diff --git a/0001-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch b/0001-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch
deleted file mode 100644
index 8b99fcc..0000000
--- a/0001-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 08:47:42 +0200
-Subject: [PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virDomainSaveImageGetXMLDesc API is taking a path parameter,
-which can point to any path on the system. This file will then be
-read and parsed by libvirtd running with root privileges.
-
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10161
-Reported-by: Matthias Gerstner <mgerstner@suse.de>
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
----
- src/libvirt-domain.c         | 11 ++---------
- src/qemu/qemu_driver.c       |  2 +-
- src/remote/remote_protocol.x |  3 +--
- 3 files changed, 4 insertions(+), 12 deletions(-)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index df7e405b3e..1cc8537c04 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
-  * previously by virDomainSave() or virDomainSaveFlags().
-  *
-  * No security-sensitive data will be included unless @flags contains
-- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
-- * connections.
-+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
-  *
-  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
-  * error.  The caller must free() the returned value.
-@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
- 
-     virCheckConnectReturn(conn, NULL);
-     virCheckNonNullArgGoto(file, error);
--
--    if ((conn->flags & VIR_CONNECT_RO) &&
--        (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
--        virReportError(VIR_ERR_OPERATION_DENIED, "%s",
--                       _("virDomainSaveImageGetXMLDesc with secure flag"));
--        goto error;
--    }
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->domainSaveImageGetXMLDesc) {
-         char *ret;
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 42b1ce2521..ea9a3d33a3 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -7038,7 +7038,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
-     if (fd < 0)
-         goto cleanup;
- 
--    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
-+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
-         goto cleanup;
- 
-     ret = qemuDomainDefFormatXML(driver, def, flags);
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index 11f44ee267..737d67c47b 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -5242,8 +5242,7 @@ enum remote_procedure {
-     /**
-      * @generate: both
-      * @priority: high
--     * @acl: domain:read
--     * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
- 
diff --git a/0002-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch b/0002-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch
deleted file mode 100644
index b952bdd..0000000
--- a/0002-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:14:53 +0200
-Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virDomainManagedSaveDefineXML can be used to alter the domain's
-config used for managedsave or even execute arbitrary emulator binaries.
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10166
-Reported-by: Matthias Gerstner <mgerstner@suse.de>
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
----
- src/libvirt-domain.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index 1cc8537c04..f77fc23a3f 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -9563,6 +9563,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
- 
-     virCheckDomainReturn(domain, -1);
-     conn = domain->conn;
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->domainManagedSaveDefineXML) {
-         int ret;
diff --git a/0003-api-disallow-virConnectGetDomainCapabilities-on-read.patch b/0003-api-disallow-virConnectGetDomainCapabilities-on-read.patch
deleted file mode 100644
index be27e22..0000000
--- a/0003-api-disallow-virConnectGetDomainCapabilities-on-read.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:16:14 +0200
-Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This API can be used to execute arbitrary emulators.
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10167
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
----
- src/libvirt-domain.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index f77fc23a3f..c500d6be36 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
-     virResetLastError();
- 
-     virCheckConnectReturn(conn, NULL);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectGetDomainCapabilities) {
-         char *ret;
diff --git a/0004-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch b/0004-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch
deleted file mode 100644
index fb4da99..0000000
--- a/0004-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:17:39 +0200
-Subject: [PATCH] api: disallow virConnect*HypervisorCPU on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-These APIs can be used to execute arbitrary emulators.
-Forbid them on read-only connections.
-
-Fixes: CVE-2019-10168
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
----
- src/libvirt-host.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libvirt-host.c b/src/libvirt-host.c
-index e20d6ee250..2978825d22 100644
---- a/src/libvirt-host.c
-+++ b/src/libvirt-host.c
-@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
- 
-     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
-     virCheckNonNullArgGoto(xmlCPU, error);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectCompareHypervisorCPU) {
-         int ret;
-@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
- 
-     virCheckConnectReturn(conn, NULL);
-     virCheckNonNullArgGoto(xmlCPUs, error);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectBaselineHypervisorCPU) {
-         char *cpu;
diff --git a/libvirt.spec b/libvirt.spec
index b934aba..70ace80 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -4,7 +4,7 @@
 # that's still supported by the vendor. It may work on other distros
 # or versions, but no effort will be made to ensure that going forward.
 %define min_rhel 7
-%define min_fedora 28
+%define min_fedora 29
 
 %if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
     %define supported_platform 1
@@ -215,8 +215,8 @@
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 5.4.0
-Release: 2%{?dist}
+Version: 5.5.0
+Release: 1%{?dist}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -225,20 +225,6 @@ URL: https://libvirt.org/
 %endif
 Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
 
-# CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
-# API (bz #1722463, bz #1720115)
-Patch0001: 0001-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch
-# CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly
-# clients (bz #1722462, bz #1720114)
-Patch0002: 0002-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch
-# CVE-2019-10167: arbitrary command execution via
-# virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
-Patch0003: 0003-api-disallow-virConnectGetDomainCapabilities-on-read.patch
-# CVE-2019-10168: arbitrary command execution via
-# virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz
-# #1722466, bz #1720118)
-Patch0004: 0004-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch
-
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
 Requires: libvirt-daemon-config-nwfilter = %{version}-%{release}
@@ -311,7 +297,6 @@ BuildRequires: sanlock-devel >= 2.4
 %endif
 BuildRequires: libpcap-devel
 BuildRequires: libnl3-devel
-BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 BuildRequires: dnsmasq >= 2.41
 BuildRequires: iptables
@@ -450,7 +435,6 @@ Requires: iproute
 Requires: iproute-tc
 %endif
 
-Requires: avahi-libs
 Requires: polkit >= 0.112
 %ifarch %{ix86} x86_64 ia64
 # For virConnectGetSysinfo
@@ -1177,7 +1161,6 @@ rm -f po/stamp-po
            %{?arg_vbox} \
            %{?arg_libxl} \
            --with-sasl \
-           --with-avahi \
            --with-polkit \
            --with-libvirtd \
            %{?arg_phyp} \
@@ -1582,8 +1565,6 @@ exit 0
 %{_mandir}/man8/virtlockd.8*
 %{_mandir}/man7/virkey*.7*
 
-%doc examples/polkit/*.rules
-
 %files daemon-config-network
 %dir %{_datadir}/libvirt/networks/
 %{_datadir}/libvirt/networks/default.xml
@@ -1804,6 +1785,7 @@ exit 0
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/network.rng
 %{_datadir}/libvirt/schemas/networkcommon.rng
+%{_datadir}/libvirt/schemas/networkport.rng
 %{_datadir}/libvirt/schemas/nodedev.rng
 %{_datadir}/libvirt/schemas/nwfilter.rng
 %{_datadir}/libvirt/schemas/nwfilter_params.rng
@@ -1879,11 +1861,12 @@ exit 0
 %{_datadir}/libvirt/api/libvirt-admin-api.xml
 %{_datadir}/libvirt/api/libvirt-qemu-api.xml
 %{_datadir}/libvirt/api/libvirt-lxc-api.xml
-# Needed building python bindings
-%doc docs/libvirt-api.xml
 
 
 %changelog
+* Wed Jul 03 2019 Cole Robinson <crobinso@redhat.com> - 5.5.0-1
+- Rebased to version 5.5.0
+
 * Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 5.4.0-2
 - CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
   API (bz #1722463, bz #1720115)
diff --git a/sources b/sources
index c4025da..82e0dd6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libvirt-5.4.0.tar.xz) = 03fa932d041d147cab79eab200bb33f8db72579be72ec7cbff3305f4a8d574835a80f1b99936eddf67f83d21cc5567f45c86e555209de6cd702f43f91197cfd0
+SHA512 (libvirt-5.5.0.tar.xz) = 47923aaca605fb43a53238ac535abc1f88f73435336b8f3e88cb01df277ed205d99c586991e523aa32b50c832a0a7c949ab5f84dc78eb8d18a4951cfc791448d