libvirt-6.1.0-4

Fix libxl driver startup crash (bz #1842318)

.abignore

@@ -0,0 +1,31 @@
+[suppress_function]
+symbol_version_regexp = LIBVIRT_PRIVATE.*
+soname_regexp = libvirt\\.so.*
+
+[suppress_function]
+symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
+soname_regexp = libvirt-admin\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = LIBVIRT_PRIVATE.*
+soname_regexp = libvirt\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
+soname_regexp = libvirt-admin\\.so.*
+
+[suppress_function]
+symbol_version_regexp = .*
+soname_regexp = libvirt_storage_.*\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = .*
+soname_regexp = libvirt_storage_.*\\.so.*
+
+[suppress_function]
+symbol_version_regexp = .*
+soname_regexp = libvirt_driver_.*\\.so.*
+
+[suppress_variable]
+symbol_version_regexp = .*
+soname_regexp = libvirt_driver_.*\\.so.*

0001-storage-split-off-code-for-calling-rbd_list.patch

@@ -1,149 +0,0 @@
-From 092320f10b47bd6aca1f29278fcdc6b0efaf636a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 10:58:48 +0000
-Subject: [PATCH 1/5] storage: split off code for calling rbd_list
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The rbd_list method has a quite unpleasant signature returning an
-array of strings in a single buffer instead of an array. It is
-being deprecated in favour of rbd_list2. To maintain clarity of
-code when supporting both APIs in parallel, split the rbd_list
-code out into a separate method.
-
-In splitting this we now honour the rbd_list failures.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 28c8403ed07896d6d7e06d7726ed904027206719)
----
- src/storage/storage_backend_rbd.c | 83 +++++++++++++++++++++----------
- 1 file changed, 58 insertions(+), 25 deletions(-)
-
-diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
-index 2b7af1db23..0865163756 100644
---- a/src/storage/storage_backend_rbd.c
-+++ b/src/storage/storage_backend_rbd.c
-@@ -565,19 +565,68 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
-     return ret;
- }
- 
-+
-+static char **
-+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-+{
-+    char **names = NULL;
-+    size_t nnames = 0;
-+    int rc;
-+    size_t max_size = 1024;
-+    VIR_AUTOFREE(char *) namebuf = NULL;
-+    const char *name;
-+
-+    while (true) {
-+        if (VIR_ALLOC_N(namebuf, max_size) < 0)
-+            goto error;
-+
-+        rc = rbd_list(ptr->ioctx, namebuf, &max_size);
-+        if (rc >= 0)
-+            break;
-+        if (rc != -ERANGE) {
-+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
-+            goto error;
-+        }
-+        VIR_FREE(namebuf);
-+    }
-+
-+    for (name = namebuf; name < namebuf + max_size;) {
-+        VIR_AUTOFREE(char *) namedup = NULL;
-+
-+        if (STREQ(name, ""))
-+            break;
-+
-+        if (VIR_STRDUP(namedup, name) < 0)
-+            goto error;
-+
-+        if (VIR_APPEND_ELEMENT(names, nnames, namedup) < 0)
-+            goto error;
-+
-+        name += strlen(name) + 1;
-+    }
-+
-+    if (VIR_EXPAND_N(names, nnames, 1) < 0)
-+        goto error;
-+
-+    return names;
-+
-+ error:
-+    virStringListFreeCount(names, nnames);
-+    return NULL;
-+}
-+
-+
- static int
- virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
- {
--    size_t max_size = 1024;
-     int ret = -1;
--    int len = -1;
-     int r = 0;
--    char *name;
-     virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
-     virStorageBackendRBDStatePtr ptr = NULL;
-     struct rados_cluster_stat_t clusterstat;
-     struct rados_pool_stat_t poolstat;
--    VIR_AUTOFREE(char *) names = NULL;
-+    char **names = NULL;
-+    size_t i;
- 
-     if (!(ptr = virStorageBackendRBDNewState(pool)))
-         goto cleanup;
-@@ -602,33 +651,16 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
-               def->source.name, clusterstat.kb, clusterstat.kb_avail,
-               poolstat.num_bytes);
- 
--    while (true) {
--        if (VIR_ALLOC_N(names, max_size) < 0)
--            goto cleanup;
--
--        len = rbd_list(ptr->ioctx, names, &max_size);
--        if (len >= 0)
--            break;
--        if (len != -ERANGE) {
--            VIR_WARN("%s", "A problem occurred while listing RBD images");
--            goto cleanup;
--        }
--        VIR_FREE(names);
--    }
-+    if (!(names = virStorageBackendRBDGetVolNames(ptr)))
-+        goto cleanup;
- 
--    for (name = names; name < names + max_size;) {
-+    for (i = 0; names[i] != NULL; i++) {
-         VIR_AUTOPTR(virStorageVolDef) vol = NULL;
- 
--        if (STREQ(name, ""))
--            break;
--
-         if (VIR_ALLOC(vol) < 0)
-             goto cleanup;
- 
--        if (VIR_STRDUP(vol->name, name) < 0)
--            goto cleanup;
--
--        name += strlen(name) + 1;
-+        VIR_STEAL_PTR(vol->name, names[i]);
- 
-         r = volStorageBackendRBDRefreshVolInfo(vol, pool, ptr);
- 
-@@ -661,6 +693,7 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
-     ret = 0;
- 
-  cleanup:
-+    virStringListFree(names);
-     virStorageBackendRBDFreeState(&ptr);
-     return ret;
- }
--- 
-2.20.1
-

0001-virDomainDiskTranslateSourcePool-Check-for-disk-type.patch

@@ -0,0 +1,36 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 9 Mar 2020 16:40:57 +0100
+Subject: [PATCH] virDomainDiskTranslateSourcePool: Check for disk type
+ correctly
+
+When rewriting the virDomainDiskTranslateSourcePool() function in
+v6.1.0-rc1~184 a typo was introduced. Previously, we allowed
+startup policy only for those volumes which translated to
+VIR_STORAGE_TYPE_FILE. But starting with the referenced commit,
+the value we checked for was changed to VIR_STORAGE_VOL_FILE
+which comes from a different enum and has a different value too.
+This is wrong, because virStorageSourceGetActualType() returns a
+value from the original enum.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1811728
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+(cherry picked from commit 3918dbd84e4951b43f93fbf50ef52be00274850c)
+---
+ src/conf/domain_conf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 17867eeece..fd2e8f4eb5 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -31746,7 +31746,7 @@ virDomainDiskTranslateSourcePool(virDomainDiskDefPtr def)
+     }
+ 
+     if (def->startupPolicy != 0 &&
+-        virStorageSourceGetActualType(def->src) != VIR_STORAGE_VOL_FILE) {
++        virStorageSourceGetActualType(def->src) != VIR_STORAGE_TYPE_FILE) {
+         virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("'startupPolicy' is only valid for "
+                          "'file' type volume"));

0002-network-make-it-safe-to-call-networkSetupPrivateChai.patch

@@ -0,0 +1,55 @@
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 7 May 2020 22:32:59 -0400
+Subject: [PATCH] network: make it safe to call networkSetupPrivateChains()
+ multiple times
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+networkSetupPrivateChains() is currently called only once per run of
+libvirtd, so it can assume that errInitV4 and errInitV6 are empty/null
+when it is called. In preparation for potentially calling this
+function multiple times during one run, this patch moves the reset of
+errInitV[46] to the top of the function, to assure no memory is
+leaked.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit de110f110fb917a31b9f33ad8e4b3c1d3284766a)
+---
+ src/network/bridge_driver_linux.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
+index 7bbde5c6a9..80bd2409e1 100644
+--- a/src/network/bridge_driver_linux.c
++++ b/src/network/bridge_driver_linux.c
+@@ -48,6 +48,10 @@ static void networkSetupPrivateChains(void)
+     VIR_DEBUG("Setting up global firewall chains");
+ 
+     createdChains = false;
++    virFreeError(errInitV4);
++    errInitV4 = NULL;
++    virFreeError(errInitV6);
++    errInitV6 = NULL;
+ 
+     rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
+     if (rc < 0) {
+@@ -56,8 +60,6 @@ static void networkSetupPrivateChains(void)
+         errInitV4 = virSaveLastError();
+         virResetLastError();
+     } else {
+-        virFreeError(errInitV4);
+-        errInitV4 = NULL;
+         if (rc) {
+             VIR_DEBUG("Created global IPv4 chains");
+             createdChains = true;
+@@ -73,8 +75,6 @@ static void networkSetupPrivateChains(void)
+         errInitV6 = virSaveLastError();
+         virResetLastError();
+     } else {
+-        virFreeError(errInitV6);
+-        errInitV6 = NULL;
+         if (rc) {
+             VIR_DEBUG("Created global IPv6 chains");
+             createdChains = true;

0002-storage-add-support-for-new-rbd_list2-method.patch

@@ -1,96 +0,0 @@
-From e8ec2592202387cca8e45cf15bd55ed5a952f3e3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 11:11:38 +0000
-Subject: [PATCH 2/5] storage: add support for new rbd_list2 method
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The rbd_list method has been deprecated in Ceph >= 14.0.0
-in favour of the new rbd_list2 method which populates an
-array of structs.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 3aa190f2a43a632b542a6ba751a6c3ab4d51f1dd)
----
- m4/virt-storage-rbd.m4            |  1 +
- src/storage/storage_backend_rbd.c | 43 +++++++++++++++++++++++++++++++
- 2 files changed, 44 insertions(+)
-
-diff --git a/m4/virt-storage-rbd.m4 b/m4/virt-storage-rbd.m4
-index 17e2115309..f3d9d04908 100644
---- a/m4/virt-storage-rbd.m4
-+++ b/m4/virt-storage-rbd.m4
-@@ -33,6 +33,7 @@ AC_DEFUN([LIBVIRT_STORAGE_CHECK_RBD], [
-       old_LIBS="$LIBS"
-       LIBS="$LIBS $LIBRBD_LIBS"
-       AC_CHECK_FUNCS([rbd_get_features],[],[LIBRBD_FOUND=no])
-+      AC_CHECK_FUNCS([rbd_list2])
-       LIBS="$old_LIBS"
-     fi
- 
-diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
-index 0865163756..bfc3419f9c 100644
---- a/src/storage/storage_backend_rbd.c
-+++ b/src/storage/storage_backend_rbd.c
-@@ -566,6 +566,48 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
- }
- 
- 
-+#ifdef HAVE_RBD_LIST2
-+static char **
-+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-+{
-+    char **names = NULL;
-+    size_t nnames = 0;
-+    int rc;
-+    rbd_image_spec_t *images = NULL;
-+    size_t nimages = 16;
-+    size_t i;
-+
-+    while (true) {
-+        if (VIR_ALLOC_N(images, nimages) < 0)
-+            goto error;
-+
-+        rc = rbd_list2(ptr->ioctx, images, &nimages);
-+        if (rc >= 0)
-+            break;
-+        if (rc != -ERANGE) {
-+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
-+            goto error;
-+        }
-+    }
-+
-+    if (VIR_ALLOC_N(names, nimages + 1) < 0)
-+        goto error;
-+    nnames = nimages;
-+
-+    for (i = 0; i < nimages; i++)
-+        VIR_STEAL_PTR(names[i], images->name);
-+
-+    return names;
-+
-+ error:
-+    virStringListFreeCount(names, nnames);
-+    rbd_image_spec_list_cleanup(images, nimages);
-+    VIR_FREE(images);
-+    return NULL;
-+}
-+
-+#else /* ! HAVE_RBD_LIST2 */
-+
- static char **
- virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
- {
-@@ -614,6 +656,7 @@ virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-     virStringListFreeCount(names, nnames);
-     return NULL;
- }
-+#endif /* ! HAVE_RBD_LIST2 */
- 
- 
- static int
--- 
-2.20.1
-

0003-network-force-re-creation-of-iptables-private-chains.patch

@@ -0,0 +1,265 @@
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 7 May 2020 21:54:39 -0400
+Subject: [PATCH] network: force re-creation of iptables private chains on
+ firewalld restart
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When firewalld is stopped, it removes *all* iptables rules and chains,
+including those added by libvirt. Since restarting firewalld means
+stopping and then starting it, any time it is restarted, libvirt needs
+to recreate all the private iptables chains it uses, along with all
+the rules it adds.
+
+We already have code in place to call networkReloadFirewallRules() any
+time we're notified of a firewalld start, and
+networkReloadFirewallRules() will call
+networkPreReloadFirewallRules(), which calls
+networkSetupPrivateChains(); unfortunately that last call is called
+using virOnce(), meaning that it will only be called the first time
+through networkPreReloadFirewallRules() after libvirtd starts - so of
+course when firewalld is later restarted, the call to
+networkSetupPrivateChains() is skipped.
+
+The neat and tidy way to fix this would be if there was a standard way
+to reset a pthread_once_t object so that the next time virOnce was
+called, it would think the function hadn't been called, and call it
+again. Unfortunately, there isn't any official way of doing that (we
+*could* just fill it with 0 and hope for the best, but that doesn't
+seem very safe.
+
+So instead, this patch just adds a static variable called
+chainInitDone, which is set to true after networkSetupPrivateChains()
+is called for the first time, and then during calls to
+networkPreReloadFirewallRules(), if chainInitDone is set, we call
+networkSetupPrivateChains() directly instead of via virOnce().
+
+It may seem unsafe to directly call a function that is meant to be
+called only once, but I think in this case we're safe - there's
+nothing in the function that is inherently "once only" - it doesn't
+initialize anything that can't safely be re-initialized (as long as
+two threads don't try to do it at the same time), and it only happens
+when responding to a dbus message that firewalld has been started (and
+I don't think it's possible for us to be processing two of those at
+once), and even then only if the initial call to the function has
+already been completed (so we're safe if we receive a firewalld
+restart call at a time when we haven't yet called it, or even if
+another thread is already in the process of executing it. The only
+problematic bit I can think of is if another thread is in the process
+of adding an iptable rule at the time we're executing this function,
+but 1) none of those threads will be trying to add chains, and 2) if
+there was a concurrency problem with other threads adding iptables
+rules while firewalld was being restarted, it would still be a problem
+even without this change.
+
+This is yet another patch that fixes an occurrence of this error:
+
+COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --insert LIBVIRT_INP --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: No chain/target/match by that name.
+
+In particular, this resolves: https://bugzilla.redhat.com/1813830
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit f5418b427e7d2f26803880309478de9103680826)
+---
+ src/network/bridge_driver.c          | 16 ++++---
+ src/network/bridge_driver_linux.c    | 69 ++++++++++++++++++----------
+ src/network/bridge_driver_nop.c      |  3 +-
+ src/network/bridge_driver_platform.h |  2 +-
+ 4 files changed, 58 insertions(+), 32 deletions(-)
+
+diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
+index 369e80a889..aaf14defe4 100644
+--- a/src/network/bridge_driver.c
++++ b/src/network/bridge_driver.c
+@@ -273,7 +273,9 @@ static int
+ networkShutdownNetworkExternal(virNetworkObjPtr obj);
+ 
+ static void
+-networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
++networkReloadFirewallRules(virNetworkDriverStatePtr driver,
++                           bool startup,
++                           bool force);
+ 
+ static void
+ networkRefreshDaemons(virNetworkDriverStatePtr driver);
+@@ -689,7 +691,7 @@ firewalld_dbus_filter_bridge(DBusConnection *connection G_GNUC_UNUSED,
+ 
+     if (reload) {
+         VIR_DEBUG("Reload in bridge_driver because of firewalld.");
+-        networkReloadFirewallRules(driver, false);
++        networkReloadFirewallRules(driver, false, true);
+     }
+ 
+     return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+@@ -798,7 +800,7 @@ networkStateInitialize(bool privileged,
+     virNetworkObjListPrune(network_driver->networks,
+                            VIR_CONNECT_LIST_NETWORKS_INACTIVE |
+                            VIR_CONNECT_LIST_NETWORKS_TRANSIENT);
+-    networkReloadFirewallRules(network_driver, true);
++    networkReloadFirewallRules(network_driver, true, false);
+     networkRefreshDaemons(network_driver);
+ 
+     if (virDriverShouldAutostart(network_driver->stateDir, &autostart) < 0)
+@@ -868,7 +870,7 @@ networkStateReload(void)
+                                 network_driver->networkConfigDir,
+                                 network_driver->networkAutostartDir,
+                                 network_driver->xmlopt);
+-    networkReloadFirewallRules(network_driver, false);
++    networkReloadFirewallRules(network_driver, false, false);
+     networkRefreshDaemons(network_driver);
+     virNetworkObjListForEach(network_driver->networks,
+                              networkAutostartConfig,
+@@ -2236,14 +2238,16 @@ networkReloadFirewallRulesHelper(virNetworkObjPtr obj,
+ 
+ 
+ static void
+-networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
++networkReloadFirewallRules(virNetworkDriverStatePtr driver,
++                           bool startup,
++                           bool force)
+ {
+     VIR_INFO("Reloading iptables rules");
+     /* Ideally we'd not even register the driver when unprivilegd
+      * but until we untangle the virt driver that's not viable */
+     if (!driver->privileged)
+         return;
+-    networkPreReloadFirewallRules(driver, startup);
++    networkPreReloadFirewallRules(driver, startup, force);
+     virNetworkObjListForEach(driver->networks,
+                              networkReloadFirewallRulesHelper,
+                              NULL);
+diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
+index 80bd2409e1..b0bd207250 100644
+--- a/src/network/bridge_driver_linux.c
++++ b/src/network/bridge_driver_linux.c
+@@ -36,11 +36,14 @@ VIR_LOG_INIT("network.bridge_driver_linux");
+ #define PROC_NET_ROUTE "/proc/net/route"
+ 
+ static virOnceControl createdOnce;
+-static bool createdChains;
++static bool chainInitDone; /* true iff networkSetupPrivateChains was ever called */
++static bool createdChains; /* true iff networkSetupPrivateChains created chains during most recent call */
+ static virErrorPtr errInitV4;
+ static virErrorPtr errInitV6;
+ 
+-/* Only call via virOnce */
++/* Usually only called via virOnce, but can also be called directly in
++ * response to firewalld reload (if chainInitDone == true)
++ */
+ static void networkSetupPrivateChains(void)
+ {
+     int rc;
+@@ -82,6 +85,8 @@ static void networkSetupPrivateChains(void)
+             VIR_DEBUG("Global IPv6 chains already exist");
+         }
+     }
++
++    chainInitDone = true;
+ }
+ 
+ 
+@@ -111,7 +116,10 @@ networkHasRunningNetworks(virNetworkDriverStatePtr driver)
+ }
+ 
+ 
+-void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
++void
++networkPreReloadFirewallRules(virNetworkDriverStatePtr driver,
++                              bool startup,
++                              bool force)
+ {
+     /*
+      * If there are any running networks, we need to
+@@ -130,29 +138,42 @@ void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup
+      * of starting the network though as that makes them
+      * more likely to be seen by a human
+      */
+-    if (!networkHasRunningNetworks(driver)) {
+-        VIR_DEBUG("Delayed global rule setup as no networks are running");
+-        return;
+-    }
++    if (chainInitDone && force) {
++        /* The Private chains have already been initialized once
++         * during this run of libvirtd, so 1) we can't do it again via
++         * virOnce(), and 2) we need to re-add the private chains even
++         * if there are currently no running networks, because the
++         * next time a network is started, libvirt will expect that
++         * the chains have already been added. So we call directly
++         * instead of via virOnce().
++         */
++        networkSetupPrivateChains();
+ 
+-    ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
++    } else {
++        if (!networkHasRunningNetworks(driver)) {
++            VIR_DEBUG("Delayed global rule setup as no networks are running");
++            return;
++        }
+ 
+-    /*
+-     * If this is initial startup, and we just created the
+-     * top level private chains we either
+-     *
+-     *   - upgraded from old libvirt
+-     *   - freshly booted from clean state
+-     *
+-     * In the first case we must delete the old rules from
+-     * the built-in chains, instead of our new private chains.
+-     * In the second case it doesn't matter, since no existing
+-     * rules will be present. Thus we can safely just tell it
+-     * to always delete from the builin chain
+-     */
+-    if (startup && createdChains) {
+-        VIR_DEBUG("Requesting cleanup of legacy firewall rules");
+-        iptablesSetDeletePrivate(false);
++        ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
++
++        /*
++         * If this is initial startup, and we just created the
++         * top level private chains we either
++         *
++         *   - upgraded from old libvirt
++         *   - freshly booted from clean state
++         *
++         * In the first case we must delete the old rules from
++         * the built-in chains, instead of our new private chains.
++         * In the second case it doesn't matter, since no existing
++         * rules will be present. Thus we can safely just tell it
++         * to always delete from the builin chain
++         */
++        if (startup && createdChains) {
++            VIR_DEBUG("Requesting cleanup of legacy firewall rules");
++            iptablesSetDeletePrivate(false);
++        }
+     }
+ }
+ 
+diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
+index 08d737511f..db89c10023 100644
+--- a/src/network/bridge_driver_nop.c
++++ b/src/network/bridge_driver_nop.c
+@@ -20,7 +20,8 @@
+ #include <config.h>
+ 
+ void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver G_GNUC_UNUSED,
+-                                   bool startup G_GNUC_UNUSED)
++                                   bool startup G_GNUC_UNUSED,
++                                   bool force G_GNUC_UNUSED)
+ {
+ }
+ 
+diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
+index 169417a6c0..48ab52c160 100644
+--- a/src/network/bridge_driver_platform.h
++++ b/src/network/bridge_driver_platform.h
+@@ -62,7 +62,7 @@ struct _virNetworkDriverState {
+ typedef struct _virNetworkDriverState virNetworkDriverState;
+ typedef virNetworkDriverState *virNetworkDriverStatePtr;
+ 
+-void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
++void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup, bool force);
+ void networkPostReloadFirewallRules(bool startup);
+ 
+ int networkCheckRouteCollision(virNetworkDefPtr def);

0003-network-improve-error-report-when-firewall-chain-cre.patch

@@ -1,137 +0,0 @@
-From b990740b12117eaaf2797141a53a30b41f07c791 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 17:31:21 +0000
-Subject: [PATCH 3/5] network: improve error report when firewall chain
- creation fails
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-During startup we create some top level chains in which all
-virtual network firewall rules will be placed. The upfront
-creation is done to avoid slowing down creation of individual
-virtual networks by checking for chain existance every time.
-
-There are some factors which can cause this upfront creation
-to fail and while a message will get into the libvirtd log
-this won't be seen by users who later try to start a virtual
-network. Instead they'll just get a message saying that the
-libvirt top level chain does not exist. This message is
-accurate, but unhelpful for solving the root cause.
-
-This patch thus saves any error during daemon startup and
-reports it when trying to create a virtual network later.
-
-Reviewed-by: Andrea Bolognani <abologna@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9f4e35dc73ec9e940aa61bc7c140c2b800218ef3)
----
- src/network/bridge_driver.c          |  3 +--
- src/network/bridge_driver_linux.c    | 31 +++++++++++++++++++++-------
- src/network/bridge_driver_nop.c      |  3 +--
- src/network/bridge_driver_platform.h |  2 +-
- 4 files changed, 27 insertions(+), 12 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index b3ca5b8a15..1da60f0a21 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2108,8 +2108,7 @@ static void
- networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
- {
-     VIR_INFO("Reloading iptables rules");
--    if (networkPreReloadFirewallRules(startup) < 0)
--        return;
-+    networkPreReloadFirewallRules(startup);
-     virNetworkObjListForEach(driver->networks,
-                              networkReloadFirewallRulesHelper,
-                              NULL);
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index b10d0a6c4d..c899f4b6d0 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -35,11 +35,25 @@ VIR_LOG_INIT("network.bridge_driver_linux");
- 
- #define PROC_NET_ROUTE "/proc/net/route"
- 
--int networkPreReloadFirewallRules(bool startup)
-+static virErrorPtr errInit;
-+
-+void networkPreReloadFirewallRules(bool startup)
- {
--    int ret = iptablesSetupPrivateChains();
--    if (ret < 0)
--        return -1;
-+    int rc;
-+
-+    /* We create global rules upfront as we don't want
-+     * the perf hit of conditionally figuring out whether
-+     * to create them each time a network is started.
-+     *
-+     * Any errors here are saved to be reported at time
-+     * of starting the network though as that makes them
-+     * more likely to be seen by a human
-+     */
-+    rc = iptablesSetupPrivateChains();
-+    if (rc < 0) {
-+        errInit = virSaveLastError();
-+        virResetLastError();
-+    }
- 
-     /*
-      * If this is initial startup, and we just created the
-@@ -54,10 +68,8 @@ int networkPreReloadFirewallRules(bool startup)
-      * rules will be present. Thus we can safely just tell it
-      * to always delete from the builin chain
-      */
--    if (startup && ret == 1)
-+    if (startup && rc == 1)
-         iptablesSetDeletePrivate(false);
--
--    return 0;
- }
- 
- 
-@@ -671,6 +683,11 @@ int networkAddFirewallRules(virNetworkDefPtr def)
-     virFirewallPtr fw = NULL;
-     int ret = -1;
- 
-+    if (errInit) {
-+        virSetError(errInit);
-+        return -1;
-+    }
-+
-     if (def->bridgeZone) {
- 
-         /* if a firewalld zone has been specified, fail/log an error
-diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
-index a0e57012f9..ea9db338cb 100644
---- a/src/network/bridge_driver_nop.c
-+++ b/src/network/bridge_driver_nop.c
-@@ -19,9 +19,8 @@
- 
- #include <config.h>
- 
--int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
-+void networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
- {
--    return 0;
- }
- 
- 
-diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
-index baeb22bc3e..95fd64bdc7 100644
---- a/src/network/bridge_driver_platform.h
-+++ b/src/network/bridge_driver_platform.h
-@@ -58,7 +58,7 @@ struct _virNetworkDriverState {
- typedef struct _virNetworkDriverState virNetworkDriverState;
- typedef virNetworkDriverState *virNetworkDriverStatePtr;
- 
--int networkPreReloadFirewallRules(bool startup);
-+void networkPreReloadFirewallRules(bool startup);
- void networkPostReloadFirewallRules(bool startup);
- 
- int networkCheckRouteCollision(virNetworkDefPtr def);
--- 
-2.20.1
-

0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch

@@ -1,153 +0,0 @@
-From 095c45036615a84c7150ea801d6932bdde1d5b49 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 16:49:32 +0000
-Subject: [PATCH 4/5] network: split setup of ipv4 and ipv6 top level chains
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-During startup libvirtd creates top level chains for both ipv4
-and ipv6 protocols. If this fails for any reason then startup
-of virtual networks is blocked.
-
-The default virtual network, however, only requires use of ipv4
-and some servers have ipv6 disabled so it is expected that ipv6
-chain creation will fail. There could equally be servers with
-no ipv4, only ipv6.
-
-This patch thus makes error reporting a little more fine grained
-so that it works more sensibly when either ipv4 or ipv6 is
-disabled on the server. Only the protocols that are actually
-used by the virtual network have errors reported.
-
-Reviewed-by: Andrea Bolognani <abologna@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 686803a1a2e1e0641916b1c9e2c7e3910fe598d4)
----
- src/network/bridge_driver_linux.c | 34 +++++++++++++++++++++++++------
- src/util/viriptables.c            | 14 ++++---------
- src/util/viriptables.h            |  2 +-
- 3 files changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index c899f4b6d0..50fc197134 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -35,10 +35,12 @@ VIR_LOG_INIT("network.bridge_driver_linux");
- 
- #define PROC_NET_ROUTE "/proc/net/route"
- 
--static virErrorPtr errInit;
-+static virErrorPtr errInitV4;
-+static virErrorPtr errInitV6;
- 
- void networkPreReloadFirewallRules(bool startup)
- {
-+    bool created = false;
-     int rc;
- 
-     /* We create global rules upfront as we don't want
-@@ -49,11 +51,21 @@ void networkPreReloadFirewallRules(bool startup)
-      * of starting the network though as that makes them
-      * more likely to be seen by a human
-      */
--    rc = iptablesSetupPrivateChains();
-+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
-     if (rc < 0) {
--        errInit = virSaveLastError();
-+        errInitV4 = virSaveLastError();
-         virResetLastError();
-     }
-+    if (rc)
-+        created = true;
-+
-+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
-+    if (rc < 0) {
-+        errInitV6 = virSaveLastError();
-+        virResetLastError();
-+    }
-+    if (rc)
-+        created = true;
- 
-     /*
-      * If this is initial startup, and we just created the
-@@ -68,7 +80,7 @@ void networkPreReloadFirewallRules(bool startup)
-      * rules will be present. Thus we can safely just tell it
-      * to always delete from the builin chain
-      */
--    if (startup && rc == 1)
-+    if (startup && created)
-         iptablesSetDeletePrivate(false);
- }
- 
-@@ -683,8 +695,18 @@ int networkAddFirewallRules(virNetworkDefPtr def)
-     virFirewallPtr fw = NULL;
-     int ret = -1;
- 
--    if (errInit) {
--        virSetError(errInit);
-+    if (errInitV4 &&
-+        (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
-+         virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
-+        virSetError(errInitV4);
-+        return -1;
-+    }
-+
-+    if (errInitV6 &&
-+        (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
-+         virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
-+         def->ipv6nogw)) {
-+        virSetError(errInitV6);
-         return -1;
-     }
- 
-diff --git a/src/util/viriptables.c b/src/util/viriptables.c
-index d67b640a3b..0e3c0ad73a 100644
---- a/src/util/viriptables.c
-+++ b/src/util/viriptables.c
-@@ -127,7 +127,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw,
- 
- 
- int
--iptablesSetupPrivateChains(void)
-+iptablesSetupPrivateChains(virFirewallLayer layer)
- {
-     virFirewallPtr fw = NULL;
-     int ret = -1;
-@@ -143,17 +143,11 @@ iptablesSetupPrivateChains(void)
-     };
-     bool changed = false;
-     iptablesGlobalChainData data[] = {
--        { VIR_FIREWALL_LAYER_IPV4, "filter",
-+        { layer, "filter",
-           filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV4, "nat",
-+        { layer, "nat",
-           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV4, "mangle",
--          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "filter",
--          filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "nat",
--          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "mangle",
-+        { layer, "mangle",
-           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
-     };
-     size_t i;
-diff --git a/src/util/viriptables.h b/src/util/viriptables.h
-index 903f390f89..e680407ec8 100644
---- a/src/util/viriptables.h
-+++ b/src/util/viriptables.h
-@@ -24,7 +24,7 @@
- # include "virsocketaddr.h"
- # include "virfirewall.h"
- 
--int              iptablesSetupPrivateChains      (void);
-+int              iptablesSetupPrivateChains      (virFirewallLayer layer);
- 
- void             iptablesSetDeletePrivate        (bool pvt);
- 
--- 
-2.20.1
-

0004-systemd-start-libvirtd-after-firewalld-iptables-serv.patch

@@ -0,0 +1,100 @@
+From: Laine Stump <laine@redhat.com>
+Date: Fri, 1 May 2020 00:05:50 -0400
+Subject: [PATCH] systemd: start libvirtd after firewalld/iptables services
+
+When a system has enabled the iptables/ip6tables services rather than
+firewalld, there is no explicit ordering of the start of those
+services vs. libvirtd. This creates a problem when libvirtd.service is
+started before ip[6]tables, as the latter, when it finally is started,
+will remove all of the iptables rules that had previously been added
+by libvirt, including the custom chains where libvirt's rules are
+kept. This results in an error message similar to the following when a
+user subsequently tries to start a new libvirt network:
+
+ "Error while activating network: Call to virNetworkCreate failed:
+ internal error: Failed to apply firewall rules
+ /usr/sbin/ip6tables -w --table filter --insert LIBVIRT_FWO \
+   --in-interface virbr2 --jump REJECT:
+ ip6tables: No chain/target/match by that name."
+
+(Prior to logging this error, it also would have caused failure to
+forward (or block) traffic in some cases, e.g. for guests on a NATed
+network, since libvirt's rules to forward/block had all been deleted
+and libvirt didn't know about it, so it couldn't fix the problem)
+
+When this happens, the problem can be remedied by simply restarting
+libvirtd.service (which has the side-effect of reloading all
+libvirt-generated firewall rules)
+
+Instead, we can just explicitly stating in the libvirtd.service file
+that libvirtd.service should start after ip6tables.service and
+ip6tables.service, eliminating the race condition that leads to the
+error.
+
+There is also nothing (that I can see) in the systemd .service files
+to guarantee that firewalld.service will be started (if enabled) prior
+to libvirtd.service. The same error scenario given above would occur
+if libvirtd.service started before firewalld.service.  Even before
+that, though libvirtd would have detected that firewalld.service was
+disabled, and then turn off all firewalld support. So, for example,
+firewalld's libvirt zone wouldn't be used, and most likely traffic
+from guests would therefore be blocked (all with no external
+indication of the source of the problem other than a debug-level log
+when libvirtd was started saying that firewalld wasn't in use); also
+libvirtd wouldn't notice when firewalld reloaded its rules (which also
+simultaneously deletes all of libvirt's rules).
+
+I'm not aware of any reports that have been traced back to
+libvirtd.service starting before firewalld.service, but have seen that
+error reported multiple times, and also don't see an existing
+dependency that would guarantee firewalld.service starts before
+libvirtd.service, so it's possible it's been happening and we just
+haven't gotten to the bottom of it.
+
+This patch adds an After= line to the libvirtd.service file for each
+of iptables.service, ip6tables.service, and firewalld.servicee, which
+should guarantee that libvirtd.service isn't started until systemd has
+started whichever of the others is enabled.
+
+This race was diagnosed, and patch proposed, by Jason Montleon in
+https://bugzilla.redhat.com/1723698 . At the time (April 2019) danpb
+agreed with him that this change to libvirtd.service was a reasonable
+thing to do, but I guess everyone thought someone else was going to
+post a patch, so in the end nobody did.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 0756415f147dda15a417bd79eef9a62027d176e6)
+---
+ src/network/virtnetworkd.service.in | 3 +++
+ src/remote/libvirtd.service.in      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in
+index 656e8b4f84..56182e1693 100644
+--- a/src/network/virtnetworkd.service.in
++++ b/src/network/virtnetworkd.service.in
+@@ -5,6 +5,9 @@ Requires=virtnetworkd.socket
+ Requires=virtnetworkd-ro.socket
+ Requires=virtnetworkd-admin.socket
+ After=network.target
++After=firewalld.service
++After=iptables.service
++After=ip6tables.service
+ After=dbus.service
+ After=apparmor.service
+ After=local-fs.target
+diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
+index 90b2cad5b0..cc0d4e3693 100644
+--- a/src/remote/libvirtd.service.in
++++ b/src/remote/libvirtd.service.in
+@@ -11,6 +11,9 @@ Wants=libvirtd-admin.socket
+ Wants=systemd-machined.service
+ Before=libvirt-guests.service
+ After=network.target
++After=firewalld.service
++After=iptables.service
++After=ip6tables.service
+ After=dbus.service
+ After=iscsid.service
+ After=apparmor.service

0005-libxl-fix-crash-when-initializing-driver.patch

@@ -0,0 +1,43 @@
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 3 Apr 2020 15:51:48 -0600
+Subject: [PATCH] libxl: fix crash when initializing driver
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit 54a401af478 split out DriverConfigInit from DriverConfigNew, but
+then called it a bit late from libxlStateInitialize. The cfg is used in
+libxlDriverConfigLoadFile and when uninitialized results in a crash.
+Calling DriverConfigInit immediately after DriverConfigNew fixes the
+crash.
+
+Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 88011ed280c4f946a7b8e7ffcea2335eb075de60)
+---
+ src/libxl/libxl_driver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
+index f2387e2a20..c4fb791fa0 100644
+--- a/src/libxl/libxl_driver.c
++++ b/src/libxl/libxl_driver.c
+@@ -703,14 +703,14 @@ libxlStateInitialize(bool privileged,
+     if (!(cfg = libxlDriverConfigNew()))
+         goto error;
+ 
++    if (libxlDriverConfigInit(cfg) < 0)
++        goto error;
++
+     driverConf = g_strdup_printf("%s/libxl.conf", cfg->configBaseDir);
+ 
+     if (libxlDriverConfigLoadFile(cfg, driverConf) < 0)
+         goto error;
+ 
+-    if (libxlDriverConfigInit(cfg) < 0)
+-        goto error;
+-
+     /* Register the callbacks providing access to libvirt's event loop */
+     libxl_osevent_register_hooks(cfg->ctx, &libxl_osevent_callbacks, cfg->ctx);
+ 

0005-network-avoid-trying-to-create-global-firewall-rules.patch

@@ -1,50 +0,0 @@
-From 3e02ee9b5da7fc7197aaa6d57563349a7670b8a1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 13 Mar 2019 16:21:15 +0000
-Subject: [PATCH 5/5] network: avoid trying to create global firewall rules if
- unprivileged
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The unprivileged libvirtd does not have permission to create firewall
-rules, or bridge devices, or do anything to the host network in
-general. Historically we still activate the network driver though and
-let the network start API call fail.
-
-The startup code path which reloads firewall rules on active networks
-would thus effectively be a no-op when unprivileged as it is impossible
-for there to be any active networks
-
-With the change to use a global set of firewall chains, however, we now
-have code that is run unconditionally.
-
-Ideally we would not register the network driver at all when
-unprivileged, but the entanglement with the virt drivers currently makes
-that impractical. As a temporary hack, we just make the firewall reload
-into a no-op.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 5d010c3df6152cf5fb00f1f67d22151241f4a8a2)
----
- src/network/bridge_driver.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index 1da60f0a21..0e1d5efd8e 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2108,6 +2108,10 @@ static void
- networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
- {
-     VIR_INFO("Reloading iptables rules");
-+    /* Ideally we'd not even register the driver when unprivilegd
-+     * but until we untangle the virt driver that's not viable */
-+    if (!driver->privileged)
-+        return;
-     networkPreReloadFirewallRules(startup);
-     virNetworkObjListForEach(driver->networks,
-                              networkReloadFirewallRulesHelper,
--- 
-2.20.1
-

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: libvirt
-# $Id$
-NAME := libvirt
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

libvirt.spec

@@ -4,7 +4,7 @@
 # that's still supported by the vendor. It may work on other distros
 # or versions, but no effort will be made to ensure that going forward.
 %define min_rhel 7
-%define min_fedora 28
+%define min_fedora 30
 
 %if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
     %define supported_platform 1
@@ -15,7 +15,7 @@
 # Default to skipping autoreconf.  Distros can change just this one line
 # (or provide a command-line override) if they backport any patches that
 # touch configure.ac or Makefile.am.
-%{!?enable_autotools:%global enable_autotools 1}
+%{!?enable_autotools:%global enable_autotools 0}
 
 # The hypervisor drivers that run in libvirtd
 %define with_qemu          0%{!?_without_qemu:1}
@@ -36,6 +36,11 @@
     %define qemu_kvm_arches x86_64 %{power64} aarch64 s390x
 %endif
 
+# On RHEL 7 and older macro _vpath_builddir is not defined.
+%if 0%{?rhel} <= 7
+    %define _vpath_builddir %{_target_platform}
+%endif
+
 %ifarch %{qemu_kvm_arches}
     %define with_qemu_kvm      %{with_qemu}
 %else
@@ -49,7 +54,6 @@
 # Then the hypervisor drivers that run outside libvirtd, in libvirt.so
 %define with_openvz        0%{!?_without_openvz:1}
 %define with_vmware        0%{!?_without_vmware:1}
-%define with_phyp          0%{!?_without_phyp:1}
 %define with_esx           0%{!?_without_esx:1}
 %define with_hyperv        0%{!?_without_hyperv:1}
 
@@ -60,7 +64,15 @@
 %else
     %define with_storage_sheepdog 0
 %endif
+
 %define with_storage_gluster 0%{!?_without_storage_gluster:1}
+%ifnarch %{qemu_kvm_arches}
+    # gluster is only built where qemu driver is enabled on RHEL 8
+    %if 0%{?rhel} >= 8
+        %define with_storage_gluster 0
+    %endif
+%endif
+
 %define with_numactl          0%{!?_without_numactl:1}
 
 # F25+ has zfs-fuse
@@ -118,14 +130,12 @@
 %endif
 
 # RHEL doesn't ship OpenVZ, VBox, PowerHypervisor,
-# VMware, libxenserver (xenapi), libxenlight (Xen 4.1 and newer),
+# VMware, libxenlight (Xen 4.1 and newer),
 # or HyperV.
 %if 0%{?rhel}
     %define with_openvz 0
     %define with_vbox 0
-    %define with_phyp 0
     %define with_vmware 0
-    %define with_xenapi 0
     %define with_libxl 0
     %define with_hyperv 0
     %define with_vz 0
@@ -137,7 +147,7 @@
 
 %define with_firewalld 1
 
-%if 0%{?fedora} >= 30 || 0%{?rhel} > 7
+%if 0%{?fedora} >= 31 || 0%{?rhel} > 7
     %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
 %endif
 
@@ -176,14 +186,6 @@
 
 %define with_bash_completion  0%{!?_without_bash_completion:1}
 
-# Use Python 3 when possible, Python 2 otherwise
-%if 0%{?fedora} || 0%{?rhel} > 7
-    %define python python3
-%else
-    %define python python2
-%endif
-
-
 %if %{with_qemu} || %{with_lxc}
 # numad is used to manage the CPU and memory placement dynamically,
 # it's not available on many non-x86 architectures.
@@ -215,8 +217,8 @@
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 5.1.0
-Release: 3%{?dist}
+Version: 6.1.0
+Release: 4%{?dist}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -224,12 +226,16 @@ URL: https://libvirt.org/
     %define mainturl stable_updates/
 %endif
 Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
-Patch1: 0001-storage-split-off-code-for-calling-rbd_list.patch
-Patch2: 0002-storage-add-support-for-new-rbd_list2-method.patch
-Patch3: 0003-network-improve-error-report-when-firewall-chain-cre.patch
-Patch4: 0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch
-Patch5: 0005-network-avoid-trying-to-create-global-firewall-rules.patch
 
+# Check for disk type correctly in virDomainDiskTranslateSourcePool
+Patch0001: 0001-virDomainDiskTranslateSourcePool-Check-for-disk-type.patch
+# Fix iptables No chain/target/match by that name (bz #1813830)
+Patch0002: 0002-network-make-it-safe-to-call-networkSetupPrivateChai.patch
+Patch0003: 0003-network-force-re-creation-of-iptables-private-chains.patch
+# systemd: start libvirtd after firewalld/iptables services (bz #1697636)
+Patch0004: 0004-systemd-start-libvirtd-after-firewalld-iptables-serv.patch
+# Fix libxl driver startup crash (bz #1842318)
+Patch0005: 0005-libxl-fix-crash-when-initializing-driver.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -266,7 +272,11 @@ BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gettext-devel
 BuildRequires: libtool
-BuildRequires: /usr/bin/pod2man
+%endif
+%if 0%{?rhel} == 7
+BuildRequires: python36-docutils
+%else
+BuildRequires: python3-docutils
 %endif
 BuildRequires: gcc
 BuildRequires: git
@@ -275,11 +285,12 @@ BuildRequires: perl-interpreter
 %else
 BuildRequires: perl
 %endif
-BuildRequires: %{python}
+BuildRequires: python3
 BuildRequires: systemd-units
 %if %{with_libxl}
 BuildRequires: xen-devel
 %endif
+BuildRequires: glib2-devel >= 2.48
 BuildRequires: libxml2-devel
 BuildRequires: libxslt
 BuildRequires: readline-devel
@@ -301,9 +312,8 @@ BuildRequires: yajl-devel
 %if %{with_sanlock}
 BuildRequires: sanlock-devel >= 2.4
 %endif
-BuildRequires: libpcap-devel
+BuildRequires: libpcap-devel >= 1.5.0
 BuildRequires: libnl3-devel
-BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 BuildRequires: dnsmasq >= 2.41
 BuildRequires: iptables
@@ -335,8 +345,13 @@ BuildRequires: device-mapper-devel
 # For XFS reflink clone support
 BuildRequires: xfsprogs-devel
 %if %{with_storage_rbd}
+    %if 0%{?fedora} || 0%{?rhel} > 7
+BuildRequires: librados-devel
+BuildRequires: librbd-devel
+    %else
 BuildRequires: librados2-devel
 BuildRequires: librbd1-devel
+    %endif
 %endif
 %if %{with_storage_gluster}
 BuildRequires: glusterfs-api-devel >= 3.4.1
@@ -359,7 +374,7 @@ BuildRequires: libcap-ng-devel >= 0.5.0
 %if %{with_fuse}
 BuildRequires: fuse-devel >= 2.8.6
 %endif
-%if %{with_phyp} || %{with_libssh2}
+%if %{with_libssh2}
 BuildRequires: libssh2-devel >= 1.3.0
 %endif
 
@@ -409,8 +424,6 @@ BuildRequires: libtirpc-devel
 BuildRequires: firewalld-filesystem
 %endif
 
-Provides: bundled(gnulib)
-
 %description
 Libvirt is a C toolkit to interact with the virtualization capabilities
 of recent versions of Linux (and other OSes). The main package includes
@@ -432,6 +445,9 @@ Summary: Server side daemon and supporting files for libvirt library
 # The client side, i.e. shared libs are in a subpackage
 Requires: %{name}-libs = %{version}-%{release}
 
+# (client invokes 'nc' against the UNIX socket on the server)
+Requires: /usr/bin/nc
+
 # for modprobe of pci devices
 Requires: module-init-tools
 
@@ -442,7 +458,6 @@ Requires: iproute
 Requires: iproute-tc
 %endif
 
-Requires: avahi-libs
 Requires: polkit >= 0.112
 %ifarch %{ix86} x86_64 ia64
 # For virConnectGetSysinfo
@@ -726,9 +741,6 @@ parted and more.
 Summary: QEMU driver plugin for the libvirtd daemon
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
-# There really is a hard cross-driver dependency here
-Requires: libvirt-daemon-driver-network = %{version}-%{release}
-Requires: libvirt-daemon-driver-storage-core = %{version}-%{release}
 Requires: /usr/bin/qemu-img
 # For image compression
 Requires: gzip
@@ -910,8 +922,6 @@ capabilities of recent versions of Linux (and other OSes).
 %package libs
 Summary: Client side libraries
 # So remote clients can access libvirt over SSH tunnel
-# (client invokes 'nc' against the UNIX socket on the server)
-Requires: nc
 Requires: cyrus-sasl
 # Needed by default sasl.conf - no onerous extra deps, since
 # 100's of other things on a system already pull in krb5-libs
@@ -1032,12 +1042,6 @@ exit 1
     %define arg_libxl --without-libxl
 %endif
 
-%if %{with_phyp}
-    %define arg_phyp --with-phyp
-%else
-    %define arg_phyp --without-phyp
-%endif
-
 %if %{with_esx}
     %define arg_esx --with-esx
 %else
@@ -1136,27 +1140,6 @@ exit 1
 
 %define arg_selinux_mount --with-selinux-mount="/sys/fs/selinux"
 
-%if 0%{?fedora}
-    # Nightly edk2.git-ovmf-x64
-    LOADERS="/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd"
-    # Nightly edk2.git-ovmf-ia32
-    LOADERS="$LOADERS:/usr/share/edk2.git/ovmf-ia32/OVMF_CODE-pure-efi.fd:/usr/share/edk2.git/ovmf-ia32/OVMF_VARS-pure-efi.fd"
-    # Nightly edk2.git-aarch64
-    LOADERS="$LOADERS:/usr/share/edk2.git/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2.git/aarch64/vars-template-pflash.raw"
-    # Nightly edk2.git-arm
-    LOADERS="$LOADERS:/usr/share/edk2.git/arm/QEMU_EFI-pflash.raw:/usr/share/edk2.git/arm/vars-template-pflash.raw"
-
-    # Fedora edk2-ovmf
-    LOADERS="$LOADERS:/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"
-    # Fedora edk2-ovmf-ia32
-    LOADERS="$LOADERS:/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd:/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd"
-    # Fedora edk2-aarch64
-    LOADERS="$LOADERS:/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw"
-    # Fedora edk2-arm
-    LOADERS="$LOADERS:/usr/share/edk2/arm/QEMU_EFI-pflash.raw:/usr/share/edk2/arm/vars-template-pflash.raw"
-    %define arg_loader_nvram --with-loader-nvram="$LOADERS"
-%endif
-
 # place macros above and build commands below this comment
 
 export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/%{name}.spec)
@@ -1166,22 +1149,27 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/%{name}.spec)
 %endif
 
 rm -f po/stamp-po
-%configure %{?arg_qemu} \
+
+%define _configure ../configure
+mkdir %{_vpath_builddir}
+cd %{_vpath_builddir}
+
+%configure --enable-dependency-tracking \
+           --with-runstatedir=%{_rundir} \
+           %{?arg_qemu} \
            %{?arg_openvz} \
            %{?arg_lxc} \
            %{?arg_vbox} \
            %{?arg_libxl} \
            --with-sasl \
-           --with-avahi \
            --with-polkit \
            --with-libvirtd \
-           %{?arg_phyp} \
            %{?arg_esx} \
            %{?arg_hyperv} \
            %{?arg_vmware} \
-           --without-xenapi \
            --without-vz \
            --without-bhyve \
+           --with-remote-default-mode=legacy \
            --with-interface \
            --with-network \
            --with-storage-fs \
@@ -1223,23 +1211,20 @@ rm -f po/stamp-po
            --with-qemu-user=%{qemu_user} \
            --with-qemu-group=%{qemu_group} \
            --with-tls-priority=%{tls_priority} \
-           %{?arg_loader_nvram} \
            %{?enable_werror} \
            --enable-expensive-tests \
            --with-init-script=systemd \
            %{?arg_login_shell}
 make %{?_smp_mflags} V=1
-gzip -9 ChangeLog
 
 %install
 rm -fr %{buildroot}
 
 export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/%{name}.spec)
 
+cd %{_vpath_builddir}
 %make_install %{?_smp_mflags} SYSTEMD_UNIT_DIR=%{_unitdir} V=1
 
-make %{?_smp_mflags} -C examples distclean V=1
-
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/libvirt/lock-driver/*.la
@@ -1261,8 +1246,8 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/lib/libvirt/dnsmasq/
 install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/
 cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
    $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
+# libvirt saves this file with mode 0600
+chmod 0600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
 
 # nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post
 # to avoid verification errors on changed files in /etc
@@ -1306,7 +1291,7 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
 %endif
 
 # Copied into libvirt-docs subpackage eventually
-mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs
+mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt libvirt-docs
 
 %ifarch %{power64} s390x x86_64 ia64 alpha sparc64
 mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes.stp \
@@ -1319,21 +1304,23 @@ mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \
 %endif
 
 %check
-cd tests
-# These tests don't current work in a mock build root
-for i in nodeinfotest seclabeltest
-do
-  rm -f $i
-  printf 'int main(void) { return 0; }' > $i.c
-  printf '#!/bin/sh\nexit 0\n' > $i
-  chmod +x $i
-done
+cd %{_vpath_builddir}
 if ! make %{?_smp_mflags} check VIR_TEST_DEBUG=1
 then
-  cat test-suite.log || true
+  cat tests/test-suite.log || true
   exit 1
 fi
 
+%post libs
+%if 0%{?rhel} == 7
+/sbin/ldconfig
+%endif
+
+%postun libs
+%if 0%{?rhel} == 7
+/sbin/ldconfig
+%endif
+
 %pre daemon
 # 'libvirt' group is just to allow password-less polkit access to
 # libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1346,6 +1333,8 @@ exit 0
 
 %systemd_post virtlockd.socket virtlockd-admin.socket
 %systemd_post virtlogd.socket virtlogd-admin.socket
+%systemd_post libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
+%systemd_post libvirtd-tcp.socket libvirtd-tls.socket
 %systemd_post libvirtd.service
 
 # request daemon restart in posttrans
@@ -1354,6 +1343,8 @@ touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
 
 %preun daemon
 %systemd_preun libvirtd.service
+%systemd_preun libvirtd-tcp.socket libvirtd-tls.socket
+%systemd_preun libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
 %systemd_preun virtlogd.socket virtlogd-admin.socket virtlogd.service
 %systemd_preun virtlockd.socket virtlockd-admin.socket virtlockd.service
 
@@ -1378,17 +1369,48 @@ fi
 
 %posttrans daemon
 if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
-    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
+    # See if user has previously modified their install to
+    # tell libvirtd to use --listen
+    grep -E '^LIBVIRTD_ARGS=.*--listen' /etc/sysconfig/libvirtd 1>/dev/null 2>&1
+    if test $? = 0
+    then
+        # Then lets keep honouring --listen and *not* use
+        # systemd socket activation, because switching things
+        # might confuse mgmt tool like puppet/ansible that
+        # expect the old style libvirtd
+        /bin/systemctl mask libvirtd.socket >/dev/null 2>&1 || :
+        /bin/systemctl mask libvirtd-ro.socket >/dev/null 2>&1 || :
+        /bin/systemctl mask libvirtd-admin.socket >/dev/null 2>&1 || :
+        /bin/systemctl mask libvirtd-tls.socket >/dev/null 2>&1 || :
+        /bin/systemctl mask libvirtd-tcp.socket >/dev/null 2>&1 || :
+    else
+        # Old libvirtd owns the sockets and will delete them on
+        # shutdown. Can't use a try-restart as libvirtd will simply
+        # own the sockets again when it comes back up. Thus we must
+        # do this particular ordering, so that we get libvirtd
+        # running with socket activation in use
+        /bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1
+        if test $? = 0
+        then
+            /bin/systemctl stop libvirtd.service >/dev/null 2>&1 || :
+
+            /bin/systemctl try-restart libvirtd.socket >/dev/null 2>&1 || :
+            /bin/systemctl try-restart libvirtd-ro.socket >/dev/null 2>&1 || :
+            /bin/systemctl try-restart libvirtd-admin.socket >/dev/null 2>&1 || :
+
+            /bin/systemctl start libvirtd.service >/dev/null 2>&1 || :
+        fi
+    fi
 fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
 %post daemon-driver-network
-%if %{with_firewalld}
+%if %{with_firewalld_zone}
     %firewalld_reload
 %endif
 
 %postun daemon-driver-network
-%if %{with_firewalld}
+%if %{with_firewalld_zone}
     %firewalld_reload
 %endif
 
@@ -1428,6 +1450,8 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
          < %{_datadir}/libvirt/networks/default.xml \
          > %{_sysconfdir}/libvirt/qemu/networks/default.xml
     ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
+    # libvirt saves this file with mode 0600
+    chmod 0600 %{_sysconfdir}/libvirt/qemu/networks/default.xml
 
     # Make sure libvirt picks up the new network defininiton
     mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
@@ -1442,6 +1466,8 @@ rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
 %post daemon-config-nwfilter
 cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
+# libvirt saves these files with mode 600
+chmod 600 %{_sysconfdir}/libvirt/nwfilter/*.xml
 # Make sure libvirt picks up the new nwfilter defininitons
 mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
 touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
@@ -1453,16 +1479,6 @@ fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
 
-%triggerun -- libvirt < 0.9.4
-%{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
-
-# If the package is allowed to autostart:
-/bin/systemctl --no-reload enable libvirtd.service >/dev/null 2>&1 ||:
-
-# Run these because the SysV package being removed won't do them
-/sbin/chkconfig --del libvirtd >/dev/null 2>&1 || :
-/bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
-
 %if %{with_qemu}
 %pre daemon-driver-qemu
 # We want soft static allocation of well-known ids, as disk images
@@ -1481,6 +1497,7 @@ exit 0
 %endif
 
 %preun client
+
 %systemd_preun libvirt-guests.service
 
 %post client
@@ -1489,23 +1506,6 @@ exit 0
 %postun client
 %systemd_postun libvirt-guests.service
 
-%triggerun client -- libvirt < 0.9.4
-%{_bindir}/systemd-sysv-convert --save libvirt-guests >/dev/null 2>&1 ||:
-
-# If the package is allowed to autostart:
-/bin/systemctl --no-reload enable libvirt-guests.service >/dev/null 2>&1 ||:
-
-# Run this because the SysV package being removed won't do them
-/sbin/chkconfig --del libvirt-guests >/dev/null 2>&1 || :
-
-%if %{with_sanlock}
-%post lock-sanlock
-if getent group sanlock > /dev/null ; then
-    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
-    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
-fi
-%endif
-
 %if %{with_lxc}
 %pre login-shell
 getent group virtlogin >/dev/null || groupadd -r virtlogin
@@ -1515,32 +1515,25 @@ exit 0
 %files
 
 %files docs
-%doc AUTHORS ChangeLog.gz NEWS README README.md
-%doc libvirt-docs/*
-
-# API docs
-%dir %{_datadir}/gtk-doc/html/libvirt/
-%doc %{_datadir}/gtk-doc/html/libvirt/*.devhelp
-%doc %{_datadir}/gtk-doc/html/libvirt/*.html
-%doc %{_datadir}/gtk-doc/html/libvirt/*.png
-%doc %{_datadir}/gtk-doc/html/libvirt/*.css
-%doc examples/hellolibvirt
-%doc examples/object-events
-%doc examples/dominfo
-%doc examples/domsuspend
-%doc examples/dommigrate
-%doc examples/openauth
-%doc examples/xml
-%doc examples/rename
-%doc examples/systemtap
-%doc examples/admin
-
+%doc AUTHORS ChangeLog NEWS README README.md
+%doc %{_vpath_builddir}/libvirt-docs/*
 
 %files daemon
 
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/
 
 %{_unitdir}/libvirtd.service
+%{_unitdir}/libvirtd.socket
+%{_unitdir}/libvirtd-ro.socket
+%{_unitdir}/libvirtd-admin.socket
+%{_unitdir}/libvirtd-tcp.socket
+%{_unitdir}/libvirtd-tls.socket
+%{_unitdir}/virtproxyd.service
+%{_unitdir}/virtproxyd.socket
+%{_unitdir}/virtproxyd-ro.socket
+%{_unitdir}/virtproxyd-admin.socket
+%{_unitdir}/virtproxyd-tcp.socket
+%{_unitdir}/virtproxyd-tls.socket
 %{_unitdir}/virt-guest-shutdown.target
 %{_unitdir}/virtlogd.service
 %{_unitdir}/virtlogd.socket
@@ -1552,6 +1545,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/sysconfig/virtlogd
 %config(noreplace) %{_sysconfdir}/sysconfig/virtlockd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
+%config(noreplace) %{_sysconfdir}/libvirt/virtproxyd.conf
 %config(noreplace) %{_sysconfdir}/libvirt/virtlogd.conf
 %config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
@@ -1560,7 +1554,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
 %dir %{_datadir}/libvirt/
 
-%ghost %dir %{_localstatedir}/run/libvirt/
+%ghost %dir %{_rundir}/libvirt/
 
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/
@@ -1579,6 +1573,8 @@ exit 0
 %{_datadir}/augeas/lenses/tests/test_virtlogd.aug
 %{_datadir}/augeas/lenses/virtlockd.aug
 %{_datadir}/augeas/lenses/tests/test_virtlockd.aug
+%{_datadir}/augeas/lenses/virtproxyd.aug
+%{_datadir}/augeas/lenses/tests/test_virtproxyd.aug
 %{_datadir}/augeas/lenses/libvirt_lockd.aug
 %if %{with_qemu}
 %{_datadir}/augeas/lenses/tests/test_libvirt_lockd.aug
@@ -1593,6 +1589,7 @@ exit 0
 %attr(0755, root, root) %{_libexecdir}/libvirt_iohelper
 
 %attr(0755, root, root) %{_sbindir}/libvirtd
+%attr(0755, root, root) %{_sbindir}/virtproxyd
 %attr(0755, root, root) %{_sbindir}/virtlogd
 %attr(0755, root, root) %{_sbindir}/virtlockd
 
@@ -1601,11 +1598,11 @@ exit 0
 %{_mandir}/man8/virtlockd.8*
 %{_mandir}/man7/virkey*.7*
 
-%doc examples/polkit/*.rules
-
 %files daemon-config-network
 %dir %{_datadir}/libvirt/networks/
 %{_datadir}/libvirt/networks/default.xml
+%ghost %{_sysconfdir}/libvirt/qemu/networks/default.xml
+%ghost %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
 
 %files daemon-config-nwfilter
 %dir %{_datadir}/libvirt/nwfilter/
@@ -1613,13 +1610,29 @@ exit 0
 %ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
 
 %files daemon-driver-interface
+%config(noreplace) %{_sysconfdir}/libvirt/virtinterfaced.conf
+%{_datadir}/augeas/lenses/virtinterfaced.aug
+%{_datadir}/augeas/lenses/tests/test_virtinterfaced.aug
+%{_unitdir}/virtinterfaced.service
+%{_unitdir}/virtinterfaced.socket
+%{_unitdir}/virtinterfaced-ro.socket
+%{_unitdir}/virtinterfaced-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtinterfaced
 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
 
 %files daemon-driver-network
+%config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf
+%{_datadir}/augeas/lenses/virtnetworkd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug
+%{_unitdir}/virtnetworkd.service
+%{_unitdir}/virtnetworkd.socket
+%{_unitdir}/virtnetworkd-ro.socket
+%{_unitdir}/virtnetworkd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnetworkd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/networks/autostart
-%ghost %dir %{_localstatedir}/run/libvirt/network/
+%ghost %dir %{_rundir}/libvirt/network/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/network/
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/dnsmasq/
 %attr(0755, root, root) %{_libexecdir}/libvirt_leaseshelper
@@ -1630,19 +1643,51 @@ exit 0
 %endif
 
 %files daemon-driver-nodedev
+%config(noreplace) %{_sysconfdir}/libvirt/virtnodedevd.conf
+%{_datadir}/augeas/lenses/virtnodedevd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnodedevd.aug
+%{_unitdir}/virtnodedevd.service
+%{_unitdir}/virtnodedevd.socket
+%{_unitdir}/virtnodedevd-ro.socket
+%{_unitdir}/virtnodedevd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnodedevd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
 
 %files daemon-driver-nwfilter
+%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf
+%{_datadir}/augeas/lenses/virtnwfilterd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug
+%{_unitdir}/virtnwfilterd.service
+%{_unitdir}/virtnwfilterd.socket
+%{_unitdir}/virtnwfilterd-ro.socket
+%{_unitdir}/virtnwfilterd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
-%ghost %dir %{_localstatedir}/run/libvirt/network/
+%ghost %dir %{_rundir}/libvirt/network/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
 
 %files daemon-driver-secret
+%config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf
+%{_datadir}/augeas/lenses/virtsecretd.aug
+%{_datadir}/augeas/lenses/tests/test_virtsecretd.aug
+%{_unitdir}/virtsecretd.service
+%{_unitdir}/virtsecretd.socket
+%{_unitdir}/virtsecretd-ro.socket
+%{_unitdir}/virtsecretd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtsecretd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so
 
 %files daemon-driver-storage
 
 %files daemon-driver-storage-core
+%config(noreplace) %{_sysconfdir}/libvirt/virtstoraged.conf
+%{_datadir}/augeas/lenses/virtstoraged.aug
+%{_datadir}/augeas/lenses/tests/test_virtstoraged.aug
+%{_unitdir}/virtstoraged.service
+%{_unitdir}/virtstoraged.socket
+%{_unitdir}/virtstoraged-ro.socket
+%{_unitdir}/virtstoraged-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtstoraged
 %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper
 %{_libdir}/%{name}/connection-driver/libvirt_driver_storage.so
 %{_libdir}/%{name}/storage-backend/libvirt_storage_backend_fs.so
@@ -1691,12 +1736,20 @@ exit 0
 
 %if %{with_qemu}
 %files daemon-driver-qemu
+%config(noreplace) %{_sysconfdir}/libvirt/virtqemud.conf
+%{_datadir}/augeas/lenses/virtqemud.aug
+%{_datadir}/augeas/lenses/tests/test_virtqemud.aug
+%{_unitdir}/virtqemud.service
+%{_unitdir}/virtqemud.socket
+%{_unitdir}/virtqemud-ro.socket
+%{_unitdir}/virtqemud-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtqemud
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
+%ghost %dir %{_rundir}/libvirt/qemu/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
 %dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
 %{_datadir}/augeas/lenses/libvirtd_qemu.aug
@@ -1704,14 +1757,24 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_qemu.so
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/swtpm/
 %dir %attr(0711, root, root) %{_localstatedir}/log/swtpm/libvirt/qemu/
+%{_bindir}/virt-qemu-run
+%{_mandir}/man1/virt-qemu-run.1*
 %endif
 
 %if %{with_lxc}
 %files daemon-driver-lxc
+%config(noreplace) %{_sysconfdir}/libvirt/virtlxcd.conf
+%{_datadir}/augeas/lenses/virtlxcd.aug
+%{_datadir}/augeas/lenses/tests/test_virtlxcd.aug
+%{_unitdir}/virtlxcd.service
+%{_unitdir}/virtlxcd.socket
+%{_unitdir}/virtlxcd-ro.socket
+%{_unitdir}/virtlxcd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtlxcd
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
 %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc
-%ghost %dir %{_localstatedir}/run/libvirt/lxc/
+%ghost %dir %{_rundir}/libvirt/lxc/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/
 %{_datadir}/augeas/lenses/libvirtd_lxc.aug
 %{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
@@ -1721,19 +1784,35 @@ exit 0
 
 %if %{with_libxl}
 %files daemon-driver-libxl
+%config(noreplace) %{_sysconfdir}/libvirt/virtxend.conf
+%{_datadir}/augeas/lenses/virtxend.aug
+%{_datadir}/augeas/lenses/tests/test_virtxend.aug
+%{_unitdir}/virtxend.service
+%{_unitdir}/virtxend.socket
+%{_unitdir}/virtxend-ro.socket
+%{_unitdir}/virtxend-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtxend
 %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.libxl
 %config(noreplace) %{_sysconfdir}/libvirt/libxl-lockd.conf
 %{_datadir}/augeas/lenses/libvirtd_libxl.aug
 %{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/
-%ghost %dir %{_localstatedir}/run/libvirt/libxl/
+%ghost %dir %{_rundir}/libvirt/libxl/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_libxl.so
 %endif
 
 %if %{with_vbox}
 %files daemon-driver-vbox
+%config(noreplace) %{_sysconfdir}/libvirt/virtvboxd.conf
+%{_datadir}/augeas/lenses/virtvboxd.aug
+%{_datadir}/augeas/lenses/tests/test_virtvboxd.aug
+%{_unitdir}/virtvboxd.service
+%{_unitdir}/virtvboxd.socket
+%{_unitdir}/virtvboxd-ro.socket
+%{_unitdir}/virtvboxd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtvboxd
 %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so
 %endif
 
@@ -1768,7 +1847,7 @@ exit 0
 %attr(0755, root, root) %{_libdir}/libvirt/lock-driver/sanlock.so
 %{_datadir}/augeas/lenses/libvirt_sanlock.aug
 %{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/sanlock
+%dir %attr(0770, root, sanlock) %{_localstatedir}/lib/libvirt/sanlock
 %{_sbindir}/virt-sanlock-cleanup
 %{_mandir}/man8/virt-sanlock-cleanup.8*
 %attr(0755, root, root) %{_libexecdir}/libvirt_sanlock_helper
@@ -1799,7 +1878,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirt-guests
 %attr(0755, root, root) %{_libexecdir}/libvirt-guests.sh
 
-%files libs -f %{name}.lang
+%files libs -f %{_vpath_builddir}/%{name}.lang
 %license COPYING COPYING.LESSER
 %config(noreplace) %{_sysconfdir}/libvirt/libvirt.conf
 %config(noreplace) %{_sysconfdir}/libvirt/libvirt-admin.conf
@@ -1815,12 +1894,15 @@ exit 0
 %{_datadir}/libvirt/schemas/capability.rng
 %{_datadir}/libvirt/schemas/cputypes.rng
 %{_datadir}/libvirt/schemas/domain.rng
+%{_datadir}/libvirt/schemas/domainbackup.rng
 %{_datadir}/libvirt/schemas/domaincaps.rng
+%{_datadir}/libvirt/schemas/domaincheckpoint.rng
 %{_datadir}/libvirt/schemas/domaincommon.rng
 %{_datadir}/libvirt/schemas/domainsnapshot.rng
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/network.rng
 %{_datadir}/libvirt/schemas/networkcommon.rng
+%{_datadir}/libvirt/schemas/networkport.rng
 %{_datadir}/libvirt/schemas/nodedev.rng
 %{_datadir}/libvirt/schemas/nwfilter.rng
 %{_datadir}/libvirt/schemas/nwfilter_params.rng
@@ -1828,6 +1910,7 @@ exit 0
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storagecommon.rng
 %{_datadir}/libvirt/schemas/storagepool.rng
+%{_datadir}/libvirt/schemas/storagepoolcaps.rng
 %{_datadir}/libvirt/schemas/storagevol.rng
 
 %{_datadir}/libvirt/cpu_map/*.xml
@@ -1858,6 +1941,7 @@ exit 0
 %if %{with_lxc}
 %files login-shell
 %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell
+%{_libexecdir}/virt-login-shell-helper
 %config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
 %{_mandir}/man1/virt-login-shell.1*
 %endif
@@ -1873,6 +1957,7 @@ exit 0
 %{_includedir}/libvirt/libvirt-admin.h
 %{_includedir}/libvirt/libvirt-common.h
 %{_includedir}/libvirt/libvirt-domain.h
+%{_includedir}/libvirt/libvirt-domain-checkpoint.h
 %{_includedir}/libvirt/libvirt-domain-snapshot.h
 %{_includedir}/libvirt/libvirt-event.h
 %{_includedir}/libvirt/libvirt-host.h
@@ -1895,11 +1980,93 @@ exit 0
 %{_datadir}/libvirt/api/libvirt-admin-api.xml
 %{_datadir}/libvirt/api/libvirt-qemu-api.xml
 %{_datadir}/libvirt/api/libvirt-lxc-api.xml
-# Needed building python bindings
-%doc docs/libvirt-api.xml
 
 
 %changelog
+* Tue Jun 02 2020 Cole Robinson <crobinso@redhat.com> - 6.1.0-4
+- Fix libxl driver startup crash (bz #1842318)
+
+* Tue May 26 2020 Cole Robinson <crobinso@redhat.com> - 6.1.0-3
+- Fix iptables No chain/target/match by that name (bz #1813830)
+- systemd: start libvirtd after firewalld/iptables services (bz #1697636)
+
+* Tue Mar 24 2020 Felipe Borges <feborges@redhat.com> - 6.1.0-2
+- Check for disk type correctly in virDomainDiskTranslateSourcePool
+
+* Wed Mar 04 2020 Cole Robinson <crobinso@redhat.com> - 6.1.0-1
+- Update to version 6.1.0
+
+* Tue Feb 25 2020 Cole Robinson <crobinso@redhat.com> - 6.0.0-3
+- Rebuild for libiscsi soname bump
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jan 15 2020 Cole Robinson <crobinso@redhat.com> - 6.0.0-1
+- Update to version 6.0.0
+
+* Thu Dec 19 2019 Adam Williamson <awilliam@redhat.com> - 5.10.0-2
+- Rebuild for new xen-libs
+
+* Tue Dec 03 2019 Cole Robinson <crobinso@redhat.com> - 5.10.0-1
+- Update to version 5.10.0
+
+* Mon Nov 11 2019 Cole Robinson <crobinso@redhat.com> - 5.9.0-1
+- Update to version 5.9.0
+
+* Mon Oct 07 2019 Cole Robinson <crobinso@redhat.com> - 5.8.0-1
+- Update to version 5.8.0
+
+* Thu Sep 26 2019 Cole Robinson <crobinso@redhat.com> - 5.7.0-3
+- Fix VM startup when legacy cgroups are defined (bz #1612383)
+
+* Fri Sep 20 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.7.0-2
+- Fix systemd socket activation with TLS socket
+
+* Tue Sep 03 2019 Cole Robinson <crobinso@redhat.com> - 5.7.0-1
+- Update to version 5.7.0
+
+* Tue Aug 06 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-1
+- Update to version 5.6.0
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Jul 03 2019 Cole Robinson <crobinso@redhat.com> - 5.5.0-1
+- Rebased to version 5.5.0
+
+* Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 5.4.0-2
+- CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
+  API (bz #1722463, bz #1720115)
+- CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly
+  clients (bz #1722462, bz #1720114)
+- CVE-2019-10167: arbitrary command execution via
+  virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
+- CVE-2019-10168: arbitrary command execution via
+  virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz
+  #1722466, bz #1720118)
+
+* Wed Jun 12 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.4.0-1
+- Update to 5.4.0 release
+
+* Tue May 21 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-3
+- Fix systemd socket permissions
+- Resolves: rhbz #1712498 (CVE-2019-10132)
+
+* Tue May 14 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-2
+- Define md-clear CPUID bit
+- Resolves: rhbz #1709977 (CVE-2018-12126), rhbz #1709979 (CVE-2018-12127),
+  rhbz #1709997 (CVE-2018-12130), rhbz #1709984 (CVE-2019-11091)
+
+* Tue May  7 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-1
+- Update to 5.3.0 release
+
+* Mon Apr 08 2019 Cole Robinson <crobinso@redhat.com> - 5.2.0-2
+- Rebuild for xen 4.12 soname bump
+
+* Wed Apr  3 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.2.0-1
+- Update to 5.2.0 release
+
 * Wed Mar 20 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.1.0-3
 - Fix upgrades for rbd on i686 (rhbz #1688121)
 - Add missing xfsprogs-devel dep
@@ -1921,58 +2088,3 @@ exit 0
 
 * Mon Jan 21 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.0.0-1
 - Update to 5.0.0 release
-
-* Mon Dec 10 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.10.0-2
-- Disable RBD on 32-bit arches (rhbz #1657928)
-
-* Mon Dec  3 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.10.0-1
-- Update to 4.10.0 release
-
-* Mon Nov 12 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.9.0-1
-- Update to 4.9.0 release
-
-* Fri Oct  5 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.8.0-1
-- Update to 4.8.0 release
-
-* Tue Sep  4 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.7.0-1
-- Update to 4.7.0 release
-
-* Sat Aug 18 2018 David Abdurachmanov <david.abdurachmanov@gmail.com> - 4.6.0-2
-- Add support for RISC-V (riscv64)
-
-* Mon Aug  6 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.6.0-1
-- Update to 4.6.0 release
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Fri Jul  6 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.5.0-2
-- Fix regressions with chardev handling
-
-* Tue Jul  3 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.5.0-1
-- Update to 4.5.0 release
-
-* Tue Jun  5 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.4.0-1
-- Update to 4.4.0 release
-
-* Thu May  3 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.3.0-1
-- Update to 4.3.0 release
-
-* Tue Apr  3 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.2.0-1
-- Update to 4.2.0 release
-
-* Fri Mar 23 2018 Iryna Shcherbina <ishcherb@redhat.com> - 4.1.0-3
-- Update Python 2 dependency declarations to new packaging standards
-  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
-
-* Wed Mar 21 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.1.0-2
-- Fix systemd macro argument with line continuations (rhbz#1558648)
-
-* Mon Mar  5 2018 Daniel Berrange <berrange@redhat.com> - 4.1.0-1
-- Rebase to version 4.1.0
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Fri Jan 19 2018 Daniel P. Berrange <berrange@redhat.com> - 4.0.0-1
-- Rebase to version 4.0.0

sources

@@ -1 +1 @@
-SHA512 (libvirt-5.1.0.tar.xz) = ca64d7be683614bdeb20a8865655fe80f911cf13c00aed2334db3a2e4131e1dd6fe5e9663a24e6f82161ad5aa53f1a2637cd21730eed46e4764b7eebced94f3f
+SHA512 (libvirt-6.1.0.tar.xz) = 17a2641f300a4a05149261bae74ac856e9a2511a259146595d2e2412c4a0601d88369b0544ba86edc80e433a47cf828317d8de38c6ec86a1b3efaca75294a606