Packages changed:
  bolt (0.9.7 -> 0.9.8)
  gdk-pixbuf (2.42.11 -> 2.42.12)
  glib2 (2.80.0 -> 2.80.2)
  grub2
  hwdata (0.380 -> 0.382)
  iproute2 (6.8 -> 6.9)
  libbpf (1.4.1 -> 1.4.2)
  libmodulemd
  libxml2 (2.12.6 -> 2.12.7)
  makedumpfile (1.7.4 -> 1.7.5)
  mozilla-nss (3.99 -> 3.100)
  passt (20240426.d03c4e2 -> 20240510.7288448)
  patterns-base
  perl-URI (5.270.0 -> 5.280.0)
  pipewire
  powerdevil6
  sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c)
  soundtouch (2.3.2 -> 2.3.3)
  xwayland (23.2.6 -> 24.1.0)

=== Details ===

==== bolt ====
Version update (0.9.7 -> 0.9.8)

- update to 0.9.8:
  * A new NHI for REMBRANDT.
  * CI fixes.
  * Don't install an empty DB directory.
  * Fixed: Determine the string length before writing file.
  * Fixed: Free on error to prevent resource leak.

==== gdk-pixbuf ====
Version update (2.42.11 -> 2.42.12)
Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0

- Update to version 2.42.12:
  + Fix a build failure,
  + Fix occasional build failures,
  + ani: Reject files with multiple INA or IART chunks,
  + ani: Reject files with multiple anih chunks (CVE-2022-48622),
  + ani: validate chunk size,
  + Updated translations.
- Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed
  upstream.

==== glib2 ====
Version update (2.80.0 -> 2.80.2)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0

- Update to version 2.80.2:
  + Fix a regression with IBus caused by the fix for
    CVE-2024-34397.
  + Fix installation directory of the GVariant specification.
  + Bugs fixed:
  - GVariant specification installed in wrong directory.
  - Backport "gdbusconnection: Fix test signal subscription
    ordering" to glib-2-80.
  - Backport “Correct installation directory of GVariant
    specification” to glib-2-80.
  - Backport “gdbusconnection: Allow name owners to have the
    syntax of a well-known name” to glib-2-80.
- Changes from version 2.80.1
  + Fix CVE-2024-34397: GDBus signal subscriptions for well-known
    names are vulnerable to unicast spoofing.
  + Updated translations.

==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin

- Update to the latest upstreaming TPM2 patches
  * 0001-key_protector-Add-key-protectors-framework.patch
  - Replace 0001-protectors-Add-key-protectors-framework.patch
  * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
  - Merge other TSS patches
  * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
  * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch
  * 0003-tpm2-Implement-more-TPM2-commands.patch
  * 0003-key_protector-Add-TPM2-Key-Protector.patch
  - Replace 0003-protectors-Add-TPM2-Key-Protector.patch
  * 0004-cryptodisk-Support-key-protectors.patch
  * 0005-util-grub-protect-Add-new-tool.patch
  * 0001-tpm2-Support-authorized-policy.patch
  - Replace 0004-tpm2-Support-authorized-policy.patch
  * 0001-tpm2-Add-extra-RSA-SRK-types.patch
  * 0001-tpm2-Implement-NV-index.patch
  - Replace 0001-protectors-Implement-NV-index.patch
  * 0002-cryptodisk-Fallback-to-passphrase.patch
  * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
  * 0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Refresh affected patches
  * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
  * grub2-bsc1220338-key_protector-implement-the-blocklist.patch
- New manpage for grub2-protect
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to
  file_is_not_xen_garbage (bsc#1224226)
  * grub2-fix-menu-in-xen-host-server.patch

==== hwdata ====
Version update (0.380 -> 0.382)

- update to 0.382:
  * Update pci, usb and vendor ids

==== iproute2 ====
Version update (6.8 -> 6.9)

- Update to release 6.9
  * ss: add option to suppress queue columns
  * m_mirred: allow mirred to block
  * tc: add NLM_F_ECHO support for actions and filters
  * ip/bond: add coupled_control support
  * ss: add support for BPF socket-local storage
  * ip: ioam6: add monitor command

==== libbpf ====
Version update (1.4.1 -> 1.4.2)

- update to 1.4.2:
  * Another struct_ops-focused bug fix release. It addresses a few more corner
    cases when dealing with SEC("struct_ops") programs.
  * It also improves error messaging around common use case of declaring
    struct_ops BPF program and not referencing it from SEC(".struct_ops")
    variable (backed by struct_ops BPF map).
  * This release should improve overall experience of using BPF struct_ops
    functionality.

==== libmodulemd ====

- Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path
  for GLib 2.80.2
  (https://github.com/fedora-modularity/libmodulemd/pull/618).

==== libxml2 ====
Version update (2.12.6 -> 2.12.7)
Subpackages: libxml2-2 libxml2-tools

- Update to version 2.12.7:
  + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459).
  + xmllint: Fix --pedantic option.
  + save: Handle invalid parent pointers in xhtmlNodeDumpOutput.

==== makedumpfile ====
Version update (1.7.4 -> 1.7.5)

- Update to 1.7.5:
  * Support for kernels up to v6.8 (x86_64)
  * Support for printk caller_id by --dump-dmesg option
  * [PATCH] ppc64: get vmalloc start address from vmcoreinfo
  * [PATCH] ppc64: read cur_mmu_type from vmcoreinfo
  * [PATCH] add PRINTK_CALLER id support to --dump-dmesg option
  * [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces
  * [PATCH 1/2] s390x: fix virtual vs physical address confusion
  Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch
  file based on version 1.7.5 of the code

==== mozilla-nss ====
Version update (3.99 -> 3.100)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.100
  - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for
    faster Xyber operations.
  - bmo#1893752 - remove ckcapi.
  - bmo#1893162 - avoid a potential PK11GenericObject memory leak.
  - bmo#671060  - Remove incomplete ESDH code.
  - bmo#215997  - Decrypt RSA OAEP encrypted messages.
  - bmo#1887996 - Fix certutil CRLDP URI code.
  - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
  - bmo#676118  - Add ability to encrypt and decrypt CMS messages using ECDH.
  - bmo#676100  - Correct Templates for key agreement in smime/cmsasn.c.
  - bmo#1548723 - Moving the decodedCert allocation to NSS.
  - bmo#1885404 - Allow developers to speed up repeated local execution
    of NSS tests that depend on certificates.

==== passt ====
Version update (20240426.d03c4e2 -> 20240510.7288448)
Subpackages: passt-selinux

- Update to version 20240510.7288448:
  * apparmor: allow read access on /tmp for pasta
  * tcp_splice: Set OUT_WAIT_ flag whenever pipe isn't emptied
  * udp: Single buffer for IPv4, IPv6 headers and metadata
  * udp: Use the same buffer for the L2 header for all frames
  * udp: Share payload buffers between IPv4 and IPv6
  * udp: Explicitly set checksum in guest-bound UDP headers
  * udp: Combine initialisation of IPv4 and IPv6 iovs
  * udp: Split tap-bound UDP packets into multiple buffers using io vector
  * test: Allow sftp via vsock-ssh in tests
  * tcp: Update tap specific header too in tcp_fill_headers[46]()
  * iov: Helper macro to construct iovs covering existing variables or fields
  * tap, tcp: (Re-)abstract TAP specific header handling
  * tcp: Simplify packet length calculation when preparing headers
  * treewide: Standardise variable names for various packet lengths
  * checksum: Make csum_ip4_header() take a host endian length
  * treewide: Remove misleading and redundant endianness notes
  * tap: Remove unused structs tap_msg, tap_l4_msg
  * tap: Split tap specific and L2 (ethernet) headers
  * checksum: Use proto_ipv6_header_psum() for ICMPv6 as well
  * netlink: Fix iterations over nexthop objects

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11

- add procps into the base pattern as recommended together
  with zypper (which dropped the dependency)

==== perl-URI ====
Version update (5.270.0 -> 5.280.0)

- updated to 5.28
  see /usr/share/doc/packages/perl-URI/Changes
  5.28      2024-03-27 01:49:44Z
  - Using Scalar::Util::reftype instead of just ref(), but mindful this time
    about definedness to avoid warnings (GH#140) (Jacques Deguest)

==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Move modules jack-tunnel and jackdbus-detect to the
  pipewire-spa-plugins-0_2-jack since those modules should only
  be used when the real jack server is running. This fixes pipewire
  starting jackdbus on start.

==== powerdevil6 ====

- Recommend ddcutil-i2c-udev-rules (boo#1224197)

==== sdbootutil ====
Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper

- Update to version 1+git20240514.56dc89c:
  * Add show-entry command
  * Add SYSTEMD_COLORS flag
  * Add byte order mark to boot.csv

==== soundtouch ====
Version update (2.3.2 -> 2.3.3)

- Update to 2.3.3:
  * Fixing compiler warnings, maintenance fixes to make/build files
    for various systems
- Refresh disable-ffast-math.patch

==== xwayland ====
Version update (23.2.6 -> 24.1.0)

- Update to feature release 24.1.0
  * This fixes a couple of regressions introduced in the previous release
    candidate versions along with a fix for XTEST emulation with EI.
    + xwayland: Send ei_device_frame on device_scroll_discrete
    + xwayland: Restore the ResizeWindow handler
    + xwayland: Handle rootful resize in ResizeWindow
    + xwayland: Move XRandR emulation to the ResizeWindow hook
    + xwayland: Use correct xwl_window lookup function in xwl_set_shape
- eglstreams has been dropped
- Update to bug fix relesae 23.2.7
  * m4: drop autoconf leftovers
  * xwayland: Send ei_device_frame on device_scroll_discrete
  * xwayland: Call drmFreeDevice for dma-buf default feedback
  * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
  * dri3: Free formats in cache_formats_and_modifiers
  * xwayland/glamor: Handle depth 15 in gbm_format_for_depth
  * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows"
  * xwayland: Check for outputs before lease devices
  * xwayland: Do not remove output on withdraw if leased