Fix mistakes in post scripts causing uninstall errors

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

0001-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch

@@ -1,40 +0,0 @@
-From 6f3ee0c553bafec957e69df7fc42f83985d55c0f Mon Sep 17 00:00:00 2001
-From: Martin Kletzander <mkletzan@redhat.com>
-Date: Tue, 27 Feb 2024 16:20:12 +0100
-Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Ever since this function was introduced in 2012 it could've tried
-filling in an extra interface name.  That was made worse in 2019 when
-the caller functions started accepting NULL arrays of size 0.
-
-This is assigned CVE-2024-1441.
-
-Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
-Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
-Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
-Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8)
----
- src/interface/interface_backend_udev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
-index ef334f175b..abeb766294 100644
---- a/src/interface/interface_backend_udev.c
-+++ b/src/interface/interface_backend_udev.c
-@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
-         g_autoptr(virInterfaceDef) def = NULL;
- 
-         /* Ensure we won't exceed the size of our array */
--        if (count > names_len)
-+        if (count >= names_len)
-             break;
- 
-         path = udev_list_entry_get_name(dev_entry);
--- 
-2.43.0
-

0001-interface-fix-udev_device_get_sysattr_value-return-v.patch

@@ -1,90 +0,0 @@
-From 13ea81b22cde0a429aa1de8b58655296084ce8d7 Mon Sep 17 00:00:00 2001
-From: Dmitry Frolov <frolov@swemel.ru>
-Date: Tue, 12 Sep 2023 15:56:47 +0300
-Subject: [PATCH] interface: fix udev_device_get_sysattr_value return value
- check
-
-Reviewing the code I found that return value of function
-udev_device_get_sysattr_value() is dereferenced without a check.
-udev_device_get_sysattr_value() may return NULL by number of reasons.
-
-v2: VIR_DEBUG added, replaced STREQ(NULLSTR()) with STREQ_NULLABLE()
-v3: More checks added, to skip earlier. More verbose VIR_DEBUG.
-
-Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 2ca94317ac642a70921947150ced8acc674ccdc8)
----
- src/interface/interface_backend_udev.c | 26 +++++++++++++++++++-------
- 1 file changed, 19 insertions(+), 7 deletions(-)
-
-diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
-index 54b43fb999..ef334f175b 100644
---- a/src/interface/interface_backend_udev.c
-+++ b/src/interface/interface_backend_udev.c
-@@ -23,6 +23,7 @@
- #include <dirent.h>
- #include <libudev.h>
- 
-+#include "virlog.h"
- #include "virerror.h"
- #include "virfile.h"
- #include "datatypes.h"
-@@ -40,6 +41,8 @@
- 
- #define VIR_FROM_THIS VIR_FROM_INTERFACE
- 
-+VIR_LOG_INIT("interface.interface_backend_udev");
-+
- struct udev_iface_driver {
-     struct udev *udev;
-     /* pid file FD, ensures two copies of the driver can't use the same root */
-@@ -354,11 +357,20 @@ udevConnectListAllInterfaces(virConnectPtr conn,
-         const char *macaddr;
-         g_autoptr(virInterfaceDef) def = NULL;
- 
--        path = udev_list_entry_get_name(dev_entry);
--        dev = udev_device_new_from_syspath(udev, path);
--        name = udev_device_get_sysname(dev);
-+        if (!(path = udev_list_entry_get_name(dev_entry))) {
-+            VIR_DEBUG("Skipping interface, path == NULL");
-+            continue;
-+        }
-+        if (!(dev = udev_device_new_from_syspath(udev, path))) {
-+            VIR_DEBUG("Skipping interface '%s', dev == NULL", path);
-+            continue;
-+        }
-+        if (!(name = udev_device_get_sysname(dev))) {
-+            VIR_DEBUG("Skipping interface '%s', name == NULL", path);
-+            continue;
-+        }
-         macaddr = udev_device_get_sysattr_value(dev, "address");
--        status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up");
-+        status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up");
- 
-         def = udevGetMinimalDefForDevice(dev);
-         if (!virConnectListAllInterfacesCheckACL(conn, def)) {
-@@ -962,9 +974,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
- 
-     /* MTU */
-     mtu_str = udev_device_get_sysattr_value(dev, "mtu");
--    if (virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
-+    if (!mtu_str || virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
-         virReportError(VIR_ERR_INTERNAL_ERROR,
--                _("Could not parse MTU value '%s'"), mtu_str);
-+                       _("Could not parse MTU value '%s'"), NULLSTR(mtu_str));
-         goto error;
-     }
-     ifacedef->mtu = mtu;
-@@ -1087,7 +1099,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
-        goto cleanup;
- 
-     /* Check if it's active or not */
--    status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up");
-+    status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up");
- 
-     udev_device_unref(dev);
- 
--- 
-2.43.0
-

0001-qemu-xen-add-missing-deps-on-virtlockd-virtlogd-sock.patch

@@ -0,0 +1,66 @@
+From 88c5b9f827779ae6fe5a6f08100a4b6184492a1c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 31 Aug 2021 10:59:39 +0100
+Subject: [PATCH] qemu, xen: add missing deps on virtlockd/virtlogd sockets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The QEMU driver uses both virtlogd and virtlockd, while the Xen driver
+uses virtlockd. The libvirtd.service unit contains deps on the socket
+units for these services, but these deps were missed in the modular
+daemons. As a result the virtlockd/virtlogd sockets are not started
+when the virtqemud/virtxend daemons are started.
+
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/libxl/virtxend.service.in | 2 ++
+ src/qemu/virtqemud.service.in | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in
+index a863917467..19b19ce3e6 100644
+--- a/src/libxl/virtxend.service.in
++++ b/src/libxl/virtxend.service.in
+@@ -1,6 +1,7 @@
+ [Unit]
+ Description=Virtualization xen daemon
+ Conflicts=libvirtd.service
++Requires=virtlockd.socket
+ Requires=virtxend.socket
+ Requires=virtxend-ro.socket
+ Requires=virtxend-admin.socket
+@@ -25,6 +26,7 @@ KillMode=process
+ 
+ [Install]
+ WantedBy=multi-user.target
++Also=virtlockd.socket
+ Also=virtxend.socket
+ Also=virtxend-ro.socket
+ Also=virtxend-admin.socket
+diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in
+index 8abc9d3a7f..20e1b43a6e 100644
+--- a/src/qemu/virtqemud.service.in
++++ b/src/qemu/virtqemud.service.in
+@@ -1,6 +1,8 @@
+ [Unit]
+ Description=Virtualization qemu daemon
+ Conflicts=libvirtd.service
++Requires=virtlogd.socket
++Requires=virtlockd.socket
+ Requires=virtqemud.socket
+ Requires=virtqemud-ro.socket
+ Requires=virtqemud-admin.socket
+@@ -42,6 +44,8 @@ LimitMEMLOCK=64M
+ 
+ [Install]
+ WantedBy=multi-user.target
++Also=virtlogd.socket
++Also=virtlockd.socket
+ Also=virtqemud.socket
+ Also=virtqemud-ro.socket
+ Also=virtqemud-admin.socket
+-- 
+2.31.1
+

0001-qemuProcessRefreshDisks-Don-t-skip-filling-of-disk-i.patch

@@ -1,58 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Thu, 9 Feb 2023 09:40:32 +0100
-Subject: [PATCH] qemuProcessRefreshDisks: Don't skip filling of disk
- information if tray state didn't change
-Content-type: text/plain
-
-Commit 5ef2582646eb98 added emitting of even when refreshign disk state,
-where it wanted to avoid sending the event if disk state didn't change.
-This was achieved by using 'continue' in the loop filling the
-information. Unfortunately this skips extraction of whether the device
-has a tray which is propagated into internal structures, which in turn
-broke cdrom media change as the code thought there's no tray for the
-device.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411
-Fixes: 5ef2582646eb98af208ce37355f82bdef39931fa
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
-(cherry picked from commit 86cfe93ef7fdc2d665a2fc88b79af89e7978ba78)
----
- src/qemu/qemu_process.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index ee9f0784d3..0c408ee547 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -8724,16 +8724,13 @@ qemuProcessRefreshDisks(virDomainObj *vm,
-             continue;
- 
-         if (info->removable) {
--            virObjectEvent *event = NULL;
-+            bool emitEvent = info->tray_open != disk->tray_status;
-             int reason;
- 
-             if (info->empty)
-                 virDomainDiskEmptySource(disk);
- 
-             if (info->tray) {
--                if (info->tray_open == disk->tray_status)
--                    continue;
--
-                 if (info->tray_open) {
-                     reason = VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN;
-                     disk->tray_status = VIR_DOMAIN_DISK_TRAY_OPEN;
-@@ -8742,8 +8739,10 @@ qemuProcessRefreshDisks(virDomainObj *vm,
-                     disk->tray_status = VIR_DOMAIN_DISK_TRAY_CLOSED;
-                 }
- 
--                event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
--                virObjectEventStateQueue(driver->domainEventState, event);
-+                if (emitEvent) {
-+                    virObjectEvent *event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
-+                    virObjectEventStateQueue(driver->domainEventState, event);
-+                }
-             }
-         }
- 

0002-ch-use-CURLOPT_UPLOAD-instead-of-CURLOPT_PUT.patch

@@ -1,39 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 18 Jan 2023 09:45:52 +0000
-Subject: [PATCH] ch: use CURLOPT_UPLOAD instead of CURLOPT_PUT
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Content-type: text/plain
-
-The CURLOPT_PUT constant causes a deprecation warning when compiling on
-Alpine Edge.  The docs indicate it is deprecated since 7.2.1
-
-  https://curl.se/libcurl/c/CURLOPT_PUT.html
-
-Since 7.87 the deprecation is now exposed at build time via a compiler
-warning.
-
-We already use CURLOPT_UPLOAD in the ESX driver, so this brings the CH
-driver into line.
-
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9cd70fb25cad171e415fb05a4e01f244304c602e)
----
- src/ch/ch_monitor.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c
-index 8d8654332f..7b8f0a8077 100644
---- a/src/ch/ch_monitor.c
-+++ b/src/ch/ch_monitor.c
-@@ -660,7 +660,7 @@ virCHMonitorPutNoContent(virCHMonitor *mon, const char *endpoint)
- 
-     curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH, mon->socketpath);
-     curl_easy_setopt(mon->handle, CURLOPT_URL, url);
--    curl_easy_setopt(mon->handle, CURLOPT_PUT, true);
-+    curl_easy_setopt(mon->handle, CURLOPT_UPLOAD, 1L);
-     curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, NULL);
- 
-     responseCode = virCHMonitorCurlPerform(mon->handle);

0002-wireshark-Switch-to-tvb_bytes_to_str.patch

@@ -0,0 +1,81 @@
+From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 29 Nov 2021 09:57:49 +0100
+Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
+
+When the dissector sees a byte sequence that is either an opaque
+data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
+bytes as a hex numbers using our own implementation. But
+wireshark already provides a function for it: tvb_bytes_to_str().
+NB, the reason why it returns a const string is so that callers
+don't try to free it - the string is allocated using an allocator
+which will decide when to free it.
+
+The wireshark formatter was introduced in wireshark commit of
+v1.99.2~479 and thus is present in the version we require at
+least (2.6.0).
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
+ 1 file changed, 8 insertions(+), 22 deletions(-)
+
+diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
+index f43919b05d..cb922b8070 100644
+--- a/tools/wireshark/src/packet-libvirt.c
++++ b/tools/wireshark/src/packet-libvirt.c
+@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+     }
+ }
+ 
+-static const gchar *
+-format_xdr_bytes(guint8 *bytes, guint32 length)
+-{
+-    gchar *buf;
+-    guint32 i;
+-
+-    if (length == 0)
+-        return "";
+-    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
+-    for (i = 0; i < length; i++) {
+-        /* We know that buf has enough size to contain
+-           2 * length + '\0' characters. */
+-        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
+-        buf += 2;
+-    }
+-    return buf - length*2;
+-}
+-
+ static gboolean
+ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+                    guint32 size)
+@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+     val = g_malloc(size);
+     start = xdr_getpos(xdrs);
+     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
+-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
+-                                          NULL, "%s", format_xdr_bytes(val, size));
++        gint len = xdr_getpos(xdrs) - start;
++        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
++
++        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+     } else {
+         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
+     }
+@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+ 
+     start = xdr_getpos(xdrs);
+     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
+-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
+-                                          NULL, "%s", format_xdr_bytes(val, length));
++        gint len = xdr_getpos(xdrs) - start;
++        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
++
++        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+         /* Seems I can't call xdr_free() for this case.
+            It will raises SEGV by referencing out of bounds call stack */
+         free(val);
+-- 
+2.33.1
+

0003-storage-Fix-returning-of-locked-objects-from-virStor.patch

@@ -1,56 +0,0 @@
-From 9a47442366fcf8a7b6d7422016d7bbb6764a1098 Mon Sep 17 00:00:00 2001
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Thu, 13 Jul 2023 16:16:37 +0200
-Subject: [PATCH] storage: Fix returning of locked objects from
- 'virStoragePoolObjListSearch'
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2023-3750
-
-'virStoragePoolObjListSearch' explicitly documents that it's returning
-a pointer to a locked and ref'd pool that maches the lookup function.
-
-This was not the case as in commit 0c4b391e2a9 (released in
-libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD'
-which auto-unlocked it when leaving the scope, even when the code was
-originally "leaking" the lock.
-
-Revert the corresponding conversion and add a comment that this function
-is intentionally leaking a locked object.
-
-Fixes: 0c4b391e2a9
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Han Han <hhan@redhat.com>
----
- src/conf/virstorageobj.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/conf/virstorageobj.c b/src/conf/virstorageobj.c
-index 7010e97d61..59fa5da372 100644
---- a/src/conf/virstorageobj.c
-+++ b/src/conf/virstorageobj.c
-@@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload,
-     virStoragePoolObj *obj = (virStoragePoolObj *) payload;
-     struct _virStoragePoolObjListSearchData *data =
-         (struct _virStoragePoolObjListSearchData *)opaque;
--    VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
- 
-+    virObjectLock(obj);
-+
-+    /* If we find the matching pool object we must return while the object is
-+     * locked as the caller wants to return a locked object. */
-     if (data->searcher(obj, data->opaque))
-         return 1;
- 
-+    virObjectUnlock(obj);
-+
-     return 0;
- }
- 
--- 
-2.41.0
-

0003-wireshark-Drop-needless-comment-in-dissect_xdr_bytes.patch

@@ -0,0 +1,33 @@
+From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 29 Nov 2021 10:20:05 +0100
+Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
+
+In the dissect_xdr_bytes() there's a comment that the string
+allocated by xdr_bytes() can't be freed using xdr_free(). Well,
+that is expected because xdr_bytes() used plain calloc() AND the
+string is not an XDR struct but plain 'char *' type. Passing it
+to xdr_free() must result in weird things happening.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tools/wireshark/src/packet-libvirt.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
+index cb922b8070..eeacbcdf0e 100644
+--- a/tools/wireshark/src/packet-libvirt.c
++++ b/tools/wireshark/src/packet-libvirt.c
+@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
+ 
+         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+-        /* Seems I can't call xdr_free() for this case.
+-           It will raises SEGV by referencing out of bounds call stack */
+         free(val);
+         return TRUE;
+     } else {
+-- 
+2.33.1
+

0004-tests-virstoragetest-remove-tests-without-backing-ty.patch

@@ -0,0 +1,78 @@
+From 979d1ba3ae1332bda80cb6eca98e41dc4462a226 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Tue, 31 Aug 2021 11:41:55 +0200
+Subject: [PATCH] tests: virstoragetest: remove tests without backing type
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As of qemu commit:
+
+  commit 497a30dbb065937d67f6c43af6dd78492e1d6f6d
+    qemu-img: Require -F with -b backing image
+
+creating images with backing images requires specifying the format.
+
+Remove tests which do not pass the backing format on the command
+line.
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tests/virstoragetest.c | 33 ---------------------------------
+ 1 file changed, 33 deletions(-)
+
+diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
+index 1b211b60e6..b80818bc7b 100644
+--- a/tests/virstoragetest.c
++++ b/tests/virstoragetest.c
+@@ -638,30 +638,6 @@ mymain(void)
+     };
+     TEST_CHAIN(abswrap, VIR_STORAGE_FILE_QCOW2, (&wrap, &qcow2, &raw), EXP_PASS);
+ 
+-    /* Rewrite qcow2 and wrap file to omit backing file type */
+-    virCommandFree(cmd);
+-    cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2",
+-                               "-b", absraw, "qcow2", NULL);
+-    if (virCommandRun(cmd, NULL) < 0)
+-        ret = -1;
+-
+-    virCommandFree(cmd);
+-    cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2",
+-                               "-b", absqcow2, "wrap", NULL);
+-    if (virCommandRun(cmd, NULL) < 0)
+-        ret = -1;
+-
+-    /* Qcow2 file with raw as absolute backing, backing format omitted */
+-    testFileData wrap_as_raw = {
+-        .expBackingStoreRaw = absqcow2,
+-        .expCapacity = 1024,
+-        .path = abswrap,
+-        .type = VIR_STORAGE_TYPE_FILE,
+-        .format = VIR_STORAGE_FILE_QCOW2,
+-    };
+-    TEST_CHAIN(abswrap, VIR_STORAGE_FILE_QCOW2,
+-               (&wrap_as_raw, &qcow2_as_raw), EXP_FAIL);
+-
+     /* Rewrite qcow2 to a missing backing file, with backing type */
+     virCommandFree(cmd);
+     cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2",
+@@ -674,15 +650,6 @@ mymain(void)
+     /* Qcow2 file with missing backing file but specified type */
+     TEST_CHAIN(absqcow2, VIR_STORAGE_FILE_QCOW2, (&qcow2), EXP_FAIL);
+ 
+-    /* Rewrite qcow2 to a missing backing file, without backing type */
+-    virCommandFree(cmd);
+-    cmd = virCommandNewArgList(qemuimg, "rebase", "-u", "-f", "qcow2",
+-                               "-b", datadir "/bogus", "qcow2", NULL);
+-    if (virCommandRun(cmd, NULL) < 0)
+-        ret = -1;
+-
+-    /* Qcow2 file with missing backing file and no specified type */
+-    TEST_CHAIN(absqcow2, VIR_STORAGE_FILE_QCOW2, (&qcow2), EXP_FAIL);
+ 
+     /* Rewrite qcow2 to use an nbd: protocol as backend */
+     virCommandFree(cmd);
+-- 
+2.33.1
+

0004-virpci-Resolve-leak-in-virPCIVirtualFunctionList-cle.patch

@@ -1,51 +0,0 @@
-From 6425a311b8ad19d6f9c0b315bf1d722551ea3585 Mon Sep 17 00:00:00 2001
-From: Tim Shearer <TShearer@adva.com>
-Date: Mon, 1 May 2023 13:15:48 +0000
-Subject: [PATCH] virpci: Resolve leak in virPCIVirtualFunctionList cleanup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Repeatedly querying an SR-IOV PCI device's capabilities exposes a
-memory leak caused by a failure to free the virPCIVirtualFunction
-array within the parent struct's g_autoptr cleanup.
-
-Valgrind output after getting a single interface's XML description
-1000 times:
-
-==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635
-==325982==    at 0x4C3C096: realloc (vg_replace_malloc.c:1437)
-==325982==    by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4)
-==325982==    by 0x4EE1F52: virReallocN (viralloc.c:52)
-==325982==    by 0x4EE1FB7: virExpandN (viralloc.c:78)
-==325982==    by 0x4EE219A: virInsertElementInternal (viralloc.c:183)
-==325982==    by 0x4EE23B2: virAppendElement (viralloc.c:288)
-==325982==    by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389)
-==325982==    by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256)
-==325982==    by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969)
-==325982==    by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099)
-==325982==    by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677)
-==325982==    by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355)
-
-Signed-off-by: Tim Shearer <tshearer@adva.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Han Han <hhan@redhat.com>
----
- src/util/virpci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/util/virpci.c b/src/util/virpci.c
-index 9e564e4a4f..cc2b07bbba 100644
---- a/src/util/virpci.c
-+++ b/src/util/virpci.c
-@@ -2245,6 +2245,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list)
-         g_free(list->functions[i].ifname);
-     }
- 
-+    g_free(list->functions);
-     g_free(list);
- }
- 
--- 
-2.41.0
-

sources

@@ -1 +1 @@
-SHA512 (libvirt-9.0.0.tar.xz) = 135f690f9fe722161c22579166f10a54d52941a371439165fd0e3d391ca7835049a3bcbff33fc81c50153046230db8a5a318d707383bad3141d489d2faa09ecb
+SHA512 (libvirt-7.6.0.tar.xz) = bad6cc02af071ca909bbbe3c07165e91cad863c9a759b26d9cff6aed6ea5643bc723d2f3c61ad41436dffd4fd50389333d74b131e37eaa54a5071a3ae26df627