Disable -Werror on mingw builds

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

0001-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch

@@ -1,4 +1,4 @@
-From 6f3ee0c553bafec957e69df7fc42f83985d55c0f Mon Sep 17 00:00:00 2001
+From 76cdc7adf55723ff8da146bd3c15c64d0afd5d93 Mon Sep 17 00:00:00 2001
 From: Martin Kletzander <mkletzan@redhat.com>
 Date: Tue, 27 Feb 2024 16:20:12 +0100
 Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
@@ -23,7 +23,7 @@ Reviewed-by: Ján Tomko <jtomko@redhat.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
-index ef334f175b..abeb766294 100644
+index fb6799ed94..4091483060 100644
 --- a/src/interface/interface_backend_udev.c
 +++ b/src/interface/interface_backend_udev.c
 @@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,

0001-interface-fix-udev-reference-leak-with-invalid-flags.patch

@@ -0,0 +1,41 @@
+From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 5 Jun 2024 11:16:21 +0100
+Subject: [PATCH] interface: fix udev reference leak with invalid flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The udevInterfaceGetXMLDesc method takes a reference on the udev
+driver as its first action. If the virCheckFlags() condition
+fails, however, this reference is never released.
+
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/interface/interface_backend_udev.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index fdf11a8318..e1a50389c9 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -1027,12 +1027,14 @@ static char *
+ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo,
+                         unsigned int flags)
+ {
+-    struct udev *udev = udev_ref(driver->udev);
++    struct udev *udev = NULL;
+     g_autoptr(virInterfaceDef) ifacedef = NULL;
+     char *xmlstr = NULL;
+ 
+     virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL);
+ 
++    udev = udev_ref(driver->udev);
++
+     /* Recursively build up the interface XML based on the requested
+      * interface name
+      */
+-- 
+2.45.1
+

0001-interface-fix-udev_device_get_sysattr_value-return-v.patch

@@ -1,4 +1,4 @@
-From 13ea81b22cde0a429aa1de8b58655296084ce8d7 Mon Sep 17 00:00:00 2001
+From c120b31f826cd51127d28f8beaa61ac0d5f03048 Mon Sep 17 00:00:00 2001
 From: Dmitry Frolov <frolov@swemel.ru>
 Date: Tue, 12 Sep 2023 15:56:47 +0300
 Subject: [PATCH] interface: fix udev_device_get_sysattr_value return value
@@ -19,7 +19,7 @@ Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
  1 file changed, 19 insertions(+), 7 deletions(-)
 
 diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
-index 54b43fb999..ef334f175b 100644
+index a0485ddd21..fb6799ed94 100644
 --- a/src/interface/interface_backend_udev.c
 +++ b/src/interface/interface_backend_udev.c
 @@ -23,6 +23,7 @@
@@ -64,19 +64,19 @@ index 54b43fb999..ef334f175b 100644
  
          def = udevGetMinimalDefForDevice(dev);
          if (!virConnectListAllInterfacesCheckACL(conn, def)) {
-@@ -962,9 +974,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
+@@ -964,9 +976,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
  
      /* MTU */
      mtu_str = udev_device_get_sysattr_value(dev, "mtu");
 -    if (virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
 +    if (!mtu_str || virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
          virReportError(VIR_ERR_INTERNAL_ERROR,
--                _("Could not parse MTU value '%s'"), mtu_str);
-+                       _("Could not parse MTU value '%s'"), NULLSTR(mtu_str));
+-                _("Could not parse MTU value '%1$s'"), mtu_str);
++                _("Could not parse MTU value '%1$s'"), NULLSTR(mtu_str));
          goto error;
      }
      ifacedef->mtu = mtu;
-@@ -1087,7 +1099,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
+@@ -1089,7 +1101,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
         goto cleanup;
  
      /* Check if it's active or not */

0001-qemuProcessRefreshDisks-Don-t-skip-filling-of-disk-i.patch

@@ -1,58 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Thu, 9 Feb 2023 09:40:32 +0100
-Subject: [PATCH] qemuProcessRefreshDisks: Don't skip filling of disk
- information if tray state didn't change
-Content-type: text/plain
-
-Commit 5ef2582646eb98 added emitting of even when refreshign disk state,
-where it wanted to avoid sending the event if disk state didn't change.
-This was achieved by using 'continue' in the loop filling the
-information. Unfortunately this skips extraction of whether the device
-has a tray which is propagated into internal structures, which in turn
-broke cdrom media change as the code thought there's no tray for the
-device.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166411
-Fixes: 5ef2582646eb98af208ce37355f82bdef39931fa
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
-(cherry picked from commit 86cfe93ef7fdc2d665a2fc88b79af89e7978ba78)
----
- src/qemu/qemu_process.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index ee9f0784d3..0c408ee547 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -8724,16 +8724,13 @@ qemuProcessRefreshDisks(virDomainObj *vm,
-             continue;
- 
-         if (info->removable) {
--            virObjectEvent *event = NULL;
-+            bool emitEvent = info->tray_open != disk->tray_status;
-             int reason;
- 
-             if (info->empty)
-                 virDomainDiskEmptySource(disk);
- 
-             if (info->tray) {
--                if (info->tray_open == disk->tray_status)
--                    continue;
--
-                 if (info->tray_open) {
-                     reason = VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN;
-                     disk->tray_status = VIR_DOMAIN_DISK_TRAY_OPEN;
-@@ -8742,8 +8739,10 @@ qemuProcessRefreshDisks(virDomainObj *vm,
-                     disk->tray_status = VIR_DOMAIN_DISK_TRAY_CLOSED;
-                 }
- 
--                event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
--                virObjectEventStateQueue(driver->domainEventState, event);
-+                if (emitEvent) {
-+                    virObjectEvent *event = virDomainEventTrayChangeNewFromObj(vm, disk->info.alias, reason);
-+                    virObjectEventStateQueue(driver->domainEventState, event);
-+                }
-             }
-         }
- 

0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch

@@ -0,0 +1,49 @@
+From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 17 May 2024 14:55:24 +0100
+Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We never release the reference on the GSource created for
+interrupting the main loop, nor do we remove it from the
+main context if our thread is woken up prior to the wakeup
+callback firing.
+
+This can result in a leak of GSource objects, along with an
+ever growing list of GSources attached to the main context,
+which will gradually slow down execution of the loop, as
+several operations are O(N) for the number of attached GSource
+objects.
+
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 147b0d661a..6d424eb599 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client,
+     /* Check to see if another thread is dispatching */
+     if (client->haveTheBuck) {
+         /* Force other thread to wakeup from poll */
+-        GSource *wakeup = g_idle_source_new();
++        g_autoptr(GSource) wakeup = g_idle_source_new();
+         g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
+         g_source_attach(wakeup, client->eventCtx);
+ 
+@@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client,
+             return -1;
+         }
+ 
++        g_source_destroy(wakeup);
+         VIR_DEBUG("Woken up from sleep head=%p call=%p",
+                   client->waitDispatch, thiscall);
+         /* Three reasons we can be woken up
+-- 
+2.45.1
+

0001-rpc-ensure-temporary-GSource-is-removed-from-client-.patch

@@ -0,0 +1,99 @@
+From 8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2024 11:51:15 +0100
+Subject: [PATCH] rpc: ensure temporary GSource is removed from client event
+ loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Users are seeing periodic segfaults from libvirt client apps,
+especially thread heavy ones like virt-manager. A typical
+stack trace would end up in the virNetClientIOEventFD method,
+with illegal access to stale stack data. eg
+
+==238721==ERROR: AddressSanitizer: stack-use-after-return on address 0x75cd18709788 at pc 0x75cd3111f907 bp 0x75cd181ff550 sp 0x75cd181ff548
+WRITE of size 4 at 0x75cd18709788 thread T11
+    #0 0x75cd3111f906 in virNetClientIOEventFD /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1634:15
+    #1 0x75cd3210d198  (/usr/lib/libglib-2.0.so.0+0x5a198) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #2 0x75cd3216c3be  (/usr/lib/libglib-2.0.so.0+0xb93be) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #3 0x75cd3210ddc6 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x5adc6) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #4 0x75cd3111a47c in virNetClientIOEventLoop /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1722:9
+    #5 0x75cd3111a47c in virNetClientIO /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2002:10
+    #6 0x75cd3111a47c in virNetClientSendInternal /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2170:11
+    #7 0x75cd311198a8 in virNetClientSendWithReply /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2198:11
+    #8 0x75cd31111653 in virNetClientProgramCall /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclientprogram.c:318:9
+    #9 0x75cd31241c8f in callFull /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6054:10
+    #10 0x75cd31241c8f in call /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6076:12
+    #11 0x75cd31241c8f in remoteNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/src/remote/remote_client_bodies.h:5959:9
+    #12 0x75cd31410ff7 in virNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/libvirt-network.c:952:15
+
+The root cause is a bad assumption in the virNetClientIOEventLoop
+method. This method is run by whichever thread currently owns the
+buck, and is responsible for handling I/O. Inside a for(;;) loop,
+this method creates a temporary GSource, adds it to the event loop
+and runs g_main_loop_run(). When I/O is ready, the GSource callback
+(virNetClientIOEventFD) will fire and call g_main_loop_quit(), and
+return G_SOURCE_REMOVE which results in the temporary GSource being
+destroyed. A g_autoptr() will then remove the last reference.
+
+What was overlooked, is that a second thread can come along and
+while it can't enter virNetClientIOEventLoop, it will register an
+idle source that uses virNetClientIOWakeup to interrupt the
+original thread's 'g_main_loop_run' call. When this happens the
+virNetClientIOEventFD callback never runs, and so the temporary
+GSource is not destroyed. The g_autoptr() will remove a reference,
+but by virtue of still being attached to the event context, there
+is an extra reference held causing GSource to be leaked. The
+next time 'g_main_loop_run' is called, the original GSource will
+trigger its callback, and access data that was allocated on the
+stack by the previous thread, and likely SEGV.
+
+To solve this, the thread calling 'g_main_loop_run' must call
+g_source_destroy, immediately upon return, to guarantee that
+the temporary GSource is removed.
+
+CVE-2024-4418
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Reported-by: Martin Shirokov <shirokovmartin@gmail.com>
+Tested-by: Martin Shirokov <shirokovmartin@gmail.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 68098b1c8d..147b0d661a 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ #endif /* !WIN32 */
+         int timeout = -1;
+         virNetMessage *msg = NULL;
+-        g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
++        g_autoptr(GSource) source = NULL;
+         GIOCondition ev = 0;
+         struct virNetClientIOEventData data = {
+             .client = client,
+@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ 
+         g_main_loop_run(client->eventLoop);
+ 
++        /*
++         * If virNetClientIOEventFD ran, this GSource will already be
++         * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
++         * it, since we still own a reference.
++         *
++         * If virNetClientIOWakeup ran, it will have interrupted the
++         * g_main_loop_run call, before virNetClientIOEventFD could
++         * run, and thus the GSource is still registered, and we need
++         * to destroy it since it is referencing stack memory for 'data'
++         */
++        g_source_destroy(source);
++
+ #ifndef WIN32
+         ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+ #endif /* !WIN32 */
+-- 
+2.45.1
+

0001-rpc-fix-race-in-waking-up-client-event-loop.patch

@@ -0,0 +1,76 @@
+From 7cb03e6a28e465c49f0cabe8fe2e7d21edb5aadf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 18 Dec 2023 12:17:18 +0000
+Subject: [PATCH] rpc: fix race in waking up client event loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The first thread to issue a client RPC request will own the event
+loop execution, sitting in the virNetClientIOEventLoop function.
+
+It releases the client lock while running:
+
+   virNetClientUnlock()
+   g_main_loop_run()
+   virNetClientLock()
+
+If a second thread arrives with an RPC request, it will queue it
+for the first thread to process. To inform the first thread that
+there's a new request it calls g_main_loop_quit() to break it out
+of the main loop.
+
+This works if the first thread is in g_main_loop_run() at that
+time. There is a small window of opportunity, however, where
+the first thread has released the client lock, but not yet got
+into g_main_loop_run(). If that happens, the wakeup from the
+second thread is lost.
+
+This patch deals with that by changing the way the wakeup is
+performed. Instead of directly calling g_main_loop_quit(), the
+second thread creates an idle source to run the quit function
+from within the first thread. This guarantees that the first
+thread will see the wakeup.
+
+Tested by: Fima Shevrin <efim.shevrin@virtuozzo.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Denis V. Lunev <den@openvz.org>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 4ab8af68c5..68098b1c8d 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1848,6 +1848,15 @@ static void virNetClientIOUpdateCallback(virNetClient *client,
+ }
+ 
+ 
++static gboolean virNetClientIOWakeup(gpointer opaque)
++{
++    GMainLoop *loop = opaque;
++
++    g_main_loop_quit(loop);
++
++    return G_SOURCE_REMOVE;
++}
++
+ /*
+  * This function sends a message to remote server and awaits a reply
+  *
+@@ -1925,7 +1934,9 @@ static int virNetClientIO(virNetClient *client,
+     /* Check to see if another thread is dispatching */
+     if (client->haveTheBuck) {
+         /* Force other thread to wakeup from poll */
+-        g_main_loop_quit(client->eventLoop);
++        GSource *wakeup = g_idle_source_new();
++        g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
++        g_source_attach(wakeup, client->eventCtx);
+ 
+         /* If we are non-blocking, detach the thread and keep the call in the
+          * queue. */
+-- 
+2.43.0
+

0002-ch-use-CURLOPT_UPLOAD-instead-of-CURLOPT_PUT.patch

@@ -1,39 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 18 Jan 2023 09:45:52 +0000
-Subject: [PATCH] ch: use CURLOPT_UPLOAD instead of CURLOPT_PUT
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Content-type: text/plain
-
-The CURLOPT_PUT constant causes a deprecation warning when compiling on
-Alpine Edge.  The docs indicate it is deprecated since 7.2.1
-
-  https://curl.se/libcurl/c/CURLOPT_PUT.html
-
-Since 7.87 the deprecation is now exposed at build time via a compiler
-warning.
-
-We already use CURLOPT_UPLOAD in the ESX driver, so this brings the CH
-driver into line.
-
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9cd70fb25cad171e415fb05a4e01f244304c602e)
----
- src/ch/ch_monitor.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c
-index 8d8654332f..7b8f0a8077 100644
---- a/src/ch/ch_monitor.c
-+++ b/src/ch/ch_monitor.c
-@@ -660,7 +660,7 @@ virCHMonitorPutNoContent(virCHMonitor *mon, const char *endpoint)
- 
-     curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH, mon->socketpath);
-     curl_easy_setopt(mon->handle, CURLOPT_URL, url);
--    curl_easy_setopt(mon->handle, CURLOPT_PUT, true);
-+    curl_easy_setopt(mon->handle, CURLOPT_UPLOAD, 1L);
-     curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, NULL);
- 
-     responseCode = virCHMonitorCurlPerform(mon->handle);

0003-storage-Fix-returning-of-locked-objects-from-virStor.patch

@@ -1,56 +0,0 @@
-From 9a47442366fcf8a7b6d7422016d7bbb6764a1098 Mon Sep 17 00:00:00 2001
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Thu, 13 Jul 2023 16:16:37 +0200
-Subject: [PATCH] storage: Fix returning of locked objects from
- 'virStoragePoolObjListSearch'
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2023-3750
-
-'virStoragePoolObjListSearch' explicitly documents that it's returning
-a pointer to a locked and ref'd pool that maches the lookup function.
-
-This was not the case as in commit 0c4b391e2a9 (released in
-libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD'
-which auto-unlocked it when leaving the scope, even when the code was
-originally "leaking" the lock.
-
-Revert the corresponding conversion and add a comment that this function
-is intentionally leaking a locked object.
-
-Fixes: 0c4b391e2a9
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Han Han <hhan@redhat.com>
----
- src/conf/virstorageobj.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/conf/virstorageobj.c b/src/conf/virstorageobj.c
-index 7010e97d61..59fa5da372 100644
---- a/src/conf/virstorageobj.c
-+++ b/src/conf/virstorageobj.c
-@@ -454,11 +454,16 @@ virStoragePoolObjListSearchCb(const void *payload,
-     virStoragePoolObj *obj = (virStoragePoolObj *) payload;
-     struct _virStoragePoolObjListSearchData *data =
-         (struct _virStoragePoolObjListSearchData *)opaque;
--    VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
- 
-+    virObjectLock(obj);
-+
-+    /* If we find the matching pool object we must return while the object is
-+     * locked as the caller wants to return a locked object. */
-     if (data->searcher(obj, data->opaque))
-         return 1;
- 
-+    virObjectUnlock(obj);
-+
-     return 0;
- }
- 
--- 
-2.41.0
-

0004-virpci-Resolve-leak-in-virPCIVirtualFunctionList-cle.patch

@@ -1,51 +0,0 @@
-From 6425a311b8ad19d6f9c0b315bf1d722551ea3585 Mon Sep 17 00:00:00 2001
-From: Tim Shearer <TShearer@adva.com>
-Date: Mon, 1 May 2023 13:15:48 +0000
-Subject: [PATCH] virpci: Resolve leak in virPCIVirtualFunctionList cleanup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Repeatedly querying an SR-IOV PCI device's capabilities exposes a
-memory leak caused by a failure to free the virPCIVirtualFunction
-array within the parent struct's g_autoptr cleanup.
-
-Valgrind output after getting a single interface's XML description
-1000 times:
-
-==325982== 256,000 bytes in 1,000 blocks are definitely lost in loss record 2,634 of 2,635
-==325982==    at 0x4C3C096: realloc (vg_replace_malloc.c:1437)
-==325982==    by 0x59D952D: g_realloc (in /usr/lib64/libglib-2.0.so.0.5600.4)
-==325982==    by 0x4EE1F52: virReallocN (viralloc.c:52)
-==325982==    by 0x4EE1FB7: virExpandN (viralloc.c:78)
-==325982==    by 0x4EE219A: virInsertElementInternal (viralloc.c:183)
-==325982==    by 0x4EE23B2: virAppendElement (viralloc.c:288)
-==325982==    by 0x4F65D85: virPCIGetVirtualFunctionsFull (virpci.c:2389)
-==325982==    by 0x4F65753: virPCIGetVirtualFunctions (virpci.c:2256)
-==325982==    by 0x505CB75: virNodeDeviceGetPCISRIOVCaps (node_device_conf.c:2969)
-==325982==    by 0x505D181: virNodeDeviceGetPCIDynamicCaps (node_device_conf.c:3099)
-==325982==    by 0x505BC4E: virNodeDeviceUpdateCaps (node_device_conf.c:2677)
-==325982==    by 0x260FCBB2: nodeDeviceGetXMLDesc (node_device_driver.c:355)
-
-Signed-off-by: Tim Shearer <tshearer@adva.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Han Han <hhan@redhat.com>
----
- src/util/virpci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/util/virpci.c b/src/util/virpci.c
-index 9e564e4a4f..cc2b07bbba 100644
---- a/src/util/virpci.c
-+++ b/src/util/virpci.c
-@@ -2245,6 +2245,7 @@ virPCIVirtualFunctionListFree(virPCIVirtualFunctionList *list)
-         g_free(list->functions[i].ifname);
-     }
- 
-+    g_free(list->functions);
-     g_free(list);
- }
- 
--- 
-2.41.0
-

libvirt-regression-input-default-bus.patch

@@ -0,0 +1,31 @@
+From c9056e682a8a67dc29e39eb01392fcf8ee978c31 Mon Sep 17 00:00:00 2001
+From: Jonathan Wright <jonathan@almalinux.org>
+Date: Wed, 3 Jan 2024 09:26:59 -0600
+Subject: [PATCH] conf: Restore setting default bus for input devices
+
+Prior to v9.3.0-rc1~30 we used to set default bus for <input/>
+devices, during XML parsing. In the commit this code was moved to
+a post parse callback. But somehow the line that sets the bus in
+one specific case disappeared. Bring it back.
+
+Resolves: https://gitlab.com/libvirt/libvirt/-/issues/577
+Fixes: c4bc4d3b82fbe22e03c986ca896090f481df5c10
+Signed-off-by: Jonathan Wright <jonathan@almalinux.org>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/conf/domain_postparse.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c
+index e79913b73f..ee27023f3e 100644
+--- a/src/conf/domain_postparse.c
++++ b/src/conf/domain_postparse.c
+@@ -657,6 +657,7 @@ virDomainInputDefPostParse(virDomainInputDef *input,
+             if ((input->type == VIR_DOMAIN_INPUT_TYPE_MOUSE ||
+                  input->type == VIR_DOMAIN_INPUT_TYPE_KBD) &&
+                 (ARCH_IS_X86(def->os.arch) || def->os.arch == VIR_ARCH_NONE)) {
++                    input->bus = VIR_DOMAIN_INPUT_BUS_PS2;
+             } else if (ARCH_IS_S390(def->os.arch) ||
+                        input->type == VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH) {
+                 input->bus = VIR_DOMAIN_INPUT_BUS_VIRTIO;
+-- 

sources

@@ -1 +1 @@
-SHA512 (libvirt-9.0.0.tar.xz) = 135f690f9fe722161c22579166f10a54d52941a371439165fd0e3d391ca7835049a3bcbff33fc81c50153046230db8a5a318d707383bad3141d489d2faa09ecb
+SHA512 (libvirt-9.7.0.tar.xz) = dd771822c0fa0861a32cab9d7f82235b101867fa0a4e8cf9a857ddfb2347e41b625b1e6f8791c4b3543fec836a1a23cae1fac4ce4b40debd51f2097bae46c949