Drop patches included upstream already, update context of some existing
patches.
Include also XSA-431 patch that was published after 4.17.1 release.

Backport serial console fix, and a build fix with GCC 13 (relevant for
Archlinux).

It isn't used anymore, VMs use distribution-native Xen packages fully.

Replace custom patch with proper upstream implementation.

Microcode update is available only for some models at this moment, so
include the workaround patch too to cover remaining models.

And drop those already included upstream.

Temporarily use a git snapshot, until upstream provides proper tarballs.

Fixes QubesOS/qubes-issues#8502

They may grow quite big in some cases, and are very compressible.

Fixes QubesOS/qubes-issues#4799
Fixes QubesOS/qubes-issues#7057
Fixes QubesOS/qubes-issues#7052

And avoid sending a comment as an input for ldconfig.

* origin/pr/169:
  Compress old console logs

* msix:
  Apply patches for MSI-X support with stubdomain

The .annobin.notes section gets placed at the start of xen.efi, which
(for unclear reasons) breaks booting under OVMF with "Out of resources"
error message.
The section looks like this:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .annobin.notes 0001286a  ffff82d100000000  ffff82d100000000  00000480  2**2
                  CONTENTS, READONLY

Fixes QubesOS/qubes-issues#8111

Related to QubesOS/qubes-issues#8737

* origin/pr/171:
  Disable annobin for the hypervisor build

QubesOS/qubes-issues#6834

Running qemu upstream in stubdomain missed one hvmloader setting, fix it
now.

QubesOS/qubes-issues#4321

Drop patches included upstream already, refresh SOURCE_DATE_EPOCH patch
to resolve conflict.

See patch description

This adds some basic support but even if working as intended this
doesn't reach satisfactory residency values yet. And more importantly in
Qubes' default configuration common devices (at least Intel integrated
USB and Thunderbolt) need more work to not completely block residency.

Some of them were already backported, but there are few more relevant
fixes. This may also ease applying future patches.

The signing key still uses SHA1, which is rejected by sequoia-sq. Switch
to hash file until the key is updated.

* origin/main:
  Temporarily switch to a hash file for download verification

The patches are conflicting (contextually and semantically) with
1017-Disable-TSX-by-default.patch so drop the latter.

Go back to signatures, as builderv2 was modified to tolerate older keys
too.
This reverts commit 606f99a.

Remove patches included upstream.

See patch description for details.

Fixes QubesOS/qubes-issues#9030

* origin/pr/167:
  Basic S0ix support

Remove bin86 and dev86 needed only for hypervisor build (not applicable
here).
Remove yajl as already listed in depends.
Add python-setuptools.

/var/log/xen needs to be owned by the package, otherwise xendriverdomain
service fails to start.

Remove no longer needed deps - we don't build stubdomain in this package
anymore.

* build-deps:
  Fix Arch build on conflicting _FORTIFY_SOURCE values
  rpm: cleanup build dependencies

Add patches fixing XHCI DbC console when sys-usb is running.
Technically not a backport yet, but this version is very close to beeing
committed upstream so should qualify as a backport soon.

Signed-off-by: Tomasz Żyjewski <[email protected]>

Signed-off-by: Tomasz Żyjewski <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>