SUSE-CU-2024:5826-1: Security update of bci/openjdk-devel

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Nov 27 17:02:24 UTC 2024 

SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5826-1
Container Tags        : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-30.21 , bci/openjdk-devel:latest
Container Release     : 30.21
Severity              : moderate
Type                  : security
References            : 1231347 1231428 CVE-2024-28168 
-----------------------------------------------------------------

The container bci/openjdk-devel was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4054-1
Released:    Tue Nov 26 06:05:40 2024
Summary:     Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
Type:        security
Severity:    moderate
References:  1231347,1231428,CVE-2024-28168
This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues:

xmlgraphics-fop was updated from version 2.8 to 2.10:
 
- Security issues fixed:

  * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428)
    
- Upstream changes and bugs fixed:

  * Version 2.10:

    + footnote-body ignores rl-tb writing mode
    + SVG tspan content is displayed out of place
    + Added new schema to handle pdf/a and pdfa/ua
    + Correct fop version at runtime
    + NoSuchElementException when using font with no family name
    + Resolve classpath for binary distribution
    + Switch to spotbugs
    + Set an automatic module name
    + Rename packages to avoid conflicts with modules
    + Resize table only for multicolumn page
    + Missing jars in servlet
    + Optimise performance of PNG with alpha using raw loader
    + basic-link not navigating to corresponding footnote
    + Added option to sign PDF
    + Added secure processing for XSL input
    + Allow sections which need security permissions to be run when AllPermission denied in caller code
    + Remove unused PDFStructElem
    + Remove space generated by fo:wrapper
    + Reset content length for table changing ipd
    + Added alt text to PDF signature
    + Allow change of resource level for SVG in AFP
    + Exclude shape not in clipping path for AFP
    + Only support 1 column for redo of layout without page pos only
    + Switch to Jakarta servlet API
    + NPE when list item is split alongside an ipd change
    + Added mandatory MODCA triplet to AFP
    + Redo layout for multipage columns
    + Added image mask option for AFP
    + Skip written block ipds inside float
    + Allow curly braces for src url
    + Missing content for last page with change ipd
    + Added warning when different pdf languages are used
    + Only restart line manager when there is a linebreak for blocklayout

  * Version 2.9:

    + Values in PDF Number Trees must be indirect references
    + Do not delete files on syntax errors using command line
    + Surrogate pair edge-case causes Exception
    + Reset character spacing
    + SVG text containing certain glyphs isn't rendered
    + Remove duplicate classes from maven classpath
    + Allow use of page position only on redo of layout
    + Failure to render multi-block itemBody alongside float
    + Update to PDFBox 2.0.27
    + NPE if link destination is missing with accessibility
    + Make property cache thread safe
    + Font size was rounded to 0 for AFP TTF
    + Cannot process a SVG using mvn jars
    + Remove serializer jar
    + Allow creating a PDF 2.0 document
    + Text missing after page break inside table inline
    + IllegalArgumentException for list in a table
    + Table width may be too wide when layout width changes
    + NPE when using broken link and PDF 1.5
    + Allow XMP at PDF page level
    + Symbol font was not being mapped to unicode
    + Correct font differences table for Chrome
    + Link against Java 8 API
    + Added support for font-selection-strategy=character-by-character
    + Merge form fields in external PDFs
    + Fixed test for Java 11

xmlgraphics-batik was updated from version 1.17 to 1.18:

- PNG transcoder references nonexistent class
- Set offset to 0 if missing in stop tag
- Validate throws NPE
- Fixed missing arabic characters
- Animated rotate tranform ignores y-origin at exactly 270 degrees
- Set an automatic module name
- Ignore inkscape properties
- Switch to spotbugs
- Allow source and target resolution configuration

xmlgraphics-commons was updated from version 2.8 to 2.10:

- Fixed test for Java 11
- Allow XMP at PDF page level
- Allow source resolution configuration
- Added new schema to handle pdf/a and pdfa/ua
- Set an automatic module name
- Switch to spotbugs
- Do not use a singleton for ImageImplRegistry

javapackages-tools was updated from version 6.3.0 to 6.3.4:

- Version 6.3.4:

  * A corner case when which is not present
  * Remove dependency on which
  * Simplify after the which -> type -p change
  * jpackage_script: Remove pointless assignment when %java_home is unset
  * Don't export JAVA_HOME (bsc#1231347)

- Version 6.3.2:

  * Search for JAVACMD under JAVA_HOME only if it's set
  * Obsolete set_jvm and set_jvm_dirs functions
  * Drop unneeded _set_java_home function
  * Remove JAVA_HOME check from check_java_env function
  * Bump codecov/codecov-action from 2.0.2 to 4.6.0
  * Bump actions/setup-python from 4 to 5
  * Bump actions/checkout from 2 to 4
  * Added custom dependabot config
  * Remove the test for JAVA_HOME and error if it is not set
  * java-functions: Remove unneeded local variables
  * Fixed build status shield

- Version 6.3.1:

  * Allow missing components with abs2rel
  * Fixed tests with python 3.4
  * Sync spec file from Fedora
  * Drop default JRE/JDK
  * Fixed the use of java-functions in scripts
  * Test that we don't bomb on <relativePath/>
  * Test variable expansion in artifactId
  * Interpolate properties also in the current artifact
  * Rewrite abs2rel in shell
  * Use asciidoctor instead of asciidoc
  * Fixed incompatibility with RPM 4.20
  * Reproducible exclusions order in maven metadata
  * Do not bomb on <relativePath/> construct
  * Make maven_depmap order of aliases reproducible


The following package changes have been done:

- javapackages-filesystem-6.3.4-150200.3.15.1 updated
- javapackages-tools-6.3.4-150200.3.15.1 updated
- container:bci-openjdk-21-97957e56cde0e6c088f10c802046cb09a6fe27dd85c3f6dd473f51949a161dca-0 updated

More information about the sle-container-updates mailing list