qemu-linux-user-8.2.6-150600.3.9.1

- Fix bsc#1229007, CVE-2024-7409:
  * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007)
  * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007)
  * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007)
  * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)
  * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)

- Update to version 8.2.6:
  Full backport lists (from the various releases) here:
  https://lore.kernel.org/qemu-devel/1721203806.547734.831464.nullmailer@tls.msk.ru/
  Some of the upstream backports are:
  hw/nvme: fix number of PIDs for FDP RUH update
  sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments
  char-stdio: Restore blocking mode of stdout on exit
  virtio: remove virtio_tswap16s() call in vring_packed_event_read()
  virtio-pci: Fix the failure process in kvm_virtio_pci_vector_use_one()
  block: Parse filenames only when explicitly requested
  iotests/270: Don't store data-file with json: prefix in image
  iotests/244: Don't store data-file with protocol in image
  qcow2: Don't open data_file with BDRV_O_NO_IO (bsc#1227322, CVE-2024-4467)
  target/arm: Fix FJCVTZS vs flush-to-zero
  target/arm: Fix VCMLA Dd, Dn, Dm[idx]
  i386/cpu: fixup number of addressable IDs for processor cores in the physical package
  tests: Update our CI to use CentOS Stream 9 instead of 8
  migration: Fix file migration with fdset
  tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers
  target/sparc: use signed denominator in sdiv helper
  linux-user: Make TARGET_NR_setgroups affect only the current thread
  accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded
  stdvga: fix screen blanking
  hw/audio/virtio-snd: Always use little endian audio format
  ui/gtk: Draw guest frame at refresh cycle
  virtio-net: drop too short packets early
  target/i386: fix size of EBP writeback in gen_enter()

- Update to version 8.2.5:
  Full backport lists (from the various releases) here:
  https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer@tls.msk.ru/
  Some of the upstream backports are:
  target/loongarch: fix a wrong print in cpu dump
  ui/sdl2: Allow host to power down screen
  target/i386: fix SSE and SSE2 feature check
  target/i386: fix xsave.flat from kvm-unit-tests
  disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
  target/riscv/kvm.c: Fix the hart bit setting of AIA
  target/riscv: rvzicbo: Fixup CBO extension register calculation
  target/riscv: do not set mtval2 for non guest-page faults
  target/riscv: prioritize pmp errors in raise_mmu_exception()
  target/riscv: rvv: Remove redudant SEW checking for vector fp narrow/widen instructions
  target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
  target/riscv: rvv: Check single width operator for vector fp widen instructions
  target/riscv: rvv: Fix Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions
  target/riscv/cpu.c: fix Zvkb extension config
  target/riscv: Fix the element agnostic function problem
  target/riscv/kvm: tolerate KVM disable ext errors
  hw/intc/riscv_aplic: APLICs should add child earlier than realize
  iotests: test NBD+TLS+iothread
  qio: Inherit follow_coroutine_ctx across TLS
  target/arm: Disable SVE extensions when SVE is disabled
  hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n>
  hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
  gitlab: use 'setarch -R' to workaround tsan bug
  gitlab: use $MAKE instead of 'make'
  dockerfiles: add 'MAKE' env variable to remaining containers
  gitlab: Update msys2-64bit runner tags
  target/i386: no single-step exception after MOV or POP SS
  ...

- Update to version 8.2.4. Full changelog/backports here:
  https://lore.kernel.org/qemu-devel/1715632914.382233.1013785.nullmailer@tls.msk.ru/
  Some of the upstream backports are:
  target/sh4: Fix SUBV opcode
  target/sh4: Fix ADDV opcode
  hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
  hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
  hw/ufs: Fix buffer overflow bug
  tests/avocado: update sunxi kernel from armbian to 6.6.16
  target/loongarch/cpu.c: typo fix: expection
  backends/cryptodev-builtin: Fix local_error leaks
  nbd/server: Mark negotiation functions as coroutine_fn
  nbd/server: do not poll within a coroutine context
  linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
  target/riscv/kvm: change timer regs size to u64
  target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
  target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
  ...

- Fixes:
  * [openSUSE][RPM] Prioritize PA over PipeWire in SLE (bsc#1222218)
  * [openSUSE][RPM] Hostname normalization (for repr. build ) done properly (boo#1084909)

- Fix a build issue on riscv:
  * target/riscv/kvm: rename riscv_reg_id() to riscv_reg_id_ulong()
  * target/riscv/kvm: add RISCV_CONFIG_REG()
  * target/riscv/kvm: change timer regs size to u64
  * target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
  * target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
- Update to version 8.2.3. Full changelog/backports here:
  https://lore.kernel.org/qemu-devel/1713980341.971368.1218343.nullmailer@tls.msk.ru/
  Some of the upstream backports are:
  * Update version for 8.2.3 release
  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
  * hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus
  * hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately
  * virtio-pci: fix use of a released vector
  * linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}
  * hw/audio/virtio-snd: Remove unused assignment
  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
  * hw/net/lan9118: Fix overflow in MIL TX FIFO
  * hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
  * backends/cryptodev: Do not abort for invalid session ID
  * hw/misc/applesmc: Fix memory leak in reset() handler
  * hw/block/nand: Fix out-of-bound access in NAND block buffer
  * hw/block/nand: Have blk_load() take unsigned offset and return boolean
  * hw/block/nand: Factor nand_load_iolen() method out
  * qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
  * mirror: Don't call job_pause_point() under graph lock (bsc#1224179)
  * ...and many more...

- Backports and bugfixes:
  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)
  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)
  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)

- Update to version 8.2.2. Full changelog here:
  https://lore.kernel.org/qemu-devel/1709577077.783602.1474596.nullmailer@tls.msk.ru/
  Some upstream backports:
  * chardev/char-socket: Fix TLS io channels sending too much data to the backend
  * tests/unit/test-util-sockets: Remove temporary file after test
  * hw/usb/bus.c: PCAP adding 0xA in Windows version
  * hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices"
  * gitlab: force allow use of pip in Cirrus jobs
  * tests/vm: avoid re-building the VM images all the time
  * tests/vm: update openbsd image to 7.4
  * target/i386: leave the A20 bit set in the final NPT walk
  * target/i386: remove unnecessary/wrong application of the A20 mask
  * target/i386: Fix physical address truncation
  * target/i386: check validity of VMCB addresses
  * target/i386: mask high bits of CR3 in 32-bit mode
  * pl031: Update last RTCLR value on write in case it's read back
  * hw/nvme: fix invalid endian conversion
  * update edk2 binaries to edk2-stable202402
  * update edk2 submodule to edk2-stable202402
  * target/ppc: Fix crash on machine check caused by ifetch
  * target/ppc: Fix lxv/stxv MSR facility check
  * .gitlab-ci.d/windows.yml: Drop msys2-32bit job
  * system/vl: Update description for input grab key
  * docs/system: Update description for input grab key
  * hw/hppa/Kconfig: Fix building with "configure --without-default-devices"
  * tests/qtest: Depend on dbus_display1_dep
  * meson: Explicitly specify dbus-display1.h dependency
  * audio: Depend on dbus_display1_dep
  * ui/console: Fix console resize with placeholder surface
  * ui/clipboard: add asserts for update and request
  * ui/clipboard: mark type as not available when there is no data
  * ui: reject extended clipboard message if not activated
  * target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix
  * i386/cpuid: Move leaf 7 to correct group
  * i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
  * i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs
  * i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not available
  * .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
  * iotests: Make 144 deterministic again
  * target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
  * target/arm: Fix SVE/SME gross MTE suppression checks
  * target/arm: Handle mte in do_ldrq, do_ldro
- Address bsc#1220310. Backported upstream commits:
  * ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS
  * ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.

- Fix bsc#1220799. Amended commit:
  * [openSUSE]: Increase default phys bits to 42, if host supports that
    (bsc#1205978, bsc#1219977, bsc#1220799)

- Backports and bugfixes:
  * [openSUSE]: Increase default phys bits to 42, if host supports that
    (bsc#1205978, bsc#1219977)
  * vfio/pci: Clear MSI-X IRQ index always (bsc#1220275)

- Just "prettify" the spec files a little:
  * [openSUSE][RPM] Cosmetic fixes to spec files (copyright, sorting, etc)

- Patchqueue shrinking and  bugfixing (actually, more of a temporary
  workaround, until a proper solution is found upstream):
  * [openSUSE] roms/seabios: revert some upstream commits that
    break a lot of use-cases
  * [openSUSE] roms/seabios: Drop an old (and no longer necessary)
    downstream patch (bsc#1219977)

Update to latest stable version (8.2.1)
- Downstream changes:
  * [openSUSE][RPM]: Install the VGA module "more often" (bsc#1219164)
  * [openSUSE][RPM] Fix handling of qemu-kvm legacy package for RISCV
  * [openSUSE][RPM] factor common definitions between qemu and qemu-linux-user spec files
- Upstream backports:
  * target/arm: Fix incorrect aa64_tidcp1 feature check
  * target/arm: Fix A64 scalar SQSHRN and SQRSHRN
  * target/xtensa: fix OOB TLB entry access
  * qtest: bump aspeed_smc-test timeout to 6 minutes
  * monitor: only run coroutine commands in qemu_aio_context
  * iotests: port 141 to Python for reliable QMP testing
  * iotests: add filter_qmp_generated_node_ids()
  * block/blklogwrites: Fix a bug when logging "write zeroes" operations.
  * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693)
  * tcg/arm: Fix SIGILL in tcg_out_qemu_st_direct
  * linux-user/riscv: Adjust vdso signal frame cfa offsets
  * linux-user: Fixed cpu restore with pc 0 on SIGBUS
  * block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status
  * coroutine-ucontext: Save fake stack for pooled coroutine
  * tcg/s390x: Fix encoding of VRIc, VRSa, VRSc insns
  * accel/tcg: Revert mapping of PCREL translation block to multiple virtual addresses
  * acpi/tests/avocado/bits: wait for 200 seconds for SHUTDOWN event from bits VM
  * s390x/pci: drive ISM reset from subsystem reset
  * s390x/pci: refresh fh before disabling aif
  * s390x/pci: avoid double enable/disable of aif
  * hw/scsi/esp-pci: set DMA_STAT_BCMBLT when BLAST command issued
  * hw/scsi/esp-pci: synchronise setting of DMA_STAT_DONE with ESP completion interrupt
  * hw/scsi/esp-pci: generate PCI interrupt from separate ESP and PCI sources
  * hw/scsi/esp-pci: use correct address register for PCI DMA transfers
  * migration/rdma: define htonll/ntohll only if not predefined
  * hw/pflash: implement update buffer for block writes
  * hw/pflash: use ldn_{be,le}_p and stn_{be,le}_p
  * hw/pflash: refactor pflash_data_write()
  * backends/cryptodev: Do not ignore throttle/backends Errors
  * target/i386: pcrel: store low bits of physical address in data[0]
  * target/i386: fix incorrect EIP in PC-relative translation blocks
  * target/i386: Do not re-compute new pc with CF_PCREL
  * load_elf: fix iterator's type for elf file processing
  * target/hppa: Update SeaBIOS-hppa to version 15
  * target/hppa: Fix IOR and ISR on error in probe
  * target/hppa: Fix IOR and ISR on unaligned access trap
  * target/hppa: Export function hppa_set_ior_and_isr()
  * target/hppa: Avoid accessing %gr0 when raising exception
  * hw/hppa: Move software power button address back into PDC
  * target/hppa: Fix PDC address translation on PA2.0 with PSW.W=0
  * hw/pci-host/astro: Add missing astro & elroy registers for NetBSD
  * hw/hppa/machine: Disable default devices with --nodefaults option
  * hw/hppa/machine: Allow up to 3840 MB total memory
  * readthodocs: fully specify a build environment
  * .gitlab-ci.d/buildtest.yml: Work around htags bug when environment is large
  * target/s390x: Fix LAE setting a wrong access register
  * tests/qtest/virtio-ccw: Fix device presence checking
  * tests/acpi: disallow tests/data/acpi/virt/SSDT.memhp changes
  * tests/acpi: update expected data files
  * edk2: update binaries to git snapshot
  * edk2: update build config, set PcdUninstallMemAttrProtocol = TRUE.
  * edk2: update to git snapshot
  * tests/acpi: allow tests/data/acpi/virt/SSDT.memhp changes
  * util: fix build with musl libc on ppc64le
  * tcg/ppc: Use new registers for LQ destination
  * hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers
  * hw/vfio: fix iteration over global VFIODevice list
  * vfio/container: Replace basename with g_path_get_basename
  * edu: fix DMA range upper bound check
  * hw/net: cadence_gem: Fix MDIO_OP_xxx values
  * audio/audio.c: remove trailing newline in error_setg
  * chardev/char.c: fix "abstract device type" error message
  * target/riscv: Fix mcycle/minstret increment behavior
  * hw/net/can/sja1000: fix bug for single acceptance filter and standard frame
  * target/i386: the sgx_epc_get_section stub is reachable
  * configure: use a native non-cross compiler for linux-user
  * include/ui/rect.h: fix qemu_rect_init() mis-assignment
  * target/riscv/kvm: do not use non-portable strerrorname_np()
  * iotests: Basic tests for internal snapshots
  * vl: Improve error message for conflicting -incoming and -loadvm
  * block: Fix crash when loading snapshot on inactive node
- Fixes:
  * bsc#1218484 (CVE-2023-6693)

- Try to solve the qemu-kvm dependency issues on all arches
  (see, e.g., bsc#1218684)
  * [openSUSE][RPM] Create the legacy qemu-kvm symlink for all arches

- Update the service file to use OBS-scm (by fvogt)
- Various fixes:
  * [openSUSE][RPM] Fix enabling features on non-x86_64 (bsc#1220011, bsc#1219818)
  * [openSUSE][RPM] Disable test-crypto-secret in linux-user build
  * [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722)
  * [openSUSE][RPM] spec: allow building without spice

- Fix a build issue of OVMF caused by
  https://gitlab.com/qemu-project/qemu/-/issues/2064:
  * target/i386: fix incorrect EIP in PC-relative translation blocks
  * target/i386: Do not re-compute new pc with CF_PCREL

- Update to latest upstream release, 8.2.0:
  The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2
  Highlights include:
  * New virtio-sound device emulation
  * New virtio-gpu rutabaga device emulation used by Android emulator
  * New hv-balloon for dynamic memory protocol device for Hyper-V guests
  * New Universal Flash Storage device emulation
  * Network Block Device (NBD) 64-bit offsets for improved performance
  * dump-guest-memory now supports the standard kdump format
  * ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device
  * ARM: CPU emulation support for cortex-a710 and neoverse-n2
  * ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC,
    FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0
  * HPPA: CPU emulation support for 64-bit PA-RISC 2.0
  * HPPA: machine emulation support for C3700, including Astro memory
    controller and four Elroy PCI bridges
  * LoongArch: ISA support for LASX extension and PRELDX instruction
  * LoongArch: CPU emulation support for la132
  * RISC-V: ISA/extension support for AIA virtualization support via KVM,
    and vector cryptographic instructions
  * RISC-V: Numerous extension/instruction cleanups, fixes, and reworks
  * s390x: support for vfio-ap passthrough of crypto adapter for
    protected
    virtualization guests
  * Tricore: support for TC37x CPU which implements ISA v1.6.2
  * Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions
  * x86: Zen support for PV console and network devices
- Patch added (from upstream stable tree):
  * include/ui/rect.h: fix qemu_rect_init() mis-assignment

- Some packaging and dependencies fixes:
  * [openSUSE] rpm: restrict canokey to openSUSE only
  * [openSUSE] rpm: fix virtiofsd dependency on 32 bit systems
  * [openSUSE] rpm: add support for canokeys (boo#1217520)

- Rearrange dependencies and subpackages and filter features for ALP
  * [openSUSE] rpm: disable Xen support in ALP-based distros
  * [openSUSE] rpm: some more refinements of inter-subpackage dependencies

- Fix boo#1084909 and create a new qemu-spice metapackage:
  * [openSUSE] rpm: normalize hostname, for reproducible builds (#44)
  * [openSUSE] rpm: new subpackage, for SPICE

- Align to upstream stable release. It includes many of the patches we had
  backported ourself, to fix bugs and issues, plus more. See here for details:
  * https://lore.kernel.org/qemu-devel/1700589639.257680.3420728.nullmailer@tls.msk.ru/
  * https://gitlab.com/qemu-project/qemu/-/commits/stable-8.1?ref_type=heads
  An (incomplete!) list of such backports is:
  * Update version for 8.1.3 release
  * hw/mips: LOONGSON3V depends on UNIMP device
  * target/arm: HVC at EL3 should go to EL3, not EL2
  * s390x/pci: only limit DMA aperture if vfio DMA limit reported
  * target/riscv/kvm: support KVM_GET_REG_LIST
  * target/riscv/kvm: improve 'init_multiext_cfg' error msg
  * tracetool: avoid invalid escape in Python string
  * tests/tcg/s390x: Test LAALG with negative cc_src
  * target/s390x: Fix LAALG not updating cc_src
  * tests/tcg/s390x: Test CLC with inaccessible second operand
  * target/s390x: Fix CLC corrupting cc_src
  * tests/qtest: ahci-test: add test exposing reset issue with pending callback
  * hw/ide: reset: cancel async DMA operation before resetting state
  * target/mips: Fix TX79 LQ/SQ opcodes
  * target/mips: Fix MSA BZ/BNZ opcodes displacement
  * ui/gtk-egl: apply scale factor when calculating window's dimension
  * ui/gtk: force realization of drawing area
  * ati-vga: Implement fallback for pixman routines
  * ...

- Backports and bugfixes:
  * [openSUSE] Make Sphinx build reproducible (boo#1102408)
  * target/s390x/arch_dump: Add arch cleanup function for PV dumps (bsc#1217227)
  * dump: Add arch cleanup function (bsc#1217227)
  * target/s390x/dump: Remove unneeded dump info function pointer init (bsc#1217227)

- Fix bsc#1216638:
  * target/s390x: Fix LAALG not updating cc_src
  * target/s390x: Fix CLC corrupting cc_src