diff --git a/SPECS/kubevirt/CVE-2025-47911.patch b/SPECS/kubevirt/CVE-2025-47911.patch deleted file mode 100644 index c183f83d6ad..00000000000 --- a/SPECS/kubevirt/CVE-2025-47911.patch +++ /dev/null @@ -1,100 +0,0 @@ -From da7d1004ee1c72b49a2357a1f18084b44ea49dca Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Mon, 29 Sep 2025 16:33:18 -0700 -Subject: [PATCH] html: impose open element stack size limit - -The HTML specification contains a number of algorithms which are -quadratic in complexity by design. Instead of adding complicated -workarounds to prevent these cases from becoming extremely expensive in -pathological cases, we impose a limit of 512 to the size of the stack of -open elements. It is extremely unlikely that non-adversarial HTML -documents will ever hit this limit (but if we see cases of this, we may -want to make the limit configurable via a ParseOption). - -Thanks to Guido Vranken and Jakub Ciolek for both independently -reporting this issue. - -Fixes CVE-2025-47911 -Fixes golang/go#75682 - -Change-Id: I890517b189af4ffbf427d25d3fde7ad7ec3509ad -Reviewed-on: https://go-review.googlesource.com/c/net/+/709876 -Reviewed-by: Damien Neil -LUCI-TryBot-Result: Go LUCI -Signed-off-by: Azure Linux Security Servicing Account -Upstream-reference: https://github.com/golang/net/commit/59706cdaa8f95502fdec64b67b4c61d6ca58727d.patch ---- - vendor/golang.org/x/net/html/escape.go | 2 +- - vendor/golang.org/x/net/html/parse.go | 21 +++++++++++++++++---- - 2 files changed, 18 insertions(+), 5 deletions(-) - -diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go -index 04c6bec..12f2273 100644 ---- a/vendor/golang.org/x/net/html/escape.go -+++ b/vendor/golang.org/x/net/html/escape.go -@@ -299,7 +299,7 @@ func escape(w writer, s string) error { - case '\r': - esc = " " - default: -- panic("unrecognized escape character") -+ panic("html: unrecognized escape character") - } - s = s[i+1:] - if _, err := w.WriteString(esc); err != nil { -diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go -index 722e927..88fc005 100644 ---- a/vendor/golang.org/x/net/html/parse.go -+++ b/vendor/golang.org/x/net/html/parse.go -@@ -231,7 +231,14 @@ func (p *parser) addChild(n *Node) { - } - - if n.Type == ElementNode { -- p.oe = append(p.oe, n) -+ p.insertOpenElement(n) -+ } -+} -+ -+func (p *parser) insertOpenElement(n *Node) { -+ p.oe = append(p.oe, n) -+ if len(p.oe) > 512 { -+ panic("html: open stack of elements exceeds 512 nodes") - } - } - -@@ -810,7 +817,7 @@ func afterHeadIM(p *parser) bool { - p.im = inFramesetIM - return true - case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta, a.Noframes, a.Script, a.Style, a.Template, a.Title: -- p.oe = append(p.oe, p.head) -+ p.insertOpenElement(p.head) - defer p.oe.remove(p.head) - return inHeadIM(p) - case a.Head: -@@ -2324,9 +2331,13 @@ func (p *parser) parseCurrentToken() { - } - } - --func (p *parser) parse() error { -+func (p *parser) parse() (err error) { -+ defer func() { -+ if panicErr := recover(); panicErr != nil { -+ err = fmt.Errorf("%s", panicErr) -+ } -+ }() - // Iterate until EOF. Any other error will cause an early return. -- var err error - for err != io.EOF { - // CDATA sections are allowed only in foreign content. - n := p.oe.top() -@@ -2355,6 +2366,8 @@ func (p *parser) parse() error { - // s. Conversely, explicit s in r's data can be silently dropped, - // with no corresponding node in the resulting tree. - // -+// Parse will reject HTML that is nested deeper than 512 elements. -+// - // The input is assumed to be UTF-8 encoded. - func Parse(r io.Reader) (*Node, error) { - return ParseWithOptions(r) --- -2.45.4 - diff --git a/SPECS/kubevirt/CVE-2025-58190.patch b/SPECS/kubevirt/CVE-2025-58190.patch deleted file mode 100644 index c19f9387af6..00000000000 --- a/SPECS/kubevirt/CVE-2025-58190.patch +++ /dev/null @@ -1,126 +0,0 @@ -From a2df2eb5b7e8f15a018422ffc6aa7a8779417d6c Mon Sep 17 00:00:00 2001 -From: Roland Shoemaker -Date: Mon, 29 Sep 2025 19:38:24 -0700 -Subject: [PATCH] html: align in row insertion mode with spec - -Update inRowIM to match the HTML specification. This fixes an issue -where a specific HTML document could cause the parser to enter an -infinite loop when trying to parse a and implied next to -each other. - -Fixes CVE-2025-58190 -Fixes golang/go#70179 - -Change-Id: Idcb133c87c7d475cc8c7eb1f1550ea21d8bdddea -Reviewed-on: https://go-review.googlesource.com/c/net/+/709875 -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Damien Neil -Signed-off-by: Azure Linux Security Servicing Account -Upstream-reference: https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009.patch ---- - vendor/golang.org/x/net/html/parse.go | 36 ++++++++++++++++++--------- - 1 file changed, 24 insertions(+), 12 deletions(-) - -diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go -index 518ee4c..722e927 100644 ---- a/vendor/golang.org/x/net/html/parse.go -+++ b/vendor/golang.org/x/net/html/parse.go -@@ -136,7 +136,7 @@ func (p *parser) indexOfElementInScope(s scope, matchTags ...a.Atom) int { - return -1 - } - default: -- panic("unreachable") -+ panic(fmt.Sprintf("html: internal error: indexOfElementInScope unknown scope: %d", s)) - } - } - switch s { -@@ -179,7 +179,7 @@ func (p *parser) clearStackToContext(s scope) { - return - } - default: -- panic("unreachable") -+ panic(fmt.Sprintf("html: internal error: clearStackToContext unknown scope: %d", s)) - } - } - } -@@ -1678,7 +1678,7 @@ func inTableBodyIM(p *parser) bool { - return inTableIM(p) - } - --// Section 12.2.6.4.14. -+// Section 13.2.6.4.14. - func inRowIM(p *parser) bool { - switch p.tok.Type { - case StartTagToken: -@@ -1690,7 +1690,9 @@ func inRowIM(p *parser) bool { - p.im = inCellIM - return true - case a.Caption, a.Col, a.Colgroup, a.Tbody, a.Tfoot, a.Thead, a.Tr: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return false - } -@@ -1700,22 +1702,28 @@ func inRowIM(p *parser) bool { - case EndTagToken: - switch p.tok.DataAtom { - case a.Tr: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return true - } - // Ignore the token. - return true - case a.Table: -- if p.popUntil(tableScope, a.Tr) { -+ if p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() - p.im = inTableBodyIM - return false - } - // Ignore the token. - return true - case a.Tbody, a.Tfoot, a.Thead: -- if p.elementInScope(tableScope, p.tok.DataAtom) { -- p.parseImpliedToken(EndTagToken, a.Tr, a.Tr.String()) -+ if p.elementInScope(tableScope, p.tok.DataAtom) && p.elementInScope(tableScope, a.Tr) { -+ p.clearStackToContext(tableRowScope) -+ p.oe.pop() -+ p.im = inTableBodyIM - return false - } - // Ignore the token. -@@ -2222,16 +2230,20 @@ func parseForeignContent(p *parser) bool { - p.acknowledgeSelfClosingTag() - } - case EndTagToken: -+ if strings.EqualFold(p.oe[len(p.oe)-1].Data, p.tok.Data) { -+ p.oe = p.oe[:len(p.oe)-1] -+ return true -+ } - for i := len(p.oe) - 1; i >= 0; i-- { -- if p.oe[i].Namespace == "" { -- return p.im(p) -- } - if strings.EqualFold(p.oe[i].Data, p.tok.Data) { - p.oe = p.oe[:i] -+ return true -+ } -+ if i > 0 && p.oe[i-1].Namespace == "" { - break - } - } -- return true -+ return p.im(p) - default: - // Ignore the token. - } --- -2.45.4 - diff --git a/SPECS/kubevirt/kubevirt.signatures.json b/SPECS/kubevirt/kubevirt.signatures.json index a16cd9cc4b3..56c8d12b9d6 100644 --- a/SPECS/kubevirt/kubevirt.signatures.json +++ b/SPECS/kubevirt/kubevirt.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kubevirt-1.7.0.tar.gz": "71bc21163ada3e39c55c19f88c057ad0194e97043441d471f2bfd51782550a2f" + "kubevirt-1.7.1.tar.gz": "2a613fe591ddd1a0f70fa459065c17180ec7f67cf0906ec13f352b51b3cd2c2d" } } diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec index a4b617f0486..9bb1790687d 100644 --- a/SPECS/kubevirt/kubevirt.spec +++ b/SPECS/kubevirt/kubevirt.spec @@ -19,8 +19,8 @@ Summary: Container native virtualization Name: kubevirt -Version: 1.7.0 -Release: 3%{?dist} +Version: 1.7.1 +Release: 1%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -28,8 +28,6 @@ Group: System/Management URL: https://github.com/kubevirt/kubevirt Source0: https://github.com/kubevirt/kubevirt/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2025-11065.patch -Patch1: CVE-2025-47911.patch -Patch2: CVE-2025-58190.patch %global debug_package %{nil} BuildRequires: swtpm-tools @@ -267,6 +265,11 @@ install -p -m 0644 cmd/virt-launcher/qemu.conf %{buildroot}%{_datadir}/kube-virt %{_bindir}/virt-tests %changelog +* Wed Feb 25 2026 Harshit Gupta - 1.7.1-1 +- Upgrade KubeVirt to v1.7.1 +- Remove CVE-2025-47911.patch and CVE-2025-58190.patch since + vulnerable versions of golang.org/x/net/html no longer used in 1.7.1 + * Fri Feb 20 2026 Azure Linux Security Servicing Account - 1.7.0-3 - Patch for CVE-2025-58190, CVE-2025-47911 diff --git a/SPECS/libvirt/libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch b/SPECS/libvirt/libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch new file mode 100644 index 00000000000..1060783e1f9 --- /dev/null +++ b/SPECS/libvirt/libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch @@ -0,0 +1,135 @@ +From b6e803fc90bb9d49345adca4f38856ce97fde9f8 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Jiri Denemark +Date: Wed, 9 Apr 2025 15:35:20 +0200 +Subject: [PATCH] qemu: Properly propagate migration state to TPM cleanup code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When migrating a domain with TPM state on a shared disk, we need to skip +TPM cleanup on both ends. So far the code only handled successful +migration and skipped the cleanup on the source host. But if the +migration failed for some reason, the cleanup would be incorrectly +called on the destination host removing the TPM files even though the +domain was still running on the source host. + +https://issues.redhat.com/browse/RHEL-82411 + +Signed-off-by: Jiri Denemark +Reviewed-by: Ján Tomko +(cherry picked from commit 97ed7f22b089c5fdd9ee02cffc6854f6e021ab2b) + +https://issues.redhat.com/browse/RHEL-86800 +Signed-off-by: Jiri Denemark +--- + src/qemu/qemu_driver.c | 7 +++++-- + src/qemu/qemu_migration.c | 6 +++--- + src/qemu/qemu_process.c | 8 ++------ + 3 files changed, 10 insertions(+), 11 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index f8f3d2c725..4c6eff9286 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -3853,6 +3853,7 @@ processMonitorEOFEvent(virQEMUDriver *driver, + const char *auditReason = "shutdown"; + unsigned int stopFlags = 0; + virObjectEvent *event = NULL; ++ bool migration; + + if (vm->def->id != domid) { + VIR_DEBUG("Domain %s was restarted, ignoring EOF", +@@ -3863,6 +3864,8 @@ processMonitorEOFEvent(virQEMUDriver *driver, + if (qemuProcessBeginStopJob(vm, VIR_JOB_DESTROY, true) < 0) + return; + ++ migration = vm->job->asyncJob == VIR_ASYNC_JOB_MIGRATION_IN; ++ + if (!virDomainObjIsActive(vm)) { + VIR_DEBUG("Domain %p '%s' is not active, ignoring EOF", + vm, vm->def->name); +@@ -3877,7 +3880,7 @@ processMonitorEOFEvent(virQEMUDriver *driver, + auditReason = "failed"; + } + +- if (vm->job->asyncJob == VIR_ASYNC_JOB_MIGRATION_IN) { ++ if (migration) { + stopFlags |= VIR_QEMU_PROCESS_STOP_MIGRATED; + qemuMigrationDstErrorSave(driver, vm->def->name, + qemuMonitorLastError(priv->mon)); +@@ -3890,7 +3893,7 @@ processMonitorEOFEvent(virQEMUDriver *driver, + virObjectEventStateQueue(driver->domainEventState, event); + + endjob: +- qemuDomainRemoveInactive(driver, vm, 0, false); ++ qemuDomainRemoveInactive(driver, vm, 0, migration); + qemuProcessEndStopJob(vm); + } + +diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c +index 62da892254..5cb7642315 100644 +--- a/src/qemu/qemu_migration.c ++++ b/src/qemu/qemu_migration.c +@@ -3592,7 +3592,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver, + * and there is no 'goto cleanup;' in the middle of those */ + VIR_FREE(priv->origname); + virDomainObjRemoveTransientDef(vm); +- qemuDomainRemoveInactive(driver, vm, 0, false); ++ qemuDomainRemoveInactive(driver, vm, 0, true); + } + virDomainObjEndAPI(&vm); + virErrorRestore(&origErr); +@@ -6963,7 +6963,7 @@ qemuMigrationDstFinishActive(virQEMUDriver *driver, + } + + if (!qemuDomainObjIsActive(vm)) +- qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, false); ++ qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, true); + + virErrorRestore(&orig_err); + return NULL; +@@ -7099,7 +7099,7 @@ qemuMigrationProcessUnattended(virQEMUDriver *driver, + qemuMigrationJobFinish(vm); + + if (!virDomainObjIsActive(vm)) +- qemuDomainRemoveInactive(driver, vm, 0, false); ++ qemuDomainRemoveInactive(driver, vm, 0, true); + } + + +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index fac5678439..ad7e99750f 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -8731,7 +8731,6 @@ void qemuProcessStop(virQEMUDriver *driver, + size_t i; + g_autofree char *timestamp = NULL; + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); +- bool outgoingMigration; + + VIR_DEBUG("Shutting down vm=%p name=%s id=%d pid=%lld, " + "reason=%s, asyncJob=%s, flags=0x%x", +@@ -8807,10 +8806,7 @@ void qemuProcessStop(virQEMUDriver *driver, + + qemuDomainCleanupRun(driver, vm); + +- outgoingMigration = (flags & VIR_QEMU_PROCESS_STOP_MIGRATED) && +- (asyncJob == VIR_ASYNC_JOB_MIGRATION_OUT); +- +- qemuExtDevicesStop(driver, vm, outgoingMigration); ++ qemuExtDevicesStop(driver, vm, !!(flags & VIR_QEMU_PROCESS_STOP_MIGRATED)); + + qemuDBusStop(driver, vm); + +@@ -9070,7 +9066,7 @@ qemuProcessAutoDestroy(virDomainObj *dom, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_DESTROYED); + +- qemuDomainRemoveInactive(driver, dom, 0, false); ++ qemuDomainRemoveInactive(driver, dom, 0, !!(stopFlags & VIR_QEMU_PROCESS_STOP_MIGRATED)); + + qemuProcessEndStopJob(dom); + +-- +2.49.0 diff --git a/SPECS/libvirt/libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch b/SPECS/libvirt/libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch new file mode 100644 index 00000000000..ed7eb10fc14 --- /dev/null +++ b/SPECS/libvirt/libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch @@ -0,0 +1,230 @@ +From c28859cbaeac298adbe957956cf8442c9a6b7264 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Jiri Denemark +Date: Tue, 11 Mar 2025 10:05:28 +0100 +Subject: [PATCH] qemu: Rename outgoingMigration parameter in various TPM + functions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The parameter is used to skip TPM state cleanup on outgoing migration +with shared storage. But we also need to skip the cleanup after a failed +incoming migration. Let's call the parameter "migration" to reflect its +usage on both sides of migration. + +Signed-off-by: Jiri Denemark +Reviewed-by: Ján Tomko +(cherry picked from commit a5e4ca6f02dc8250f84163a0d19b69300affde43) + +https://issues.redhat.com/browse/RHEL-86800 +Signed-off-by: Jiri Denemark +--- + src/qemu/qemu_domain.c | 8 ++++---- + src/qemu/qemu_domain.h | 2 +- + src/qemu/qemu_extdevice.c | 8 ++++---- + src/qemu/qemu_extdevice.h | 4 ++-- + src/qemu/qemu_tpm.c | 19 +++++++++---------- + src/qemu/qemu_tpm.h | 4 ++-- + 6 files changed, 22 insertions(+), 23 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 1ccaff90d9..89e1b50366 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -5749,7 +5749,7 @@ static void + qemuDomainRemoveInactiveCommon(virQEMUDriver *driver, + virDomainObj *vm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + { + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + g_autofree char *snapDir = NULL; +@@ -5775,7 +5775,7 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *driver, + if (rmdir(chkDir) < 0 && errno != ENOENT) + VIR_WARN("unable to remove checkpoint directory %s", chkDir); + } +- qemuExtDevicesCleanupHost(driver, vm->def, flags, outgoingMigration); ++ qemuExtDevicesCleanupHost(driver, vm->def, flags, migration); + } + + +@@ -5788,14 +5788,14 @@ void + qemuDomainRemoveInactive(virQEMUDriver *driver, + virDomainObj *vm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + { + if (vm->persistent) { + /* Short-circuit, we don't want to remove a persistent domain */ + return; + } + +- qemuDomainRemoveInactiveCommon(driver, vm, flags, outgoingMigration); ++ qemuDomainRemoveInactiveCommon(driver, vm, flags, migration); + + virDomainObjListRemove(driver->domains, vm); + } +diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h +index e810f79599..6246988491 100644 +--- a/src/qemu/qemu_domain.h ++++ b/src/qemu/qemu_domain.h +@@ -689,7 +689,7 @@ int qemuDomainMomentDiscardAll(void *payload, + void qemuDomainRemoveInactive(virQEMUDriver *driver, + virDomainObj *vm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration); ++ bool migration); + + void + qemuDomainRemoveInactiveLocked(virQEMUDriver *driver, +diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c +index 2384bab7a6..7451e0fa03 100644 +--- a/src/qemu/qemu_extdevice.c ++++ b/src/qemu/qemu_extdevice.c +@@ -154,7 +154,7 @@ void + qemuExtDevicesCleanupHost(virQEMUDriver *driver, + virDomainDef *def, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + { + size_t i; + +@@ -165,7 +165,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm = def->tpms[i]; + + if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) +- qemuExtTPMCleanupHost(driver, tpm, flags, outgoingMigration); ++ qemuExtTPMCleanupHost(driver, tpm, flags, migration); + } + } + +@@ -266,7 +266,7 @@ qemuExtDevicesStart(virQEMUDriver *driver, + void + qemuExtDevicesStop(virQEMUDriver *driver, + virDomainObj *vm, +- bool outgoingMigration) ++ bool migration) + { + virDomainDef *def = vm->def; + size_t i; +@@ -283,7 +283,7 @@ qemuExtDevicesStop(virQEMUDriver *driver, + + for (i = 0; i < def->ntpms; i++) { + if (def->tpms[i]->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) +- qemuExtTPMStop(driver, vm, outgoingMigration); ++ qemuExtTPMStop(driver, vm, migration); + } + + for (i = 0; i < def->nnets; i++) { +diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h +index d4ac9f395c..36f7fb77a8 100644 +--- a/src/qemu/qemu_extdevice.h ++++ b/src/qemu/qemu_extdevice.h +@@ -48,7 +48,7 @@ int qemuExtDevicesPrepareHost(virQEMUDriver *driver, + void qemuExtDevicesCleanupHost(virQEMUDriver *driver, + virDomainDef *def, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); + + int qemuExtDevicesStart(virQEMUDriver *driver, +@@ -59,7 +59,7 @@ int qemuExtDevicesStart(virQEMUDriver *driver, + + void qemuExtDevicesStop(virQEMUDriver *driver, + virDomainObj *vm, +- bool outgoingMigration) ++ bool migration) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); + + bool qemuExtDevicesHasDevice(virDomainDef *def); +diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c +index f5e0184e54..f910a26286 100644 +--- a/src/qemu/qemu_tpm.c ++++ b/src/qemu/qemu_tpm.c +@@ -907,7 +907,8 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, + * @driver: QEMU driver + * @tpm: TPM definition + * @flags: flags indicating whether to keep or remove TPM persistent state +- * @outgoingMigration: whether cleanup is due to an outgoing migration ++ * @migration: whether cleanup is due to a successful outgoing or failed ++ * incoming migration + * + * Clean up persistent storage for the swtpm. + */ +@@ -915,14 +916,12 @@ static void + qemuTPMEmulatorCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + { + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + +- /* Never remove the state in case of outgoing migration with shared +- * storage. +- */ +- if (outgoingMigration && ++ /* Never remove the state in case of migration with shared storage. */ ++ if (migration && + virFileIsSharedFS(tpm->data.emulator.source_path, cfg->sharedFilesystems) == 1) + return; + +@@ -1293,9 +1292,9 @@ void + qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + { +- qemuTPMEmulatorCleanupHost(driver, tpm, flags, outgoingMigration); ++ qemuTPMEmulatorCleanupHost(driver, tpm, flags, migration); + } + + +@@ -1319,7 +1318,7 @@ qemuExtTPMStart(virQEMUDriver *driver, + void + qemuExtTPMStop(virQEMUDriver *driver, + virDomainObj *vm, +- bool outgoingMigration) ++ bool migration) + { + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + g_autofree char *shortName = virDomainDefGetShortName(vm->def); +@@ -1329,7 +1328,7 @@ qemuExtTPMStop(virQEMUDriver *driver, + return; + + qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); +- if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def)) ++ if (migration && qemuTPMHasSharedStorage(driver, vm->def)) + restoreTPMStateLabel = false; + + if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel, false) < 0) +diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h +index 7096060a2a..37813087cf 100644 +--- a/src/qemu/qemu_tpm.h ++++ b/src/qemu/qemu_tpm.h +@@ -38,7 +38,7 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver, + void qemuExtTPMCleanupHost(virQEMUDriver *driver, + virDomainTPMDef *tpm, + virDomainUndefineFlagsValues flags, +- bool outgoingMigration) ++ bool migration) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); + + int qemuExtTPMStart(virQEMUDriver *driver, +@@ -52,7 +52,7 @@ int qemuExtTPMStart(virQEMUDriver *driver, + + void qemuExtTPMStop(virQEMUDriver *driver, + virDomainObj *vm, +- bool outgoingMigration) ++ bool migration) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); + + int qemuExtTPMSetupCgroup(virQEMUDriver *driver, +-- +2.49.0 diff --git a/SPECS/libvirt/libvirt-qemu-tpm-do-not-update-profile-name-for-transient-domains.patch b/SPECS/libvirt/libvirt-qemu-tpm-do-not-update-profile-name-for-transient-domains.patch new file mode 100644 index 00000000000..d483c22c04f --- /dev/null +++ b/SPECS/libvirt/libvirt-qemu-tpm-do-not-update-profile-name-for-transient-domains.patch @@ -0,0 +1,73 @@ +From c184ba489a432d5748c3de3ff5719ccd8194c1e5 Mon Sep 17 00:00:00 2001 +Message-ID: +From: =?UTF-8?q?J=C3=A1n=20Tomko?= +Date: Tue, 3 Dec 2024 12:00:08 +0100 +Subject: [PATCH] qemu: tpm: do not update profile name for transient domains +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If we do not have a persistent definition, there's no point in +looking for it since we cannot store it. + +Also skip the update if the tpm device(s) in the persistent +definition are different. + +This fixes the crash when starting a transient domain. + +https://issues.redhat.com/browse/RHEL-69774 +https://gitlab.com/libvirt/libvirt/-/issues/715 + +Fixes: d79542eec669eb9c449bb8228179e7a87e768017 +Signed-off-by: Ján Tomko +Reviewed-by: Jiri Denemark +Reviewed-by: Stefan Berger +(cherry picked from commit 81da7a2c2a2d490cddaaa77d3e3b36e210b38bd7) + +https://issues.redhat.com/browse/RHEL-71072 + +Signed-off-by: Ján Tomko +--- + src/qemu/qemu_extdevice.c | 13 ++++++++++++- + src/qemu/qemu_tpm.c | 2 +- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c +index a6f31f9773..954cb323a4 100644 +--- a/src/qemu/qemu_extdevice.c ++++ b/src/qemu/qemu_extdevice.c +@@ -190,7 +190,18 @@ qemuExtDevicesStart(virQEMUDriver *driver, + + for (i = 0; i < def->ntpms; i++) { + virDomainTPMDef *tpm = def->tpms[i]; +- virDomainTPMDef *persistentTPMDef = persistentDef->tpms[i]; ++ virDomainTPMDef *persistentTPMDef = NULL; ++ ++ if (persistentDef) { ++ /* do not try to update the profile in the persistent definition ++ * if the device does not match */ ++ if (persistentDef->ntpms == def->ntpms) ++ persistentTPMDef = persistentDef->tpms[i]; ++ if (persistentTPMDef && ++ (persistentTPMDef->type != tpm->type || ++ persistentTPMDef->model != tpm->model)) ++ persistentTPMDef = NULL; ++ } + + if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR && + qemuExtTPMStart(driver, vm, tpm, persistentTPMDef, +diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c +index f223dcb9ae..f5e0184e54 100644 +--- a/src/qemu/qemu_tpm.c ++++ b/src/qemu/qemu_tpm.c +@@ -773,7 +773,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, + incomingMigration) < 0) + goto error; + +- if (run_setup && !incomingMigration && ++ if (run_setup && !incomingMigration && persistentTPMDef && + qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTPMDef, + cfg, saveDef) < 0) + goto error; +-- +2.47.1 diff --git a/SPECS/libvirt/libvirt.spec b/SPECS/libvirt/libvirt.spec index ead2cef5d13..b702c68e755 100644 --- a/SPECS/libvirt/libvirt.spec +++ b/SPECS/libvirt/libvirt.spec @@ -185,7 +185,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 10.10.0 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -198,6 +198,9 @@ Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar. Patch0: libvirt-conf.patch Patch1: CVE-2025-13193.patch Patch2: CVE-2025-12748.patch +Patch3: libvirt-qemu-tpm-do-not-update-profile-name-for-transient-domains.patch +Patch4: libvirt-qemu-Rename-outgoingMigration-parameter-in-various-TPM-functions.patch +Patch5: libvirt-qemu-Properly-propagate-migration-state-to-TPM-cleanup-code.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2194,6 +2197,10 @@ exit 0 %endif %changelog +* Tue Mar 24 2026 Harshit Gupta - 10.10.0-2 +- Add patches from https://gitlab.com/redhat/centos-stream/rpms/libvirt + to fix TPM handling in QEMU migrations. + * Fri Feb 06 2026 Aadhar Agarwal - 10.10.0-1 - Upgrade to 10.10.0 - Add new files introduced in 10.10.0: network.conf, libvirtd_network.aug, diff --git a/cgmanifest.json b/cgmanifest.json index 08048f599fe..f00232cd358 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -8581,8 +8581,8 @@ "type": "other", "other": { "name": "kubevirt", - "version": "1.7.0", - "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.7.0.tar.gz" + "version": "1.7.1", + "downloadUrl": "https://github.com/kubevirt/kubevirt/archive/refs/tags/v1.7.1.tar.gz" } } },