* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 8cafea9bcc936f6a0a8f472032df03dc8b444f4c
@ 2026-05-05 13:13 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-05 13:13 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 8cafea9bcc936f6a0a8f472032df03dc8b444f4c (commit)
via 59ec27923941baad1dfc97d1a811836b7462c6b3 (commit)
via 1be2c2e00b8ab7e7bf84c4680911bd677f61acdb (commit)
from 58b474fc6d8e96938a0ba5a8521464854a10a2a0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8cafea9bcc936f6a0a8f472032df03dc8b444f4c
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 5 14:12:54 2026 +0200
libvirt: Update to version 12.3.0
- Update from version 11.7.0 to 12.3.0
- Update of rootfile
- 2 CVE fixes in 11.10.0
- Changelog
12.3.0
New features
* bhyve: Add blkiotune support
The bhyve driver now supports guest I/O throttling configuration::
<blkiotune>
<device>
<path>*</path>
<read_iops_sec>20000</read_iops_sec>
<write_iops_sec>20000</write_iops_sec>
<read_bytes_sec>10000</read_bytes_sec>
<write_bytes_sec>10000</write_bytes_sec>
</device>
</blkiotune>
It uses the ``rctl(4)`` framework to apply these limits.
* bhyve: Implement ``virDomainInterfaceAddresses()`` and ``virDomainGetHostname()``
The bhyve driver now implements APIs allowing to fetch address of
VM's interfaces (accessible via ``virsh domifaddr``) and the hostname
of the VM (``virsh domhostname``).
* hyperv: Implement ``virDomainGetGuestInfo()``
The hyperv driver now implements API for fetching guest information
(``virsh guestinfo``).
Improvements
* security: Don't error out on security labels of type='none'
Previously, libvirt reported an error if a domain with seclabel of
type='none' (meaning do not take this security model into account for this
domain) was being started and the model wasn't available (for instance, in
case of SELinux it was disabled at boot).
* Allow for multiple PCI root buses, not just for a single one numbered '0'
`virPCIDeviceReset()` and `virPCIDeviceIsBehindSwitchLackingACS()` no
longer use a hardcoded check (e.g bus == 0 ) to determine if a device is
attached to a "root bus". This allows for better support on more complex
PCI topologies.
* Add mechanism to prevent accidental shrink of device with ``virsh blockresize``
A new flag ``VIR_DOMAIN_BLOCK_RESIZE_EXTEND`` was introduced which prevents
accidental shrinking of the block device of the VM. The flag is exposed
as ``virsh blockresize --extend``.
* Expose ``MemAvailable`` field from kernel's meminfo as ``VIR_NODE_MEMORY_STATS_AVAILABLE``
Bug fixes
* virnetdevmacvlan: Wait for udev to settle after creating macvtap
When starting a domain with a macvtap device (or when hotplugging one),
libvirt creates the device and opens its ``/dev`` representation in order
to set it according to the ``<interface/>`` XML (e.g. MAC address, queues,
etc.). But if the system is under heavy load, it might happen that after
the device creation the udev daemon was triggered, but did not have enough
time to set the ``/dev`` representation fully. This may result in various
misconfiguration or even failed ``open()``. Therefore, libvirt waits after
device creation for udev daemon to settle down.
* apparmor: Don't drop macvtap devices from profile on blockjobs
12.2.0
Removed features
* qemu: Stop advertising support for ``handle`` backend of 9p filesystems
QEMU removed the feature in the 4.0 release, but our capability XML
still reported it.
New features
* qemu: Add support to configure IOMMUFD backend for whole VM
In addition to setting IOMMUFD backend for each device it is possible
to use the new ``<iommufd>`` element to enable IOMMUFD backend for all
host devices. Users can still change it per device.
* qemu: Add support to pass FD for IOMMUFD when starting VM
Management applications running unprivileged libvirt can open /dev/iommu
and pass FD to libvirt in order to change locked memory accounting.
This is done via new ``<iommufd>`` element.
* qemu: Add support for declaring that storage was zeroed for storage copy APIs
The qemu driver now can skip zeroing of the storage during
``virDomainBlockCopy`` or migration with non-shared storage with the
appropriate flags. This can be used for storage technologies which lack
efficient zeroing support.
* hyperv: Add basic snapshot functionality
The hyperv driver now implements the following libvirt APIs:
``virDomainDefineXMLFlags()``, ``virDomainSnapshotLookupByName()``,
``virDomainListAllSnapshots()``, ``virDomainSnapshotNum()``,
``virDomainSnapshotGetXMLDesc()``, ``virDomainSnapshotCurrent()``,
``virDomainHasCurrentSnapshot()``, ``virDomainSnapshotGetParent()``.
Improvements
* conf: support more than 255 vCPUs with amd-iommu
With 256 or more vCPUs libvirt previously required EIM enabled for all
models of IOMMU. This is not valid for AMD model and validation was changed
so that XTSup is required there. Additionally, it is automatically enabled
if needed.
* Introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES flag
This new flag for virConnectGetDomainCapabilities can be used to request
the host-model CPU definition to include all supported features (normally
only extra features relative to the selected CPU model are listed).
* qemu: Add statistics for ``<dataStore>`` storage
The bulk statistics (``virsh domstats --block --backing``) now report also
information about the ``<dataStore>`` if given disk uses this feature.
* hyperv: Hyper-V guests now report TPM device status in their domain xml
definition.
Bug fixes
* qemu: Fix crash when attaching network inteface with hostdev network
Introduced in v12.1.0 by implementing IOMMUFD backend support for
host devices.
12.1.0
New features
* qemu: Advertise firmware features in domain capabilities XML
The contents of the ``<firmwareFeatures/>`` element can be used to determine
ahead of time whether a firmware matching certain characteristics, for
example Secure Boot support, is available for the selected architecture and
machine type.
* qemu: Add support for uefi-vars device and firmware builds using it
This is particularly noteworthy for people running aarch64 VMs with the
'virt' machine type, as it makes it finally possible to use Secure Boot
with that combination.
In most cases, no special steps are needed to take advantage of this:
assuming that you have installed a recent version of QEMU, as well as a
build of edk2 that includes the necessary binaries, you can just `enable
Secure Boot <kbase/secureboot.html>`__ as you normally would.
To explicitly request that the uefi-vars device is used even for scenarios
where that would normally not be the case, it's enough to add an empty
``<varstore/>`` element in the domain XML. More details are available in
the `guest firmware configuration <formatdomain.html#guest-firmware>`__
section of the documentation.
* hyperv: improve API coverage for the hyperv driver
The `virDomainInterfaceAddresses()` and `virDomainGetBlockInfo()` APIs are
now supported by the hyperv driver. In addition, the domain xml for hyperv
domains will indicate via firmware features whether secure boot is enabled.
It also honors these firmware features when creating new domains.
* bhyve: Add support for vCPU pinning configuration
Bhyve guests can now have vCPU pinning configured::
<cputune>
<vcpupin vcpu="0" cpuset="1,2,3"/>
</cputune>
Additionally, the ``domainGetVcpuPinInfo`` API is implemented for
querying vCPU pinning information.
* qemu: Support block operation latency histograms
Libvirt now allows configuring qemu's block latency histogram collection
as well as returns them via the bulk stats API.
Improvements
* Introduce granule attribute for virtio-iommu
In case when guest page size doesn't match the host page size (typically
aarch64) the ``virtio-iommu`` needs to know the guest page size so it can
allocate memory aligned to guest page size.
* Parse hyperv features even for host-model
Two releases ago, in v11.9.0 new ``host-model`` mode for Hyper-V
enlightenments was introduced. Starting with this release, users can
additionally override the defaults that are picked when domain is started
and features are expanded.
* bhyve: Improve loader configuration for arm64 guests
If loader is not explicitly configured, use the loader
from the ``sysutils/u-boot-bhyve-arm64`` port/package for the
arm64 guests.
Bug fixes
* Fix build with remote driver disabled
Some parts of code were wrongly annotated as depended on remote driver.
But they were used even from client side drivers. This is now fixed and
libvirt builds properly even with remote driver disabled.
* Various fixes to libvirt-guests.sh
Firstly, the exit code of various commands was ignored (which may lead the
script to wrongly determine persistent/transient domain state, for
instance). Secondly, due to logical error, the script might have
incorrectly asses state a domain is in.
* AppArmor: Ask for no deny rule for readonly disk elements
For read only disks, libvirt created an AppArmor profile which disallowed
any future write rules. But when doing a blockcommit, libvirt needs to
allow hypervisor to write to even readonly disks. The rule in the profile
was changed so that future write rules can be added, temporarily.
* esx: Allow connecting to IPv6 server
Due to a bug in our code, if an IPv6 address was provided in connection
URI, libvirt would fail to connect to VMWare server. This is now fixed.
* qemu: Use device alias if interface has no name
The ``virDomainInterfaceAddresses()`` API (or ``virsh domifaddr``) returns
an array interfaces among with their addresses. But some interface names
might be unknown, for instance if the API is told to parse host's ARP table
then PCI assigned NICs or slirp/passt lack interface name. If that's the
case, let the API return domain's ``<interface/>`` alias.
* bhyve: hyperv: Various memory leak fixes
* qemu: Fix failures when restoring save/managed-save images with upcoming qemu versions
Current git version of qemu would return an error when attempting to load
an existing (managed) save image as we relied on deprecated features that
were now removed.
12.0.0
New features
* bhyve: SLIRP networking support
Domain XMLs now can use SLIRP user-mode networking::
<interface type='user'>
<model type='virtio'/>
</interface>
* bhyve: virtio-scsi support
Domain XMLs now can use ``virtio-scsi`` devices::
<disk type='ctl'>
<source dev='/dev/cam/ctl'/>
<target dev='sda' bus='scsi'/>
</disk>
* bhyve: initial ARM64 support
The bhyve driver now supports booting ARM64 domains on ARM64 hosts.
This support is still in early stage of development and has some
limitations. For example, it requires using
``<clock offset='localtime'/>`` in domain XMLs, and
bootrom autofill is not implemented.
Improvements
* qemu: Improvements and fixes to firmware selection
Firmware selection now works more reliably and predictably in many
scenarios.
Notably, issues that were preventing the use of firmware designed for
confidential VMs on aarch64 have been addressed.
* network: Introduce port for DNS forwarder
In the ``<dns/>`` section of network configuration users can set up
forwarding of DNS requests to custom DNS servers. These are specified using
``addr`` attribute. But configuring port wasn't possible, until now. New
``port`` attribute is introduced, which allows overriding the default DNS
port for given address.
Bug fixes
* qemu: Fix startup of VMs with more than ~25 external snapshots
After switch to json-c VMs with too deeply nested image chains would fail
to start due to nesting depth limit in json-c, which is now increased to once
again support backing chains up to 200 images deep.
* qemu: TPM: Properly handle migration when storage resides on NFS
The VM now can be properly migrated in scenarios where TPM data is stored
on a shared filesystem on the destination but on the source it's either
on a different NFS or unshared completely.
* qemu: Treat memory device source nodemask as strict NUMA policy
Until now, the NUMA policy for ``<memory/>`` devices was taken either from
the guest NUMA node or ``<numatune/>``. But this may lead to discrepancies,
where the memory device is configured to bind to a set of host NUMA nodes,
but the guest NUMA node is to bind to a disjoint set of host NUMA nodes. To
resolve this, specifying ``<nodemask/>`` for a memory device implies
``strict`` policy.
* qemu: Relax validation of some hyperv features
Since 11.9.0 release, libvirt performs dependency checks for hyperv
features, for instance ``stimer`` requires ``synic``. But as it turned out,
for some ancient machine types (e.g. 'pc-i440fx-3.0' or 'pc-q35-3.0') some
dependencies are not true. Corresponding checks were removed.
* esx: URI encode inventory objects twice
Formatting domain XML for domains on an ESX server might fail if
corresponding datacenter or datastore contained special characters (e.g.
'+'). This is now fixed.
* Fix race when checking whether a path is on a shared file system
Finding an existing parent of a given path and checking whether it's on a
shared file system was not atomic and thus the path could have been
misinterpreted as non-shared if it was removed between these two
operations. This could cause migration with an emulated TPM device stored
on a shared file system to fail with the following bogus error::
Operation not supported: the running swtpm does not support migration with
shared storage
11.10.0
Security
* CVE-2025-12748: Denial of service by some ACL-limited accounts
Parsing of user provided XMLs in APIs which needed the identification
information from those XML definitions was done in full before ACL checks
were performed. Some valid, but useless, definitions could cause allocation
of too much memory, leading to denial of service. APIs which do equate to
full root access (such as ``domain:write``), and were parsing XML
definitions in full before performing ACL checks could, potentially, be
exploited in a way that would allow users (which were about to be denied the
API call) to cause aforementioned overallocation even before the ACL checks
were performed.
A change was made so that parsing before ACL checks are done only for the
identification parts of the XML definition (which is needed to perform the
checks) and full parsing is done only after checking all ACLs.
* CVE-2025-13193: Incorrect permissions on images after external snapshot of an inactive VM
The overlay ``qcow2`` images which are created as part of creation of an
external snapshot of an inactive VM had world-readable (644) permissions
which would allow unauthorized users to see contents of blocks written by
the VM after snapshot was taken. Libvirt now sets proper umask so that
the images are created with 600 mode.
New features
* Hyper-V virttype support for Qemu domains
Libvirt now supports Hyper-V virttype while lauching QEMU domains. This
feature requires Qemu version 10.2.0 or later and is available on Linux
hosts where the /dev/mshv is present.
* Add more statistics for block devices on QEMU domains
The block devices now report optimal access request sizes as well as
statistics such as the queue depth.
Improvements
* bhyve: VNC ``wait`` attribute support
Bhyve guests can now be configured to wait for a VNC connection before
booting.
* remote: multiple certificate support
The remote daemon and client can be configured to load multiple x509
certificate identities. This facilitates a transition to certificates
supporting Post-Quantum Crytographic algorithms.
* tools: improved virt-host-validate output
The virt-host-validate tool will now report extra details when certain
checks pass.
* qemu: Allow backup jobs to continue if guest OS shuts down
When starting a backup job users can now use a flag which prevents the VM
to be completely cleaned up if the guest OS shuts down while the backup is
running so that the backup can be finalized.
Bug fixes
* ch: Use correct domain definition in chDomainGetXMLDesc()
Cloud-Hypervisor driver claims to support ``VIR_DOMAIN_XML_INACTIVE`` but
in fact it never formatted the inactive XML. This is now fixed.
* esx: Allow disk images in subdirectories
If a domain has a disk image that's not in a datastore path but in a
subdirectory, the ESX driver would have failed to parse that and an error
was reported when obtaining domain XML. This is now fixed.
* qemu: Fix incoming migration to QEMU 10.0.0 and newer
Due to a change in the way QEMU 10.0.0 reports the state of "ht" CPU
feature, incoming migration of a domain with multiple CPU threads would
fail with "guest CPU doesn't match specification: extra features: ht"
error.
* qemu: fix incorrect reporting of the TDX launch security type
The TDX launch security type was incorrectly reported on all platforms
if the QEMU binary had it built-in. It is now limited to only platforms
with the TDX kernel feature available for use.
* qemu: set ``detect_zeroes`` for all backing chain layers
Some block jobs (snapshots, block commit) could modify the backing chain in
a way where ``detect_zeroes`` would no longer be honoured. We now set
it for all images in the backing chain, so that it will behave correctly
even after those operations.
11.9.0
New features
* Introduce Hyper-V ``host-model`` mode
Similarly to CPUs, ``host-model`` mode expands available Hyper-V
enlightenments at domain startup into the live XML so that's obvious which
enlightenments are enabled.
* Add support for Hyper-V ``spinlocks`` "never notify" mechanism
The ``retries`` attribute - which defines after how many failed
acquisition attempts to notify the hypervisor - can now hold the
special value of 4294967295 which means to never notify the
hypervisor.
If the ``retries`` attribute is omitted this value is used.
* ch: Network hotplug Support
Users can now attach and detach network interfaces of Cloud Hypervisor
domains at runtime.
* bhyve: NVMe device support
Domain XMLs now can use NVMe devices::
<disk type='file'>
<driver name='file' type='raw'/>
<source file='/path/to/disk.img'/>
<target dev='nvme0n1' bus='nvme'/>
</disk>
Improvements
* qemu: Improvements to USB controller model selection
Virtualization-friendly USB3 controllers are now used in more situations,
Intel-specific USB controllers are relegated to x86 guests, and model
selection overall behaves more consistently across architectures.
* qemu: Validate Hyper-V enlightenment dependencies
Some Hyper-V enlightenments may require some other enlightenments to be
turned on. Libvirt now validates these for new domains.
* qemu: Introduce virtio options for virtio memory models
Both virtio-mem and virtio-pmem memory models are virtio devices and as
such now support setting various virtio knobs (iommu, ats, packed,
page_per_vq) common to other virtio devices.
* wireshark: Adapt to wireshark-4.6.0
Libvirt's wireshark dissector plugin adapted to changes made to wireshark
dissector API in its 4.6.0 release.
* qemu: 'manual' disk snapshot mode improvements
The 'manual' snapshot mode now ensures that also metadata of the images is
written out to disk so that user can take snapshots of e.g. qcow2 image
safely.
Bug fixes
* ch: Load ``ch.conf`` from ``SYSCONFDIR``
Previously, the ``ch.conf`` file for ``ch:///system`` URI was mistakenly
loaded from a path under ``LOCALSTATEDIR`` (``/var/...``). This is now
fixed and the configuration file is loaded from the ``SYSCONFDIR``
(``/etc/...``) location where it's also installed.
11.8.0
New features
* ch: Disk hotplug Support
Users can now attach and detach disks of Cloud Hypervisor domains at
runtime.
* qemu: Add support for NUMA affinity of PCI devices
To support NVIDIA Multi-Instance GPU (MIG) configurations, libvirt now
handles QEMU's acpi-generic-initiator device internally. MIG enables
partitioning a physical GPU into multiple isolated instances, each
associated with one or more virtual NUMA nodes.
On the XML side, the existing ``<acpi>`` element has been extended with a
``nodeset`` attribute to specify the NUMA node affinity of a PCI device.
* qemu: Add support for hostname and FQDN configration of passt backend
The attributes ``hostname`` and ``fqdn`` for passt backend configure
the guest interface with hostname and FQDN.
Improvements
* ch: Events emitting
The CH driver not only emits more domain lifecycle events but also
implements ``virConnectDomainEventRegister()`` and
``virConnectDomainEventDeregister()`` APIs for management applications to
listen on those events.
Bug fixes
* qemu: Fix selection of stateless/combined firmware
A stateless firmware will now be correctly chosen when appropriate,
e.g. for domains configured to use SEV-SNP.
* ch: Make sure the cloud-hypervisor process is killed in ``virCHProcessStop()``
Due to wrong assumptions in the CH driver, calling ``virDomainDestroy()``
did not kill the corresponding cloud-hypervisor process. Domains can be now
destroyed reliably.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 59ec27923941baad1dfc97d1a811836b7462c6b3
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 5 14:12:52 2026 +0200
core202: Ship ipset
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 1be2c2e00b8ab7e7bf84c4680911bd677f61acdb
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue May 5 14:12:53 2026 +0200
ipset: Update to version 7.24
- Update from version 7.22 to 7.24
- No change in rootfile
- Changelog
7.24
- Improve fixing commas in sorted json output
- Fix extra quotes around elements in json output
(bugzilla #1793, issue 3.)
- Fix commas in sorted json output (bugzilla #1793, issue 4)
- Fix unquoted port range in json output (bugzilla #1793, issue 1)
- Fix extraneous comma in terse list json output (Joachim,
bugzilla #1793, issue 2)
- bash-completion: restore fix for syntax error (Jeremy Sowden)
- Correct typo in man-page (Jeremy Sowden)
7.23
- tests: runtest.sh: Keep running, print summary of failed tests
(Phil Sutter)
- tests: cidr.sh: Fix for quirks in RHEL's ipcalc (Phil Sutter)
- tests: cidr.sh: Respect IPSET_BIN env var (Phil Sutter)
- ipset: Fix implicit declaration of function basename (Mike Pagano)
- tests: Reduce testsuite run-time (Phil Sutter)
- lib: ipset: Avoid 'argv' array overstepping (Phil Sutter)
- lib: data: Fix for global-buffer-overflow warning by ASAN
(Phil Sutter)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
.../{oldcore/106 => core/202}/filelists/ipset | 0
config/rootfiles/packages/libvirt | 34 ++++++++++++++++++----
lfs/ipset | 15 ++++------
lfs/libvirt | 8 ++---
4 files changed, 39 insertions(+), 18 deletions(-)
copy config/rootfiles/{oldcore/106 => core/202}/filelists/ipset (100%)
Difference in files:
diff --git a/config/rootfiles/core/202/filelists/ipset b/config/rootfiles/core/202/filelists/ipset
new file mode 120000
index 000000000..2b43691f2
--- /dev/null
+++ b/config/rootfiles/core/202/filelists/ipset
@@ -0,0 +1 @@
+../../../common/ipset
\ No newline at end of file
diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt
index 9e80e8e75..18bbbb4cc 100644
--- a/config/rootfiles/packages/libvirt
+++ b/config/rootfiles/packages/libvirt
@@ -32,6 +32,7 @@ etc/libvirt/qemu
etc/libvirt/qemu-lockd.conf
etc/libvirt/qemu.conf
etc/libvirt/qemu/autostart
+etc/libvirt/secret.conf
etc/libvirt/secrets
etc/libvirt/storage
etc/libvirt/storage/autostart
@@ -88,16 +89,16 @@ usr/bin/virt-xml-validate
#usr/lib/libvirt
#usr/lib/libvirt-admin.so
usr/lib/libvirt-admin.so.0
-usr/lib/libvirt-admin.so.0.11007.0
+usr/lib/libvirt-admin.so.0.12003.0
#usr/lib/libvirt-lxc.so
usr/lib/libvirt-lxc.so.0
-usr/lib/libvirt-lxc.so.0.11007.0
+usr/lib/libvirt-lxc.so.0.12003.0
#usr/lib/libvirt-qemu.so
usr/lib/libvirt-qemu.so.0
-usr/lib/libvirt-qemu.so.0.11007.0
+usr/lib/libvirt-qemu.so.0.12003.0
#usr/lib/libvirt.so
usr/lib/libvirt.so.0
-usr/lib/libvirt.so.0.11007.0
+usr/lib/libvirt.so.0.12003.0
#usr/lib/libvirt/connection-driver
usr/lib/libvirt/connection-driver/libvirt_driver_ch.so
usr/lib/libvirt/connection-driver/libvirt_driver_interface.so
@@ -119,7 +120,8 @@ usr/lib/libvirt/storage-backend/libvirt_storage_backend_vstorage.so
#usr/lib/pkgconfig/libvirt.pc
#usr/lib/sysctl.d
usr/lib/sysctl.d/60-libvirtd.conf
-usr/lib/sysctl.d/60-qemu-postcopy-migration.conf
+#usr/lib/systemd/system/libvirtd.service.d
+#usr/lib/systemd/system/libvirtd.service.d/10-secret.conf
#usr/lib/sysusers.d
usr/lib/sysusers.d/libvirt-login-shell.conf
usr/lib/sysusers.d/libvirt-qemu.conf
@@ -141,11 +143,13 @@ usr/sbin/virtstoraged
#usr/share/augeas
#usr/share/augeas/lenses
#usr/share/augeas/lenses/libvirt_lockd.aug
+#usr/share/augeas/lenses/libvirt_secrets.aug
#usr/share/augeas/lenses/libvirtd.aug
#usr/share/augeas/lenses/libvirtd_ch.aug
#usr/share/augeas/lenses/libvirtd_qemu.aug
#usr/share/augeas/lenses/tests
#usr/share/augeas/lenses/tests/test_libvirt_lockd.aug
+#usr/share/augeas/lenses/tests/test_libvirt_secrets.aug
#usr/share/augeas/lenses/tests/test_libvirtd.aug
#usr/share/augeas/lenses/tests/test_libvirtd_ch.aug
#usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug
@@ -267,6 +271,8 @@ usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v3.xml
usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v4.xml
usr/share/libvirt/cpu_map/x86_Cascadelake-Server-v5.xml
usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml
+usr/share/libvirt/cpu_map/x86_ClearwaterForest-v1.xml
+usr/share/libvirt/cpu_map/x86_ClearwaterForest.xml
usr/share/libvirt/cpu_map/x86_Conroe-v1.xml
usr/share/libvirt/cpu_map/x86_Conroe.xml
usr/share/libvirt/cpu_map/x86_Cooperlake-v1.xml
@@ -280,23 +286,30 @@ usr/share/libvirt/cpu_map/x86_Dhyana-v1.xml
usr/share/libvirt/cpu_map/x86_Dhyana-v2.xml
usr/share/libvirt/cpu_map/x86_Dhyana.xml
usr/share/libvirt/cpu_map/x86_EPYC-Genoa-v1.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Genoa-v2.xml
usr/share/libvirt/cpu_map/x86_EPYC-Genoa.xml
usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml
usr/share/libvirt/cpu_map/x86_EPYC-Milan-v1.xml
usr/share/libvirt/cpu_map/x86_EPYC-Milan-v2.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Milan-v3.xml
usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome-v1.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome-v2.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome-v3.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome-v4.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Rome-v5.xml
usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Turin-v1.xml
+usr/share/libvirt/cpu_map/x86_EPYC-Turin.xml
usr/share/libvirt/cpu_map/x86_EPYC-v1.xml
usr/share/libvirt/cpu_map/x86_EPYC-v2.xml
usr/share/libvirt/cpu_map/x86_EPYC-v3.xml
usr/share/libvirt/cpu_map/x86_EPYC-v4.xml
+usr/share/libvirt/cpu_map/x86_EPYC-v5.xml
usr/share/libvirt/cpu_map/x86_EPYC.xml
usr/share/libvirt/cpu_map/x86_GraniteRapids-v1.xml
usr/share/libvirt/cpu_map/x86_GraniteRapids-v2.xml
+usr/share/libvirt/cpu_map/x86_GraniteRapids-v3.xml
usr/share/libvirt/cpu_map/x86_GraniteRapids.xml
usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml
usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml
@@ -346,8 +359,11 @@ usr/share/libvirt/cpu_map/x86_SandyBridge.xml
usr/share/libvirt/cpu_map/x86_SapphireRapids-v1.xml
usr/share/libvirt/cpu_map/x86_SapphireRapids-v2.xml
usr/share/libvirt/cpu_map/x86_SapphireRapids-v3.xml
+usr/share/libvirt/cpu_map/x86_SapphireRapids-v4.xml
usr/share/libvirt/cpu_map/x86_SapphireRapids.xml
usr/share/libvirt/cpu_map/x86_SierraForest-v1.xml
+usr/share/libvirt/cpu_map/x86_SierraForest-v2.xml
+usr/share/libvirt/cpu_map/x86_SierraForest-v3.xml
usr/share/libvirt/cpu_map/x86_SierraForest.xml
usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml
usr/share/libvirt/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml
@@ -373,6 +389,10 @@ usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml
usr/share/libvirt/cpu_map/x86_Westmere-v1.xml
usr/share/libvirt/cpu_map/x86_Westmere-v2.xml
usr/share/libvirt/cpu_map/x86_Westmere.xml
+usr/share/libvirt/cpu_map/x86_YongFeng-v1.xml
+usr/share/libvirt/cpu_map/x86_YongFeng-v2.xml
+usr/share/libvirt/cpu_map/x86_YongFeng-v3.xml
+usr/share/libvirt/cpu_map/x86_YongFeng.xml
usr/share/libvirt/cpu_map/x86_athlon-v1.xml
usr/share/libvirt/cpu_map/x86_athlon.xml
usr/share/libvirt/cpu_map/x86_core2duo-v1.xml
@@ -432,6 +452,7 @@ usr/share/libvirt/schemas/storagevol.rng
usr/share/libvirt/schemas/sysinfo.rng
usr/share/libvirt/schemas/sysinfocommon.rng
#usr/share/libvirt/test-screenshot.png
+#usr/share/locale/ar/LC_MESSAGES/libvirt.mo
#usr/share/locale/as/LC_MESSAGES/libvirt.mo
#usr/share/locale/bg/LC_MESSAGES/libvirt.mo
#usr/share/locale/bn_IN/LC_MESSAGES/libvirt.mo
@@ -478,6 +499,7 @@ usr/share/libvirt/schemas/sysinfocommon.rng
#usr/share/locale/uk/LC_MESSAGES/libvirt.mo
#usr/share/locale/vi/LC_MESSAGES/libvirt.mo
#usr/share/locale/zh_CN/LC_MESSAGES/libvirt.mo
+#usr/share/locale/zh_Hant/LC_MESSAGES/libvirt.mo
#usr/share/locale/zh_TW/LC_MESSAGES/libvirt.mo
#var/cache/libvirt
#var/cache/libvirt/qemu
@@ -498,6 +520,8 @@ var/ipfire/backup/addons/includes/libvirt
#var/lib/libvirt/qemu/ram
#var/lib/libvirt/qemu/save
#var/lib/libvirt/qemu/snapshot
+#var/lib/libvirt/qemu/varstore
+#var/lib/libvirt/secrets
#var/lib/libvirt/swtpm
#var/log/libvirt
#var/log/libvirt/ch
diff --git a/lfs/ipset b/lfs/ipset
index b7c576fc2..28c374071 100644
--- a/lfs/ipset
+++ b/lfs/ipset
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 7.22
+VER = 7.24
THISAPP = ipset-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9daaff54adb6f9daf69cd7dabbd9134d8fcf8cd7f8ef0c52296961579ad3c8202087158a01664228eff70356ba97f77ec61abbab7c7ce323112fbdc32abd661b
+$(DL_FILE)_BLAKE2 = 52e05313353e7b5fe969d5f113794238356bf900b4e7ac4693c05164ecde0826d0e911dcae67bb4103f49b587f94f561d14dcfebb78c5c231013fda7d36a81da
install : $(TARGET)
@@ -71,17 +71,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --with-kmod=no \
- --disable-static
-
+ --prefix=/usr \
+ --with-kmod=no \
+ --disable-static
# Add configuration directory
-mkdir -pv /etc/ipset
chmod 750 /etc/ipset
chown root:root /etc/ipset
-
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/lfs/libvirt b/lfs/libvirt
index 7e6fac180..7a879924d 100644
--- a/lfs/libvirt
+++ b/lfs/libvirt
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Server side daemon and supporting files for libvirt
-VER = 11.7.0
+VER = 12.3.0
THISAPP = libvirt-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 aarch64
PROG = libvirt
-PAK_VER = 46
+PAK_VER = 47
DEPS = ebtables libpciaccess ovmf swtpm qemu
@@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 44b4c2a2c498d351762cf2bcbd26460dbe663e08e3f2a1b6e73fefbcb4bbc4e77f4b0d47ad771ec7b3854a9b2ebdbf08162590d20bd080f276a8042148ca5f07
+$(DL_FILE)_BLAKE2 = a6b2cd5de3f9cd81b8dadc8193c6bd12a018d8c4a6b175168a81988224a66f8e3ab28a2dccc441f8867b896271f6c3fa640cd456af07c64784b4adda5cea8e35
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-05 13:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-05 13:13 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 8cafea9bcc936f6a0a8f472032df03dc8b444f4c Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox