libvirt security update

[5.0.0-9.el7]

• qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten
  Have) [Orabug: 29956508]
  [5.0.0-8.el7]
• api: disallow virDomainSaveImageGetXMLDesc on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10161}
• domain: Define explicit flags for saved image xml (Eric Blake) [Orabug: 29955742]
• api: disallow virDomainManagedSaveDefineXML on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10166}
• api: disallow virConnectGetDomainCapabilities on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10167}
• api: disallow virConnect*HypervisorCPU on read-only connections (Jan Tomko) [Orabug: 29955742] {CVE-2019-10168}
  [5.0.0-7.el7]
• cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181]
  {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
  [5.0.0-6.el7]
• qemu: Driver change adding private lock to auto-tune hugepages (Wim ten Have)
  [Orabug: 29809943]
  [5.0.0-5.el7]
• qemu: disable setmem change requests for vNUMA targets (Wim ten Have) [Orabug: 29797366]
• domain: Disable memballoon memory configuration support for vNUMA guests (Wim ten Have) [Orabug: 29797366]
• qemu: Driver change to target for vNUMA setmaxmem change request (Wim ten Have) [Orabug: 29749852]
• domain: Add domain memory config support for vNUMA guests (Wim ten Have) [Orabug: 29749852]
• logging: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}
• locking: restrict sockets to mode 0600 (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}
• admin: reject clients unless their UID matches the current UID (Daniel P. Berrange) [Orabug: 29861433] {CVE-2019-10132}