Packages changed:
  apache2-mod_php8 (8.2.8 -> 8.2.9)
  gnutls (3.8.0 -> 3.8.1)
  gpgme (1.21.0 -> 1.22.0)
  gpgmeqt (1.21.0 -> 1.22.0)
  libupnp (1.14.17 -> 1.14.18)
  mutter
  php8 (8.2.8 -> 8.2.9)
  python-pexpect
  xz
  yast2-apparmor (4.6.1 -> 4.6.2)

=== Details ===

==== apache2-mod_php8 ====
Version update (8.2.8 -> 8.2.9)

- version update to 8.2.9
  * This is a security release.
  * Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106]
  * https://www.php.net/ChangeLog-8.php#8.2.9
- deleted patches
  - php-unicode-allow-redistribution.patch (upstreamed)
- deleted sources
  - repack.sh (not needed)

==== gnutls ====
Version update (3.8.0 -> 3.8.1)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit

- Fix missing GNUTLS_NO_EXTENSIONS compatibility.
  * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634
  * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
- tests: Fix the SRP test that fails with SIGPIPE signal return due
  to a socket being closed before using it.
  * Add gnutls-srp-test-SIGPIPE.patch
- Update to version 3.8.1:
  * libgnutls: ClientHello extensions are randomized by default
    To make fingerprinting harder, TLS extensions in ClientHello
    messages are shuffled. As this behavior may cause compatibility
    issue with legacy applications that do not accept the last
    extension without payload, the behavior can be reverted with the
    %NO_SHUFFLE_EXTENSIONS priority keyword.
  * libgnutls: Add support for RFC 9258 external PSK importer.
    This enables to deploy the same PSK across multiple TLS versions
    (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application
    needs to set up a callback that formats the PSK identity using
    gnutls_psk_format_imported_identity().
  * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to
    %GNUTLS_NO_DEFAULT_EXTENSIONS.
  * libgnutls: Add additional PBKDF limit checks in FIPS mode as
    defined in SP 800-132. Minimum salt length is 128 bits and
    minimum iterations bound is 1000 for PBKDF in FIPS mode.
  * libgnutls: Add a mechanism to control whether to enforce extended
    master secret (RFC 7627). FIPS 140-3 mandates the use of TLS
    session hash (extended master secret, EMS) in TLS 1.2. To enforce
    this, a new priority keyword %FORCE_SESSION_HASH is added and if
    it is set and EMS is not set, the peer aborts the connection. This
    behavior is the default in FIPS mode, though it can be overridden
    through the configuration file with the "tls-session-hash" option.
    In either case non-EMS PRF is reported as a non-approved operation
    through the FIPS service indicator.
  * New option --attime to specify current time.
    To make testing with different timestamp to the system easier, the
    tools doing certificate verification now provide a new option
  - -attime, which takes an arbitrary time.
  * API and ABI modifications:
    gnutls_psk_client_credentials_function3: New typedef
    gnutls_psk_server_credentials_function3: New typedef
    gnutls_psk_set_server_credentials_function3: New function
    gnutls_psk_set_client_credentials_function3: New function
    gnutls_psk_format_imported_identity: New function
    GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags
  * Rebase patches:
  - gnutls-FIPS-140-3-references.patch
  - gnutls-FIPS-jitterentropy.patch
  * Remove patches merged/fixed upstream:
  - gnutls-FIPS-PCT-DH.patch
  - gnutls-FIPS-PCT-ECDH.patch

==== gpgme ====
Version update (1.21.0 -> 1.22.0)
Subpackages: libgpgme11 libgpgmepp6

- Fix builds with qt and qt6 [T6673]:
  * qt,tests: Fix build in source directory. Include Qt binding
    sources before C++ binding sources and C sources. This fixes
    the problem that the debug.h in the C sources was found before
    the one in the Qt bindings.
  * build: Suggest out-of-source build. Suggest to run configure
    from a build subdirectory.
  * Add patches:
  - gpgme-qt-tests-Fix-build-in-source-directory.patch
  - gpgme-build-Suggest-out-of-source-build.patch
- Update to 1.22.0:
  * Prevent wrong plaintext when verifying clearsigned signature.
  * Return bad data error instead of general error on unexpected data.
  * Take care of offline mode for all operations of gpgsm engine.
  * Prepare the use of the forthcoming libassuan version 3.
  * New configure option --with-libtool-modification.
  * cpp: Expose gpgme_decrypt_result_t.is_mime.
  * qt: Clean up after failure or cancel of sign/encrypt archive operation.
  * qt: Add setInputEncoding to QGpgMe::EncryptJob.
  * qt: Make toLogString helper public.
  * Interface changes relative to the 1.21.0 release:
  - qt: EncryptJob::setInputEncoding           NEW.
  - qt: DecryptionResult::isMime               NEW.
  - qt: toLogString                            NEW.

==== gpgmeqt ====
Version update (1.21.0 -> 1.22.0)

- Fix builds with qt and qt6 [T6673]:
  * qt,tests: Fix build in source directory. Include Qt binding
    sources before C++ binding sources and C sources. This fixes
    the problem that the debug.h in the C sources was found before
    the one in the Qt bindings.
  * build: Suggest out-of-source build. Suggest to run configure
    from a build subdirectory.
  * Add patches:
  - gpgme-qt-tests-Fix-build-in-source-directory.patch
  - gpgme-build-Suggest-out-of-source-build.patch
- Update to 1.22.0:
  * Prevent wrong plaintext when verifying clearsigned signature.
  * Return bad data error instead of general error on unexpected data.
  * Take care of offline mode for all operations of gpgsm engine.
  * Prepare the use of the forthcoming libassuan version 3.
  * New configure option --with-libtool-modification.
  * cpp: Expose gpgme_decrypt_result_t.is_mime.
  * qt: Clean up after failure or cancel of sign/encrypt archive operation.
  * qt: Add setInputEncoding to QGpgMe::EncryptJob.
  * qt: Make toLogString helper public.
  * Interface changes relative to the 1.21.0 release:
  - qt: EncryptJob::setInputEncoding           NEW.
  - qt: DecryptionResult::isMime               NEW.
  - qt: toLogString                            NEW.

==== libupnp ====
Version update (1.14.17 -> 1.14.18)
Subpackages: libixml11 libupnp17

- Update to release 1.14.18
  * miniserver: fix busy loop on socket error

==== mutter ====
Subpackages: mutter-lang

- Add mutter-revert-window_draw_issues.patch: Revert commit
  43cee4b6:  Do clipped redraws when drawing offscreen
  (boo#1210744, glgo#GNOME/mutter#2771).

==== php8 ====
Version update (8.2.8 -> 8.2.9)
Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter

- version update to 8.2.9
  * This is a security release.
  * Fixes CVE-2023-3824 [bsc#1214103] and CVE-2023-3823 [bsc#1214106]
  * https://www.php.net/ChangeLog-8.php#8.2.9
- deleted patches
  - php-unicode-allow-redistribution.patch (upstreamed)
- deleted sources
  - repack.sh (not needed)

==== python-pexpect ====

- add 31fab7b0edbe9b3401507b5dfa4db6aaf3fabca5.patch
  dae602d37493bae239e0e8db5b3dabafebfd59db.patch: python 3.12 compat

==== xz ====
Subpackages: liblzma5 liblzma5-32bit xz-lang

- xznew: Remove bashsism.
- build: pass CONFIG_SHELL=/bin/sh to configure: the posix tools
  are setting the current SHELL as the shebang, which is overkill:
  any posix compliant shell, aka /bin/sh, is sufficient.

==== yast2-apparmor ====
Version update (4.6.1 -> 4.6.2)

- bsc#1214418
  - Fixed crash on internal error when scanning audit.log
- 4.6.2