Packages changed:
  crypto-policies
  glibc (2.38 -> 2.39)
  gstreamer (1.22.8 -> 1.22.9)
  gstreamer-plugins-bad (1.22.8 -> 1.22.9)
  gstreamer-plugins-base (1.22.8 -> 1.22.9)
  gstreamer-plugins-good (1.22.8 -> 1.22.9)
  inxi (3.3.31 -> 3.3.32)
  libusb-1_0 (1.0.26 -> 1.0.27)
  libzio (1.08 -> 1.09)
  netpbm (11.2.0 -> 11.5.2)
  perl-gettext
  podman (4.9.0 -> 4.9.1)
  python-pip
  python-pytz (2023.3.post1 -> 2023.4)
  python-setuptools (69.0.2 -> 69.0.3)
  strace
  systemd-presets-common-SUSE
  xen (4.18.0_04 -> 4.18.0_06)

=== Details ===

==== crypto-policies ====
Subpackages: crypto-policies-scripts

- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
  we only need python3-base here, we don't need the python
  macros as no module is being built

==== glibc ====
Version update (2.38 -> 2.39)
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base

- Update to glibc 2.39
  * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
    rewrite on x86-64
  * Sync with Linux kernel 6.6 shadow stack interface
  * struct statvfs now has an f_type member, equal to the f_type statfs
    member
  * On Linux, the functions posix_spawnattr_getcgroup_np and
    posix_spawnattr_setcgroup_np have been added, along with the
    POSIX_SPAWN_SETCGROUP flag
  * On Linux, the pidfd_spawn and pidfd_spawp functions have been added
  * On Linux, the pidfd_getpid function has been added
  * scanf-family functions now support the wN format length modifiers for
    arguments pointing to types intN_t, int_leastN_t, uintN_t or
    uint_leastN_t
  * A new tunable, glibc.mem.decorate_maps, can be used to add additional
    information on underlying memory allocated by the glibc
  * The <stdbit.h> header has been added from ISO C2X
  * On AArch64 new symbols were added to libmvec
  * The ldconfig program now skips file names containing ';' or ending in
    ".dpkg.tmp" or ".dpkg.new"
  * The dynamic linker calls the malloc and free functions in more cases
    during TLS access if a shared object with dynamic TLS is loaded and
    unloaded
- aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch,
  cache-intel-shared.patch, call-init-proxy-objects.patch,
  fstat-implementation.patch, gb18030-2022.patch,
  getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch,
  getcanonname-use-after-free.patch, iconv-error-verbosity.patch,
  intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch,
  libio-io-vtables.patch, libio-wdo-write.patch,
  no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch,
  ppc64-flock-fob64.patch, qsort-invalid-cmp.patch,
  sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch,
  syslog-buffer-overflow.patch, tls-modid-reuse.patch,
  tunables-string-parsing.patch: Removed
- syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in
  __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780,
  bsc#1218863, bsc#1218867, bsc#1218868)
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
  (bsc#1218866)
- Change minimum GCC to 13
- Split off libnsl.so.1 into a separate package

==== gstreamer ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-lang libgstreamer-1_0-0 typelib-1_0-Gst-1_0

- Update to version 1.22.9:
  + Highlighted bugfixes in 1.22.9
  - More Security fixes for the AV1 video codec parser
  - va: fixes for Mesa Gallium drivers in Mesa versions older
    than v23.2
  - v4l2src: Consider framerate during caps selection
  - v4l2codec: decoder fixes
  - rtspsrc: multicast fixes
  - camerabin viewfinder fixes
  - various bug fixes, build fixes, memory leak fixes, and other
    stability and reliability improvements
  + gstreamer
  - aggregator: fix use-after-free in queries processing
  - multiqueue: Ignore queue fullness for most events
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-bad ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0

- Update to version 1.22.9:
  + av1parser: Fix potential stack overflow during tile list
    parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300)
  + camerabin: Correctly relink viewfinderbin_queue
  + GstPlay: Fix error details parsing
  + h264decoder: Handle malformed avc/avc3 packets
  + h264decoder: h265decoder: Align with wraparound fix
  + vp8decoder: vp9decoder: av1decoder: mpeg2decoder:
    Fix multiplication wraparound
  + vah264enc/vah264dec issues after recent upgrade to 1.22.8
    from 1.22.7
  + va: fixes for Mesa Gallium drivers in Mesa versions older
    than v23.2
  + vp9parse: Fix critical warning during caps negotiation
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-base ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0

- Update to version 1.22.9:
  + audiobasesink: Don't wait on gap events
  + audioconvert: change gst_audio_convert_get_unit_size() log
    levels
  + glcolorconvert: Correct transform_caps direction
  + gloverlay: Apply updated overlay coordinates correctly
  + videorate: keep pool if max_buffers is unlimited
- Rebase reduce-required-meson.patch

==== gstreamer-plugins-good ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang

- Update to version 1.22.9:
  + rtpsession: Only warn once if configured latency needs to be
    known but isn't yet
  + rtphdrext-clientaudiolevel: Fix level value being written by
    the extension
  + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL
  + v4l2object: clear old fds when initializing poll during
    opening v4l2 device
  + v4l2src: Consider framerate during caps selection
  + vpxdec: Use appropriate domain and code for decoding errors
- Rebase reduce-required-meson.patch

==== inxi ====
Version update (3.3.31 -> 3.3.32)

- - Updated to version 3.3.32:
  + /usr/share/doc/packages/inxi/inxi.changelog.

==== libusb-1_0 ====
Version update (1.0.26 -> 1.0.27)

- Update to version 1.0.27
  * New libusb_init_context API to replace libusb_init
  * New libusb_get_max_alt_packet_size API
  * New libusb_get_platform_descriptor API (BOS)
  * Allow setting log callback with libusb_set_option/libusb_init_context
  * New WebAssembly + WebUSB backend using Emscripten
  * Fix regression in libusb_set_interface_alt_setting
  * Fix sync transfer completion race and use-after-free
  * Fix hotplug exit ordering
  * Linux: NO_DEVICE_DISCOVERY option set per context
- added signature and keyring. (key received via keyserver)

==== libzio ====
Version update (1.08 -> 1.09)

- Version 1.09: Allow to create files without suffix as well

==== netpbm ====
Version update (11.2.0 -> 11.5.2)
Subpackages: libnetpbm11

- version update to 11.5.2
  Release 11.05.02
  + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
  Release 11.05.01
  Fix typo in ppmforge test case.
  Release 11.05.00
  + pnmpad: Add -color, -promote, -extend-edge, -detect-background .
  + pnmconvol: Restore ability of convolution matrix to be a
    pseudo-plain-PNM with samples that exceed the maxval.  Lost in
    10.30 (October 2005) because maxval-checking code was added to
    libnetpbm.  (Was fixed in 10.47.08 in November 2010, but only in
    the 10.47 series).
  + pnmindex: Improve failure mode when -size or -across is zero.
  + pnmindex: Make -plain work.
  + pnmpad: fix behavior with -left, -right, and -width together or
  - top, -bottom, -height together: ignores -width where it should
    fail.  Broken in Netpbm 10.72 (September 2015).
  + pamtosvg: fix "zero determinant" failure.  Introduced in
    Netpbm 11.04 (September 2023).
  + pjtoppm: fix crash based on uninitialized variable.
    Introduced in Netpbm 11.04 (September 2023).
  + ppmtopcxl: fix incorrect output with > 256 colors.  Always
    broken.  (Program was added in primordial Netpbm in 1990).
  + pbmtext: fix buffer overrun with insanely large input.
  + picttoppm: fix buffer overrun with insanely wide input.
  + ppmtoxpm: fix incorrect output with insanely large number of
    colors.
  + pnmscalefixed: fix incorrect output with really big image and
  - pixels option.
  + ppmdither: fix buffer overrun with insanely large dithering
    matrix.
  + pnmpad: no longer accept old-style options (e.g. -t50).
  + libnetpbm: Add pm_feed_from_file, pm_accept_to_files,
    pm_accept_to_filestream Standard Input feeder, Output accepter
    for pm_system.
  + libnetpbm, programs that use color maps: fix buffer overrun
    with insanely deep images.
  + merge build: Fix 'pnmcat'.  Introduced in Netpbm 11.00
    (September 2023).
  Release 11.04.00
  + pamaddnoise: add -salt.
  + pamaddnoise: reject options that aren't meaningful for the type
    of noise specified rather than just ignore them.
  + ppmtosixel: Add -7bit, so it works on more terminals, including
    xterms.  Thanks Scott Pakin.
  + g3topbm: Add -correctlong
  + pnmtojpeg: minor improvement to error messages about bad files.
  + pammixmulti: Remove disclaimer of patent license.
  + pamstack: Fix bug: acts like -firstmaxval specified when it
    wasn't.  Introduced in Netpbm 11.03 (June 2023).
  + pamstack: Fix -lcmmaxval: chooses wrong maxval.  Always
    broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)).
  + pamstack: Fail gracefully when total number of planes is too
    large for unsigned integer.  Always broken (Pamstack was new in
    Netpbm 10.0 (June 2002).
  + pamtosvg: fix hang.
  + ppmfade: fix "file not found" crash for most fade modes.
    Introduced in Netpbm 10.98 (March 2022).
  + ppmfade: fix incorrect block mode fade.  Always broken
    (ppmfade was new in Netpbm 8.4 (April 2000)).
  + pamaddnoise: fix very incorrect noise added for all types.
    Introduced in Netpbm 10.94 (March 2021).
  + ppmrough: fix buffer overrun.  Always broken (Ppmrough was new
    in Netpbm 10.9 (September 2002).
    ppmrough: fix excessive roughness.  Introduced in Netpbm 10.94
    (March 2021).
  + pgmtexture: Fix buffer overflow with maxval > 255.  Always
    broken.  Maxvals > 255 were possible starting in Netpbm 9.0
    (April 2000).
  + pgmtexture: Fix bug: ignores -d.  Introduced in Netpbm 10.56
    (September 2011).
  + xwdtopnm Fix spurious output with really wide/deep rows.
  + imgtoppm: Fix spurious output with really wide/deep rows.
  + pbmtopgm: Fix error message for excessive -width.
  + pbmtoxbm: Fix spurious output with really wide rows.
  + tifftopnm: Fix incorrect output with insanely wide/deep rows.
  + thinkjettopbm: Fix incorrect output with insanely wide rows.
  + ybmtopbm: Fix incorrect output with insanely wide rows.
  + pjtoppm: Fix incorrect output with insanely large number of rows.
  + library: add check of maxval for computable size.
  + Build: Include LDFLAGS in link of shared library.
  * Release 11.03.00
  + pamstack: Add -firstmaxval, -lcmmaxval
  + pnmcolormap: make result independent of how system's qsort
    orders records with equal keys.  Affects pnmquant.
  + pamtopng: fix typo in error message about -chroma option.
  + pamtopng, pnmtopng, pngtopam: fix error message when something
    fails in libpng.  Always broken (the programs were new in Netpbm
    8.1 (March 2000)).
- modified patches
  % netpbm-gcc-warnings.patch (refreshed)
  % netpbm-security-code.patch (refreshed)

==== perl-gettext ====

- Run testsuite with locale LANG=en_US.UTF. It fails otherwise with
  glibc 2.39

==== podman ====
Version update (4.9.0 -> 4.9.1)

- Update to version 4.9.1:
  * Bump to v4.9.1
  * Release notes for v4.9.1
  * [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2
  * pkginstaller: bump Qemu version to 8.2.1
  * Assign separate ports for each appleHV machine
  * Fix machine inspect test config
  * AppleHV: update LastUp time
  * applehv: return socket path from setupAPIForwarding
  * applehv: Remove unneeded cmd.ExtraFiles assignment
  * abi: drop check for IsRootless()
  * system: enhance check for re-exec into rootless userns
  * system: enhance check for re-exec into rootless userns
  * Fix `podman machine set --rootful` for applehv
  * applehv - fix vm lookup
  * rpm: use go-rpm-macros on RHEL 10
  * Bump to v4.9.1-dev

==== python-pip ====

- Drop deprecated setup.py installmethod, bootstrap PEP517 with
  built-in pip instead
- python3XX-pip-wheel can now be a regular subpackage
- Drop obsolete python2 directives in specfile

==== python-pytz ====
Version update (2023.3.post1 -> 2023.4)

- update to 2023.4:
  * Update olson to 2023d

==== python-setuptools ====
Version update (69.0.2 -> 69.0.3)

- update to 69.0.3:
  * Bugfixes - Retain valid names with underscores in egg_info.

==== strace ====

- Enable SELinux Context Printing (--secontext).

==== systemd-presets-common-SUSE ====

- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
  Support both the old and new service to avoid complex version interdependency.

==== xen ====
Version update (4.18.0_04 -> 4.18.0_06)

- Upstream bug fixes (bsc#1027519)
  6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
  6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
  656ee5e1-x86emul-avoid-triggering-event-assertions.patch
  656ee602-cpupool-adding-offline-CPU.patch
  656ee6c3-domain_create-error-path.patch
  6571ca95-fix-sched_move_domain.patch
  6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
  65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
  65a7a0a4-x86-Intel-GPCC-setup.patch
  65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
  65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
  65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches dropped / replaced by newer upstream versions
  xsa449.patch
  xsa450.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  xsa450.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  xsa449.patch