6 files changed, 4 insertions, 218 deletions

diff --git a/recipes-extended/libvirt/libvirt-python.inc b/recipes-extended/libvirt/libvirt-python.inc
index a48aaea5..6e2c3677 100644
--- a/recipes-extended/libvirt/libvirt-python.inc
+++ b/recipes-extended/libvirt/libvirt-python.inc
@@ -17,8 +17,7 @@ FILES:${PN}-python = "${bindir}/* ${libdir}/* ${libdir}/${PYTHON_DIR}/*"
 
 SRC_URI += "http://libvirt.org/sources/python/libvirt-python-${PV}.tar.gz;name=libvirt_python"
 
-SRC_URI[libvirt_python.md5sum] = "19bf22414a43d358581b9259b52047a7"
-SRC_URI[libvirt_python.sha256sum] = "c0c3bac54c55622e17927b09cd9843869600d71842fb072c99491fe2608dcee7"
+SRC_URI[libvirt_python.sha256sum] = "a21ecfab6d29ac1bdd1bfd4aa3ef58447f9f70919aefecd03774613f65914e43"
 
 export LIBVIRT_API_PATH = "${S}/docs/libvirt-api.xml"
 export LIBVIRT_CFLAGS = "-I${S}/include"
diff --git a/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch b/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch
deleted file mode 100644
index 9dd650ee..00000000
--- a/recipes-extended/libvirt/libvirt/0001-docs-Fix-template-matching-in-page.xsl.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 54814c87f3706cc8eb894634ebef0f9cf7dabae6 Mon Sep 17 00:00:00 2001
-From: Martin Kletzander <mkletzan@redhat.com>
-Date: Mon, 21 Feb 2022 09:26:13 +0100
-Subject: [PATCH] docs: Fix template matching in page.xsl
-
-Our last default template had a match of "node()" which incidentally matched
-everything, including text nodes.  Since this has the same priority according to
-the XSLT spec, section 5.5:
-
-  https://www.w3.org/TR/1999/REC-xslt-19991116#conflict
-
-this is an error.  Also according to the same spec section, the XSLT processor
-may signal the error or pick the last rule.
-
-This was uncovered with libxslt 1.1.35 which contains the following commit:
-
-  https://gitlab.gnome.org/GNOME/libxslt/-/commit/b0074eeca3c6b21b4da14fdf712b853900c51635
-
-which makes the build fail with:
-
-  runtime error: file ../docs/page.xsl line 223 element element
-  xsl:element: The effective name '' is not a valid QName.
-
-because our last rule also matches text nodes and we are trying to extract the
-node name out of them.
-
-To fix this we change the match to "*" which only matches elements and not all
-the nodes, and to avoid any possible errors with different XSLT processors we
-also bump the priority of the match="text()" rule a little higher, just in case
-someone needs to use an XSLT processor that chooses signalling the error instead
-of the optional recovery.
-
-https://bugs.gentoo.org/833586
-
-Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
----
- docs/page.xsl | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/docs/page.xsl b/docs/page.xsl
-index fd67918d3b..72a6fa0842 100644
---- a/docs/page.xsl
-+++ b/docs/page.xsl
-@@ -215,11 +215,11 @@
-     </xsl:element>
-   </xsl:template>
- 
--  <xsl:template match="text()" mode="copy">
-+  <xsl:template match="text()" mode="copy" priority="0">
-     <xsl:value-of select="."/>
-   </xsl:template>
- 
--  <xsl:template match="node()" mode="copy">
-+  <xsl:template match="*" mode="copy">
-     <xsl:element name="{name()}">
-       <xsl:copy-of select="./@*"/>
-       <xsl:apply-templates mode="copy" />
--- 
-2.33.0
-
diff --git a/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch b/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch
deleted file mode 100644
index 2753503d..00000000
--- a/recipes-extended/libvirt/libvirt/0001-security-fix-SELinux-label-generation-logic.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 15073504dbb624d3f6c911e85557019d3620fdb2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Jun 2021 13:09:04 +0100
-Subject: [PATCH] security: fix SELinux label generation logic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A process can access a file if the set of MCS categories
-for the file is equal-to *or* a subset-of, the set of
-MCS categories for the process.
-
-If there are two VMs:
-
-  a) svirt_t:s0:c117
-  b) svirt_t:s0:c117,c720
-
-Then VM (b) is able to access files labelled for VM (a).
-
-IOW, we must discard case where the categories are equal
-because that is a subset of many other valid category pairs.
-
-Upstream-status: Backport
-
-Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
-CVE-2021-3631
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- src/security/security_selinux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index b50f4463cc..0c2cf1d1c7 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -383,7 +383,15 @@ virSecuritySELinuxMCSFind(virSecurityManager *mgr,
-         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
- 
-         if (c1 == c2) {
--            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
-+            /*
-+             * A process can access a file if the set of MCS categories
-+             * for the file is equal-to *or* a subset-of, the set of
-+             * MCS categories for the process.
-+             *
-+             * IOW, we must discard case where the categories are equal
-+             * because that is a subset of other category pairs.
-+             */
-+            continue;
-         } else {
-             if (c1 > c2) {
-                 int t = c1;
--- 
-2.17.1
-
diff --git a/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch b/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch
deleted file mode 100644
index 608322d9..00000000
--- a/recipes-extended/libvirt/libvirt/0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From d3e20e186ed531e196bb1529430f39b0c917e6dc Mon Sep 17 00:00:00 2001
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 21 Jul 2021 11:22:25 +0200
-Subject: [PATCH] storage_driver: Unlock object on ACL fail in
- storagePoolLookupByTargetPath
-
-'virStoragePoolObjListSearch' returns a locked and refed object, thus we
-must release it on ACL permission failure.
-
-Fixes: 7aa0e8c0cb8
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-
-Upstream-status: Backport
-CVE-2021-3667 [https://bugzilla.redhat.com/show_bug.cgi?id=1986094]
-Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
----
- src/storage/storage_driver.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index ecb5b86b4f..de66f1f9e5 100644
---- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
-                                            storagePoolLookupByTargetPathCallback,
-                                            cleanpath))) {
-         def = virStoragePoolObjGetDef(obj);
--        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
-+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
-+            virStoragePoolObjEndAPI(&obj);
-             return NULL;
-+        }
- 
-         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
-         virStoragePoolObjEndAPI(&obj);
--- 
-2.27.0
-
diff --git a/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch b/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch
deleted file mode 100644
index 3201eede..00000000
--- a/recipes-extended/libvirt/libvirt/0002-meson-Fix-compatibility-with-Meson-0.58.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From c607266619c5ab78ad5d4179b3ea93cfb6348391 Mon Sep 17 00:00:00 2001
-From: Andrea Bolognani <abologna@redhat.com>
-Date: Mon, 3 May 2021 09:06:34 +0200
-Subject: [PATCH] meson: Fix compatibility with Meson 0.58
-
-Builds failed with
-
-  tests/meson.build:690:0: ERROR: List item must be one
-  of <class 'str'>, not <class 'list'>
-
-before this change.
-
-https://gitlab.com/libvirt/libvirt/-/issues/158
-
-Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/c607266619c5ab78ad5d4179b3ea93cfb6348391]
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-Signed-off-by: Andrea Bolognani <abologna@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
----
- tests/meson.build | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/meson.build b/tests/meson.build
-index 05c3e90195..9900983d0c 100644
---- a/tests/meson.build
-+++ b/tests/meson.build
-@@ -687,12 +687,12 @@ foreach name : test_scripts
-   test(name, script, env: tests_env)
- endforeach
- 
-+testenv = runutf8
-+testenv += 'VIR_TEST_FILE_ACCESS=1'
-+
- add_test_setup(
-   'access',
--  env: [
--    'VIR_TEST_FILE_ACCESS=1',
--    runutf8,
--  ],
-+  env: testenv,
-   exe_wrapper: [ python3_prog, check_file_access_prog.path() ],
- )
- 
--- 
-GitLab
-
diff --git a/recipes-extended/libvirt/libvirt_7.2.0.bb b/recipes-extended/libvirt/libvirt_8.1.0.bb
index 1fc55b8d..b90fb704 100644
--- a/recipes-extended/libvirt/libvirt_7.2.0.bb
+++ b/recipes-extended/libvirt/libvirt_8.1.0.bb
@@ -28,14 +28,9 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
            file://dnsmasq.conf \
            file://hook_support.py \
            file://gnutls-helper.py \
-           file://0002-meson-Fix-compatibility-with-Meson-0.58.patch \
-           file://0001-security-fix-SELinux-label-generation-logic.patch \
-           file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \
-           file://0001-docs-Fix-template-matching-in-page.xsl.patch \
           "
 
-SRC_URI[libvirt.md5sum] = "92044b629216e44adce63224970a54a3"
-SRC_URI[libvirt.sha256sum] = "01f459d0c7ba5009622a628dba1a026200e8f4a299fea783b936a71d7e0ed1d0"
+SRC_URI[libvirt.sha256sum] = "3c6c43becffeb34a3f397c616206aa69a893ff8bf5e8208393c84e8e75352934"
 
 inherit meson gettext update-rc.d pkgconfig systemd useradd perlnative
 USERADD_PACKAGES = "${PN}"
@@ -160,7 +155,7 @@ PACKAGECONFIG[fuse] = "-Dfuse=enabled,-Dfuse=disabled,fuse,"
 PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit,"
 PACKAGECONFIG[libcap-ng] = "-Dcapng=enabled,-Dcapng=disabled,libcap-ng,"
 PACKAGECONFIG[wireshark] = "-Dwireshark_dissector=enabled,-Dwireshark_dissector=disabled,wireshark libwsutil,"
-PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=true, -Dapparmor_profiles=false,"
+PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, -Dapparmor_profiles=disabled,"
 PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled,"
 PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
 PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
@@ -212,7 +207,7 @@ do_install:append() {
             fi
 
             # This variable is used by libvirtd.service to start libvirtd in the right mode
-            sed -i '/#LIBVIRTD_ARGS="--listen"/a LIBVIRTD_ARGS="--listen --daemon"' ${D}/${sysconfdir}/sysconfig/libvirtd
+            sed -i '/#LIBVIRTD_ARGS="--listen"/a LIBVIRTD_ARGS="--listen --daemon"' ${D}/${sysconfdir}/init.d/libvirtd
 
             # We can't use 'notify' when we don't support 'sd_notify' dbus capabilities.
             sed -i -e 's/Type=notify/Type=forking/' \