From patchwork Tue May 5 12:12:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9810 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4g8y8H2jdsz3wpF for ; Tue, 05 May 2026 12:13:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4g8y8F4wV2z7Bg for ; Tue, 05 May 2026 12:13:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4g8y8F0Nqnz33v0 for ; Tue, 05 May 2026 12:13:01 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4g8y8B1xpLz32qB for ; Tue, 05 May 2026 12:12:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4g8y895Jqwz5gV; Tue, 05 May 2026 12:12:57 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1777983177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ACyQQMTvKcQ38Ug1ezlP6igbfZmQtl2bnkMzVxMZ08k=; b=9Y6CtQliVHiMCavsX7E+4hI3zLiuZTe4McLMdRI317MlR/aq2yO/Z14BuinMdmWtr/zDBw BuiX2HHepFNavICQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1777983177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ACyQQMTvKcQ38Ug1ezlP6igbfZmQtl2bnkMzVxMZ08k=; b=OD3lpZfzp/LnKTM7vMsdM9QIoYwnCjPp61ccvDY7TnE7eylosKcjAn8hbT9TT5XUeU2W5s Bc80Vycs7HmKo+soD4baz7HqjpzCfSLMQJE/gJoAWRl7EqfDue5lfpBLjN037KqiVWo1Nr WjQXeKL1YsLccO1Q3hHD/n7SRCrgYK1oG1Xm8caIGY/qF2dsKlmfHPC3k4pcEmvQv9yn1i 51JafqktqCyT8FZA6AZXDlBBaiolHa/a26S0+uHPEAxdwkPLj5SQH5tBpZEsEt5BfqzZtS 0Q7LeTQcuIUrxHOrDNkFRuIhElGslbG7LvzOZcw5/cd1QBeVE8D+AknfsiWmDQ== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libvirt: Update to version 12.3.0 Date: Tue, 5 May 2026 14:12:54 +0200 Message-ID: <20260505121254.16621-3-adolf.belka@ipfire.org> In-Reply-To: <20260505121254.16621-1-adolf.belka@ipfire.org> References: <20260505121254.16621-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 11.7.0 to 12.3.0 - Update of rootfile - 2 CVE fixes in 11.10.0 - Changelog 12.3.0 New features * bhyve: Add blkiotune support The bhyve driver now supports guest I/O throttling configuration:: * 20000 20000 10000 10000 It uses the ``rctl(4)`` framework to apply these limits. * bhyve: Implement ``virDomainInterfaceAddresses()`` and ``virDomainGetHostname()`` The bhyve driver now implements APIs allowing to fetch address of VM's interfaces (accessible via ``virsh domifaddr``) and the hostname of the VM (``virsh domhostname``). * hyperv: Implement ``virDomainGetGuestInfo()`` The hyperv driver now implements API for fetching guest information (``virsh guestinfo``). Improvements * security: Don't error out on security labels of type='none' Previously, libvirt reported an error if a domain with seclabel of type='none' (meaning do not take this security model into account for this domain) was being started and the model wasn't available (for instance, in case of SELinux it was disabled at boot). * Allow for multiple PCI root buses, not just for a single one numbered '0' `virPCIDeviceReset()` and `virPCIDeviceIsBehindSwitchLackingACS()` no longer use a hardcoded check (e.g bus == 0 ) to determine if a device is attached to a "root bus". This allows for better support on more complex PCI topologies. * Add mechanism to prevent accidental shrink of device with ``virsh blockresize`` A new flag ``VIR_DOMAIN_BLOCK_RESIZE_EXTEND`` was introduced which prevents accidental shrinking of the block device of the VM. The flag is exposed as ``virsh blockresize --extend``. * Expose ``MemAvailable`` field from kernel's meminfo as ``VIR_NODE_MEMORY_STATS_AVAILABLE`` Bug fixes * virnetdevmacvlan: Wait for udev to settle after creating macvtap When starting a domain with a macvtap device (or when hotplugging one), libvirt creates the device and opens its ``/dev`` representation in order to set it according to the ```` XML (e.g. MAC address, queues, etc.). But if the system is under heavy load, it might happen that after the device creation the udev daemon was triggered, but did not have enough time to set the ``/dev`` representation fully. This may result in various misconfiguration or even failed ``open()``. Therefore, libvirt waits after device creation for udev daemon to settle down. * apparmor: Don't drop macvtap devices from profile on blockjobs 12.2.0 Removed features * qemu: Stop advertising support for ``handle`` backend of 9p filesystems QEMU removed the feature in the 4.0 release, but our capability XML still reported it. New features * qemu: Add support to configure IOMMUFD backend for whole VM In addition to setting IOMMUFD backend for each device it is possible to use the new ```` element to enable IOMMUFD backend for all host devices. Users can still change it per device. * qemu: Add support to pass FD for IOMMUFD when starting VM Management applications running unprivileged libvirt can open /dev/iommu and pass FD to libvirt in order to change locked memory accounting. This is done via new ```` element. * qemu: Add support for declaring that storage was zeroed for storage copy APIs The qemu driver now can skip zeroing of the storage during ``virDomainBlockCopy`` or migration with non-shared storage with the appropriate flags. This can be used for storage technologies which lack efficient zeroing support. * hyperv: Add basic snapshot functionality The hyperv driver now implements the following libvirt APIs: ``virDomainDefineXMLFlags()``, ``virDomainSnapshotLookupByName()``, ``virDomainListAllSnapshots()``, ``virDomainSnapshotNum()``, ``virDomainSnapshotGetXMLDesc()``, ``virDomainSnapshotCurrent()``, ``virDomainHasCurrentSnapshot()``, ``virDomainSnapshotGetParent()``. Improvements * conf: support more than 255 vCPUs with amd-iommu With 256 or more vCPUs libvirt previously required EIM enabled for all models of IOMMU. This is not valid for AMD model and validation was changed so that XTSup is required there. Additionally, it is automatically enabled if needed. * Introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES flag This new flag for virConnectGetDomainCapabilities can be used to request the host-model CPU definition to include all supported features (normally only extra features relative to the selected CPU model are listed). * qemu: Add statistics for ```` storage The bulk statistics (``virsh domstats --block --backing``) now report also information about the ```` if given disk uses this feature. * hyperv: Hyper-V guests now report TPM device status in their domain xml definition. Bug fixes * qemu: Fix crash when attaching network inteface with hostdev network Introduced in v12.1.0 by implementing IOMMUFD backend support for host devices. 12.1.0 New features * qemu: Advertise firmware features in domain capabilities XML The contents of the ```` element can be used to determine ahead of time whether a firmware matching certain characteristics, for example Secure Boot support, is available for the selected architecture and machine type. * qemu: Add support for uefi-vars device and firmware builds using it This is particularly noteworthy for people running aarch64 VMs with the 'virt' machine type, as it makes it finally possible to use Secure Boot with that combination. In most cases, no special steps are needed to take advantage of this: assuming that you have installed a recent version of QEMU, as well as a build of edk2 that includes the necessary binaries, you can just `enable Secure Boot `__ as you normally would. To explicitly request that the uefi-vars device is used even for scenarios where that would normally not be the case, it's enough to add an empty ```` element in the domain XML. More details are available in the `guest firmware configuration `__ section of the documentation. * hyperv: improve API coverage for the hyperv driver The `virDomainInterfaceAddresses()` and `virDomainGetBlockInfo()` APIs are now supported by the hyperv driver. In addition, the domain xml for hyperv domains will indicate via firmware features whether secure boot is enabled. It also honors these firmware features when creating new domains. * bhyve: Add support for vCPU pinning configuration Bhyve guests can now have vCPU pinning configured:: Additionally, the ``domainGetVcpuPinInfo`` API is implemented for querying vCPU pinning information. * qemu: Support block operation latency histograms Libvirt now allows configuring qemu's block latency histogram collection as well as returns them via the bulk stats API. Improvements * Introduce granule attribute for virtio-iommu In case when guest page size doesn't match the host page size (typically aarch64) the ``virtio-iommu`` needs to know the guest page size so it can allocate memory aligned to guest page size. * Parse hyperv features even for host-model Two releases ago, in v11.9.0 new ``host-model`` mode for Hyper-V enlightenments was introduced. Starting with this release, users can additionally override the defaults that are picked when domain is started and features are expanded. * bhyve: Improve loader configuration for arm64 guests If loader is not explicitly configured, use the loader from the ``sysutils/u-boot-bhyve-arm64`` port/package for the arm64 guests. Bug fixes * Fix build with remote driver disabled Some parts of code were wrongly annotated as depended on remote driver. But they were used even from client side drivers. This is now fixed and libvirt builds properly even with remote driver disabled. * Various fixes to libvirt-guests.sh Firstly, the exit code of various commands was ignored (which may lead the script to wrongly determine persistent/transient domain state, for instance). Secondly, due to logical error, the script might have incorrectly asses state a domain is in. * AppArmor: Ask for no deny rule for readonly disk elements For read only disks, libvirt created an AppArmor profile which disallowed any future write rules. But when doing a blockcommit, libvirt needs to allow hypervisor to write to even readonly disks. The rule in the profile was changed so that future write rules can be added, temporarily. * esx: Allow connecting to IPv6 server Due to a bug in our code, if an IPv6 address was provided in connection URI, libvirt would fail to connect to VMWare server. This is now fixed. * qemu: Use device alias if interface has no name The ``virDomainInterfaceAddresses()`` API (or ``virsh domifaddr``) returns an array interfaces among with their addresses. But some interface names might be unknown, for instance if the API is told to parse host's ARP table then PCI assigned NICs or slirp/passt lack interface name. If that's the case, let the API return domain's ```` alias. * bhyve: hyperv: Various memory leak fixes * qemu: Fix failures when restoring save/managed-save images with upcoming qemu versions Current git version of qemu would return an error when attempting to load an existing (managed) save image as we relied on deprecated features that were now removed. 12.0.0 New features * bhyve: SLIRP networking support Domain XMLs now can use SLIRP user-mode networking:: * bhyve: virtio-scsi support Domain XMLs now can use ``virtio-scsi`` devices:: * bhyve: initial ARM64 support The bhyve driver now supports booting ARM64 domains on ARM64 hosts. This support is still in early stage of development and has some limitations. For example, it requires using ```` in domain XMLs, and bootrom autofill is not implemented. Improvements * qemu: Improvements and fixes to firmware selection Firmware selection now works more reliably and predictably in many scenarios. Notably, issues that were preventing the use of firmware designed for confidential VMs on aarch64 have been addressed. * network: Introduce port for DNS forwarder In the ```` section of network configuration users can set up forwarding of DNS requests to custom DNS servers. These are specified using ``addr`` attribute. But configuring port wasn't possible, until now. New ``port`` attribute is introduced, which allows overriding the default DNS port for given address. Bug fixes * qemu: Fix startup of VMs with more than ~25 external snapshots After switch to json-c VMs with too deeply nested image chains would fail to start due to nesting depth limit in json-c, which is now increased to once again support backing chains up to 200 images deep. * qemu: TPM: Properly handle migration when storage resides on NFS The VM now can be properly migrated in scenarios where TPM data is stored on a shared filesystem on the destination but on the source it's either on a different NFS or unshared completely. * qemu: Treat memory device source nodemask as strict NUMA policy Until now, the NUMA policy for ```` devices was taken either from the guest NUMA node or ````. But this may lead to discrepancies, where the memory device is configured to bind to a set of host NUMA nodes, but the guest NUMA node is to bind to a disjoint set of host NUMA nodes. To resolve this, specifying ```` for a memory device implies ``strict`` policy. * qemu: Relax validation of some hyperv features Since 11.9.0 release, libvirt performs dependency checks for hyperv features, for instance ``stimer`` requires ``synic``. But as it turned out, for some ancient machine types (e.g. 'pc-i440fx-3.0' or 'pc-q35-3.0') some dependencies are not true. Corresponding checks were removed. * esx: URI encode inventory objects twice Formatting domain XML for domains on an ESX server might fail if corresponding datacenter or datastore contained special characters (e.g. '+'). This is now fixed. * Fix race when checking whether a path is on a shared file system Finding an existing parent of a given path and checking whether it's on a shared file system was not atomic and thus the path could have been misinterpreted as non-shared if it was removed between these two operations. This could cause migration with an emulated TPM device stored on a shared file system to fail with the following bogus error:: Operation not supported: the running swtpm does not support migration with shared storage 11.10.0 Security * CVE-2025-12748: Denial of service by some ACL-limited accounts Parsing of user provided XMLs in APIs which needed the identification information from those XML definitions was done in full before ACL checks were performed. Some valid, but useless, definitions could cause allocation of too much memory, leading to denial of service. APIs which do equate to full root access (such as ``domain:write``), and were parsing XML definitions in full before performing ACL checks could, potentially, be exploited in a way that would allow users (which were about to be denied the API call) to cause aforementioned overallocation even before the ACL checks were performed. A change was made so that parsing before ACL checks are done only for the identification parts of the XML definition (which is needed to perform the checks) and full parsing is done only after checking all ACLs. * CVE-2025-13193: Incorrect permissions on images after external snapshot of an inactive VM The overlay ``qcow2`` images which are created as part of creation of an external snapshot of an inactive VM had world-readable (644) permissions which would allow unauthorized users to see contents of blocks written by the VM after snapshot was taken. Libvirt now sets proper umask so that the images are created with 600 mode. New features * Hyper-V virttype support for Qemu domains Libvirt now supports Hyper-V virttype while lauching QEMU domains. This feature requires Qemu version 10.2.0 or later and is available on Linux hosts where the /dev/mshv is present. * Add more statistics for block devices on QEMU domains The block devices now report optimal access request sizes as well as statistics such as the queue depth. Improvements * bhyve: VNC ``wait`` attribute support Bhyve guests can now be configured to wait for a VNC connection before booting. * remote: multiple certificate support The remote daemon and client can be configured to load multiple x509 certificate identities. This facilitates a transition to certificates supporting Post-Quantum Crytographic algorithms. * tools: improved virt-host-validate output The virt-host-validate tool will now report extra details when certain checks pass. * qemu: Allow backup jobs to continue if guest OS shuts down When starting a backup job users can now use a flag which prevents the VM to be completely cleaned up if the guest OS shuts down while the backup is running so that the backup can be finalized. Bug fixes * ch: Use correct domain definition in chDomainGetXMLDesc() Cloud-Hypervisor driver claims to support ``VIR_DOMAIN_XML_INACTIVE`` but in fact it never formatted the inactive XML. This is now fixed. * esx: Allow disk images in subdirectories If a domain has a disk image that's not in a datastore path but in a subdirectory, the ESX driver would have failed to parse that and an error was reported when obtaining domain XML. This is now fixed. * qemu: Fix incoming migration to QEMU 10.0.0 and newer Due to a change in the way QEMU 10.0.0 reports the state of "ht" CPU feature, incoming migration of a domain with multiple CPU threads would fail with "guest CPU doesn't match specification: extra features: ht" error. * qemu: fix incorrect reporting of the TDX launch security type The TDX launch security type was incorrectly reported on all platforms if the QEMU binary had it built-in. It is now limited to only platforms with the TDX kernel feature available for use. * qemu: set ``detect_zeroes`` for all backing chain layers Some block jobs (snapshots, block commit) could modify the backing chain in a way where ``detect_zeroes`` would no longer be honoured. We now set it for all images in the backing chain, so that it will behave correctly even after those operations. 11.9.0 New features * Introduce Hyper-V ``host-model`` mode Similarly to CPUs, ``host-model`` mode expands available Hyper-V enlightenments at domain startup into the live XML so that's obvious which enlightenments are enabled. * Add support for Hyper-V ``spinlocks`` "never notify" mechanism The ``retries`` attribute - which defines after how many failed acquisition attempts to notify the hypervisor - can now hold the special value of 4294967295 which means to never notify the hypervisor. If the ``retries`` attribute is omitted this value is used. * ch: Network hotplug Support Users can now attach and detach network interfaces of Cloud Hypervisor domains at runtime. * bhyve: NVMe device support Domain XMLs now can use NVMe devices:: Improvements * qemu: Improvements to USB controller model selection Virtualization-friendly USB3 controllers are now used in more situations, Intel-specific USB controllers are relegated to x86 guests, and model selection overall behaves more consistently across architectures. * qemu: Validate Hyper-V enlightenment dependencies Some Hyper-V enlightenments may require some other enlightenments to be turned on. Libvirt now validates these for new domains. * qemu: Introduce virtio options for virtio memory models Both virtio-mem and virtio-pmem memory models are virtio devices and as such now support setting various virtio knobs (iommu, ats, packed, page_per_vq) common to other virtio devices. * wireshark: Adapt to wireshark-4.6.0 Libvirt's wireshark dissector plugin adapted to changes made to wireshark dissector API in its 4.6.0 release. * qemu: 'manual' disk snapshot mode improvements The 'manual' snapshot mode now ensures that also metadata of the images is written out to disk so that user can take snapshots of e.g. qcow2 image safely. Bug fixes * ch: Load ``ch.conf`` from ``SYSCONFDIR`` Previously, the ``ch.conf`` file for ``ch:///system`` URI was mistakenly loaded from a path under ``LOCALSTATEDIR`` (``/var/...``). This is now fixed and the configuration file is loaded from the ``SYSCONFDIR`` (``/etc/...``) location where it's also installed. 11.8.0 New features * ch: Disk hotplug Support Users can now attach and detach disks of Cloud Hypervisor domains at runtime. * qemu: Add support for NUMA affinity of PCI devices To support NVIDIA Multi-Instance GPU (MIG) configurations, libvirt now handles QEMU's acpi-generic-initiator device internally. MIG enables partitioning a physical GPU into multiple isolated instances, each associated with one or more virtual NUMA nodes. On the XML side, the existing ```` element has been extended with a ``nodeset`` attribute to specify the NUMA node affinity of a PCI device. * qemu: Add support for hostname and FQDN configration of passt backend The attributes ``hostname`` and ``fqdn`` for passt backend configure the guest interface with hostname and FQDN. Improvements * ch: Events emitting The CH driver not only emits more domain lifecycle events but also implements ``virConnectDomainEventRegister()`` and ``virConnectDomainEventDeregister()`` APIs for management applications to listen on those events. Bug fixes * qemu: Fix selection of stateless/combined firmware A stateless firmware will now be correctly chosen when appropriate, e.g. for domains configured to use SEV-SNP. * ch: Make sure the cloud-hypervisor process is killed in ``virCHProcessStop()`` Due to wrong assumptions in the CH driver, calling ``virDomainDestroy()`` did not kill the corresponding cloud-hypervisor process. Domains can be now destroyed reliably. Signed-off-by: Adolf Belka --- config/rootfiles/packages/libvirt | 34 ++++++++++++++++++++++++++----- lfs/libvirt | 8 ++++---- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index 9e80e8e75..18bbbb4cc 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -32,6 +32,7 @@ etc/libvirt/qemu etc/libvirt/qemu-lockd.conf etc/libvirt/qemu.conf etc/libvirt/qemu/autostart +etc/libvirt/secret.conf etc/libvirt/secrets etc/libvirt/storage etc/libvirt/storage/autostart @@ -88,16 +89,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.11007.0 +usr/lib/libvirt-admin.so.0.12003.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.11007.0 +usr/lib/libvirt-lxc.so.0.12003.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.11007.0 +usr/lib/libvirt-qemu.so.0.12003.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.11007.0 +usr/lib/libvirt.so.0.12003.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -119,7 +120,8 @@ usr/lib/libvirt/storage-backend/libvirt_storage_backend_vstorage.so #usr/lib/pkgconfig/libvirt.pc #usr/lib/sysctl.d usr/lib/sysctl.d/60-libvirtd.conf -usr/lib/sysctl.d/60-qemu-postcopy-migration.conf +#usr/lib/systemd/system/libvirtd.service.d +#usr/lib/systemd/system/libvirtd.service.d/10-secret.conf #usr/lib/sysusers.d usr/lib/sysusers.d/libvirt-login-shell.conf usr/lib/sysusers.d/libvirt-qemu.conf @@ -141,11 +143,13 @@ usr/sbin/virtstoraged #usr/share/augeas #usr/share/augeas/lenses #usr/share/augeas/lenses/libvirt_lockd.aug +#usr/share/augeas/lenses/libvirt_secrets.aug #usr/share/augeas/lenses/libvirtd.aug #usr/share/augeas/lenses/libvirtd_ch.aug #usr/share/augeas/lenses/libvirtd_qemu.aug #usr/share/augeas/lenses/tests #usr/share/augeas/lenses/tests/test_libvirt_lockd.aug +#usr/share/augeas/lenses/tests/test_libvirt_secrets.aug #usr/share/augeas/lenses/tests/test_libvirtd.aug #usr/share/augeas/lenses/tests/test_libvirtd_ch.aug #usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug @@ -267,6 +271,8 @@ usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v3.xml usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v4.xml usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v5.xml usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml +usr/share/libvirt/cpu_map/x86_ClearwaterForest-v1.xml +usr/share/libvirt/cpu_map/x86_ClearwaterForest.xml usr/share/libvirt/cpu_map/x86_Conroe-v1.xml usr/share/libvirt/cpu_map/x86_Conroe.xml usr/share/libvirt/cpu_map/x86_Cooperlake-v1.xml @@ -280,23 +286,30 @@ usr/share/libvirt/cpu_map/x86_Dhyana-v1.xml usr/share/libvirt/cpu_map/x86_Dhyana-v2.xml usr/share/libvirt/cpu_map/x86_Dhyana.xml usr/share/libvirt/cpu_map/x86_EPYC-Genoa-v1.xml +usr/share/libvirt/cpu_map/x86_EPYC-Genoa-v2.xml usr/share/libvirt/cpu_map/x86_EPYC-Genoa.xml usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan-v1.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan-v2.xml +usr/share/libvirt/cpu_map/x86_EPYC-Milan-v3.xml usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome-v1.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome-v2.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome-v3.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome-v4.xml +usr/share/libvirt/cpu_map/x86_EPYC-Rome-v5.xml usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml +usr/share/libvirt/cpu_map/x86_EPYC-Turin-v1.xml +usr/share/libvirt/cpu_map/x86_EPYC-Turin.xml usr/share/libvirt/cpu_map/x86_EPYC-v1.xml usr/share/libvirt/cpu_map/x86_EPYC-v2.xml usr/share/libvirt/cpu_map/x86_EPYC-v3.xml usr/share/libvirt/cpu_map/x86_EPYC-v4.xml +usr/share/libvirt/cpu_map/x86_EPYC-v5.xml usr/share/libvirt/cpu_map/x86_EPYC.xml usr/share/libvirt/cpu_map/x86_GraniteRapids-v1.xml usr/share/libvirt/cpu_map/x86_GraniteRapids-v2.xml +usr/share/libvirt/cpu_map/x86_GraniteRapids-v3.xml usr/share/libvirt/cpu_map/x86_GraniteRapids.xml usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml @@ -346,8 +359,11 @@ usr/share/libvirt/cpu_map/x86_SandyBridge.xml usr/share/libvirt/cpu_map/x86_SapphireRapids-v1.xml usr/share/libvirt/cpu_map/x86_SapphireRapids-v2.xml usr/share/libvirt/cpu_map/x86_SapphireRapids-v3.xml +usr/share/libvirt/cpu_map/x86_SapphireRapids-v4.xml usr/share/libvirt/cpu_map/x86_SapphireRapids.xml usr/share/libvirt/cpu_map/x86_SierraForest-v1.xml +usr/share/libvirt/cpu_map/x86_SierraForest-v2.xml +usr/share/libvirt/cpu_map/x86_SierraForest-v3.xml usr/share/libvirt/cpu_map/x86_SierraForest.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml @@ -373,6 +389,10 @@ usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml usr/share/libvirt/cpu_map/x86_Westmere-v1.xml usr/share/libvirt/cpu_map/x86_Westmere-v2.xml usr/share/libvirt/cpu_map/x86_Westmere.xml +usr/share/libvirt/cpu_map/x86_YongFeng-v1.xml +usr/share/libvirt/cpu_map/x86_YongFeng-v2.xml +usr/share/libvirt/cpu_map/x86_YongFeng-v3.xml +usr/share/libvirt/cpu_map/x86_YongFeng.xml usr/share/libvirt/cpu_map/x86_athlon-v1.xml usr/share/libvirt/cpu_map/x86_athlon.xml usr/share/libvirt/cpu_map/x86_core2duo-v1.xml @@ -432,6 +452,7 @@ usr/share/libvirt/schemas/storagevol.rng usr/share/libvirt/schemas/sysinfo.rng usr/share/libvirt/schemas/sysinfocommon.rng #usr/share/libvirt/test-screenshot.png +#usr/share/locale/ar/LC_MESSAGES/libvirt.mo #usr/share/locale/as/LC_MESSAGES/libvirt.mo #usr/share/locale/bg/LC_MESSAGES/libvirt.mo #usr/share/locale/bn_IN/LC_MESSAGES/libvirt.mo @@ -478,6 +499,7 @@ usr/share/libvirt/schemas/sysinfocommon.rng #usr/share/locale/uk/LC_MESSAGES/libvirt.mo #usr/share/locale/vi/LC_MESSAGES/libvirt.mo #usr/share/locale/zh_CN/LC_MESSAGES/libvirt.mo +#usr/share/locale/zh_Hant/LC_MESSAGES/libvirt.mo #usr/share/locale/zh_TW/LC_MESSAGES/libvirt.mo #var/cache/libvirt #var/cache/libvirt/qemu @@ -498,6 +520,8 @@ var/ipfire/backup/addons/includes/libvirt #var/lib/libvirt/qemu/ram #var/lib/libvirt/qemu/save #var/lib/libvirt/qemu/snapshot +#var/lib/libvirt/qemu/varstore +#var/lib/libvirt/secrets #var/lib/libvirt/swtpm #var/log/libvirt #var/log/libvirt/ch diff --git a/lfs/libvirt b/lfs/libvirt index 7e6fac180..7a879924d 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Server side daemon and supporting files for libvirt -VER = 11.7.0 +VER = 12.3.0 THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 46 +PAK_VER = 47 DEPS = ebtables libpciaccess ovmf swtpm qemu @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 44b4c2a2c498d351762cf2bcbd26460dbe663e08e3f2a1b6e73fefbcb4bbc4e77f4b0d47ad771ec7b3854a9b2ebdbf08162590d20bd080f276a8042148ca5f07 +$(DL_FILE)_BLAKE2 = a6b2cd5de3f9cd81b8dadc8193c6bd12a018d8c4a6b175168a81988224a66f8e3ab28a2dccc441f8867b896271f6c3fa640cd456af07c64784b4adda5cea8e35 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects))