diff --git a/SOURCES/libvirt-util-Don-t-overflow-in-virRandomBits.patch b/SOURCES/libvirt-util-Don-t-overflow-in-virRandomBits.patch
new file mode 100644
index 0000000..672eb72
--- /dev/null
+++ b/SOURCES/libvirt-util-Don-t-overflow-in-virRandomBits.patch
@@ -0,0 +1,46 @@
+From 9f6fbc0d4d4fd12d51ae8e9ac4152bc0bc835c24 Mon Sep 17 00:00:00 2001
+Message-Id: <9f6fbc0d4d4fd12d51ae8e9ac4152bc0bc835c24@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 21 Jan 2019 09:04:10 -0500
+Subject: [PATCH] util: Don't overflow in virRandomBits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1667329 (RHEL 7.6.z)
+https://bugzilla.redhat.com/show_bug.cgi?id=1652894 (RHEL 7.7)
+
+The function is supposed to return up to 64bit long integer. In
+order to do that it calls virRandomBytes() to fill the integer
+with random bytes and then masks out everything but requested
+bits. However, when doing that it shifts 1U and not 1ULL. So
+effectively, requesting 32 random bis or more always return 0
+which is not random enough.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Pino Toscano <ptoscano@redhat.com>
+(cherry picked from commit 78c47a92ecb450c9f8bcabd35da7006dc2547882)
+Signed-off-by: John Ferlan <jferlan@redhat.com>
+Message-Id: <20190121140412.27804-2-jferlan@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+---
+ src/util/virrandom.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virrandom.c b/src/util/virrandom.c
+index 01cc82a052..3c011a8615 100644
+--- a/src/util/virrandom.c
++++ b/src/util/virrandom.c
+@@ -68,7 +68,7 @@ uint64_t virRandomBits(int nbits)
+         return 0;
+     }
+ 
+-    ret &= (1U << nbits) - 1;
++    ret &= (1ULL << nbits) - 1;
+     return ret;
+ }
+ 
+-- 
+2.20.1
+
diff --git a/SOURCES/libvirt-virfile-Detect-ceph-as-shared-FS.patch b/SOURCES/libvirt-virfile-Detect-ceph-as-shared-FS.patch
new file mode 100644
index 0000000..6f727e5
--- /dev/null
+++ b/SOURCES/libvirt-virfile-Detect-ceph-as-shared-FS.patch
@@ -0,0 +1,137 @@
+From babe3d8cfbf85c23a71cb167008065bc63cc2fb0 Mon Sep 17 00:00:00 2001
+Message-Id: <babe3d8cfbf85c23a71cb167008065bc63cc2fb0@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 4 Feb 2019 10:37:50 +0100
+Subject: [PATCH] virfile: Detect ceph as shared FS
+
+RHEL-7.7: https://bugzilla.redhat.com/show_bug.cgi?id=1665553
+RHEL-7.6.z: https://bugzilla.redhat.com/show_bug.cgi?id=1672178
+
+Ceph can be mounted just like any other filesystem and in fact is
+a shared and cluster filesystem. The filesystem magic constant
+was taken from kernel sources as it is not in magic.h yet.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+(cherry picked from commit 6dd2a2ae6386b1d51edcc9a434f56d7f9dc2cb35)
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Message-Id: <60cef73c5369ea9b37bf0663ee7f06e2605abd46.1549273057.git.mprivozn@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+---
+ src/util/virfile.c            | 9 ++++++++-
+ src/util/virfile.h            | 1 +
+ src/util/virstoragefile.c     | 3 ++-
+ tests/virfiledata/mounts3.txt | 2 ++
+ tests/virfilemock.c           | 5 +++++
+ tests/virfiletest.c           | 2 ++
+ 6 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index 716b55d770..471d309062 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -3537,6 +3537,9 @@ int virFilePrintf(FILE *fp, const char *msg, ...)
+ # ifndef FUSE_SUPER_MAGIC
+ #  define FUSE_SUPER_MAGIC 0x65735546
+ # endif
++# ifndef CEPH_SUPER_MAGIC
++#  define CEPH_SUPER_MAGIC 0x00C36400
++# endif
+ 
+ # define PROC_MOUNTS "/proc/mounts"
+ 
+@@ -3682,6 +3685,9 @@ virFileIsSharedFSType(const char *path,
+     if ((fstypes & VIR_FILE_SHFS_CIFS) &&
+         (f_type == CIFS_SUPER_MAGIC))
+         return 1;
++    if ((fstypes & VIR_FILE_SHFS_CEPH) &&
++        (f_type == CEPH_SUPER_MAGIC))
++        return 1;
+ 
+     return 0;
+ }
+@@ -3845,7 +3851,8 @@ int virFileIsSharedFS(const char *path)
+                                  VIR_FILE_SHFS_OCFS |
+                                  VIR_FILE_SHFS_AFS |
+                                  VIR_FILE_SHFS_SMB |
+-                                 VIR_FILE_SHFS_CIFS);
++                                 VIR_FILE_SHFS_CIFS |
++                                 VIR_FILE_SHFS_CEPH);
+ }
+ 
+ 
+diff --git a/src/util/virfile.h b/src/util/virfile.h
+index 6f1e802fde..1d16e96b59 100644
+--- a/src/util/virfile.h
++++ b/src/util/virfile.h
+@@ -205,6 +205,7 @@ enum {
+     VIR_FILE_SHFS_AFS = (1 << 3),
+     VIR_FILE_SHFS_SMB = (1 << 4),
+     VIR_FILE_SHFS_CIFS = (1 << 5),
++    VIR_FILE_SHFS_CEPH = (1 << 6),
+ };
+ 
+ int virFileIsSharedFSType(const char *path, int fstypes) ATTRIBUTE_NONNULL(1);
+diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
+index 58f67278da..0b15219c3e 100644
+--- a/src/util/virstoragefile.c
++++ b/src/util/virstoragefile.c
+@@ -1366,7 +1366,8 @@ int virStorageFileIsClusterFS(const char *path)
+      */
+     return virFileIsSharedFSType(path,
+                                  VIR_FILE_SHFS_GFS2 |
+-                                 VIR_FILE_SHFS_OCFS);
++                                 VIR_FILE_SHFS_OCFS |
++                                 VIR_FILE_SHFS_CEPH);
+ }
+ 
+ #ifdef LVS
+diff --git a/tests/virfiledata/mounts3.txt b/tests/virfiledata/mounts3.txt
+index 134c6e8f81..68eded048c 100644
+--- a/tests/virfiledata/mounts3.txt
++++ b/tests/virfiledata/mounts3.txt
+@@ -33,3 +33,5 @@ host:/nfs /nfs nfs4 rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,
+ dev /nfs/blah devtmpfs rw,nosuid,relatime,size=10240k,nr_inodes=4093060,mode=755 0 0
+ host:/gv0 /gluster fuse.glusterfs rw 0 0
+ root@host:/tmp/mkdir /gluster/sshfs fuse.sshfs rw 0 0
++192.168.0.1:/ceph/data /ceph ceph rw,noatime,name=cephfs,secret=<hidden>,acl,wsize=16777216 0 0
++192.168.0.1,192.168.0.2,192.168.0.3:/ceph/data2 /ceph/multi ceph rw,noatime,name=cephfs,secret=<hidden>,acl,wsize=16777216 0 0
+diff --git a/tests/virfilemock.c b/tests/virfilemock.c
+index ae5c8d025a..eb5182df66 100644
+--- a/tests/virfilemock.c
++++ b/tests/virfilemock.c
+@@ -88,6 +88,9 @@ setmntent(const char *filename, const char *type)
+ #ifndef FUSE_SUPER_MAGIC
+ # define FUSE_SUPER_MAGIC 0x65735546
+ #endif
++#ifndef CEPH_SUPER_MAGIC
++# define CEPH_SUPER_MAGIC 0x00c36400
++#endif
+ 
+ 
+ static int
+@@ -134,6 +137,8 @@ statfs_mock(const char *mtab,
+             ftype = CIFS_SUPER_MAGIC;
+         } else if (STRPREFIX(mb.mnt_type, "fuse")) {
+             ftype = FUSE_SUPER_MAGIC;
++        } else if (STRPREFIX(mb.mnt_type, "ceph")) {
++            ftype = CEPH_SUPER_MAGIC;
+         } else {
+             /* Everything else is EXT4. We don't care really for other paths. */
+             ftype = EXT4_SUPER_MAGIC;
+diff --git a/tests/virfiletest.c b/tests/virfiletest.c
+index a246d601ba..972c07fdc5 100644
+--- a/tests/virfiletest.c
++++ b/tests/virfiletest.c
+@@ -458,6 +458,8 @@ mymain(void)
+     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/gluster/file", true);
+     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/gluster/sshfs/file", false);
+     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/some/symlink/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/ceph/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/ceph/multi/file", true);
+ 
+     return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ }
+-- 
+2.20.1
+
diff --git a/SOURCES/libvirt-virrandom-Avoid-undefined-behaviour-in-virRandomBits.patch b/SOURCES/libvirt-virrandom-Avoid-undefined-behaviour-in-virRandomBits.patch
new file mode 100644
index 0000000..4358392
--- /dev/null
+++ b/SOURCES/libvirt-virrandom-Avoid-undefined-behaviour-in-virRandomBits.patch
@@ -0,0 +1,42 @@
+From cdd5c75a34654abb2516476b851c6730b4bcb11b Mon Sep 17 00:00:00 2001
+Message-Id: <cdd5c75a34654abb2516476b851c6730b4bcb11b@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 21 Jan 2019 09:04:11 -0500
+Subject: [PATCH] virrandom: Avoid undefined behaviour in virRandomBits
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1667329 (RHEL 7.6.z)
+https://bugzilla.redhat.com/show_bug.cgi?id=1652894 (RHEL 7.7)
+
+If nbits is 64 (or greater) then shifting 1ULL left is undefined.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 0a5a6f0d019996b015bb0acbe30efa8f2fbbb351)
+Signed-off-by: John Ferlan <jferlan@redhat.com>
+Message-Id: <20190121140412.27804-3-jferlan@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+---
+ src/util/virrandom.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/util/virrandom.c b/src/util/virrandom.c
+index 3c011a8615..7915f6531e 100644
+--- a/src/util/virrandom.c
++++ b/src/util/virrandom.c
+@@ -68,7 +68,9 @@ uint64_t virRandomBits(int nbits)
+         return 0;
+     }
+ 
+-    ret &= (1ULL << nbits) - 1;
++    if (nbits < 64)
++        ret &= (1ULL << nbits) - 1;
++
+     return ret;
+ }
+ 
+-- 
+2.20.1
+
diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec
index d43a998..67d5606 100644
--- a/SPECS/libvirt.spec
+++ b/SPECS/libvirt.spec
@@ -253,7 +253,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 4.5.0
-Release: 10%{?dist}.4%{?extra_release}
+Release: 10%{?dist}.6%{?extra_release}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -383,6 +383,9 @@ Patch117: libvirt-qemu-Avoid-duplicate-resume-events-and-state-changes.patch
 Patch118: libvirt-qemu-Don-t-ignore-resume-events.patch
 Patch119: libvirt-qemu-Fix-post-copy-migration-on-the-source.patch
 Patch120: libvirt-RHEL-cpu_map-Mark-arch-facilities-feature-as-non-migratable.patch
+Patch121: libvirt-virfile-Detect-ceph-as-shared-FS.patch
+Patch122: libvirt-util-Don-t-overflow-in-virRandomBits.patch
+Patch123: libvirt-virrandom-Avoid-undefined-behaviour-in-virRandomBits.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -832,6 +835,8 @@ volumes using libgfapi.
 Summary: Storage driver plugin for rbd
 Requires: libvirt-daemon-driver-storage-core = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
+# for rbd_diff_iterate2
+Requires: librbd1 >= 1:10.2.5
 
 %description daemon-driver-storage-rbd
 The storage driver backend adding implementation of the storage APIs for rbd
@@ -2282,6 +2287,14 @@ exit 0
 
 
 %changelog
+* Thu Feb 21 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.6
+- RHEL: spec: Require new enough librbd1 (rhbz#1679569)
+
+* Wed Feb 20 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.5
+- virfile: Detect ceph as shared FS (rhbz#1672178)
+- util: Don't overflow in virRandomBits (rhbz#1667329)
+- virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1667329)
+
 * Thu Jan 10 2019 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-10.el7_6.4
 - qemu: Fix post-copy migration on the source (rhbz#1654732)
 - RHEL: cpu_map: Mark arch-facilities feature as non-migratable (rhbz#1664793)