openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler-data_0.4.12.bb Normal file
View File

@@ -0,0 +1,36 @@
SUMMARY = "Encoding files for Poppler"
DESCRIPTION = "Encoding files for use with poppler that enable poppler to \
correctly render CJK and Cyrrilic."
HOMEPAGE = "https://poppler.freedesktop.org/"
LICENSE = "BSD-3-Clause & GPL-2.0-only & GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=96287d49ec274d9c3222b5f966c132fd \
file://COPYING.adobe;md5=a790726a74164c30b5de1ef93fd69e99 \
file://COPYING.gpl2;md5=751419260aa954499f7abaabaa882bbe \
"
inherit allarch
INHIBIT_DEFAULT_DEPS = "1"
CMAP_RESOURCES_BASE = "https://github.com/adobe-type-tools/cmap-resources/raw/0561ebca035813ed04c3485bca636a0aa7abdc1d/cmapresources_identity-0/CMap"
SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.gz \
${CMAP_RESOURCES_BASE}/Identity-H;name=idh \
${CMAP_RESOURCES_BASE}/Identity-V;name=idv"
SRC_URI[sha256sum] = "c835b640a40ce357e1b83666aabd95edffa24ddddd49b8daff63adb851cdab74"
SRC_URI[idh.md5sum] = "009c93cf0141ab7bd6acb7eea14306cc"
SRC_URI[idh.sha256sum] = "ae702c203a82ea124e9b96590f821db6fbf8754e2c4547a9dba0e82f94739e95"
SRC_URI[idv.md5sum] = "2f32a45d43d001c26eeac6b878855fbf"
SRC_URI[idv.sha256sum] = "89a85daf7031e93c883e76b9168a226dfd585bf5506e9e1956772163f15cb082"
do_compile() {
}
do_install() {
oe_runmake install DESTDIR=${D} prefix=${prefix} datadir=${datadir}
install -d ${D}${datadir}/poppler/cMap
install -m644 ${WORKDIR}/Identity-* ${D}${datadir}/poppler/cMap/
}
FILES:${PN} += "${datadir}"

55
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-Do-not-overwrite-all-our-build-flags.patch Normal file
View File

@@ -0,0 +1,55 @@
From b6fc6c36d359a50503138cd87d7147faf6dff893 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
Date: Sat, 17 Mar 2018 20:52:10 +0100
Subject: [PATCH] Do not overwrite all our build flags
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
cmake/modules/PopplerMacros.cmake | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/cmake/modules/PopplerMacros.cmake b/cmake/modules/PopplerMacros.cmake
index 2aed028..3c30f3f 100644
--- a/cmake/modules/PopplerMacros.cmake
+++ b/cmake/modules/PopplerMacros.cmake
@@ -117,13 +117,13 @@ if(CMAKE_COMPILER_IS_GNUCXX)
set(DEFAULT_COMPILE_WARNINGS "${_warn}")
set(DEFAULT_COMPILE_WARNINGS_EXTRA "${_warn} ${_warnx}")
- set(CMAKE_CXX_FLAGS "-fno-exceptions -fno-check-new -fno-common -fno-operator-names -D_DEFAULT_SOURCE")
+ set(CMAKE_CXX_FLAGS "-fno-exceptions -fno-check-new -fno-common -fno-operator-names -D_DEFAULT_SOURCE ${_save_cxxflags}")
set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "-O2 -g")
set(CMAKE_CXX_FLAGS_RELEASE "-O2 -DNDEBUG")
set(CMAKE_CXX_FLAGS_DEBUG "-g -O2 -fno-reorder-blocks -fno-schedule-insns -fno-inline")
set(CMAKE_CXX_FLAGS_DEBUGFULL "-g3 -fno-inline")
set(CMAKE_CXX_FLAGS_PROFILE "-g3 -fno-inline -ftest-coverage -fprofile-arcs")
- set(CMAKE_C_FLAGS "-std=c99 -D_DEFAULT_SOURCE")
+ set(CMAKE_C_FLAGS "-std=c99 -D_DEFAULT_SOURCE ${_save_cflags}")
set(CMAKE_C_FLAGS_RELWITHDEBINFO "-O2 -g")
set(CMAKE_C_FLAGS_RELEASE "-O2 -DNDEBUG")
set(CMAKE_C_FLAGS_DEBUG "-g -O2 -fno-reorder-blocks -fno-schedule-insns -fno-inline")
@@ -161,14 +161,14 @@ if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
set(DEFAULT_COMPILE_WARNINGS "${_warn}")
set(DEFAULT_COMPILE_WARNINGS_EXTRA "${_warn} ${_warnx}")
- set(CMAKE_CXX_FLAGS "-fno-exceptions -fno-check-new -fno-common -D_DEFAULT_SOURCE")
+ set(CMAKE_CXX_FLAGS "-fno-exceptions -fno-check-new -fno-common -D_DEFAULT_SOURCE ${_save_cxxflags}")
set(CMAKE_CXX_FLAGS_RELWITHDEBINFO "-O2 -g")
set(CMAKE_CXX_FLAGS_RELEASE "-O2 -DNDEBUG")
# clang does not support -fno-reorder-blocks -fno-schedule-insns, so do not use -O2
set(CMAKE_CXX_FLAGS_DEBUG "-g")
set(CMAKE_CXX_FLAGS_DEBUGFULL "-g3 -fno-inline")
set(CMAKE_CXX_FLAGS_PROFILE "-g3 -fno-inline -ftest-coverage -fprofile-arcs")
- set(CMAKE_C_FLAGS "-std=c99 -D_DEFAULT_SOURCE")
+ set(CMAKE_C_FLAGS "-std=c99 -D_DEFAULT_SOURCE ${_save_cflags}")
set(CMAKE_C_FLAGS_RELWITHDEBINFO "-O2 -g")
set(CMAKE_C_FLAGS_RELEASE "-O2 -DNDEBUG")
# clang does not support -fno-reorder-blocks -fno-schedule-insns, so do not use -O2
--
2.25.1

192
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/0001-cmake-Do-not-use-isystem.patch Normal file
View File

@@ -0,0 +1,192 @@
From 04686340c4cd375a17d60d31bf6943367cc33214 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 21 Jan 2023 03:09:08 -0800
Subject: [PATCH] cmake: Do not use -isystem
isystem dirs are searched before the regular system dirs
this exposes an interesting include ordering problem when using
clang + libc++, when including C++ headers like <cstdlib>
cstdlib includes stdlib.h and in case of libc++, this should be coming
from libc++ as well, which is then eventually including system stdlib.h
libc++ has added a check for checking this order recently, which means
if cstlib ends up including system stdlib.h before libc++ provided
stdlib.h it errors out
/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/thrift/0.17.0-r0/recipe-sysroot/usr/include/c++/v1/cstdlib:90:5: error: <cstdlib> tried including <stdlib.h> but didn't find libc++'s <stdlib.h> header. This usually means that your header search paths are not configured properly. The header search paths should contain the C++ Standard Library headers before any C Standard Library, and you are probably using compiler flags that make that not be the case.
^
The reason is that include_directories with SYSTEM property adds the
directory via -system and some of these directories point to sysroot
e.g. OPENSSL_INCLUDE_DIR which ends up adding -isystem
<sysroot>/usr/include and causes the system stdlib.h to included before
libc++ stdlib.h
A fix is to use -idirafter which preserved the effects of system headers
but instead of prepending, it will append to system headers and the
issue is addressed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
Upstream-Status: Pending
CMakeLists.txt | 4 ++--
glib/CMakeLists.txt | 4 ++--
qt5/src/CMakeLists.txt | 4 ++--
qt6/src/CMakeLists.txt | 4 ++--
test/CMakeLists.txt | 6 +++---
utils/CMakeLists.txt | 10 +++++-----
6 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c6c757c..5f1c540 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -603,10 +603,10 @@ add_library(poppler ${poppler_SRCS})
if (OpenJPEG_FOUND)
# check if we can remove this when we depend on newer openjpeg versions, 2.5 seems fixed
# target openjp2 may lack interface include directories
- target_include_directories(poppler SYSTEM PRIVATE ${OPENJPEG_INCLUDE_DIRS})
+ target_include_directories(poppler PRIVATE ${OPENJPEG_INCLUDE_DIRS})
endif()
if(USE_CMS)
- target_include_directories(poppler SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(poppler PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
generate_export_header(poppler BASE_NAME poppler-private EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/poppler_private_export.h")
set_target_properties(poppler PROPERTIES VERSION 127.0.0 SOVERSION 127)
diff --git a/glib/CMakeLists.txt b/glib/CMakeLists.txt
index 52e8687..08ab39a 100644
--- a/glib/CMakeLists.txt
+++ b/glib/CMakeLists.txt
@@ -4,7 +4,7 @@ include_directories(
)
include_directories(
- SYSTEM
+
${GLIB2_INCLUDE_DIRS}
${CAIRO_INCLUDE_DIRS}
)
@@ -96,7 +96,7 @@ if(MINGW AND BUILD_SHARED_LIBS)
set_target_properties(poppler-glib PROPERTIES SUFFIX "-${POPPLER_GLIB_SOVERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}")
endif()
target_link_libraries(poppler-glib poppler PkgConfig::GLIB2 ${CAIRO_LIBRARIES} Freetype::Freetype)
-target_include_directories(poppler-glib SYSTEM PRIVATE ${CAIRO_INCLUDE_DIRS})
+target_include_directories(poppler-glib PRIVATE ${CAIRO_INCLUDE_DIRS})
install(TARGETS poppler-glib RUNTIME DESTINATION bin LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
install(FILES
diff --git a/qt5/src/CMakeLists.txt b/qt5/src/CMakeLists.txt
index 5db3a6c..f242d29 100644
--- a/qt5/src/CMakeLists.txt
+++ b/qt5/src/CMakeLists.txt
@@ -45,11 +45,11 @@ if(MINGW AND BUILD_SHARED_LIBS)
endif()
target_link_libraries(poppler-qt5 poppler Qt5::Core Qt5::Gui Qt5::Xml Freetype::Freetype)
if (ENABLE_NSS3)
- target_include_directories(poppler-qt5 SYSTEM PRIVATE ${NSS3_INCLUDE_DIRS})
+ target_include_directories(poppler-qt5 PRIVATE ${NSS3_INCLUDE_DIRS})
endif()
if(USE_CMS)
target_link_libraries(poppler-qt5 poppler ${LCMS2_LIBRARIES})
- target_include_directories(poppler-qt5 SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(poppler-qt5 PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
install(TARGETS poppler-qt5 RUNTIME DESTINATION bin LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
diff --git a/qt6/src/CMakeLists.txt b/qt6/src/CMakeLists.txt
index cd91975..6c42e12 100644
--- a/qt6/src/CMakeLists.txt
+++ b/qt6/src/CMakeLists.txt
@@ -45,11 +45,11 @@ if(MINGW AND BUILD_SHARED_LIBS)
endif()
target_link_libraries(poppler-qt6 poppler Qt6::Core Qt6::Gui Freetype::Freetype)
if (ENABLE_NSS3)
- target_include_directories(poppler-qt6 SYSTEM PRIVATE ${NSS3_INCLUDE_DIRS})
+ target_include_directories(poppler-qt6 PRIVATE ${NSS3_INCLUDE_DIRS})
endif()
if(USE_CMS)
target_link_libraries(poppler-qt6 poppler ${LCMS2_LIBRARIES})
- target_include_directories(poppler-qt6 SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(poppler-qt6 PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
install(TARGETS poppler-qt6 RUNTIME DESTINATION bin LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index afa1352..9bd3b9a 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -23,7 +23,7 @@ if (GTK_FOUND)
)
poppler_add_test(gtk-test BUILD_GTK_TESTS ${gtk_splash_test_SRCS})
target_link_libraries(gtk-test ${CAIRO_LIBRARIES} poppler-glib PkgConfig::GTK3)
- target_include_directories(gtk-test SYSTEM PRIVATE ${CAIRO_INCLUDE_DIRS})
+ target_include_directories(gtk-test PRIVATE ${CAIRO_INCLUDE_DIRS})
if (HAVE_CAIRO)
@@ -35,7 +35,7 @@ if (GTK_FOUND)
)
poppler_add_test(pdf-inspector BUILD_GTK_TESTS ${pdf_inspector_SRCS})
target_link_libraries(pdf-inspector ${CAIRO_LIBRARIES} Freetype::Freetype ${common_libs} PkgConfig::GTK3 poppler)
- target_include_directories(pdf-inspector SYSTEM PRIVATE ${CAIRO_INCLUDE_DIRS})
+ target_include_directories(pdf-inspector PRIVATE ${CAIRO_INCLUDE_DIRS})
target_compile_definitions(pdf-inspector PRIVATE -DSRC_DIR="${CMAKE_CURRENT_SOURCE_DIR}")
endif ()
@@ -59,7 +59,7 @@ if (HAVE_CAIRO)
)
add_executable(cairo-thread-test ${cairo_thread_test_SRCS})
target_link_libraries(cairo-thread-test ${CAIRO_LIBRARIES} Freetype::Freetype Threads::Threads poppler)
- target_include_directories(cairo-thread-test SYSTEM PRIVATE ${CAIRO_INCLUDE_DIRS})
+ target_include_directories(cairo-thread-test PRIVATE ${CAIRO_INCLUDE_DIRS})
endif ()
endif ()
diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt
index 1c3ebcb..bc1840a 100644
--- a/utils/CMakeLists.txt
+++ b/utils/CMakeLists.txt
@@ -16,7 +16,7 @@ add_executable(pdftoppm ${pdftoppm_SOURCES})
target_link_libraries(pdftoppm ${common_libs})
if(LCMS2_FOUND)
target_link_libraries(pdftoppm ${LCMS2_LIBRARIES})
- target_include_directories(pdftoppm SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(pdftoppm PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
install(TARGETS pdftoppm DESTINATION bin)
install(FILES pdftoppm.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
@@ -37,10 +37,10 @@ if (HAVE_CAIRO)
add_definitions(${CAIRO_CFLAGS})
add_executable(pdftocairo ${pdftocairo_SOURCES})
target_link_libraries(pdftocairo ${CAIRO_LIBRARIES} Freetype::Freetype ${common_libs})
- target_include_directories(pdftocairo SYSTEM PRIVATE ${CAIRO_INCLUDE_DIRS})
+ target_include_directories(pdftocairo PRIVATE ${CAIRO_INCLUDE_DIRS})
if(LCMS2_FOUND)
target_link_libraries(pdftocairo ${LCMS2_LIBRARIES})
- target_include_directories(pdftocairo SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(pdftocairo PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
install(TARGETS pdftocairo DESTINATION bin)
install(FILES pdftocairo.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
@@ -99,7 +99,7 @@ if (ENABLE_NSS3)
pdfsig.cc
)
add_executable(pdfsig ${pdfsig_SOURCES})
- target_include_directories(pdfsig SYSTEM PRIVATE ${NSS3_INCLUDE_DIRS})
+ target_include_directories(pdfsig PRIVATE ${NSS3_INCLUDE_DIRS})
target_link_libraries(pdfsig ${common_libs})
install(TARGETS pdfsig DESTINATION bin)
install(FILES pdfsig.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
@@ -114,7 +114,7 @@ add_executable(pdftops ${pdftops_SOURCES})
target_link_libraries(pdftops ${common_libs})
if(LCMS2_FOUND)
target_link_libraries(pdftops ${LCMS2_LIBRARIES})
- target_include_directories(pdftops SYSTEM PRIVATE ${LCMS2_INCLUDE_DIR})
+ target_include_directories(pdftops PRIVATE ${LCMS2_INCLUDE_DIR})
endif()
install(TARGETS pdftops DESTINATION bin)
install(FILES pdftops.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)

46
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch Normal file
View File

@@ -0,0 +1,46 @@
From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Fri, 18 Aug 2023 11:36:06 +0000
Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
Fixes #1399
CVE: CVE-2023-34872
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/Outline.cc | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/poppler/Outline.cc b/poppler/Outline.cc
index cbb6cb4..4c68be9 100644
--- a/poppler/Outline.cc
+++ b/poppler/Outline.cc
@@ -14,7 +14,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
// Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
// Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
@@ -483,8 +483,12 @@ void OutlineItem::open()
{
if (!kids) {
Object itemDict = xref->fetch(ref);
- const Object &firstRef = itemDict.dictLookupNF("First");
- kids = readItemList(this, &firstRef, xref, doc);
+ if (itemDict.isDict()) {
+ const Object &firstRef = itemDict.dictLookupNF("First");
+ kids = readItemList(this, &firstRef, xref, doc);
+ } else {
+ kids = new std::vector<OutlineItem *>();
+ }
}
}
--
2.35.5

77
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2024-56378.patch Normal file
View File

@@ -0,0 +1,77 @@
From ade9b5ebed44b0c15522c27669ef6cdf93eff84e Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 17 Dec 2024 18:59:01 +0100
Subject: [PATCH] JBIG2Bitmap::combine: Fix crash on malformed files
Fixes #1553
CVE: CVE-2024-56378
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/JBIG2Stream.cc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 77ffeb2..bdc51d0 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -765,7 +765,7 @@ void JBIG2Bitmap::duplicateRow(int yDest, int ySrc)
void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp)
{
- int x0, x1, y0, y1, xx, yy;
+ int x0, x1, y0, y1, xx, yy, yyy;
unsigned char *srcPtr, *destPtr;
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
@@ -812,14 +812,17 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
oneByte = x0 == ((x1 - 1) & ~7);
for (yy = y0; yy < y1; ++yy) {
- if (unlikely((y + yy >= h) || (y + yy < 0))) {
+ if (unlikely(checkedAdd(y, yy, &yyy))) {
+ continue;
+ }
+ if (unlikely((yyy >= h) || (yyy < 0))) {
continue;
}
// one byte per line -- need to mask both left and right side
if (oneByte) {
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
dest = *destPtr;
src1 = *srcPtr;
@@ -842,7 +845,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
}
*destPtr = dest;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
dest = *destPtr;
src1 = *srcPtr;
@@ -872,7 +875,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
// left-most byte
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
src1 = *srcPtr++;
dest = *destPtr;
@@ -896,7 +899,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
*destPtr++ = dest;
xx = x0 + 8;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
src1 = *srcPtr++;
xx = x0;
--
2.40.0

1275
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0001.patch Normal file
View File

File diff suppressed because it is too large Load Diff

111
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2024-6239-0002.patch Normal file
View File

@@ -0,0 +1,111 @@
From 0554731052d1a97745cb179ab0d45620589dd9c4 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Fri, 17 Jun 2024 00:54:55 +0200
Subject: [PATCH] pdfinfo: Fix crash in broken documents when using -dests
CVE: CVE-2024-6239
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
utils/pdfinfo.cc | 35 +++++++++++++++--------------------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/utils/pdfinfo.cc b/utils/pdfinfo.cc
index 2057d22..5f96b41 100644
--- a/utils/pdfinfo.cc
+++ b/utils/pdfinfo.cc
@@ -15,7 +15,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2006 Dom Lachowicz <cinamod@hotmail.com>
-// Copyright (C) 2007-2010, 2012, 2016-2022 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2007-2010, 2012, 2016-2022, 2024 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2010 Hib Eris <hib@hiberis.nl>
// Copyright (C) 2011 Vittal Aithal <vittal.aithal@cognidox.com>
// Copyright (C) 2012, 2013, 2016-2018, 2021 Adrian Johnson <ajohnson@redneon.com>
@@ -112,16 +112,21 @@ static const ArgDesc argDesc[] = { { "-f", argInt, &firstPage, 0, "first page to
{ "-?", argFlag, &printHelp, 0, "print usage information" },
{} };
-static void printTextString(const GooString *s, const UnicodeMap *uMap)
+static void printStdTextString(const std::string &s, const UnicodeMap *uMap)
{
char buf[8];
- std::vector<Unicode> u = TextStringToUCS4(s->toStr());
+ const std::vector<Unicode> u = TextStringToUCS4(s);
for (const auto &c : u) {
int n = uMap->mapUnicode(c, buf, sizeof(buf));
fwrite(buf, 1, n, stdout);
}
}
+static void printTextString(const GooString *s, const UnicodeMap *uMap)
+{
+ printStdTextString(s->toStr(), uMap);
+}
+
static void printUCS4String(const Unicode *u, int len, const UnicodeMap *uMap)
{
char buf[8];
@@ -293,11 +298,6 @@ static void printStruct(const StructElement *element, unsigned indent)
}
}
-struct GooStringCompare
-{
- bool operator()(GooString *lhs, GooString *rhs) const { return lhs->cmp(const_cast<GooString *>(rhs)) < 0; }
-};
-
static void printLinkDest(const std::unique_ptr<LinkDest> &dest)
{
GooString s;
@@ -368,29 +368,25 @@ static void printLinkDest(const std::unique_ptr<LinkDest> &dest)
static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap)
{
- std::map<Ref, std::map<GooString *, std::unique_ptr<LinkDest>, GooStringCompare>> map;
+ std::map<Ref, std::map<std::string, std::unique_ptr<LinkDest>>> map;
int numDests = doc->getCatalog()->numDestNameTree();
for (int i = 0; i < numDests; i++) {
- GooString *name = new GooString(doc->getCatalog()->getDestNameTreeName(i));
+ const GooString *name = doc->getCatalog()->getDestNameTreeName(i);
std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestNameTreeDest(i);
- if (dest && dest->isPageRef()) {
+ if (name && dest && dest->isPageRef()) {
Ref pageRef = dest->getPageRef();
- map[pageRef].insert(std::make_pair(name, std::move(dest)));
- } else {
- delete name;
+ map[pageRef].insert(std::make_pair(name->toStr(), std::move(dest)));
}
}
numDests = doc->getCatalog()->numDests();
for (int i = 0; i < numDests; i++) {
- GooString *name = new GooString(doc->getCatalog()->getDestsName(i));
+ const char *name = doc->getCatalog()->getDestsName(i);
std::unique_ptr<LinkDest> dest = doc->getCatalog()->getDestsDest(i);
- if (dest && dest->isPageRef()) {
+ if (name && dest && dest->isPageRef()) {
Ref pageRef = dest->getPageRef();
map[pageRef].insert(std::make_pair(name, std::move(dest)));
- } else {
- delete name;
}
}
@@ -404,9 +400,8 @@ static void printDestinations(PDFDoc *doc, const UnicodeMap *uMap)
printf("%4d ", i);
printLinkDest(it.second);
printf(" \"");
- printTextString(it.first, uMap);
+ printStdTextString(it.first, uMap);
printf("\"\n");
- delete it.first;
}
}
}
--
2.40.0

28
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2025-32364.patch Normal file
View File

@@ -0,0 +1,28 @@
From d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 24 Mar 2025 00:44:54 +0100
Subject: [PATCH] PSStack::roll: Protect against doing int = -INT_MIN
CVE: CVE-2025-32364
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/Function.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/poppler/Function.cc b/poppler/Function.cc
index 043ae8e..65888a0 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -1066,7 +1066,7 @@ void PSStack::roll(int n, int j)
PSObject obj;
int i, k;
- if (unlikely(n == 0)) {
+ if (unlikely(n == 0 || j == INT_MIN)) {
return;
}
if (j >= 0) {
--
2.40.0

41
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2025-32365.patch Normal file
View File

@@ -0,0 +1,41 @@
From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 31 Mar 2025 14:35:49 +0200
Subject: [PATCH] Move isOk check to inside JBIG2Bitmap::combine
CVE: CVE-2025-32365
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/JBIG2Stream.cc | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index bdc51d0..2974493 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -770,6 +770,10 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
+ if (unlikely(!isOk())) {
+ return;
+ }
+
// check for the pathological case where y = -2^31
if (y < -0x7fffffff) {
return;
@@ -2200,9 +2204,7 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
if (pageH == 0xffffffff && y + h > curPageH) {
pageBitmap->expand(y + h, pageDefPixel);
}
- if (pageBitmap->isOk()) {
- pageBitmap->combine(bitmap.get(), x, y, extCombOp);
- }
+ pageBitmap->combine(bitmap.get(), x, y, extCombOp);
// store the region bitmap
} else {
--
2.40.0

75
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2025-43903-0001.patch Normal file
View File

@@ -0,0 +1,75 @@
From 33672ca1b6670f7378e24f6d475438f7f5d86b05 Mon Sep 17 00:00:00 2001
From: Sune Vuorela <sune@vuorela.dk>
Date: Mon, 22 May 2023 19:53:08 +0000
Subject: [PATCH] Fix crash with weird hashing used for signatures
CVE: CVE-2025-43903
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/33672ca1b6670f7378e24f6d475438f7f5d86b05]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/SignatureHandler.cc | 15 ++++++++++++---
poppler/SignatureHandler.h | 7 ++++++-
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 9916300..f0b7006 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -768,11 +768,11 @@ SignatureVerificationHandler::SignatureVerificationHandler(std::vector<unsigned
SECItem usedAlgorithm = NSS_CMSSignedData_GetDigestAlgs(CMSSignedData)[0]->algorithm;
auto hashAlgorithm = SECOID_FindOIDTag(&usedAlgorithm);
HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashAlgorithm);
- hashContext = std::make_unique<HashContext>(ConvertHashTypeFromNss(hashType));
+ hashContext = HashContext::create(ConvertHashTypeFromNss(hashType));
}
}
-SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(std::make_unique<HashContext>(digestAlgTag)), signing_cert(nullptr)
+SignatureSignHandler::SignatureSignHandler(const std::string &certNickname, HashAlgorithm digestAlgTag) : hashContext(HashContext::create(digestAlgTag)), signing_cert(nullptr)
{
SignatureHandler::setNSSDir({});
signing_cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), certNickname.c_str());
@@ -1232,7 +1232,16 @@ std::vector<unsigned char> HashContext::endHash()
return digestBuffer;
}
-HashContext::HashContext(HashAlgorithm algorithm) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+HashContext::HashContext(HashAlgorithm algorithm, private_tag) : hash_context { HASH_Create(HASH_GetHashTypeByOidTag(ConvertHashAlgorithmToNss(algorithm))) }, digest_alg_tag(algorithm) { }
+
+std::unique_ptr<HashContext> HashContext::create(HashAlgorithm algorithm)
+{
+ auto ctx = std::make_unique<HashContext>(algorithm, private_tag {});
+ if (ctx->hash_context) {
+ return ctx;
+ }
+ return {};
+}
HashAlgorithm HashContext::getHashAlgorithm() const
{
diff --git a/poppler/SignatureHandler.h b/poppler/SignatureHandler.h
index c9fb575..f1b319f 100644
--- a/poppler/SignatureHandler.h
+++ b/poppler/SignatureHandler.h
@@ -51,12 +51,17 @@ static const int maxSupportedSignatureSize = 10000;
class HashContext
{
+ class private_tag
+ {
+ };
+
public:
- explicit HashContext(HashAlgorithm algorithm);
+ HashContext(HashAlgorithm algorithm, private_tag);
void updateHash(unsigned char *data_block, int data_len);
std::vector<unsigned char> endHash();
HashAlgorithm getHashAlgorithm() const;
~HashContext() = default;
+ static std::unique_ptr<HashContext> create(HashAlgorithm algorithm);
private:
struct HashDestroyer
--
2.40.0

49
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/CVE-2025-43903-0002.patch Normal file
View File

@@ -0,0 +1,49 @@
From f1b9c830f145a0042e853d6462b2f9ca4016c669 Mon Sep 17 00:00:00 2001
From: Juraj sarinay <juraj@sarinay.com>
Date: Thu, 6 Mar 2025 02:02:56 +0100
Subject: [PATCH] Properly verify adbe.pkcs7.sha1 signatures.
For signatures with non-empty encapsulated content
(typically adbe.pkcs7.sha1), we only compared hash values and
never actually checked SignatureValue within SignerInfo.
The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f
made trivial signature forgeries possible. Fix this by calling
NSS_CMSSignerInfo_Verify() after the hash values compare equal.
CVE: CVE-2025-43903
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/SignatureHandler.cc | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/poppler/SignatureHandler.cc b/poppler/SignatureHandler.cc
index 9916300..5c478bc 100644
--- a/poppler/SignatureHandler.cc
+++ b/poppler/SignatureHandler.cc
@@ -934,13 +934,20 @@ SignatureValidationStatus SignatureVerificationHandler::validateSignature()
This means it's not a detached type signature
so the digest is contained in SignedData->contentInfo
*/
- if (digest.len == content_info_data->len && memcmp(digest.data, content_info_data->data, digest.len) == 0) {
+ if (digest.len != content_info_data->len || memcmp(digest.data, content_info_data->data, digest.len) != 0) {
return SIGNATURE_VALID;
} else {
return SIGNATURE_DIGEST_MISMATCH;
}
- } else if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess) {
+ auto innerHashContext = HashContext::create(hashContext->getHashAlgorithm());
+ innerHashContext->updateHash(content_info_data->data, content_info_data->len);
+ digest_buffer = innerHashContext->endHash();
+ digest.data = digest_buffer.data();
+ digest.len = digest_buffer.size();
+ }
+
+ if (NSS_CMSSignerInfo_Verify(CMSSignerInfo, &digest, nullptr) != SECSuccess) {
return NSS_SigTranslate(CMSSignerInfo->verificationStatus);
} else {
return SIGNATURE_VALID;
--
2.40.0

34
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/basename-include.patch Normal file
View File

@@ -0,0 +1,34 @@
From 2ac679158062b14729f82f513fc7cafbb6f4f7a6 Mon Sep 17 00:00:00 2001
From: Randy MacLeod <Randy.MacLeod@windriver.com>
Date: Fri, 26 Jul 2019 14:26:54 -0400
Subject: [PATCH 3/3] Minic GNU basename() API for non-glibc library e.g. musl
Upstream-Status: Pending
Rework for poppler 0.90.1
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
goo/gbasename.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/goo/gbasename.cc b/goo/gbasename.cc
index 69236d8..3858415 100644
--- a/goo/gbasename.cc
+++ b/goo/gbasename.cc
@@ -46,6 +46,10 @@
#include <cstdlib>
#include <cstring>
+#if !defined(__GLIBC__)
+#define basename(src) (strrchr(src,'/') ? strrchr(src,'/')+1 : src)
+#endif
+
std::string gbasename(const char *filename)
{
#ifdef _MSC_VER
--
2.21.3

41
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler/jpeg-stdio.patch Normal file
View File

@@ -0,0 +1,41 @@
From 2986f06c7cc9d64a506ebe861b8bf38f73386e86 Mon Sep 17 00:00:00 2001
From: Jordan Abrahams-Whitehead <ajordanr@google.com>
Date: Tue, 16 May 2023 18:52:19 +0000
Subject: [PATCH] Add missing #include <cstdio> prior to jpeglib.h
Fixes #1398
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
goo/JpegWriter.cc | 2 +-
poppler/ImageEmbeddingUtils.cc | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/goo/JpegWriter.cc b/goo/JpegWriter.cc
index ca69fd055..566ee38f8 100644
--- a/goo/JpegWriter.cc
+++ b/goo/JpegWriter.cc
@@ -23,7 +23,7 @@
#ifdef ENABLE_LIBJPEG
# include "poppler/Error.h"
-
+# include <cstdio>
extern "C" {
# include <jpeglib.h>
}
diff --git a/poppler/ImageEmbeddingUtils.cc b/poppler/ImageEmbeddingUtils.cc
index 0c13fe968..07b9dfb62 100644
--- a/poppler/ImageEmbeddingUtils.cc
+++ b/poppler/ImageEmbeddingUtils.cc
@@ -14,6 +14,7 @@
#include <memory>
#ifdef ENABLE_LIBJPEG
+# include <cstdio>
extern "C" {
# include <jpeglib.h>
}
--
GitLab

65
sources/meta-openembedded/meta-oe/recipes-support/poppler/poppler_23.04.0.bb Normal file
View File

@@ -0,0 +1,65 @@
SUMMARY = "Poppler is a PDF rendering library based on the xpdf-3.0 code base"
HOMEPAGE = "https://poppler.freedesktop.org/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
file://0001-Do-not-overwrite-all-our-build-flags.patch \
file://basename-include.patch \
file://0001-cmake-Do-not-use-isystem.patch \
file://jpeg-stdio.patch \
file://CVE-2023-34872.patch \
file://CVE-2024-6239-0001.patch \
file://CVE-2024-6239-0002.patch \
file://CVE-2024-56378.patch \
file://CVE-2025-32364.patch \
file://CVE-2025-32365.patch \
file://CVE-2025-43903-0001.patch \
file://CVE-2025-43903-0002.patch \
"
SRC_URI[sha256sum] = "b6d893dc7dcd4138b9e9df59a13c59695e50e80dc5c2cacee0674670693951a1"
DEPENDS = "fontconfig zlib cairo lcms glib-2.0 glib-2.0-native"
inherit cmake pkgconfig gobject-introspection
PACKAGECONFIG ??= "jpeg openjpeg png tiff nss splash"
PACKAGECONFIG[jpeg] = "-DWITH_JPEG=ON -DENABLE_DCTDECODER=libjpeg,-DWITH_JPEG=OFF -DENABLE_DCTDECODER=none,jpeg"
PACKAGECONFIG[png] = "-DWITH_PNG=ON,-DWITH_PNG=OFF,libpng"
PACKAGECONFIG[tiff] = "-DWITH_TIFF=ON,-DWITH_TIFF=OFF,tiff"
PACKAGECONFIG[curl] = "-DENABLE_LIBCURL=ON,-DENABLE_LIBCURL=OFF,curl"
PACKAGECONFIG[openjpeg] = "-DENABLE_LIBOPENJPEG=openjpeg2,-DENABLE_LIBOPENJPEG=none,openjpeg"
PACKAGECONFIG[qt5] = "-DENABLE_QT5=ON,-DENABLE_QT5=OFF,qtbase qttools-native"
PACKAGECONFIG[nss] = "-DWITH_NSS3=ON,-DWITH_NSS3=OFF,nss"
PACKAGECONFIG[splash] = "-DENABLE_SPLASH=ON -DENABLE_BOOST=ON,-DENABLE_SPLASH=OFF -DENABLE_BOOST=OFF,boost"
# surprise - did not expect this to work :)
inherit ${@bb.utils.contains('PACKAGECONFIG', 'qt5', 'cmake_qt5', '', d)}
SECURITY_CFLAGS = "${SECURITY_NO_PIE_CFLAGS}"
EXTRA_OECMAKE += " \
-DENABLE_CMS=lcms2 \
-DENABLE_UNSTABLE_API_ABI_HEADERS=ON \
-DBUILD_GTK_TESTS=OFF \
-DENABLE_ZLIB=ON \
-DRUN_GPERF_IF_PRESENT=OFF \
-DCMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES:PATH='${STAGING_INCDIR}' \
${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_GOBJECT_INTROSPECTION=ON', '-DENABLE_GOBJECT_INTROSPECTION=OFF', d)} \
"
EXTRA_OECMAKE:append:class-native = " -DENABLE_CPP=OFF"
do_configure:append() {
# poppler macro uses pkg-config to check for g-ir runtimes. Something
# makes them point to /usr/bin. Align them to sysroot - that's where the
# gir-wrappers are:
sed -i 's: ${bindir}/g-ir: ${STAGING_BINDIR}/g-ir:' ${B}/build.ninja
}
PACKAGES =+ "libpoppler libpoppler-glib"
FILES:libpoppler = "${libdir}/libpoppler.so.*"
FILES:libpoppler-glib = "${libdir}/libpoppler-glib.so.*"
RDEPENDS:libpoppler = "poppler-data"
BBCLASSEXTEND = "native"