PR#3: Update to v10.4.0 for hyperscale release - rpms/libvirt

		`@@ -0,0 +1,41 @@`
		`+ From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>`
		`+ Date: Wed, 5 Jun 2024 11:16:21 +0100`
		`+ Subject: [PATCH] interface: fix udev reference leak with invalid flags`
		`+ MIME-Version: 1.0`
		`+ Content-Type: text/plain; charset=UTF-8`
		`+ Content-Transfer-Encoding: 8bit`
		`+`
		`+ The udevInterfaceGetXMLDesc method takes a reference on the udev`
		`+ driver as its first action. If the virCheckFlags() condition`
		`+ fails, however, this reference is never released.`
		`+`
		`+ Reviewed-by: Peter Krempa <pkrempa@redhat.com>`
		`+ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>`
		`+ ---`
		`+ src/interface/interface_backend_udev.c \| 4 +++-`
		`+ 1 file changed, 3 insertions(+), 1 deletion(-)`
		`+`
		`+ diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c`
		`+ index fdf11a8318..e1a50389c9 100644`
		`+ --- a/src/interface/interface_backend_udev.c`
		`+ +++ b/src/interface/interface_backend_udev.c`
		`+ @@ -1027,12 +1027,14 @@ static char *`
		`+ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo,`
		`+ unsigned int flags)`
		`+ {`
		`+ - struct udev *udev = udev_ref(driver->udev);`
		`+ + struct udev *udev = NULL;`
		`+ g_autoptr(virInterfaceDef) ifacedef = NULL;`
		`+ char *xmlstr = NULL;`
		`+`
		`+ virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL);`
		`+`
		`+ + udev = udev_ref(driver->udev);`
		`+ +`
		`+ /* Recursively build up the interface XML based on the requested`
		`+ * interface name`
		`+ */`
		`+ --`
		`+ 2.45.1`
		`+`

0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch

file added

+49

		`@@ -0,0 +1,49 @@`
		`+ From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>`
		`+ Date: Fri, 17 May 2024 14:55:24 +0100`
		`+ Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop`
		`+ MIME-Version: 1.0`
		`+ Content-Type: text/plain; charset=UTF-8`
		`+ Content-Transfer-Encoding: 8bit`
		`+`
		`+ We never release the reference on the GSource created for`
		`+ interrupting the main loop, nor do we remove it from the`
		`+ main context if our thread is woken up prior to the wakeup`
		`+ callback firing.`
		`+`
		`+ This can result in a leak of GSource objects, along with an`
		`+ ever growing list of GSources attached to the main context,`
		`+ which will gradually slow down execution of the loop, as`
		`+ several operations are O(N) for the number of attached GSource`
		`+ objects.`
		`+`
		`+ Reviewed-by: Michal Privoznik <mprivozn@redhat.com>`
		`+ Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>`
		`+ ---`
		`+ src/rpc/virnetclient.c \| 3 ++-`
		`+ 1 file changed, 2 insertions(+), 1 deletion(-)`
		`+`
		`+ diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c`
		`+ index 147b0d661a..6d424eb599 100644`
		`+ --- a/src/rpc/virnetclient.c`
		`+ +++ b/src/rpc/virnetclient.c`
		`+ @@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client,`
		`+ /* Check to see if another thread is dispatching */`
		`+ if (client->haveTheBuck) {`
		`+ /* Force other thread to wakeup from poll */`
		`+ - GSource *wakeup = g_idle_source_new();`
		`+ + g_autoptr(GSource) wakeup = g_idle_source_new();`
		`+ g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);`
		`+ g_source_attach(wakeup, client->eventCtx);`
		`+`
		`+ @@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client,`
		`+ return -1;`
		`+ }`
		`+`
		`+ + g_source_destroy(wakeup);`
		`+ VIR_DEBUG("Woken up from sleep head=%p call=%p",`
		`+ client->waitDispatch, thiscall);`
		`+ /* Three reasons we can be woken up`
		`+ --`
		`+ 2.45.1`
		`+`

libvirt.spec

file modified

+83 -6

		`@@ -205,6 +205,16 @@`
		`%define with_modular_daemons 1`
		`%endif`

		`+ # Prefer nftables for future OS releases but keep using iptables`
		`+ # for existing ones`
		`+ %if 0%{?rhel} >= 10 \|\| 0%{?fedora} >= 41`
		`+ %define prefer_nftables 1`
		`+ %define firewall_backend_priority nftables,iptables`
		`+ %else`
		`+ %define prefer_nftables 0`
		`+ %define firewall_backend_priority iptables,nftables`
		`+ %endif`
		`+`
		`# Force QEMU to run as non-root`
		`%define qemu_user qemu`
		`%define qemu_group qemu`
		`@@ -274,10 +284,16 @@`
		`done \`
		`%{nil}`

		`+ # To prevent rpmdev-bumpspec breakage`
		`+ %global baserelease 2`
		`+`
		`+ # Hyperscale release`
		`+ %global hsrel .1`
		`+`
		`Summary: Library providing a simple virtualization API`
		`Name: libvirt`
		`- Version: 10.1.0`
		`- Release: 1%{?dist}`
		`+ Version: 10.4.0`
		`+ Release: %{baserelease}%{?hsrel}%{?dist}`
		`License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1`
		`URL: https://libvirt.org/`

		`@@ -285,6 +301,8 @@`
		`%define mainturl stable_updates/`
		`%endif`
		`Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz`
		`+ Patch2: 0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch`
		`+ Patch3: 0001-interface-fix-udev-reference-leak-with-invalid-flags.patch`

		`Requires: libvirt-daemon = %{version}-%{release}`
		`Requires: libvirt-daemon-config-network = %{version}-%{release}`
		`@@ -336,7 +354,7 @@`
		`%if %{with_libxl}`
		`BuildRequires: xen-devel`
		`%endif`
		`- BuildRequires: glib2-devel >= 2.56`
		`+ BuildRequires: glib2-devel >= 2.58`
		`BuildRequires: libxml2-devel`
		`BuildRequires: readline-devel`
		`BuildRequires: pkgconfig(bash-completion) >= 2.0`
		`@@ -356,8 +374,6 @@`
		`BuildRequires: libpcap-devel >= 1.5.0`
		`BuildRequires: libnl3-devel`
		`BuildRequires: libselinux-devel`
		`- BuildRequires: iptables`
		`- BuildRequires: ebtables`
		`# For modprobe`
		`BuildRequires: kmod`
		`BuildRequires: cyrus-sasl-devel`
		`@@ -594,7 +610,11 @@`
		`Requires: libvirt-daemon-common = %{version}-%{release}`
		`Requires: libvirt-libs = %{version}-%{release}`
		`Requires: dnsmasq >= 2.41`
		`+ %if %{prefer_nftables}`
		`+ Requires: nftables`
		`+ %else`
		`Requires: iptables`
		`+ %endif`

		`%description daemon-driver-network`
		`The network driver plugin for the libvirtd daemon, providing`
		`@@ -815,8 +835,13 @@`
		`Requires: bzip2`
		`Requires: lzop`
		`Requires: xz`
		`+ Requires: zstd`
		`Requires: systemd-container`
		`+ %if 0%{?facebook}`
		`+ Recommends: swtpm-tools`
		`+ %else`
		`Requires: swtpm-tools`
		`+ %endif`
		`%if %{with_numad}`
		`Requires: numad`
		`%endif`
		`@@ -902,6 +927,7 @@`
		`Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}`
		`Requires: libvirt-daemon-driver-secret = %{version}-%{release}`
		`Requires: libvirt-daemon-driver-storage = %{version}-%{release}`
		`+ Requires: libvirt-ssh-proxy = %{version}-%{release}`
		`Requires: qemu`

		`%description daemon-qemu`
		`@@ -930,7 +956,14 @@`
		`Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}`
		`Requires: libvirt-daemon-driver-secret = %{version}-%{release}`
		`Requires: libvirt-daemon-driver-storage = %{version}-%{release}`
		`+ Requires: libvirt-ssh-proxy = %{version}-%{release}`
		`+`
		`+ # relax requirement for qemu-kvm for fb builds`
		`+ %if 0%{?facebook}`
		`+ Recommends: qemu-kvm`
		`+ %else`
		`Requires: qemu-kvm`
		`+ %endif`

		`%description daemon-kvm`
		`Server side daemon and driver required to manage the virtualization`
		`@@ -1099,6 +1132,13 @@`
		`Libvirt plugin for NSS for translating domain names into IP addresses.`
		`%endif`

		`+ %package ssh-proxy`
		`+ Summary: Libvirt SSH proxy`
		`+ Requires: libvirt-libs = %{version}-%{release}`
		`+`
		`+ %description ssh-proxy`
		`+ Allows SSH into domains via VSOCK without need for network.`
		`+`
		`%if %{with_mingw32}`
		`%package -n mingw32-libvirt`
		`Summary: %{summary}`
		`@@ -1371,9 +1411,11 @@`
		`-Dtls_priority=%{tls_priority} \`
		`-Dsysctl_config=enabled \`
		`%{?arg_userfaultfd_sysctl} \`
		`+ -Dssh_proxy=enabled \`
		`%{?enable_werror} \`
		`-Dexpensive_tests=enabled \`
		`-Dinit_script=systemd \`
		`+ -Dfirewall_backend_priority=%{firewall_backend_priority} \`
		`-Ddocs=enabled \`
		`-Dtests=enabled \`
		`-Drpath=disabled \`
		`@@ -1455,6 +1497,7 @@`
		`-Dstorage_zfs=disabled \`
		`-Dsysctl_config=disabled \`
		`-Duserfaultfd_sysctl=disabled \`
		`+ -Dssh_proxy=disabled \`
		`-Dtests=disabled \`
		`-Dudev=disabled \`
		`-Dwireshark_dissector=disabled \`
		`@@ -1565,7 +1608,8 @@`
		`%if %{with_native}`
		`# Building on slow archs, like emulated s390x in Fedora copr, requires`
		`# raising the test timeout`
		`- VIR_TEST_DEBUG=1 %meson_test --no-suite syntax-check --timeout-multiplier 10`
		`+ VIR_TEST_DEBUG=1`
		`+ %meson_test --no-suite syntax-check --timeout-multiplier 10`
		`%endif`

		`%define libvirt_rpmstatedir %{_localstatedir}/lib/rpm-state/libvirt`
		`@@ -2108,6 +2152,9 @@`
		`%config(noreplace) %{_sysconfdir}/libvirt/virtnetworkd.conf`
		`%{_datadir}/augeas/lenses/virtnetworkd.aug`
		`%{_datadir}/augeas/lenses/tests/test_virtnetworkd.aug`
		`+ %config(noreplace) %{_sysconfdir}/libvirt/network.conf`
		`+ %{_datadir}/augeas/lenses/libvirtd_network.aug`
		`+ %{_datadir}/augeas/lenses/tests/test_libvirtd_network.aug`
		`%{_unitdir}/virtnetworkd.service`
		`%{_unitdir}/virtnetworkd.socket`
		`%{_unitdir}/virtnetworkd-ro.socket`
		`@@ -2425,6 +2472,10 @@`
		`%{_libdir}/libnss_libvirt.so.2`
		`%{_libdir}/libnss_libvirt_guest.so.2`

		`+ %files ssh-proxy`
		`+ %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf`
		`+ %{_libexecdir}/libvirt-ssh-proxy`
		`+`
		`%if %{with_lxc}`
		`%files login-shell`
		`%attr(4750, root, virtlogin) %{_bindir}/virt-login-shell`
		`@@ -2588,6 +2639,32 @@`


		`%changelog`
		`+ * Wed Jun 14 2024 Roberto Campesato <render@metalabs.org> - 10.4.0-2.1`
		`+ - Update to version 10.4.0`
		`+ - Relax dependency on swtpm-tools for facebook builds`
		`+`
		`+ * Wed Jun 5 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.4.0-2`
		`+ - Fix leak of GSource handle`
		`+ - Fix leak of udev reference (rhbz #2266017)`
		`+`
		`+ * Wed Jun 5 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.4.0-1`
		`+ - Update to version 10.4.0`
		`+ - Change virtual network backend from iptables to nftables`
		`+ - Introduce SSH VSOCK proxy`
		`+`
		`+ * Thu May 2 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.3.0-1`
		`+ - Update to version 10.3.0`
		`+`
		`+ * Sat Apr 06 2024 Cole Robinson <crobinso@redhat.com> - 10.2.0-2`
		`+ - Rebuild for new libiscsi`
		`+`
		`+ * Fri Apr 05 2024 Cole Robinson <crobinso@redhat.com> - 10.2.0-1`
		`+ - Update to version 10.2.0`
		`+`
		`+ * Wed Mar 27 2024 Roberto Campesato <render@metalabs.org> - 10.1.0-1.1`
		`+ - Update to version 10.1.0`
		`+ - Relax dependency on qemu-kvm for facebook builds`
		`+`
		`* Fri Mar 01 2024 Cole Robinson <crobinso@redhat.com> - 10.1.0-1`
		`- Update to version 10.1.0`

sources

file modified

+1 -1

		`@@ -1,1 +1,1 @@`
		`- SHA512 (libvirt-10.1.0.tar.xz) = 08e73ae15de5681430b62db85ec9901242dca5e9a4ca9685614f4a67092c6e28f27f9187144b3ceb18ad6b40e6eb1a90b1a4b056b0888724d04a62002ee2bc48`
		`+ SHA512 (libvirt-10.4.0.tar.xz) = 711be39f3fb831a5073b25a5b02410676147114f3dcf85b24c8505b611a81bf64cf3b95f66908e0dc3a2f3e66e5fc31b2d95db610ea3f1b747a9fd1f52b1ffa7`

render commented 5 months ago

Synced from rawhide
Downgrade dependency on swtpm-tools to Recommends for facebook builds to have libvirt not depend on selinux-related packages

build validated for:

centos-stream-hyperscale-9-x86_64
centos-stream-hyperscale-facebook-9-x86_64
centos-stream-hyperscale-9-aarch64
centos-stream-hyperscale-facebook-9-aarch64