* cfg.mk (sc_prohibit_newline_at_end_of_diagnostic): New rule.
Idea proposed by Jiri Denemark.

* src/xen/xend_internal.c (xenDaemonDomainDefineXML): Remove \n.
* src/network/bridge_driver.c (networkAddMasqueradingIptablesRules):
Likewise.

* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
virDomainSaveStatus failure.
* src/conf/domain_conf.h (virDomainSaveStatus): Use
ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.

These files may be useful for anyone making modifications to
source files in a tarball distribution.

* src/Makefile.am (EXTRA_DIST): Add THREADS.txt.
* daemon/Makefile.am (EXTRA_DIST): Add THREADING.txt.

Commit f30ccb24 was incomplete.

* .gitignore: Ignore intermediate directory during failed 'make
distcheck'.
* tests/Makefile.am (qemuhelpdata): Distribute new file.

This will be used in the ESX storage driver in order to handle
the DatastoreInfo type and inheriting types properly.

This semantic will be used in the ESX storage driver.

This test was failing on systems using pdwtags from dwarves-1.3.
Reported by Matthias Bolte.
Two-pronged fix:
  - use --verbose to work also with dwarves-1.3; adapt regular
    expressions to handle now-varying separators
  - require a minimum number of post-split clauses, in order to
    skip upon any future format change.
    Currently there are 318; if there are 300 or fewer,
    give a warning similar to when pdwtags is missing.
* src/Makefile.am (remote_protocol-structs): Use pdwtags' --verbose
option to make 1.3 emit member sizes and offsets.
Consistently output WARNING messages to stderr.

Do not require each caller of virStorageFileGetMetadata and
virStorageFileGetMetadataFromFD to first clear the storage of the
"meta" buffer.  Instead, initialize that storage in
virStorageFileGetMetadataFromFD.
* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear
"meta" here, not before each of the following callers.
* src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here.
(qemuTeardownDiskCgroup): Likewise.
* src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel):
Likewise.
* src/security/security_selinux.c (SELinuxSetSecurityImageLabel):
Likewise.
* src/security/virt-aa-helper.c (get_files): Likewise.

* src/qemu/qemu_driver.c (qemuTeardownDiskCgroup): Remove
bogus empty-body while-loop.
(qemuSetupDiskCgroup): Likewise.

* po/POTFILES.in: Remove src/util/logging.c and src/util/uuid.c.
* src/phyp/phyp_driver.c (phypUUIDTable_ReadFile): Correct more
VIR_WARN uses, now manually.
(phypUUIDTable_Init, phypUUIDTable_Pull): Likewise.

Run this command:
  git grep -l 'VIR_WARN("%s", "'|xargs perl -pi -e \
    's/VIR_WARN\("%s", "/VIR_WARN0("/'
* src/phyp/phyp_driver.c (phypDomainGetInfo): Perform the above.
(phypDomainCreateAndStart, phypUUIDTable_ReadFile): Likewise.

* cfg.mk (sc_prohibit_gettext_markup): New rule, to enforce
this policy.  Contrary to most diagnostic-emitting functions,
where we require _(...) markup, here, we require that _() *not*
be used for certain functions (or function-like macros).

* src/util/uuid.c (virUUIDGenerate): Remove _(...) manually.

Approximately 60 messages were marked.  Since these diagnostics are
intended solely for developers and maintainers, encouraging translation
is deemed to be counterproductive:
http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052

Run this command:
  git grep -l VIR_WARN|xargs perl -pi -e \
    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'

so that searches for properly spelled "TUNNELED" turn up
the surprising spelling of this public symbol.
* include/libvirt/libvirt.h.in: Add a comment.

There were three very similar uses of qemuMonitorAddDrive.
This change makes the three 17-line sequences identical.
* src/qemu/qemu_driver.c (qemudDomainAttachPciDiskDevice): Detect
failure.  Add VIR_WARN and braces.
(qemudDomainAttachSCSIDisk): Add VIR_WARN and braces.
(qemudDomainAttachUsbMassstorageDevice): Likewise.

* src/util/ebtables.c (ebtablesAddRemoveRule): Don't skip
va_end(args) on an error path.
* src/util/iptables.c (iptablesAddRemoveRule): Identical change.

* src/qemu/qemu_driver.c (qemudDomainRestore): Don't ignore
virDomainSaveStatus failure.

* python/libvirt-override.c (initlibvirtmod): Upon virInitialize
failure, skip the Py_InitModule call.

* tests/nodeinfotest.c (mymain): Do not ignore virInitialize failure.
Most other callers of virInitialize test for failure.

* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrate): Also
free "safedest" buffer when failing.

* src/conf/nwfilter_conf.c (virNWFilterDefParseXML): Also free "ret"
via cleanup.

* tests/nodeinfotest.c (linuxTestCompareFiles): Don't use
nodeinfo->member uninitialized.  linuxNodeInfoCPUPopulate requires
that some of its nodeinfo members (including threads) be initialized
upon input.  The nodeinfotest.c program lacked the initialization,
while the only other use (nodeGetInfo) did perform it.
It's not trivial to move the initialization into the function,
since nodeGetInfo sets at least one member after clearing the
buffer but before calling linuxNodeInfoCPUPopulate.

* src/conf/domain_conf.c (virDomainNetDefParseXML): Don't leak
memory when parsing two or more "filterref" elements.

* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile):
Skip the close if "fd" is negative.

History has shown that there are frequent bugs in the QEMU driver
code leading to the monitor being invoked with a NULL pointer.
Although the QEMU driver code should always report an error in
this case before invoking the monitor, as a safety net put in a
generic check in the monitor code entry points.

* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
  object

Any method which intends to invoke a monitor command must have
a check for virDomainObjIsActive() before using the monitor to
ensure that priv->mon != NULL.

There is one subtle edge case in this though. If a method invokes
multiple monitor commands, and calls qemuDomainObjExitMonitor()
in between two of these commands then there is no guarentee that
priv->mon != NULL anymore. This is because the QEMU process may
exit or die at any time, and because qemuDomainObjEnterMonitor()
releases the lock on virDomainObj, it is possible for the background
thread to close the monitor handle and thus qemuDomainObjExitMonitor
will release the last reference allowing priv->mon to become NULL.

This affects several methods, most notably migration but also some
hotplug methods. This patch takes a variety of approaches to solve
the problem, depending on the particular usage scenario. Generally
though it suffices to add an extra virDomainObjIsActive() check
if qemuDomainObjExitMonitor() was called during the method.

* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
  in usage of the monitor

* cfg.mk (useless_free_options): Add many vir*Free* function names,
and then remove the useless if-before-free tests exposed by running
make syntax-check.
* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
(virInterfaceAssignDef): Likewise.
* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
* src/node_device/node_device_hal.c (dev_create): Likewise.
* src/security/virt-aa-helper.c (vahDeinit): Likewise.
* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
* src/util/conf.c (virConfSetValue): Likewise.

This makes the useless-if-before-free test in maint.mk spot
uses of virCgroupFree just like it does for free and the other
listed functions.
* cfg.mk (useless_free_options): Add virCgroupFree.
Prompted by suggestion from Eric Blake.

* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
since the latter would dereference vm, but more fundamentally because
we certainly don't want to call qemuDomainObjEndJob before we've
even attempted qemuDomainObjBeginJob.

* src/lxc/lxc_driver.c (lxcFreezeContainer): Remove test-after-deref.
Correct indentation in expression.

ESX supports NFS and CIFS. The ESX storage driver will reflect this.

This status will be used by the ESX storage driver.

For example a running NFS pool is inaccessible when the NFS server is
currently unreachable.

(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
$7 = 0xffffffff80000000

Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
for qemu-kvm-0.12.3 (and probably botching a few other settings as well).

Fixes Red Hat BZ#592070

* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
extension.
* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
* tests/qemuhelptest.c (mymain): Add another case.

A fedora translator filed:

https://bugzilla.redhat.com/show_bug.cgi?id=580816

Pointing out these two error messages as unclear: "write save" sounds
like a typo without context, and lack of a colon made the second message
difficult to parse.

virFileResolveLink was returning a positive value on error,
thus confusing callers that assumed failure was < 0.  The
confusion is further evidenced by callers that would have
ended up calling virReportSystemError with a negative value
instead of a valid errno.

Fixes Red Hat BZ #591363.

* src/util/util.c (virFileResolveLink): Live up to documentation.
* src/qemu/qemu_security_dac.c
(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
* src/security/security_selinux.c
(SELinuxRestoreSecurityFileLabel): Likewise.
* src/storage/storage_backend_disk.c
(virStorageBackendDiskDeleteVol): Likewise.

The max path length for unix sockets is pretty small (108, see man 7 unix).
If 'make check' is run from a directory that exceeds this, one of the tests
will fail, and in such a way that requires manually editting the test to
determine why.

There are certainly other ways to handle this, but I've chosen just to skip
the offending test if we will exceed the length limitation.

v2: Drop bashism, use test infrastructure to warn and skip