Packages changed: libgsm (1.0.19 -> 1.0.20) mozilla-nss (3.79 -> 3.80) nano pandoc (2.17.1.1 -> 2.18) xen (4.16.1_02 -> 4.16.1_06) === Details === ==== libgsm ==== Version update (1.0.19 -> 1.0.20) - Update to 1.0.20: * Use $(RMFLAGS) with the rms in the Makefile; add -f to $(RMFLAGS) to avoid spurious error messages during build. - Rebase and rename libgsm-1.0.20.patch from libgsm-1.0.13.patch. - Rebase libgsm-include.patch. ==== mozilla-nss ==== Version update (3.79 -> 3.80) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. ==== nano ==== Subpackages: nano-lang - Added obs-channel-and-patchinfo-syntax.patch to support syntax highlighting for _channel and _patchinfo files used by OBS ==== pandoc ==== Version update (2.17.1.1 -> 2.18) - Update pandoc to version 2.18. [#]# pandoc 2.18 (2022-04-22) * New input formats: `endnotexml` (EndNote XML bibliography), `ris` (RIS bibliography). * A RIS bibliography file may now be used with `--citeproc`. * Citeproc: Allow a formatted bibliography to be placed in metadata fields via a Div with class `refs` (#7969, #526). Thus, one can include a metadata field, say `refs`, whose content is an empty div with id `refs`, and the formatted bibliography will be put into this metadata field. It may then be interpolated into a template using the variable `refs`. * Ensure that you don't get PDF output to terminal. `-t pdf` now behaves like `-t docx` and gives an error unless the output is redirected. * `--version` now prints hslua version (#7929) and Lua version (#7997, Albert Krewinkel). * Change `--metadata-file` parsing so that, when the input format is not markdown or a markdown variant, pandoc's markdown is used (#6832, #7926). When the input format is a markdown variant, the same format is used. Reason for the change: it doesn't make sense to run the markdown parser with a set of extensions designed for a non-markdown format, and this dramatically limits what people can do in metadata files. * Trim whitespace from math in `--webtex` (#7892). This fixes problems with --webtex and markdown output, when display math starts or ends with a newline. * New exported module Text.Pandoc.Readers.EndNote, exporting `readEndNoteXML`, `readEndNoteXMLCitation`, and `readEndNoteXMLReferences`. [API change] * `--self-contained`: issue warning rather than failing with an error if a resource can't be found (#7904). * New exported module, Text.Pandoc.Readers.RIS, exporting `readRIS` (#7894). * LaTeX reader: + Handle subequations as inline math environment (#7883). + Rudimentary support for `vbox` (#7939). + Support `\today` (#7905). + Handle `\label` and `\ref` for footnotes (#7930). + Allow inline groups starting with `\bgroup` (#7953). + Use custom TokStream that keeps track of whether macros are expanded. This allows us to improve performance a bit by avoiding unnecessary runs of the macro expansion code (e.g. from 24 ms to 20 ms on our standard benchmark). + Further optimizations for inline parsing. + Better handling of `\usepackage`. If the package is local but causes parse errors, parse everything up to the error and skip the rest. Issue a `CouldNotParseIncludeFile` warning indicating that parsing failed at that point. + Text.Pandoc.Readers.LaTeX.Parsing: Monoid and Semigroup instances for TokStream. * HTML reader: + Give warnings and emit empty note when parsing `` and the identifier doesn't correspond to anything in the note table (#7884). Previously we just silently skipped these cases. + Fix parsing of epub footnotes (#7884). * DocBook reader: + Handle complete set of entities as specified at (#7938). + Handle abstract in info section (#7747). + Improve info parsing. + Simplify metadata parsing code (#7747). Handle abstract as block-level content. Report skipped info elements with `--verbose`. + Handle address and coyright in metadata (#7747). * DokuWiki reader: + Add DokuWiki table alignment (#5202, damon-sava-stanley). * RST reader: + Fix treatment of headerless simple tables (#7902). + Wrap math in Span to preserve attributes (#7998, Albert Krewinkel). Math elements with a name, classes, or other fields are wrapped in a `Span` with these attributes. * JATS reader: + Improve handling of fn-group elements (#6348, Albert Krewinkel). Footnotes in `` elements are collected and re-inserted into the document as proper footnotes in the place where they are referenced. + Handle `pub-date` (#8000). + Support PMID, DOI, issue in citations (#7995). + Improve refs parsing. Handle `issn` and `isbn`; use simpler form for issued date. + Strip 'ref-' from ref id in constructing CSL id. This allows better round-tripping, because the JATS writer adds the `ref-` prefix to the citation id to get the ref element's id. * Org reader: + Allow ":" in property drawer keys (Lucas V. R). Any non-space character is allowed as property drawer key, including ":" itself (so it is not really a delimiter). The real delimiter is a space character, so in a drawer like ``` :PROPERTIES: ::k:ey:: value :END: ``` ":k:ey:" is a key with value "value". + Allow comments above property drawer. + More flexible LaTeX environments (Lucas V. R). + Handle `#+bibliography:` as metadata so that it can work with `--citeproc`. + Parse `#+print_bibliography:` as Div with id `refs`. + Allow multiple `#+bibliography:`. * Markdown reader: + Allow one-column pipe tables with pipe on right (#7919). ... changelog too long, skipping 171 lines ... with hslua 2.1 and Lua 5.3, otherwise hslua 2.2 and Lua 5.4. ==== xen ==== Version update (4.16.1_02 -> 4.16.1_06) - Added --disable-pvshim when running configure in xen.spec. We have never shipped the shim and don't need to build it. - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch - bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch - bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch - Upstream bug fixes (bsc#1027519) 62a99614-IOMMU-x86-gcc12.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch - Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch - bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch - Fix gcc13 compilation error 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch