libvirt update containing TDX support and misc bug fixes

CVE-2025-13193: qemu: Set umask for 'qemu-img' when creating external inactive snapshots bsc#1253703 spec: Adjust dbus dependency bsc#1253642 CVE-2025-12748: Check ACLs before parsing the whole domain XML bsc#1253278 qemu: Add support for Intel TDX jsc#PED-9265 Signed-off-by: Jim Fehlig <jfehlig@suse.com>
2025-11-20 15:34:17 -07:00
6 changed files with 40 additions and 54 deletions
--- a/2
+++ b/2
@@ -2,7 +2,7 @@
  <service name="obs_scm" mode="manual">
    <param name="scm">git</param>
    <param name="url">https://gitlab.suse.de/virtualization/libvirt.git</param>
-    <param name="revision">factory</param>
+    <param name="revision">v11.4.0-sle16.0</param>
    <param name="extract">libvirt.spec</param>
    <param name="extract">README.packaging.txt</param>
    <param name="extract">libvirt-supportconfig</param>
--- a/libvirt-11.4.0.obscpio
+++ b/libvirt-11.4.0.obscpio
--- a/libvirt-12.0.0.obscpio
+++ b/libvirt-12.0.0.obscpio
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,25 +1,3 @@
-------------------------------------------------------------------
-Thu Jan 15 18:32:20 UTC 2026 - James Fehlig <jfehlig@suse.com>
-
- Update to libvirt 12.0.0
-  - jsc#PED-14592, jsc#PED-14597, jsc#PED-14623, jsc#PED-15320
-  - Many incremental improvements and bug fixes, see
-    https://libvirt.org/news.html#v12-0-0-2026-01-15
-
-------------------------------------------------------------------
-Tue Dec 16 00:33:28 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
-
- Deactive gluster backend, package is going away for being
-  unmaintained.
-
-------------------------------------------------------------------
-Mon Dec  1 21:57:32 UTC 2025 - James Fehlig <jfehlig@suse.com>
-
- Update to libvirt 11.10.0
-  - build: drop userfaultfd_sysctl option
-  - Many incremental improvements and bug fixes, see
-    https://libvirt.org/news.html#v11-10-0-2025-12-01
-
 -------------------------------------------------------------------
 Wed Nov 19 03:10:14 UTC 2025 - James Fehlig <jfehlig@suse.com>

@@ -36,28 +14,10 @@ Sat Nov 15 02:41:49 UTC 2025 - James Fehlig <jfehlig@suse.com>
  bsc#1253278

 -------------------------------------------------------------------
-Wed Nov  5 18:33:48 UTC 2025 - James Fehlig <jfehlig@suse.com>
+Mon Oct 13 22:49:30 UTC 2025 - James Fehlig <jfehlig@suse.com>

- Update to libvirt 11.9.0
-  - jsc#PED-155, bsc#1251789: By default, VMs are now confined by
-    the security framework (apparmor or selinux) active on the host
-  - bsc#1252958: Fix build with wireshark 4.6.0 
-  - Many incremental improvements and bug fixes, see
-    https://libvirt.org/news.html#v11-9-0-2025-11-03
-
-------------------------------------------------------------------
-Mon Oct  6 17:31:16 UTC 2025 - James Fehlig <jfehlig@suse.com>
-
- Update to libvirt 11.8.0
-  - Many incremental improvements and bug fixes, see
-    https://libvirt.org/news.html#v11-8-0-2025-10-01
-
-------------------------------------------------------------------
-Tue Sep  2 17:04:02 UTC 2025 - James Fehlig <jfehlig@suse.com>
-
- Update to libvirt 11.7.0
-  - Many incremental improvements and bug fixes, see
-    https://libvirt.org/news.html#v11-7-0-2025-09-01
+- qemu: Add support for Intel TDX
+  jsc#PED-9265

 -------------------------------------------------------------------
 Wed Aug  6 17:55:30 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
--- a/libvirt.obsinfo
+++ b/libvirt.obsinfo
@@ -1,4 +1,4 @@
 name: libvirt
-version: 12.0.0
-mtime: 1768511279
-commit: be8a9b1d10144a0ee37d228f7db2d2c04a445396
+version: 11.4.0
+mtime: 1763591187
+commit: 57e138cc91e39ad1d3b99ab6dc5771cad959b938
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -33,11 +33,12 @@

 # Stateful secondary host drivers that run in daemons
 %define with_storage_rbd   0%{!?_without_storage_rbd:0}
+# The gluster storage backend is built for both openSUSE and SLE, but it is
+# not supported
+%define with_storage_gluster  0%{!?_without_storage_gluster:1}
 %define with_storage_iscsi_direct 0%{!?_without_storage_iscsi_direct:1}
 %define with_apparmor      0%{!?_without_apparmor:1}
 %define with_selinux_unconfined_daemon_hooks	0%{!?_without_selinux:1}
-# The gluster storage backend is currently unmaintained in both openSUSE and SLE
-%define with_storage_gluster  0%{!?_without_storage_gluster:0}
 # The udev interface backend is the only one that works across SUSE distros.
 # It supports just a handful of read-only operations, has a history of
 # instability, and is insufficiently maintained. Completely disable the
@@ -53,6 +54,7 @@
 %define with_numactl       0%{!?_without_numactl:1}
 %define with_nwfilter      0%{!?_without_nwfilter:1}
 %define with_modular_daemons 0%{!?_without_modular_daemons:1}
+%define with_userfaultfd_sysctl 0%{!?_without_userfaultfd_sysctl:1}
 %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}

 # A few optional bits off by default, we enable later
@@ -82,6 +84,12 @@
    %define with_storage_rbd 0%{!?_without_storage_rbd:1}
 %endif

+# Tumbleweeed is new enough to support /dev/userfaultfd, which
+# does not require enabling vm.unprivileged_userfaultfd sysct
+%if 0%{?suse_version} > 1500
+    %define with_userfaultfd_sysctl 0
+%endif
+
 # numa-preplace (formerly numad) is used to manage the CPU and memory
 # placement dynamically for qemu and lxc drivers
 %if %{with_qemu} || %{with_lxc}
@@ -145,7 +153,7 @@

 Name:           libvirt
 URL:            https://libvirt.org/
-Version:        12.0.0
+Version:        11.4.0
 Release:        0
 Summary:        Library providing a virtualization API
 License:        LGPL-2.1-or-later
@@ -227,6 +235,12 @@ BuildRequires:  polkit >= 0.112
 %if %{with_nbdkit}
 BuildRequires:  libnbd-devel
 %endif
+# For mount/umount in FS driver
+BuildRequires:  util-linux
+# For LVM drivers
+BuildRequires:  lvm2
+# For pool type=iscsi
+BuildRequires:  open-iscsi
 %if %{with_storage_iscsi_direct}
 # For pool type=iscsi-direct
 BuildRequires:  libiscsi-devel
@@ -488,7 +502,7 @@ Summary:        Storage driver plugin including base backends for the libvirtd d
 Requires:       %{name}-daemon-common = %{version}-%{release}
 Requires:       %{name}-libs = %{version}-%{release}
 Recommends:     nfs-utils
-# For mkfs and mount/unmount
+# For mkfs
 Requires:       util-linux
 %if %{with_qemu}
 # From QEMU RPMs
@@ -948,6 +962,11 @@ Allows SSH into domains via VSOCK without need for network.
 %else
    %define arg_fuse -Dfuse=disabled
 %endif
+%if %{with_userfaultfd_sysctl}
+    %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=enabled
+%else
+    %define arg_userfaultfd_sysctl -Duserfaultfd_sysctl=disabled
+%endif
 %if %{with_nbdkit}
    %define arg_nbdkit -Dnbdkit=enabled
 %else
@@ -1050,6 +1069,7 @@ Allows SSH into domains via VSOCK without need for network.
           -Dstorage_vstorage=disabled \
           %{?arg_numactl} \
           %{?arg_numad} \
+           %{?arg_userfaultfd_sysctl} \
           %{?arg_nbdkit} \
           %{?arg_nbdkit_config_default} \
           -Dssh_proxy=enabled \
@@ -1232,6 +1252,9 @@ fi

 %preun daemon-common
 %service_del_preun libvirt-guests.service
+if [ $1 = 0 ]; then
+    rm -f /var/lib/%{name}/libvirt-guests
+fi

 %postun daemon-common
 /sbin/ldconfig
@@ -1705,6 +1728,9 @@ fi
 %if %{with_apparmor}
 %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.virtqemud
 %endif
+%if %{with_userfaultfd_sysctl}
+%config(noreplace) %{_prefix}/lib/sysctl.d/60-qemu-postcopy-migration.conf
+%endif
 %{_datadir}/augeas/lenses/virtqemud.aug
 %{_datadir}/augeas/lenses/tests/test_virtqemud.aug
 %{_unitdir}/virtqemud.service