Fix virsh domifaddr --source=arp on kernel 6.10 (bz #2302245)

Signed-off-by: Cole Robinson <crobinso@redhat.com>

0001-Fix-mocking-of-virQEMUCapsProbeHVF-function.patch

@@ -1,31 +0,0 @@
-From 5629ebcb4234fde10fd9468d5fc5dd4947ed8677 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 29 Apr 2025 15:49:10 +0100
-Subject: [PATCH] Fix mocking of virQEMUCapsProbeHVF function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- src/qemu/qemu_capabilities.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index ea7c14daa9..488a1a058e 100644
---- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -943,7 +943,7 @@ bool
- virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_NO_INLINE;
- 
- bool
--virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE;
-+virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE __attribute__((noipa));
- 
- virArch virQEMUCapsArchFromString(const char *arch);
- const char *virQEMUCapsArchToString(virArch arch);
--- 
-2.49.0
-

0001-interface-fix-udev-reference-leak-with-invalid-flags.patch

@@ -0,0 +1,41 @@
+From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 5 Jun 2024 11:16:21 +0100
+Subject: [PATCH] interface: fix udev reference leak with invalid flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The udevInterfaceGetXMLDesc method takes a reference on the udev
+driver as its first action. If the virCheckFlags() condition
+fails, however, this reference is never released.
+
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/interface/interface_backend_udev.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index fdf11a8318..e1a50389c9 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -1027,12 +1027,14 @@ static char *
+ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo,
+                         unsigned int flags)
+ {
+-    struct udev *udev = udev_ref(driver->udev);
++    struct udev *udev = NULL;
+     g_autoptr(virInterfaceDef) ifacedef = NULL;
+     char *xmlstr = NULL;
+ 
+     virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL);
+ 
++    udev = udev_ref(driver->udev);
++
+     /* Recursively build up the interface XML based on the requested
+      * interface name
+      */
+-- 
+2.45.1
+

0001-nss-Skip-empty-files-and-avoid-use-of-uninitialized-.patch

@@ -1,85 +0,0 @@
-From 63a3d70697dc44ef2f8b40f7c8e9aa869227a7da Mon Sep 17 00:00:00 2001
-From: Jiang XueQian <jiangxueqian@gmail.com>
-Date: Sat, 18 Jan 2025 16:32:10 +0800
-Subject: [PATCH] nss: Skip empty files and avoid use of uninitialized value
-Content-type: text/plain
-
-JSON parser isn't called when reading empty files so `jerr` will be used
-uninitialized in the original code. Empty files appear when a network
-has no dhcp clients.
-
-This patch checks for such files and skip them.
-
-Fixes: a8d828c88bbdaf83ae78dc06cdd84d5667fcc424
-Signed-off-by: Jiang XueQian <jiangxueqian@gmail.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
----
- tools/nss/libvirt_nss_leases.c | 9 +++++++--
- tools/nss/libvirt_nss_macs.c   | 9 +++++++--
- 2 files changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c
-index aea81bb56e..25ea6b0ce2 100644
---- a/tools/nss/libvirt_nss_leases.c
-+++ b/tools/nss/libvirt_nss_leases.c
-@@ -263,7 +263,7 @@ findLeases(const char *file,
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
-     char line[1024];
--    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
- 
-     if ((fd = open(file, O_RDONLY)) < 0) {
-@@ -290,12 +290,17 @@ findLeases(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
--    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }
-diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c
-index 23229a18f3..bac8c0e1bb 100644
---- a/tools/nss/libvirt_nss_macs.c
-+++ b/tools/nss/libvirt_nss_macs.c
-@@ -124,7 +124,7 @@ findMACs(const char *file,
-     json_tokener *tok = NULL;
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
--    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
-     size_t i;
- 
-@@ -152,12 +152,17 @@ findMACs(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
--    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }

0001-qemu-Be-more-forgiving-when-acquiring-QUERY-job-when.patch

@@ -1,68 +0,0 @@
-From cd0de70e05475d5f4aa46e578fbb98033d38c06b Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 16 Jun 2025 10:28:37 +0200
-Subject: [PATCH] qemu: Be more forgiving when acquiring QUERY job when
- formatting domain XML
-Content-type: text/plain
-
-In my previous commit of v11.0.0-rc1~115 I've made QEMU driver
-implementation for virDomainGetXMLDesc() (qemuDomainGetXMLDesc())
-acquire QERY job. See its commit message for more info. But this
-unfortunately broke apps witch fetch domain XML for incoming
-migration (like virt-manager). The reason is that for incoming
-migration the VIR_ASYNC_JOB_MIGRATION_IN async job is set, but
-the mask of allowed synchronous jobs is empty (because QEMU can't
-talk on monitor really). This makes virDomainObjBeginJob() fail
-which in turn makes qemuDomainGetXMLDesc() fail too.
-
-It makes sense for qemuDomainGetXMLDesc() to acquire the job
-(e.g. so that it's coherent with another thread that might be in
-the middle of a MODIFY job). But failure to dump XML may be
-treated as broken daemon (e.g. virt-manager does so).
-
-Therefore, still try to acquire the QUERY job (if job mask
-permits it) but, do not treat failure as an error.
-
-Fixes: 6cc93bf28842526be2fd596a607ebca796b7fb2e
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2369243
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
----
- src/qemu/qemu_driver.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index d2eddbd9ae..6bdeede2e8 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -6158,6 +6158,7 @@ static char
- {
-     virQEMUDriver *driver = dom->conn->privateData;
-     virDomainObj *vm;
-+    bool hasJob = false;
-     char *ret = NULL;
- 
-     virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS | VIR_DOMAIN_XML_UPDATE_CPU,
-@@ -6169,8 +6170,10 @@ static char
-     if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
-         goto cleanup;
- 
--    if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0)
--        goto cleanup;
-+    if (virDomainNestedJobAllowed(vm->job, VIR_JOB_QUERY) &&
-+        virDomainObjBeginJob(vm, VIR_JOB_QUERY) >= 0) {
-+        hasJob = true;
-+    }
- 
-     qemuDomainUpdateCurrentMemorySize(vm);
- 
-@@ -6186,7 +6189,8 @@ static char
- 
-     ret = qemuDomainFormatXML(driver, vm, flags);
- 
--    virDomainObjEndJob(vm);
-+    if (hasJob)
-+        virDomainObjEndJob(vm);
- 
-  cleanup:
-     virDomainObjEndAPI(&vm);

0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch

@@ -0,0 +1,49 @@
+From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 17 May 2024 14:55:24 +0100
+Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We never release the reference on the GSource created for
+interrupting the main loop, nor do we remove it from the
+main context if our thread is woken up prior to the wakeup
+callback firing.
+
+This can result in a leak of GSource objects, along with an
+ever growing list of GSources attached to the main context,
+which will gradually slow down execution of the loop, as
+several operations are O(N) for the number of attached GSource
+objects.
+
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 147b0d661a..6d424eb599 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client,
+     /* Check to see if another thread is dispatching */
+     if (client->haveTheBuck) {
+         /* Force other thread to wakeup from poll */
+-        GSource *wakeup = g_idle_source_new();
++        g_autoptr(GSource) wakeup = g_idle_source_new();
+         g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
+         g_source_attach(wakeup, client->eventCtx);
+ 
+@@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client,
+             return -1;
+         }
+ 
++        g_source_destroy(wakeup);
+         VIR_DEBUG("Woken up from sleep head=%p call=%p",
+                   client->waitDispatch, thiscall);
+         /* Three reasons we can be woken up
+-- 
+2.45.1
+

0001-rpc-ensure-temporary-GSource-is-removed-from-client-.patch

@@ -0,0 +1,99 @@
+From 8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2024 11:51:15 +0100
+Subject: [PATCH] rpc: ensure temporary GSource is removed from client event
+ loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Users are seeing periodic segfaults from libvirt client apps,
+especially thread heavy ones like virt-manager. A typical
+stack trace would end up in the virNetClientIOEventFD method,
+with illegal access to stale stack data. eg
+
+==238721==ERROR: AddressSanitizer: stack-use-after-return on address 0x75cd18709788 at pc 0x75cd3111f907 bp 0x75cd181ff550 sp 0x75cd181ff548
+WRITE of size 4 at 0x75cd18709788 thread T11
+    #0 0x75cd3111f906 in virNetClientIOEventFD /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1634:15
+    #1 0x75cd3210d198  (/usr/lib/libglib-2.0.so.0+0x5a198) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #2 0x75cd3216c3be  (/usr/lib/libglib-2.0.so.0+0xb93be) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #3 0x75cd3210ddc6 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x5adc6) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #4 0x75cd3111a47c in virNetClientIOEventLoop /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1722:9
+    #5 0x75cd3111a47c in virNetClientIO /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2002:10
+    #6 0x75cd3111a47c in virNetClientSendInternal /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2170:11
+    #7 0x75cd311198a8 in virNetClientSendWithReply /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2198:11
+    #8 0x75cd31111653 in virNetClientProgramCall /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclientprogram.c:318:9
+    #9 0x75cd31241c8f in callFull /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6054:10
+    #10 0x75cd31241c8f in call /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6076:12
+    #11 0x75cd31241c8f in remoteNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/src/remote/remote_client_bodies.h:5959:9
+    #12 0x75cd31410ff7 in virNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/libvirt-network.c:952:15
+
+The root cause is a bad assumption in the virNetClientIOEventLoop
+method. This method is run by whichever thread currently owns the
+buck, and is responsible for handling I/O. Inside a for(;;) loop,
+this method creates a temporary GSource, adds it to the event loop
+and runs g_main_loop_run(). When I/O is ready, the GSource callback
+(virNetClientIOEventFD) will fire and call g_main_loop_quit(), and
+return G_SOURCE_REMOVE which results in the temporary GSource being
+destroyed. A g_autoptr() will then remove the last reference.
+
+What was overlooked, is that a second thread can come along and
+while it can't enter virNetClientIOEventLoop, it will register an
+idle source that uses virNetClientIOWakeup to interrupt the
+original thread's 'g_main_loop_run' call. When this happens the
+virNetClientIOEventFD callback never runs, and so the temporary
+GSource is not destroyed. The g_autoptr() will remove a reference,
+but by virtue of still being attached to the event context, there
+is an extra reference held causing GSource to be leaked. The
+next time 'g_main_loop_run' is called, the original GSource will
+trigger its callback, and access data that was allocated on the
+stack by the previous thread, and likely SEGV.
+
+To solve this, the thread calling 'g_main_loop_run' must call
+g_source_destroy, immediately upon return, to guarantee that
+the temporary GSource is removed.
+
+CVE-2024-4418
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Reported-by: Martin Shirokov <shirokovmartin@gmail.com>
+Tested-by: Martin Shirokov <shirokovmartin@gmail.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 68098b1c8d..147b0d661a 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ #endif /* !WIN32 */
+         int timeout = -1;
+         virNetMessage *msg = NULL;
+-        g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
++        g_autoptr(GSource) source = NULL;
+         GIOCondition ev = 0;
+         struct virNetClientIOEventData data = {
+             .client = client,
+@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ 
+         g_main_loop_run(client->eventLoop);
+ 
++        /*
++         * If virNetClientIOEventFD ran, this GSource will already be
++         * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
++         * it, since we still own a reference.
++         *
++         * If virNetClientIOWakeup ran, it will have interrupted the
++         * g_main_loop_run call, before virNetClientIOEventFD could
++         * run, and thus the GSource is still registered, and we need
++         * to destroy it since it is referencing stack memory for 'data'
++         */
++        g_source_destroy(source);
++
+ #ifndef WIN32
+         ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+ #endif /* !WIN32 */
+-- 
+2.45.1
+

0001-storage-stop-hardcoding-paths-for-mkfs-mount-umount.patch

@@ -1,94 +0,0 @@
-From 63e4cbd109374f44e8bd4f8d1af5e2a2c67611bc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:42:13 +0100
-Subject: [PATCH] storage: stop hardcoding paths for mkfs, mount, umount
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-This was always undesirable but now causes problems on Fedora 42
-where at build time we detect a /sbin path but at runtime this
-will only exist on upgraded machines, not fresh installs.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- meson.build                      | 13 -------------
- src/storage/storage_backend_fs.c | 17 +++--------------
- 2 files changed, 3 insertions(+), 27 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 37b1caa566..14c98b49a1 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1827,23 +1827,10 @@ if conf.has('WITH_LIBVIRTD')
-       endif
-     endif
- 
--    if fs_enable
--      mount_prog = find_program('mount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
--      umount_prog = find_program('umount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
--      mkfs_prog = find_program('mkfs', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
--
--      if not mount_prog.found() or not umount_prog.found() or not mkfs_prog.found()
--        fs_enable = false
--      endif
--    endif
--
-     if fs_enable
-       use_storage = true
- 
-       conf.set('WITH_STORAGE_FS', 1)
--      conf.set_quoted('MOUNT', mount_prog.full_path())
--      conf.set_quoted('UMOUNT', umount_prog.full_path())
--      conf.set_quoted('MKFS', mkfs_prog.full_path())
-     endif
-   endif
- 
-diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
-index fce395d60f..6ec359625a 100644
---- a/src/storage/storage_backend_fs.c
-+++ b/src/storage/storage_backend_fs.c
-@@ -304,7 +304,7 @@ virStorageBackendFileSystemMount(virStoragePoolObj *pool)
-     if (!(src = virStorageBackendFileSystemGetPoolSource(pool)))
-         return -1;
- 
--    cmd = virStorageBackendFileSystemMountCmd(MOUNT, def, src);
-+    cmd = virStorageBackendFileSystemMountCmd("mount", def, src);
- 
-     /* Mounting a shared FS might take a long time. Don't hold
-      * the pool locked meanwhile. */
-@@ -362,7 +362,7 @@ virStorageBackendFileSystemStop(virStoragePoolObj *pool)
-     if ((rc = virStorageBackendFileSystemIsMounted(pool)) != 1)
-         return rc;
- 
--    cmd = virCommandNewArgList(UMOUNT, def->target.path, NULL);
-+    cmd = virCommandNewArgList("umount", def->target.path, NULL);
-     return virCommandRun(cmd, NULL);
- }
- #endif /* WITH_STORAGE_FS */
-@@ -402,18 +402,7 @@ virStorageBackendExecuteMKFS(const char *device,
-     g_autoptr(virCommand) cmd = NULL;
-     g_autofree char *mkfs = NULL;
- 
--#if WITH_STORAGE_FS
--    mkfs = virFindFileInPath(MKFS);
--#endif /* WITH_STORAGE_FS */
--
--    if (!mkfs) {
--        virReportError(VIR_ERR_INTERNAL_ERROR,
--                       _("mkfs is not available on this platform: Failed to make filesystem of type '%1$s' on device '%2$s'"),
--                       format, device);
--        return -1;
--    }
--
--    cmd = virCommandNewArgList(mkfs, "-t", format, NULL);
-+    cmd = virCommandNewArgList("mkfs", "-t", format, NULL);
- 
-     /* use the force, otherwise mkfs.xfs won't overwrite existing fs.
-      * Similarly mkfs.ext2, mkfs.ext3, and mkfs.ext4 require supplying -F
--- 
-2.49.0
-

0001-util-avoid-overflow-in-hextable-buffer.patch

@@ -1,43 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-To: devel@lists.libvirt.org
-Subject: [PATCH] util: avoid overflow in hextable buffer
-Date: Mon, 20 Jan 2025 10:09:24 +0000
-Message-ID: <20250120100924.3864818-1-berrange@redhat.com>
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The assigned string is 17 chars long once the trailing nul is taken
-into account. This triggers a warning with GCC 15
-
- src/util/virsystemd.c: In function ‘virSystemdEscapeName’:
- src/util/virsystemd.c:59:38: error: initializer-string for array of ‘char’ is too long [-Werror=unterminated-string-initialization]
-    59 |     static const char hextable[16] = "0123456789abcdef";
-       |                                      ^~~~~~~~~~~~~~~~~~
-
-Switch to a dynamically sized array as used in all the other places
-we have a hextable array.
-
-See also: https://gcc.gnu.org/PR115185
-Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- src/util/virsystemd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
-index 5b772e29dd..d46e5f74fc 100644
---- a/src/util/virsystemd.c
-+++ b/src/util/virsystemd.c
-@@ -56,7 +56,7 @@ struct _virSystemdActivationEntry {
- static void virSystemdEscapeName(virBuffer *buf,
-                                  const char *name)
- {
--    static const char hextable[16] = "0123456789abcdef";
-+    static const char hextable[] = "0123456789abcdef";
- 
- #define ESCAPE(c) \
-     do { \
--- 
-2.47.1
-

0001-util-stop-hardcoding-numad-path.patch

@@ -1,58 +0,0 @@
-From 7ab0f1c2a3fddf46d381f055e49111e3063b4829 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:47:34 +0100
-Subject: [PATCH] util: stop hardcoding numad path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Change the meson rules to always enable numad if on a Linux host, unless
-the meson options say not to.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- meson.build        | 10 +++-------
- src/util/virnuma.c |  2 +-
- 2 files changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 14c98b49a1..767205f44b 100644
---- a/meson.build
-+++ b/meson.build
-@@ -2028,14 +2028,10 @@ if not get_option('nss').disabled()
-   endif
- endif
- 
--if not get_option('numad').disabled() and numactl_dep.found()
--  numad_prog = find_program('numad', required: get_option('numad'), dirs: libvirt_sbin_path)
--  if numad_prog.found()
--    conf.set('WITH_NUMAD', 1)
--    conf.set_quoted('NUMAD', numad_prog.full_path())
--  endif
-+if not get_option('numad').disabled() and numactl_dep.found() and host_machine.system() == 'linux'
-+  conf.set('WITH_NUMAD', 1)
- elif get_option('numad').enabled()
--  error('You must have numactl enabled for numad support.')
-+  error('You must have a Linux host with numactl enabled for numad support.')
- endif
- 
- # nwfilter should only be compiled for linux, and only if the
-diff --git a/src/util/virnuma.c b/src/util/virnuma.c
-index 9393c20875..67c51630c7 100644
---- a/src/util/virnuma.c
-+++ b/src/util/virnuma.c
-@@ -61,7 +61,7 @@ virNumaGetAutoPlacementAdvice(unsigned short vcpus,
-     g_autoptr(virCommand) cmd = NULL;
-     char *output = NULL;
- 
--    cmd = virCommandNewArgList(NUMAD, "-w", NULL);
-+    cmd = virCommandNewArgList("numad", "-w", NULL);
-     virCommandAddArgFormat(cmd, "%d:%llu", vcpus,
-                            VIR_DIV_UP(balloon, 1024));
- 
--- 
-2.49.0
-

0001-virarptable-Properly-calculate-rtattr-length.patch

@@ -0,0 +1,35 @@
+From adfdb79f1e01401349e1321d0f5059d7b6489f00 Mon Sep 17 00:00:00 2001
+Message-ID: <adfdb79f1e01401349e1321d0f5059d7b6489f00.1724763718.git.crobinso@redhat.com>
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 13:56:51 +0200
+Subject: [PATCH 1/3] virarptable: Properly calculate rtattr length
+Content-type: text/plain
+
+Use convenience macro which does almost the same thing we were doing,
+but also pads out the payload length to a multiple of NLMSG_ALIGNTO (4)
+bytes.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/util/virarptable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index 299dddd664..d8e41c5a86 100644
+--- a/src/util/virarptable.c
++++ b/src/util/virarptable.c
+@@ -102,8 +102,7 @@ virArpTableGet(void)
+             return table;
+ 
+         VIR_WARNINGS_NO_CAST_ALIGN
+-        parse_rtattr(tb, NDA_MAX, NDA_RTA(r),
+-                     nh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
++        parse_rtattr(tb, NDA_MAX, NDA_RTA(r), NLMSG_PAYLOAD(nh, sizeof(*r)));
+         VIR_WARNINGS_RESET
+ 
+         if (tb[NDA_DST] == NULL || tb[NDA_LLADDR] == NULL)
+-- 
+2.46.0
+

0001-wireshark-Drop-needless-declaration-of-proto_registe.patch

@@ -1,36 +0,0 @@
-From b825bb556bd3967bf5422c243b77bd4038e317e2 Mon Sep 17 00:00:00 2001
-Message-ID: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 10:34:51 +0200
-Subject: [PATCH 1/8] wireshark: Drop needless declaration of
- proto_register_libvirt() and proto_reg_handoff_libvirt()
-Content-type: text/plain
-
-Both proto_register_libvirt() and proto_reg_handoff_libvirt() are
-declared in packet-libvirt.h which is included from plugin.c.
-There's no need to provide another declaration in plugin.c.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/plugin.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 9a83f2ca07..19b25e7b1a 100644
---- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -72,9 +72,6 @@ void plugin_register(void)
- 
- #else /* WIRESHARK_VERSION >= 2009000 */
- 
--void proto_register_libvirt(void);
--void proto_reg_handoff_libvirt(void);
--
- WS_DLL_PUBLIC_DEF const gchar plugin_version[] = PLUGIN_VERSION;
- WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
- WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
--- 
-2.51.0
-

0002-virarptable-Fix-check-for-message-length.patch

@@ -0,0 +1,42 @@
+From 137779b894858bd958ea575cec260a0559b31e48 Mon Sep 17 00:00:00 2001
+Message-ID: <137779b894858bd958ea575cec260a0559b31e48.1724763718.git.crobinso@redhat.com>
+In-Reply-To: <adfdb79f1e01401349e1321d0f5059d7b6489f00.1724763718.git.crobinso@redhat.com>
+References: <adfdb79f1e01401349e1321d0f5059d7b6489f00.1724763718.git.crobinso@redhat.com>
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 13:59:15 +0200
+Subject: [PATCH 2/3] virarptable: Fix check for message length
+Content-type: text/plain
+
+The previous check was all wrong since it calculated the how long would
+the netlink message be if the netlink header was the payload and then
+subtracted that from the whole message length, a variable that was not
+used later in the code.  This check can fail if there are no additional
+payloads, struct rtattr in particular, which we are parsing later,
+however the RTA_OK macro would've caught that anyway.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/util/virarptable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index d8e41c5a86..45ee76766f 100644
+--- a/src/util/virarptable.c
++++ b/src/util/virarptable.c
+@@ -81,10 +81,9 @@ virArpTableGet(void)
+     for (; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen)) {
+         VIR_WARNINGS_RESET
+         struct ndmsg *r = NLMSG_DATA(nh);
+-        int len = nh->nlmsg_len;
+         void *addr;
+ 
+-        if ((len -= NLMSG_LENGTH(sizeof(*nh))) < 0) {
++        if (nh->nlmsg_len < NLMSG_SPACE(sizeof(*r))) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("wrong nlmsg len"));
+             goto cleanup;
+-- 
+2.46.0
+

0002-wireshark-Switch-header-files-to-pragma-once.patch

@@ -1,47 +0,0 @@
-From 41d3b457972bde85991fa7ed6f282370aca4b2af Mon Sep 17 00:00:00 2001
-Message-ID: <41d3b457972bde85991fa7ed6f282370aca4b2af.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:20:05 +0200
-Subject: [PATCH 2/8] wireshark: Switch header files to #pragma once
-Content-type: text/plain
-
-The genxdrstub.pl script generates some header files. But they
-use the old pattern to guard against multiple inclusion:
-
-  #ifndef SOMETHING_H
-  #define SOMETHING_H
-  ...
-  #endif
-
-Change the script to generate just '#pragma once' used everywhere
-else in our code.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/util/genxdrstub.pl | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 8cfda25a27..01b663a88c 100755
---- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -563,11 +563,8 @@ sub add_header_file {
-     local $self->{header_contents} = [];
-     $self->print("/* *DO NOT MODIFY* this file directly.\n");
-     $self->print(" * This file was generated by $0 from libvirt version $libvirt_version */\n");
--    my $ucname = uc $name;
--    $self->print("#ifndef _$ucname\_H_\n");
--    $self->print("#define _$ucname\_H_\n");
-+    $self->print("#pragma once\n");
-     $block->();
--    $self->print("#endif /* _$ucname\_H_ */");
-     push @{ $self->{headers} }, [ $name, delete $self->{header_contents} ];
- }
- 
--- 
-2.51.0
-

0003-virarptable-End-parsing-earlier-in-case-of-NLMSG_DON.patch

@@ -0,0 +1,54 @@
+From df2cefb31dab2fa56e0864fbd2b8ad468dee22c0 Mon Sep 17 00:00:00 2001
+Message-ID: <df2cefb31dab2fa56e0864fbd2b8ad468dee22c0.1724763718.git.crobinso@redhat.com>
+In-Reply-To: <adfdb79f1e01401349e1321d0f5059d7b6489f00.1724763718.git.crobinso@redhat.com>
+References: <adfdb79f1e01401349e1321d0f5059d7b6489f00.1724763718.git.crobinso@redhat.com>
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 14:02:48 +0200
+Subject: [PATCH 3/3] virarptable: End parsing earlier in case of NLMSG_DONE
+Content-type: text/plain
+
+Check for the last multipart message right as the first thing.  The
+presumption probably was that the last message might still contain a
+payload we want to parse.  However that cannot be true since that would
+have to be a type RTM_NEWNEIGH.  This was not caught because older
+kernels were note sending NLMSG_DONE and probably relied on the fact
+that the parsing just stops after all the messages are walked through,
+which the NLMSG_OK macro successfully did.
+
+Resolves: https://issues.redhat.com/browse/RHEL-52449
+Resolves: https://bugzilla.redhat.com/2302245
+Fixes: a176d67cdfaf5b8237a7e3a80d8be0e6bdf2d8fd
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/util/virarptable.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index 45ee76766f..20d11f97b0 100644
+--- a/src/util/virarptable.c
++++ b/src/util/virarptable.c
+@@ -83,6 +83,9 @@ virArpTableGet(void)
+         struct ndmsg *r = NLMSG_DATA(nh);
+         void *addr;
+ 
++        if (nh->nlmsg_type == NLMSG_DONE)
++            break;
++
+         if (nh->nlmsg_len < NLMSG_SPACE(sizeof(*r))) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("wrong nlmsg len"));
+@@ -97,9 +100,6 @@ virArpTableGet(void)
+             (!(r->ndm_state == NUD_STALE || r->ndm_state == NUD_REACHABLE)))
+             continue;
+ 
+-        if (nh->nlmsg_type == NLMSG_DONE)
+-            return table;
+-
+         VIR_WARNINGS_NO_CAST_ALIGN
+         parse_rtattr(tb, NDA_MAX, NDA_RTA(r), NLMSG_PAYLOAD(nh, sizeof(*r)));
+         VIR_WARNINGS_RESET
+-- 
+2.46.0
+

0003-wireshark-Move-WIRESHARK_VERSION-macro-definition.patch

@@ -1,81 +0,0 @@
-From 02a0e78bf54c903da8922c56bade9b3298ade351 Mon Sep 17 00:00:00 2001
-Message-ID: <02a0e78bf54c903da8922c56bade9b3298ade351.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:04:17 +0200
-Subject: [PATCH 3/8] wireshark: Move WIRESHARK_VERSION macro definition
-Content-type: text/plain
-
-Soon, other parts of the wireshark code will need to
-differentiate wrt wireshark version. Therefore, move the
-WIRESHARK_VERSION macro definition among with its deps into
-packet-libvirt.h.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/packet-libvirt.h | 14 ++++++++++++++
- tools/wireshark/src/plugin.c         | 14 --------------
- 2 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.h b/tools/wireshark/src/packet-libvirt.h
-index 14e6e13696..15cfcb0534 100644
---- a/tools/wireshark/src/packet-libvirt.h
-+++ b/tools/wireshark/src/packet-libvirt.h
-@@ -19,5 +19,19 @@
- 
- #pragma once
- 
-+#ifdef WITH_WS_VERSION
-+# include <wireshark/ws_version.h>
-+#else
-+# include <wireshark/config.h>
-+# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
-+# define WIRESHARK_VERSION_MINOR VERSION_MINOR
-+# define WIRESHARK_VERSION_MICRO VERSION_MICRO
-+#endif
-+
-+#define WIRESHARK_VERSION \
-+    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
-+     (WIRESHARK_VERSION_MINOR * 1000) + \
-+     (WIRESHARK_VERSION_MICRO))
-+
- void proto_register_libvirt(void);
- void proto_reg_handoff_libvirt(void);
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 19b25e7b1a..64317b5280 100644
---- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -12,15 +12,6 @@
- 
- #include <config.h>
- 
--#ifdef WITH_WS_VERSION
--# include <wireshark/ws_version.h>
--#else
--# include <wireshark/config.h>
--# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
--# define WIRESHARK_VERSION_MINOR VERSION_MINOR
--# define WIRESHARK_VERSION_MICRO VERSION_MICRO
--#endif
--
- #define HAVE_PLUGINS 1
- #include <wireshark/epan/proto.h>
- /* plugins are DLLs */
-@@ -32,11 +23,6 @@
- /* Let the plugin version be the version of libvirt */
- #define PLUGIN_VERSION VERSION
- 
--#define WIRESHARK_VERSION \
--    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
--     (WIRESHARK_VERSION_MINOR * 1000) + \
--     (WIRESHARK_VERSION_MICRO))
--
- #if WIRESHARK_VERSION < 2005000
- 
- WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
--- 
-2.51.0
-

0004-wireshark-Fix-int-type-of-some-virNetMessageHeader-m.patch

@@ -1,133 +0,0 @@
-From 7374c4ecbd591b02f7be4b2918addc6d5852aafb Mon Sep 17 00:00:00 2001
-Message-ID: <7374c4ecbd591b02f7be4b2918addc6d5852aafb.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:21:30 +0200
-Subject: [PATCH 4/8] wireshark: Fix int type of some virNetMessageHeader
- members
-Content-type: text/plain
-
-Our virNetMessageHeader is a struct that's declared as follows:
-
-  struct virNetMessageHeader {
-      unsigned prog;
-      unsigned vers;
-      int proc;
-      virNetMessageType type;
-      unsigned serial;
-      virNetMessageStatus status;
-  };
-
-Now, per RFC 4506 enums are also encoded as signed integers. This
-means, that only 'prog', 'vers' and 'serial' are really unsigned
-integers. The others ('proc', 'type' and 'status') are encoded as
-signed integers. Fix their type when dissecting.
-
-While at it, also follow latest trend in wireshark and switch
-from guint32 to uint32_t.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 34 +++++++++++++++++++---------
- 1 file changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index da2aabd98a..af14c6bed7 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -92,7 +92,7 @@ typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xd
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
--    guint32             proc;
-+    int32_t             proc;
-     vir_xdr_dissector_t args;
-     vir_xdr_dissector_t ret;
-     vir_xdr_dissector_t msg;
-@@ -275,8 +275,10 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- }
- 
- static vir_xdr_dissector_t
--find_payload_dissector(guint32 proc, guint32 type,
--                       const vir_dissector_index_t *pds, gsize length)
-+find_payload_dissector(int32_t proc,
-+                       enum vir_net_message_type type,
-+                       const vir_dissector_index_t *pds,
-+                       gsize length)
- {
-     const vir_dissector_index_t *pd;
-     guint32 first, last, direction;
-@@ -309,6 +311,10 @@ find_payload_dissector(guint32 proc, guint32 type,
-         return pd->ret;
-     case VIR_NET_MESSAGE:
-         return pd->msg;
-+    case VIR_NET_STREAM:
-+    case VIR_NET_STREAM_HOLE:
-+        /* Handled elsewhere */
-+        return NULL;
-     }
-     return NULL;
- }
-@@ -397,8 +403,12 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- #include "libvirt/protocol.h"
- 
- static void
--dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
--                        guint32 prog, guint32 proc, guint32 type, guint32 status)
-+dissect_libvirt_payload(tvbuff_t *tvb,
-+                        proto_tree *tree,
-+                        uint32_t prog,
-+                        int32_t proc,
-+                        int32_t type,
-+                        int32_t status)
- {
-     gssize payload_length;
- 
-@@ -430,7 +440,8 @@ dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
-     return;
- 
-  unknown:
--    dbg("Cannot determine payload: Prog=%u, Proc=%u, Type=%u, Status=%u", prog, proc, type, status);
-+    dbg("Cannot determine payload: Prog=%u, Proc=%d, Type=%d, Status=%d",
-+        prog, proc, type, status);
-     proto_tree_add_item(tree, hf_libvirt_unknown, tvb, VIR_HEADER_LEN, -1, ENC_NA);
- }
- 
-@@ -439,7 +450,8 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                         void *opaque G_GNUC_UNUSED)
- {
-     goffset offset;
--    guint32 prog, proc, type, serial, status;
-+    uint32_t prog, serial;
-+    int32_t proc, type, status;
-     const value_string *vs;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-@@ -448,17 +460,17 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     offset = 4; /* End of length field */
-     prog   = tvb_get_ntohl(tvb, offset); offset += 4;
-     offset += 4; /* Ignore version header field */
--    proc   = tvb_get_ntohl(tvb, offset); offset += 4;
--    type   = tvb_get_ntohl(tvb, offset); offset += 4;
-+    proc   = tvb_get_ntohil(tvb, offset); offset += 4;
-+    type   = tvb_get_ntohil(tvb, offset); offset += 4;
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
--    status = tvb_get_ntohl(tvb, offset); offset += 4;
-+    status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-     if (vs == NULL) {
--        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%u", proc);
-+        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
-     } else {
-         col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-     }
--- 
-2.51.0
-

0005-wireshark-Don-t-special-case-retval-of-get_program_d.patch

@@ -1,46 +0,0 @@
-From 1086888f95a322101f8cf53b63c96600ccbeb882 Mon Sep 17 00:00:00 2001
-Message-ID: <1086888f95a322101f8cf53b63c96600ccbeb882.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:16:54 +0200
-Subject: [PATCH 5/8] wireshark: Don't special case retval of
- get_program_data() in dissect_libvirt_message()
-Content-type: text/plain
-
-The get_program_data() function returns a pointer (in this
-specific case to an array of procedure strings) which, if
-non-NULL is then passed val_to_str(). Well, if val_to_str() sees
-NULL it is treated gracefully, i.e. like if the numeric value
-'proc' wasn't found in the array.
-
-Therefore, there's no need to special case call to
-col_append_fstr(). Both result into the same behaviour.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index af14c6bed7..6c729801d4 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -469,11 +469,7 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
--    if (vs == NULL) {
--        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
--    } else {
--        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
--    }
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     val_to_str(type, type_strings, "%d"), serial,
--- 
-2.51.0
-

0006-wireshark-Introduce-and-use-vir_val_to_str.patch

@@ -1,68 +0,0 @@
-From ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7 Mon Sep 17 00:00:00 2001
-Message-ID: <ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 18:23:18 +0200
-Subject: [PATCH 6/8] wireshark: Introduce and use vir_val_to_str()
-Content-type: text/plain
-
-Wireshark offers val_to_str() function which converts numeric
-value to string by looking up value ('val') in an array ('vs') of
-<val, string> pairs. If no corresponding string is found, then
-the value is formatted using given 'fmt' string.
-
-Starting from wireshark-4.6.0 not only this function gained
-another argument but also returns a strdup()-ed string. To keep
-our code simple, let's introduce a wrapper so which can be then
-adjusted as needed.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 17 +++++++++++++----
- 1 file changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 6c729801d4..f6ad2c4578 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -140,6 +140,15 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
-+static const char *
-+G_GNUC_PRINTF(3, 0)
-+vir_val_to_str(const uint32_t val,
-+               const value_string *vs,
-+               const char *fmt)
-+{
-+    return val_to_str(val, vs, fmt);
-+}
-+
- static gboolean
- dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 maxlen)
-@@ -466,14 +475,14 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
--                 val_to_str(prog, program_strings, "%x"));
-+                 vir_val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
--    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
--                    val_to_str(type, type_strings, "%d"), serial,
--                    val_to_str(status, status_strings, "%d"));
-+                    vir_val_to_str(type, type_strings, "%d"), serial,
-+                    vir_val_to_str(status, status_strings, "%d"));
- 
-     if (tree) {
-         gint *hf_proc;
--- 
-2.51.0
-

0007-wireshark-Don-t-leak-column-strings.patch

@@ -1,165 +0,0 @@
-From 002b9f559d69b92e77ab2d234df6966fecdaf0ec Mon Sep 17 00:00:00 2001
-Message-ID: <002b9f559d69b92e77ab2d234df6966fecdaf0ec.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:13:48 +0200
-Subject: [PATCH 7/8] wireshark: Don't leak column strings
-Content-type: text/plain
-
-One of the problems of using val_to_str() is that it may return a
-const string from given table ('vs'), OR return an allocated one.
-Since the caller has no idea which case it is, it resides to safe
-option and don't free returned string. But that might lead to a
-memleak. This behaviour is fixed with wireshark-4.6.0 and support
-for it will be introduced soon. But first, make vir_val_to_str()
-behave like fixed val_to_str() from newer wireshark: just always
-allocate the string.
-
-Now, if val_to_str() needs to allocate new memory it obtains
-allocator by calling wmem_packet_scope() which is what we may do
-too.
-
-Hand in hand with that, we need to free the memory using the
-correct allocator, hence wmem_free(). But let's put it into a
-wrapper vir_wmem_free() because just like val_to_str(), it'll
-need additional argument when adapting to new wireshark.
-
-Oh, and freeing the memory right after col_add_fstr() is safe as
-it uses vsnprintf() under the hood to format passed args.
-
-One last thing, the wmem.h file used to live under epan/wmem/ but
-then in v3.5.0~240 [1] was moved to wsutil/wmem/.
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/7f9c1f5f92c131354fc8b2b88d473706786064c0
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- meson.build                          | 20 ++++++++++++++++
- tools/wireshark/src/meson.build      |  1 +
- tools/wireshark/src/packet-libvirt.c | 35 ++++++++++++++++++++++------
- 3 files changed, 49 insertions(+), 7 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index bcc18b20e5..a1e0e5ecd5 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1365,6 +1365,26 @@ if wireshark_dep.found()
-   if cc.check_header('wireshark/ws_version.h')
-     conf.set('WITH_WS_VERSION', 1)
-   endif
-+
-+  # Find wmem.h
-+  # But it's not as easy as you'd think. Ubuntu 20.04 has split parts of
-+  # libwireshark.so into libwsutil.so but:
-+  # a) wireshark.pc never mentions it,
-+  # b) libwsutil-dev package doesn't install pkg-config file.
-+  # Fortunately, it's fixed in 24.04.
-+  if cc.check_header('wireshark/epan/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_EPAN_WMEM', 1)
-+  elif cc.check_header('wireshark/wsutil/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_WSUTIL_WMEM', 1)
-+  else
-+    error('Unable to locate wmem.h file')
-+  endif
-+
-+  # TODO: drop wsutil dep once support for Ubuntu 20.04 is dropped
-+  wsutil_dep = dependency('', required: false)
-+  if not cc.has_function('wmem_free', dependencies: wireshark_dep)
-+    wsutil_dep = cc.find_library('wsutil', required: true)
-+  endif
- endif
- 
- # generic build dependencies checks
-diff --git a/tools/wireshark/src/meson.build b/tools/wireshark/src/meson.build
-index 9b452dc5ca..ba0df913e0 100644
---- a/tools/wireshark/src/meson.build
-+++ b/tools/wireshark/src/meson.build
-@@ -9,6 +9,7 @@ shared_library(
-   ],
-   dependencies: [
-     wireshark_dep,
-+    wsutil_dep,
-     xdr_dep,
-     tools_dep,
-   ],
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f6ad2c4578..3178ac6f27 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -21,6 +21,11 @@
- #include <wireshark/epan/proto.h>
- #include <wireshark/epan/packet.h>
- #include <wireshark/epan/dissectors/packet-tcp.h>
-+#ifdef WITH_WS_EPAN_WMEM
-+# include <wireshark/epan/wmem/wmem.h>
-+#elif WITH_WS_WSUTIL_WMEM
-+# include <wireshark/wsutil/wmem/wmem.h>
-+#endif
- #include <rpc/types.h>
- #include <rpc/xdr.h>
- #include "packet-libvirt.h"
-@@ -140,13 +145,19 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
--static const char *
-+static char *
- G_GNUC_PRINTF(3, 0)
- vir_val_to_str(const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
--    return val_to_str(val, vs, fmt);
-+    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+}
-+
-+static void
-+vir_wmem_free(void *ptr)
-+{
-+    wmem_free(wmem_packet_scope(), ptr);
- }
- 
- static gboolean
-@@ -462,6 +473,10 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     uint32_t prog, serial;
-     int32_t proc, type, status;
-     const value_string *vs;
-+    char *prog_str = NULL;
-+    char *proc_str = NULL;
-+    char *type_str = NULL;
-+    char *status_str = NULL;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-     col_clear(pinfo->cinfo, COL_INFO);
-@@ -474,15 +489,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
--    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
--                 vir_val_to_str(prog, program_strings, "%x"));
-+    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
-+    vir_wmem_free(prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
--    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
-+    proc_str = vir_val_to_str(proc, vs, "%d");
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
-+    vir_wmem_free(proc_str);
- 
-+    type_str = vir_val_to_str(type, type_strings, "%d");
-+    status_str = vir_val_to_str(status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
--                    vir_val_to_str(type, type_strings, "%d"), serial,
--                    vir_val_to_str(status, status_strings, "%d"));
-+                    type_str, serial, status_str);
-+    vir_wmem_free(status_str);
-+    vir_wmem_free(type_str);
- 
-     if (tree) {
-         gint *hf_proc;
--- 
-2.51.0
-

0008-wireshark-Adapt-to-wireshark-4.6.0.patch

@@ -1,493 +0,0 @@
-From b42a12174c787b99cd6fcb29b44e4b13bd64ee58 Mon Sep 17 00:00:00 2001
-Message-ID: <b42a12174c787b99cd6fcb29b44e4b13bd64ee58.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:22:34 +0200
-Subject: [PATCH 8/8] wireshark: Adapt to wireshark-4.6.0
-Content-type: text/plain
-
-The main difference is that wmem_packet_scope() is gone [1] but
-the packet_info struct has 'pool` member which points to the
-allocator used for given packet.
-
-Unfortunately, while we were given pointer to packet_info at the
-entry level to our dissector (dissect_libvirt() ->
-tcp_dissect_pdus() -> dissect_libvirt_message()) it was never
-propagated to generated/primitive dissectors.
-
-But not all dissectors need to allocate memory, so mark the new
-argument as unused. And while our generator could be rewritten so
-that the argument is annotated as unused iff it's really unused,
-I couldn't bother rewriting it. It's generated code after all.
-Too much work for little gain.
-
-Another significant change is that val_to_str() now requires new
-argument: pointer to allocator to use because it always allocates
-new memory [2][3].
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/5ca5c9ca372e06881b23ba9f4fdcb6b479886444
-2: https://gitlab.com/wireshark/wireshark/-/commit/b63599762468e4cf1783419a5556377604d344bb
-3: https://gitlab.com/wireshark/wireshark/-/commit/84799be215313e61b83a3eaf074f89d6ee349b8c
-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/823
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 157 +++++++++++++++++++--------
- tools/wireshark/util/genxdrstub.pl   |  18 +--
- 2 files changed, 119 insertions(+), 56 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 3178ac6f27..c5c8fb4756 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -63,7 +63,7 @@ static gint ett_libvirt_stream_hole = -1;
- 
- #define XDR_PRIMITIVE_DISSECTOR(xtype, ctype, ftype) \
-     static gboolean \
--    dissect_xdr_##xtype(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) \
-+    dissect_xdr_##xtype(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf) \
-     { \
-         goffset start; \
-         ctype val; \
-@@ -93,7 +93,7 @@ XDR_PRIMITIVE_DISSECTOR(bool,    bool_t,   boolean)
- 
- VIR_WARNINGS_RESET
- 
--typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf);
-+typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, XDR *xdrs, int hf);
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
-@@ -146,22 +146,32 @@ static const value_string status_strings[] = {
- };
- 
- static char *
--G_GNUC_PRINTF(3, 0)
--vir_val_to_str(const uint32_t val,
-+G_GNUC_PRINTF(4, 0)
-+vir_val_to_str(packet_info *pinfo,
-+               const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
--    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+#if WIRESHARK_VERSION < 4006000
-+    return val_to_str_wmem(pinfo->pool, val, vs, fmt);
-+#else
-+    return val_to_str(pinfo->pool, val, vs, fmt);
-+#endif
- }
- 
- static void
--vir_wmem_free(void *ptr)
-+vir_wmem_free(packet_info *pinfo,
-+              void *ptr)
- {
--    wmem_free(wmem_packet_scope(), ptr);
-+    wmem_free(pinfo->pool, ptr);
- }
- 
- static gboolean
--dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_string(tvbuff_t *tvb,
-+                   packet_info *pinfo G_GNUC_UNUSED,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 maxlen)
- {
-     goffset start;
-@@ -179,7 +189,11 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
--dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_opaque(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 size)
- {
-     goffset start;
-@@ -190,7 +204,7 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
-         gint len = xdr_getpos(xdrs) - start;
--        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-@@ -202,7 +216,11 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
--dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_bytes(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-                   guint32 maxlen)
- {
-     goffset start;
-@@ -212,7 +230,7 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
-         gint len = xdr_getpos(xdrs) - start;
--        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         free(val);
-@@ -224,7 +242,11 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
--dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_pointer(tvbuff_t *tvb,
-+                    packet_info *pinfo,
-+                    proto_tree *tree,
-+                    XDR *xdrs,
-+                    int hf,
-                     vir_xdr_dissector_t dissect)
- {
-     goffset start;
-@@ -236,7 +258,7 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         return FALSE;
-     }
-     if (not_null) {
--        return dissect(tvb, tree, xdrs, hf);
-+        return dissect(tvb, pinfo, tree, xdrs, hf);
-     } else {
-         proto_item *ti;
-         ti = proto_tree_add_item(tree, hf, tvb, start, xdr_getpos(xdrs) - start, ENC_NA);
-@@ -246,15 +268,22 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
--dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf,
--                     guint32 length, vir_xdr_dissector_t dissect, goffset start)
-+dissect_xdr_iterable(tvbuff_t *tvb,
-+                     packet_info *pinfo,
-+                     proto_item *ti,
-+                     XDR *xdrs,
-+                     gint ett,
-+                     int rhf,
-+                     guint32 length,
-+                     vir_xdr_dissector_t dissect,
-+                     goffset start)
- {
-     proto_tree *tree;
-     guint32 i;
- 
-     tree = proto_item_add_subtree(ti, ett);
-     for (i = 0; i < length; i++) {
--        if (!dissect(tvb, tree, xdrs, rhf))
-+        if (!dissect(tvb, pinfo, tree, xdrs, rhf))
-             return FALSE;
-     }
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-@@ -262,8 +291,16 @@ dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf
- }
- 
- static gboolean
--dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
--                   int rhf, const gchar *rtype, guint32 size, vir_xdr_dissector_t dissect)
-+dissect_xdr_vector(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-+                   gint ett,
-+                   int rhf,
-+                   const gchar *rtype,
-+                   guint32 size,
-+                   vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -271,12 +308,20 @@ dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-     start = xdr_getpos(xdrs);
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s[%u]", rtype, size);
--    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, size, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, size, dissect, start);
- }
- 
- static gboolean
--dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
--                  int rhf, const gchar *rtype, guint32 maxlen, vir_xdr_dissector_t dissect)
-+dissect_xdr_array(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-+                  gint ett,
-+                  int rhf,
-+                  const gchar *rtype,
-+                  guint32 maxlen,
-+                  vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -291,7 +336,7 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- 
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s<%u>", rtype, length);
--    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, length, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, length, dissect, start);
- }
- 
- static vir_xdr_dissector_t
-@@ -340,7 +385,10 @@ find_payload_dissector(int32_t proc,
- }
- 
- static void
--dissect_libvirt_stream(tvbuff_t *tvb, proto_tree *tree, gint payload_length)
-+dissect_libvirt_stream(tvbuff_t *tvb,
-+                       packet_info *pinfo G_GNUC_UNUSED,
-+                       proto_tree *tree,
-+                       gint payload_length)
- {
-     proto_tree_add_item(tree, hf_libvirt_stream, tvb, VIR_HEADER_LEN,
-                         payload_length - VIR_HEADER_LEN, ENC_NA);
-@@ -357,6 +405,7 @@ dissect_libvirt_num_of_fds(tvbuff_t *tvb, proto_tree *tree)
- 
- static void
- dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
-+                    packet_info *pinfo G_GNUC_UNUSED,
-                     gint start G_GNUC_UNUSED,
-                     gint32 nfds G_GNUC_UNUSED)
- {
-@@ -364,8 +413,12 @@ dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
- }
- 
- static void
--dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_length,
--                                 gint32 status, vir_xdr_dissector_t dissect)
-+dissect_libvirt_payload_xdr_data(tvbuff_t *tvb,
-+                                 packet_info *pinfo,
-+                                 proto_tree *tree,
-+                                 gint payload_length,
-+                                 gint32 status,
-+                                 vir_xdr_dissector_t dissect)
- {
-     gint32 nfds = 0;
-     gint start = VIR_HEADER_LEN;
-@@ -384,17 +437,21 @@ dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_l
-     payload_data = (caddr_t)tvb_memdup(NULL, payload_tvb, 0, payload_length);
-     xdrmem_create(&xdrs, payload_data, payload_length, XDR_DECODE);
- 
--    dissect(payload_tvb, tree, &xdrs, -1);
-+    dissect(payload_tvb, pinfo, tree, &xdrs, -1);
- 
-     xdr_destroy(&xdrs);
-     g_free(payload_data);
- 
-     if (nfds != 0)
--        dissect_libvirt_fds(tvb, start + payload_length, nfds);
-+        dissect_libvirt_fds(tvb, pinfo, start + payload_length, nfds);
- }
- 
- static gboolean
--dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+dissect_xdr_stream_hole(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-+                        proto_tree *tree,
-+                        XDR *xdrs,
-+                        int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -411,10 +468,10 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-     tree = proto_item_add_subtree(ti, ett_libvirt_stream_hole);
- 
-     hf = hf_libvirt_stream_hole_length;
--    if (!dissect_xdr_hyper(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_hyper(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     hf = hf_libvirt_stream_hole_flags;
--    if (!dissect_xdr_u_int(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_u_int(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-     return TRUE;
-@@ -424,6 +481,7 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- 
- static void
- dissect_libvirt_payload(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-                         proto_tree *tree,
-                         uint32_t prog,
-                         int32_t proc,
-@@ -447,13 +505,13 @@ dissect_libvirt_payload(tvbuff_t *tvb,
-         xd = find_payload_dissector(proc, type, pds, *len);
-         if (xd == NULL)
-             goto unknown;
--        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, xd);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, xd);
-     } else if (status == VIR_NET_ERROR) {
--        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_remote_error);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_remote_error);
-     } else if (type == VIR_NET_STREAM) { /* implicitly, status == VIR_NET_CONTINUE */
--        dissect_libvirt_stream(tvb, tree, payload_length);
-+        dissect_libvirt_stream(tvb, pinfo, tree, payload_length);
-     } else if (type == VIR_NET_STREAM_HOLE) {
--        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_stream_hole);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_stream_hole);
-     } else {
-         goto unknown;
-     }
-@@ -489,21 +547,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
--    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    prog_str = vir_val_to_str(pinfo, prog, program_strings, "%x");
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
--    vir_wmem_free(prog_str);
-+    vir_wmem_free(pinfo, prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
--    proc_str = vir_val_to_str(proc, vs, "%d");
-+    proc_str = vir_val_to_str(pinfo, proc, vs, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
--    vir_wmem_free(proc_str);
-+    vir_wmem_free(pinfo, proc_str);
- 
--    type_str = vir_val_to_str(type, type_strings, "%d");
--    status_str = vir_val_to_str(status, status_strings, "%d");
-+    type_str = vir_val_to_str(pinfo, type, type_strings, "%d");
-+    status_str = vir_val_to_str(pinfo, status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     type_str, serial, status_str);
--    vir_wmem_free(status_str);
--    vir_wmem_free(type_str);
-+    vir_wmem_free(pinfo, status_str);
-+    vir_wmem_free(pinfo, type_str);
- 
-     if (tree) {
-         gint *hf_proc;
-@@ -532,21 +590,26 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-         proto_tree_add_item(libvirt_tree, hf_libvirt_status,  tvb, offset, 4, ENC_NA); offset += 4;
- 
-         /* Dissect payload remaining */
--        dissect_libvirt_payload(tvb, libvirt_tree, prog, proc, type, status);
-+        dissect_libvirt_payload(tvb, pinfo, libvirt_tree, prog, proc, type, status);
-     }
- 
-     return 0;
- }
- 
- static guint
--get_message_len(packet_info *pinfo G_GNUC_UNUSED, tvbuff_t *tvb, int offset, void *data G_GNUC_UNUSED)
-+get_message_len(packet_info *pinfo G_GNUC_UNUSED,
-+                tvbuff_t *tvb,
-+                int offset,
-+                void *data G_GNUC_UNUSED)
- {
-     return tvb_get_ntohl(tvb, offset);
- }
- 
- static int
--dissect_libvirt(tvbuff_t *tvb, packet_info *pinfo,
--                proto_tree *tree, void *data G_GNUC_UNUSED)
-+dissect_libvirt(tvbuff_t *tvb,
-+                packet_info *pinfo,
-+                proto_tree *tree,
-+                void *data G_GNUC_UNUSED)
- {
-     /* Another magic const - 4; simply, how much bytes
-      * is needed to tell the length of libvirt packet. */
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 01b663a88c..f69695c091 100755
---- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -250,7 +250,7 @@ sub xdr_type {
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my $name = $c->rinc( 'dissect_xdr_'.($self->idstrip || lc($self->xdr_type)) );
--    "$name(tvb, tree, xdrs, hf)";
-+    "$name(tvb, pinfo, tree, xdrs, hf)";
- }
- 
- sub ft_type {
-@@ -345,7 +345,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
--    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)),
-         $c->rinc('dissect_xdr_'.$self->reftype->idstrip);
- }
-@@ -359,7 +359,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
--    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)), $self->length || '~0';
- }
- 
-@@ -447,7 +447,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
--    sprintf 'dissect_xdr_array(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_array(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -476,7 +476,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
--    sprintf 'dissect_xdr_vector(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_vector(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -857,7 +857,7 @@ __END__<<DUMMY # Dummy heredoc to disable perl syntax highlighting
- my ($self, $ident) = @_;
- return if $self->is_primitive;
- %>
--static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     return <%= $self->dealias->render_caller($self->ident eq $ident ? undef : $ident) %>;
- }
-@@ -865,7 +865,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- <% my ($self, $ident) = @_;
-    my $hfvar = $c->rinc('hf_'.$self->idstrip);
- %>
--static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -890,7 +890,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- }
- @@ Sym::Type::Enum#render_dissector
- <% my ($self, $ident) = @_; %>
--static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     enum { DUMMY } es;
-@@ -914,7 +914,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- my ($self, $ident) = @_;
- my $decl_type = $self->decl->type->idstrip;
- %>
--static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     gboolean rc = TRUE;
-     goffset start;
--- 
-2.51.0
-

fix-virtiofs-socket-label.patch

@@ -0,0 +1,31 @@
+From 4c5b2e1e0d0d0cbbf8c6ed28ce77d055d5974f7f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Wed, 6 Mar 2024 17:26:40 +0100
+Subject: [PATCH] qemu: virtiofs: set correct label when creating the socket
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use svirt_t instead of virtd_t, since virtd_t is not available in the
+session mode and qemu with svirt_t won't be able to talk to unconfined_t
+socket.
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_virtiofs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
+index 15dea3bb57f..d80cddd3ba9 100644
+--- a/src/qemu/qemu_virtiofs.c
++++ b/src/qemu/qemu_virtiofs.c
+@@ -102,7 +102,7 @@ qemuVirtioFSOpenChardev(virQEMUDriver *driver,
+     chrdev->data.nix.listen = true;
+     chrdev->data.nix.path = g_strdup(socket_path);
+ 
+-    if (qemuSecuritySetDaemonSocketLabel(driver->securityManager, vm->def) < 0)
++    if (qemuSecuritySetSocketLabel(driver->securityManager, vm->def) < 0)
+         goto cleanup;
+     fd = qemuOpenChrChardevUNIXSocket(chrdev);
+     if (fd < 0) {

libvirt.spec

@@ -6,7 +6,7 @@
 %define min_rhel 8
 %define min_fedora 37
 
-%define arches_qemu_kvm         %{ix86} x86_64 %{power64} %{arm} aarch64 s390x riscv64
+%define arches_qemu_kvm         %{ix86} x86_64 %{power64} %{arm} aarch64 s390x
 %if 0%{?rhel}
     %if 0%{?rhel} > 8
         %define arches_qemu_kvm     x86_64 aarch64 s390x
@@ -19,7 +19,7 @@
 %define arches_x86              %{ix86} x86_64
 
 %define arches_systemtap_64bit  %{arches_64bit}
-%define arches_dmidecode        %{arches_x86} aarch64 riscv64
+%define arches_dmidecode        %{arches_x86}
 %define arches_xen              %{arches_x86} aarch64
 %if 0%{?fedora}
     %define arches_xen          x86_64 aarch64
@@ -29,14 +29,12 @@
 %define arches_zfs              %{arches_x86} %{power64} %{arm}
 %define arches_numactl          %{arches_x86} %{power64} aarch64 s390x
 %define arches_numad            %{arches_x86} %{power64} aarch64
-%define arches_ch               x86_64 aarch64
 
 # The hypervisor drivers that run in libvirtd
 %define with_qemu          0%{!?_without_qemu:1}
 %define with_lxc           0%{!?_without_lxc:1}
 %define with_libxl         0%{!?_without_libxl:1}
 %define with_vbox          0%{!?_without_vbox:1}
-%define with_ch            0%{!?_without_ch:1}
 
 %ifarch %{arches_qemu_kvm}
     %define with_qemu_kvm      %{with_qemu}
@@ -125,9 +123,6 @@
 %ifnarch %{arches_ceph}
     %define with_storage_rbd 0
 %endif
-%ifnarch %{arches_ch}
-    %define with_ch 0
-%endif
 
 # RHEL doesn't ship many hypervisor drivers
 %if 0%{?rhel}
@@ -137,7 +132,6 @@
     %define with_libxl 0
     %define with_hyperv 0
     %define with_lxc 0
-    %define with_ch 0
 %endif
 
 %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
@@ -211,18 +205,6 @@
     %define with_modular_daemons 1
 %endif
 
-# Prefer nftables for future OS releases but keep using iptables
-# for existing ones
-%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41
-    %define prefer_nftables 1
-    %define firewall_backend_priority nftables,iptables
-%else
-    %define prefer_nftables 0
-    %define firewall_backend_priority iptables,nftables
-%endif
-
-
-
 # Force QEMU to run as non-root
 %define qemu_user  qemu
 %define qemu_group  qemu
@@ -294,8 +276,8 @@
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 11.0.0
-Release: 5%{?dist}
+Version: 10.1.0
+Release: 4%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/
 
@@ -303,28 +285,16 @@ URL: https://libvirt.org/
     %define mainturl stable_updates/
 %endif
 Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz
+Patch1: 0001-rpc-ensure-temporary-GSource-is-removed-from-client-.patch
+Patch2: 0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch
+Patch3: 0001-interface-fix-udev-reference-leak-with-invalid-flags.patch
 
-# fix build with GCC 15
-Patch: 0001-util-avoid-overflow-in-hextable-buffer.patch
+Patch0: fix-virtiofs-socket-label.patch
 
-Patch: 0001-storage-stop-hardcoding-paths-for-mkfs-mount-umount.patch
-Patch: 0001-util-stop-hardcoding-numad-path.patch
-Patch: 0001-Fix-mocking-of-virQEMUCapsProbeHVF-function.patch
+Patch10: 0001-virarptable-Properly-calculate-rtattr-length.patch
+Patch11: 0002-virarptable-Fix-check-for-message-length.patch
+Patch12: 0003-virarptable-End-parsing-earlier-in-case-of-NLMSG_DON.patch
 
-# Fix dumpxml failures after migration (bz 2369243)
-Patch: 0001-qemu-Be-more-forgiving-when-acquiring-QUERY-job-when.patch
-# libvirt-nss stops working after network restarts (bz #2364285)
-Patch: 0001-nss-Skip-empty-files-and-avoid-use-of-uninitialized-.patch
-
-# Fix build with wireshark
-Patch: 0001-wireshark-Drop-needless-declaration-of-proto_registe.patch
-Patch: 0002-wireshark-Switch-header-files-to-pragma-once.patch
-Patch: 0003-wireshark-Move-WIRESHARK_VERSION-macro-definition.patch
-Patch: 0004-wireshark-Fix-int-type-of-some-virNetMessageHeader-m.patch
-Patch: 0005-wireshark-Don-t-special-case-retval-of-get_program_d.patch
-Patch: 0006-wireshark-Introduce-and-use-vir_val_to_str.patch
-Patch: 0007-wireshark-Don-t-leak-column-strings.patch
-Patch: 0008-wireshark-Adapt-to-wireshark-4.6.0.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -345,9 +315,6 @@ Obsoletes: libvirt-daemon-uml <= 5.0.0
 %if %{with_vbox}
 Requires: libvirt-daemon-driver-vbox = %{version}-%{release}
 %endif
-%if %{with_ch}
-Requires: libvirt-daemon-driver-ch = %{version}-%{release}
-%endif
 Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-interface = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
@@ -362,7 +329,7 @@ Requires: libvirt-libs = %{version}-%{release}
 BuildRequires: python3-docutils
 BuildRequires: meson >= 0.56.0
 BuildRequires: ninja-build
-BuildRequires: git-core
+BuildRequires: git
 BuildRequires: perl-interpreter
 BuildRequires: python3
 BuildRequires: python3-pytest
@@ -379,7 +346,7 @@ BuildRequires: gcc
     %if %{with_libxl}
 BuildRequires: xen-devel
     %endif
-BuildRequires: glib2-devel >= 2.58
+BuildRequires: glib2-devel >= 2.56
 BuildRequires: libxml2-devel
 BuildRequires: readline-devel
 BuildRequires: pkgconfig(bash-completion) >= 2.0
@@ -392,13 +359,15 @@ BuildRequires: libblkid-devel >= 2.17
 BuildRequires: augeas
 BuildRequires: systemd-devel >= 185
 BuildRequires: libpciaccess-devel >= 0.10.9
-BuildRequires: json-c-devel
+BuildRequires: yajl-devel
     %if %{with_sanlock}
 BuildRequires: sanlock-devel >= 2.4
     %endif
 BuildRequires: libpcap-devel >= 1.5.0
 BuildRequires: libnl3-devel
 BuildRequires: libselinux-devel
+BuildRequires: iptables
+BuildRequires: ebtables
 # For modprobe
 BuildRequires: kmod
 BuildRequires: cyrus-sasl-devel
@@ -456,10 +425,13 @@ BuildRequires: libcurl-devel
 BuildRequires: libwsman-devel >= 2.6.3
     %endif
 BuildRequires: audit-libs-devel
+# we need /usr/sbin/dtrace
 BuildRequires: systemtap-sdt-devel
 BuildRequires: /usr/bin/dtrace
 # For mount/umount in FS driver
 BuildRequires: util-linux
+# For showmount in FS driver (netfs discovery)
+BuildRequires: nfs-utils
     %if %{with_numad}
 BuildRequires: numad
     %endif
@@ -633,11 +605,7 @@ Summary: Network driver plugin for the libvirtd daemon
 Requires: libvirt-daemon-common = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
 Requires: dnsmasq >= 2.41
-    %if %{prefer_nftables}
-Requires: nftables
-    %else
 Requires: iptables
-    %endif
 
 %description daemon-driver-network
 The network driver plugin for the libvirtd daemon, providing
@@ -698,7 +666,7 @@ an implementation of the secret key APIs.
 Summary: Storage driver plugin including base backends for the libvirtd daemon
 Requires: libvirt-daemon-common = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
-Recommends: nfs-utils
+Requires: nfs-utils
 # For mkfs
 Requires: util-linux
 # For storage wiping with different algorithms
@@ -858,7 +826,6 @@ Requires: gzip
 Requires: bzip2
 Requires: lzop
 Requires: xz
-Requires: zstd
 Requires: systemd-container
 Requires: swtpm-tools
         %if %{with_numad}
@@ -946,7 +913,6 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
 Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
 Requires: libvirt-daemon-driver-storage = %{version}-%{release}
-Requires: libvirt-ssh-proxy = %{version}-%{release}
 Requires: qemu
 
 %description daemon-qemu
@@ -975,7 +941,6 @@ Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
 Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
 Requires: libvirt-daemon-driver-storage = %{version}-%{release}
-Requires: libvirt-ssh-proxy = %{version}-%{release}
 Requires: qemu-kvm
 
 %description daemon-kvm
@@ -1024,6 +989,7 @@ Requires: libvirt-daemon-driver-libxl = %{version}-%{release}
 Requires: libvirt-daemon-driver-interface = %{version}-%{release}
 Requires: libvirt-daemon-driver-network = %{version}-%{release}
 Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
+Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
 Requires: libvirt-daemon-driver-storage = %{version}-%{release}
 Requires: xen
@@ -1057,23 +1023,11 @@ Server side daemon and driver required to manage the virtualization
 capabilities of VirtualBox
     %endif
 
-    %if %{with_ch}
-%package daemon-driver-ch
-Summary: Cloud-Hypervisor driver plugin for libvirtd daemon
-Requires: libvirt-daemon-common = %{version}-%{release}
-Requires: libvirt-daemon-log = %{version}-%{release}
-Requires: libvirt-libs = %{version}-%{release}
-
-%description daemon-driver-ch
-The ch driver plugin for the libvirtd daemon, providing
-an implementation of the hypervisor driver APIs by
-Cloud-Hypervisor
-    %endif
-
-
 %package client
 Summary: Client side utilities of the libvirt library
 Requires: libvirt-libs = %{version}-%{release}
+# Needed by virt-pki-validate script.
+Requires: gnutls-utils
 
 # Ensure smooth upgrades
 Obsoletes: libvirt-bash-completion < 7.3.0
@@ -1095,6 +1049,8 @@ with some QEMU specific features of libvirt.
 
 %package libs
 Summary: Client side libraries
+# So remote clients can access libvirt over SSH tunnel
+Requires: cyrus-sasl
 # Needed by default sasl.conf - no onerous extra deps, since
 # 100's of other things on a system already pull in krb5-libs
 Requires: cyrus-sasl-gssapi
@@ -1154,13 +1110,6 @@ Requires: libvirt-daemon-driver-network = %{version}-%{release}
 Libvirt plugin for NSS for translating domain names into IP addresses.
 %endif
 
-%package ssh-proxy
-Summary: Libvirt SSH proxy
-Requires: libvirt-libs = %{version}-%{release}
-
-%description ssh-proxy
-Allows SSH into domains via VSOCK without need for network.
-
 %if %{with_mingw32}
 %package -n mingw32-libvirt
 Summary: %{summary}
@@ -1233,15 +1182,9 @@ exit 1
 %endif
 
 %if %{with_esx}
-    %define arg_esx -Ddriver_esx=enabled
+    %define arg_esx -Ddriver_esx=enabled -Dcurl=enabled
 %else
-    %define arg_esx -Ddriver_esx=disabled
-%endif
-
-%if %{with_esx} || %{with_ch}
-    %define arg_curl -Dcurl=enabled
-%else
-    %define arg_curl -Dcurl=disabled
+    %define arg_esx -Ddriver_esx=disabled -Dcurl=disabled
 %endif
 
 %if %{with_hyperv}
@@ -1256,12 +1199,6 @@ exit 1
     %define arg_vmware -Ddriver_vmware=disabled
 %endif
 
-%if %{with_ch}
-    %define arg_ch -Ddriver_ch=enabled
-%else
-    %define arg_ch -Ddriver_ch=disabled
-%endif
-
 %if %{with_storage_rbd}
     %define arg_storage_rbd -Dstorage_rbd=enabled
 %else
@@ -1379,8 +1316,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
 %meson \
            -Drunstatedir=%{_rundir} \
            -Dinitconfdir=%{_sysconfdir}/sysconfig \
-           -Dunitdir=%{_unitdir} \
-           -Dsysusersdir=%{_sysusersdir} \
            %{?arg_qemu} \
            %{?arg_openvz} \
            %{?arg_lxc} \
@@ -1392,12 +1327,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
            -Ddriver_remote=enabled \
            -Ddriver_test=enabled \
            %{?arg_esx} \
-           %{?arg_curl} \
            %{?arg_hyperv} \
            %{?arg_vmware} \
-           %{?arg_ch} \
            -Ddriver_vz=disabled \
            -Ddriver_bhyve=disabled \
+           -Ddriver_ch=disabled \
            %{?arg_remote_mode} \
            -Ddriver_interface=enabled \
            -Ddriver_network=enabled \
@@ -1424,7 +1358,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
            -Dapparmor_profiles=disabled \
            -Dsecdriver_apparmor=disabled \
            -Dudev=enabled \
-           -Djson_c=enabled \
+           -Dyajl=enabled \
            %{?arg_sanlock} \
            -Dlibpcap=enabled \
            %{?arg_nbdkit} \
@@ -1448,11 +1382,9 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
            -Dtls_priority=%{tls_priority} \
            -Dsysctl_config=enabled \
            %{?arg_userfaultfd_sysctl} \
-           -Dssh_proxy=enabled \
            %{?enable_werror} \
            -Dexpensive_tests=enabled \
            -Dinit_script=systemd \
-           -Dfirewall_backend_priority=%{firewall_backend_priority} \
            -Ddocs=enabled \
            -Dtests=enabled \
            -Drpath=disabled \
@@ -1496,7 +1428,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
   -Dfuse=disabled \
   -Dglusterfs=disabled \
   -Dhost_validate=disabled \
-  -Djson_c=disabled \
   -Dlibiscsi=disabled \
   -Dnbdkit=disabled \
   -Dnbdkit_config_default=disabled \
@@ -1535,12 +1466,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
   -Dstorage_zfs=disabled \
   -Dsysctl_config=disabled \
   -Duserfaultfd_sysctl=disabled \
-  -Dssh_proxy=disabled \
   -Dtests=disabled \
   -Dudev=disabled \
   -Dwireshark_dissector=disabled \
-  %{?enable_werror}
-%mingw_ninja
+  -Dyajl=disabled
+    %mingw_ninja
 %endif
 
 %install
@@ -1599,10 +1529,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
     %endif
-    %if ! %{with_ch}
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_ch.aug
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_ch.aug
-    %endif
 
 # Copied into libvirt-docs subpackage eventually
 mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt libvirt-docs
@@ -1650,8 +1576,7 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt-guests.sh
 %if %{with_native}
 # Building on slow archs, like emulated s390x in Fedora copr, requires
 # raising the test timeout
-export VIR_TEST_DEBUG=1
-%meson_test --no-suite syntax-check --timeout-multiplier 10
+VIR_TEST_DEBUG=1 %meson_test --no-suite syntax-check --timeout-multiplier 10
 %endif
 
 %define libvirt_rpmstatedir %{_localstatedir}/lib/rpm-state/libvirt
@@ -2002,19 +1927,6 @@ exit 0
 %libvirt_systemd_unix_preun virtxend
     %endif
 
-    %if %{with_ch}
-%pre daemon-driver-ch
-%libvirt_sysconfig_pre virtchd
-%libvirt_systemd_unix_pre virtchd
-
-%posttrans daemon-driver-ch
-%libvirt_sysconfig_posttrans virtchd
-%libvirt_systemd_unix_posttrans virtchd
-
-%preun daemon-driver-ch
-%libvirt_systemd_unix_preun virtchd
-    %endif
-
 %pre daemon-config-network
 %libvirt_systemd_config_pre libvirtd
 %libvirt_systemd_config_pre virtnetworkd
@@ -2102,9 +2014,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %config(noreplace) %{_prefix}/lib/sysctl.d/60-libvirtd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
-%dir %{_datadir}/augeas/lenses
 %{_datadir}/augeas/lenses/libvirtd.aug
-%dir %{_datadir}/augeas/lenses/tests
 %{_datadir}/augeas/lenses/tests/test_libvirtd.aug
 %attr(0755, root, root) %{_sbindir}/libvirtd
 %{_mandir}/man8/libvirtd.8*
@@ -2115,7 +2025,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %dir %{_datadir}/libvirt/
 %ghost %dir %{_rundir}/libvirt/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/common/
+%ghost %dir %{_rundir}/libvirt/common/
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/
@@ -2201,7 +2111,7 @@ exit 0
 %{_unitdir}/virtinterfaced-ro.socket
 %{_unitdir}/virtinterfaced-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtinterfaced
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/interface/
+%ghost %dir %{_rundir}/libvirt/interface/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_interface.so
 %{_mandir}/man8/virtinterfaced.8*
 
@@ -2209,9 +2119,6 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf
 %{_datadir}/augeas/lenses/virtnetworkd.aug
 %{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug
-%config(noreplace) %{_sysconfdir}/libvirt/network.conf
-%{_datadir}/augeas/lenses/libvirtd_network.aug
-%{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug
 %{_unitdir}/virtnetworkd.service
 %{_unitdir}/virtnetworkd.socket
 %{_unitdir}/virtnetworkd-ro.socket
@@ -2243,7 +2150,7 @@ exit 0
 %{_unitdir}/virtnodedevd-ro.socket
 %{_unitdir}/virtnodedevd-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtnodedevd
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nodedev/
+%ghost %dir %{_rundir}/libvirt/nodedev/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_nodedev.so
 %{_mandir}/man8/virtnodedevd.8*
 
@@ -2258,8 +2165,8 @@ exit 0
 %attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_rundir}/libvirt/network/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter-binding/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter/
+%ghost %dir %{_rundir}/libvirt/nwfilter-binding/
+%ghost %dir %{_rundir}/libvirt/nwfilter/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_nwfilter.so
 %{_mandir}/man8/virtnwfilterd.8*
 
@@ -2273,7 +2180,7 @@ exit 0
 %{_unitdir}/virtsecretd-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtsecretd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/secrets/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/secrets/
+%ghost %dir %{_rundir}/libvirt/secrets/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_secret.so
 %{_mandir}/man8/virtsecretd.8*
 
@@ -2352,11 +2259,11 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/
-%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/dbus/
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/passt/
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/slirp/
-%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/swtpm/
+%ghost %dir %{_rundir}/libvirt/qemu/
+%ghost %dir %{_rundir}/libvirt/qemu/dbus/
+%ghost %dir %{_rundir}/libvirt/qemu/passt/
+%ghost %dir %{_rundir}/libvirt/qemu/slirp/
+%ghost %dir %{_rundir}/libvirt/qemu/swtpm/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/checkpoint/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/dump/
@@ -2480,19 +2387,6 @@ exit 0
 %attr(0755, root, root) %{_libexecdir}/libvirt_sanlock_helper
     %endif
 
-    %if %{with_ch}
-%files daemon-driver-ch
-%attr(0755, root, root) %{_sbindir}/virtchd
-%config(noreplace) %{_sysconfdir}/libvirt/virtchd.conf
-%{_datadir}/augeas/lenses/virtchd.aug
-%{_datadir}/augeas/lenses/tests/test_virtchd.aug
-%{_unitdir}/virtchd-admin.socket
-%{_unitdir}/virtchd-ro.socket
-%{_unitdir}/virtchd.service
-%{_unitdir}/virtchd.socket
-%{_libdir}/libvirt/connection-driver/libvirt_driver_ch.so
-    %endif
-
 %files client
 %{_mandir}/man1/virsh.1*
 %{_mandir}/man1/virt-xml-validate.1*
@@ -2523,17 +2417,15 @@ exit 0
 %{_libdir}/libvirt-lxc.so.*
 %{_libdir}/libvirt-admin.so.*
 %dir %{_datadir}/libvirt/
-%{_datadir}/libvirt/test-screenshot.png
 %dir %{_datadir}/libvirt/schemas/
-%{_datadir}/libvirt/schemas/*.rng
-%dir %{_datadir}/systemtap/tapset/
 %{_datadir}/systemtap/tapset/libvirt_probes*.stp
 %{_datadir}/systemtap/tapset/libvirt_functions.stp
     %if %{with_qemu}
 %{_datadir}/systemtap/tapset/libvirt_qemu_probes*.stp
     %endif
-%dir %{_datadir}/libvirt/cpu_map
+%{_datadir}/libvirt/schemas/*.rng
 %{_datadir}/libvirt/cpu_map/*.xml
+%{_datadir}/libvirt/test-screenshot.png
 
     %if %{with_wireshark}
 %files wireshark
@@ -2544,10 +2436,6 @@ exit 0
 %{_libdir}/libnss_libvirt.so.2
 %{_libdir}/libnss_libvirt_guest.so.2
 
-%files ssh-proxy
-%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
-%{_libexecdir}/libvirt-ssh-proxy
-
     %if %{with_lxc}
 %files login-shell
 %attr(4750, root, virtlogin) %{_bindir}/virt-login-shell
@@ -2601,7 +2489,7 @@ exit 0
 %{mingw32_bindir}/virt-admin.exe
 %{mingw32_bindir}/virt-xml-validate
 %{mingw32_bindir}/virt-pki-query-dn.exe
-%{mingw32_bindir}/virt-pki-validate.exe
+%{mingw32_bindir}/virt-pki-validate
 %{mingw32_bindir}/libvirt-lxc-0.dll
 %{mingw32_bindir}/libvirt-qemu-0.dll
 %{mingw32_bindir}/libvirt-admin-0.dll
@@ -2660,7 +2548,7 @@ exit 0
 %{mingw64_bindir}/virt-admin.exe
 %{mingw64_bindir}/virt-xml-validate
 %{mingw64_bindir}/virt-pki-query-dn.exe
-%{mingw64_bindir}/virt-pki-validate.exe
+%{mingw64_bindir}/virt-pki-validate
 %{mingw64_bindir}/libvirt-lxc-0.dll
 %{mingw64_bindir}/libvirt-qemu-0.dll
 %{mingw64_bindir}/libvirt-admin-0.dll
@@ -2711,72 +2599,17 @@ exit 0
 
 
 %changelog
-* Fri Oct 24 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-5
-- Fix build with latest wireshark
+* Tue Aug 27 2024 Cole Robinson <crobinso@redhat.com> - 10.1.0-4
+- Fix 'virsh domifaddr --source=arp' on kernel 6.10 (bz #2302245)
 
-* Fri Aug 08 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-4
-- libvirt-nss stops working after network restarts (bz #2364285)
+* Tue Jul  9 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.1.0-3
+- Fix virtiofs SELinux socket label
 
-* Fri Jun 20 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-3
-- Fix dumpxml failures after migration (bz 2369243)
-
-* Tue Apr 29 2025 Daniel P. Berrangé <berrange@redhat.com> - 11.0.0-2
-- Fix location of mount, umount (rhbz #2359196)
-- Fix location of numad (rhbz #2359736)
-- Fix tests on rebuild with latest GCC 15
-
-* Fri Jan 17 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-1
-- Update to version 11.0.0
-
-* Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 10.10.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Mon Dec 02 2024 Cole Robinson <crobinso@redhat.com> - 10.10.0-1
-- Update to version 10.10.0
-
-* Fri Nov  1 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.9.0-1
-- Update to version 10.9.0
-
-* Tue Oct 01 2024 Cole Robinson <crobinso@redhat.com> - 10.8.0-1
-- Update to version 10.8.0
-
-* Mon Sep 02 2024 Cole Robinson <crobinso@redhat.com> - 10.7.0-1
-- Update to version 10.7.0
-
-* Tue Aug 27 2024 Cole Robinson <crobinso@redhat.com> - 10.6.0-2
-- Fix `virsh domifaddr --source=arp` on kernel 6.10 (bz #2302245)
-- Add new systemtap-sdt-dtrace to build deps
-
-* Tue Aug 06 2024 Cole Robinson <crobinso@redhat.com> - 10.6.0-1
-- Update to version 10.6.0
-
-* Mon Aug 05 2024 Richard W.M. Jones <rjones@redhat.com> - 10.5.0-3
-- Rebuild for Xen 4.19.0
-
-* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 10.5.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Thu Jul  4 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.5.0-1
-- Rebase to 10.5.0 release
-
-* Wed Jun  5 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.4.0-2
+* Fri Mar 01 2024 Cole Robinson <crobinso@redhat.com> - 10.1.0-2
+- Fix crash in event loop (CVE-2024-4418)
 - Fix leak of GSource handle
 - Fix leak of udev reference (rhbz #2266017)
 
-* Wed Jun  5 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.4.0-1
-- Update to version 10.4.0
-- Change virtual network backend from iptables to nftables
-- Introduce SSH VSOCK proxy
-
-* Thu May  2 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.3.0-1
-- Update to version 10.3.0
-
-* Sat Apr 06 2024 Cole Robinson <crobinso@redhat.com> - 10.2.0-2
-- Rebuild for new libiscsi
-
-* Fri Apr 05 2024 Cole Robinson <crobinso@redhat.com> - 10.2.0-1
-- Update to version 10.2.0
-
 * Fri Mar 01 2024 Cole Robinson <crobinso@redhat.com> - 10.1.0-1
 - Update to version 10.1.0
 

sources

@@ -1 +1 @@
-SHA512 (libvirt-11.0.0.tar.xz) = ac5fd17d3f488c241017d967364e0441373e9ab0457dab1acfe84fd0b90353dc5d185cc7fcd2b0d7995af4137a3fa18371abb5511686456a9e720f7ec7829da9
+SHA512 (libvirt-10.1.0.tar.xz) = 08e73ae15de5681430b62db85ec9901242dca5e9a4ca9685614f4a67092c6e28f27f9187144b3ceb18ad6b40e6eb1a90b1a4b056b0888724d04a62002ee2bc48