qemu-7.1.0-150500.49.9.2

- Align to upstream stable release. It includes many of the patches we had
  backported ourself, to fix bugs and issues, plus more. See here for details:
  * https://lore.kernel.org/qemu-devel/1700589639.257680.3420728.nullmailer@tls.msk.ru/
  * https://gitlab.com/qemu-project/qemu/-/commits/stable-8.1?ref_type=heads
  An (incomplete!) list of such backports is:
  * Update version for 8.1.3 release
  * hw/mips: LOONGSON3V depends on UNIMP device
  * target/arm: HVC at EL3 should go to EL3, not EL2
  * s390x/pci: only limit DMA aperture if vfio DMA limit reported
  * target/riscv/kvm: support KVM_GET_REG_LIST
  * target/riscv/kvm: improve 'init_multiext_cfg' error msg
  * tracetool: avoid invalid escape in Python string
  * tests/tcg/s390x: Test LAALG with negative cc_src
  * target/s390x: Fix LAALG not updating cc_src
  * tests/tcg/s390x: Test CLC with inaccessible second operand
  * target/s390x: Fix CLC corrupting cc_src
  * tests/qtest: ahci-test: add test exposing reset issue with pending callback
  * hw/ide: reset: cancel async DMA operation before resetting state
  * target/mips: Fix TX79 LQ/SQ opcodes
  * target/mips: Fix MSA BZ/BNZ opcodes displacement
  * ui/gtk-egl: apply scale factor when calculating window's dimension
  * ui/gtk: force realization of drawing area
  * ati-vga: Implement fallback for pixman routines
  * ...

- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993,
  bsc#1181740, bsc#1213001
  * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301)
  * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
  * 9pfs: prevent opening special files (CVE-2023-2861)
  * hw/ide/piix: properly initialize the BMIBA register
  * ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
  * [openSUSE][OBS] Refine the OBS workflow for 15-SP5

- Fix bsc#1211000
- Patches added:
  * Run fstat asynchronously inside coroutines (bsc#1211000)
  * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000)
  * Convert query-named-block-nodes to coroutine (bsc#1211000)
  * Convert query-block/info_block to coroutine (bsc#1211000)
  * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000)
  * block-coroutine-wrapper.py: support also basic return types (bsc#1211000)
  * [openSUSE][RPM] Backport some spec-file improvements from Factory

- Fix bsc#bsc#1211697
  * Patches added:
  smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697)
  hw/smbios: fix field corruption in type 4 table (bsc#1211697)
  linux-user: fill out task state in /proc/self/stat
  test-vmstate: fix bad GTree usage, use-after-free
  qemu/osdep: Switch position of "extern" and "G_NORETURN"

- Switch the packaging workflow to git, like the one we have in place
  already for Factory.
  * Patches no longer present as patch files, but applied as commits:
  Disable-some-tests-that-have-problems-in.patch
  Make-char-muxer-more-robust-wrt-small-FI.patch
  Make-installed-scripts-explicitly-python.patch
  Makefile-fix-build-with-binutils-2.38.patch
  PPC-KVM-Disable-mmu-notifier-check.patch
  Raise-soft-address-space-limit-to-hard-l.patch
  Revert-linux-user-fix-compat-with-glibc-.patch
  Revert-roms-efirom-tests-uefi-test-tools.patch
  Revert-tests-qtest-enable-more-vhost-use.patch
  Update-linux-headers-to-v6.0-rc4.patch
  accel-abort-if-we-fail-to-load-the-accel.patch
  ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
  bios-tables-test-add-test-for-number-of-.patch
  bios-tables-test-teach-test-to-use-smbio.patch
  block-Handle-curl-7.55.0-7.85.0-version-.patch
  block-io_uring-revert-Use-io_uring_regis.patch
  configure-Add-Wno-gnu-variable-sized-typ.patch
  dmg-warn-when-opening-dmg-images-contain.patch
  dump-Add-architecture-section-and-sectio.patch
  dump-Refactor-dump_iterate-and-introduce.patch
  dump-Reintroduce-memory_offset-and-secti.patch
  dump-Rename-write_elf-_phdr_note-to-prep.patch
  dump-Rename-write_elf_loads-to-write_elf.patch
  dump-Reorder-struct-DumpState.patch
  dump-Replace-opaque-DumpState-pointer-wi.patch
  dump-Rework-dump_calculate_size-function.patch
  dump-Rework-filter-area-variables.patch
  dump-Rework-get_start_block.patch
  dump-Split-elf-header-functions-into-pre.patch
  dump-Use-a-buffer-for-ELF-section-data-a.patch
  dump-Write-ELF-section-headers-right-aft.patch
  hw-acpi-erst.c-Fix-memory-handling-issue.patch
  hw-display-qxl-Avoid-buffer-overrun-in-q.patch
  hw-display-qxl-Document-qxl_phys2virt.patch
  hw-display-qxl-Have-qxl_log_command-Retu.patch
  hw-display-qxl-Pass-requested-buffer-siz.patch
  hw-pvrdma-Protect-against-buggy-or-malic.patch
  hw-scsi-megasas-check-for-NULL-frame-in-.patch
  hw-smbios-add-core_count2-to-smbios-tabl.patch
  hw-smbios-handle-both-file-formats-regar.patch
  hw-smbios-support-for-type-8-port-connec.patch
  include-elf.h-add-s390x-note-types.patch
  increase-x86_64-physical-bits-to-42.patch
  linux-user-Fake-proc-cpuinfo.patch
  linux-user-lseek-explicitly-cast-non-set.patch
  linux-user-remove-conditionals-for-many-.patch
  linux-user-use-max-as-default-CPU-model-.patch
  linux-user-use-target_ulong.patch
  meson-install-ivshmem-client-and-ivshmem.patch
  meson-remove-pkgversion-from-CONFIG_STAM.patch
  module-add-Error-arguments-to-module_loa.patch
  module-removed-unused-function-argument-.patch
  module-rename-module_load_one-to-module_.patch
  net-tulip-Restrict-DMA-engine-to-memorie.patch
  openSUSE-Basetools-Ignore-spurious-GCC-1.patch
  openSUSE-Makefile-Fix-csum8-to-be-built-.patch
  openSUSE-Makefile-define-endianess-for-c.patch
  openSUSE-Makefile-fix-issues-of-build-re.patch
  openSUSE-add-cross.ini-file-to-handle-aa.patch
  openSUSE-build-Makefile-fix-issues-of-bu.patch
  openSUSE-build-Silence-GCC-12-spurious-w.patch
  openSUSE-build-be-explicit-about-mx86-us.patch
  openSUSE-build-enable-cross-compilation-.patch
  openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
  openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch
  openSUSE-switch-to-python3-as-needed.patch
  openSUSE-test-help-compiler-out-by-initi.patch
  qemu-binfmt-conf-Modify-default-path.patch
  qemu-bridge-helper-reduce-security-profi.patch
  roms-Makefile-add-cross-file-to-qboot-me.patch
  roms-Makefile-pass-a-packaging-timestamp.patch
  roms-change-cross-compiler-naming-to-be-.patch
  s390x-Add-KVM-PV-dump-interface.patch
  s390x-Add-protected-dump-cap.patch
  s390x-Introduce-PV-query-interface.patch
  s390x-pci-add-routine-to-get-host-functi.patch
  s390x-pci-don-t-fence-interpreted-device.patch
  s390x-pci-enable-adapter-event-notificat.patch
  s390x-pci-enable-for-load-store-interpre.patch
  s390x-pci-let-intercept-devices-have-sep.patch
  s390x-pci-reflect-proper-maxstbl-for-gro.patch
  s390x-pci-reset-ISM-passthrough-devices-.patch
  s390x-pci-shrink-DMA-aperture-to-be-boun.patch
  s390x-pv-Add-dump-support.patch
  s390x-tod-kvm-don-t-save-restore-the-TOD.patch
  scsi-generic-check-for-additional-SG_IO-.patch
  scsi-generic-replace-logical-block-count.patch
  tests-acpi-allow-changes-for-core_count2.patch
  tests-acpi-update-tables-for-new-core-co.patch
  tests-change-error-message-in-test-162.patch
  tests-qemu-iotests-Triple-timeout-of-i-o.patch
  ui-vnc-clipboard-fix-integer-underflow-i.patch
  xen-add-block-resize-support-for-xen-dis.patch
  xen-ignore-live-parameter-from-xen-save-.patch
  xen_disk-Add-suse-specific-flush-disable.patch

- Fix bsc#1209064
  * Patches added:
  s390x-pci-reset-ISM-passthrough-devices-.patch
  s390x-pci-shrink-DMA-aperture-to-be-boun.patch

- Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping
  linux-user-add-more-compat-ioctl-definit.patch and adding
  Revert-linux-user-fix-compat-with-glibc-.patch
- Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and
  linux-user-drop-conditionals-for-obsolet.patch were added
  as downstream patches as they were part of a series, but
  they never made it upstream, so we don't want them here
  either
  * Patches dropped:
  linux-user-add-more-compat-ioctl-definit.patch
  linux-user-drop-conditionals-for-obsolet.patch
  meson-enforce-a-minimum-Linux-kernel-hea.patch
  * Patches added:
  Revert-linux-user-fix-compat-with-glibc-.patch

- Fixes bsc#1197653, CVE-2022-1050
  * Patches added:
  block-Handle-curl-7.55.0-7.85.0-version-.patch
  hw-pvrdma-Protect-against-buggy-or-malic.patch

- Fixes: jsc#PED-1716  Add S390 features from IBM requirements
  * Patches added:
  dump-Add-architecture-section-and-sectio.patch
  dump-Refactor-dump_iterate-and-introduce.patch
  dump-Reintroduce-memory_offset-and-secti.patch
  dump-Rename-write_elf_loads-to-write_elf.patch
  dump-Rename-write_elf-_phdr_note-to-prep.patch
  dump-Reorder-struct-DumpState.patch
  dump-Replace-opaque-DumpState-pointer-wi.patch
  dump-Rework-dump_calculate_size-function.patch
  dump-Rework-filter-area-variables.patch
  dump-Rework-get_start_block.patch
  dump-Split-elf-header-functions-into-pre.patch
  dump-Use-a-buffer-for-ELF-section-data-a.patch
  dump-Write-ELF-section-headers-right-aft.patch
  include-elf.h-add-s390x-note-types.patch
  s390x-Add-KVM-PV-dump-interface.patch
  s390x-Add-protected-dump-cap.patch
  s390x-Introduce-PV-query-interface.patch
  s390x-pv-Add-dump-support.patch

- Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165),
  bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139
- Improved handling of: bsc#1202282 (jsc#PED-2592)
  * Patches dropped:
  pc-q35-Bump-max_cpus-to-1024.patch
  * Patches added:
  accel-abort-if-we-fail-to-load-the-accel.patch
  bios-tables-test-add-test-for-number-of-.patch
  bios-tables-test-teach-test-to-use-smbio.patch
  dmg-warn-when-opening-dmg-images-contain.patch
  hw-acpi-erst.c-Fix-memory-handling-issue.patch
  hw-display-qxl-Avoid-buffer-overrun-in-q.patch
  hw-display-qxl-Document-qxl_phys2virt.patch
  hw-display-qxl-Have-qxl_log_command-Retu.patch
  hw-display-qxl-Pass-requested-buffer-siz.patch
  hw-smbios-add-core_count2-to-smbios-tabl.patch
  hw-smbios-support-for-type-8-port-connec.patch
  module-add-Error-arguments-to-module_loa.patch
  module-removed-unused-function-argument-.patch
  module-rename-module_load_one-to-module_.patch
  openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
  s390x-tod-kvm-don-t-save-restore-the-TOD.patch
  tests-acpi-allow-changes-for-core_count2.patch
  tests-acpi-update-tables-for-new-core-co.patch
  ui-vnc-clipboard-fix-integer-underflow-i.patch

- Refactor building and installing SeaBIOS docs

- Rename submodule patches so that it's clear which ones
  are backports and which ones are downstream only fixes;
- No functional change intended.
  * Patches dropped:
  Ignore-spurious-GCC-12-warning.patch
  roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
  Makefile-define-endianess-for-cross-buil.patch
  ipxe-Makefile-fix-issues-of-build-reprod.patch
  qboot-add-cross.ini-file-to-handle-aarch.patch
  sgabios-Makefile-fix-issues-of-build-rep.patch
  Silence-GCC-12-spurious-warnings.patch
  build-be-explicit-about-mx86-used-note-n.patch
  enable-cross-compilation-on-ARM.patch
  stub-out-the-SAN-req-s-in-int13.patch
  help-compiler-out-by-initializing-array.patch
  seabios-switch-to-python3-as-needed.patch
  * Patches added:
  openSUSE-Basetools-Ignore-spurious-GCC-1.patch
  openSUSE-Makefile-Fix-csum8-to-be-built-.patch
  openSUSE-Makefile-define-endianess-for-c.patch
  openSUSE-Makefile-fix-issues-of-build-re.patch
  openSUSE-add-cross.ini-file-to-handle-aa.patch
  openSUSE-build-Makefile-fix-issues-of-bu.patch
  openSUSE-build-Silence-GCC-12-spurious-w.patch
  openSUSE-build-be-explicit-about-mx86-us.patch
  openSUSE-build-enable-cross-compilation-.patch
  openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch
  openSUSE-switch-to-python3-as-needed.patch
  openSUSE-test-help-compiler-out-by-initi.patch

- Fixes jsc#PED-1716
  * Patches added:
  configure-Add-Wno-gnu-variable-sized-typ.patch
  s390x-pci-add-routine-to-get-host-functi.patch
  s390x-pci-don-t-fence-interpreted-device.patch
  s390x-pci-enable-adapter-event-notificat.patch
  s390x-pci-enable-for-load-store-interpre.patch
  s390x-pci-let-intercept-devices-have-sep.patch
  s390x-pci-reflect-proper-maxstbl-for-gro.patch
  Update-linux-headers-to-v6.0-rc4.patch

- install binfmt-misc handlers for systemd (bsc#1206838)

- Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592)
  * Patches added:
  pc-q35-Bump-max_cpus-to-1024.patch

- install SeaBIOS documentation

- Enable KVM support on riscv64

- qtests test are not realiable when run inside OBS builders, so
  let's disable that part of the testsuite for now. There is work
  ongoing to run it somewhere else (on dedicated hosts) to avoid
  loosing coverage. (bsc#1204566)

- Improve dependency handling (e.g., what's recommended vs. what's
  required.
- Add a subpackage (qemu-headless) that brings in all the packages
  that are needed for creating VMs with tools like virt-install
  or VirtManager, run either locally or from a remote host.
  (bsc#1202166)

- Build fails due to exceeding 10 GB disk limit (10430 MB):
  raise disk space contraint to 12 GB

- Backports and bugfixes:
  * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567)
  * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
  * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
  * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)
  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)

- Bugs and CVEs fixes:
  * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
  * pcie: Introduce pcie_sriov_num_vfs (bsc#1220065, CVE-2024-26328)
  * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693)
  * hw/pvrdma: Protect against buggy or malicious guest driver (bsc#1209554, CVE-2023-1544)
  * pcie_sriov: Validate NumVFs (bsc#1220062, CVE-2024-26327)
  * esp: restrict non-DMA transfer length to that of available data (bsc#1220134, CVE-2024-24474)
  * s390x/ap: Wire up the device request notifier interface (bsc#1205316)
  * linux-headers: update to v6.5-rc1 (bsc#1205316)
  * Update linux headers to v6.3rc5 (bsc#1205316)
  * linux-headers: Update to v6.2-rc8 (bsc#1205316)
  * linux-headers: Update to v6.1 (bsc#1205316)
- Backport of SapphireRapids CPU Models (jsc#PED-8113):
  * target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE
  * target/i386: Export MSR_ARCH_CAPABILITIES bits to guests
  * docs: re-generate x86_64 ABI compatibility CSV
  * target/i386: Add new CPU model GraniteRapids
  * target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model
  * target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
  * target/i386: Allow MCDT_NO if host supports
  * target/i386: Add support for MCDT_NO in CPUID enumeration
  * target/i386: Adjust feature level according to FEAT_7_1_EDX
  * target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration
  * target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration
  * target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration
  * target/i386: Add support for AVX-IFMA in CPUID enumeration
  * target/i386: Add support for AMX-FP16 in CPUID enumeration
  * target/i386: Add support for CMPCCXADD in CPUID enumeration
  * target/i386: add support for FB_CLEAR feature
  * target/i386: add support for FLUSH_L1D feature
  * i386: Add new CPU model SapphireRapids
  * target/i386: KVM: allow fast string operations if host supports them
  * target/i386: add FZRM, FSRS, FSRC
  * target/i386: add FSRM to TCG
- Backport of EPYC-Genoa CPU Model (jsc#PED-7366):
  * target/i386: Add EPYC-Genoa model to support Zen 4 processor series
  * target/i386: Add VNMI and automatic IBRS feature bits
  * target/i386: Add missing feature bits in EPYC-Milan model
  * target/i386: Add feature bits for CPUID_Fn80000021_EAX
  * target/i386: Add a couple of feature bits in 8000_0008_EBX
  * target/i386: Add new EPYC CPU versions with updated cache_info
  * target/i386: allow versioned CPUs to specify new cache_info