Rebuild for wireshark soname change rhbz#2031322

Now with missing patches Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-12-13 15:33:14 +00:00 · 2021-12-13 15:21:21 +00:00 · 2021-07-27 14:18:27 -04:00 · 2021-07-02 16:32:25 -04:00 · 2021-06-29 09:51:22 -04:00
25 changed files with 1272 additions and 3129 deletions
@@ -1,31 +0,0 @@
-From 5629ebcb4234fde10fd9468d5fc5dd4947ed8677 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 29 Apr 2025 15:49:10 +0100
-Subject: [PATCH] Fix mocking of virQEMUCapsProbeHVF function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/qemu/qemu_capabilities.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index ea7c14daa9..488a1a058e 100644
--- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -943,7 +943,7 @@ bool
- virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_NO_INLINE;
- 
- bool
-virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE;
-+virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE __attribute__((noipa));
- 
- virArch virQEMUCapsArchFromString(const char *arch);
- const char *virQEMUCapsArchToString(virArch arch);
-- 
-2.49.0
-
@@ -0,0 +1,56 @@
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 21 Jan 2021 16:01:06 -0500
+Subject: [PATCH] build: support explicitly disabling netcf
+
+placing "-Dnetcf=disabled" on the meson commandline was ignored,
+meaning that even with that option the build would get WITH_NETCF if
+the netcf-devel package was found - the only way to disable it was to
+uninstall netcf-devel.
+
+This patch adds the small bit of logic to check the netcf meson
+commandline option (in addition to whether netcf-devel is installed)
+before defining WITH_NETCF.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Neal Gompa <ngompa13@gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 06169a115d46d8870a96d293c2faf6ea87e71020)
+---
+ meson.build | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index b5164f68ed..e9d6d9f82e 100644
+--- a/meson.build
+++ b/meson.build
+@@ -1155,8 +1155,10 @@ libm_dep = cc.find_library('m', required : false)
+ 
+ netcf_version = '0.1.8'
+ netcf_dep = dependency('netcf', version: '>=' + netcf_version, required: get_option('netcf'))
+-if netcf_dep.found()
+-  conf.set('WITH_NETCF', 1)
+if not get_option('netcf').disabled()
+  if netcf_dep.found()
+    conf.set('WITH_NETCF', 1)
+  endif
+ endif
+ 
+ have_gnu_gettext_tools = false
+@@ -1550,7 +1552,7 @@ elif get_option('driver_hyperv').enabled()
+   error('openwsman is required for the Hyper-V driver')
+ endif
+ 
+-if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or netcf_dep.found())
+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
+   conf.set('WITH_INTERFACE', 1)
+ elif get_option('driver_interface').enabled()
+   error('Requested the Interface driver without netcf or udev and libvirtd support')
+@@ -2362,7 +2364,7 @@ libs_summary = {
+   'libssh': libssh_dep.found(),
+   'libssh2': libssh2_dep.found(),
+   'libutil': libutil_dep.found(),
+-  'netcf': netcf_dep.found(),
+  'netcf': conf.has('WITH_NETCF'),
+   'NLS': have_gnu_gettext_tools,
+   'numactl': numactl_dep.found(),
+   'openwsman': openwsman_dep.found(),
@@ -1,85 +0,0 @@
-From 63a3d70697dc44ef2f8b40f7c8e9aa869227a7da Mon Sep 17 00:00:00 2001
-From: Jiang XueQian <jiangxueqian@gmail.com>
-Date: Sat, 18 Jan 2025 16:32:10 +0800
-Subject: [PATCH] nss: Skip empty files and avoid use of uninitialized value
-Content-type: text/plain
-
-JSON parser isn't called when reading empty files so `jerr` will be used
-uninitialized in the original code. Empty files appear when a network
-has no dhcp clients.
-
-This patch checks for such files and skip them.
-
-Fixes: a8d828c88bbdaf83ae78dc06cdd84d5667fcc424
-Signed-off-by: Jiang XueQian <jiangxueqian@gmail.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
- tools/nss/libvirt_nss_leases.c | 9 +++++++--
- tools/nss/libvirt_nss_macs.c   | 9 +++++++--
- 2 files changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c
-index aea81bb56e..25ea6b0ce2 100644
--- a/tools/nss/libvirt_nss_leases.c
-+++ b/tools/nss/libvirt_nss_leases.c
-@@ -263,7 +263,7 @@ findLeases(const char *file,
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
-     char line[1024];
-    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
- 
-     if ((fd = open(file, O_RDONLY)) < 0) {
-@@ -290,12 +290,17 @@ findLeases(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
-    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }
-diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c
-index 23229a18f3..bac8c0e1bb 100644
--- a/tools/nss/libvirt_nss_macs.c
-+++ b/tools/nss/libvirt_nss_macs.c
-@@ -124,7 +124,7 @@ findMACs(const char *file,
-     json_tokener *tok = NULL;
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
-    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
-     size_t i;
- 
-@@ -152,12 +152,17 @@ findMACs(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
-    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }
@@ -1,68 +0,0 @@
-From cd0de70e05475d5f4aa46e578fbb98033d38c06b Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 16 Jun 2025 10:28:37 +0200
-Subject: [PATCH] qemu: Be more forgiving when acquiring QUERY job when
- formatting domain XML
-Content-type: text/plain
-
-In my previous commit of v11.0.0-rc1~115 I've made QEMU driver
-implementation for virDomainGetXMLDesc() (qemuDomainGetXMLDesc())
-acquire QERY job. See its commit message for more info. But this
-unfortunately broke apps witch fetch domain XML for incoming
-migration (like virt-manager). The reason is that for incoming
-migration the VIR_ASYNC_JOB_MIGRATION_IN async job is set, but
-the mask of allowed synchronous jobs is empty (because QEMU can't
-talk on monitor really). This makes virDomainObjBeginJob() fail
-which in turn makes qemuDomainGetXMLDesc() fail too.
-
-It makes sense for qemuDomainGetXMLDesc() to acquire the job
-(e.g. so that it's coherent with another thread that might be in
-the middle of a MODIFY job). But failure to dump XML may be
-treated as broken daemon (e.g. virt-manager does so).
-
-Therefore, still try to acquire the QUERY job (if job mask
-permits it) but, do not treat failure as an error.
-
-Fixes: 6cc93bf28842526be2fd596a607ebca796b7fb2e
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2369243
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
- src/qemu/qemu_driver.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index d2eddbd9ae..6bdeede2e8 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -6158,6 +6158,7 @@ static char
- {
-     virQEMUDriver *driver = dom->conn->privateData;
-     virDomainObj *vm;
-+    bool hasJob = false;
-     char *ret = NULL;
- 
-     virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS | VIR_DOMAIN_XML_UPDATE_CPU,
-@@ -6169,8 +6170,10 @@ static char
-     if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
-         goto cleanup;
- 
-    if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0)
-        goto cleanup;
-+    if (virDomainNestedJobAllowed(vm->job, VIR_JOB_QUERY) &&
-+        virDomainObjBeginJob(vm, VIR_JOB_QUERY) >= 0) {
-+        hasJob = true;
-+    }
- 
-     qemuDomainUpdateCurrentMemorySize(vm);
- 
-@@ -6186,7 +6189,8 @@ static char
- 
-     ret = qemuDomainFormatXML(driver, vm, flags);
- 
-    virDomainObjEndJob(vm);
-+    if (hasJob)
-+        virDomainObjEndJob(vm);
- 
-  cleanup:
-     virDomainObjEndAPI(&vm);
@@ -1,94 +0,0 @@
-From 63e4cbd109374f44e8bd4f8d1af5e2a2c67611bc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:42:13 +0100
-Subject: [PATCH] storage: stop hardcoding paths for mkfs, mount, umount
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-This was always undesirable but now causes problems on Fedora 42
-where at build time we detect a /sbin path but at runtime this
-will only exist on upgraded machines, not fresh installs.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- meson.build                      | 13 -------------
- src/storage/storage_backend_fs.c | 17 +++--------------
- 2 files changed, 3 insertions(+), 27 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 37b1caa566..14c98b49a1 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1827,23 +1827,10 @@ if conf.has('WITH_LIBVIRTD')
-       endif
-     endif
- 
-    if fs_enable
-      mount_prog = find_program('mount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-      umount_prog = find_program('umount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-      mkfs_prog = find_program('mkfs', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-
-      if not mount_prog.found() or not umount_prog.found() or not mkfs_prog.found()
-        fs_enable = false
-      endif
-    endif
-
-     if fs_enable
-       use_storage = true
- 
-       conf.set('WITH_STORAGE_FS', 1)
-      conf.set_quoted('MOUNT', mount_prog.full_path())
-      conf.set_quoted('UMOUNT', umount_prog.full_path())
-      conf.set_quoted('MKFS', mkfs_prog.full_path())
-     endif
-   endif
- 
-diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
-index fce395d60f..6ec359625a 100644
--- a/src/storage/storage_backend_fs.c
-+++ b/src/storage/storage_backend_fs.c
-@@ -304,7 +304,7 @@ virStorageBackendFileSystemMount(virStoragePoolObj *pool)
-     if (!(src = virStorageBackendFileSystemGetPoolSource(pool)))
-         return -1;
- 
-    cmd = virStorageBackendFileSystemMountCmd(MOUNT, def, src);
-+    cmd = virStorageBackendFileSystemMountCmd("mount", def, src);
- 
-     /* Mounting a shared FS might take a long time. Don't hold
-      * the pool locked meanwhile. */
-@@ -362,7 +362,7 @@ virStorageBackendFileSystemStop(virStoragePoolObj *pool)
-     if ((rc = virStorageBackendFileSystemIsMounted(pool)) != 1)
-         return rc;
- 
-    cmd = virCommandNewArgList(UMOUNT, def->target.path, NULL);
-+    cmd = virCommandNewArgList("umount", def->target.path, NULL);
-     return virCommandRun(cmd, NULL);
- }
- #endif /* WITH_STORAGE_FS */
-@@ -402,18 +402,7 @@ virStorageBackendExecuteMKFS(const char *device,
-     g_autoptr(virCommand) cmd = NULL;
-     g_autofree char *mkfs = NULL;
- 
-#if WITH_STORAGE_FS
-    mkfs = virFindFileInPath(MKFS);
-#endif /* WITH_STORAGE_FS */
-
-    if (!mkfs) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("mkfs is not available on this platform: Failed to make filesystem of type '%1$s' on device '%2$s'"),
-                       format, device);
-        return -1;
-    }
-
-    cmd = virCommandNewArgList(mkfs, "-t", format, NULL);
-+    cmd = virCommandNewArgList("mkfs", "-t", format, NULL);
- 
-     /* use the force, otherwise mkfs.xfs won't overwrite existing fs.
-      * Similarly mkfs.ext2, mkfs.ext3, and mkfs.ext4 require supplying -F
-- 
-2.49.0
-
@@ -1,43 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-To: devel@lists.libvirt.org
-Subject: [PATCH] util: avoid overflow in hextable buffer
-Date: Mon, 20 Jan 2025 10:09:24 +0000
-Message-ID: <20250120100924.3864818-1-berrange@redhat.com>
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The assigned string is 17 chars long once the trailing nul is taken
-into account. This triggers a warning with GCC 15
-
- src/util/virsystemd.c: In function â€˜virSystemdEscapeNameâ€™:
- src/util/virsystemd.c:59:38: error: initializer-string for array of â€˜charâ€™ is too long [-Werror=unterminated-string-initialization]
-    59 |     static const char hextable[16] = "0123456789abcdef";
-       |                                      ^~~~~~~~~~~~~~~~~~
-
-Switch to a dynamically sized array as used in all the other places
-we have a hextable array.
-
-See also: https://gcc.gnu.org/PR115185
-Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>
-Signed-off-by: Daniel P. BerrangÃ© <berrange@redhat.com>
---
- src/util/virsystemd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
-index 5b772e29dd..d46e5f74fc 100644
--- a/src/util/virsystemd.c
-+++ b/src/util/virsystemd.c
-@@ -56,7 +56,7 @@ struct _virSystemdActivationEntry {
- static void virSystemdEscapeName(virBuffer *buf,
-                                  const char *name)
- {
-    static const char hextable[16] = "0123456789abcdef";
-+    static const char hextable[] = "0123456789abcdef";
- 
- #define ESCAPE(c) \
-     do { \
-- 
-2.47.1
-
@@ -1,58 +0,0 @@
-From 7ab0f1c2a3fddf46d381f055e49111e3063b4829 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:47:34 +0100
-Subject: [PATCH] util: stop hardcoding numad path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Change the meson rules to always enable numad if on a Linux host, unless
-the meson options say not to.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- meson.build        | 10 +++-------
- src/util/virnuma.c |  2 +-
- 2 files changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 14c98b49a1..767205f44b 100644
--- a/meson.build
-+++ b/meson.build
-@@ -2028,14 +2028,10 @@ if not get_option('nss').disabled()
-   endif
- endif
- 
-if not get_option('numad').disabled() and numactl_dep.found()
-  numad_prog = find_program('numad', required: get_option('numad'), dirs: libvirt_sbin_path)
-  if numad_prog.found()
-    conf.set('WITH_NUMAD', 1)
-    conf.set_quoted('NUMAD', numad_prog.full_path())
-  endif
-+if not get_option('numad').disabled() and numactl_dep.found() and host_machine.system() == 'linux'
-+  conf.set('WITH_NUMAD', 1)
- elif get_option('numad').enabled()
-  error('You must have numactl enabled for numad support.')
-+  error('You must have a Linux host with numactl enabled for numad support.')
- endif
- 
- # nwfilter should only be compiled for linux, and only if the
-diff --git a/src/util/virnuma.c b/src/util/virnuma.c
-index 9393c20875..67c51630c7 100644
--- a/src/util/virnuma.c
-+++ b/src/util/virnuma.c
-@@ -61,7 +61,7 @@ virNumaGetAutoPlacementAdvice(unsigned short vcpus,
-     g_autoptr(virCommand) cmd = NULL;
-     char *output = NULL;
- 
-    cmd = virCommandNewArgList(NUMAD, "-w", NULL);
-+    cmd = virCommandNewArgList("numad", "-w", NULL);
-     virCommandAddArgFormat(cmd, "%d:%llu", vcpus,
-                            VIR_DIV_UP(balloon, 1024));
- 
-- 
-2.49.0
-
@@ -1,36 +0,0 @@
-From b825bb556bd3967bf5422c243b77bd4038e317e2 Mon Sep 17 00:00:00 2001
-Message-ID: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 10:34:51 +0200
-Subject: [PATCH 1/8] wireshark: Drop needless declaration of
- proto_register_libvirt() and proto_reg_handoff_libvirt()
-Content-type: text/plain
-
-Both proto_register_libvirt() and proto_reg_handoff_libvirt() are
-declared in packet-libvirt.h which is included from plugin.c.
-There's no need to provide another declaration in plugin.c.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/plugin.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 9a83f2ca07..19b25e7b1a 100644
--- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -72,9 +72,6 @@ void plugin_register(void)
- 
- #else /* WIRESHARK_VERSION >= 2009000 */
- 
-void proto_register_libvirt(void);
-void proto_reg_handoff_libvirt(void);
-
- WS_DLL_PUBLIC_DEF const gchar plugin_version[] = PLUGIN_VERSION;
- WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
- WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
-- 
-2.51.0
-
@@ -0,0 +1,72 @@
+From: wangjian <wangjian161@huawei.com>
+Date: Fri, 26 Mar 2021 11:21:16 +0800
+Subject: [PATCH] node_device_udev: Serialize access to pci_get_strings)_
+
+Since the functions provided by libpciaccess are not thread-safe,
+when the udev-event and nodedev-init threads of libvirt call the
+pci_get_strings function provided by libpaciaccess at the same
+time the following can happen:
+
+nodedev-init thread:
+nodeStateInitializeEnumerate ->
+  udevEnumerateDevices->
+    udevProcessDeviceListEntry ->
+      udevAddOneDevice ->
+        udevGetDeviceDetails->
+          udevProcessPCI ->
+            udevTranslatePCIIds ->
+              pci_get_strings -> (libpciaccess)
+                find_device_name ->
+                  populate_vendor ->
+                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
+                    vend->num_devices++;
+
+udev-event thread:
+udevEventHandleThread ->
+  udevHandleOneDevice ->
+    udevAddOneDevice->
+      udevGetDeviceDetails->
+        udevProcessPCI ->
+          udevTranslatePCIIds ->
+            pci_get_strings -> (libpciaccess)
+              find_device_name ->
+                populate_vendor ->
+                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
+                  vend->num_devices++;
+
+Signed-off-by: WangJian <wangjian161@huawei.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 59788a5caea5f292c86e07a31ee2b853d68db87e)
+---
+ src/node_device/node_device_udev.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
+index 55a2731681..6f0defe908 100644
+--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
+@@ -328,6 +328,7 @@ udevGenerateDeviceName(struct udev_device *device,
+     return 0;
+ }
+ 
+static virMutex pciaccessMutex = VIR_MUTEX_INITIALIZER;
+ 
+ static int
+ udevTranslatePCIIds(unsigned int vendor,
+@@ -346,12 +347,14 @@ udevTranslatePCIIds(unsigned int vendor,
+     m.device_class_mask = 0;
+     m.match_data = 0;
+ 
+-    /* pci_get_strings returns void */
+    /* pci_get_strings returns void and unfortunately is not thread safe. */
+    virMutexLock(&pciaccessMutex);
+     pci_get_strings(&m,
+                     &device_name,
+                     &vendor_name,
+                     NULL,
+                     NULL);
+    virMutexUnlock(&pciaccessMutex);
+ 
+     *vendor_string = g_strdup(vendor_name);
+     *product_string = g_strdup(device_name);
@@ -1,47 +0,0 @@
-From 41d3b457972bde85991fa7ed6f282370aca4b2af Mon Sep 17 00:00:00 2001
-Message-ID: <41d3b457972bde85991fa7ed6f282370aca4b2af.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:20:05 +0200
-Subject: [PATCH 2/8] wireshark: Switch header files to #pragma once
-Content-type: text/plain
-
-The genxdrstub.pl script generates some header files. But they
-use the old pattern to guard against multiple inclusion:
-
-  #ifndef SOMETHING_H
-  #define SOMETHING_H
-  ...
-  #endif
-
-Change the script to generate just '#pragma once' used everywhere
-else in our code.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/util/genxdrstub.pl | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 8cfda25a27..01b663a88c 100755
--- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -563,11 +563,8 @@ sub add_header_file {
-     local $self->{header_contents} = [];
-     $self->print("/* *DO NOT MODIFY* this file directly.\n");
-     $self->print(" * This file was generated by $0 from libvirt version $libvirt_version */\n");
-    my $ucname = uc $name;
-    $self->print("#ifndef _$ucname\_H_\n");
-    $self->print("#define _$ucname\_H_\n");
-+    $self->print("#pragma once\n");
-     $block->();
-    $self->print("#endif /* _$ucname\_H_ */");
-     push @{ $self->{headers} }, [ $name, delete $self->{header_contents} ];
- }
- 
-- 
-2.51.0
-
@@ -0,0 +1,53 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 24 Jun 2021 16:58:09 +0200
+Subject: [PATCH] virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
+
+There are few cases where we execute a virCommand with all caps
+cleared (virCommandClearCaps()). For instance
+dnsmasqCapsRefreshInternal() does just that. This means, that
+after fork() and before exec() the virSetUIDGIDWithCaps() is
+called. But since the caller did not want to change anything,
+just drop capabilities, these are the values of arguments:
+
+  virSetUIDGIDWithCaps (uid=-1, gid=-1, groups=0x0, ngroups=0,
+                        capBits=0, clearExistingCaps=true)
+
+This means that indeed all capabilities will be dropped,
+including CAP_SETPCAP. But this capability controls whether
+capabilities can be set, IOW whether capng_apply() succeeds.
+
+There are two calls of capng_apply() in the function. The
+CAP_SETPCAP is dropped after the first call and thus the other
+call (capng_apply(CAPNG_SELECT_BOUNDS);) fails.
+
+The solution is to keep the capability for as long as needed
+(just like CAP_SETGID and CAP_SETUID) and drop it only at the
+very end (just like CAP_SETGID and CAP_SETUID).
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949388
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 438b50dda8a863fdc988e9ab612f097cc1626e8a)
+---
+ src/util/virutil.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/util/virutil.c b/src/util/virutil.c
+index a0cd0f1bcd..7ae23a7061 100644
+--- a/src/util/virutil.c
+++ b/src/util/virutil.c
+@@ -1202,12 +1202,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
+     }
+ # ifdef PR_CAPBSET_DROP
+     /* If newer kernel, we need also need setpcap to change the bounding set */
+-    if ((capBits || need_setgid || need_setuid) &&
+-        !capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
+    if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
+         need_setpcap = true;
+-    }
+-    if (need_setpcap)
+         capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
+    }
+ # endif
+ 
+     /* Tell system we want to keep caps across uid change */
@@ -1,81 +0,0 @@
-From 02a0e78bf54c903da8922c56bade9b3298ade351 Mon Sep 17 00:00:00 2001
-Message-ID: <02a0e78bf54c903da8922c56bade9b3298ade351.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:04:17 +0200
-Subject: [PATCH 3/8] wireshark: Move WIRESHARK_VERSION macro definition
-Content-type: text/plain
-
-Soon, other parts of the wireshark code will need to
-differentiate wrt wireshark version. Therefore, move the
-WIRESHARK_VERSION macro definition among with its deps into
-packet-libvirt.h.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.h | 14 ++++++++++++++
- tools/wireshark/src/plugin.c         | 14 --------------
- 2 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.h b/tools/wireshark/src/packet-libvirt.h
-index 14e6e13696..15cfcb0534 100644
--- a/tools/wireshark/src/packet-libvirt.h
-+++ b/tools/wireshark/src/packet-libvirt.h
-@@ -19,5 +19,19 @@
- 
- #pragma once
- 
-+#ifdef WITH_WS_VERSION
-+# include <wireshark/ws_version.h>
-+#else
-+# include <wireshark/config.h>
-+# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
-+# define WIRESHARK_VERSION_MINOR VERSION_MINOR
-+# define WIRESHARK_VERSION_MICRO VERSION_MICRO
-+#endif
-+
-+#define WIRESHARK_VERSION \
-+    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
-+     (WIRESHARK_VERSION_MINOR * 1000) + \
-+     (WIRESHARK_VERSION_MICRO))
-+
- void proto_register_libvirt(void);
- void proto_reg_handoff_libvirt(void);
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 19b25e7b1a..64317b5280 100644
--- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -12,15 +12,6 @@
- 
- #include <config.h>
- 
-#ifdef WITH_WS_VERSION
-# include <wireshark/ws_version.h>
-#else
-# include <wireshark/config.h>
-# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
-# define WIRESHARK_VERSION_MINOR VERSION_MINOR
-# define WIRESHARK_VERSION_MICRO VERSION_MICRO
-#endif
-
- #define HAVE_PLUGINS 1
- #include <wireshark/epan/proto.h>
- /* plugins are DLLs */
-@@ -32,11 +23,6 @@
- /* Let the plugin version be the version of libvirt */
- #define PLUGIN_VERSION VERSION
- 
-#define WIRESHARK_VERSION \
-    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
-     (WIRESHARK_VERSION_MINOR * 1000) + \
-     (WIRESHARK_VERSION_MICRO))
-
- #if WIRESHARK_VERSION < 2005000
- 
- WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
-- 
-2.51.0
-
@@ -0,0 +1,51 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 28 Jun 2021 13:09:04 +0100
+Subject: [PATCH] security: fix SELinux label generation logic
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+A process can access a file if the set of MCS categories
+for the file is equal-to *or* a subset-of, the set of
+MCS categories for the process.
+
+If there are two VMs:
+
+  a) svirt_t:s0:c117
+  b) svirt_t:s0:c117,c720
+
+Then VM (b) is able to access files labelled for VM (a).
+
+IOW, we must discard case where the categories are equal
+because that is a subset of many other valid category pairs.
+
+Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
+CVE-2021-3631
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
+---
+ src/security/security_selinux.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 2fc6ef2616..61a871ec3d 100644
+--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
+@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
+         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
+ 
+         if (c1 == c2) {
+-            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
+            /*
+             * A process can access a file if the set of MCS categories
+             * for the file is equal-to *or* a subset-of, the set of
+             * MCS categories for the process.
+             *
+             * IOW, we must discard case where the categories are equal
+             * because that is a subset of other category pairs.
+             */
+            continue;
+         } else {
+             if (c1 > c2) {
+                 int t = c1;
@@ -1,133 +0,0 @@
-From 7374c4ecbd591b02f7be4b2918addc6d5852aafb Mon Sep 17 00:00:00 2001
-Message-ID: <7374c4ecbd591b02f7be4b2918addc6d5852aafb.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:21:30 +0200
-Subject: [PATCH 4/8] wireshark: Fix int type of some virNetMessageHeader
- members
-Content-type: text/plain
-
-Our virNetMessageHeader is a struct that's declared as follows:
-
-  struct virNetMessageHeader {
-      unsigned prog;
-      unsigned vers;
-      int proc;
-      virNetMessageType type;
-      unsigned serial;
-      virNetMessageStatus status;
-  };
-
-Now, per RFC 4506 enums are also encoded as signed integers. This
-means, that only 'prog', 'vers' and 'serial' are really unsigned
-integers. The others ('proc', 'type' and 'status') are encoded as
-signed integers. Fix their type when dissecting.
-
-While at it, also follow latest trend in wireshark and switch
-from guint32 to uint32_t.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 34 +++++++++++++++++++---------
- 1 file changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index da2aabd98a..af14c6bed7 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -92,7 +92,7 @@ typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xd
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
-    guint32             proc;
-+    int32_t             proc;
-     vir_xdr_dissector_t args;
-     vir_xdr_dissector_t ret;
-     vir_xdr_dissector_t msg;
-@@ -275,8 +275,10 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- }
- 
- static vir_xdr_dissector_t
-find_payload_dissector(guint32 proc, guint32 type,
-                       const vir_dissector_index_t *pds, gsize length)
-+find_payload_dissector(int32_t proc,
-+                       enum vir_net_message_type type,
-+                       const vir_dissector_index_t *pds,
-+                       gsize length)
- {
-     const vir_dissector_index_t *pd;
-     guint32 first, last, direction;
-@@ -309,6 +311,10 @@ find_payload_dissector(guint32 proc, guint32 type,
-         return pd->ret;
-     case VIR_NET_MESSAGE:
-         return pd->msg;
-+    case VIR_NET_STREAM:
-+    case VIR_NET_STREAM_HOLE:
-+        /* Handled elsewhere */
-+        return NULL;
-     }
-     return NULL;
- }
-@@ -397,8 +403,12 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- #include "libvirt/protocol.h"
- 
- static void
-dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
-                        guint32 prog, guint32 proc, guint32 type, guint32 status)
-+dissect_libvirt_payload(tvbuff_t *tvb,
-+                        proto_tree *tree,
-+                        uint32_t prog,
-+                        int32_t proc,
-+                        int32_t type,
-+                        int32_t status)
- {
-     gssize payload_length;
- 
-@@ -430,7 +440,8 @@ dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
-     return;
- 
-  unknown:
-    dbg("Cannot determine payload: Prog=%u, Proc=%u, Type=%u, Status=%u", prog, proc, type, status);
-+    dbg("Cannot determine payload: Prog=%u, Proc=%d, Type=%d, Status=%d",
-+        prog, proc, type, status);
-     proto_tree_add_item(tree, hf_libvirt_unknown, tvb, VIR_HEADER_LEN, -1, ENC_NA);
- }
- 
-@@ -439,7 +450,8 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                         void *opaque G_GNUC_UNUSED)
- {
-     goffset offset;
-    guint32 prog, proc, type, serial, status;
-+    uint32_t prog, serial;
-+    int32_t proc, type, status;
-     const value_string *vs;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-@@ -448,17 +460,17 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     offset = 4; /* End of length field */
-     prog   = tvb_get_ntohl(tvb, offset); offset += 4;
-     offset += 4; /* Ignore version header field */
-    proc   = tvb_get_ntohl(tvb, offset); offset += 4;
-    type   = tvb_get_ntohl(tvb, offset); offset += 4;
-+    proc   = tvb_get_ntohil(tvb, offset); offset += 4;
-+    type   = tvb_get_ntohil(tvb, offset); offset += 4;
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-    status = tvb_get_ntohl(tvb, offset); offset += 4;
-+    status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-     if (vs == NULL) {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%u", proc);
-+        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
-     } else {
-         col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-     }
-- 
-2.51.0
-
@@ -0,0 +1,43 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 22 Jul 2021 14:26:00 +0200
+Subject: [PATCH] virSetUIDGIDWithCaps: Set bounding capabilities only with
+ CAP_SETPCAP
+
+In one of my previous patches I've tried to postpone dropping
+CAP_SETPCAP until the very end because it's needed for
+capng_apply(). What I did not realize back then was that we might
+not have the capability to begin with. Because of unknown reasons
+capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
+for CAPNG_SELECT_CAPS.
+
+Reproducer is really simple: run libvirtd as a regular user.
+During its initialization, libvirtd will spawn some binaries
+(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
+capabilities.
+
+Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
+have the CAP_SETPCAP (which is tracked in need_setpcap variable).
+
+Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+(cherry picked from commit a2476f37a7789eb9315b77bb451f4754ef4ef15b)
+---
+ src/util/virutil.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/util/virutil.c b/src/util/virutil.c
+index 7ae23a7061..333f99e91d 100644
+--- a/src/util/virutil.c
+++ b/src/util/virutil.c
+@@ -1269,7 +1269,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
+      * do this if we failed to get the capability above, so ignore the
+      * return value.
+      */
+-    capng_apply(CAPNG_SELECT_BOUNDS);
+    if (!need_setpcap)
+        capng_apply(CAPNG_SELECT_BOUNDS);
+ 
+     /* Drop the caps that allow setuid/gid (unless they were requested) */
+     if (need_setgid)
@@ -1,46 +0,0 @@
-From 1086888f95a322101f8cf53b63c96600ccbeb882 Mon Sep 17 00:00:00 2001
-Message-ID: <1086888f95a322101f8cf53b63c96600ccbeb882.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:16:54 +0200
-Subject: [PATCH 5/8] wireshark: Don't special case retval of
- get_program_data() in dissect_libvirt_message()
-Content-type: text/plain
-
-The get_program_data() function returns a pointer (in this
-specific case to an array of procedure strings) which, if
-non-NULL is then passed val_to_str(). Well, if val_to_str() sees
-NULL it is treated gracefully, i.e. like if the numeric value
-'proc' wasn't found in the array.
-
-Therefore, there's no need to special case call to
-col_append_fstr(). Both result into the same behaviour.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index af14c6bed7..6c729801d4 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -469,11 +469,7 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    if (vs == NULL) {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
-    } else {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-    }
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     val_to_str(type, type_strings, "%d"), serial,
-- 
-2.51.0
-
@@ -0,0 +1,57 @@
+From: Pavel Hrdina <phrdina@redhat.com>
+Date: Mon, 10 May 2021 15:07:09 +0200
+Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When QEMU introduces new firmware features libvirt will fail until we
+list that feature in our code as well which doesn't sound right.
+
+We should simply ignore the new feature until we add a proper support
+for it.
+
+Reported-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
+---
+ src/qemu/qemu_firmware.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
+index 639cff7459..e602de22e3 100644
+--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
+@@ -573,6 +573,7 @@ qemuFirmwareFeatureParse(const char *path,
+     virJSONValuePtr featuresJSON;
+     g_autoptr(qemuFirmwareFeature) features = NULL;
+     size_t nfeatures;
+    size_t nparsed = 0;
+     size_t i;
+ 
+     if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
+@@ -592,17 +593,16 @@ qemuFirmwareFeatureParse(const char *path,
+         int tmp;
+ 
+         if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
+-            virReportError(VIR_ERR_INTERNAL_ERROR,
+-                           _("unknown feature %s"),
+-                           tmpStr);
+-            return -1;
+            VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
+            continue;
+         }
+ 
+-        features[i] = tmp;
+        features[nparsed] = tmp;
+        nparsed++;
+     }
+ 
+     fw->features = g_steal_pointer(&features);
+-    fw->nfeatures = nfeatures;
+    fw->nfeatures = nparsed;
+     return 0;
+ }
+ 
@@ -1,68 +0,0 @@
-From ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7 Mon Sep 17 00:00:00 2001
-Message-ID: <ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 18:23:18 +0200
-Subject: [PATCH 6/8] wireshark: Introduce and use vir_val_to_str()
-Content-type: text/plain
-
-Wireshark offers val_to_str() function which converts numeric
-value to string by looking up value ('val') in an array ('vs') of
-<val, string> pairs. If no corresponding string is found, then
-the value is formatted using given 'fmt' string.
-
-Starting from wireshark-4.6.0 not only this function gained
-another argument but also returns a strdup()-ed string. To keep
-our code simple, let's introduce a wrapper so which can be then
-adjusted as needed.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 17 +++++++++++++----
- 1 file changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 6c729801d4..f6ad2c4578 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -140,6 +140,15 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
-+static const char *
-+G_GNUC_PRINTF(3, 0)
-+vir_val_to_str(const uint32_t val,
-+               const value_string *vs,
-+               const char *fmt)
-+{
-+    return val_to_str(val, vs, fmt);
-+}
-+
- static gboolean
- dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 maxlen)
-@@ -466,14 +475,14 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                 val_to_str(prog, program_strings, "%x"));
-+                 vir_val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                    val_to_str(type, type_strings, "%d"), serial,
-                    val_to_str(status, status_strings, "%d"));
-+                    vir_val_to_str(type, type_strings, "%d"), serial,
-+                    vir_val_to_str(status, status_strings, "%d"));
- 
-     if (tree) {
-         gint *hf_proc;
-- 
-2.51.0
-
@@ -0,0 +1,33 @@
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Wed, 21 Jul 2021 11:22:25 +0200
+Subject: [PATCH] storage_driver: Unlock object on ACL fail in
+ storagePoolLookupByTargetPath
+
+'virStoragePoolObjListSearch' returns a locked and refed object, thus we
+must release it on ACL permission failure.
+
+Fixes: 7aa0e8c0cb8
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
+---
+ src/storage/storage_driver.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
+index 16bc53aa46..2787c1671b 100644
+--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
+@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
+                                            storagePoolLookupByTargetPathCallback,
+                                            cleanpath))) {
+         def = virStoragePoolObjGetDef(obj);
+-        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
+            virStoragePoolObjEndAPI(&obj);
+             return NULL;
+        }
+ 
+         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
+         virStoragePoolObjEndAPI(&obj);
@@ -1,165 +0,0 @@
-From 002b9f559d69b92e77ab2d234df6966fecdaf0ec Mon Sep 17 00:00:00 2001
-Message-ID: <002b9f559d69b92e77ab2d234df6966fecdaf0ec.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:13:48 +0200
-Subject: [PATCH 7/8] wireshark: Don't leak column strings
-Content-type: text/plain
-
-One of the problems of using val_to_str() is that it may return a
-const string from given table ('vs'), OR return an allocated one.
-Since the caller has no idea which case it is, it resides to safe
-option and don't free returned string. But that might lead to a
-memleak. This behaviour is fixed with wireshark-4.6.0 and support
-for it will be introduced soon. But first, make vir_val_to_str()
-behave like fixed val_to_str() from newer wireshark: just always
-allocate the string.
-
-Now, if val_to_str() needs to allocate new memory it obtains
-allocator by calling wmem_packet_scope() which is what we may do
-too.
-
-Hand in hand with that, we need to free the memory using the
-correct allocator, hence wmem_free(). But let's put it into a
-wrapper vir_wmem_free() because just like val_to_str(), it'll
-need additional argument when adapting to new wireshark.
-
-Oh, and freeing the memory right after col_add_fstr() is safe as
-it uses vsnprintf() under the hood to format passed args.
-
-One last thing, the wmem.h file used to live under epan/wmem/ but
-then in v3.5.0~240 [1] was moved to wsutil/wmem/.
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/7f9c1f5f92c131354fc8b2b88d473706786064c0
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- meson.build                          | 20 ++++++++++++++++
- tools/wireshark/src/meson.build      |  1 +
- tools/wireshark/src/packet-libvirt.c | 35 ++++++++++++++++++++++------
- 3 files changed, 49 insertions(+), 7 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index bcc18b20e5..a1e0e5ecd5 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1365,6 +1365,26 @@ if wireshark_dep.found()
-   if cc.check_header('wireshark/ws_version.h')
-     conf.set('WITH_WS_VERSION', 1)
-   endif
-+
-+  # Find wmem.h
-+  # But it's not as easy as you'd think. Ubuntu 20.04 has split parts of
-+  # libwireshark.so into libwsutil.so but:
-+  # a) wireshark.pc never mentions it,
-+  # b) libwsutil-dev package doesn't install pkg-config file.
-+  # Fortunately, it's fixed in 24.04.
-+  if cc.check_header('wireshark/epan/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_EPAN_WMEM', 1)
-+  elif cc.check_header('wireshark/wsutil/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_WSUTIL_WMEM', 1)
-+  else
-+    error('Unable to locate wmem.h file')
-+  endif
-+
-+  # TODO: drop wsutil dep once support for Ubuntu 20.04 is dropped
-+  wsutil_dep = dependency('', required: false)
-+  if not cc.has_function('wmem_free', dependencies: wireshark_dep)
-+    wsutil_dep = cc.find_library('wsutil', required: true)
-+  endif
- endif
- 
- # generic build dependencies checks
-diff --git a/tools/wireshark/src/meson.build b/tools/wireshark/src/meson.build
-index 9b452dc5ca..ba0df913e0 100644
--- a/tools/wireshark/src/meson.build
-+++ b/tools/wireshark/src/meson.build
-@@ -9,6 +9,7 @@ shared_library(
-   ],
-   dependencies: [
-     wireshark_dep,
-+    wsutil_dep,
-     xdr_dep,
-     tools_dep,
-   ],
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f6ad2c4578..3178ac6f27 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -21,6 +21,11 @@
- #include <wireshark/epan/proto.h>
- #include <wireshark/epan/packet.h>
- #include <wireshark/epan/dissectors/packet-tcp.h>
-+#ifdef WITH_WS_EPAN_WMEM
-+# include <wireshark/epan/wmem/wmem.h>
-+#elif WITH_WS_WSUTIL_WMEM
-+# include <wireshark/wsutil/wmem/wmem.h>
-+#endif
- #include <rpc/types.h>
- #include <rpc/xdr.h>
- #include "packet-libvirt.h"
-@@ -140,13 +145,19 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
-static const char *
-+static char *
- G_GNUC_PRINTF(3, 0)
- vir_val_to_str(const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
-    return val_to_str(val, vs, fmt);
-+    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+}
-+
-+static void
-+vir_wmem_free(void *ptr)
-+{
-+    wmem_free(wmem_packet_scope(), ptr);
- }
- 
- static gboolean
-@@ -462,6 +473,10 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     uint32_t prog, serial;
-     int32_t proc, type, status;
-     const value_string *vs;
-+    char *prog_str = NULL;
-+    char *proc_str = NULL;
-+    char *type_str = NULL;
-+    char *status_str = NULL;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-     col_clear(pinfo->cinfo, COL_INFO);
-@@ -474,15 +489,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                 vir_val_to_str(prog, program_strings, "%x"));
-+    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
-+    vir_wmem_free(prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
-+    proc_str = vir_val_to_str(proc, vs, "%d");
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
-+    vir_wmem_free(proc_str);
- 
-+    type_str = vir_val_to_str(type, type_strings, "%d");
-+    status_str = vir_val_to_str(status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                    vir_val_to_str(type, type_strings, "%d"), serial,
-                    vir_val_to_str(status, status_strings, "%d"));
-+                    type_str, serial, status_str);
-+    vir_wmem_free(status_str);
-+    vir_wmem_free(type_str);
- 
-     if (tree) {
-         gint *hf_proc;
-- 
-2.51.0
-
@@ -1,493 +0,0 @@
-From b42a12174c787b99cd6fcb29b44e4b13bd64ee58 Mon Sep 17 00:00:00 2001
-Message-ID: <b42a12174c787b99cd6fcb29b44e4b13bd64ee58.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:22:34 +0200
-Subject: [PATCH 8/8] wireshark: Adapt to wireshark-4.6.0
-Content-type: text/plain
-
-The main difference is that wmem_packet_scope() is gone [1] but
-the packet_info struct has 'pool` member which points to the
-allocator used for given packet.
-
-Unfortunately, while we were given pointer to packet_info at the
-entry level to our dissector (dissect_libvirt() ->
-tcp_dissect_pdus() -> dissect_libvirt_message()) it was never
-propagated to generated/primitive dissectors.
-
-But not all dissectors need to allocate memory, so mark the new
-argument as unused. And while our generator could be rewritten so
-that the argument is annotated as unused iff it's really unused,
-I couldn't bother rewriting it. It's generated code after all.
-Too much work for little gain.
-
-Another significant change is that val_to_str() now requires new
-argument: pointer to allocator to use because it always allocates
-new memory [2][3].
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/5ca5c9ca372e06881b23ba9f4fdcb6b479886444
-2: https://gitlab.com/wireshark/wireshark/-/commit/b63599762468e4cf1783419a5556377604d344bb
-3: https://gitlab.com/wireshark/wireshark/-/commit/84799be215313e61b83a3eaf074f89d6ee349b8c
-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/823
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 157 +++++++++++++++++++--------
- tools/wireshark/util/genxdrstub.pl   |  18 +--
- 2 files changed, 119 insertions(+), 56 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 3178ac6f27..c5c8fb4756 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -63,7 +63,7 @@ static gint ett_libvirt_stream_hole = -1;
- 
- #define XDR_PRIMITIVE_DISSECTOR(xtype, ctype, ftype) \
-     static gboolean \
-    dissect_xdr_##xtype(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) \
-+    dissect_xdr_##xtype(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf) \
-     { \
-         goffset start; \
-         ctype val; \
-@@ -93,7 +93,7 @@ XDR_PRIMITIVE_DISSECTOR(bool,    bool_t,   boolean)
- 
- VIR_WARNINGS_RESET
- 
-typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf);
-+typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, XDR *xdrs, int hf);
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
-@@ -146,22 +146,32 @@ static const value_string status_strings[] = {
- };
- 
- static char *
-G_GNUC_PRINTF(3, 0)
-vir_val_to_str(const uint32_t val,
-+G_GNUC_PRINTF(4, 0)
-+vir_val_to_str(packet_info *pinfo,
-+               const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
-    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+#if WIRESHARK_VERSION < 4006000
-+    return val_to_str_wmem(pinfo->pool, val, vs, fmt);
-+#else
-+    return val_to_str(pinfo->pool, val, vs, fmt);
-+#endif
- }
- 
- static void
-vir_wmem_free(void *ptr)
-+vir_wmem_free(packet_info *pinfo,
-+              void *ptr)
- {
-    wmem_free(wmem_packet_scope(), ptr);
-+    wmem_free(pinfo->pool, ptr);
- }
- 
- static gboolean
-dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_string(tvbuff_t *tvb,
-+                   packet_info *pinfo G_GNUC_UNUSED,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 maxlen)
- {
-     goffset start;
-@@ -179,7 +189,11 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_opaque(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 size)
- {
-     goffset start;
-@@ -190,7 +204,7 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
-         gint len = xdr_getpos(xdrs) - start;
-        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-@@ -202,7 +216,11 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_bytes(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-                   guint32 maxlen)
- {
-     goffset start;
-@@ -212,7 +230,7 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
-         gint len = xdr_getpos(xdrs) - start;
-        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         free(val);
-@@ -224,7 +242,11 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_pointer(tvbuff_t *tvb,
-+                    packet_info *pinfo,
-+                    proto_tree *tree,
-+                    XDR *xdrs,
-+                    int hf,
-                     vir_xdr_dissector_t dissect)
- {
-     goffset start;
-@@ -236,7 +258,7 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         return FALSE;
-     }
-     if (not_null) {
-        return dissect(tvb, tree, xdrs, hf);
-+        return dissect(tvb, pinfo, tree, xdrs, hf);
-     } else {
-         proto_item *ti;
-         ti = proto_tree_add_item(tree, hf, tvb, start, xdr_getpos(xdrs) - start, ENC_NA);
-@@ -246,15 +268,22 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf,
-                     guint32 length, vir_xdr_dissector_t dissect, goffset start)
-+dissect_xdr_iterable(tvbuff_t *tvb,
-+                     packet_info *pinfo,
-+                     proto_item *ti,
-+                     XDR *xdrs,
-+                     gint ett,
-+                     int rhf,
-+                     guint32 length,
-+                     vir_xdr_dissector_t dissect,
-+                     goffset start)
- {
-     proto_tree *tree;
-     guint32 i;
- 
-     tree = proto_item_add_subtree(ti, ett);
-     for (i = 0; i < length; i++) {
-        if (!dissect(tvb, tree, xdrs, rhf))
-+        if (!dissect(tvb, pinfo, tree, xdrs, rhf))
-             return FALSE;
-     }
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-@@ -262,8 +291,16 @@ dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf
- }
- 
- static gboolean
-dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-                   int rhf, const gchar *rtype, guint32 size, vir_xdr_dissector_t dissect)
-+dissect_xdr_vector(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-+                   gint ett,
-+                   int rhf,
-+                   const gchar *rtype,
-+                   guint32 size,
-+                   vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -271,12 +308,20 @@ dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-     start = xdr_getpos(xdrs);
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s[%u]", rtype, size);
-    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, size, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, size, dissect, start);
- }
- 
- static gboolean
-dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-                  int rhf, const gchar *rtype, guint32 maxlen, vir_xdr_dissector_t dissect)
-+dissect_xdr_array(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-+                  gint ett,
-+                  int rhf,
-+                  const gchar *rtype,
-+                  guint32 maxlen,
-+                  vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -291,7 +336,7 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- 
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s<%u>", rtype, length);
-    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, length, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, length, dissect, start);
- }
- 
- static vir_xdr_dissector_t
-@@ -340,7 +385,10 @@ find_payload_dissector(int32_t proc,
- }
- 
- static void
-dissect_libvirt_stream(tvbuff_t *tvb, proto_tree *tree, gint payload_length)
-+dissect_libvirt_stream(tvbuff_t *tvb,
-+                       packet_info *pinfo G_GNUC_UNUSED,
-+                       proto_tree *tree,
-+                       gint payload_length)
- {
-     proto_tree_add_item(tree, hf_libvirt_stream, tvb, VIR_HEADER_LEN,
-                         payload_length - VIR_HEADER_LEN, ENC_NA);
-@@ -357,6 +405,7 @@ dissect_libvirt_num_of_fds(tvbuff_t *tvb, proto_tree *tree)
- 
- static void
- dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
-+                    packet_info *pinfo G_GNUC_UNUSED,
-                     gint start G_GNUC_UNUSED,
-                     gint32 nfds G_GNUC_UNUSED)
- {
-@@ -364,8 +413,12 @@ dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
- }
- 
- static void
-dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_length,
-                                 gint32 status, vir_xdr_dissector_t dissect)
-+dissect_libvirt_payload_xdr_data(tvbuff_t *tvb,
-+                                 packet_info *pinfo,
-+                                 proto_tree *tree,
-+                                 gint payload_length,
-+                                 gint32 status,
-+                                 vir_xdr_dissector_t dissect)
- {
-     gint32 nfds = 0;
-     gint start = VIR_HEADER_LEN;
-@@ -384,17 +437,21 @@ dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_l
-     payload_data = (caddr_t)tvb_memdup(NULL, payload_tvb, 0, payload_length);
-     xdrmem_create(&xdrs, payload_data, payload_length, XDR_DECODE);
- 
-    dissect(payload_tvb, tree, &xdrs, -1);
-+    dissect(payload_tvb, pinfo, tree, &xdrs, -1);
- 
-     xdr_destroy(&xdrs);
-     g_free(payload_data);
- 
-     if (nfds != 0)
-        dissect_libvirt_fds(tvb, start + payload_length, nfds);
-+        dissect_libvirt_fds(tvb, pinfo, start + payload_length, nfds);
- }
- 
- static gboolean
-dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+dissect_xdr_stream_hole(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-+                        proto_tree *tree,
-+                        XDR *xdrs,
-+                        int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -411,10 +468,10 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-     tree = proto_item_add_subtree(ti, ett_libvirt_stream_hole);
- 
-     hf = hf_libvirt_stream_hole_length;
-    if (!dissect_xdr_hyper(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_hyper(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     hf = hf_libvirt_stream_hole_flags;
-    if (!dissect_xdr_u_int(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_u_int(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-     return TRUE;
-@@ -424,6 +481,7 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- 
- static void
- dissect_libvirt_payload(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-                         proto_tree *tree,
-                         uint32_t prog,
-                         int32_t proc,
-@@ -447,13 +505,13 @@ dissect_libvirt_payload(tvbuff_t *tvb,
-         xd = find_payload_dissector(proc, type, pds, *len);
-         if (xd == NULL)
-             goto unknown;
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, xd);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, xd);
-     } else if (status == VIR_NET_ERROR) {
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_remote_error);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_remote_error);
-     } else if (type == VIR_NET_STREAM) { /* implicitly, status == VIR_NET_CONTINUE */
-        dissect_libvirt_stream(tvb, tree, payload_length);
-+        dissect_libvirt_stream(tvb, pinfo, tree, payload_length);
-     } else if (type == VIR_NET_STREAM_HOLE) {
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_stream_hole);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_stream_hole);
-     } else {
-         goto unknown;
-     }
-@@ -489,21 +547,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    prog_str = vir_val_to_str(pinfo, prog, program_strings, "%x");
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
-    vir_wmem_free(prog_str);
-+    vir_wmem_free(pinfo, prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    proc_str = vir_val_to_str(proc, vs, "%d");
-+    proc_str = vir_val_to_str(pinfo, proc, vs, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
-    vir_wmem_free(proc_str);
-+    vir_wmem_free(pinfo, proc_str);
- 
-    type_str = vir_val_to_str(type, type_strings, "%d");
-    status_str = vir_val_to_str(status, status_strings, "%d");
-+    type_str = vir_val_to_str(pinfo, type, type_strings, "%d");
-+    status_str = vir_val_to_str(pinfo, status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     type_str, serial, status_str);
-    vir_wmem_free(status_str);
-    vir_wmem_free(type_str);
-+    vir_wmem_free(pinfo, status_str);
-+    vir_wmem_free(pinfo, type_str);
- 
-     if (tree) {
-         gint *hf_proc;
-@@ -532,21 +590,26 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-         proto_tree_add_item(libvirt_tree, hf_libvirt_status,  tvb, offset, 4, ENC_NA); offset += 4;
- 
-         /* Dissect payload remaining */
-        dissect_libvirt_payload(tvb, libvirt_tree, prog, proc, type, status);
-+        dissect_libvirt_payload(tvb, pinfo, libvirt_tree, prog, proc, type, status);
-     }
- 
-     return 0;
- }
- 
- static guint
-get_message_len(packet_info *pinfo G_GNUC_UNUSED, tvbuff_t *tvb, int offset, void *data G_GNUC_UNUSED)
-+get_message_len(packet_info *pinfo G_GNUC_UNUSED,
-+                tvbuff_t *tvb,
-+                int offset,
-+                void *data G_GNUC_UNUSED)
- {
-     return tvb_get_ntohl(tvb, offset);
- }
- 
- static int
-dissect_libvirt(tvbuff_t *tvb, packet_info *pinfo,
-                proto_tree *tree, void *data G_GNUC_UNUSED)
-+dissect_libvirt(tvbuff_t *tvb,
-+                packet_info *pinfo,
-+                proto_tree *tree,
-+                void *data G_GNUC_UNUSED)
- {
-     /* Another magic const - 4; simply, how much bytes
-      * is needed to tell the length of libvirt packet. */
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 01b663a88c..f69695c091 100755
--- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -250,7 +250,7 @@ sub xdr_type {
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my $name = $c->rinc( 'dissect_xdr_'.($self->idstrip || lc($self->xdr_type)) );
-    "$name(tvb, tree, xdrs, hf)";
-+    "$name(tvb, pinfo, tree, xdrs, hf)";
- }
- 
- sub ft_type {
-@@ -345,7 +345,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
-    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)),
-         $c->rinc('dissect_xdr_'.$self->reftype->idstrip);
- }
-@@ -359,7 +359,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
-    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)), $self->length || '~0';
- }
- 
-@@ -447,7 +447,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
-    sprintf 'dissect_xdr_array(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_array(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -476,7 +476,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
-    sprintf 'dissect_xdr_vector(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_vector(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -857,7 +857,7 @@ __END__<<DUMMY # Dummy heredoc to disable perl syntax highlighting
- my ($self, $ident) = @_;
- return if $self->is_primitive;
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     return <%= $self->dealias->render_caller($self->ident eq $ident ? undef : $ident) %>;
- }
-@@ -865,7 +865,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- <% my ($self, $ident) = @_;
-    my $hfvar = $c->rinc('hf_'.$self->idstrip);
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -890,7 +890,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- }
- @@ Sym::Type::Enum#render_dissector
- <% my ($self, $ident) = @_; %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     enum { DUMMY } es;
-@@ -914,7 +914,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- my ($self, $ident) = @_;
- my $decl_type = $self->decl->type->idstrip;
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     gboolean rc = TRUE;
-     goffset start;
-- 
-2.51.0
-
@@ -0,0 +1,81 @@
+From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 29 Nov 2021 09:57:49 +0100
+Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
+
+When the dissector sees a byte sequence that is either an opaque
+data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
+bytes as a hex numbers using our own implementation. But
+wireshark already provides a function for it: tvb_bytes_to_str().
+NB, the reason why it returns a const string is so that callers
+don't try to free it - the string is allocated using an allocator
+which will decide when to free it.
+
+The wireshark formatter was introduced in wireshark commit of
+v1.99.2~479 and thus is present in the version we require at
+least (2.6.0).
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
+ 1 file changed, 8 insertions(+), 22 deletions(-)
+
+diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
+index f43919b05d..cb922b8070 100644
+--- a/tools/wireshark/src/packet-libvirt.c
+++ b/tools/wireshark/src/packet-libvirt.c
+@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+     }
+ }
+ 
+-static const gchar *
+-format_xdr_bytes(guint8 *bytes, guint32 length)
+-{
+-    gchar *buf;
+-    guint32 i;
+-
+-    if (length == 0)
+-        return "";
+-    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
+-    for (i = 0; i < length; i++) {
+-        /* We know that buf has enough size to contain
+-           2 * length + '\0' characters. */
+-        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
+-        buf += 2;
+-    }
+-    return buf - length*2;
+-}
+-
+ static gboolean
+ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+                    guint32 size)
+@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+     val = g_malloc(size);
+     start = xdr_getpos(xdrs);
+     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
+-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
+-                                          NULL, "%s", format_xdr_bytes(val, size));
+        gint len = xdr_getpos(xdrs) - start;
+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
+
+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+     } else {
+         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
+     }
+@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+ 
+     start = xdr_getpos(xdrs);
+     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
+-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
+-                                          NULL, "%s", format_xdr_bytes(val, length));
+        gint len = xdr_getpos(xdrs) - start;
+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
+
+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+         /* Seems I can't call xdr_free() for this case.
+            It will raises SEGV by referencing out of bounds call stack */
+         free(val);
+-- 
+2.33.1
+
@@ -0,0 +1,33 @@
+From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 29 Nov 2021 10:20:05 +0100
+Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
+
+In the dissect_xdr_bytes() there's a comment that the string
+allocated by xdr_bytes() can't be freed using xdr_free(). Well,
+that is expected because xdr_bytes() used plain calloc() AND the
+string is not an XDR struct but plain 'char *' type. Passing it
+to xdr_free() must result in weird things happening.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tools/wireshark/src/packet-libvirt.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
+index cb922b8070..eeacbcdf0e 100644
+--- a/tools/wireshark/src/packet-libvirt.c
+++ b/tools/wireshark/src/packet-libvirt.c
+@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
+         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
+ 
+         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
+-        /* Seems I can't call xdr_free() for this case.
+-           It will raises SEGV by referencing out of bounds call stack */
+         free(val);
+         return TRUE;
+     } else {
+-- 
+2.33.1
+
@@ -1 +1 @@
-SHA512 (libvirt-11.0.0.tar.xz) = ac5fd17d3f488c241017d967364e0441373e9ab0457dab1acfe84fd0b90353dc5d185cc7fcd2b0d7995af4137a3fa18371abb5511686456a9e720f7ec7829da9
+SHA512 (libvirt-7.0.0.tar.xz) = dd6db5ec4971cf4c6059795fd81d5a3a889b10740e34c3c92271eda1c683c99df2c8f923398065d8a7c4f987a20eb1da617d5297ba8ea5a31f154412af50c343
Author	SHA1	Message	Date
Daniel P. Berrangé	5ff9ee11bb	Rebuild for wireshark soname change rhbz#2031322 Now with missing patches Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2021-12-13 15:33:14 +00:00
Daniel P. Berrangé	a5abe2ec98	Rebuild for wireshark soname change rhbz#2031322 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>	2021-12-13 15:21:21 +00:00
Cole Robinson	3e09e1c917	libvirt-7.0.0-7 More CAP_SETPCAP warning fixes (bz #1924218) Handle unknown firmware.json errors CVE-2021-3667: Fix deadlock on virStoragePoolLookupByTargetPath failure (bz #1986113)	2021-07-27 14:18:27 -04:00
Cole Robinson	aa95d82b58	libvirt-7.0.0-6 CVE-2021-3631 libvirt: insecure sVirt label generation (bz #1977760)	2021-07-02 16:32:25 -04:00
Cole Robinson	476c3411a3	libvirt-7.0.0-5 Crash in udev driver populate_vendor (bz #1966851) Fix CAP_SETPCAP syslog warning (bz #1924218)	2021-06-29 09:51:22 -04:00