-dnl
-dnl Copyright (C) 2005-2015 Red Hat, Inc.
-dnl
-dnl This library is free software; you can redistribute it and/or
-dnl modify it under the terms of the GNU Lesser General Public
-dnl License as published by the Free Software Foundation; either
-dnl version 2.1 of the License, or (at your option) any later version.
-dnl
-dnl This library is distributed in the hope that it will be useful,
-dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-dnl Lesser General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU Lesser General Public
-dnl License along with this library.  If not, see
-dnl <http://www.gnu.org/licenses/>.
-dnl
-
-AC_DEFUN([LIBVIRT_DRIVER_ARG_UML],[
-    LIBVIRT_ARG_WITH_FEATURE([UML], [UML], [check])
-])
-
-AC_DEFUN([LIBVIRT_DRIVER_CHECK_UML],[
-    if test "$with_libvirtd" = "no" || test "$with_linux" = "no"; then
-        if test "$with_uml" = "yes"; then
-            AC_MSG_ERROR([The UML driver cannot be enabled])
-        elif test "$with_uml" = "check"; then
-            with_uml="no"
-        fi
-    fi
-
-    if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
-        AC_CHECK_HEADER([sys/inotify.h], [
-          with_uml=yes
-        ], [
-          if test "$with_uml" = "check"; then
-              with_uml=no
-              AC_MSG_NOTICE([<sys/inotify.h> is required for the UML driver, disabling it])
-          else
-              AC_MSG_ERROR([The <sys/inotify.h> is required for the UML driver. Upgrade your libc6.])
-          fi
-        ])
-    fi
-
-    if test "$with_uml" = "yes" ; then
-        AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
-    fi
-    AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])
-])
-
-AC_DEFUN([LIBVIRT_DRIVER_RESULT_UML],[
-    LIBVIRT_RESULT([UML], [$with_uml])
-])
--- a/m4/virt-firewalld-zone.m4
+++ b/m4/virt-firewalld-zone.m4
@@ -0,0 +1,45 @@
+dnl firewalld_zone check - whether or not to install the firewall "libvirt" zone
+dnl
+dnl Copyright (C) 2019 Red Hat, Inc.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library.  If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_ARG_FIREWALLD_ZONE], [
+  LIBVIRT_ARG_WITH([FIREWALLD_ZONE], [Whether to install firewalld libvirt zone], [check])
+])
+
+AC_DEFUN([LIBVIRT_CHECK_FIREWALLD_ZONE], [
+  AC_REQUIRE([LIBVIRT_CHECK_FIREWALLD])
+  AC_MSG_CHECKING([for whether to install firewalld libvirt zone])
+
+  if test "x$with_firewalld_zone" = "xcheck" ; then
+    with_firewalld_zone=$with_firewalld
+  fi
+
+  if test "x$with_firewalld_zone" = "xyes" ; then
+    if test "x$with_firewalld" != "xyes" ; then
+      AC_MSG_ERROR([You must have firewalld support enabled to enable firewalld-zone])
+    fi
+    AC_DEFINE_UNQUOTED([WITH_FIREWALLD_ZONE], [1], [whether firewalld libvirt zone is installed])
+  fi
+
+  AM_CONDITIONAL([WITH_FIREWALLD_ZONE], [test "x$with_firewalld_zone" != "xno"])
+  AC_MSG_RESULT($with_firewalld_zone)
+])
+
+AC_DEFUN([LIBVIRT_RESULT_FIREWALLD_ZONE], [
+  LIBVIRT_RESULT([firewalld-zone], [$with_firewalld_zone])
+])
--- a/m4/virt-firewalld.m4
+++ b/m4/virt-firewalld.m4
@@ -32,10 +32,10 @@ AC_DEFUN([LIBVIRT_CHECK_FIREWALLD], [
    if test "x$with_dbus" != "xyes" ; then
      AC_MSG_ERROR([You must have dbus enabled for firewalld support])
    fi
-    AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled])
+    AC_DEFINE_UNQUOTED([WITH_FIREWALLD], [1], [whether firewalld support is enabled])
  fi

-  AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"])
+  AM_CONDITIONAL([WITH_FIREWALLD], [test "x$with_firewalld" != "xno"])
 ])

 AC_DEFUN([LIBVIRT_RESULT_FIREWALLD], [
--- a/m4/virt-init-script.m4
+++ b/m4/virt-init-script.m4
@@ -19,53 +19,33 @@ dnl

 AC_DEFUN([LIBVIRT_ARG_INIT_SCRIPT],[
    LIBVIRT_ARG_WITH([INIT_SCRIPT],
-                     [Style of init script to install: redhat, systemd,
-                      systemd+redhat, upstart, check, none], [check])
+                     [Style of init script to install: systemd, check, none],
+                     [check])
 ])

 AC_DEFUN([LIBVIRT_CHECK_INIT_SCRIPT],[
    AC_MSG_CHECKING([for init script type])

-    init_redhat=no
-    init_systemd=no
-    init_upstart=no
-
    if test "$with_init_script" = check && test "$cross_compiling" = yes; then
        with_init_script=none
    fi
    if test "$with_init_script" = check && type systemctl >/dev/null 2>&1; then
        with_init_script=systemd
    fi
-    if test "$with_init_script" = check && test -f /etc/redhat-release; then
-        with_init_script=redhat
-    fi
    if test "$with_init_script" = check; then
        with_init_script=none
    fi

    AS_CASE([$with_init_script],
-        [systemd+redhat],[
-            init_redhat=yes
-            init_systemd=yes
-        ],
-        [systemd],[
-            init_systemd=yes
-        ],
-        [upstart],[
-            init_upstart=yes
-        ],
-        [redhat],[
-            init_redhat=yes
-        ],
+        [systemd],[],
        [none],[],
        [*],[
            AC_MSG_ERROR([Unknown initscript flavour $with_init_script])
        ]
    )

-    AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_RED_HAT], test "$init_redhat" = "yes")
-    AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_UPSTART], test "$init_upstart" = "yes")
-    AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD], test "$init_systemd" = "yes")
+    AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD],
+                   [test "$with_init_script" = "systemd"])

    AC_MSG_RESULT($with_init_script)
 ])
--- a/m4/virt-storage-rbd.m4
+++ b/m4/virt-storage-rbd.m4
@@ -33,6 +33,7 @@ AC_DEFUN([LIBVIRT_STORAGE_CHECK_RBD], [
      old_LIBS="$LIBS"
      LIBS="$LIBS $LIBRBD_LIBS"
      AC_CHECK_FUNCS([rbd_get_features],[],[LIBRBD_FOUND=no])
+      AC_CHECK_FUNCS([rbd_list2])
      LIBS="$old_LIBS"
    fi

--- a/m4/virt-wireshark.m4
+++ b/m4/virt-wireshark.m4
@@ -18,14 +18,14 @@ dnl <http://www.gnu.org/licenses/>.
 dnl

 AC_DEFUN([LIBVIRT_ARG_WIRESHARK],[
-  LIBVIRT_ARG_WITH_FEATURE([WIRESHARK_DISSECTOR], [wireshark], [check], [1.11.3])
+  LIBVIRT_ARG_WITH_FEATURE([WIRESHARK_DISSECTOR], [wireshark], [check], [2.4.0])
  LIBVIRT_ARG_WITH([WS_PLUGINDIR],
                   [wireshark plugins directory for use when installing
                   wireshark plugin], [check])
 ])

 AC_DEFUN([LIBVIRT_CHECK_WIRESHARK],[
-  LIBVIRT_CHECK_PKG([WIRESHARK_DISSECTOR], [wireshark], [1.11.3])
+  LIBVIRT_CHECK_PKG([WIRESHARK_DISSECTOR], [wireshark], [2.4.0])

  dnl Check for system location of wireshark plugins
  if test "x$with_wireshark_dissector" != "xno" ; then
@@ -50,6 +50,12 @@ AC_DEFUN([LIBVIRT_CHECK_WIRESHARK],[
        dnl time
        ws_plugindir='${exec_prefix}'"${ws_plugindir#$ws_exec_prefix}"
      fi
+
+      dnl Since wireshark 2.5.0 plugins can't live in top level
+      dnl plugindir but have to be under one of ["epan",
+      dnl "wiretap", "codecs"] subdir. The first one looks okay.
+      ws_plugindir="$ws_plugindir/epan"
+
    elif test "x$with_ws_plugindir" = "xno" || test "x$with_ws_plugindir" = "xyes"; then
      AC_MSG_ERROR([ws-plugindir must be used only with valid path])
    else
--- a/m4/virt-yajl.m4
+++ b/m4/virt-yajl.m4
@@ -23,26 +23,6 @@ AC_DEFUN([LIBVIRT_ARG_YAJL],[

 AC_DEFUN([LIBVIRT_CHECK_YAJL],[
  dnl YAJL JSON library http://lloyd.github.com/yajl/
-  if test "$with_qemu:$with_yajl" = yes:check; then
-    dnl Some versions of qemu require the use of yajl; try to detect them
-    dnl here, although we do not require qemu to exist in order to compile.
-    dnl This check mirrors src/qemu/qemu_capabilities.c
-    AC_PATH_PROGS([QEMU], [qemu-kvm qemu kvm qemu-system-x86_64],
-                  [], [$PATH:/usr/bin:/usr/libexec])
-    if test -x "$QEMU"; then
-      if $QEMU -help 2>/dev/null | grep -q libvirt; then
-        with_yajl=yes
-      else
-        [qemu_version_sed='s/.*ersion \([0-9.,]*\).*/\1/']
-        qemu_version=`$QEMU -version | sed "$qemu_version_sed"`
-        case $qemu_version in
-          [[1-9]].* | 0.15.* ) with_yajl=yes ;;
-          0.* | '' ) ;;
-          *) AC_MSG_ERROR([Unexpected qemu version string]) ;;
-        esac
-      fi
-    fi
-  fi

  LIBVIRT_CHECK_LIB_ALT([YAJL], [yajl],
                        [yajl_parse_complete], [yajl/yajl_common.h],
--- a/mingw-libvirt.spec.in
+++ b/mingw-libvirt.spec.in
@@ -35,7 +35,7 @@

 Name:           mingw-libvirt
 Version:        @VERSION@
-Release:        1%{?dist}%{?extra_release}
+Release:        1%{?dist}
 Summary:        MinGW Windows libvirt virtualization library

 License:        LGPLv2+
@@ -177,7 +177,6 @@ autoreconf -if
  --without-avahi \
  --without-polkit \
  --without-libvirtd \
-  --without-uml \
  %{?_without_phyp} \
  %{?_without_esx} \
  %{?_without_hyperv} \
@@ -253,6 +252,7 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh
 %{mingw32_datadir}/libvirt/schemas/secret.rng
 %{mingw32_datadir}/libvirt/schemas/storagecommon.rng
 %{mingw32_datadir}/libvirt/schemas/storagepool.rng
+%{mingw32_datadir}/libvirt/schemas/storagepoolcaps.rng
 %{mingw32_datadir}/libvirt/schemas/storagevol.rng
 %dir %{mingw32_datadir}/libvirt/api/
 %{mingw32_datadir}/libvirt/api/libvirt-api.xml
@@ -340,6 +340,7 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh
 %{mingw64_datadir}/libvirt/schemas/secret.rng
 %{mingw64_datadir}/libvirt/schemas/storagecommon.rng
 %{mingw64_datadir}/libvirt/schemas/storagepool.rng
+%{mingw64_datadir}/libvirt/schemas/storagepoolcaps.rng
 %{mingw64_datadir}/libvirt/schemas/storagevol.rng
 %dir %{mingw64_datadir}/libvirt/api/
 %{mingw64_datadir}/libvirt/api/libvirt-api.xml
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -190,8 +190,6 @@ src/storage/storage_backend_zfs.c
 src/storage/storage_driver.c
 src/storage/storage_util.c
 src/test/test_driver.c
-src/uml/uml_conf.c
-src/uml/uml_driver.c
 src/util/iohelper.c
 src/util/viralloc.c
 src/util/virarptable.c
--- a/Show More
+++ b/Show More