aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/busybox-CVE-2021-28831.patch57
-rw-r--r--gnu/packages/patches/clang-12-tools-extra-directory.patch16
-rw-r--r--gnu/packages/patches/emacs-geiser-autoload-activate-implementation.patch26
-rw-r--r--gnu/packages/patches/emacs-geiser-guile-auto-activate.patch34
-rw-r--r--gnu/packages/patches/gimp-make-gegl-introspect-optional.patch43
-rw-r--r--gnu/packages/patches/gst-libav-64channels-stack-corruption.patch31
-rw-r--r--gnu/packages/patches/gst-plugins-bad-fix-overflow.patch263
-rw-r--r--gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch40
-rw-r--r--gnu/packages/patches/gst-plugins-good-CVE-2021-3497.patch174
-rw-r--r--gnu/packages/patches/gst-plugins-good-CVE-2021-3498.patch22
-rw-r--r--gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch119
-rw-r--r--gnu/packages/patches/kmscon-runtime-keymap-switch.patch49
-rw-r--r--gnu/packages/patches/linux-libre-arm64-generic-pinebook-lcd.patch40
-rw-r--r--gnu/packages/patches/perl-image-exiftool-CVE-2021-22204.patch38
-rw-r--r--gnu/packages/patches/racket-store-checksum-override.patch42
-rw-r--r--gnu/packages/patches/tla2tools-build-xml.patch109
-rw-r--r--gnu/packages/patches/u-boot-rockchip-inno-usb.patch238
-rw-r--r--gnu/packages/patches/ungoogled-chromium-system-nspr.patch120
-rw-r--r--gnu/packages/patches/ungoogled-chromium-system-opus.patch27
19 files changed, 1187 insertions, 301 deletions
diff --git a/gnu/packages/patches/busybox-CVE-2021-28831.patch b/gnu/packages/patches/busybox-CVE-2021-28831.patch
deleted file mode 100644
index da3107fbb1..0000000000
--- a/gnu/packages/patches/busybox-CVE-2021-28831.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001
-From: Samuel Sapalski <samuel.sapalski@nokia.com>
-Date: Wed, 3 Mar 2021 16:31:22 +0100
-Subject: decompress_gunzip: Fix DoS if gzip is corrupt
-
-On certain corrupt gzip files, huft_build will set the error bit on
-the result pointer. If afterwards abort_unzip is called huft_free
-might run into a segmentation fault or an invalid pointer to
-free(p).
-
-In order to mitigate this, we check in huft_free if the error bit
-is set and clear it before the linked list is freed.
-
-Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
-Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/decompress_gunzip.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
-index eb3b64930..e93cd5005 100644
---- a/archival/libarchive/decompress_gunzip.c
-+++ b/archival/libarchive/decompress_gunzip.c
-@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
- * each table.
- * t: table to free
- */
-+#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
-+#define ERR_RET ((huft_t*)(uintptr_t)1)
- static void huft_free(huft_t *p)
- {
- huft_t *q;
-
-+ /*
-+ * If 'p' has the error bit set we have to clear it, otherwise we might run
-+ * into a segmentation fault or an invalid pointer to free(p)
-+ */
-+ if (BAD_HUFT(p)) {
-+ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
-+ }
-+
- /* Go through linked list, freeing from the malloced (t[-1]) address. */
- while (p) {
- q = (--p)->v.t;
-@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
- * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
- * is given: "fixed inflate" decoder feeds us such data.
- */
--#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
--#define ERR_RET ((huft_t*)(uintptr_t)1)
- static huft_t* huft_build(const unsigned *b, const unsigned n,
- const unsigned s, const struct cp_ext *cp_ext,
- unsigned *m)
---
-cgit v1.2.1
-
diff --git a/gnu/packages/patches/clang-12-tools-extra-directory.patch b/gnu/packages/patches/clang-12-tools-extra-directory.patch
new file mode 100644
index 0000000000..0a236da26e
--- /dev/null
+++ b/gnu/packages/patches/clang-12-tools-extra-directory.patch
@@ -0,0 +1,16 @@
+Help CMake locate the "tools-extra" directory.
+
+Taken from <https://bugs.llvm.org/show_bug.cgi?id=49990#c3>.
+
+diff --git a/clang-tools-extra/clangd/quality/CompletionModel.cmake b/clang-tools-extra/clangd/quality/CompletionModel.cmake
+--- a/clangd/quality/CompletionModel.cmake
++++ b/clangd/quality/CompletionModel.cmake
+@@ -5,7 +5,7 @@
+ # will define a C++ class called ${cpp_class} - which may be a
+ # namespace-qualified class name.
+ function(gen_decision_forest model filename cpp_class)
+- set(model_compiler ${CMAKE_SOURCE_DIR}/../clang-tools-extra/clangd/quality/CompletionModelCodegen.py)
++ set(model_compiler ${CMAKE_CURRENT_LIST_DIR}/quality/CompletionModelCodegen.py)
+
+ set(output_dir ${CMAKE_CURRENT_BINARY_DIR})
+ set(header_file ${output_dir}/${filename}.h)
diff --git a/gnu/packages/patches/emacs-geiser-autoload-activate-implementation.patch b/gnu/packages/patches/emacs-geiser-autoload-activate-implementation.patch
new file mode 100644
index 0000000000..47d513b3a3
--- /dev/null
+++ b/gnu/packages/patches/emacs-geiser-autoload-activate-implementation.patch
@@ -0,0 +1,26 @@
+From 9fd3174cead8bfa17a8413bffa38362853d71a02 Mon Sep 17 00:00:00 2001
+From: jao <jao@gnu.org>
+Date: Mon, 5 Apr 2021 23:06:56 +0100
+Subject: [PATCH] autoload geiser activate implementation
+
+---
+ elisp/geiser.el | 3 +++
+ readme.org | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/elisp/geiser.el b/elisp/geiser.el
+index 887b8da..96c1dd6 100644
+--- a/elisp/geiser.el
++++ b/elisp/geiser.el
+@@ -104,6 +104,9 @@
+ ;;;###autoload
+ (autoload 'geiser-mode--maybe-activate "geiser-mode")
+
++;;;###autoload
++(autoload 'geiser-activate-implementation "geiser-impl")
++
+ ;;;###autoload
+ (mapc (lambda (group)
+ (custom-add-load group (symbol-name group))
+--
+GitLab
diff --git a/gnu/packages/patches/emacs-geiser-guile-auto-activate.patch b/gnu/packages/patches/emacs-geiser-guile-auto-activate.patch
new file mode 100644
index 0000000000..44837f90df
--- /dev/null
+++ b/gnu/packages/patches/emacs-geiser-guile-auto-activate.patch
@@ -0,0 +1,34 @@
+From 93ef7101fdfcc7eac6f465b4b9788c384a323c14 Mon Sep 17 00:00:00 2001
+From: jao <jao@gnu.org>
+Date: Mon, 5 Apr 2021 20:17:50 +0100
+Subject: [PATCH] fix: auto-activate guile implementation
+
+---
+ geiser-guile.el | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/geiser-guile.el b/geiser-guile.el
+index 340442b..deeb76f 100644
+--- a/geiser-guile.el
++++ b/geiser-guile.el
+@@ -25,6 +25,7 @@
+ (require 'geiser-syntax)
+ (require 'geiser-custom)
+ (require 'geiser-repl)
++(require 'geiser-impl)
+ (require 'geiser-base)
+ (require 'geiser-eval)
+ (require 'geiser-edit)
+@@ -474,6 +475,9 @@ it spawn a server thread."
+
+ (geiser-impl--add-to-alist 'regexp "\\.scm$" 'guile t)
+
++;;;###autoload
++(geiser-activate-implementation 'guile)
++
+ ;;;###autoload
+ (autoload 'run-guile "geiser-guile" "Start a Geiser Guile REPL." t)
+
+--
+GitLab
+
diff --git a/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch b/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch
deleted file mode 100644
index 4dd1ab74a8..0000000000
--- a/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 2cae9b9acf9da98c4c9990819ffbd5aabe23017e Mon Sep 17 00:00:00 2001
-From: Jehan <jehan@girinstud.io>
-Date: Mon, 14 Dec 2020 19:53:38 +0100
-Subject: [PATCH] app: make "gegl:introspect" an optional operation dependency.
-
-Check at runtime for the operation availability and set the "Show Image
-Graph" action active depending on this check.
-
-This goes with discussions to make this operation optional with a
-runtime check for the tool `dot`.
-See: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/84
----
- app/actions/debug-actions.c | 6 ++++++
- app/sanity.c | 1 -
- 2 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/app/actions/debug-actions.c b/app/actions/debug-actions.c
-index 6be4422b228..22ca38b15ea 100644
---- a/app/actions/debug-actions.c
-+++ b/app/actions/debug-actions.c
-@@ -103,4 +103,10 @@ void
- debug_actions_update (GimpActionGroup *group,
- gpointer data)
- {
-+#define SET_SENSITIVE(action,condition) \
-+ gimp_action_group_set_action_sensitive (group, action, (condition) != 0)
-+
-+ SET_SENSITIVE ("debug-show-image-graph", gegl_has_operation ("gegl:introspect"));
-+
-+#undef SET_SENSITIVE
- }
-diff --git a/app/sanity.c b/app/sanity.c
-index 015801a396e..6374ac1ad20 100644
---- a/app/sanity.c
-+++ b/app/sanity.c
-@@ -650,7 +650,6 @@ sanity_check_gegl_ops (void)
- "gegl:hue-chroma",
- "gegl:illusion",
- "gegl:image-gradient",
-- "gegl:introspect",
- "gegl:invert-gamma",
- "gegl:invert-linear",
- "gegl:lens-blur",
diff --git a/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch b/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch
new file mode 100644
index 0000000000..cc174e618d
--- /dev/null
+++ b/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch
@@ -0,0 +1,31 @@
+Fix a stack corruption when handling files with more than 64 audio
+channels:
+
+https://gstreamer.freedesktop.org/security/sa-2021-0005.html
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1
+
+diff --git a/ext/libav/gstavcodecmap.c b/ext/libav/gstavcodecmap.c
+index b5be4bb7a5f2712f78383da9319754a8849e3307..be22f22cf5c7c7b22b13e44b10999adaacbcca2b 100644
+--- a/ext/libav/gstavcodecmap.c
++++ b/ext/libav/gstavcodecmap.c
+@@ -102,7 +102,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
+ guint nchannels = 0;
+ gboolean none_layout = FALSE;
+
+- if (channel_layout == 0) {
++ if (channel_layout == 0 || channels > 64) {
+ nchannels = channels;
+ none_layout = TRUE;
+ } else {
+@@ -163,7 +163,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
+ } else {
+ guint i;
+
+- for (i = 0; i < nchannels; i++)
++ for (i = 0; i < nchannels && i < 64; i++)
+ pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+ }
+ }
diff --git a/gnu/packages/patches/gst-plugins-bad-fix-overflow.patch b/gnu/packages/patches/gst-plugins-bad-fix-overflow.patch
new file mode 100644
index 0000000000..95ab13db51
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-bad-fix-overflow.patch
@@ -0,0 +1,263 @@
+Fix an overflow when calculating something for AVC/HEVC videos:
+
+https://security-tracker.debian.org/tracker/TEMP-0000000-C6AAE1
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d
+From 0cfbf7ad91c7f121192c8ce135769f8eb276c41d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Tue, 23 Mar 2021 19:19:14 +0200
+Subject: [PATCH] h2645parser: Catch overflows in AVC/HEVC NAL unit length
+ calculations
+
+Offset and size are stored as 32 bit guint and might overflow when
+adding the nal_length_size, so let's avoid that.
+
+For the size this would happen if the AVC/HEVC NAL unit size happens to
+be stored in 4 bytes and is 4294967292 or higher, which is likely
+corrupted data anyway.
+
+For the offset this is something for the caller of these functions to
+take care of but is unlikely to happen as it would require parsing on a
+>4GB buffer.
+
+Allowing these overflows causes all kinds of follow-up bugs in the
+h2645parse elements, ranging from infinite loops and memory leaks to
+potential memory corruptions.
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2107>
+---
+ gst-libs/gst/codecparsers/gsth264parser.c | 16 +++++-
+ gst-libs/gst/codecparsers/gsth265parser.c | 16 +++++-
+ tests/check/libs/h264parser.c | 60 +++++++++++++++++++++++
+ tests/check/libs/h265parser.c | 60 +++++++++++++++++++++++
+ 4 files changed, 150 insertions(+), 2 deletions(-)
+
+diff --git a/gst-libs/gst/codecparsers/gsth264parser.c b/gst-libs/gst/codecparsers/gsth264parser.c
+index 012f1d0d7..68aa25068 100644
+--- a/gst-libs/gst/codecparsers/gsth264parser.c
++++ b/gst-libs/gst/codecparsers/gsth264parser.c
+@@ -1556,6 +1556,14 @@ gst_h264_parser_identify_nalu_avc (GstH264NalParser * nalparser,
+
+ memset (nalu, 0, sizeof (*nalu));
+
++ /* Would overflow guint below otherwise: the callers needs to ensure that
++ * this never happens */
++ if (offset > G_MAXUINT32 - nal_length_size) {
++ GST_WARNING ("offset + nal_length_size overflow");
++ nalu->size = 0;
++ return GST_H264_PARSER_BROKEN_DATA;
++ }
++
+ if (size < offset + nal_length_size) {
+ GST_DEBUG ("Can't parse, buffer has too small size %" G_GSIZE_FORMAT
+ ", offset %u", size, offset);
+@@ -1570,7 +1578,13 @@ gst_h264_parser_identify_nalu_avc (GstH264NalParser * nalparser,
+ nalu->sc_offset = offset;
+ nalu->offset = offset + nal_length_size;
+
+- if (size < nalu->size + nal_length_size) {
++ if (nalu->size > G_MAXUINT32 - nal_length_size) {
++ GST_WARNING ("NALU size + nal_length_size overflow");
++ nalu->size = 0;
++ return GST_H264_PARSER_BROKEN_DATA;
++ }
++
++ if (size < (gsize) nalu->size + nal_length_size) {
+ nalu->size = 0;
+
+ return GST_H264_PARSER_NO_NAL_END;
+diff --git a/gst-libs/gst/codecparsers/gsth265parser.c b/gst-libs/gst/codecparsers/gsth265parser.c
+index 26e68b276..dc7f27aa9 100644
+--- a/gst-libs/gst/codecparsers/gsth265parser.c
++++ b/gst-libs/gst/codecparsers/gsth265parser.c
+@@ -1531,6 +1531,14 @@ gst_h265_parser_identify_nalu_hevc (GstH265Parser * parser,
+
+ memset (nalu, 0, sizeof (*nalu));
+
++ /* Would overflow guint below otherwise: the callers needs to ensure that
++ * this never happens */
++ if (offset > G_MAXUINT32 - nal_length_size) {
++ GST_WARNING ("offset + nal_length_size overflow");
++ nalu->size = 0;
++ return GST_H265_PARSER_BROKEN_DATA;
++ }
++
+ if (size < offset + nal_length_size) {
+ GST_DEBUG ("Can't parse, buffer has too small size %" G_GSIZE_FORMAT
+ ", offset %u", size, offset);
+@@ -1545,7 +1553,13 @@ gst_h265_parser_identify_nalu_hevc (GstH265Parser * parser,
+ nalu->sc_offset = offset;
+ nalu->offset = offset + nal_length_size;
+
+- if (size < nalu->size + nal_length_size) {
++ if (nalu->size > G_MAXUINT32 - nal_length_size) {
++ GST_WARNING ("NALU size + nal_length_size overflow");
++ nalu->size = 0;
++ return GST_H265_PARSER_BROKEN_DATA;
++ }
++
++ if (size < (gsize) nalu->size + nal_length_size) {
+ nalu->size = 0;
+
+ return GST_H265_PARSER_NO_NAL_END;
+diff --git a/tests/check/libs/h264parser.c b/tests/check/libs/h264parser.c
+index c7c46d9a2..d322dd8db 100644
+--- a/tests/check/libs/h264parser.c
++++ b/tests/check/libs/h264parser.c
+@@ -229,6 +229,65 @@ GST_START_TEST (test_h264_parse_slice_5bytes)
+
+ GST_END_TEST;
+
++GST_START_TEST (test_h264_parse_identify_nalu_avc)
++{
++ GstH264ParserResult res;
++ GstH264NalUnit nalu;
++ GstH264NalParser *const parser = gst_h264_nal_parser_new ();
++ /* Skip 3 bytes for the start code */
++ const gsize nal_size = sizeof (slice_dpa) - 3;
++ const gsize buf_size = 4 + nal_size;
++ guint8 *buf = g_new (guint8, buf_size);
++
++ memcpy (buf + 4, slice_dpa + 3, nal_size);
++
++ GST_WRITE_UINT16_BE (buf + 2, nal_size);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 2, buf_size, 2, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_OK);
++ assert_equals_int (nalu.type, GST_H264_NAL_SLICE_DPA);
++ assert_equals_int (nalu.offset, 4);
++ assert_equals_int (nalu.size, nal_size);
++
++ GST_WRITE_UINT32_BE (buf, nal_size);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_OK);
++ assert_equals_int (nalu.type, GST_H264_NAL_SLICE_DPA);
++ assert_equals_int (nalu.offset, 4);
++ assert_equals_int (nalu.size, nal_size);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 2);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 3);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 4);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_NO_NAL_END);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 6);
++ res = gst_h264_parser_identify_nalu_avc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H264_PARSER_NO_NAL_END);
++
++ g_free (buf);
++ gst_h264_nal_parser_free (parser);
++}
++
++GST_END_TEST;
++
+ static guint8 nalu_sps_with_vui[] = {
+ 0x00, 0x00, 0x00, 0x01, 0x67, 0x64, 0x00, 0x28,
+ 0xac, 0xd9, 0x40, 0x78, 0x04, 0x4f, 0xde, 0x03,
+@@ -666,6 +725,7 @@ h264parser_suite (void)
+ tcase_add_test (tc_chain, test_h264_parse_slice_dpa);
+ tcase_add_test (tc_chain, test_h264_parse_slice_eoseq_slice);
+ tcase_add_test (tc_chain, test_h264_parse_slice_5bytes);
++ tcase_add_test (tc_chain, test_h264_parse_identify_nalu_avc);
+ tcase_add_test (tc_chain, test_h264_parse_invalid_sei);
+ tcase_add_test (tc_chain, test_h264_create_sei);
+
+diff --git a/tests/check/libs/h265parser.c b/tests/check/libs/h265parser.c
+index 0a0e4db97..5b6a215ec 100644
+--- a/tests/check/libs/h265parser.c
++++ b/tests/check/libs/h265parser.c
+@@ -255,6 +255,65 @@ GST_START_TEST (test_h265_parse_slice_6bytes)
+
+ GST_END_TEST;
+
++GST_START_TEST (test_h265_parse_identify_nalu_hevc)
++{
++ GstH265ParserResult res;
++ GstH265NalUnit nalu;
++ GstH265Parser *parser = gst_h265_parser_new ();
++ /* Skip 4 bytes for the start code */
++ const gsize nal_size = sizeof (slice_eos_slice_eob) - 4;
++ const gsize buf_size = 4 + nal_size;
++ guint8 *buf = g_new (guint8, buf_size);
++
++ memcpy (buf + 4, slice_eos_slice_eob + 4, nal_size);
++
++ GST_WRITE_UINT16_BE (buf + 2, nal_size);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 2, buf_size, 2, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_OK);
++ assert_equals_int (nalu.type, GST_H265_NAL_SLICE_IDR_W_RADL);
++ assert_equals_int (nalu.offset, 4);
++ assert_equals_int (nalu.size, nal_size);
++
++ GST_WRITE_UINT32_BE (buf, nal_size);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_OK);
++ assert_equals_int (nalu.type, GST_H265_NAL_SLICE_IDR_W_RADL);
++ assert_equals_int (nalu.offset, 4);
++ assert_equals_int (nalu.size, nal_size);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 2);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 3);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_BROKEN_DATA);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 4);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_NO_NAL_END);
++
++ GST_WRITE_UINT32_BE (buf, G_MAXUINT32 - 6);
++ res = gst_h265_parser_identify_nalu_hevc (parser, buf, 0, buf_size, 4, &nalu);
++
++ assert_equals_int (res, GST_H265_PARSER_NO_NAL_END);
++
++ g_free (buf);
++ gst_h265_parser_free (parser);
++}
++
++GST_END_TEST;
++
+ GST_START_TEST (test_h265_base_profiles)
+ {
+ GstH265ProfileTierLevel ptl;
+@@ -1101,6 +1160,7 @@ h265parser_suite (void)
+ tcase_add_test (tc_chain, test_h265_parse_slice_eos_slice_eob);
+ tcase_add_test (tc_chain, test_h265_parse_pic_timing);
+ tcase_add_test (tc_chain, test_h265_parse_slice_6bytes);
++ tcase_add_test (tc_chain, test_h265_parse_identify_nalu_hevc);
+ tcase_add_test (tc_chain, test_h265_base_profiles);
+ tcase_add_test (tc_chain, test_h265_base_profiles_compat);
+ tcase_add_test (tc_chain, test_h265_format_range_profiles_exact_match);
+--
+2.31.1
+
diff --git a/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch b/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch
new file mode 100644
index 0000000000..b2dfef0118
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-base-fix-id3v2-invalid-read.patch
@@ -0,0 +1,40 @@
+Fix an "invalid read during ID3v2 tag parsing".
+
+https://security-tracker.debian.org/tracker/TEMP-0000000-57E7C1
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee
+
+From f4a1428a6997658625d529b9db60fde812fbf1ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= <tim@centricular.com>
+Date: Wed, 3 Mar 2021 01:08:25 +0000
+Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads
+
+Check the right variable when checking if there's
+enough data left to read the frame size.
+
+Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/1065>
+---
+ gst-libs/gst/tag/id3v2frames.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c
+index 8e9f78254..f39659bf7 100644
+--- a/gst-libs/gst/tag/id3v2frames.c
++++ b/gst-libs/gst/tag/id3v2frames.c
+@@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work)
+
+ if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION |
+ ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) {
+- if (work->hdr.frame_data_size <= 4)
++ if (frame_data_size <= 4)
+ return FALSE;
+ if (ID3V2_VER_MAJOR (work->hdr.version) == 3) {
+ work->parse_size = GST_READ_UINT32_BE (frame_data);
+--
+2.31.1
+
diff --git a/gnu/packages/patches/gst-plugins-good-CVE-2021-3497.patch b/gnu/packages/patches/gst-plugins-good-CVE-2021-3497.patch
new file mode 100644
index 0000000000..c8c3ee6cf1
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-good-CVE-2021-3497.patch
@@ -0,0 +1,174 @@
+Fix CVE-2021-3497:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3497
+https://gstreamer.freedesktop.org/security/sa-2021-0002.html
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_iid=903
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 467815986c8c3d86fd8906a0d539b34f67d6693e..0e47ee7b5e25ac3331f30439710ae755235f2a22 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -3851,6 +3851,12 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ guint32 block_samples, tmp;
+ gsize size = gst_buffer_get_size (*buf);
+
++ if (size < 4) {
++ GST_ERROR_OBJECT (element, "Too small wavpack buffer");
++ gst_buffer_unmap (*buf, &map);
++ return GST_FLOW_ERROR;
++ }
++
+ gst_buffer_extract (*buf, 0, &tmp, sizeof (guint32));
+ block_samples = GUINT32_FROM_LE (tmp);
+ /* we need to reconstruct the header of the wavpack block */
+@@ -3858,10 +3864,10 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ /* -20 because ck_size is the size of the wavpack block -8
+ * and lace_size is the size of the wavpack block + 12
+ * (the three guint32 of the header that already are in the buffer) */
+- wvh.ck_size = size + sizeof (Wavpack4Header) - 20;
++ wvh.ck_size = size + WAVPACK4_HEADER_SIZE - 20;
+
+ /* block_samples, flags and crc are already in the buffer */
+- newbuf = gst_buffer_new_allocate (NULL, sizeof (Wavpack4Header) - 12, NULL);
++ newbuf = gst_buffer_new_allocate (NULL, WAVPACK4_HEADER_SIZE - 12, NULL);
+
+ gst_buffer_map (newbuf, &outmap, GST_MAP_WRITE);
+ data = outmap.data;
+@@ -3886,9 +3892,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ audiocontext->wvpk_block_index += block_samples;
+ } else {
+ guint8 *outdata = NULL;
+- guint outpos = 0;
+- gsize buf_size, size, out_size = 0;
++ gsize buf_size, size;
+ guint32 block_samples, flags, crc, blocksize;
++ GstAdapter *adapter;
++
++ adapter = gst_adapter_new ();
+
+ gst_buffer_map (*buf, &map, GST_MAP_READ);
+ buf_data = map.data;
+@@ -3897,6 +3905,7 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ if (buf_size < 4) {
+ GST_ERROR_OBJECT (element, "Too small wavpack buffer");
+ gst_buffer_unmap (*buf, &map);
++ g_object_unref (adapter);
+ return GST_FLOW_ERROR;
+ }
+
+@@ -3918,59 +3927,57 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
+ data += 4;
+ size -= 4;
+
+- if (blocksize == 0 || size < blocksize)
+- break;
+-
+- g_assert ((newbuf == NULL) == (outdata == NULL));
++ if (blocksize == 0 || size < blocksize) {
++ GST_ERROR_OBJECT (element, "Too small wavpack buffer");
++ gst_buffer_unmap (*buf, &map);
++ g_object_unref (adapter);
++ return GST_FLOW_ERROR;
++ }
+
+- if (newbuf == NULL) {
+- out_size = sizeof (Wavpack4Header) + blocksize;
+- newbuf = gst_buffer_new_allocate (NULL, out_size, NULL);
++ g_assert (newbuf == NULL);
+
+- gst_buffer_copy_into (newbuf, *buf,
+- GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
++ newbuf =
++ gst_buffer_new_allocate (NULL, WAVPACK4_HEADER_SIZE + blocksize,
++ NULL);
++ gst_buffer_map (newbuf, &outmap, GST_MAP_WRITE);
++ outdata = outmap.data;
++
++ outdata[0] = 'w';
++ outdata[1] = 'v';
++ outdata[2] = 'p';
++ outdata[3] = 'k';
++ outdata += 4;
++
++ GST_WRITE_UINT32_LE (outdata, blocksize + WAVPACK4_HEADER_SIZE - 8);
++ GST_WRITE_UINT16_LE (outdata + 4, wvh.version);
++ GST_WRITE_UINT8 (outdata + 6, wvh.track_no);
++ GST_WRITE_UINT8 (outdata + 7, wvh.index_no);
++ GST_WRITE_UINT32_LE (outdata + 8, wvh.total_samples);
++ GST_WRITE_UINT32_LE (outdata + 12, wvh.block_index);
++ GST_WRITE_UINT32_LE (outdata + 16, block_samples);
++ GST_WRITE_UINT32_LE (outdata + 20, flags);
++ GST_WRITE_UINT32_LE (outdata + 24, crc);
++ outdata += 28;
++
++ memcpy (outdata, data, blocksize);
+
+- outpos = 0;
+- gst_buffer_map (newbuf, &outmap, GST_MAP_WRITE);
+- outdata = outmap.data;
+- } else {
+- gst_buffer_unmap (newbuf, &outmap);
+- out_size += sizeof (Wavpack4Header) + blocksize;
+- gst_buffer_set_size (newbuf, out_size);
+- gst_buffer_map (newbuf, &outmap, GST_MAP_WRITE);
+- outdata = outmap.data;
+- }
++ gst_buffer_unmap (newbuf, &outmap);
++ gst_adapter_push (adapter, newbuf);
++ newbuf = NULL;
+
+- outdata[outpos] = 'w';
+- outdata[outpos + 1] = 'v';
+- outdata[outpos + 2] = 'p';
+- outdata[outpos + 3] = 'k';
+- outpos += 4;
+-
+- GST_WRITE_UINT32_LE (outdata + outpos,
+- blocksize + sizeof (Wavpack4Header) - 8);
+- GST_WRITE_UINT16_LE (outdata + outpos + 4, wvh.version);
+- GST_WRITE_UINT8 (outdata + outpos + 6, wvh.track_no);
+- GST_WRITE_UINT8 (outdata + outpos + 7, wvh.index_no);
+- GST_WRITE_UINT32_LE (outdata + outpos + 8, wvh.total_samples);
+- GST_WRITE_UINT32_LE (outdata + outpos + 12, wvh.block_index);
+- GST_WRITE_UINT32_LE (outdata + outpos + 16, block_samples);
+- GST_WRITE_UINT32_LE (outdata + outpos + 20, flags);
+- GST_WRITE_UINT32_LE (outdata + outpos + 24, crc);
+- outpos += 28;
+-
+- memmove (outdata + outpos, data, blocksize);
+- outpos += blocksize;
+ data += blocksize;
+ size -= blocksize;
+ }
+ gst_buffer_unmap (*buf, &map);
+- gst_buffer_unref (*buf);
+
+- if (newbuf)
+- gst_buffer_unmap (newbuf, &outmap);
++ newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));
++ g_object_unref (adapter);
+
++ gst_buffer_copy_into (newbuf, *buf,
++ GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
++ gst_buffer_unref (*buf);
+ *buf = newbuf;
++
+ audiocontext->wvpk_block_index += block_samples;
+ }
+
+diff --git a/gst/matroska/matroska-ids.h b/gst/matroska/matroska-ids.h
+index 429213f778063ba0063944ab64ad60373bbce5ee..8d4a685a910ec13100a3c3d156b2412d28ec0522 100644
+--- a/gst/matroska/matroska-ids.h
++++ b/gst/matroska/matroska-ids.h
+@@ -688,6 +688,8 @@ typedef struct _Wavpack4Header {
+ guint32 crc; /* crc for actual decoded data */
+ } Wavpack4Header;
+
++#define WAVPACK4_HEADER_SIZE (32)
++
+ typedef enum {
+ GST_MATROSKA_TRACK_ENCODING_SCOPE_FRAME = (1<<0),
+ GST_MATROSKA_TRACK_ENCODING_SCOPE_CODEC_DATA = (1<<1),
diff --git a/gnu/packages/patches/gst-plugins-good-CVE-2021-3498.patch b/gnu/packages/patches/gst-plugins-good-CVE-2021-3498.patch
new file mode 100644
index 0000000000..50eb42f126
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-good-CVE-2021-3498.patch
@@ -0,0 +1,22 @@
+Fix CVE-2021-3498:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3498
+https://gstreamer.freedesktop.org/security/sa-2021-0003.html
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903
+
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 4d0234743b8cf243b4521e56ef9027ba23b1b5d0..467815986c8c3d86fd8906a0d539b34f67d6693e 100644
+--- a/gst/matroska/matroska-demux.c
++++ b/gst/matroska/matroska-demux.c
+@@ -692,6 +692,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
+
+ DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
+
++ *dest_context = NULL;
++
+ /* start with the master */
+ if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
+ DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);
diff --git a/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch b/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch
new file mode 100644
index 0000000000..3c6a96f45d
--- /dev/null
+++ b/gnu/packages/patches/gst-plugins-ugly-fix-out-of-bound-reads.patch
@@ -0,0 +1,119 @@
+Fix out of bounds reads when parsing audio and video packets:
+
+https://security-tracker.debian.org/tracker/TEMP-0000000-4DAA44
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f
+From 3aba7d1e625554b2407bc77b3d09b4928b937d5f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 3 Mar 2021 11:05:14 +0200
+Subject: [PATCH] rmdemux: Make sure we have enough data available when parsing
+ audio/video packets
+
+Otherwise there will be out-of-bounds reads and potential crashes.
+
+Thanks to Natalie Silvanovich for reporting.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/merge_requests/74>
+---
+ gst/realmedia/rmdemux.c | 35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
+index 6cc659a1..68b0736b 100644
+--- a/gst/realmedia/rmdemux.c
++++ b/gst/realmedia/rmdemux.c
+@@ -2223,6 +2223,9 @@ gst_rmdemux_parse_video_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream,
+
+ gst_buffer_map (in, &map, GST_MAP_READ);
+
++ if (map.size < offset)
++ goto not_enough_data;
++
+ data = map.data + offset;
+ size = map.size - offset;
+
+@@ -2289,6 +2292,9 @@ gst_rmdemux_parse_video_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream,
+ }
+ GST_DEBUG_OBJECT (rmdemux, "fragment size %d", fragment_size);
+
++ if (map.size < (data - map.data) + fragment_size)
++ goto not_enough_data;
++
+ /* get the fragment */
+ fragment =
+ gst_buffer_copy_region (in, GST_BUFFER_COPY_ALL, data - map.data,
+@@ -2437,6 +2443,9 @@ gst_rmdemux_parse_audio_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream,
+ GstFlowReturn ret;
+ GstBuffer *buffer;
+
++ if (gst_buffer_get_size (in) < offset)
++ goto not_enough_data;
++
+ buffer = gst_buffer_copy_region (in, GST_BUFFER_COPY_MEMORY, offset, -1);
+
+ if (rmdemux->first_ts != -1 && timestamp > rmdemux->first_ts)
+@@ -2467,9 +2476,19 @@ gst_rmdemux_parse_audio_packet (GstRMDemux * rmdemux, GstRMDemuxStream * stream,
+ ret = gst_pad_push (stream->pad, buffer);
+ }
+
++done:
+ gst_buffer_unref (in);
+
+ return ret;
++
++ /* ERRORS */
++not_enough_data:
++ {
++ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."),
++ (NULL));
++ ret = GST_FLOW_OK;
++ goto done;
++ }
+ }
+
+ static GstFlowReturn
+@@ -2490,6 +2509,9 @@ gst_rmdemux_parse_packet (GstRMDemux * rmdemux, GstBuffer * in, guint16 version)
+ data = map.data;
+ size = map.size;
+
++ if (size < 4 + 6 + 1 + 2)
++ goto not_enough_data;
++
+ /* stream number */
+ id = RMDEMUX_GUINT16_GET (data);
+
+@@ -2525,6 +2547,9 @@ gst_rmdemux_parse_packet (GstRMDemux * rmdemux, GstBuffer * in, guint16 version)
+
+ /* version 1 has an extra byte */
+ if (version == 1) {
++ if (size < 1)
++ goto not_enough_data;
++
+ data += 1;
+ size -= 1;
+ }
+@@ -2596,6 +2621,16 @@ unknown_stream:
+ gst_buffer_unref (in);
+ return GST_FLOW_OK;
+ }
++
++ /* ERRORS */
++not_enough_data:
++ {
++ GST_ELEMENT_WARNING (rmdemux, STREAM, DECODE, ("Skipping bad packet."),
++ (NULL));
++ gst_buffer_unmap (in, &map);
++ gst_buffer_unref (in);
++ return GST_FLOW_OK;
++ }
+ }
+
+ gboolean
+--
+2.31.1
+
diff --git a/gnu/packages/patches/kmscon-runtime-keymap-switch.patch b/gnu/packages/patches/kmscon-runtime-keymap-switch.patch
index deb5688daf..6692e761bc 100644
--- a/gnu/packages/patches/kmscon-runtime-keymap-switch.patch
+++ b/gnu/packages/patches/kmscon-runtime-keymap-switch.patch
@@ -1,5 +1,9 @@
-By Mathieu Othacehe <m.othacehe@gmail.com>.
-Modified by Florian Pelz <pelzflorian@pelzflorian.de>.
+Make kmscon listen to a FIFO in /tmp that clients can write to
+to request a keymap change.
+
+Patch by Mathieu Othacehe <m.othacehe@gmail.com>.
+Modified by Florian Pelz <pelzflorian@pelzflorian.de>
+and Ludovic Courtès <ludo@gnu.org>.
diff --git a/src/pty.c b/src/pty.c
index 1443f4a..f64cb5b 100644
@@ -75,11 +79,13 @@ diff --git a/src/uterm_input.c b/src/uterm_input.c
index 6fcbc4b..990a09d 100644
--- a/src/uterm_input.c
+++ b/src/uterm_input.c
-@@ -178,6 +178,8 @@ static void input_new_dev(struct uterm_input *input,
+@@ -178,6 +178,10 @@ static void input_new_dev(struct uterm_input *input,
if (ret)
goto err_rcodepoints;
-+ uxkb_dev_keymap_update(dev);
++ /* Add the FIFO fd only to the first input poll loop. */
++ if (shl_dlist_empty(&input->devices))
++ uxkb_dev_keymap_update(dev);
+
if (input->awake > 0) {
ret = input_wake_up_dev(dev);
@@ -115,7 +121,7 @@ index 04e6cc9..ec44459 100644
uint16_t key_state,
uint16_t code);
diff --git a/src/uterm_input_uxkb.c b/src/uterm_input_uxkb.c
-index 925c755..5d5c22e 100644
+index 925c755..8fe08f8 100644
--- a/src/uterm_input_uxkb.c
+++ b/src/uterm_input_uxkb.c
@@ -31,6 +31,9 @@
@@ -128,7 +134,7 @@ index 925c755..5d5c22e 100644
#include <xkbcommon/xkbcommon.h>
#include "shl_hook.h"
#include "shl_llog.h"
-@@ -178,6 +181,87 @@ static void timer_event(struct ev_timer *timer, uint64_t num, void *data)
+@@ -178,6 +181,106 @@ static void timer_event(struct ev_timer *timer, uint64_t num, void *data)
shl_hook_call(dev->input->hook, dev->input, &dev->repeat_event);
}
@@ -167,13 +173,31 @@ index 925c755..5d5c22e 100644
+
+ llog_info(dev->input, "HANDLER CALLED %s|%s|%s\n",
+ model, layout, variant);
-+ uxkb_desc_init(dev->input, model, layout, variant, options, NULL);
+
-+ dev->state = xkb_state_new(dev->input->keymap);
-+ if (!dev->state) {
-+ llog_error(dev->input, "cannot create XKB state");
-+ return;
-+ }
++ struct uterm_input *input = dev->input;
++ struct shl_dlist *iter;
++
++ /* Apply the new layout to all the inputs. */
++ shl_dlist_for_each(iter, &input->devices) {
++ struct uterm_input_dev *dev;
++ dev = shl_dlist_entry(iter,
++ struct uterm_input_dev,
++ list);
++ uxkb_desc_init(dev->input, model, layout, variant, options, NULL);
++ dev->state = xkb_state_new(dev->input->keymap);
++ if (!dev->state) {
++ llog_error(dev->input, "cannot create XKB state");
++ return;
++ }
++ }
++
++ /* The client will now close the FIFO. Close it too, and re-create a
++ * FIFO so other clients can eventually connect. */
++ ev_eloop_rm_fd(fd);
++ close(dev->rupdate_fd);
++ dev->rupdate_fd = -1;
++ uxkb_dev_keymap_update(dev);
++
+}
+
+int uxkb_dev_keymap_update(struct uterm_input_dev *dev)
@@ -186,6 +210,7 @@ index 925c755..5d5c22e 100644
+ if (ret < 0)
+ return ret;
+
++ (void) unlink(file);
+ ret = mkfifo(file, S_IRWXU);
+ if (ret < 0) {
+ llog_warn(dev->input, "could not open fifo");
diff --git a/gnu/packages/patches/linux-libre-arm64-generic-pinebook-lcd.patch b/gnu/packages/patches/linux-libre-arm64-generic-pinebook-lcd.patch
new file mode 100644
index 0000000000..51ab544d5e
--- /dev/null
+++ b/gnu/packages/patches/linux-libre-arm64-generic-pinebook-lcd.patch
@@ -0,0 +1,40 @@
+From 3a75704e99a118f2d8a4d70f07781558bde85770 Mon Sep 17 00:00:00 2001
+From: Jian-Hong Pan <jhp@endlessos.org>
+Date: Thu, 24 Sep 2020 14:30:43 +0800
+Subject: [PATCH] arm64: dts: rockchip: disable USB type-c DisplayPort
+
+The cdn-dp sub driver probes the device failed on PINEBOOK Pro.
+
+kernel: cdn-dp fec00000.dp: [drm:cdn_dp_probe [rockchipdrm]] *ERROR* missing extcon or phy
+kernel: cdn-dp: probe of fec00000.dp failed with error -22
+
+Then, the device halts all of the DRM related device jobs. For example,
+the operations: vop_component_ops, vop_component_ops and
+rockchip_dp_component_ops cannot be bound to corresponding devices. So,
+Xorg cannot find the correct DRM device.
+
+The USB type-C DisplayPort does not work for now. So, disable the
+DisplayPort node until the type-C phy work has been done.
+
+Link: https://patchwork.kernel.org/patch/11794141/#23639877
+Signed-off-by: Jian-Hong Pan <jhp@endlessos.org>
+---
+ arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts b/arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts
+index 219b7507a10f..45769764425d 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts
++++ b/arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts
+@@ -380,7 +380,7 @@
+ };
+
+ &cdn_dp {
+- status = "okay";
++ status = "disabled";
+ };
+
+ &cpu_b0 {
+--
+2.30.2
+
diff --git a/gnu/packages/patches/perl-image-exiftool-CVE-2021-22204.patch b/gnu/packages/patches/perl-image-exiftool-CVE-2021-22204.patch
new file mode 100644
index 0000000000..85ea29cc38
--- /dev/null
+++ b/gnu/packages/patches/perl-image-exiftool-CVE-2021-22204.patch
@@ -0,0 +1,38 @@
+Fix CVE-2021-22204:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204
+
+Patch extracted from commit cf0f4e7dcd024ca99615bfd1102a841a25dde031
+from upstream source repository:
+
+https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
+
+diff --git a/lib/Image/ExifTool/DjVu.pm b/lib/Image/ExifTool/DjVu.pm
+index c284d10..03b3f9f 100644
+--- a/lib/Image/ExifTool/DjVu.pm
++++ b/lib/Image/ExifTool/DjVu.pm
+@@ -18,7 +18,7 @@ use strict;
+ use vars qw($VERSION);
+ use Image::ExifTool qw(:DataAccess :Utils);
+
+-$VERSION = '1.06';
++$VERSION = '1.07';
+
+ sub ParseAnt($);
+ sub ProcessAnt($$$);
+@@ -227,10 +227,11 @@ Tok: for (;;) {
+ last unless $tok =~ /(\\+)$/ and length($1) & 0x01;
+ $tok .= '"'; # quote is part of the string
+ }
+- # must protect unescaped "$" and "@" symbols, and "\" at end of string
+- $tok =~ s{\\(.)|([\$\@]|\\$)}{'\\'.($2 || $1)}sge;
+- # convert C escape sequences (allowed in quoted text)
+- $tok = eval qq{"$tok"};
++ # convert C escape sequences, allowed in quoted text
++ # (note: this only converts a few of them!)
++ my %esc = ( a => "\a", b => "\b", f => "\f", n => "\n",
++ r => "\r", t => "\t", '"' => '"', '\\' => '\\' );
++ $tok =~ s/\\(.)/$esc{$1}||'\\'.$1/egs;
+ } else { # key name
+ pos($$dataPt) = pos($$dataPt) - 1;
+ # allow anything in key but whitespace, braces and double quotes
diff --git a/gnu/packages/patches/racket-store-checksum-override.patch b/gnu/packages/patches/racket-store-checksum-override.patch
deleted file mode 100644
index 6c4ebcf022..0000000000
--- a/gnu/packages/patches/racket-store-checksum-override.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Racket uses checksums to test if it needs to recompile its source
-files to bytecode. If Racket is updated by grafting, the source and
-bytecode files get updated, but the checksum stays the same. Since
-the checksum no longer matches the source file, Racket tries to
-regenerate the bytecode and write it to the store, causing errors
-because the store is immutable. This patch makes Racket ignore
-checksums for files in the store.
-
-See <https://debbugs.gnu.org/30680> for details.
-
----
---- a/collects/compiler/private/cm-minimal.rkt
-+++ b/collects/compiler/private/cm-minimal.rkt
-@@ -6,6 +6,7 @@
- racket/list
- racket/path
- racket/promise
-+ racket/string
- file/sha1
- setup/cross-system
- compiler/compilation-path
-@@ -268,7 +269,8 @@
- (trace-printf "newer src... ~a > ~a" path-time path-zo-time)
- (maybe-compile-zo deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen
- #:trying-sha1? sha1-only?)]
-- [(different-source-sha1-and-dep-recorded path deps)
-+ [(and (not (store-reference? path))
-+ (different-source-sha1-and-dep-recorded path deps))
- => (lambda (difference)
- (trace-printf "different src hash ~a for ~a..." difference path)
- (maybe-compile-zo deps path->mode roots path orig-path read-src-syntax up-to-date collection-cache new-seen
-@@ -1012,5 +1014,9 @@
- #f
- (list src-hash recorded-hash)))
-
-+(define (store-reference? path)
-+ (let ([store-prefix (or (getenv "NIX_STORE") "/gnu/store")])
-+ (string-prefix? (path->string path) store-prefix)))
-+
- ;; Make sure `recompile-from` is machine-independent so that
- ;; recompilation makes sense.
- ;; The compilation lock must is held for the source of `recompile-from`. \ No newline at end of file
diff --git a/gnu/packages/patches/tla2tools-build-xml.patch b/gnu/packages/patches/tla2tools-build-xml.patch
new file mode 100644
index 0000000000..0bba82072a
--- /dev/null
+++ b/gnu/packages/patches/tla2tools-build-xml.patch
@@ -0,0 +1,109 @@
+tla2tools comes packaged with three separate javax.mail JARs, which it
+expects to be available to include in the JAR produced by the `dist' target.
+However, the `java-javax-mail' packaged with Guix contains all of these
+dependencies in a single JAR, so the other two are unneeded. This patch
+removes references to them.
+
+The JAR also was expected to contain classes that are built as part of the
+test suite. That does not seem useful, nor is it available during the
+`compile' phase, so that portion is removed.
+
+There are a number of Git attributes that are set in the final manifest.
+The branch name is kept, but the others are removed. The build user is set
+statically to "guix".
+
+Finally, since we already have a patch, two targets `jar' and `check' are
+added to satisfy `ant-build-system' and keep the package definition more
+lean.
+
+diff --git a/tlatools/org.lamport.tlatools/customBuild.xml b/tlatools/org.lamport.tlatools/customBuild.xml
+index f0ba77cb7..748e60d95 100644
+--- a/tlatools/org.lamport.tlatools/customBuild.xml
++++ b/tlatools/org.lamport.tlatools/customBuild.xml
+@@ -36,6 +36,17 @@
+ <istrue value="${maven.test.halt}"/>
+ </condition>
+
++ <!-- `jar' and `check' added for Guix -->
++ <target name="jar">
++ <antcall target="compile" inheritall="true" inheritrefs="true" />
++ <antcall target="compile-aj" inheritall="true" inheritrefs="true" />
++ <antcall target="dist" inheritall="true" inheritrefs="true" />
++ </target>
++ <target name="check">
++ <antcall target="compile-test" inheritall="true" inheritrefs="true" />
++ <antcall target="test" inheritall="true" inheritrefs="true" />
++ </target>
++
+ <!-- https://github.com/alx3apps/jgit-buildnumber -->
+ <target name="git-revision">
+ <taskdef name="jgit-buildnumber" classname="ru.concerteza.util.buildnumber.JGitBuildNumberAntTask">
+@@ -217,17 +228,7 @@
+ <exclude name="javax/mail/search/**"/>
+ </patternset>
+ </unzip>
+- <unzip src="lib/javax.mail/smtp-1.6.3.jar" dest="${class.dir}">
+- <patternset>
+- <include name="**/*.class"/>
+- </patternset>
+- </unzip>
+- <unzip src="lib/javax.mail/javax.activation_1.1.0.v201211130549.jar" dest="${class.dir}">
+- <patternset>
+- <include name="**/*.class"/>
+- <exclude name="org/**"/>
+- </patternset>
+- </unzip>
++ <mkdir dir="${class.dir}/META-INF" />
+ <touch file="${class.dir}/META-INF/javamail.default.address.map"/>
+ <unzip src="lib/jline/jline-terminal-3.14.1.jar" dest="${class.dir}">
+ <patternset>
+@@ -259,17 +260,7 @@
+ <exclude name="javax/mail/search/**"/>
+ </patternset>
+ </unzip>
+- <unzip src="lib/javax.mail/smtp-1.6.3.jar" dest="target/classes">
+- <patternset>
+- <include name="**/*.class"/>
+- </patternset>
+- </unzip>
+- <unzip src="lib/javax.mail/javax.activation_1.1.0.v201211130549.jar" dest="target/classes">
+- <patternset>
+- <include name="**/*.class"/>
+- <exclude name="org/**"/>
+- </patternset>
+- </unzip>
++ <mkdir dir="target/classes/META-INF" />
+ <touch file="target/classes/META-INF/javamail.default.address.map"/>
+
+ <unzip src="lib/jline/jline-terminal-3.14.1.jar" dest="target/classes">
+@@ -373,14 +364,8 @@
+ src/tla2sany/parser/Token.09-09-07,
+ src/tla2sany/parser/TokenMgrError.09-09-07"/>
+ <fileset dir="${doc.dir}" includes="License.txt"/>
+- <fileset dir="${test.class.dir}">
+- <include name="**/tlc2/tool/CommonTestCase*.class" />
+- <include name="**/tlc2/tool/liveness/ModelCheckerTestCase*.class" />
+- <include name="**/tlc2/TestMPRecorder*.class" />
+- <include name="**/util/IsolatedTestCaseRunner*.class" />
+- </fileset>
+ <manifest>
+- <attribute name="Built-By" value="${user.name}" />
++ <attribute name="Built-By" value="guix" />
+ <attribute name="Build-Tag" value="${env.BUILD_TAG}" />
+ <attribute name="Build-Rev" value="${Build-Rev}" />
+ <attribute name="Implementation-Title" value="TLA+ Tools" />
+@@ -389,14 +374,8 @@
+ <!-- The jar files contains many main classes (SANY, TEX, pcal, ...) -->
+ <!-- but lets consider TLC the one users primarily use. -->
+ <attribute name="Main-class" value="tlc2.TLC" />
+- <attribute name="Class-Path" value="CommunityModules-deps.jar CommunityModules.jar" />
+ <!-- Git revision -->
+- <attribute name="X-Git-Branch" value="${git.branch}" />
+ <attribute name="X-Git-Tag" value="${git.tag}" />
+- <attribute name="X-Git-Revision" value="${git.revision}" />
+- <attribute name="X-Git-ShortRevision" value="${git.shortRevision}" />
+- <attribute name="X-Git-BuildNumber" value="${git.branch}_${git.tag}_${git.shortRevision}" />
+- <attribute name="X-Git-Commits-Count" value="${git.commitsCount}" />
+ <!-- App-Name and Permissions is required by Java Webstart used by distributed TLC -->
+ <!-- Depending on security level, the user will see a warning otherwise. -->
+ <!-- http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html -->
diff --git a/gnu/packages/patches/u-boot-rockchip-inno-usb.patch b/gnu/packages/patches/u-boot-rockchip-inno-usb.patch
new file mode 100644
index 0000000000..58f04b2c78
--- /dev/null
+++ b/gnu/packages/patches/u-boot-rockchip-inno-usb.patch
@@ -0,0 +1,238 @@
+Downloaded from:
+https://patchwork.ozlabs.org/project/uboot/patch/20210406151059.1187379-1-icenowy@aosc.io
+
+From patchwork Tue Apr 6 15:10:59 2021
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Icenowy Zheng <icenowy@aosc.io>
+X-Patchwork-Id: 1462876
+X-Patchwork-Delegate: ykai007@gmail.com
+Return-Path: <u-boot-bounces@lists.denx.de>
+X-Original-To: incoming@patchwork.ozlabs.org
+Delivered-To: patchwork-incoming@bilbo.ozlabs.org
+Authentication-Results: ozlabs.org;
+ spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
+ (client-ip=85.214.62.61; helo=phobos.denx.de;
+ envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
+Authentication-Results: ozlabs.org;
+ dkim=fail reason="signature verification failed" (1024-bit key;
+ unprotected) header.d=mymailcheap.com header.i=@mymailcheap.com
+ header.a=rsa-sha256 header.s=default header.b=unszVtqT;
+ dkim=fail reason="signature verification failed" (1024-bit key;
+ unprotected) header.d=aosc.io header.i=@aosc.io header.a=rsa-sha256
+ header.s=default header.b=mWwYCh9A;
+ dkim-atps=neutral
+Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
+ SHA256)
+ (No client certificate requested)
+ by ozlabs.org (Postfix) with ESMTPS id 4FF9wc3GdNz9sW1
+ for <incoming@patchwork.ozlabs.org>; Wed, 7 Apr 2021 01:11:42 +1000 (AEST)
+Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
+ by phobos.denx.de (Postfix) with ESMTP id C1F9C8040A;
+ Tue, 6 Apr 2021 17:11:32 +0200 (CEST)
+Authentication-Results: phobos.denx.de;
+ dmarc=none (p=none dis=none) header.from=aosc.io
+Authentication-Results: phobos.denx.de;
+ spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
+Authentication-Results: phobos.denx.de;
+ dkim=fail reason="signature verification failed" (1024-bit key;
+ unprotected) header.d=mymailcheap.com header.i=@mymailcheap.com
+ header.b="unszVtqT";
+ dkim=fail reason="signature verification failed" (1024-bit key;
+ unprotected) header.d=aosc.io header.i=@aosc.io header.b="mWwYCh9A";
+ dkim-atps=neutral
+Received: by phobos.denx.de (Postfix, from userid 109)
+ id E4F22805B4; Tue, 6 Apr 2021 17:11:30 +0200 (CEST)
+X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
+X-Spam-Level:
+X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham
+ autolearn_force=no version=3.4.2
+Received: from relay3.mymailcheap.com (relay3.mymailcheap.com
+ [217.182.66.161])
+ (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
+ (No client certificate requested)
+ by phobos.denx.de (Postfix) with ESMTPS id 2FC4A8039D
+ for <u-boot@lists.denx.de>; Tue, 6 Apr 2021 17:11:27 +0200 (CEST)
+Authentication-Results: phobos.denx.de;
+ dmarc=none (p=none dis=none) header.from=aosc.io
+Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=icenowy@aosc.io
+Received: from filter2.mymailcheap.com (filter2.mymailcheap.com
+ [91.134.140.82])
+ by relay3.mymailcheap.com (Postfix) with ESMTPS id A6AC13ECDF;
+ Tue, 6 Apr 2021 17:11:26 +0200 (CEST)
+Received: from localhost (localhost [127.0.0.1])
+ by filter2.mymailcheap.com (Postfix) with ESMTP id 88D512A915;
+ Tue, 6 Apr 2021 17:11:26 +0200 (CEST)
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mymailcheap.com;
+ s=default; t=1617721886;
+ bh=qb5gt5o7M9qjdJd67A3WHGZp/76w4s4FS6+u1VuEh/o=;
+ h=From:To:Cc:Subject:Date:From;
+ b=unszVtqTnO9MGZVbgLH5H0cMo3VfQ+g5377blmOUcrtzMSqNbDD5SM25MUhlTUKiB
+ hTFq4L53gszBYfRPfh7Z5XgNVERULL5Zx0+WnVjZ7kUIp/wS3IQqxe81ChoFEsLTr8
+ 22UB9NN3OSVkuN/jRAzX+lKpugVGBHwOCjZBZukQ=
+Received: from filter2.mymailcheap.com ([127.0.0.1])
+ by localhost (filter2.mymailcheap.com [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id V9lVOgo6gApH; Tue, 6 Apr 2021 17:11:25 +0200 (CEST)
+Received: from mail20.mymailcheap.com (mail20.mymailcheap.com [51.83.111.147])
+ (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
+ (No client certificate requested)
+ by filter2.mymailcheap.com (Postfix) with ESMTPS;
+ Tue, 6 Apr 2021 17:11:25 +0200 (CEST)
+Received: from [213.133.102.83] (ml.mymailcheap.com [213.133.102.83])
+ by mail20.mymailcheap.com (Postfix) with ESMTP id C9EA3400B6;
+ Tue, 6 Apr 2021 15:11:24 +0000 (UTC)
+Authentication-Results: mail20.mymailcheap.com; dkim=pass (1024-bit key;
+ unprotected) header.d=aosc.io header.i=@aosc.io header.b="mWwYCh9A";
+ dkim-atps=neutral
+AI-Spam-Status: Not processed
+Received: from ice-e5v2.lan (unknown [59.41.163.135])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
+ SHA256) (No client certificate requested)
+ by mail20.mymailcheap.com (Postfix) with ESMTPSA id 251F840C16;
+ Tue, 6 Apr 2021 15:11:10 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aosc.io; s=default;
+ t=1617721874; bh=qb5gt5o7M9qjdJd67A3WHGZp/76w4s4FS6+u1VuEh/o=;
+ h=From:To:Cc:Subject:Date:From;
+ b=mWwYCh9AM8eRWm9hiEqirytotj/G/C1p9r2fd0zUxPhS0UQH+kw6L3RWZnsfmXAYq
+ HmYFiM3ktIfwevqQw89tOi8c2ktb49iYOyHXkfi8hTZl1dNsJDS94uyzBiHYY+U7x5
+ P0aTRRaL5C8ua2c1GedoPx06nrARO/KMEFy39rxI=
+From: Icenowy Zheng <icenowy@aosc.io>
+To: Simon Glass <sjg@chromium.org>, Kever Yang <kever.yang@rock-chips.com>,
+ Frank Wang <frank.wang@rock-chips.com>,
+ Jagan Teki <jagan@amarulasolutions.com>
+Cc: u-boot@lists.denx.de,
+ Icenowy Zheng <icenowy@aosc.io>
+Subject: [PATCH] phy: rockchip: inno-usb2: fix hang when multiple controllers
+ exit
+Date: Tue, 6 Apr 2021 23:10:59 +0800
+Message-Id: <20210406151059.1187379-1-icenowy@aosc.io>
+X-Mailer: git-send-email 2.30.2
+MIME-Version: 1.0
+X-Rspamd-Server: mail20.mymailcheap.com
+X-Spamd-Result: default: False [4.90 / 20.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
+ ARC_NA(0.00)[]; R_DKIM_ALLOW(0.00)[aosc.io:s=default];
+ RECEIVED_SPAMHAUS_PBL(0.00)[59.41.163.135:received];
+ FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
+ R_MISSING_CHARSET(2.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
+ MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[aosc.io];
+ BROKEN_CONTENT_TYPE(1.50)[]; R_SPF_SOFTFAIL(0.00)[~all];
+ RCPT_COUNT_FIVE(0.00)[6]; ML_SERVERS(-3.10)[213.133.102.83];
+ DKIM_TRACE(0.00)[aosc.io:+]; MID_CONTAINS_FROM(1.00)[];
+ RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
+ MIME_TRACE(0.00)[0:+];
+ ASN(0.00)[asn:24940, ipnet:213.133.96.0/19, country:DE];
+ RCVD_COUNT_TWO(0.00)[2];
+ HFILTER_HELO_BAREIP(3.00)[213.133.102.83,1]
+X-Rspamd-Queue-Id: C9EA3400B6
+X-BeenThere: u-boot@lists.denx.de
+X-Mailman-Version: 2.1.34
+Precedence: list
+List-Id: U-Boot discussion <u-boot.lists.denx.de>
+List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
+ <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
+List-Archive: <https://lists.denx.de/pipermail/u-boot/>
+List-Post: <mailto:u-boot@lists.denx.de>
+List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
+List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
+ <mailto:u-boot-request@lists.denx.de?subject=subscribe>
+Errors-To: u-boot-bounces@lists.denx.de
+Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
+X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
+X-Virus-Status: Clean
+
+The OHCI and EHCI controllers are both bound to the same PHY. They will
+both do init and power_on operations when the controller is brought up
+and both do power_off and exit when the controller is stopped. However,
+the PHY uclass of U-Boot is not as sane as we thought -- they won't
+maintain a status mark for PHYs, and thus the functions of the PHYs
+could be called for multiple times. Calling init/power_on for multiple
+times have no severe problems, however calling power_off/exit for
+multiple times have a problem -- the first exit call will stop the PHY
+clock, and power_off/exit calls after it still trying to write to PHY
+registers. The write operation to PHY registers will fail because clock
+is already stopped.
+
+Adapt the count mechanism from phy-sun4i-usb to both init/exit and
+power_on/power_off functions to phy-rockchip-inno-usb2 to fix this
+problem. With this stopping USB controllers (manually or before booting
+a kernel) will work.
+
+Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
+Fixes: ac97a9ece14e ("phy: rockchip: Add Rockchip USB2PHY driver")
+Tested-by: Peter Robinson <pbrobinson@gmail.com>
+---
+ drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 21 +++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
+index 62b8ba3a4a..be9cc99d90 100644
+--- a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
++++ b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
+@@ -62,6 +62,8 @@ struct rockchip_usb2phy {
+ void *reg_base;
+ struct clk phyclk;
+ const struct rockchip_usb2phy_cfg *phy_cfg;
++ int init_count;
++ int power_on_count;
+ };
+
+ static inline int property_enable(void *reg_base,
+@@ -92,6 +94,10 @@ static int rockchip_usb2phy_power_on(struct phy *phy)
+ struct rockchip_usb2phy *priv = dev_get_priv(parent);
+ const struct rockchip_usb2phy_port_cfg *port_cfg = us2phy_get_port(phy);
+
++ priv->power_on_count++;
++ if (priv->power_on_count != 1)
++ return 0;
++
+ property_enable(priv->reg_base, &port_cfg->phy_sus, false);
+
+ /* waiting for the utmi_clk to become stable */
+@@ -106,6 +112,10 @@ static int rockchip_usb2phy_power_off(struct phy *phy)
+ struct rockchip_usb2phy *priv = dev_get_priv(parent);
+ const struct rockchip_usb2phy_port_cfg *port_cfg = us2phy_get_port(phy);
+
++ priv->power_on_count--;
++ if (priv->power_on_count != 0)
++ return 0;
++
+ property_enable(priv->reg_base, &port_cfg->phy_sus, true);
+
+ return 0;
+@@ -118,6 +128,10 @@ static int rockchip_usb2phy_init(struct phy *phy)
+ const struct rockchip_usb2phy_port_cfg *port_cfg = us2phy_get_port(phy);
+ int ret;
+
++ priv->init_count++;
++ if (priv->init_count != 1)
++ return 0;
++
+ ret = clk_enable(&priv->phyclk);
+ if (ret) {
+ dev_err(phy->dev, "failed to enable phyclk (ret=%d)\n", ret);
+@@ -140,6 +154,10 @@ static int rockchip_usb2phy_exit(struct phy *phy)
+ struct udevice *parent = dev_get_parent(phy->dev);
+ struct rockchip_usb2phy *priv = dev_get_priv(parent);
+
++ priv->init_count--;
++ if (priv->init_count != 0)
++ return 0;
++
+ clk_disable(&priv->phyclk);
+
+ return 0;
+@@ -212,6 +230,9 @@ static int rockchip_usb2phy_probe(struct udevice *dev)
+ return ret;
+ }
+
++ priv->power_on_count = 0;
++ priv->init_count = 0;
++
+ return 0;
+ }
+
diff --git a/gnu/packages/patches/ungoogled-chromium-system-nspr.patch b/gnu/packages/patches/ungoogled-chromium-system-nspr.patch
deleted file mode 100644
index 988296b143..0000000000
--- a/gnu/packages/patches/ungoogled-chromium-system-nspr.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-Build with the system nspr library.
-
-Originally based on a Debian patch:
-https://salsa.debian.org/chromium-team/chromium/-/blob/master/debian/patches/system/nspr.patch
-
---- a/base/time/pr_time_unittest.cc
-+++ b/base/time/pr_time_unittest.cc
-@@ -7,7 +7,7 @@
-
- #include "base/compiler_specific.h"
- #include "base/stl_util.h"
--#include "base/third_party/nspr/prtime.h"
-+#include <nspr/prtime.h>
- #include "base/time/time.h"
- #include "build/build_config.h"
- #include "testing/gtest/include/gtest/gtest.h"
---- a/base/time/time.cc
-+++ b/base/time/time.cc
-@@ -14,7 +14,7 @@
- #include "base/optional.h"
- #include "base/strings/string_util.h"
- #include "base/strings/stringprintf.h"
--#include "base/third_party/nspr/prtime.h"
-+#include <nspr/prtime.h>
- #include "base/time/time_override.h"
- #include "build/build_config.h"
-
---- a/base/BUILD.gn
-+++ b/base/BUILD.gn
-@@ -102,6 +102,9 @@
- "-Wglobal-constructors",
- ]
- }
-+ ldflags = [
-+ "-lnspr4",
-+ ]
- }
-
- config("base_implementation") {
-@@ -720,8 +723,6 @@
- "third_party/cityhash_v103/src/city_v103.h",
- "third_party/icu/icu_utf.cc",
- "third_party/icu/icu_utf.h",
-- "third_party/nspr/prtime.cc",
-- "third_party/nspr/prtime.h",
- "third_party/superfasthash/superfasthash.c",
- "thread_annotations.h",
- "threading/hang_watcher.cc",
---- a/tools/gn/build/gen.py
-+++ b/tools/gn/build/gen.py
-@@ -380,6 +380,9 @@
- if not options.no_static_libstdcpp:
- ldflags.append('-static-libstdc++')
-
-+ # Additional system libraries that are used.
-+ libs.append('-lnspr4')
-+
- if platform.is_mingw() or platform.is_msys():
- cflags.remove('-std=c++17')
- cflags.extend([
---- a/third_party/blink/renderer/platform/BUILD.gn
-+++ b/third_party/blink/renderer/platform/BUILD.gn
-@@ -110,6 +110,9 @@
- "//build/win:default_exe_manifest",
- "//third_party/icu",
- ]
-+ ldflags = [
-+ "-lnspr4"
-+ ]
- }
-
- # This isn't strictly necessary since we can just add the deps to "platform",
---- a/third_party/crashpad/crashpad/handler/BUILD.gn
-+++ b/third_party/crashpad/crashpad/handler/BUILD.gn
-@@ -144,6 +144,9 @@
- "../third_party/mini_chromium:base",
- "../tools:tool_support",
- ]
-+ ldflags = [
-+ "-lnspr4"
-+ ]
-
- if (crashpad_is_win) {
- if (crashpad_is_in_chromium || crashpad_is_in_dart) {
---- a/chrome/common/search/BUILD.gn
-+++ b/chrome/common/search/BUILD.gn
-@@ -20,6 +20,9 @@
- "//chrome/common/themes:autogenerated_theme_util",
- "//skia",
- ]
-+ ldflags = [
-+ "-lnspr4"
-+ ]
- }
-
- compiled_action("generate_chrome_colors_info") {
---- a/components/url_formatter/spoof_checks/top_domains/BUILD.gn
-+++ b/components/url_formatter/spoof_checks/top_domains/BUILD.gn
-@@ -31,6 +31,9 @@
- "//net/tools/huffman_trie:huffman_trie_generator_sources",
- "//url:url",
- ]
-+ ldflags = [
-+ "-lnspr4",
-+ ]
- if (is_ios) {
- frameworks = [ "UIKit.framework" ]
- }
---- a/components/schema_org/BUILD.gn
-+++ b/components/schema_org/BUILD.gn
-@@ -33,6 +33,9 @@
- "//base",
- "//url",
- ]
-+ ldflags = [
-+ "-lnspr4",
-+ ]
- }
-
- compiled_action("schema_org_name_data") {
diff --git a/gnu/packages/patches/ungoogled-chromium-system-opus.patch b/gnu/packages/patches/ungoogled-chromium-system-opus.patch
deleted file mode 100644
index 6f887a31a4..0000000000
--- a/gnu/packages/patches/ungoogled-chromium-system-opus.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Add missing build dependency on Opus so that system headers are found.
-
-Taken from upstream:
-https://chromium-review.googlesource.com/c/chromium/src/+/2644623
-
-diff --git a/third_party/blink/renderer/modules/webcodecs/BUILD.gn b/third_party/blink/renderer/modules/webcodecs/BUILD.gn
---- a/third_party/blink/renderer/modules/webcodecs/BUILD.gn
-+++ b/third_party/blink/renderer/modules/webcodecs/BUILD.gn
-@@ -65,6 +65,7 @@ blink_modules_sources("webcodecs") {
- "//media/mojo/clients",
- "//media/mojo/mojom",
- "//third_party/libyuv:libyuv",
-+ "//third_party/opus",
- ]
- if (media_use_openh264) {
- deps += [ "//third_party/openh264:encoder" ]
-diff --git a/third_party/blink/renderer/modules/webcodecs/DEPS b/third_party/blink/renderer/modules/webcodecs/DEPS
---- a/third_party/blink/renderer/modules/webcodecs/DEPS
-+++ b/third_party/blink/renderer/modules/webcodecs/DEPS
-@@ -19,6 +19,7 @@ include_rules = [
-
- "+third_party/libyuv",
- "+third_party/openh264",
-+ "+third_party/opus",
-
- "+ui/gfx/color_space.h",
- "+ui/gfx/geometry/rect.h",