Packages changed:
  Mesa
  Mesa-drivers
  gnutls (3.7.5 -> 3.7.4)
  kdsoap
  logrotate (3.19.0 -> 3.20.1)
  podman
  python-psutil (5.9.0 -> 5.9.1)
  qemu
  wayland
  xwayland (22.1.1 -> 22.1.2)

=== Details ===

==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's
  only relevant on these platforms
- Calling patch with '-p1' (as the others are) so 'git show'
  .patch output works.
- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs.
  a standard diff.
- Fixing up 'stop-iris-flicker.patch' patch name to follow standards.

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium

- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's
  only relevant on these platforms
- Calling patch with '-p1' (as the others are) so 'git show'
  .patch output works.
- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs.
  a standard diff.
- Fixing up 'stop-iris-flicker.patch' patch name to follow standards.

==== gnutls ====
Version update (3.7.5 -> 3.7.4)

- disable kcapi usage for now, as kernel-obs-build not adjusted
  to contain the algorithms. bsc#1189283
- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
  * The IG 10.3.A and SP800-132 require some minimum parameters for
    the salt length, password length and iteration count. These
    parameters should be also used in the KAT.
  * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- Enable to run the regression tests also in FIPS mode.
- Update to 3.7.4:
  * libgnutls: Added support for certificate compression as defined
    in RFC8879.
  * certtool: Added option --compress-cert that allows user to
    specify compression  methods for certificate compression.
  * libgnutls: GnuTLS can now be compiled with --enable-strict-x509
    configure option to enforce stricter certificate sanity checks
    that are compliant with RFC5280.
  * libgnutls: Removed IA5String type from DirectoryString within
    issuer and subject name to make DirectoryString RFC5280 compliant.
  * libgnutls: Added function to retrieve the name of current
    ciphersuite from session.
  * Bump libgnutlsxx soname due to ABI break
  * API and ABI modifications:
  - GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
  - GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
  - gnutls_compress_certificate_get_selected_method: Added
  - gnutls_compress_certificate_set_methods: Added
  * Update gnutls.keyring
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
  * libgnutls: The allowlisting configuration mode has been added
    to the system-wide settings. In this mode, all the algorithms
    are initially marked as insecure or disabled, while the
    applications can re-enable them either through the [overrides]
    section of the configuration file or the new API (#1172).
  * The build infrastructure no longer depends on GNU AutoGen for
    generating command-line option handling, template file parsing
    in certtool, and documentation generation (#773, #774). This
    change also removes run-time or bundled dependency on the
    libopts library, and requires Python 3.6 or later to regenerate
    the distribution tarball. Note that this brings in known backward
    incompatibility in command-line tools, such as long options are
    now case sensitive, while previously they were treated in a case
    insensitive manner: for example --RSA is no longer a valid option
    of certtool. The existing scripts using GnuTLS tools may need
    adjustment for this change.
  * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
    and used as a gnutls_privkey_t (#594). The code was originally written
    for the OpenConnect VPN project by David Woodhouse. To generate such
    blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
    https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
    or the tpm2_encodeobject tool from unreleased tpm2-tools.
  * libgnutls: The library now transparently enables Linux KTLS (kernel
    TLS) when the feature is compiled in with --enable-ktls configuration
    option (#1113). If the KTLS initialization fails it automatically falls
    back to the user space implementation.
  * certtool: The certtool command can now read the Certificate Transparency
    (RFC 6962) SCT extension (#232).  New API functions are also provided to
    access and manipulate the extension values.
  * certtool: The certtool command can now generate, manipulate, and evaluate
    x25519 and x448 public keys, private keys, and certificates.
  * libgnutls: Disabling a hashing algorithm through "insecure-hash"
    configuration directive now also disables TLS ciphersuites that use it
    as a PRF algorithm.
  * libgnutls: PKCS#12 files are now created with modern algorithms by default
    (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
    HMAC-SHA1 as an integity measure in PKCS#12.  Now it uses AES-128-CBC with
    PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
    default PBKDF2 iteration count has been increased to 600000.
  * libgnutls: PKCS#12 keys derived using GOST algorithm now uses
    HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity,
    to conform with the latest TC-26 requirements (#1225).
  * libgnutls: The library now provides a means to report the status
    of approved cryptographic operations (!1465). To adhere to the
    FIPS140-3 IG 2.4.C., this complements the existing mechanism to
    prohibit the use of unapproved algorithms by making the library
    unusable state.
  * gnutls-cli: The gnutls-cli command now provides a --list-config
    option to print the library configuration (!1508).
  * libgnutls: Fixed possible race condition in
    gnutls_x509_trust_list_verify_crt2 when a single trust list object
    is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17,
    CVSS: low]
  * API and ABI modifications:
    GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in
    gnutls_privkey_flags_t
    GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in
    gnutls_certificate_verify_flags
    gnutls_ecc_curve_set_enabled: Added.
    gnutls_sign_set_secure: Added.
    gnutls_sign_set_secure_for_certs: Added.
    gnutls_digest_set_secure: Added.
    gnutls_protocol_set_enabled: Added.
    gnutls_fips140_context_init: New function
    gnutls_fips140_context_deinit: New function
    gnutls_fips140_push_context: New function
    gnutls_fips140_pop_context: New function
    gnutls_fips140_get_operation_state: New function
    gnutls_fips140_operation_state_t: New enum
    gnutls_transport_is_ktls_enabled: New function
    gnutls_get_library_configuration: New function
  * Remove patches fixed in the update:
  - gnutls-FIPS-module-version.patch
  - gnutls-FIPS-service-indicator.patch
  - gnutls-FIPS-service-indicator-public-key.patch
  - gnutls-FIPS-service-indicator-symmetric-key.patch
  - gnutls-FIPS-RSA-PSS-flags.patch
  - gnutls-FIPS-RSA-mod-sizes.patch
- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468]
  * Add gnutls-FIPS-disable-failing-tests.patch
  * Remove patches:
  - gnutls-temporarily_disable_broken_guile_reauth_test.patch
  - disable-psk-file-test.patch
- FIPS: Provide module identifier and version [bsc#1190796]
  * Add configurable options to output the module name/identifier
    (--with-fips140-module-name) and the module version
    (--with-fips140-module-version).
  * Add the CLI option list-config that reports the configuration
    of the library.
  * Add gnutls-FIPS-module-version.patch
- FIPS: Provide a service-level indicator [bsc#1190698]
  * Add support for a "service indicator" as required in
    the FIPS140-3 Implementation Guidance in section 2.4.C
  * Add patches:
  - gnutls-FIPS-service-indicator.patch
  - gnutls-FIPS-service-indicator-public-key.patch
  - gnutls-FIPS-service-indicator-symmetric-key.patch
  - gnutls-FIPS-RSA-PSS-flags.patch
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008]
  * fips: allow more RSA modulus sizes
  * Add gnutls-FIPS-RSA-mod-sizes.patch
  * Delete gnutls-3.6.7-fips-rsa-4096.patch
- Drop bogus condition "> 1550": that would mean 'more recent than
  Tumbleweed' which is technically impossible, as Tumbleweed is the
  leading project (and the condition causes issues as Tumbleweed
  needs to move away from 1550 due to CODE 15 SP5 plans).
- Add crypto-policies support for Leap and SLE 15.4 [jsc#SLE-20287]
- Add DANE guards
- Remove gnutls-temporarily_disable_broken_guile_reauth_test.patch
  since its already working.
- Update to version 3.7.2
  * Added Linux kernel AF_ALG based acceleration
  * Fixed timing of early data exchange
  * The priority string option DISABLE_TLS13_COMPAT_MODE was added
    to disable TLS 1.3 middlebox compatibility mode
  * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
    GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
  * certtool:
  * When signing a CSR, CRL distribution point (CDP) is no
    longer copied from the signing CA by default
  * When producing certificates and certificate requests, subject
    DN components that are provided individually will now be
    ordered by assumed scale
- Rework the crypto-policies dependencies in libraries [bsc#1186385]
- Compute the FIPS hmac file without re-defining the
  __os_install_post macro, use the brp-50-generate-fips-hmac
  script instead. [bsc#1184555]
- Require the main package in devel and lib packages as the default
  priorities are now set via crypto-policies. [bsc#1183082]
- Update to 3.7.1:
    [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231]
  * Fixed potential use-after-free in sending "key_share" and
    "pre_shared_key" extensions.
  * Fixed a regression in handling duplicated certs in a chain.
  * Fixed sending of session ID in TLS 1.3 middlebox compatibility
    mode. In that mode the client shall always send a non-zero
    session ID to make the handshake resemble the TLS 1.2
    resumption; this was not true in the previous versions.
  * Removed dependency on the external 'fipscheck' package,
    when compiled with --enable-fips140-mode.
  * Added padlock acceleration for AES-192-CBC.
- Remove patches upstream:
  * gnutls-gnutls-cli-debug.patch
  * gnutls-ignore-duplicate-certificates.patch
  * gnutls-test-fixes.patch
- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565]
  * Don't unset system priority settings in gnutls-cli-debug.sh
  * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387
- Add gnutls-gnutls-cli-debug.patch
- Fix: Test certificates in tests/testpkcs11-certs have expired
  * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135
- Add gnutls-test-fixes.patch
- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
  * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131
- Add gnutls-ignore-duplicate-certificates.patch
- Update to 3.7.0
  * Depend on nettle 3.6
  * Added a new API that provides a callback function to retrieve
    missing certificates from incomplete certificate chains
  * Added a new API that provides a callback function to output the
    complete path to the trusted root during certificate chain
  verification
  * OIDs exposed as gnutls_datum_t no longer account for the
    terminating null bytes, while the data field is null terminated.
    The affected API functions are: gnutls_ocsp_req_get_extension,
    gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
  * Added a new set of API to enable QUIC implementation
  * The crypto implementation override APIs deprecated in 3.6.9 are
    now no-op
  * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
  * Support for padlock has been fixed to make it work with Zhaoxin CPU
  * The maximum PIN length for PKCS #11 has been increased from 31
    bytes to 255 bytes
- Remove patch fixed upstream:
  * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- Add version guards for the crypto-policies package
- Fix threading bug in libgnutls [bsc#1173434]
  * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044
- Require the crypto-policies package [bsc#1180051]
- Use the centralized crypto policy profile (jsc#SLE-15832)
- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
  * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- FIPS: Add TLS KDF selftest (bsc#1176671)
  * add gnutls-FIPS-TLS_KDF_selftest.patch
- Escape rpm command %%expand when used in comment.
- Update to 3.6.15
  * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
  [GNUTLS-SA-2020-09-04, CVSS: medium]
  * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
  indicates that with a false return value (!1306).
  * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
  accordingly to SP800-56A rev 3 (!1295, !1299).
  * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
  the size of the internal base64 blob (#1025).
  * libgnutls: Certificate verification failue due to OCSP must-stapling is not
  honered is now correctly marked with the GNUTLS_CERT_INVALID flag
  * libgnutls: The audit log message for weak hashes is no longer printed twice
  * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
  disabled in the priority string. Previously, even when TLS 1.2 is explicitly
  disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
  enabled (#1054).
- drop upstreamed patches:
  * gnutls-detect_nettle_so.patch
  * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666)
  * add gnutls-detect_nettle_so.patch
- Fix a memory leak that could lead to a DoS attack against Samba
  servers (bsc#1172663)
  * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
- Temporarily disable broken guile reauth test (bsc#1171565)
  * add gnutls-temporarily_disable_broken_guile_reauth_test.patch
- Update to 3.6.14
  * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
    The TLS server would not bind the session ticket encryption key with a
    value supplied by the application until the initial key rotation, allowing
    attacker to bypass authentication in TLS 1.3 and recover previous
    conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
    [GNUTLS-SA-2020-06-03, CVSS: high]
  * libgnutls: Fixed handling of certificate chain with cross-signed
    intermediate CA certificates (#1008). (bsc#1172461)
  * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
  * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
    (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
    Key Identifier (AKI) properly (#989, #991).
  * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
  * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
    Also both accelerated and non-accelerated implementations check key block
    according to FIPS-140-2 IG A.9 (!1233).
  * libgnutls: Added support for AES-SIV ciphers (#463).
  * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
  * libgnutls: No longer use internal symbols exported from Nettle (!1235)
  * API and ABI modifications:
    GNUTLS_CIPHER_AES_128_SIV: Added
    GNUTLS_CIPHER_AES_256_SIV: Added
    GNUTLS_CIPHER_AES_192_GCM: Added
    gnutls_pkcs7_print_signature_info: Added
- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
  the keyring
- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
- Use correct nettle .so version when looking for a FIPS checksum
  (bsc#1166635)
  * add gnutls-fips_correct_nettle_soversion.patch
- Update to 3.6.13
  * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3
  support)
    The DTLS client would not contribute any randomness to the DTLS negotiation,
    breaking the security guarantees of the DTLS protocol (#960)
    [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345)
  * libgnutls: Added new APIs to access KDF algorithms (#813).
  * libgnutls: Added new callback gnutls_keylog_func that enables a custom
    logging functionality.
  * libgnutls: Added support for non-null terminated usernames in PSK
    negotiation (#586).
  * gnutls-cli-debug: Improved support for old servers that only support
    SSL 3.0.
- Split off FIPS checksums into a separate libgnutls30-hmac
  subpackage (bsc#1152692)
- gnutls 3.6.12
  * libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
  to identify sessions that client request OCSP status request (#829).
  * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
  signature algorithm (RFC 8032) under TLS (#86).
  * libgnutls: Added the default-priority-string option to system configuration;
  it allows overriding the compiled-in default-priority-string.
  * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
  draft-smyshlyaev-tls12-gost-suites-07).
  By default this ciphersuite is disabled. It can be enabled by adding
  +GOST to priority string. In the future this priority string may enable
  other GOST ciphersuites as well.  Note, that server will fail to negotiate
  GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
  is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
  are enabled on GnuTLS-based servers.
  * libgnutls: added priority shortcuts for different GOST categories like
  CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
  * libgnutls: Reject certificates with invalid time fields. That is we reject
  certificates with invalid characters in Time fields, or invalid time formatting
  To continue accepting the invalid form compile with --disable-strict-der-time
  * libgnutls: Reject certificates which contain duplicate extensions. We were
  previously printing warnings when printing such a certificate, but that is
  not always sufficient to flag such certificates as invalid. Instead we now
  refuse to import them (#887).
  * libgnutls: If a CA is found in the trusted list, check in addition to
  time validity, whether the algorithms comply to the expected level prior
  to accepting it. This addresses the problem of accepting CAs which would
  have been marked as insecure otherwise (#877).
  * libgnutls: The min-verification-profile from system configuration applies
  for all certificate verifications, not only under TLS. The configuration can
  be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
  * libgnutls: The stapled OCSP certificate verification adheres to the convention
  used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
  * libgnutls: On client side only send OCSP staples if they have been requested
  by the server, and on server side always advertise that we support OCSP stapling
  * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
  with gnutls_ocsp_req_t but const.
  * certtool: Added the --verify-profile option to set a certificate
  verification profile. Use '--verify-profile low' for certificate verification
  to apply the 'NORMAL' verification profile.
  * certtool: The add_extension template option is considered even when generating
  a certificate from a certificate request.
- gnutls 3.6.11.1:
  * libgnutls: Corrected issue with TLS 1.2 session ticket
    handling as client during resumption
  * libgnutls: gnutls_base64_decode2() succeeds decoding the empty
    string to the empty string. This is a behavioral change of the
    API but it conforms to the RFC4648 expectations
  * libgnutls: Fixed AES-CFB8 implementation, when input is shorter
    than the block size. Fix backported from nettle.
  * certtool: CRL distribution points will be set in CA
    certificates even when non self-signed
  * gnutls-cli/serv: added raw public-key handling capabilities
    (RFC7250). Key material can be set via the --rawpkkeyfile and
  - -rawpkfile flags.
- gnutls 3.6.10:
  * Add support for deterministic ECDSA/DSA (RFC6979)
  * Add functions for in-place encryption/decryption of data buffers
  * server now selects the highest TLS protocol version, if TLS 1.3
    is enabled and the client advertises an older protocol version
    first
  * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode
    and MAC generation based on GOST 28147-89 (IMIT)
  * certtool: when outputting an encrypted private key do not
    insert the textual description of it
- Install checksums for binary integrity verification which are
  required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- gnutls 3.6.9:
  * add support for copying digest or MAC contexts
  * Mark the crypto implementation override APIs as deprecated
  * Add support for AES-GMAC, as a separate to GCM, MAC algorithm
  * Add support for Generalname registeredID
  * The priority configuration was enhanced to allow more elaborate
    system-wide configuration of the library
- includes changes from 3.6.8:
  * Add support for AES-XTS cipher
  * Fix calculation of Streebog digests
  * During Diffie-Hellman operations in TLS, verify that the peer's
    public key is on the right subgroup (y^q=1 mod p), when q is
    available (under TLS 1.3 and under earlier versions when RFC7919
    parameters are used).
  * Apply STD3 ASCII rules in gnutls_idna_map() to prevent
    hostname/domain crafting via IDNA conversion
  * certtool: allow the digital signature key usage flag in CA
    certificates
  * gnutls-cli/serv: add the --keymatexport and --keymatexportsize
    options. These allow testing the RFC5705 using these tools
- drop patches to re-enable tests:
  * disable-psk-file-test.patch
  * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- Trim useless %if..%endif guards that do not affect the build.
- Fix language errors in description again.
- Update gnutls to 3.6.7
  * * libgnutls, gnutls tools: Every gnutls_free() will automatically set
    the free'd pointer to NULL. This prevents possible use-after-free and
    double free issues. Use-after-free will be turned into NULL dereference.
    The counter-measure does not extend to applications using gnutls_free().
  * * libgnutls: Fixed a memory corruption (double free) vulnerability in the
    certificate verification API. Reported by Tavis Ormandy; addressed with
    the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829)
  * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
    Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836)
  * * libgnutls: enforce key usage limitations on certificates more actively.
    Previously we would enforce it for TLS1.2 protocol, now we enforce it
    even when TLS1.3 is negotiated, or on client certificates as well. When
    an inappropriate for TLS1.3 certificate is seen on the credentials structure
    GnuTLS will disable TLS1.3 support for that session (#690).
  * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to
    two. This makes it easier for clients which perform multiple connections
    to the server to use the tickets sent by a default server.
  * * libgnutls: enforce the equality of the two signature parameters fields in
    a certificate. We were already enforcing the signature algorithm, but there
    was a bug in parameter checking code.
  * * libgnutls: fixed issue preventing sending and receiving from different
    threads when false start was enabled (#713).
  * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
    session, as non-writeable security officer sessions are undefined in PKCS#11
    (#721).
  * * libgnutls: no longer send downgrade sentinel in TLS 1.3.
    Previously the sentinel value was embedded to early in version
    negotiation and was sent even on TLS 1.3. It is now sent only when
    TLS 1.2 or earlier is negotiated (#689).
  * * gnutls-cli: Added option --logfile to redirect informational messages output.
- Disabled dane support in SLE since dane is not shipped there
- Changed configure script to hardware guile site directory since command-line
  option '--with-guile-site-dir=' was removed from the configure script.
  * * Added gnutls-3.6.6-set_guile_site_dir.patch
- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix
  compilation issues on PPC
- Update to 3.6.6
  * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
    on the public key (#640).
  * * libgnutls: Added support for raw public-key authentication as defined in RFC7250.
    Raw public-keys can be negotiated by enabling the corresponding certificate
    types via the priority strings. The raw public-key mechanism must be explicitly
    enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
  * * libgnutls: When on server or client side we are sending no extensions we do
    not set an empty extensions field but we rather remove that field competely.
    This solves a regression since 3.5.x and improves compatibility of the server
    side with certain clients.
  * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
    the CKA_SIGN is not set (#667).
  * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
    disable extensions at all cases, while providing a functional session. This
    also implies that when specified, TLS1.3 is disabled.
  * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
    The previous definition was non-functional (#609).
- drop no longer needed gnutls-enbale-guile-2.2.patch
- refresh disable-psk-file-test.patch
- Update to 3.6.5
  * * libgnutls: Provide the option of transparent re-handshake/reauthentication
    when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
  * * libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
  * * libgnutls: The priority functions will ignore and not enable TLS1.3 if
    requested with legacy TLS versions enabled but not TLS1.2. That is because
    if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
    servers which do not support TLS1.3 will negotiate TLS1.2 which will be
    rejected by the client as disabled (#621).
  * * libgnutls: Change RSA decryption to use a new side-channel silent function.
    This addresses a security issue where memory access patterns as well as timing
    on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
    attacks. Side-channel resistant code is slower due to the need to mask
    access and timings. When used in TLS the new functions cause RSA based
    handshakes to be between 13% and 28% slower on average (Numbers are indicative,
    the tests where performed on a relatively modern Intel CPU, results vary
    depending on the CPU and architecture used). This change makes nettle 3.4.1
    the minimum requirement of gnutls (#630). [CVSS: medium]
  * * libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
    in the priority string. It is only accepted as legacy option and is ignored.
  * * libgnutls: Added support for EdDSA under PKCS#11 (#417)
  * * libgnutls: Added support for AES-CFB8 cipher (#357)
  * * libgnutls: Added support for AES-CMAC MAC (#351)
  * * libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
    have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
    S-BOXes). They are fixed now.
  * * libgnutls: Added support for GOST key unmasking and unwrapped GOST private
    keys parsing, as specified in R 50.1.112-2016.
  * * gnutls-serv: It applies the default settings when no --priority option is given,
    using gnutls_set_default_priority().
  * * p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
    option (#561)
  * * certtool: Add parameter --no-text that prevents certtool from outputting
    text before PEM-encoded private key, public key, certificate, CRL or CSR.
- minimum required libnettle is now 3.4.1
- refresh
  * disable-psk-file-test.patch
  * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch

==== kdsoap ====

- Add a Qt6 flavor for kdsoap.

==== logrotate ====
Version update (3.19.0 -> 3.20.1)

- update to 3.20.1:
  * drop world-readable permission on state file even when ACLs are enabled (#446)
- removed obsolete logrotate-CVE-2022-1348-follow-up.patch
- Security fix: (bsc#1199652, CVE-2022-1348)
  * Add follow-up upstream patch for the introduced fix.
  * Added patch logrotate-CVE-2022-1348-follow-up.patch
- Update patch:
  * logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch
- update to 3.20.0:
  * fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
  * fix a misleading debug message with copytruncate and rotate 0 (#443)
  * add support for unsigned time_t (#438)
  * do not lock state file /dev/null (#433)

==== podman ====
Subpackages: podman-cni-config

- Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath()
  skip empty line to avoid false error logging") for fixing "Error parsing
  cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies
  to Factory/Tumbleweed too)
  * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch

==== python-psutil ====
Version update (5.9.0 -> 5.9.1)

- removed obsolete skip-partitions-erros.patch
- update to 5.9.1
  * Enhancements
  - 1053: drop Python 2.6 support. (patches by Matthieu Darbois and Hugo van Kemenade)
  - 2050, [Linux]: increase read(2) buffer size from 1k to 32k when reading /proc
    pseudo files line by line. This should help having more consistent results.
  - 2057, [OpenBSD]: add support for cpu_freq().
  - 2107, [Linux]: Process.memory_full_info() (reporting process USS/PSS/Swap memory)
    now reads /proc/pid/smaps_rollup instead of /proc/pids/smaps, which makes it 5 times faster.
  * Bug fixes
  - 2048: AttributeError is raised if psutil.Error class is raised manually and passed through str.
  - 2049, [Linux]: cpu_freq() erroneously returns curr value in GHz while min and max are in MHz.
  - 2050, [Linux]: virtual_memory() may raise ValueError if running in a LCX container.

==== qemu ====

- Filter out rpmlint error that is valid for qemu, but will
  have its badness increased in the future.
- enable aio=io_uring on all kvm architectures (bsc#1197699)
- Backport aqmp patches from upstream which can fix iotest issues
  * Patches added:
  python-aqmp-add-__del__-method-to-legacy.patch
  python-aqmp-add-_session_guard.patch
  python-aqmp-add-SocketAddrT-to-package-r.patch
  python-aqmp-add-socket-bind-step-to-lega.patch
  python-aqmp-add-start_server-and-accept-.patch
  python-aqmp-copy-type-definitions-from-q.patch
  python-aqmp-drop-_bind_hack.patch
  python-aqmp-fix-docstring-typo.patch
  python-aqmp-Fix-negotiation-with-pre-oob.patch
  python-aqmp-fix-race-condition-in-legacy.patch
  Python-aqmp-fix-type-definitions-for-myp.patch
  python-aqmp-handle-asyncio.TimeoutError-.patch
  python-aqmp-refactor-_do_accept-into-two.patch
  python-aqmp-remove-_new_session-and-_est.patch
  python-aqmp-rename-accept-to-start_serve.patch
  python-aqmp-rename-AQMPError-to-QMPError.patch
  python-aqmp-split-_client_connected_cb-o.patch
  python-aqmp-squelch-pylint-warning-for-t.patch
  python-aqmp-stop-the-server-during-disco.patch
  python-introduce-qmp-shell-wrap-convenie.patch
  python-machine-raise-VMLaunchFailure-exc.patch
  python-move-qmp-shell-under-the-AQMP-pac.patch
  python-move-qmp-utilities-to-python-qemu.patch
  python-qmp-switch-qmp-shell-to-AQMP.patch
  python-support-recording-QMP-session-to-.patch
  python-upgrade-mypy-to-0.780.patch
- Drop the patches which are workaround to fix iotest issues
  * Patches dropped:
  Revert-python-iotests-replace-qmp-with-a.patch
  Revert-python-machine-add-instance-disam.patch
  Revert-python-machine-add-sock_dir-prope.patch
  Revert-python-machine-handle-fast-QEMU-t.patch
  Revert-python-machine-move-more-variable.patch
  Revert-python-machine-remove-_remove_mon.patch
- Support the SGX feature (bsc#1197807)
  * Patches added:
  doc-Add-the-SGX-numa-description.patch
  numa-Enable-numa-for-SGX-EPC-sections.patch
  numa-Support-SGX-numa-in-the-monitor-and.patch
- Backport CVE-2021-3929 (bsc#1193880)
  * Patches added:
  hw-nvme-fix-CVE-2021-3929.patch
- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528)
  * Patches added:
  Revert-python-iotests-replace-qmp-with-a.patch
  Revert-python-machine-add-instance-disam.patch
  Revert-python-machine-add-sock_dir-prope.patch
  Revert-python-machine-handle-fast-QEMU-t.patch
  Revert-python-machine-move-more-variable.patch
  Revert-python-machine-remove-_remove_mon.patch
- Add missing patch from a PTFs (bsc#1194938)
  * Patches added:
  scsi-generic-check-for-additional-SG_IO-.patch
- Kill downstream patches around bifmt handling that makes
  cumbersome to run multi-arch containers, and switch to the
  upstream behavior, which is well documented and valid on
  all other distros. This is possible thanks to Linux kernel
  commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so
  it can only work on Leap/SLE 15.4 and higher). (bsc#1197298)
  * Patches dropped:
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
  qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
- Fix update_git.sh wiping all the package file of the local
  checkout while cloning the git repository on demand (in case they
  don't exist and the user as to do so).
- Improve test reliability
  * Patches added:
  Fix-the-module-building-problem-for-s390.patch
  tests-qemu-iotests-040-Skip-TestCommitWi.patch
  tests-qemu-iotests-testrunner-Quote-case.patch
- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall
  (bsc#1196924)
  * Patches added:
  tools-virtiofsd-Add-rseq-syscall-to-the-.patch
- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503
  (bsc#1197018)
  * Patches added:
  hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
  Silence-GCC-12-spurious-warnings.patch
  Ignore-spurious-GCC-12-warning.patch
- Proactive fix
  * Patches added:
  hw-nvram-at24-return-0xff-if-1-byte-addr.patch
- Build PPC firmwares from sources on non-PPC builds as well
  (bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
  logic and code
  * Patches added:
  Makefile-define-endianess-for-cross-buil.patch
  Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
  bus adapter (bsc#1180432, CVE-2020-35503)
  * Patches added:
  hw-scsi-megasas-check-for-NULL-frame-in-.patch
- Include vmxcap in the qemu-tools package (is being very useful
  for debugging bsc#1193364)
- The qemu package should require qemu-x86, qemu-arm, etc, as there's
  no point installing it without _any_ of them. Additionally, right
  now, the user does not get a working qemu, if recommended packages
  are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
- Give clearer instructions on how to modify the package patches
  from the output of update_git.sh (docs change only, no functional
  change)
- qemu,kvm: potential privilege escalation via virtiofsd
  (bsc#1195161, CVE-2022-0358)
  * Patches added:
  virtiofsd-Drop-membership-of-all-supplem.patch
* Patches added:
  block-backend-Retain-permissions-after-m.patch
  iotest-065-explicit-compression-type.patch
  iotest-214-explicit-compression-type.patch
  iotest-302-use-img_info_log-helper.patch
  iotest-303-explicit-compression-type.patch
  iotest-39-use-_qcow2_dump_header.patch
  iotests-60-more-accurate-set-dirty-bit-i.patch
  iotests-bash-tests-filter-compression-ty.patch
  iotests-common.rc-introduce-_qcow2_dump_.patch
  iotests-declare-lack-of-support-for-comp.patch
  iotests-drop-qemu_img_verbose-helper.patch
  iotests-massive-use-_qcow2_dump_header.patch
  iotests-MRCE-Write-data-to-source.patch
  iotests.py-filter-out-successful-output-.patch
  iotests.py-img_info_log-rename-imgopts-a.patch
  iotests.py-implement-unsupported_imgopts.patch
  iotests.py-qemu_img-create-support-IMGOP.patch
  iotests.py-rewrite-default-luks-support-.patch
  iotests-specify-some-unsupported_imgopts.patch
  qcow2-simple-case-support-for-downgradin.patch
  tests-qemu-iotests-Fix-051-for-binaries-.patch
-Backport patch from upstream, bsc#1194063 CVE-2021-4158
  * Patches added:
  acpi-validate-hotplug-selector-on-access.patch
- Enable modules for testsuite
* Patches added:
  meson-build-all-modules-by-default.patch
- It's time to really start requiring -F when using -b in
  qemu-img for us as well. Users/customers have been warned
  in the relevant release notes (bsc#1190135)
  * Patches dropped:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch
- Fix testsuite failures by not using modules when building tests
  (and some other, also testsuite related, spec file problems)
- [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing
  SCSI passthrough disks
  * Patches added:
    scsi-generic-replace-logical-block-count.patch
- Add an audio-oss sub-package
- Add some new (mostly documentation) files in the package
- Remove option --audio-drv-list because audio is detected by
  meson automatically in latest version.
- Remove options --disable-jemalloc and --disable-tcmalloc
  which are changed in v6.2.0.
- Update to v 6.2.0. For full release notese, see:
  * https://wiki.qemu.org/ChangeLog/6.2.
  Be sure to also check the following pages:
  * https://qemu-project.gitlab.io/qemu/about/removed-features.html
  * https://qemu-project.gitlab.io/qemu/about/deprecated.html
  Some notable changes:
  * virtio-mem: guest memory dumps are now fully supported, along
    with pre-copy/post-copy migration and background guest snapshots
  * QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect
    guest-reported hotplug failures
  * TCG: improvements to TCG plugin argument syntax, and multi-core
    support for cache plugin
  * 68k: improved support for Apple?s NuBus, including ability to
    load declaration ROMs, and slot IRQ support
  * ARM: macOS hosts with Apple Silicon CPUs now support ?hvf?
    accelerator for AArch64 guests
  * ARM: emulation support for Fujitsu A64FX processor model
  * ARM: emulation support for kudo-mbc machine type
  * ARM: M-profile MVE extension is now supported for Cortex-M55
  * ARM: ?virt? machine now supports an emulated ITS (Interrupt
    Translation Service) and supports more than 123 CPUs in
    emulation mode
  * ARM: xlnx-zcu102 and xlnx-versal-virt machines now support
    BBRAM and eFUSE devices
  * PowerPC: improved POWER10 support for the ?powernv? machine type
  * PowerPC: initial support for POWER10 DD2.0 CPU model
  * PowerPC: support for FORM2 PAPR NUMA descriptions for ?pseries? machine type
  * RISC-V: support for Zb[abcs] instruction set extensions
  * RISC-V: support for vhost-user and numa mem options across all boards
  * RISC-V: SiFive PWM support
  * x86: support for new Snowridge-v4 CPU model
  * x86: guest support for Intel SGX
  * x86: AMD SEV guests now support measurement of kernel binary when doing
    direct kernel boot (not using a bootloader)
  * Patches dropped:
  9pfs-fix-crash-in-v9fs_walk.patch
  block-introduce-max_hw_iov-for-use-in-sc.patch
  hmp-Unbreak-change-vnc.patch
  hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
  hw-i386-acpi-build-Deny-control-on-PCIe-.patch
  i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
  net-vmxnet3-validate-configuration-value.patch
  pcie-rename-native-hotplug-to-x-native-h.patch
  plugins-do-not-limit-exported-symbols-if.patch
  plugins-execlog-removed-unintended-s-at-.patch
  qemu-nbd-Change-default-cache-mode-to-wr.patch
  qemu-sockets-fix-unix-socket-path-copy-a.patch
  target-arm-Don-t-skip-M-profile-reset-en.patch
  target-i386-add-missing-bits-to-CR4_RESE.patch
  tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
  uas-add-stream-number-sanity-checks.patch
  vhost-vsock-fix-migration-issue-when-seq.patch
  virtio-balloon-don-t-start-free-page-hin.patch
  virtio-mem-pci-Fix-memory-leak-when-crea.patch
  virtio-net-fix-use-after-unmap-free-for-.patch
- Reinstate Lin Ma's fixes for bsc#1192147 as they were
  submitted only to IBS.
  * Patches added:
  hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
  hw-i386-acpi-build-Deny-control-on-PCIe-.patch
  pcie-rename-native-hotplug-to-x-native-h.patch
- Rename the Guest Agent service qemu-guest-agent, like in other
  distros (and upstream). bsc#1185543
- disable QOM cast debug outside the testsuite as the corresponding
  asserts show up occassionally as top #1 in perf(1) traces under
  heavy virtio load
- enable LTO when we'd like to use LTO
* Patches added (bsc#1186256):
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
- cross-i386-binutils and cross-i386-gcc are not needed and were
  dropped from Factory - boo#1193424
- qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu
  (bsc#1189938 CVE-2021-3748)
  solved by virtio-net-fix-use-after-unmap-free-for-.patch
- kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation
  (bsc#1189702 CVE-2021-3713)
  * Patches added:
  uas-add-stream-number-sanity-checks.patch
- Stable fixes from upstream
  * Patches added:
  block-introduce-max_hw_iov-for-use-in-sc.patch
  hmp-Unbreak-change-vnc.patch
  qemu-nbd-Change-default-cache-mode-to-wr.patch
  target-arm-Don-t-skip-M-profile-reset-en.patch
  vhost-vsock-fix-migration-issue-when-seq.patch
  virtio-mem-pci-Fix-memory-leak-when-crea.patch
  virtio-net-fix-use-after-unmap-free-for-.patch
- Fix testsuite dependencies (bsc#1190573)
  * Patches added:
  modules-quick-fix-a-fundamental-error-in.patch
- Replace patch to fix hardcoded binfmt handler
  (bsc#1186256)
  * Patches dropped:
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
  * Patches added:
  qemu-binfmt-conf.sh-should-use-F-as-shor.patch
- Stable fixes from upstream
  * Patches added:
  9pfs-fix-crash-in-v9fs_walk.patch
  i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
  plugins-do-not-limit-exported-symbols-if.patch
  plugins-execlog-removed-unintended-s-at-.patch
  qemu-sockets-fix-unix-socket-path-copy-a.patch
  target-i386-add-missing-bits-to-CR4_RESE.patch
  virtio-balloon-don-t-start-free-page-hin.patch
- Fix qemu build on ARMv7 (bsc#1190211)
  * Patches added:
  tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
- Update supported file for ARM machines.
- Keep qemu-img without backing format still deprecated
  (bsc#1190135)
  * Patches added:
  Revert-qemu-img-Improve-error-for-rebase.patch
  Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.
- Update build dependencies versions: libgcrypt >= 1.8.0,
  gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7
- Fix hardcoded binfmt handler doesn't play well with containers
  (bsc#1186256)
  * Patches added:
  qemu-binfmt-conf.sh-allow-overriding-SUS.patch
- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1
  For a full list of formely deprecated features that are removed,
  consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html
  For a list of new deprecated features, consult:
  https://qemu-project.gitlab.io/qemu/about/deprecated.html
  Some noteworthy changes:
  * Removed moxie CPU.
  * Removed lm32 CPU.
  * Removed unicore32 CPU.
  * Removed 'info cpustats'.
  * Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc.
  * Added npcm7xx machine: quanta-gbs-bmc.
  * Model for Aspeed's Hash and Crypto Engine.
  * SVE2 is now emulated, including bfloat16 support
  * FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and
  FEAT_MTE3 are now emulated.
  * Improved hot-unplug failures on PowerPC pseries machine.
  * Implemented some POWER10 instructions in TCG.
  * Added shakti_c RISC-V machine.
  * Improved documentation for RISC-V machines.
  * CPU models for gen16 have been added for s390x.
  * New CPU model versions added with XSAVES enabled:
  Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5,
  Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3,
  Snowridge-v3, Dhyana-v2
  * Added ACPI based PCI hotplug support to Q35 machine. Enabled and
  used by default since pc-q35-6.1 machine type.
  * Added support for the pca9546 and pca9548 I2C muxes.
  * Added support for PMBus and several PMBus devices.
  * Crypto subsystem:
  The preferred crypto backend driver now gnutls, with libgcrypt as the
  second choice, and nettle as third choice, with ordering driven mostly
  by performance of the ciphers.
  * Misc doc improvements.
  * Patches removed:
  block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
  hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
  hw-block-nvme-align-with-existing-style.patch
  hw-block-nvme-consider-metadata-read-aio.patch
  hw-net-can-sja1000-fix-buff2frame_bas-an.patch
  hw-nvme-fix-missing-check-for-PMR-capabi.patch
  hw-nvme-fix-pin-based-interrupt-behavior.patch
  hw-pci-host-q35-Ignore-write-of-reserved.patch
  hw-rdma-Fix-possible-mremap-overflow-in-.patch
  hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
  hw-usb-Do-not-build-USB-subsystem-if-not.patch
  hw-usb-host-stub-Remove-unused-header.patch
  linux-user-aarch64-Enable-hwcap-for-RND-.patch
  module-for-virtio-gpu-pre-load-module-to.patch
  monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
  pvrdma-Ensure-correct-input-on-ring-init.patch
  pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
  qemu-config-load-modules-when-instantiat.patch
  qemu-config-parse-configuration-files-to.patch
  qemu-config-use-qemu_opts_from_qdict.patch
  runstate-Initialize-Error-to-NULL.patch
  sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
  target-i386-Exit-tb-after-wrmsr.patch
  target-sh4-Return-error-if-CPUClass-get_.patch
  tcg-Allocate-sufficient-storage-in-temp_.patch
  tcg-arm-Fix-tcg_out_op-function-signatur.patch
  tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
  ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
  usb-hid-avoid-dynamic-stack-allocation.patch
  usb-limit-combined-packets-to-1-MiB-CVE-.patch
  usb-mtp-avoid-dynamic-stack-allocation.patch
  usb-redir-avoid-dynamic-stack-allocation.patch
  usbredir-fix-free-call.patch
  vfio-ccw-Permit-missing-IRQs.patch
  vhost-user-blk-Check-that-num-queues-is-.patch
  vhost-user-blk-Don-t-reconnect-during-in.patch
  vhost-user-blk-Fail-gracefully-on-too-la.patch
  vhost-user-blk-Get-more-feature-flags-fr.patch
  vhost-user-blk-Make-sure-to-set-Error-on.patch
  vhost-user-gpu-abstract-vg_cleanup_mappi.patch
  vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
  vhost-user-gpu-fix-leak-in-virgl_resourc.patch
  vhost-user-gpu-fix-memory-disclosure-in-.patch
  vhost-user-gpu-fix-memory-leak-in-vg_res.patch
  vhost-user-gpu-fix-memory-leak-while-cal.patch
  vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
  vhost-user-gpu-fix-resource-leak-in-vg_r.patch
  vhost-vdpa-don-t-initialize-backend_feat.patch
  virtio-blk-Fix-rollback-path-in-virtio_b.patch
  virtio-Fail-if-iommu_platform-is-request.patch
  virtiofsd-Fix-side-effect-in-assert.patch
  vl-allow-not-specifying-size-in-m-when-u.patch
  vl-Fix-an-assert-failure-in-error-path.patch
  vl-plug-object-back-into-readconfig.patch
  vl-plumb-keyval-based-options-into-readc.patch
  x86-acpi-use-offset-instead-of-pointer-w.patch
- usb: unbounded stack allocation in usbredir
  (bsc#1186012, CVE-2021-3527)
  hw-usb-Do-not-build-USB-subsystem-if-not.patch
  hw-usb-host-stub-Remove-unused-header.patch
  usb-hid-avoid-dynamic-stack-allocation.patch
  usb-limit-combined-packets-to-1-MiB-CVE-.patch
  usb-mtp-avoid-dynamic-stack-allocation.patch
- usbredir: free call on invalid pointer in bufp_alloc
  (bsc#1189145, CVE-2021-3682)
  usbredir-fix-free-call.patch
- Add stable patches from upstream:
  block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
  hw-net-can-sja1000-fix-buff2frame_bas-an.patch
  hw-pci-host-q35-Ignore-write-of-reserved.patch
- Disabled skiboot building for PowerPC due to the following issue:
  https://github.com/open-power/skiboot/issues/265
- Fix possible mremap overflow in the pvrdma
  (CVE-2021-3582, bsc#1187499)
  hw-rdma-Fix-possible-mremap-overflow-in-.patch
- Ensure correct input on ring init
  (CVE-2021-3607, bsc#1187539)
  pvrdma-Ensure-correct-input-on-ring-init.patch
- Fix the ring init error flow
  (CVE-2021-3608, bsc#1187538)
  pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
- Fix qemu-supportconfig network-manager verification
- Fix stable issues found in upstream:
  hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
  hw-block-nvme-align-with-existing-style.patch
  hw-nvme-fix-missing-check-for-PMR-capabi.patch
  hw-nvme-fix-pin-based-interrupt-behavior.patch
  linux-user-aarch64-Enable-hwcap-for-RND-.patch
  qemu-config-load-modules-when-instantiat.patch
  qemu-config-parse-configuration-files-to.patch
  qemu-config-use-qemu_opts_from_qdict.patch
  runstate-Initialize-Error-to-NULL.patch
  target-i386-Exit-tb-after-wrmsr.patch
  tcg-Allocate-sufficient-storage-in-temp_.patch
  tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
  vhost-vdpa-don-t-initialize-backend_feat.patch
  vl-allow-not-specifying-size-in-m-when-u.patch
  vl-Fix-an-assert-failure-in-error-path.patch
  vl-plug-object-back-into-readconfig.patch
  vl-plumb-keyval-based-options-into-readc.patch
  x86-acpi-use-offset-instead-of-pointer-w.patch
- Update qemu-supportconfig plugin
- Fix an update-alternative warning when removing qemu-skiboot package
  bsc#1178678
- Use doc directive to build QEMU documentation
- Improve compatibility with gcc 11:
  target-sh4-Return-error-if-CPUClass-get_.patch
  tcg-arm-Fix-tcg_out_op-function-signatur.patch
- Enable zstd compression option to qcow2
- Fix out-of-bounds write in virgl_cmd_get_capset
  CVE-2021-3546 bsc#1185981
  vhost-user-gpu-abstract-vg_cleanup_mappi.patch
- Fix memory leaks found in the virtio vhost-user GPU device
  CVE-2021-3544 bsc#1186010
  vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
  vhost-user-gpu-fix-leak-in-virgl_resourc.patch
  vhost-user-gpu-fix-memory-disclosure-in-.patch
  vhost-user-gpu-fix-memory-leak-in-vg_res.patch
  vhost-user-gpu-fix-memory-leak-while-cal.patch
  vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
- Fix information disclosure due to uninitialized memory read
  CVE-2021-3545 bsc#1185990
  vhost-user-gpu-fix-resource-leak-in-vg_r.patch
- disable sheepdog, it was dropped upstream (
  https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024)
  and fails to build with gcc 11 on non-x86
- Fix CVE-2021-3527 in usb/redir:
  usb-redir-avoid-dynamic-stack-allocation.patch
- Fix issues found upstream:
  hw-block-nvme-consider-metadata-read-aio.patch
  sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
  vfio-ccw-Permit-missing-IRQs.patch
  vhost-user-blk-Check-that-num-queues-is-.patch
  vhost-user-blk-Don-t-reconnect-during-in.patch
  vhost-user-blk-Fail-gracefully-on-too-la.patch
  vhost-user-blk-Get-more-feature-flags-fr.patch
  vhost-user-blk-Make-sure-to-set-Error-on.patch
  virtio-blk-Fix-rollback-path-in-virtio_b.patch
  virtio-Fail-if-iommu_platform-is-request.patch
  virtiofsd-Fix-side-effect-in-assert.patch
  monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
- Brotli VLA error was already fixed in v5.2 but the patches wasn't
  included in v6.0. This change fixed that
- Patches added:
  brotli-fix-actual-variable-array-paramet.patch
  hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
  ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
- For the record, these issues are fixed in this package already.
  Most are alternate references to previously mentioned issues:
  (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
  CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
  CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
  CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)
- Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0
  For a full list of formely deprecated features that are removed now,
  consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html.
  For a list of new deprecated features, consult:
  https://qemu-project.gitlab.io/qemu/system/deprecated.html
  Some noteworthy changes:
  * Removed tileGX CPU (linux-user mode).
  * Removed ide-drive device (use ide-hd or ide-cd instead).
  * Removed scsi-disk device (use scsi-hd or scsi-cd instead).
  * Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types.
  * Added emulation of Arm-v8.1M arch and Cortex-M55 CPU.
  * Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55).
  * x86: Support for running SEV-ES encrypted guests; TCG can emulate
  the PKS feature; WHPX accelerator supports accelerated APIC.
  * ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation
  are now supported; Added ARMv8.5-MemTag extension is now supported formely
  linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal,
  sbsa-ref, npcm7xx, and sabrelite board models.
  * PowerPC: powernv now allows external BMC; pseries can send QAPI message
  if it detects a memory hotplug failure; CPU unplug request can be retried.
  * s390: TCG works with Linux kernels built with clang-11 and clang12.
  * RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory
  command; Add support for the SiFive SPI controller (sifive_u); Add QSPI
  NOR flash to Microchip PFSoC.
  * Misc doc improvements.
  * Multiprocess: Add experimental options to support out-of-process device
  emulation.
  * ACPI: support for assigning NICs to known names in guest OS independently of
  PCI slot placement.
  * NVMe: new emulation support for v1.4 spec with many new features, experimental
  support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection.
  * Xen: New guest loader for testing of Xen-like hypervisors booting kernels.
  * virtiofs: misc. security fixes and performance improvements.
  * Tools: FUSE block exports to allow mounting any QEMU block device node
  as a host file.
  * Migration: query/info-migrate now display the migration blocker status and
  the reasons for blocking.
  * User-mode: Added support for the Qualcomm Hexagon processor.
  * TCG: Added support for Apple Silicon hosts (macOS).
  * QMP: backup jobs now support multiple asynchronous requests in parallel
  * VNC: virtio-vga support for scaling resolution based on client window size
  * Patches added:
  doc-add-our-support-doc-to-the-main-proj.patch
  * Patches removed:
  9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
  audio-add-sanity-check.patch
  block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
  block-Fix-locking-in-qmp_block_resize.patch
  blockjob-Fix-crash-with-IOthread-when-bl.patch
  block-nfs-fix-int-overflow-in-nfs_client.patch
  block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
  block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
  block-Separate-blk_is_writable-and-blk_s.patch
  block-Simplify-qmp_block_resize-error-pa.patch
  brotli-fix-actual-variable-array-paramet.patch
  build-no-pie-is-no-functional-linker-fla.patch
  cadence_gem-switch-to-use-qemu_receive_p.patch
  cpu-core-Fix-help-of-CPU-core-device-typ.patch
  docs-add-SUSE-support-statements-to-html.patch
  dp8393x-switch-to-use-qemu_receive_packe.patch
  e1000-fail-early-for-evil-descriptor.patch
  e1000-switch-to-use-qemu_receive_packet-.patch
  hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
  hw-arm-virt-Disable-pl011-clock-migratio.patch
  hw-block-fdc-Fix-fallback-property-on-sy.patch
  hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
  hw-isa-Kconfig-Add-missing-dependency-VI.patch
  hw-isa-piix4-Migrate-Reset-Control-Regis.patch
  hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
  hw-s390x-fix-build-for-virtio-9p-ccw.patch
  hw-sd-sd-Actually-perform-the-erase-oper.patch
  hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
  hw-sd-sdhci-Correctly-set-the-controller.patch
  hw-sd-sdhci-Don-t-transfer-any-data-when.patch
  hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
  hw-sd-sdhci-Limit-block-size-only-when-S.patch
  hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
  hw-sd-sd-Move-the-sd_block_-read-write-a.patch
  hw-sd-sd-Skip-write-protect-groups-check.patch
  hw-timer-slavio_timer-Allow-64-bit-acces.patch
  hw-virtio-pci-Added-AER-capability.patch
  hw-virtio-pci-Added-counter-for-pcie-cap.patch
  i386-acpi-restore-device-paths-for-pre-5.patch
  iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
  lan9118-switch-to-use-qemu_receive_packe.patch
  lsilogic-Use-PCIDevice-exit-instead-of-D.patch
  Make-keycode-gen-output-reproducible-use.patch
  memory-clamp-cached-translation-in-case-.patch
  monitor-Fix-assertion-failure-on-shutdow.patch
  mptsas-Remove-unused-MPTSASState-pending.patch
  msf2-mac-switch-to-use-qemu_receive_pack.patch
  net-Fix-handling-of-id-in-netdev_add-and.patch
  net-introduce-qemu_receive_packet.patch
  pcnet-switch-to-use-qemu_receive_packet-.patch
  qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
  qemu-storage-daemon-Enable-object-add.patch
  rtl8139-switch-to-use-qemu_receive_packe.patch
  s390x-add-have_virtio_ccw.patch
  s390x-css-report-errors-from-ccw_dstream.patch
  s390x-Fix-stringop-truncation-issue-repo.patch
  s390x-modularize-virtio-gpu-ccw.patch
  s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
  s390x-pci-restore-missing-Query-PCI-Func.patch
  spice-app-avoid-crash-when-core-spice-mo.patch
  sungem-switch-to-use-qemu_receive_packet.patch
  target-arm-Don-t-decode-insns-in-the-XSc.patch
  target-arm-Fix-MTE0_ACTIVE.patch
  target-arm-Introduce-PREDDESC-field-defi.patch
  target-arm-Update-PFIRST-PNEXT-for-pred_.patch
  target-arm-Update-REV-PUNPK-for-pred_des.patch
  target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
  target-xtensa-fix-meson.build-rule-for-x.patch
  tcg-Use-memset-for-large-vector-byte-rep.patch
  tools-virtiofsd-Replace-the-word-whiteli.patch
  tx_pkt-switch-to-use-qemu_receive_packet.patch
  ui-vnc-Add-missing-lock-for-send_color_m.patch
  update-linux-headers-Include-const.h.patch
  Update-linux-headers-to-5.11-rc2.patch
  util-fix-use-after-free-in-module_load_o.patch
  vfio-ccw-Connect-the-device-request-noti.patch
  vhost-user-blk-fix-blkcfg-num_queues-end.patch
  viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
  virtiofsd-extract-lo_do_open-from-lo_ope.patch
  virtiofsd-optionally-return-inode-pointe.patch
  virtiofsd-prevent-opening-of-special-fil.patch
  virtiofs-drop-remapped-security.capabili.patch
  virtiofsd-Save-error-code-early-at-the-f.patch
  virtio-move-use-disabled-flag-property-t.patch
  virtio-pci-compat-page-aligned-ATS.patch
  xen-block-Fix-removal-of-backend-instanc.patch
- Include upstream patch designated as stable material and reviewed
  for applicability to include here
  mptsas-Remove-unused-MPTSASState-pending.patch
- Clarify in support documents that cpu-add was removed in this
  release from both the human monitor protocol (HMP) and QMP
  interfaces
- 6.0.0 qemu is about to be released. Add comments to the in-
  package support documents (supported.<arch>.txt) about the new
  deprecations as of that release as an early head's up for qemu
  users. These deprecations include these command-line options:
  - M option: kernel-irqchip=off
  - chardev tty
  - chardev paraport
  - enable-fips
  - writeconfig
  - spice password=string
- Include upstream patches designated as stable material and
  reviewed for applicability to include here. NOTE that the
  PIIX4 patch has migration implications: the change will also be
  applied to the SLE-15-SP2 qemu, and a live migration from that
  version to this SLE-15-SP3 qemu would require this patch to be
  applied for a successful migration if PIIX4 southbridge is used
  in the machine emulation (x86 i440fx)
  block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
  block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
  cpu-core-Fix-help-of-CPU-core-device-typ.patch
  hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
  hw-block-fdc-Fix-fallback-property-on-sy.patch
  hw-isa-Kconfig-Add-missing-dependency-VI.patch
  hw-isa-piix4-Migrate-Reset-Control-Regis.patch
  hw-virtio-pci-Added-AER-capability.patch
  hw-virtio-pci-Added-counter-for-pcie-cap.patch
  s390x-css-report-errors-from-ccw_dstream.patch
  target-xtensa-fix-meson.build-rule-for-x.patch
  util-fix-use-after-free-in-module_load_o.patch
  virtio-pci-compat-page-aligned-ATS.patch
- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a
  module to what was accepted upstream (bsc#1181103)
  * Patches dropped:
  hw-s390x-modularize-virtio-gpu-ccw.patch
  * Patches added:
  s390x-add-have_virtio_ccw.patch
  s390x-modularize-virtio-gpu-ccw.patch
  s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144,
  CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
  hw-sd-sd-Actually-perform-the-erase-oper.patch
  hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
  hw-sd-sdhci-Correctly-set-the-controller.patch
  hw-sd-sdhci-Don-t-transfer-any-data-when.patch
  hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
  hw-sd-sdhci-Limit-block-size-only-when-S.patch
  hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
  hw-sd-sd-Move-the-sd_block_-read-write-a.patch
  hw-sd-sd-Skip-write-protect-groups-check.patch
- Fix potential privilege escalation in virtiofsd tool
  (CVE-2021-20263, bsc#1183373)
  tools-virtiofsd-Replace-the-word-whiteli.patch
  viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
  virtiofsd-extract-lo_do_open-from-lo_ope.patch
  virtiofsd-optionally-return-inode-pointe.patch
  virtiofsd-prevent-opening-of-special-fil.patch
  virtiofs-drop-remapped-security.capabili.patch
  virtiofsd-Save-error-code-early-at-the-f.patch
- Fix OOB access (stack overflow) in rtl8139 NIC emulation
  (CVE-2021-3416, bsc#1182968)
  net-introduce-qemu_receive_packet.patch
  rtl8139-switch-to-use-qemu_receive_packe.patch
- Fix OOB access (stack overflow) in other NIC emulations
  (CVE-2021-3416)
  cadence_gem-switch-to-use-qemu_receive_p.patch
  dp8393x-switch-to-use-qemu_receive_packe.patch
  e1000-switch-to-use-qemu_receive_packet-.patch
  lan9118-switch-to-use-qemu_receive_packe.patch
  msf2-mac-switch-to-use-qemu_receive_pack.patch
  pcnet-switch-to-use-qemu_receive_packet-.patch
  sungem-switch-to-use-qemu_receive_packet.patch
  tx_pkt-switch-to-use-qemu_receive_packet.patch
- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
  memory-clamp-cached-translation-in-case-.patch
- Include upstream patches designated as stable material and
  reviewed for applicability to include here
  hw-arm-virt-Disable-pl011-clock-migratio.patch
  xen-block-Fix-removal-of-backend-instanc.patch
- Fix package scripts to not use hard coded paths for temporary
  working directories and log files (bsc#1182425)
- Fix s390x "mediated device is in use" error condition
  (bsc#1183634)
  update-linux-headers-Include-const.h.patch
  Update-linux-headers-to-5.11-rc2.patch
  vfio-ccw-Connect-the-device-request-noti.patch
- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
  e1000-fail-early-for-evil-descriptor.patch
- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372)
  s390x-pci-restore-missing-Query-PCI-Func.patch
- Include upstream patches designated as stable material and
  reviewed for applicability to include here
  lsilogic-Use-PCIDevice-exit-instead-of-D.patch
  vhost-user-blk-fix-blkcfg-num_queues-end.patch
- Fix potential privilege escalation in virtfs (CVE-2021-20181
  bsc#1182137)
  9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
  net-vmxnet3-validate-configuration-value.patch
- Add #!ForceMultiversion to qemu.spec:
  + As the spec file defines different Version: fiels for various
    subpackages, we must instruct OBS to not ever reset the
    checkin-counter, as it would by defalut on a version increase.
    Resetting the version counter results in sub-packages reusing
    their VERSION-RELEASE from the past (e.g. qemu-ipxe is version
    1.0.0+, and upon checkin of a new qemu version, RELEASE is
    reset to 1.1, thus again producing
    qemu-ipxe-1.0.0+-1.1.noarch.rpm.
- Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922)
  brotli-fix-actual-variable-array-paramet.patch
- Tweak a few submodule descriptions and summaries
- Fix a backward compatibility issue in ACPI data
  i386-acpi-restore-device-paths-for-pre-5.patch
- Add patch from IBM to improve modularization situation on s390
  where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a
  corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is
  split out (this parallels the hw-display-virtio-gpu-pci.so module).
  Split-provides file is also used to track this functionality
  splitout. Both the packages supplying the above mentioned modules
  now have a Requires on the qemu-hw-display-virtio-gpu package. It
  is anticipated that this change is going in upstream as well, and
  if done differently the plan is to update to the upstream
  implementation if possible (bsc#1181103)
  hw-s390x-modularize-virtio-gpu-ccw.patch
- Added a few more usability improvements for our git packaging
  workflow
- Fix issue of virtio-9p-ccw having been mistakenly dropped from
  qemu (bsc#1182496)
  hw-s390x-fix-build-for-virtio-9p-ccw.patch
- Tweaked some spec file details to be again compatible with quilt
  setup using the spec file as input
- Remove BuildRequires that were added in anticipation of building
  ovmf within this package. We have not taken that route
- Fix uninitialized variable in ipxe driver code (boo#1181922)
  ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
- Add a few improvements to the git-based package workflow scripts
- Include additional upstream patches designated as stable material
  and reviewed for applicability to include here
  blockjob-Fix-crash-with-IOthread-when-bl.patch
  monitor-Fix-assertion-failure-on-shutdow.patch
  qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
  qemu-storage-daemon-Enable-object-add.patch
- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci
  from being an x86 only Recommends, to a Recommends for all arch's
  except s390x (boo#1181350)
- Fix qemu-hw-usb-smartcard to not be a Recommends for s390x
- Minor spec file tweaks for compatibility with upcoming spec file
  formatter
- Make note that this patch takes care of an OOB access in ARM
  interrupt handling (CVE-2021-20221 bsc#1181933)
  hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
- Include upstream patches designated as stable material and
  reviewed for applicability to include here
  block-Separate-blk_is_writable-and-blk_s.patch
  hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
  hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
  hw-timer-slavio_timer-Allow-64-bit-acces.patch
  net-Fix-handling-of-id-in-netdev_add-and.patch
  target-arm-Don-t-decode-insns-in-the-XSc.patch
  target-arm-Fix-MTE0_ACTIVE.patch
  target-arm-Introduce-PREDDESC-field-defi.patch
  target-arm-Update-PFIRST-PNEXT-for-pred_.patch
  target-arm-Update-REV-PUNPK-for-pred_des.patch
  target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
  tcg-Use-memset-for-large-vector-byte-rep.patch
  ui-vnc-Add-missing-lock-for-send_color_m.patch
  virtio-move-use-disabled-flag-property-t.patch
- binutils v2.36 has changed the handling of the assembler's
  - mx86-used-note, resulting in a build failure. To compensate, we
  now explicitly specify -mx86-used-note=no in the seabios Makefile
  (boo#1181775)
  build-be-explicit-about-mx86-used-note-n.patch
- Additional tweaks to ensure libvirt runs ok when
  qemu-hw-display-virtio-gpu package is not installed
- Use '%service_del_postun_without_restart' instead of
  '%service_del_postun' to avoid "Failed to try-restart
  qemu-ga@.service" error while updating the qemu-guest-agent.
  (bsc#1178565)
- Fix two additional cases of qemu crashing due to qemu module
  packages not being loaded.
  qom-handle-case-of-chardev-spice-module-.patch
  spice-app-avoid-crash-when-core-spice-mo.patch
- Fix issue of qemu crashing (abort called) when virtio-gpu device
  is asked for and the qemu-hw-display-virtio-gpu package isn't
  installed. (bsc#1181103)
  module-for-virtio-gpu-pre-load-module-to.patch
- Add additional inter-module package dependencies, to reflect the
  current module dependencies (see qemu source file: util/module.c)
- As of v3.1.0 virt-manager, new VM's are created by default with
  audio/sound enabled, so it's time to reflect the need, at least
  in the spice case, by having spice-audio available when spice in
  general is used (boo#1180210 boo#1181132)
- Further refine package Recommends/Suggests based on architecture
- Remove no longer needed dependency on pwdutils (boo#1181235)
- Fix qemu-testsuite issue where white space processing gets
  handled differently under bash 5.1 (boo#1181054)
  iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to
  invoke the QEMU emulator has been deprecated for some time,
  but is still provided. It has as it's ancient origins a version
  of QEMU which had KVM acceleration enabled by default, and then
  recently, until now, it is a shell script which execs the QEMU
  emulator, adding '-machine accel=kvm' to the beginning of the
  list of command line options passed to the emulator.
  This method collides with the now preferred method of specifying
  acceleration options by using -accel. qemu-kvm is now changed to
  simply be a symlink to the same QEMU binary which the prior
  script exec'd. This new approach takes advantage of a built-in
  QEMU feature where if QEMU is invoked using a program name ending
  in 'kvm', KVM emulation is enabled. This approach is better in
  that it is more compatible with any other command line option
  that may be added for describing acceleration.
  For those who have modified qemu-kvm to add additional command
  line options, or take other actions in the context of the script
  you will now need to create an alternate script "emulator" to
  achieve the same result. Note that it's possible there may be
  some very subtle behavioral difference in the switch from a
  script to a symlink, but given that qemu-kvm is a deprecated
  package, we're not going to worry about that.
- Fix crash when spice used and the qemu-audio-spice package isn't
  installed (boo#1180210)
  audio-add-sanity-check.patch
- Add some stable patches from upstream
  block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
  block-Fix-locking-in-qmp_block_resize.patch
  block-nfs-fix-int-overflow-in-nfs_client.patch
  block-Simplify-qmp_block_resize-error-pa.patch
  build-no-pie-is-no-functional-linker-fla.patch
- Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  the deprecated.html file installed with the qemu package
  Some noteworthy changes:
  * Dropped system emulators: qemu-system-lm32, qemu-system-unicore32
  * Dropped linux user emulator: qemu-ppc64abi32
  * Added linux user emulator: qemu-extensaeb
  * Unicore32 and lm32 guest support dropped
  * New sub-packages (most due to ongoing modularization of QEMU):
  qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga,
  qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci,
  qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools
  * x86: A new KVM feature which improves the handling of asynchronous page
  faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8)
  * s390: More instructions emulated under TCG
  * PowerPC: nvdimm= machine option now functions correctly; misc improvements
  * ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500
  (Cortex-M7 based),  raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero)
  and raspi1ap (the Pi A+)
  * RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used
  when no -bios argument is supplied; Support for NUMA sockets on Virt
  and Spike Machines; Support for migrating machines; misc improvements
  * Misc NVMe improvements
  * The 'vhost-user-blk' export type has been added, allowing
  qemu-storage-daemon to act as a vhost-user-blk device backend
  * The SMBIOS OEM strings can now come from a file
  * 9pfs - misc performance related improvements
  * virtiofs - misc improvements
  * migration: The default migration bandwidth has been increased to 1Gbps
  (users are still encouraged to tune it to their own hardware); The new
  'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine
  the likelihood of precopy migration success; TLS+multifd now supported
  for higher bandwidth encrypted migration; misc minor features added
  * Misc minor block features added
  * Misc doc improvements
  * qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based,
  and the qboot based on is now qboot.rom
  * elf2dmp is no longer part of qemu-tools (it was never intended to be
  a packaged binary)
  * Some subpackages which were 'Requires' are now 'Recommends', allowing for
  a smaller qemu packaging footprint if needed
  * Patches dropped (included in release tarball, unless otherwise noted):
  docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently)
  hw-hyperv-vmbus-Fix-32bit-compilation.patch
  linux-user-properly-test-for-infinite-ti.patch
  Switch-order-of-libraries-for-mpath-supp.patch (fixed differently)
  Conditionalize-ui-bitmap-installation-be.patch (fixed differently)
  hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9)
  hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9)
  roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch)
  libvhost-user-handle-endianness-as-manda.patch
  virtio-add-vhost-user-fs-ccw-device.patch
  Fix-s-directive-argument-is-null-error.patch
  build-Workaround-compilation-error-with-.patch
  build-Be-explicit-about-fcommon-compiler.patch
  intel-Avoid-spurious-compiler-warning-on.patch
  golan-Add-explicit-type-casts-for-nodnic.patch
  Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
  ensure-headers-included-are-compatible-w.patch
  Enable-cross-compile-prefix-for-C-compil.patch (fixed differently)
  hw-net-net_tx_pkt-fix-assertion-failure-.patch
  hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch
  s390x-protvirt-allow-to-IPL-secure-guest.patch
  usb-fix-setup_len-init-CVE-2020-14364.patch
  * Patches added:
  meson-install-ivshmem-client-and-ivshmem.patch
  Revert-roms-efirom-tests-uefi-test-tools.patch
  Makefile-Don-t-check-pc-bios-as-pre-requ.patch
  roms-Makefile-add-cross-file-to-qboot-me.patch
  qboot-add-cross.ini-file-to-handle-aarch.patch
  usb-Help-compiler-out-to-avoid-a-warning.patch
- In spec file, where reasonable, switch BuildRequires: XXX-devel
  to be pkgconfig(XXX') instead
- No longer disable link time optimization for qemu for x86. It looks like
  either the build service, qemu code changes and/or the switch to meson
  have resolved issues previously seen there. We still see problems for
  other architectures however.
- For the record, the following issues reported for SUSE SLE15-SP2
  are either fixed in this current package, or are otherwise no longer
  an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370
  bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863
  CVE-2020-16092 CVE-2020-24352
  and the following feature requests are satisfied by this package:
  jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840
- To be more accurate, and to align with other qemu packaging
  practices, rename the qemu-s390 package to qemu-s390x. The old
  name (in the rpm namespace) is provided with a "Provides"
  directive, and an "Obsoletes" done against that name for prior
  qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060)
- Take this opportunity to remove some ancient Split-Provides
  mechanisms which can't conceivably be needed any more:
  qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so
  qemu-guest-agent provided: qemu:%_bindir/qemu-ga
  qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper
- Disable linux-user 'ls' test on 32 bit arm. It's failing with
  "Allocating guest commpage: Cannot allocate memory" error, which
  we should hunt down, but for now we don't want it to prevent the
  package from being built
- Be more careful about what directives are used for qemu-testsuite
- Fix some spec file 'Requires' statements to be accurate to the
  new model of relying on system-user-qemu and system-group-kvm to
  provide the needed users and groups
- Added io_uring support.
- A patch has been applied to virt-manager to handle qemu spice
  related modules not being present, so undo the change from Sep
  30, 2020. Once again qemu-hw-display-qxl and qemu-hw-usb-redirect
  are Recommends and not Required by the qemu package
  (boo#1157320 boo#1176517, boo#1178141)
- For jsc#SLE-11629, change qemu, qemu-tools, and qemu-guest-agent
  to rely on system-user-qemu and system-group-kvm to provide now
  static system UIDs and GID's for qemu user and group, and kvm
  group. This will make guest migration more seamless for new
  installations since there is no chance of having required ID's
  differ in value.
- Add virtio-fs support for s390x (jsc#SLE-13822)
  libvhost-user-handle-endianness-as-manda.patch
  virtio-add-vhost-user-fs-ccw-device.patch
- Note: As part of the "Close the Leap Gap" effort, it's been
  decided that our SDL2 support in qemu is not worth trying
  to maintain. Long ago SLE qemu stopped including SDL2 support and
  now we will do the same for the openSUSE releases going forward.
  Accordingly SDL2 options are now configured out, and the two sub-
  packages which are SDL2 specific, namely qemu-audio-sdl and
  qemu-ui-sdl, are no longer generated, and due to the rpm package
  conflicts used for those packages, they will be uninstalled from
  systems as qemu updates move forward
- Drop e2fsprogs-devel and libpcap-devel as BuildRequires packages.
  They have not actually been needed to build qemu for a very long
  time
- Add more forsplits files
- Create qemu-skiboot sub-package. Use update-alternatives mechanism
  to coordinate with opal-firmware (provided with skiboot package set)
  on the provider of the /usr/share/qemu/skiboot.lid firmware file.
  qemu-skiboot uses a priority of 15, while opal-firmware uses a
  priority of 10 (jsc#SLE-13240)
- Undo part of the split-provides recently done. We have to wait on
  virt-manager to handle qemu modularization better before we make
  qemu-hw-display-qxl and qemu-hw-usb-redirect non-required
  (boo#1157320 boo#1176517)
- Fix spec file, where a conditional macro didn't have the correct
  syntax (bsc#1176766)
- Change qemu-x86 packaging relationship with qemu-microvm from
  Requires to Recommends
- In an effort to "Close the Leap Gap", remove use of is_opensuse
  from the spec file, so that the same packages built for SLE can
  be reused for Leap. Some sub-packages will not be included for
  SLE which are included for Leap. They wil be provided in Package
  Hub for SLE users as unsupported packages. (jsc#SLE-11660,
  jsc#SLE-11661, jsc#SLE-11662, jsc#SLE-11691, jse#SLE-11692,
  jsc#SLE-11894)
- Add infrastructure to do package splits when split-off package
  isn't required and doesn't (otherwise) include any previously
  installed files. This version of qemu has split out non-essential
  functionality into loadable modules, as noted in Aug 20, 2020 log
  entry, which describes the emergency Split-Provides. That approach
  will be superseded by this planned approach, and those dummy doc
  files will be removed in time
  Here is the new mapping:
  subpackage            continuity file provided (files are dummies)
  ==========            ============================================
  qemu-chardev-baum     /usr/share/qemu/forsplits/00
  qemu-hw-display-qxl   /usr/share/qemu/forsplits/01
  qemu-hw-usb-redirect  /usr/share/qemu/forsplits/02
  qemu-hw-usb-smartcard /usr/share/qemu/forsplits/03
- Fix path of qemu-pr-helper. It was a mistake to move it from
  %_bindir to _libexecdir. In more recent qemu code it's been moved
  back, so undo this mistake by providing it at the same location
  as it has been all along
- For SLE15-SP3, note that this update to v5.1.0 is a step towards
  fulfilling jsc#SLE-13689, which asks for qemu v5.2.0 or higher
- Fix some shell syntax in update_git.sh, esp. an issue exposed by
  the most recent patch added
- Fix OOB access while processing USB packets (CVE-2020-14364
  bsc#1175441)
  usb-fix-setup_len-init-CVE-2020-14364.patch
- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
  is the openSUSE one with this entry providing the intervening
  SLE CVE, JIRA, and bugzilla references, which are still addressed
  in this package, and not yet called out in this changes file.
  * CVE-2020-1983  CVE-2020-10761 CVE-2020-13361 CVE-2020-13362
  CVE-2020-13659 CVE-2020-13800
  * bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384
  bsc#1172386 bsc#1172495 bsc#1172710
  * Patches dropped (SLE) (included in current release tarball):
  exec-set-map-length-to-zero-when-returni.patch
  i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch
  megasas-use-unsigned-type-for-reply_queu.patch
- Fix compilation errors seen with pre-release gcc 11
  qht-Revert-some-constification-in-qht.c.patch
  Revert-qht-constify-qht_statistics_init.patch
  help-compiler-out-by-initializing-array.patch
  s390x-Fix-stringop-truncation-issue-repo.patch
- Add Split-Provides mechanism, using doc files which were moved
  in v5.1.0. This allows for the new subpackages to be selected for
  install when the v5.0.0 qemu is updated. These new subpackages are
  not marked as "Required" by any packages, in an effort to reduce
  the dependencies of the core qemu components (boo#1175320)
  v5.0.0 qemu file mapping is provided as follows:
  subpackage            continuity file provided (files are dummies)
  ==========            ============================================
  qemu-chardev-baum     /usr/share/doc/packages/qemu/qemu-ga-ref.html
  qemu-hw-display-qxl   /usr/share/doc/packages/qemu/qemu-ga-ref.txt
  qemu-hw-usb-redirect  /usr/share/doc/packages/qemu/qemu-qmp-ref.html
  qemu-hw-usb-smartcard /usr/share/doc/packages/qemu/qemu-qmp-ref.txt
- Fix wrong usage of %{_libexecdir} for systemd owned paths below
  %{_prefix}/lib.
- Update to v5.1.0: See http://wiki.qemu.org/ChangeLog/5.1
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  the deprecated.html file installed with the qemu package
  Some noteworthy changes:
  * s390: Protected virtualization (secure execute) is fully merged
  upstream
  * s390: vfio-ccw devices no longer require setting the allow
  prefetch bit in the ORB, but is still dependent on host kernel
  support
  * s390: vfio-ccw now has basic support for relaying path state
  changes to the guest
  * PowerPC: pseries: NVDIMMs require label-size property
  * PowerPC: pseries: POWER10 support
  * PowerPC: added interface to inject POWER style NMIs
  * ARM: new board: sonorapass-bmc
  * ARM: new emulated features: ARMv8.2-TTSUXN, ARMv8.5-MemTag
  * ARM: Raspberry Pi boards now support a USB controller
  * ARM: virt board now supports hot-remove memory
  * RISC-V lots of improvements
  * qemu-img resize now requires -shrink to shrinking raw images
  * The mem parameter of the -numa option is no longer recognized
  starting with 5.1 machine types - instead use the memdev parameter
  * The ACPI WAET table is now exposed to guests
  * The max blocksize for virtual storage device is now 2 MiB
  * NVMe improvements
  * Crypto subsystem improvements
  * Block backends and tools: Numerous improvements and fixes
  * Firmware updates: SeaBIOS (essentially v1.14.0), OpenBIOS, SLOF
  (20200717), OpenSBI (v0.7)
  * Patches dropped (upstream unless otherwise noted):
  ati-vga-check-mm_index-before-recursive-.patch
  audio-fix-wavcapture-segfault.patch
  es1370-check-total-frame-count-against-c.patch
  exec-set-map-length-to-zero-when-returni.patch
  gcc10-maybe-uninitialized.patch
  hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
  megasas-use-unsigned-type-for-reply_queu.patch
  nbd-server-Avoid-long-error-message-asse.patch
  ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch
  s390x-Add-SIDA-memory-ops.patch
  s390x-Add-unpack-facility-feature-to-GA1.patch
  s390x-Move-diagnose-308-subcodes-and-rcs.patch
  s390x-protvirt-Add-migration-blocker.patch
  s390x-protvirt-Disable-address-checks-fo.patch
  s390x-protvirt-Handle-SIGP-store-status-.patch
  s390x-protvirt-Inhibit-balloon-when-swit.patch
  s390x-protvirt-KVM-intercept-changes.patch
  s390x-protvirt-Move-diag-308-data-over-S.patch
  s390x-protvirt-Move-IO-control-structure.patch
  s390x-protvirt-Move-STSI-data-over-SIDAD.patch
  s390x-protvirt-SCLP-interpretation.patch
  s390x-protvirt-Set-guest-IPL-PSW.patch
  s390x-protvirt-Support-unpack-facility.patch
  s390x-s390-virtio-ccw-Fix-build-on-syste.patch
  Sync-pv.patch
  tests-Disable-some-block-tests-for-now.patch (no longer needed)
  vga-fix-cirrus-bios.patch
  virtiofsd-add-rlimit-nofile-NUM-option.patch
  virtiofsd-stay-below-fs.file-max-sysctl-.patch
  * Patches renamed:
  build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
  - > Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
  build-Fix-s-directive-argument-is-null-e.patch
  - > Fix-s-directive-argument-is-null-error.patch
  * Patches added:
  hw-hyperv-vmbus-Fix-32bit-compilation.patch
- New subpackages, due to modularization: qemu-chardev-baum,
  qemu-hw-display-qxl, qemu-hw-usb-redirect, qemu-hw-usb-smartcard
- Configure to use "system" libslirp and libdaxctl (libnvdimm)
  when available
- Don't disable cap_cfpc on POWER8 by default (bsc#1174374)
  ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch
- Updating to Sphinx v3.1.2 in Factory is exposing an issue in
  qemu doc sources. Fix it
  docs-fix-trace-docs-build-with-sphinx-3..patch
- Fix DoS possibility in ati-vga emulation (CVE-2020-13800
  bsc#1172495)
  ati-vga-check-mm_index-before-recursive-.patch
- Fix DoS possibility in Network Block Device (nbd) support
  infrastructure (CVE-2020-10761 bsc#1172710)
  nbd-server-Avoid-long-error-message-asse.patch
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS
  8708EM2 emulation (CVE-2020-13659 bsc#1172386)
  exec-set-map-length-to-zero-when-returni.patch
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
  (CVE-2020-13362 bsc#1172383)
  megasas-use-unsigned-type-for-reply_queu.patch
- Fix legacy IGD passthrough
  hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
- The latest gcc10 available in Factory has the fix for the
  issue this patch was created to avoid, so drop it
  build-Work-around-gcc10-bug-by-not-using.patch
- Switch to upstream versions of some patches we carry
  add-enum-cast-to-avoid-gcc10-warning.patch
  - > golan-Add-explicit-type-casts-for-nodnic.patch
  Be-explicit-about-fcommon-compiler-direc.patch
  - > build-Be-explicit-about-fcommon-compiler.patch
  Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
  - > build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
  Fix-s-directive-argument-is-null-error.patch
  - > build-Fix-s-directive-argument-is-null-e.patch
  Workaround-compilation-error-with-gcc-9..patch
  - > build-Workaround-compilation-error-with-.patch
  work-around-gcc10-problem-with-zero-leng.patch
  - > intel-Avoid-spurious-compiler-warning-on.patch
- Fix vgabios issue for cirrus graphics emulation, which
  effectively downgraded it to standard VGA behavior
  vga-fix-cirrus-bios.patch
- Fix OOB access possibility in ES1370 audio device emulation
  (CVE-2020-13361 bsc#1172384)
  es1370-check-total-frame-count-against-c.patch
- Work around gcc 10 bug (boo#1172411)
  build-Work-around-gcc10-bug-by-not-using.patch
- Now that gcc10 compatibility is figured out, remove NO_WERROR=1
  again from ipxe make.
- Fix segfault when doing HMP wavcapture (boo#1171712)
  audio-fix-wavcapture-segfault.patch
- Fix DoS in virtiofsd, where a FUSE client could exhaust the
  number of available open files on the host (CVE-2020-10717
  bsc#1171110)
  virtiofsd-add-rlimit-nofile-NUM-option.patch
  virtiofsd-stay-below-fs.file-max-sysctl-.patch
- Add more fixes for gcc10 compatibility: Use NO_WERROR=1 when
  building ipxe sources, at least until we get gcc10 compatibility
  figured out. Also add patch for explicitly using -fcommon
  (boo#1171140)
  Be-explicit-about-fcommon-compiler-direc.patch
  and fix for tighter enum compatibility checking (boo#1171139)
  add-enum-cast-to-avoid-gcc10-warning.patch
  and a work around for what seems to be a compiler regression
  (boo#1171123)
  work-around-gcc10-problem-with-zero-leng.patch
- Update to v5.0.0: See http://wiki.qemu.org/ChangeLog/5.0
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  the deprecated.html file installed with the qemu package
  Some noteworthy changes:
  * x86: EPYC-Rome vcpu model
  * x86: vcpu model fixes for EPYC, Denverton, and Icelake-Server
  * s390: (as previously mentioned) Protected Virtualization support:
  start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
  * s390: support for Adapter Interrupt Suppression while running in
  KVM mode
  * PowerPC: pseries: NVDIMMs with file backend supported
  * PowerPC: powernv: KVM guests now runnable under TCG emulation
  * PowerPC: powernv: Basic POWER10 support
  * ARM: new boards: tacoma-bmc, Netduindo Plus 2, Orangepi PC
  * ARM: 'virt' machine now supports vTPM and virtio-iommu devices
  * ARM:Cortex-M7 CPU support
  * ARM: Lots of architecture features now emulated
  * ARM: TPM supported
  * ARM: Timekeeping improvements
  * ARM: LOTS more - refer to upstream changelog
  * virtio-iommu
  * VNC compatibility with noVNC improved
  * Support for using memory backends for main/"built-in" guest RAM
  * hostmem backends can now specify prealloc thread count
  * Better Azure compatibility of VHD images
  * Ceph namespaces supported
  * Compress block filter driver can create compressed backup images
  * virtiofsd availble for host filesystem passthrough
  * Improved html based documentation is provided with this release
  * Live migration support for external processes running on QEMU D-Bus
  * Patches dropped (upstream unless otherwise noted):
  i386-Add-MSR-feature-bit-for-MDS-NO.patch
  i386-Add-macro-for-stibp.patch
  i386-Add-new-CPU-model-Cooperlake.patch
  arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch
  iotests-Skip-test-060-if-it-is-not-possi.patch
  iotests-Skip-test-079-if-it-is-not-possi.patch
  Revert-qemu-options.hx-Update-for-reboot.patch
  iotests-Provide-a-function-for-checking-.patch
  Fix-double-free-issue-in-qemu_set_log_fi.patch
  iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch
  virtio-blk-fix-out-of-bounds-access-to-b.patch
  block-Activate-recursively-even-for-alre.patch
  i386-Resolve-CPU-models-to-v1-by-default.patch
  numa-properly-check-if-numa-is-supported.patch
  vhost-user-gpu-Drop-trailing-json-comma.patch
  display-bochs-display-fix-memory-leak.patch
  hw-arm-smmuv3-Apply-address-mask-to-line.patch
  hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch
  hw-arm-smmuv3-Check-stream-IDs-against-a.patch
  hw-arm-smmuv3-Align-stream-table-base-ad.patch
  hw-arm-smmuv3-Use-correct-bit-positions-.patch
  hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch
  block-Add-bdrv_qapi_perm_to_blk_perm.patch
  blkdebug-Allow-taking-unsharing-permissi.patch
  virtio-add-ability-to-delete-vq-through-.patch
  virtio-update-queue-size-on-guest-write.patch
  virtio-don-t-enable-notifications-during.patch
  numa-Extend-CLI-to-provide-initiator-inf.patch
  numa-Extend-CLI-to-provide-memory-latenc.patch
  numa-Extend-CLI-to-provide-memory-side-c.patch
  hmat-acpi-Build-Memory-Proximity-Domain-.patch
  hmat-acpi-Build-System-Locality-Latency-.patch
  hmat-acpi-Build-Memory-Side-Cache-Inform.patch
  tests-numa-Add-case-for-QMP-build-HMAT.patch
  qcow2-bitmaps-fix-qcow2_can_store_new_di.patch
  backup-top-Begin-drain-earlier.patch
  virtio-mmio-update-queue-size-on-guest-w.patch
  virtio-net-delete-also-control-queue-whe.patch
  intel_iommu-a-fix-to-vtd_find_as_from_bu.patch
  target-i386-Add-new-bit-definitions-of-M.patch
  target-i386-Add-missed-features-to-Coope.patch
  hw-i386-pc-fix-regression-in-parsing-vga.patch
  migration-test-ppc64-fix-FORTH-test-prog.patch
  target-arm-Return-correct-IL-bit-in-merg.patch
  target-arm-Set-ISSIs16Bit-in-make_issinf.patch
  runstate-ignore-finishmigrate-prelaunch-.patch
  migration-Rate-limit-inside-host-pages.patch
  m68k-Fix-regression-causing-Single-Step-.patch
  Revert-vnc-allow-fall-back-to-RAW-encodi.patch
  vnc-prioritize-ZRLE-compression-over-ZLI.patch
  target-i386-kvm-initialize-feature-MSRs-.patch
  s390x-adapter-routes-error-handling.patch
  iscsi-Cap-block-count-from-GET-LBA-STATU.patch
  block-backup-fix-memory-leak-in-bdrv_bac.patch
  tpm-ppi-page-align-PPI-RAM.patch
  hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch
  target-arm-fix-TCG-leak-for-fcvt-half-do.patch
  block-fix-memleaks-in-bdrv_refresh_filen.patch
  block-backup-top-fix-failure-path.patch
  iotests-add-test-for-backup-top-failure-.patch
  audio-oss-fix-buffer-pos-calculation.patch
  target-arm-monitor-query-cpu-model-expan.patch
  block-fix-crash-on-zero-length-unaligned.patch
  block-Fix-VM-size-field-width-in-snapsho.patch
  target-arm-Correct-definition-of-PMCRDP.patch
  block-nbd-extract-the-common-cleanup-cod.patch
  block-nbd-fix-memory-leak-in-nbd_open.patch
  virtio-crypto-do-delete-ctrl_vq-in-virti.patch
  virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch
  vhost-user-blk-delete-virtioqueues-in-un.patch
  hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch
  pc-bios-s390x-Save-iplb-location-in-lowc.patch
  iotests-Fix-nonportable-use-of-od-endian.patch
  block-qcow2-threads-fix-qcow2_decompress.patch
  job-refactor-progress-to-separate-object.patch
  block-block-copy-fix-progress-calculatio.patch
  block-io-fix-bdrv_co_do_copy_on_readv.patch
  scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch
  target-ppc-Fix-rlwinm-on-ppc64.patch
  compat-disable-edid-on-correct-virtio-gp.patch
  ppc-ppc405_boards-Remove-unnecessary-NUL.patch
  block-Avoid-memleak-on-qcow2-image-info-.patch
  block-bdrv_set_backing_bs-fix-use-after-.patch
  hmp-vnc-Fix-info-vnc-list-leak.patch
  migration-colo-fix-use-after-free-of-loc.patch
  migration-ram-fix-use-after-free-of-loca.patch
  qcow2-List-autoclear-bit-names-in-header.patch
  sheepdog-Consistently-set-bdrv_has_zero_.patch
  target-arm-Fix-PAuth-sbox-functions.patch
  tcg-i386-Fix-INDEX_op_dup2_vec.patch
  net-tulip-check-frame-size-and-r-w-data-.patch
  target-i386-do-not-set-unsupported-VMX-s.patch
  spapr-Fix-failure-path-for-attempting-to.patch
  ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch
  xen-block-Fix-double-qlist-remove-and-re.patch
  vpc-Don-t-round-up-already-aligned-BAT-s.patch
  target-xtensa-fix-pasto-in-pfwait.r-opco.patch
  aio-wait-delegate-polling-of-main-AioCon.patch
  async-use-explicit-memory-barriers.patch
  tcg-mips-mips-sync-encode-error.patch
  vhost-user-gpu-Release-memory-returned-b.patch
  vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch (no pc-0.15)
  hw-i386-disable-smbus-migration-for-xenf.patch
  s390x-Don-t-do-a-normal-reset-on-the-ini.patch
  s390x-Move-reset-normal-to-shared-reset-.patch
  s390x-Move-initial-reset.patch
  s390x-Move-clear-reset.patch
  s390x-kvm-Make-kvm_sclp_service_call-voi.patch
  s390x-ipl-Consolidate-iplb-validity-chec.patch
  s390x-Beautify-diag308-handling.patch
  s390x-Add-missing-vcpu-reset-functions.patch
  s390-sclp-improve-special-wait-psw-logic.patch
  vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
  util-add-slirp_fmt-helpers.patch
  slirp-use-correct-size-while-emulating-I.patch
  tcp_emu-Fix-oob-access.patch
  slirp-use-correct-size-while-emulating-c.patch
  tcp_emu-fix-unsafe-snprintf-usages.patch
- For SLE builds, leverage the html documentation by adding a link
  to the SUSE specific support documentation (the *.txt support doc
  was slightly tweaked to be acceptable as reStructuredText for
  conversion to html)
  docs-add-SUSE-support-statements-to-html.patch
-Fix potential DoS in ATI VGA emulation (CVE-2020-11869
  bsc#1170537)
  ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch
- Minor tweaks to patches and support doc
- Add gcc10-maybe-uninitialized.patch in order to fix
  boo#1169728.
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  spapr-Fix-failure-path-for-attempting-to.patch
  target-i386-do-not-set-unsupported-VMX-s.patch
  target-xtensa-fix-pasto-in-pfwait.r-opco.patch
  tcg-i386-Fix-INDEX_op_dup2_vec.patch
  tcg-mips-mips-sync-encode-error.patch
  vhost-user-gpu-Release-memory-returned-b.patch
  vpc-Don-t-round-up-already-aligned-BAT-s.patch
  xen-block-Fix-double-qlist-remove-and-re.patch
- Fix bug causing weak encryption in PAuth for ARM
  (CVE-2020-10702 bsc#1168681)
  target-arm-Fix-PAuth-sbox-functions.patch
- Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713
  net-tulip-check-frame-size-and-r-w-data-.patch
- Note that previously included patch addresses CVE-2020-1711
  and bsc#1166240
  iscsi-Cap-block-count-from-GET-LBA-STATU.patch
- Include performance improvement (and related?) patch
  aio-wait-delegate-polling-of-main-AioCon.patch
  async-use-explicit-memory-barriers.patch
- Rework previous patch at Olaf H.'s direction
  hw-i386-disable-smbus-migration-for-xenf.patch
- Eliminate is_opensuse usage in producing seabios version string
  what we are doing here is just replacing the upstream string
  with one indicating that the openSUSE build service built it,
  and so just leave it as "-rebuilt.opensuse.org"
- Alter algorithm used to produce "unique" symbol for coordinating
  qemu with the optional modules it may load. This is a reasonable
  relaxation for broader compatibility
  configure-remove-pkgversion-from-CONFIG_.patch
- Tweak supported.*.txt for latest deprecations, and other fixes
- Tweak update_git.sh, config.sh
- One more fix is needed for: s390x Protected Virtualization support
  - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
  s390x-s390-virtio-ccw-Fix-build-on-syste.patch
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  block-Avoid-memleak-on-qcow2-image-info-.patch
  block-bdrv_set_backing_bs-fix-use-after-.patch
  hmp-vnc-Fix-info-vnc-list-leak.patch
  migration-colo-fix-use-after-free-of-loc.patch
  migration-ram-fix-use-after-free-of-loca.patch
  ppc-ppc405_boards-Remove-unnecessary-NUL.patch
  qcow2-List-autoclear-bit-names-in-header.patch
  scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch
  sheepdog-Consistently-set-bdrv_has_zero_.patch
- Note The previous set of s390x patches also includes the fix for:
  bsc#1167445
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  block-io-fix-bdrv_co_do_copy_on_readv.patch
  compat-disable-edid-on-correct-virtio-gp.patch
  target-ppc-Fix-rlwinm-on-ppc64.patch
  vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
- s390x Protected Virtualization support - start and control guest
  in secure mode. (note: binary patch from patch series dropped since
  for s390x we rebuild the patched binary anyways) (bsc#1167075
  jsc#SLE-7407)
  s390-sclp-improve-special-wait-psw-logic.patch
  s390x-Add-missing-vcpu-reset-functions.patch
  s390x-Add-SIDA-memory-ops.patch
  s390x-Add-unpack-facility-feature-to-GA1.patch
  s390x-Beautify-diag308-handling.patch
  s390x-Don-t-do-a-normal-reset-on-the-ini.patch
  s390x-ipl-Consolidate-iplb-validity-chec.patch
  s390x-kvm-Make-kvm_sclp_service_call-voi.patch
  s390x-Move-clear-reset.patch
  s390x-Move-diagnose-308-subcodes-and-rcs.patch
  s390x-Move-initial-reset.patch
  s390x-Move-reset-normal-to-shared-reset-.patch
  s390x-protvirt-Add-migration-blocker.patch
  s390x-protvirt-Disable-address-checks-fo.patch
  s390x-protvirt-Handle-SIGP-store-status-.patch
  s390x-protvirt-Inhibit-balloon-when-swit.patch
  s390x-protvirt-KVM-intercept-changes.patch
  s390x-protvirt-Move-diag-308-data-over-S.patch
  s390x-protvirt-Move-IO-control-structure.patch
  s390x-protvirt-Move-STSI-data-over-SIDAD.patch
  s390x-protvirt-SCLP-interpretation.patch
  s390x-protvirt-Set-guest-IPL-PSW.patch
  s390x-protvirt-Support-unpack-facility.patch
  Sync-pv.patch
- Fix the issue that s390x could not read IPL channel program when using
  dasd as boot device (bsc#1163140)
  pc-bios-s390x-Save-iplb-location-in-lowc.patch
- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018
  bsc#1161066 CVE-2020-7039)
  slirp-use-correct-size-while-emulating-c.patch
  slirp-use-correct-size-while-emulating-I.patch
  tcp_emu-Fix-oob-access.patch
  tcp_emu-fix-unsafe-snprintf-usages.patch
  util-add-slirp_fmt-helpers.patch
- Replace this patch with upstream version
  target-arm-monitor-query-cpu-model-expan.patch
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  audio-oss-fix-buffer-pos-calculation.patch
  blkdebug-Allow-taking-unsharing-permissi.patch
  block-Add-bdrv_qapi_perm_to_blk_perm.patch
  block-backup-top-fix-failure-path.patch
  block-block-copy-fix-progress-calculatio.patch
  block-fix-crash-on-zero-length-unaligned.patch
  block-fix-memleaks-in-bdrv_refresh_filen.patch
  block-Fix-VM-size-field-width-in-snapsho.patch
  block-nbd-extract-the-common-cleanup-cod.patch
  block-nbd-fix-memory-leak-in-nbd_open.patch
  block-qcow2-threads-fix-qcow2_decompress.patch
  hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch
  hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch
  iotests-add-test-for-backup-top-failure-.patch
  iotests-Fix-nonportable-use-of-od-endian.patch
  job-refactor-progress-to-separate-object.patch
  target-arm-Correct-definition-of-PMCRDP.patch
  target-arm-fix-TCG-leak-for-fcvt-half-do.patch
  tpm-ppi-page-align-PPI-RAM.patch
  vhost-user-blk-delete-virtioqueues-in-un.patch
  virtio-add-ability-to-delete-vq-through-.patch
  virtio-crypto-do-delete-ctrl_vq-in-virti.patch
  virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch
- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since
  for a qemu package upgrade from SLE12-SP5, support for SDL is
  dropped
- Fix xenfv migration from xen host with pre-v4.0 qemu. We had
  previously dropped a similar patch, but have decided that for now
  we need to go with this type of solution (bsc#1159755)
  hw-i386-disable-smbus-migration-for-xenf.patch
- Avoid query-cpu-model-expansion crashed qemu when using
  machine type none, patch is queued in upstream now, will
  update commit id later (bsc#1159443)
  target-arm-monitor-query-cpu-model-expan.patch
- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow
  OBS to shortcut through -mini flavors.
- Stop using system membarriers (ie switch from --enable-membarrier
  to --disable-membarrier). This is a blocker for using qemu in the
  context of containers (boo#1130134 jsc#SLE-11089)
- Drop this recently added patch - in consultation with upstream it
  was decided it needed to be solved a different way (bsc#1159755)
  hw-i386-disable-smbus-migration-for-xenf.patch
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  block-backup-fix-memory-leak-in-bdrv_bac.patch
  iscsi-Cap-block-count-from-GET-LBA-STATU.patch
  s390x-adapter-routes-error-handling.patch
  target-i386-kvm-initialize-feature-MSRs-.patch
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  hw-i386-pc-fix-regression-in-parsing-vga.patch
  m68k-Fix-regression-causing-Single-Step-.patch
  migration-Rate-limit-inside-host-pages.patch
  migration-test-ppc64-fix-FORTH-test-prog.patch
  Revert-vnc-allow-fall-back-to-RAW-encodi.patch
  runstate-ignore-finishmigrate-prelaunch-.patch
  target-arm-Return-correct-IL-bit-in-merg.patch
  target-arm-Set-ISSIs16Bit-in-make_issinf.patch
  vnc-prioritize-ZRLE-compression-over-ZLI.patch
- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to
  shortcut through the -mini flavors.
- Use systemd_ordering in place of systemd_requires: systemd is
  never a strict requirement for qemu; but when installing qemu on
  a systemd-managed system, we want system to be present first.
- Fix xenfv migration from xen host with pre-v4.0 qemu (bsc#1159755)
  hw-i386-disable-smbus-migration-for-xenf.patch
- Create files within bundles.tar.xz with fixed timestamp and uid
- Add a %bcond_without system_membarrier along with related
  processing to the spec file, to better investigate running QEMU
  with the --disable-membarrier configure option
- Include upstream patches targeted for the next stable release
  (bug fixes only)
  arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch
  backup-top-Begin-drain-earlier.patch
  block-Activate-recursively-even-for-alre.patch
  display-bochs-display-fix-memory-leak.patch
  Fix-double-free-issue-in-qemu_set_log_fi.patch
  hw-arm-smmuv3-Align-stream-table-base-ad.patch
  hw-arm-smmuv3-Apply-address-mask-to-line.patch
  hw-arm-smmuv3-Check-stream-IDs-against-a.patch
  hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch
  hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch
  hw-arm-smmuv3-Use-correct-bit-positions-.patch
  i386-Resolve-CPU-models-to-v1-by-default.patch
  intel_iommu-a-fix-to-vtd_find_as_from_bu.patch
  iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch
  iotests-Provide-a-function-for-checking-.patch
  iotests-Skip-test-060-if-it-is-not-possi.patch
  iotests-Skip-test-079-if-it-is-not-possi.patch
  numa-properly-check-if-numa-is-supported.patch
  qcow2-bitmaps-fix-qcow2_can_store_new_di.patch
  Revert-qemu-options.hx-Update-for-reboot.patch
  vhost-user-gpu-Drop-trailing-json-comma.patch
  virtio-blk-fix-out-of-bounds-access-to-b.patch
  virtio-mmio-update-queue-size-on-guest-w.patch
  virtio-net-delete-also-control-queue-whe.patch
  virtio-update-queue-size-on-guest-write.patch
- Include performance improvement
  virtio-don-t-enable-notifications-during.patch
- Repair incorrect packaging references to Jira tracked features
- Add Cooperlake vcpu model (jsc#SLE-7923)
  i386-Add-MSR-feature-bit-for-MDS-NO.patch
  i386-Add-macro-for-stibp.patch
  i386-Add-new-CPU-model-Cooperlake.patch
  target-i386-Add-new-bit-definitions-of-M.patch
  target-i386-Add-missed-features-to-Coope.patch
- Add HMAT support (jsc#SLE-8897) (the test case for this series
  isn't included because we aren't set up to handle binary patches)
  numa-Extend-CLI-to-provide-initiator-inf.patch
  numa-Extend-CLI-to-provide-memory-latenc.patch
  numa-Extend-CLI-to-provide-memory-side-c.patch
  hmat-acpi-Build-Memory-Proximity-Domain-.patch
  hmat-acpi-Build-System-Locality-Latency-.patch
  hmat-acpi-Build-Memory-Side-Cache-Inform.patch
  tests-numa-Add-case-for-QMP-build-HMAT.patch
- Update to v4.2.0: See http://wiki.qemu.org/ChangeLog/4.2
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  Appendix B of the qemu-doc.* files installed with the qemu package
  Some noteworthy changes:
  * x86: Denverton, Snowridge, and Dhyana CPU models added
  * x86: Latest version of all CPU models how have TSX (HLE and RTM)
  disabled by default
  * x86: Support for AVX512 BFloat16 extensions
  * x86: VMX features exposed more accurately and controllably
  * s390: TCG now implements IEP (Instruction Execution Protection)
  * PowerPC: POWER8 and POWER9 non-virtualized machines separated out
  * PowerPC: RTAS now comes from SLOF instead of QEMU itself
  * PowerPC: Unplug of multifunction PCI devices now unplugs the
  whole slot, as in x86
  * ARM: Support for >256 CPUs with KVM is fixed
  * ARM: Memory hotplug now supported , when using UEFI, ACPI, for
  virt machine type
  * ARM: SVE support possuble now for KVM guests
  * ARM: ACPI generic event device can now deliver powerdown event
  * The backend device can be specified for a guest audio device
  * virtio v1.1 packed virtqueues supported
  * Socket based character device backends now support TCP keep-alive
  * Use encryption library cipher mode facilities, allowing improved
  performance for eg. AES-XTS encrption
  * Misc block device improvements, esp. with nbd
- See the following few release-candidate changelog entries for
  additional changes related to this release
- Switched package build to be out-of-tree
- Update to v4.2.0-rc5: See http://wiki.qemu.org/ChangeLog/4.2
- Update to v4.2.0-rc4: See http://wiki.qemu.org/ChangeLog/4.2
  * Update the support documents used for SUSE SLE releases to cover
  this qemu release
- Update to v4.2.0-rc3: See http://wiki.qemu.org/ChangeLog/4.2
  * Patches dropped (upstream unless otherwise noted):
  ati-add-edid-support.patch
  ati-vga-add-rage128-edid-support.patch
  ati-vga-fix-ati_read.patch
  ati-vga-make-i2c-register-and-bits-confi.patch
  ati-vga-make-less-verbose.patch
  ati-vga-try-vga-ddc-first.patch
  Disable-Waddress-of-packed-member-for-GC.patch
  hdata-vpd-fix-printing-char-0x00.patch
  target-i386-add-PSCHANGE_NO-bit-for-the-.patch
  target-i386-Export-TAA_NO-bit-to-guests.patch
  vbe-add-edid-support.patch
  vga-add-ati-bios-tables.patch
  vga-add-atiext-driver.patch
  vga-make-memcpy_high-public.patch
  vga-move-modelist-from-bochsvga.c-to-new.patch
  * Patches added:
  Enable-cross-compile-prefix-for-C-compil.patch
  ensure-headers-included-are-compatible-w.patch
  roms-Makefile-enable-cross-compile-for-b.patch
  * Add qemu-ui-spice-app package containing ui-spice-app.so
  * Add qemu-microvm package containing bios-microvm.bin
- Add descriptors for the 128k and 256k SeaBios firmware images
- For the record, the following issues reported for SUSE SLE15-SP1
  are either fixed in this current package, or are otherwise not an
  issue: bsc#1079730 bsc#1098403 bsc#1111025 bsc#1128106 bsc#1133031
  bsc#1134883 bsc#1135210 bsc#1135902 bsc#1136540 bsc#1136778
  bsc#1138534 bsc#1140402 bsc#1143794 bsc#1145379 bsc#1144087
  bsc#1145427 bsc#1145436 bsc#1145774 bsc#1146873 bsc#1149811
  bsc#1152506 bsc#1155812 bsc#1156642 CVE-2018-12207 CVE-2019-5008
  CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164
  CVE-2019-14378 CVE-2019-15890, and the following feature requests
  are satisfied by this package: fate#327410 fate#327764 fate#327796
  jsc#SLE-4883 jsc#SLE-6132 jsc#SLE-6237 jsc#SLE-6754
- Expose pschange-mc-no "feature", indicating CPU does not have
  the page size change machine check vulnerability (CVE-2018-12207
  bsc#1155812)
  target-i386-add-PSCHANGE_NO-bit-for-the-.patch
- Expose taa-no "feature", indicating CPU does not have the
  TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
  target-i386-Export-TAA_NO-bit-to-guests.patch
  Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Update to v4.1.1, a stable, bug-fix-only release
  * Besides incorporating the following fixes we already carried, it
  includes about the same number of other, similar type fixes
  which we hadn't yet incorporated.
  * Patches dropped (subsumed by stable update):
  block-Add-bdrv_co_get_self_request.patch
  block-create-Do-not-abort-if-a-block-dri.patch
  block-file-posix-Let-post-EOF-fallocate-.patch
  block-file-posix-Reduce-xfsctl-use.patch
  block-io-refactor-padding.patch
  blockjob-update-nodes-head-while-removin.patch
  block-Make-wait-mark-serialising-request.patch
  block-nfs-tear-down-aio-before-nfs_close.patch
  coroutine-Add-qemu_co_mutex_assert_locke.patch
  curl-Check-completion-in-curl_multi_do.patch
  curl-Handle-success-in-multi_check_compl.patch
  curl-Keep-pointer-to-the-CURLState-in-CU.patch
  curl-Keep-socket-until-the-end-of-curl_s.patch
  curl-Pass-CURLSocket-to-curl_multi_do.patch
  curl-Report-only-ready-sockets.patch
  hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
  hw-core-loader-Fix-possible-crash-in-rom.patch
  make-release-pull-in-edk2-submodules-so-.patch
  memory-Provide-an-equality-function-for-.patch
  mirror-Keep-mirror_top_bs-drained-after-.patch
  pr-manager-Fix-invalid-g_free-crash-bug.patch
  qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
  qcow2-Fix-corruption-bug-in-qcow2_detect.patch
  qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
  qcow2-Fix-the-calculation-of-the-maximum.patch
  roms-Makefile.edk2-don-t-pull-in-submodu.patch
  s390-PCI-fix-IOMMU-region-init.patch
  s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
  target-alpha-fix-tlb_fill-trap_arg2-valu.patch
  target-arm-Don-t-abort-on-M-profile-exce.patch
  target-arm-Free-TCG-temps-in-trans_VMOV_.patch
  util-iov-introduce-qemu_iovec_init_exten.patch
  vhost-Fix-memory-region-section-comparis.patch
  vpc-Return-0-from-vpc_co_create-on-succe.patch
  Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Fix %arm builds
- Fix two issues with qcow2 image processing which could affect
  disk integrity
  qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
  qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
- Work around a host kernel xfs bug which can result in qcow2 image
  corruption
  block-io-refactor-padding.patch
  util-iov-introduce-qemu_iovec_init_exten.patch
  block-Make-wait-mark-serialising-request.patch
  block-Add-bdrv_co_get_self_request.patch
  block-file-posix-Let-post-EOF-fallocate-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Correct package names in _constraints after switch to multibuild.
- Address potential corruption when using qcow2 images
  coroutine-Add-qemu_co_mutex_assert_locke.patch
  qcow2-Fix-corruption-bug-in-qcow2_detect.patch
- Include more tweaks to our packaging workflow scripts - this will
  continue as we refine the scripts
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- use %gcc_version for cross compilers (boo#1153703)
- Add upstream edk2 submodule fix for creating tarball
- Switch to upstream patch for avoiding git ref in edk2 makefile
- Fix failing block tests which aren't compatible with the configure
  option --enable-membarrier
  * Patches dropped:
  roms-Makefile.edk2-don-t-invoke-git-sinc.patch
  tests-block-io-test-130-needs-some-delay.patch
  * Patches added:
  make-release-pull-in-edk2-submodules-so-.patch
  roms-Makefile.edk2-don-t-pull-in-submodu.patch
  tests-Fix-block-tests-to-be-compatible-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Reduce the cross compiler versions we rely on
- Fix some qemu-testsuite issues, reducing known error cases
  test-add-mapping-from-arch-of-i686-to-qe.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Since our spec file has bashisms, include the following in the
  spec file: %define _buildshell /bin/bash
- Disable some block tests which randomly fail. This is in context
  of the build service build of qemu-testsuite
  tests-Disable-some-block-tests-for-now.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Add some post v4.1.0 upstream stable patches
  * Patches added:
  mirror-Keep-mirror_top_bs-drained-after-.patch
  s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
  target-alpha-fix-tlb_fill-trap_arg2-valu.patch
  target-arm-Free-TCG-temps-in-trans_VMOV_.patch
  target-arm-Don-t-abort-on-M-profile-exce.patch
  qcow2-Fix-the-calculation-of-the-maximum.patch
  block-file-posix-Reduce-xfsctl-use.patch
  pr-manager-Fix-invalid-g_free-crash-bug.patch
  vpc-Return-0-from-vpc_co_create-on-succe.patch
  block-nfs-tear-down-aio-before-nfs_close.patch
  block-create-Do-not-abort-if-a-block-dri.patch
  curl-Keep-pointer-to-the-CURLState-in-CU.patch
  curl-Keep-socket-until-the-end-of-curl_s.patch
  curl-Check-completion-in-curl_multi_do.patch
  curl-Pass-CURLSocket-to-curl_multi_do.patch
  curl-Report-only-ready-sockets.patch
  curl-Handle-success-in-multi_check_compl.patch
  blockjob-update-nodes-head-while-removin.patch
  memory-Provide-an-equality-function-for-.patch
  vhost-Fix-memory-region-section-comparis.patch
  hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
  s390-PCI-fix-IOMMU-region-init.patch
  hw-core-loader-Fix-possible-crash-in-rom.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Include more tweaks to our packaging workflow scripts
- Produce qemu-linux-user and qemu-testsuite via the build service
  multibuild capability, instead of duplicating the spec file and
  using package link in build service
  * combine qemu-linux-user spec file into main qemu spec file. Since
  this model uses a single changelog, here are some historicial
  mentions from the now unused qemu-linux-user.changes (delta from
  qemu's was quite minimal):
  - Adjust to a v5.2 linux kernel change regarding SIOCGSTAMP
  - Fix pwrite64/pread64 to return 0 over -1 for a
    zero length NULL buffer in qemu (bsc#1121600)
  * bsc#1112499
  * Since qemu-testsuite.spec and qemu-testsuite.changes were just
  copies of the main qemu version nothing needs to be done there
- Build opensbi from source on riscv64
- Update to v4.1.0: See http://wiki.qemu.org/ChangeLog/4.1
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  Appendix B of the qemu-doc.* files installed with the qemu package
  Some noteworthy changes:
  * x86: CPU models are now versioned
  * x86: CPU die topology can now be configured
  * x86: New Hygon Dhyana and Intel Snowridge CPU models
  * s390: The bios now supports IPL (boot) from ECKD DASD assigned
  to the guest via vfio-ccw
  * s390: The bios now tolerates the presence of bootmap signature
  entries written by zipl
  * PowerPC: pseries machine now supports KVM acceleration
  (kernel_irqchip=on) of the XIVE interrupt controller
  * PowerPC: pseries now supports hot-plug of PCI bridges and hot-plug
  and unplug of devices under PCI bridges
  * ARM: QEMU now supports emulating an FPU for Cortex-M CPUs, and the
  Cortex-M4 and Cortex-M33 now provide the FP
  * Python 2 support is deprecated
  * UEFI platform firmware binaries, and matching variable store
  templates are now installed
  * Now it's possible to specify memory-less NUMA node when using
  "-numa node,memdev" options
  * Possible to trigger self announcement on specific network interfaces
  * Default memory distribution between NUMA nodes is now deprecated
  * Fallback to normal RAM allocation if QEMU is not able to allocate
  from the "-mem-path" provided file/filesystem is now deprecated
  * virtio-gpu 2d/3d rendering may now be offloaded to an external
  vhost-user process, such as QEMU vhost-user-gpu
  * QEMU will automatically try to use the MAP_SYNC mmap flag for memory
  backends configured with pmem=on,share=on
  * Additional SeaVGABIOS patches added for vga-ati compatibility
- Drop attempt at build compatibility with SLE12
- New sub-packages: qemu-edk2, qemu-vhost-user-gpu
- Conditionalize building of qemu-edk2 (and leave unbuilt for now)
- Implement new packaging workflow, includes no longer numbering
  patches, and having the "current git repo" stored with the package
  in the form of git bundles
  * Patches dropped (upstream unless otherwise noted):
  0027-tests-test-thread-pool-is-racy-add-.patch
  0032-tests-Fix-Makefile-handling-of-chec.patch
  0034-Revert-target-i386-kvm-add-VMX-migr.patch
  0036-sockets-avoid-string-truncation-war.patch
  0039-linux-user-avoid-string-truncation-.patch
  0040-linux-user-elfload-Fix-GCC-9-build-.patch
  0041-qxl-avoid-unaligned-pointer-reads-w.patch
  0042-libvhost-user-fix-Waddress-of-packe.patch
  0043-target-i386-define-md-clear-bit.patch
  0045-kbd-state-fix-autorepeat-handling.patch
  0046-target-ppc-ensure-we-get-null-termi.patch
  0049-qxl-check-release-info-object.patch
  0050-qemu-bridge-helper-restrict-interfa.patch
  0051-linux-user-fix-to-handle-variably-s.patch
  ipxe-use-gcc6-for-more-compact-code.patch (no longer needed)
  (the next three are replaced by the upstream equivalent)
  ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
  ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
  ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch
  slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
  * Patches renamed:
  0001-XXX-dont-dump-core-on-sigabort.patch
  - > XXX-dont-dump-core-on-sigabort.patch
  0002-qemu-binfmt-conf-Modify-default-pat.patch
  - > qemu-binfmt-conf-Modify-default-path.patch
  0003-qemu-cvs-gettimeofday.patch
  - > qemu-cvs-gettimeofday.patch
  0004-qemu-cvs-ioctl_debug.patch
  - > qemu-cvs-ioctl_debug.patch
  0005-qemu-cvs-ioctl_nodirection.patch
  - > qemu-cvs-ioctl_nodirection.patch
  0006-linux-user-add-binfmt-wrapper-for-a.patch
  - > linux-user-add-binfmt-wrapper-for-argv-0.patch
  0007-PPC-KVM-Disable-mmu-notifier-check.patch
  - > PPC-KVM-Disable-mmu-notifier-check.patch
  0008-linux-user-binfmt-support-host-bina.patch
  - > linux-user-binfmt-support-host-binaries.patch
  0009-linux-user-Fake-proc-cpuinfo.patch
  - > linux-user-Fake-proc-cpuinfo.patch
  0010-linux-user-use-target_ulong.patch
  - > linux-user-use-target_ulong.patch
  0011-Make-char-muxer-more-robust-wrt-sma.patch
  - > Make-char-muxer-more-robust-wrt-small-FI.patch
  0012-linux-user-lseek-explicitly-cast-no.patch
  - > linux-user-lseek-explicitly-cast-non-set.patch
  0013-AIO-Reduce-number-of-threads-for-32.patch
  - > AIO-Reduce-number-of-threads-for-32bit-h.patch
  0014-xen_disk-Add-suse-specific-flush-di.patch
  - > xen_disk-Add-suse-specific-flush-disable.patch
  0015-qemu-bridge-helper-reduce-security-.patch
  - > qemu-bridge-helper-reduce-security-profi.patch
  0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  - > qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
  0017-linux-user-properly-test-for-infini.patch
  - > linux-user-properly-test-for-infinite-ti.patch
  0018-roms-Makefile-pass-a-packaging-time.patch
  - > roms-Makefile-pass-a-packaging-timestamp.patch
  0019-Raise-soft-address-space-limit-to-h.patch
  - > Raise-soft-address-space-limit-to-hard-l.patch
  0020-increase-x86_64-physical-bits-to-42.patch
  - > increase-x86_64-physical-bits-to-42.patch
  0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  - > vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
  0022-i8254-Fix-migration-from-SLE11-SP2.patch
  - > i8254-Fix-migration-from-SLE11-SP2.patch
  0023-acpi_piix4-Fix-migration-from-SLE11.patch
  - > acpi_piix4-Fix-migration-from-SLE11-SP2.patch
  0024-Switch-order-of-libraries-for-mpath.patch
  - > Switch-order-of-libraries-for-mpath-supp.patch
  0025-Make-installed-scripts-explicitly-p.patch
  - > Make-installed-scripts-explicitly-python.patch
  0026-hw-smbios-handle-both-file-formats-.patch
  - > hw-smbios-handle-both-file-formats-regar.patch
  0028-xen-add-block-resize-support-for-xe.patch
  - > xen-add-block-resize-support-for-xen-dis.patch
  0029-tests-qemu-iotests-Triple-timeout-o.patch
  - > tests-qemu-iotests-Triple-timeout-of-i-o.patch
  0030-tests-block-io-test-130-needs-some-.patch
  - > tests-block-io-test-130-needs-some-delay.patch
  0031-xen-ignore-live-parameter-from-xen-.patch
  - > xen-ignore-live-parameter-from-xen-save-.patch
  0033-Conditionalize-ui-bitmap-installati.patch
  - > Conditionalize-ui-bitmap-installation-be.patch
  0035-tests-change-error-message-in-test-.patch
  - > tests-change-error-message-in-test-162.patch
  0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch
  - > hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
  0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch
  - > hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
  0044-hw-intc-exynos4210_gic-provide-more.patch
  - > hw-intc-exynos4210_gic-provide-more-room.patch
  0047-configure-only-populate-roms-if-sof.patch
  - > configure-only-populate-roms-if-softmmu.patch
  0048-pc-bios-s390-ccw-net-avoid-warning-.patch
  - > pc-bios-s390-ccw-net-avoid-warning-about.patch
  keycodemapdb-make-keycode-gen-output-reproducible.patch
  - > Make-keycode-gen-output-reproducible-use.patch
  ipxe-stub-out-the-SAN-req-s-in-int13.patch
  - > stub-out-the-SAN-req-s-in-int13.patch
  sgabios-fix-cross-build.patch deleted
  - > roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
  sgabios-stable-buildid.patch
  - > sgabios-Makefile-fix-issues-of-build-rep.patch
  skiboot-gcc9-compat.patch
  - > Disable-Waddress-of-packed-member-for-GC.patch
  ipxe-stable-buildid.patch
  - > ipxe-Makefile-fix-issues-of-build-reprod.patch
  seabios-fix_cross_compilation.patch
  - > enable-cross-compilation-on-ARM.patch
  * Patches added:
  roms-change-cross-compiler-naming-to-be-.patch
  roms-Makefile.edk2-don-t-invoke-git-sinc.patch
  vga-move-modelist-from-bochsvga.c-to-new.patch
  vga-make-memcpy_high-public.patch
  vga-add-atiext-driver.patch
  vga-add-ati-bios-tables.patch
  vbe-add-edid-support.patch
  ati-add-edid-support.patch
  ati-vga-make-less-verbose.patch
  ati-vga-fix-ati_read.patch
  ati-vga-make-i2c-register-and-bits-confi.patch
  ati-vga-try-vga-ddc-first.patch
  ati-vga-add-rage128-edid-support.patch
  Fix-s-directive-argument-is-null-error.patch
  Workaround-compilation-error-with-gcc-9..patch
  Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
  hdata-vpd-fix-printing-char-0x00.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1
- Since we build seabios, take advantage of ability to add our own
  identifying version info by changing SEABIOS_EXTRAVERSION from
  "-prebuilt.qemu.org" to "-rebuilt.suse.com" (or
  "-rebuilt.opensuse.org for openSUSE releases)
- Security fix for heap overflow in ip_reass on big packet input
  (CVE-2019-14378, bsc#1143794)
  slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
  * Patches added:
  0051-linux-user-fix-to-handle-variably-s.patch
- Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp)
  keycodemapdb-make-keycode-gen-output-reproducible.patch
- Security fix for null pointer dereference while releasing spice resources
  (CVE-2019-12155, bsc#1135902)
  0049-qxl-check-release-info-object.patch
- Security fix for qemu-bridge-helper ACL can be bypassed when names are too long
  (CVE-2019-13164, bsc#1140402)
  0050-qemu-bridge-helper-restrict-interfa.patch
- Replace patch 0043 with an upstream version
  0043-target-i386-define-md-clear-bit.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- fixed regression for ksm.service was (bsc#1112646)
- Content of packaged %_docdir/%name/interop/_static/ dir depends
  on python-Sphinx version, so lets just wildcard specifying
  those files, rather than trying to manage a specific file list
- Last change exposed that we still do rely on python2. Make
  spec file adjustment
- Switch from python-Sphinx to Sphinx from python variant we are
  building with (new Sphinx is for python3 only)
- Fix a number of compatibility issues with the stricter gcc9 checks
  * Disable warning for taking address of packed structure members
  0048-pc-bios-s390-ccw-net-avoid-warning-.patch
  * Fix case of strncpy where null terminated string not guaranteed
  0046-target-ppc-ensure-we-get-null-termi.patch
  * Disable warning for taking address of packed structure members
  and fix case of passing null pointer as "%s" format parameter
  skiboot-gcc9-compat.patch
- Fix configure script which caused firmware to be built in
  linux-user only build.
  0047-configure-only-populate-roms-if-sof.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Fix regression in autorepeat key handling
  0045-kbd-state-fix-autorepeat-handling.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Fix file list
- Yet another gcc9 related code fix (bsc#1121464)
  0044-hw-intc-exynos4210_gic-provide-more.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Switch to now upstreamed version of patch and add one more
  gcc9 related patch
  * Patches renamed:
  0041-qxl-fix-Waddress-of-packed-member.patch
  - > 0041-qxl-avoid-unaligned-pointer-reads-w.patch
  0042-libvhost-user-fix-Waddress-of-packe.patch
- Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127
  CVE-2018-12130 CVE-2019-11091 bsc#1111331)
  0043-target-i386-define-md-clear-bit.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Correct logic of which ipxe patches get included based on
  suse_version. We were wrongly excluding a gcc9 related patch for
  example
- Switch to now upstreamed version of some patches
  * Patches renamed:
  0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
  - > 0036-sockets-avoid-string-truncation-war.patch
  0039-linux-user-uname-Fix-GCC-9-build-wa.patch
  - > 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
  in support of the firmware descriptor feature now in use as of
  libvirt v5.2
- Disable LTO as suggested by Martin Liska (boo#1133281)
- Remove and obsolete qemu-oss-audio subpackage. OSS audio is very
  old, and we didn't really even configure the package properly for
  it for a very long time, so presumably there can't be any users
  of it as far as qemu is concerned
- Avoid warnings which gcc9 complains about
  0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
  0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch
  0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch
  0039-linux-user-uname-Fix-GCC-9-build-wa.patch
  0040-linux-user-elfload-Fix-GCC-9-build-.patch
  0041-qxl-fix-Waddress-of-packed-member.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Update to v4.0.0: See http://wiki.qemu.org/ChangeLog/4.0
  Take note that ongoing feature deprecation is tracked at both
  http://wiki.qemu-project.org/Features/LegacyRemoval and in
  Appendix B of the qemu-doc.* files installed with the qemu package
  Some noteworthy changes:
  * ARM: ARMv8+ extensions for SB, PredInv, HPD, LOR, FHM, AA32HPD,
  PAuth, JSConv, CondM, FRINT, and BTI
  * ARM: new emulation support for "Musca" and "MPS2" development boards
  * ARM: virt: support for >255GB of RAM and u-boot "noload" image types
  * ARM: improved emulation of ARM PMU
  * HPPA: support for TLB protection IDs and TLB trace events
  * MIPS: support for multi-threaded TCG emulation
  * MIPS: emulation support for I7200 I6500 CPUs, QMP-base querying of
  CPU types, and improved support for SAARI and SAAR configuration registers
  * MIPS: improvements to Interthread Communication Unit, Fulong 2E
  machine types, and end-user documentation.
  * PowerPC: pseries/powernv: support for POWER9 large decrementer
  * PowerPC: pseries: emulation support for XIVE interrupt controller
  * PowerPC: pseries: support for hotplugging PCI host bridges (PHBs)
  * PowerPC: pseries: Spectre/Meltdown mitigations enabled by default,
  additional support for count-cache-flush mitigation
  * RISC-V: virt: support for PCI and USB
  * RISC-V: support for TSR, TW, and TVM fields of mstatus, FS field now
  supports three stats (dirty, clean, and off)
  * RISC-V: built-in gdbserver supports register lists via XML files
  * s390: support for z14 GA 2 CPU model, Multiple-epoch and PTFF
  features now enabled in z14 CPU model by default
  * s390: vfio-ap: now supports hot plug/unplug, and no longer inhibits memory
  ballooning
  * s390: emulation support for floating-point extension facility and
  vector support instructions
  * x86: HAX accelerator now supported POSIX hosts other than Darwin,
  including Linux and NetBSD
  * x86: Q35: advertised PCIe root port speeds will now optimally default
  to maximum link speed (16GT/s) and width (x32) provided by PCIe 4.0 for
  QEMU 4.0+ machine types; older machine types will retain 2.5GT/x1
  defaults for compatibility.
  * x86: Xen PVH images can now be booted with "-kernel" option
  * Xtensa: xtfpga: improved SMP support for linux (interrupt
  distributor, IPI, and runstall) and new SMP-capable test_mmuhifi_c3
  core configuration
  * Xtensa: support for Flexible length instructions extension (FLIX)
  * GUI: new '-display spice-app' to configure/launch a Spice client GUI with
  a similar UI to QEMU GTK. VNC server now supports access controls via
  tls-authz/sasl-authz options
  * QMP: support for "out-of-band" command execution, can be useful for
  postcopy migration recovery. Additional QMP commands for working with
  block devices and dirty bitmaps
  * VFIO: EDID interface for supported mdev (Intel vGPU for kernel 5.0+),
  allows resolution setting via xres/yres options.
  * Xen: new 'xen-disk' device which can create a Xen PV disk backend,
  and performance improvements for Xen PV disk backend.
  * Network Block Device: improved tracing and error diagnostics, improved
  client compatibility with buggy NBD server implementations, new
  - -bitmap, --list, --tls-authz options for qemu-nbd
  * virtio-blk now supports DISCARD and WRITE_ZEROES
  * qemu-test-suite output is now in TAP format
  * Sphinx now used for part of qemu documentation
  * A few more configure features are enabled: iconv, lzfse (for openSUSE)
  * Provide better logo icons
- Made these package building changes:
  * Removed this token from spec file: #!BuildIgnore:  gcc-PIE
  * Created ability to build qemu source out-of-tree
  * Added BSD-2-Clause license clause due to EDK II code inclusion
  * Patches dropped (upstream unless otherwise noted):
  0010-Remove-problematic-evdev-86-key-fro.patch
  0025-Fix-tigervnc-long-press-issue.patch
  0026-string-input-visitor-Fix-uint64-par.patch
  0027-test-string-input-visitor-Add-int-t.patch
  0028-test-string-input-visitor-Add-uint6.patch
  0029-tests-Add-QOM-property-unit-tests.patch
  0030-tests-Add-scsi-disk-test.patch
  0033-smbios-Add-1-terminator-if-any-stri.patch (different approach used)
  0034-qemu-io-tests-comment-out-problemat.patch (not as needed)
  0039-xen_disk-Avoid-repeated-memory-allo.patch
  0041-vfio-ap-flag-as-compatible-with-bal.patch
  0042-hw-s390x-Fix-bad-mask-in-time2tod.patch
  0043-pcie-set-link-state-inactive-active.patch
  0044-pc-piix4-Update-smbus-I-O-space-aft.patch
  0045-hw-usb-fix-mistaken-de-initializati.patch
  0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch
  0047-pvrdma-release-device-resources-in-.patch
  0048-rdma-check-num_sge-does-not-exceed-.patch
  0049-pvrdma-add-uar_read-routine.patch
  0050-pvrdma-check-number-of-pages-when-c.patch
  0051-pvrdma-check-return-value-from-pvrd.patch
  0052-pvrdma-release-ring-object-in-case-.patch
  0053-block-Fix-hangs-in-synchronous-APIs.patch
  0054-linux-user-make-pwrite64-pread64-fd.patch
  0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
  0056-slirp-check-data-length-while-emula.patch
  0057-s390x-Return-specification-exceptio.patch
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
  0061-slirp-check-sscanf-result-when-emul.patch
  0062-ppc-add-host-serial-and-host-model-.patch
  0063-i2c-ddc-fix-oob-read.patch
  0064-device_tree.c-Don-t-use-load_image.patch
  0065-spapr-Simplify-handling-of-host-ser.patch
  ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
  ipxe-fix-build.patch
  skiboot-hdata-i2c.c-fix-building-with-gcc8.patch
  * Patches renamed:
  0011-linux-user-use-target_ulong.patch
  - > 0010-linux-user-use-target_ulong.patch
  0012-Make-char-muxer-more-robust-wrt-sma.patch
  - > 0011-Make-char-muxer-more-robust-wrt-sma.patch
  0013-linux-user-lseek-explicitly-cast-no.patch
  - > 0012-linux-user-lseek-explicitly-cast-no.patch
  0014-AIO-Reduce-number-of-threads-for-32.patch
  - > 0013-AIO-Reduce-number-of-threads-for-32.patch
  0015-xen_disk-Add-suse-specific-flush-di.patch
  - > 0014-xen_disk-Add-suse-specific-flush-di.patch
  0016-qemu-bridge-helper-reduce-security-.patch
  - > 0015-qemu-bridge-helper-reduce-security-.patch
  0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  - > 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
  0018-linux-user-properly-test-for-infini.patch
  - > 0017-linux-user-properly-test-for-infini.patch
  0019-roms-Makefile-pass-a-packaging-time.patch
  - > 0018-roms-Makefile-pass-a-packaging-time.patch
  0020-Raise-soft-address-space-limit-to-h.patch
  - > 0019-Raise-soft-address-space-limit-to-h.patch
  0021-increase-x86_64-physical-bits-to-42.patch
  - > 0020-increase-x86_64-physical-bits-to-42.patch
  0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  - > 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
  0023-i8254-Fix-migration-from-SLE11-SP2.patch
  - > 0022-i8254-Fix-migration-from-SLE11-SP2.patch
  0024-acpi_piix4-Fix-migration-from-SLE11.patch
  - > 0023-acpi_piix4-Fix-migration-from-SLE11.patch
  0031-Switch-order-of-libraries-for-mpath.patch
  - > 0024-Switch-order-of-libraries-for-mpath.patch
  0032-Make-installed-scripts-explicitly-p.patch
  - > 0025-Make-installed-scripts-explicitly-p.patch
  0035-tests-test-thread-pool-is-racy-add-.patch
  - > 0027-tests-test-thread-pool-is-racy-add-.patch
  0036-xen-add-block-resize-support-for-xe.patch
  - > 0028-xen-add-block-resize-support-for-xe.patch
  0037-tests-qemu-iotests-Triple-timeout-o.patch
  - > 0029-tests-qemu-iotests-Triple-timeout-o.patch
  0038-tests-block-io-test-130-needs-some-.patch
  - > 0030-tests-block-io-test-130-needs-some-.patch
  0040-xen-ignore-live-parameter-from-xen-.patch
  - > 0031-xen-ignore-live-parameter-from-xen-.patch
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
  - > 0034-Revert-target-i386-kvm-add-VMX-migr.patch
  * Patches added:
  0026-hw-smbios-handle-both-file-formats-.patch
  0032-tests-Fix-Makefile-handling-of-chec.patch
  0033-Conditionalize-ui-bitmap-installati.patch
  0035-tests-change-error-message-in-test-.patch
  ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
  upstream adjustments for the same. Basically now the security fix
  is to provide a dummy host-model and host-serial value, which
  overrides getting that value from the host
  0065-spapr-Simplify-handling-of-host-ser.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Tweak last spec file change to guard new Requires with conditional
- Fix DOS possibility in device tree processing (CVE-2018-20815
  bsc#1130675)
  0064-device_tree.c-Don-t-use-load_image.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Remove an unneeded BuildRequires which impacts bsc#1119414 fix
  Also add a corresponding Recommends for qemu-tools as part of
  this packaging adjustment (bsc#1130484)
- Fix information leak in slirp (CVE-2019-9824 bsc#1129622)
  0061-slirp-check-sscanf-result-when-emul.patch
- Add method to specify whether or not to expose certain ppc64 host
  information, which can be considered a security issue
  (CVE-2019-8934 bsc#1126455)
  0062-ppc-add-host-serial-and-host-model-.patch
- Fix OOB memory access and information leak in virtual monitor
  interface (CVE-2019-03812 bsc#1125721)
  0063-i2c-ddc-fix-oob-read.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Again address ipxe GCC 9 incompatibilities. Previously included
  patch to disable unneeded warning got muffed somehow (bsc#1121464)
- Package and cross-build rom files for aarch64 from
  SLE15/Leap15.0 to fix boo#1125964
- Add patch to fix seabios cross-compilation:
  * seabios-fix_cross_compilation.patch
- Add patch to fix sgabios cross-compilation:
  * sgabios-fix-cross-build.patch
- Fix _constraints to include all architectures for disk size
  (fix aarch64)
- Revert upstream patch which declares x86 vmx feature a migration
  blocker. Given the proliferation of using vm's with host features
  passed through and the general knowledge that nested
  virtualization has many usage caveats, but still gets put in use
  in restricted scenarios, this patch did more harm than good, I
  feel. So despite this relaxation, please consider yourself warned
  that nested virtualization is not yet a supportable feature.
  (bsc#1121604)
  0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
  0059-memory-Fix-the-memory-region-type-a.patch
  0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Remove 71-sev.rules, which modifies the default permissions of
  /dev/sev by adding the kvm group as reader/writer. Upstream
  decided to take a different approach for libvirt to manage SEV
  due to security concerns which I agree overrides the convenience
  of providing /dev/sev access to all the kvm group (bsc#1124842
  bsc#1102604)
- Increase memory needed to build qemu-testsuite for ppc* arch's
  in _constraints file
- Return specification exception for unimplemented diag 308 subcodes
  rather than a hardware error (bsc#1123179)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
  * Patches added:
  0057-s390x-Return-specification-exceptio.patch
- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
  0056-slirp-check-data-length-while-emula.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
  ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
  ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
- Tweak Xen interface to be compatible with upcoming v4.12 Xen
  0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
  * Patches added:
  0054-linux-user-make-pwrite64-pread64-fd.patch
  (bsc#1121600)
- Clarify that move to include v3.1.0 in qemu package corresponds
  with fate#327089, which of course builds on v3.0.0 mentioned
  previously, and that among other patches which this change
  obsoletes (because functionality is included in base version) I
  will mention one pointed out by reviewers:
  0094-s390x-cpumodels-add-z14-Model-ZR1.patch
- include post v3.1.0 patches marked for next stable release:
  0041-vfio-ap-flag-as-compatible-with-bal.patch
  0042-hw-s390x-Fix-bad-mask-in-time2tod.patch
  0043-pcie-set-link-state-inactive-active.patch
  0044-pc-piix4-Update-smbus-I-O-space-aft.patch
  0045-hw-usb-fix-mistaken-de-initializati.patch
- Address various security/stability issues
  * Fix host access vulnerability in usb-mtp infrastructure
  (CVE-2018-16872 bsc#1119493)
  0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch
  * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437)
  0047-pvrdma-release-device-resources-in-.patch
  * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840)
  0048-rdma-check-num_sge-does-not-exceed-.patch
  * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191
  bsc#1119979)
  0049-pvrdma-add-uar_read-routine.patch
  * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989)
  0050-pvrdma-check-number-of-pages-when-c.patch
  * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984)
  0051-pvrdma-check-return-value-from-pvrd.patch
  * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991)
  0052-pvrdma-release-ring-object-in-case-.patch
- one more post v3.1.0 patches marked for next stable release:
  0053-block-Fix-hangs-in-synchronous-APIs.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
  * Patches added:
  0040-xen-ignore-live-parameter-from-xen-.patch
  (bsc#1079730, bsc#1101982, bsc#1063993)
- Follow up on ideas prompted by last change: clean up the patches
  generated by git workflow. There is no value to the first line
  (mbox From line), or [PATCH] on subject line. Get rid of those
- Other minor fixes and improvements to update_git.sh
- Modify update_git.sh script:
  pass --zero-commit to format-patch
  This removes needless noise in the buildservice when the same set
  of patches is imported/exported at different times by different users.
  pass --no-signature to format-patch
  Remove sed call which used to remove the signature, use mv instead

==== wayland ====
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0

- modernize spec file
  * use licensedir
  * use bcond
  * use https:// urls
  * spec-cleaner

==== xwayland ====
Version update (22.1.1 -> 22.1.2)

- Update to version 22.1.2
  * randr: Add "RANDR Emulation" property
  * xwayland/output: Set the "RANDR Emulation" property
  * xwayland: Fix invalid pointer access in drm_lease_device_handle_released.