libvirt-11.10.0-3.el9

- util: json: Increase JSON nesting limit when parsing to 300 (RHEL-135128)
- virjsontest: Add test for nesting depth (RHEL-135128)
- qemu_validate: Drop VIR_DOMAIN_HYPERV_SYNIC dependency on VIR_DOMAIN_HYPERV_VPINDEX (RHEL-138689)
- qemu_validate: Drop VIR_DOMAIN_HYPERV_STIMER dependency on VIR_DOMAIN_HYPERV_VPINDEX (RHEL-138689)
- esx_util: Introduce esxUtil_EscapeInventoryObject() (RHEL-134127)
- esx: URI encode inventory objects twice (RHEL-134127)

Resolves: RHEL-134127, RHEL-135128, RHEL-138689

libvirt-esx-URI-encode-inventory-objects-twice.patch

@@ -0,0 +1,59 @@
+From 0431af4412aab6aadcde893a7eacf1ae24771590 Mon Sep 17 00:00:00 2001
+Message-ID: <0431af4412aab6aadcde893a7eacf1ae24771590.1768317034.git.jdenemar@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Jan 2026 17:18:03 +0100
+Subject: [PATCH] esx: URI encode inventory objects twice
+
+While discouraged by a KB article to use special characters in
+inventory object names [1], ESX won't stop you. And thus users
+can end up with a datastore named "datastore2+", for instance.
+The datastore name (and datacenter path) are important when
+fetching/uploading a .vmx file (used in APIs like
+virDomainGetXMLDesc() or virDomainDefineXML()). And while we do
+URI encode both (dcPath and dsName), encoding them once is not
+enough. Cole Robinson discovered [2] that they need to be
+URI-encoded twice. Use newly introduced
+esxUtil_EscapeInventoryObject() helper to encode them twice.
+
+1: https://knowledge.broadcom.com/external/article/386368/vcenter-inventory-object-name-with-speci.html
+2: https://issues.redhat.com/browse/RHEL-133729#comment-28604072
+Resolves: https://issues.redhat.com/browse/RHEL-134127
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit 6c9d2591c668732eb05cf17d27c9102ef3d40b39)
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/esx/esx_driver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
+index 9f965811b1..02f30c2b19 100644
+--- a/src/esx/esx_driver.c
++++ b/src/esx/esx_driver.c
+@@ -2567,9 +2567,9 @@ esxDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
+                       domain->conn->uri->server, domain->conn->uri->port);
+     virBufferURIEncodeString(&buffer, directoryAndFileName);
+     virBufferAddLit(&buffer, "?dcPath=");
+-    virBufferURIEncodeString(&buffer, priv->primary->datacenterPath);
++    esxUtil_EscapeInventoryObject(&buffer, priv->primary->datacenterPath);
+     virBufferAddLit(&buffer, "&dsName=");
+-    virBufferURIEncodeString(&buffer, datastoreName);
++    esxUtil_EscapeInventoryObject(&buffer, datastoreName);
+ 
+     url = virBufferContentAndReset(&buffer);
+ 
+@@ -3002,9 +3002,9 @@ esxDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags)
+ 
+     virBufferURIEncodeString(&buffer, escapedName);
+     virBufferAddLit(&buffer, ".vmx?dcPath=");
+-    virBufferURIEncodeString(&buffer, priv->primary->datacenterPath);
++    esxUtil_EscapeInventoryObject(&buffer, priv->primary->datacenterPath);
+     virBufferAddLit(&buffer, "&dsName=");
+-    virBufferURIEncodeString(&buffer, datastoreName);
++    esxUtil_EscapeInventoryObject(&buffer, datastoreName);
+ 
+     url = virBufferContentAndReset(&buffer);
+ 
+-- 
+2.52.0

libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch

@@ -0,0 +1,76 @@
+From 3a1f8bb838db0f412205e2918fc2eb4213f323ad Mon Sep 17 00:00:00 2001
+Message-ID: <3a1f8bb838db0f412205e2918fc2eb4213f323ad.1768317034.git.jdenemar@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Wed, 7 Jan 2026 10:34:25 +0100
+Subject: [PATCH] esx_util: Introduce esxUtil_EscapeInventoryObject()
+
+The aim of this helper function is to URI-encode given string
+twice. There's a bug (fixed in next commit) in which we're unable
+to fetch .vmx file for a domain if corresponding datastore
+contains some special characters (like +). Cole Robinson
+discovered that encoding datastore twice enables libvirt to work
+around the issue [2]. Well, this function does exactly that.
+It was tested with the following inputs and all worked
+flawlessly: "datastore", "datastore2", "datastore2+",
+"datastore3+-@", "data store2+".
+
+1: https://issues.redhat.com/browse/RHEL-134127
+2: https://issues.redhat.com/browse/RHEL-133729#comment-28604072
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+(cherry picked from commit ffe74c7c551bd641cbcaa2512ed0ad4a25d3980b)
+Resolves: https://issues.redhat.com/browse/RHEL-134127
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/esx/esx_util.c | 18 ++++++++++++++++++
+ src/esx/esx_util.h |  3 +++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c
+index 7ee0e5f7c0..9b714d90ba 100644
+--- a/src/esx/esx_util.c
++++ b/src/esx/esx_util.c
+@@ -448,3 +448,21 @@ esxUtil_EscapeForXml(const char *string)
+ 
+     return virBufferContentAndReset(&buffer);
+ }
++
++
++/* esxUtil_EscapeInventoryObject:
++ * @buf: the buffer to append to
++ * @string: the string argument which will be URI-encoded
++ *
++ * URI-encode given @string TWICE and append the result to the @buf. This is
++ * to be used with inventory objects (like 'dcPath' and 'dsName') to work
++ * around a VMware bug in which once round of URI-encoding is not enough.
++ */
++void
++esxUtil_EscapeInventoryObject(virBuffer *buf, const char *string)
++{
++    g_autoptr(GString) escaped = g_string_new(NULL);
++
++    g_string_append_uri_escaped(escaped, string, NULL, false);
++    virBufferURIEncodeString(buf, escaped->str);
++}
+diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h
+index 58bc44e744..29f01e0c15 100644
+--- a/src/esx/esx_util.h
++++ b/src/esx/esx_util.h
+@@ -22,6 +22,7 @@
+ #pragma once
+ 
+ #include "internal.h"
++#include "virbuffer.h"
+ #include "viruri.h"
+ 
+ #define ESX_VI_CHECK_ARG_LIST(val) \
+@@ -67,3 +68,5 @@ void esxUtil_ReplaceSpecialWindowsPathChars(char *string);
+ char *esxUtil_EscapeDatastoreItem(const char *string);
+ 
+ char *esxUtil_EscapeForXml(const char *string);
++
++void esxUtil_EscapeInventoryObject(virBuffer *buf, const char *string);
+-- 
+2.52.0

libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_STIMER-dependency-on-VIR_DOMAIN_HYPERV_VPINDEX.patch

@@ -0,0 +1,69 @@
+From ba255cecade6c9f690997b53bfe517eef341695a Mon Sep 17 00:00:00 2001
+Message-ID: <ba255cecade6c9f690997b53bfe517eef341695a.1768317034.git.jdenemar@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Jan 2026 14:37:23 +0100
+Subject: [PATCH] qemu_validate: Drop VIR_DOMAIN_HYPERV_STIMER dependency on
+ VIR_DOMAIN_HYPERV_VPINDEX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The original commit (v11.9.0-rc1~84) added a dependency checking
+of VIR_DOMAIN_HYPERV_STIMER on VIR_DOMAIN_HYPERV_VPINDEX
+(meaning, if stimer is on then vpindex must also be on). It
+justified this by citing QEMU documentation:
+
+Per QEMU documentation (docs/system/i386/hyperv.rst):
+
+``hv-stimer``
+  Enables Hyper-V synthetic timers. <snip/>
+
+  Requires: ``hv-vpindex``, ``hv-synic``, ``hv-time``
+
+While the documentation is almost correct (see previous commit
+when it's incorrect), the code express no dependency on vpindex
+(kvm_hyperv_properties[] array from target/i386/kvm/kvm.c):
+
+    [HYPERV_FEAT_STIMER] = {
+        .desc = "synthetic timers (hv-stimer)",
+        .flags = {
+            {.func = HV_CPUID_FEATURES, .reg = R_EAX,
+             .bits = HV_SYNTIMERS_AVAILABLE}
+        },
+        .dependencies = BIT(HYPERV_FEAT_SYNIC) | BIT(HYPERV_FEAT_TIME)
+    },
+
+If transitivity is taken into account then the documentation is
+of course correct (minus that one aforementioned special case).
+Well, there's no need for us to implement transitional checks.
+VIR_DOMAIN_HYPERV_STIMER requires VIR_DOMAIN_HYPERV_SYNIC and
+whether that requires VIR_DOMAIN_HYPERV_VPINDEX is another
+question.
+
+Just drop the transitive check.
+
+Resolves: https://gitlab.com/libvirt/libvirt/-/issues/837
+Resolves: https://issues.redhat.com/browse/RHEL-138689
+Fixes: da261327ea94300d1aa2d3b76ba9dcd4de6160f6
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 6df374fefc94f5e729870dfe1ff65b62ee986fce)
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_validate.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
+index 3e27c11da3..66c59c3696 100644
+--- a/src/qemu/qemu_validate.c
++++ b/src/qemu/qemu_validate.c
+@@ -122,7 +122,6 @@ qemuValidateDomainDefHypervFeatures(const virDomainDef *def)
+         }
+     }
+ 
+-    CHECK_HV_FEAT(VIR_DOMAIN_HYPERV_STIMER, VIR_DOMAIN_HYPERV_VPINDEX);
+     CHECK_HV_FEAT(VIR_DOMAIN_HYPERV_STIMER, VIR_DOMAIN_HYPERV_SYNIC);
+ 
+     CHECK_HV_FEAT(VIR_DOMAIN_HYPERV_TLBFLUSH, VIR_DOMAIN_HYPERV_VPINDEX);
+-- 
+2.52.0

libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_SYNIC-dependency-on-VIR_DOMAIN_HYPERV_VPINDEX.patch

@@ -0,0 +1,47 @@
+From e9a4c12db5da26084d8ec03b9249a53f980b3ad3 Mon Sep 17 00:00:00 2001
+Message-ID: <e9a4c12db5da26084d8ec03b9249a53f980b3ad3.1768317034.git.jdenemar@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Jan 2026 12:03:56 +0100
+Subject: [PATCH] qemu_validate: Drop VIR_DOMAIN_HYPERV_SYNIC dependency on
+ VIR_DOMAIN_HYPERV_VPINDEX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Turns out, that synic hyperv enlightenment not always requires
+vpindex. Some (older) machine types (e.g. pc-i440fx-3.0,
+pc-q35-3.0, pc-i440fx-rhel7.6.0) can run with synic enabled and vpindex
+disabled. This is because they did enable 'x-hv-synic-kvm-only'
+CPU property, but starting from QEMU commit v3.1.0-rc0~44^2~9 the
+property is disabled by default.
+
+To avoid parsing machine type version, let's just drop this
+dependency validation and rely on QEMU to report sensible error
+message.
+
+Resolves: https://gitlab.com/libvirt/libvirt/-/issues/837
+Resolves: https://issues.redhat.com/browse/RHEL-138689
+Fixes: 1822d030c32d9857020ee8385b0a8808a29a472f
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 8e9a9f86b046c5bc917875f4b3854f13c4b33b55)
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_validate.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
+index da08fd17cd..3e27c11da3 100644
+--- a/src/qemu/qemu_validate.c
++++ b/src/qemu/qemu_validate.c
+@@ -112,8 +112,6 @@ qemuValidateDomainDefHypervFeatures(const virDomainDef *def)
+         return -1;
+     }
+ 
+-    CHECK_HV_FEAT(VIR_DOMAIN_HYPERV_SYNIC, VIR_DOMAIN_HYPERV_VPINDEX);
+-
+     if (def->hyperv.features[VIR_DOMAIN_HYPERV_STIMER] == VIR_TRISTATE_SWITCH_ON) {
+         if (!virDomainDefHasTimer(def, VIR_DOMAIN_TIMER_NAME_HYPERVCLOCK)) {
+             virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+-- 
+2.52.0

libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch

@@ -0,0 +1,50 @@
+From 4540f9271990c01649029ab2c9fd6414109e6583 Mon Sep 17 00:00:00 2001
+Message-ID: <4540f9271990c01649029ab2c9fd6414109e6583.1768317034.git.jdenemar@redhat.com>
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Thu, 11 Dec 2025 09:39:03 +0100
+Subject: [PATCH] util: json: Increase JSON nesting limit when parsing to 300
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The default in json-c is 32 which is too low to accomodate the 200
+snapshot layers we supported historically in the qemu driver (200 is
+picked based on the 256 layer limit in libxml).
+
+The response to 'query-block' is otherwise too low and we fail to start
+the VM when there's around 26 images in a backing chain.
+
+'json_tokener_new_ex' is supported since json-c 0.11 and we require at
+least 0.14.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit b49d41b7e9eb983fdfbf70c91c2a27a995af3987)
+https://issues.redhat.com/browse/RHEL-135128
+---
+ src/util/virjson.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/util/virjson.c b/src/util/virjson.c
+index a799707c16..454bd657be 100644
+--- a/src/util/virjson.c
++++ b/src/util/virjson.c
+@@ -1466,7 +1466,15 @@ virJSONValueFromString(const char *jsonstring)
+ 
+     VIR_DEBUG("string=%s", jsonstring);
+ 
+-    tok = json_tokener_new();
++    /* When creating the tokener we need to specify the limit of the nesting
++     * depth of JSON objects. The default in json-c is 32. Since we need to
++     * support at least 200 layers of snapshots (the limit is based on a
++     * conservative take on the 256 layer nesting limit for XML in libxml), for
++     * which we have internal checks, we also need to set the JSON limit to
++     * be able to parse qemu responses for such a deeply nested snapshot list.
++     * '300' is picked a sa conservative buffer on top of the 200 layers plus
++     * some of the extra wrappers that qemu adds*/
++    tok = json_tokener_new_ex(300);
+     if (!tok) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("failed to create JSON tokener"));
+-- 
+2.52.0

libvirt-virjsontest-Add-test-for-nesting-depth.patch

@@ -0,0 +1,45 @@
+From ee409902d270d19ae1c7a1fc3e0af67320bdb26b Mon Sep 17 00:00:00 2001
+Message-ID: <ee409902d270d19ae1c7a1fc3e0af67320bdb26b.1768317034.git.jdenemar@redhat.com>
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Mon, 5 Jan 2026 15:00:18 +0100
+Subject: [PATCH] virjsontest: Add test for nesting depth
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add an example of 250 layer deep nested JSON to make sure the parser
+supports it. This is in order to maintain compatibility with external
+snapshots in qemu, where such a deeply nested document is returned with
+a 'query-block' QMP call.
+
+I've used a fake JSON as a real reply from qemu is around 1.4MiB for a
+200 deep image chain.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 16804acf14616d7357ad6a336f2ffd6d255a8d63)
+https://issues.redhat.com/browse/RHEL-135128
+---
+ tests/virjsondata/parse-nesting-in.json  | 1 +
+ tests/virjsondata/parse-nesting-out.json | 1 +
+ 2 files changed, 2 insertions(+)
+ create mode 100644 tests/virjsondata/parse-nesting-in.json
+ create mode 120000 tests/virjsondata/parse-nesting-out.json
+
+diff --git a/tests/virjsondata/parse-nesting-in.json b/tests/virjsondata/parse-nesting-in.json
+new file mode 100644
+index 0000000000..8bbe1a3439
+--- /dev/null
++++ b/tests/virjsondata/parse-nesting-in.json
+@@ -0,0 +1 @@
++{"n249": {"n248": {"n247": {"n246": {"n245": {"n244": {"n243": {"n242": {"n241": {"n240": {"n239": {"n238": {"n237": {"n236": {"n235": {"n234": {"n233": {"n232": {"n231": {"n230": {"n229": {"n228": {"n227": {"n226": {"n225": {"n224": {"n223": {"n222": {"n221": {"n220": {"n219": {"n218": {"n217": {"n216": {"n215": {"n214": {"n213": {"n212": {"n211": {"n210": {"n209": {"n208": {"n207": {"n206": {"n205": {"n204": {"n203": {"n202": {"n201": {"n200": {"n199": {"n198": {"n197": {"n196": {"n195": {"n194": {"n193": {"n192": {"n191": {"n190": {"n189": {"n188": {"n187": {"n186": {"n185": {"n184": {"n183": {"n182": {"n181": {"n180": {"n179": {"n178": {"n177": {"n176": {"n175": {"n174": {"n173": {"n172": {"n171": {"n170": {"n169": {"n168": {"n167": {"n166": {"n165": {"n164": {"n163": {"n162": {"n161": {"n160": {"n159": {"n158": {"n157": {"n156": {"n155": {"n154": {"n153": {"n152": {"n151": {"n150": {"n149": {"n148": {"n147": {"n146": {"n145": {"n144": {"n143": {"n142": {"n141": {"n140": {"n139": {"n138": {"n137": {"n136": {"n135": {"n134": {"n133": {"n132": {"n131": {"n130": {"n129": {"n128": {"n127": {"n126": {"n125": {"n124": {"n123": {"n122": {"n121": {"n120": {"n119": {"n118": {"n117": {"n116": {"n115": {"n114": {"n113": {"n112": {"n111": {"n110": {"n109": {"n108": {"n107": {"n106": {"n105": {"n104": {"n103": {"n102": {"n101": {"n100": {"n99": {"n98": {"n97": {"n96": {"n95": {"n94": {"n93": {"n92": {"n91": {"n90": {"n89": {"n88": {"n87": {"n86": {"n85": {"n84": {"n83": {"n82": {"n81": {"n80": {"n79": {"n78": {"n77": {"n76": {"n75": {"n74": {"n73": {"n72": {"n71": {"n70": {"n69": {"n68": {"n67": {"n66": {"n65": {"n64": {"n63": {"n62": {"n61": {"n60": {"n59": {"n58": {"n57": {"n56": {"n55": {"n54": {"n53": {"n52": {"n51": {"n50": {"n49": {"n48": {"n47": {"n46": {"n45": {"n44": {"n43": {"n42": {"n41": {"n40": {"n39": {"n38": {"n37": {"n36": {"n35": {"n34": {"n33": {"n32": {"n31": {"n30": {"n29": {"n28": {"n27": {"n26": {"n25": {"n24": {"n23": {"n22": {"n21": {"n20": {"n19": {"n18": {"n17": {"n16": {"n15": {"n14": {"n13": {"n12": {"n11": {"n10": {"n9": {"n8": {"n7": {"n6": {"n5": {"n4": {"n3": {"n2": {"n1": {"n0": "end"}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+diff --git a/tests/virjsondata/parse-nesting-out.json b/tests/virjsondata/parse-nesting-out.json
+new file mode 120000
+index 0000000000..d269172843
+--- /dev/null
++++ b/tests/virjsondata/parse-nesting-out.json
+@@ -0,0 +1 @@
++parse-nesting-in.json
+\ No newline at end of file
+-- 
+2.52.0

libvirt.spec

@@ -294,7 +294,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 11.10.0
-Release: 2%{?dist}%{?extra_release}
+Release: 3%{?dist}%{?extra_release}
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/
 
@@ -307,6 +307,12 @@ Patch2: libvirt-tests-Test-virFileIsSharedFSOverride.patch
 Patch3: libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch
 Patch4: libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch
 Patch5: libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch
+Patch6: libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch
+Patch7: libvirt-virjsontest-Add-test-for-nesting-depth.patch
+Patch8: libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_SYNIC-dependency-on-VIR_DOMAIN_HYPERV_VPINDEX.patch
+Patch9: libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_STIMER-dependency-on-VIR_DOMAIN_HYPERV_VPINDEX.patch
+Patch10: libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch
+Patch11: libvirt-esx-URI-encode-inventory-objects-twice.patch
 
 
 Requires: libvirt-daemon = %{version}-%{release}
@@ -2698,6 +2704,14 @@ exit 0
 %endif
 
 %changelog
+* Tue Jan 13 2026 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-3
+- util: json: Increase JSON nesting limit when parsing to 300 (RHEL-135128)
+- virjsontest: Add test for nesting depth (RHEL-135128)
+- qemu_validate: Drop VIR_DOMAIN_HYPERV_SYNIC dependency on VIR_DOMAIN_HYPERV_VPINDEX (RHEL-138689)
+- qemu_validate: Drop VIR_DOMAIN_HYPERV_STIMER dependency on VIR_DOMAIN_HYPERV_VPINDEX (RHEL-138689)
+- esx_util: Introduce esxUtil_EscapeInventoryObject() (RHEL-134127)
+- esx: URI encode inventory objects twice (RHEL-134127)
+
 * Thu Dec 18 2025 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-2
 - qemu: tpm: Account for possible migration without actually sharing storage (RHEL-108915)
 - tests: Test virFileIsSharedFSOverride (RHEL-135287)