Packages changed:
  brotli (1.1.0 -> 1.2.0)
  leancrypto (1.5.1 -> 1.6.0)
  libxkbcommon (1.12.2 -> 1.12.3)
  openjph (0.24.2 -> 0.24.4)
  ucode-amd (20251024 -> 20251028)

=== Details ===

==== brotli ====
Version update (1.1.0 -> 1.2.0)
Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1

- Update to release 1.2
  * python: added Decompressor::can_accept_more_data method
    and optional output_buffer_limit argument
    Decompressor::process; that allows mitigation of
    unexpectedly large output
  * decoder / encoder: static tables use "small" model
    (allows 2GiB+ binaries)

==== leancrypto ====
Version update (1.5.1 -> 1.6.0)

- Update to 1.6.0:
  * ASN.1: use stack for small generator for small use cases
  * X.509: Updates required to support the shim boot loader
  * X.509: add lc_gmtime to convert Epoch to time format
  * ASN.1: added to Linux kernel (for 64 bit systems only)
  * Added AES-GCM and AES-XTS
  * Availability: remove assert() calls throughout the code - in case of a self
    test error, disable the algorithm. Instead of using assert, apply a centrally
    managed test manager that stores the test status. This implies that some
    initalization APIs like lc_hash_init, lc_sym_init, lc_hmac_init are changed
    such that they return an error code if self tests failed. Thus, the version
    is now changed as this is considered to be an ABI change. Although this
    sounds heavy, the test manager is relatively small and the runtime state
    should be smaller than the old approach considering the old approach uses one
    global 32 bit integer per self test to maintain the state. This is now
    replaced with a set of 32 bit atomic integers that hold a 3-bit field for
    each algorithm. This change also adds the API call of lc_rerun_one_selftest
    which allows triggering the reruning of a self test for one given algorithm.
  * FIPS: Rearchitect integrity test control value generator: The build process now
    uses the host’s objcopy to extract the ELF sections of interest into a separate
    file, use a build_machine compiled version of sha3-256sum to generate the
    digest of it and reinsert it into the leancrypto-fips.so. This now allows
    cross-compilation with FIPS integrity test support. There is no functional
    change to leancrypto though.
  * Significant reduction of compilation units by almost half by not having
    global, but per-test compiled C files.
  * Linux kernel: add /proc/leancrypto
  * FIPS: Add negative testing support
  * Add SHAKE-512 and XDRBG-512 support
  * FIPS: Add FIPS indicator which implies that libleancrypto.so has the same
    functionality as libleancrypto-fips.so with the exception that the latter
    performs an integrity test.
  * ARMv9: fix BTI for ML-DSA
- Remove patch:
  * leancrypto-fix-aarch64-BTI.patch
- Don't strip debug symbols

==== libxkbcommon ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0

- Update to release 1.12.3
  * Fixed `xkbcli keymap-dump` being kinda broken on Wayland
    because it would commit an XDG surface without a role object.
  * X11: Hardened against some malformed XKB responses with
    erroneous modifiers or LEDs counts.

==== openjph ====
Version update (0.24.2 -> 0.24.4)

- Update to 0.24.4:
  * Fix an issue with ATK marker segment processing #224
- Update to 0.24.3:
  * Protect against illegally long QCD and QCC marker segments.

==== ucode-amd ====
Version update (20251024 -> 20251028)

- Update to version 20251028 (git commit 4f72031fc195):
  * linux-firmware: Update AMD cpu microcode