From 4d79e56d2535b3ff95ec8397603b941f97ce948d Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 18 Aug 2022 10:28:26 +0200
Subject: [PATCH 1/3] dev-libs/cyrus-sasl: Move from coreos-overlay and update

It's from Gentoo commit 728228559d150db1a238accfa71f9eee7ae9bcd1.

This used to be in coreos-overlay, but upstream already has all the
patches we were carrying. The cross-compilation issue will be
addressed with an environment variable override in overlay.
---
 .../dev-libs/cyrus-sasl/Manifest              |   3 +
 .../cyrus-sasl/cyrus-sasl-2.1.28-r2.ebuild    | 221 ++++++++++++++++++
 .../cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild    | 218 +++++++++++++++++
 .../cyrus-sasl/cyrus-sasl-2.1.28-r4.ebuild    | 219 +++++++++++++++++
 ...sasl-2.1.28-fix-configure-time-check.patch |  50 ++++
 .../dev-libs/cyrus-sasl/files/cyrus-sasl.conf |   1 +
 .../dev-libs/cyrus-sasl/files/pwcheck.rc6     |  20 ++
 .../dev-libs/cyrus-sasl/files/pwcheck.service |   9 +
 .../cyrus-sasl/files/saslauthd-2.1.26.conf    |  19 ++
 .../cyrus-sasl/files/saslauthd.pam-include    |   8 +
 .../cyrus-sasl/files/saslauthd.service        |  13 ++
 .../dev-libs/cyrus-sasl/files/saslauthd2.rc7  |  20 ++
 .../dev-libs/cyrus-sasl/metadata.xml          |  19 ++
 13 files changed, 820 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/Manifest
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r2.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r4.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.28-fix-configure-time-check.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.rc6
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.service
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.pam-include
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.service
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd2.rc7
 create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/metadata.xml

diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/Manifest
new file mode 100644
index 0000000000..bfa6547d55
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/Manifest
@@ -0,0 +1,3 @@
+DIST cyrus-sasl-2.1.27-r6-patches.tar.bz2 5169 BLAKE2B 43a2f0db4a8589ec1cde7807b31a93459eacb04d27ba36751a69dd5f4e669d1b28342194b0e1a5382e281a52a35e88168877b54065cfba01b9bd33e87fbd23f1 SHA512 41c4ca7c8f7b79e03faf5d826a6ff0ed398137239b93fb0046ccbf385f6ddeab2b9fb2f51d7a263dc74626e5fdbefb28615a1ee22aabe57ed57f10a52d382797
+DIST cyrus-sasl-2.1.28-r3-patches.tar.xz 4244 BLAKE2B 113da9bb58cce3643269fca88ea8d700aa20226d9536427c9068ef7b43499c2b78cbcb233d8db2418d84136c7edd629cc05f52b31cdfddfcb529f9a9fcb4effb SHA512 0cccbb27646dc118fbeea64b0cb688f312df97b31fced8c18d5230764cd5e2f0d48806bd2f5524aeddd02e8933cd835fb6f67dd3fbc1b0abfd1a3e1f0f53cf8a
+DIST cyrus-sasl-2.1.28.tar.gz 4034803 BLAKE2B 6cca8c26cebb9c2ee5d539c43797d30b6309a476ec4233225789978e1d7315c4ea5d2abbc7f5464be0f3c0de5fd9212706b43fbc92f40b76cd0b1013cc00f823 SHA512 db15af9079758a9f385457a79390c8a7cd7ea666573dace8bf4fb01bb4b49037538d67285727d6a70ad799d2e2318f265c9372e2427de9371d626a1959dd6f78
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r2.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r2.ebuild
new file mode 100644
index 0000000000..c5eec79523
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r2.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools edos2unix flag-o-matic multilib multilib-minimal pam db-use systemd toolchain-funcs tmpfiles
+
+SASLAUTHD_CONF_VER="2.1.26"
+MY_PATCH_VER="${PN}-2.1.27-r6-patches"
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH_VER}.tar.bz2"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+REQUIRED_USE="ldapdb? ( openldap )"
+
+DEPEND="net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1:=[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${WORKDIR}"/${MY_PATCH_VER}/cyrus-sasl-2.1.25-auxprop.patch
+	"${WORKDIR}"/${MY_PATCH_VER}/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
+	"${WORKDIR}"/${MY_PATCH_VER}/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
+	"${FILESDIR}"/cyrus-sasl-2.1.28-fix-configure-time-check.patch
+)
+
+src_prepare() {
+	default
+
+	# Use plugindir for sasldir
+	# https://github.com/cyrusimap/cyrus-sasl/issues/339 (I think)
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# bug #486740 and bug #468556 (dropped AM_CONFIG_HEADER sed in 2.1.28)
+	sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
+	append-flags -fno-strict-aliasing
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}/usr/$(get_libdir)/sasl2"
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}/usr/$(get_libdir)/postgresql")
+		$(use_with sqlite sqlite3 "${EPREFIX}/usr/$(get_libdir)")
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (bug #674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}"/usr/share/doc/${PF}/release-notes
+
+	docinto html
+	dodoc doc/html/*.html
+
+	if use pam; then
+		newpamd "${FILESDIR}"/saslauthd.pam-include saslauthd
+	fi
+
+	newinitd "${FILESDIR}"/pwcheck.rc6 pwcheck
+	systemd_dounit "${FILESDIR}"/pwcheck.service
+
+	newinitd "${FILESDIR}"/saslauthd2.rc7 saslauthd
+	newconfd "${FILESDIR}"/saslauthd-${SASLAUTHD_CONF_VER}.conf saslauthd
+	systemd_dounit "${FILESDIR}"/saslauthd.service
+	dotmpfiles "${FILESDIR}"/${PN}.conf
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild
new file mode 100644
index 0000000000..9bf5fc8ef2
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild
@@ -0,0 +1,218 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools edos2unix flag-o-matic multilib multilib-minimal pam db-use systemd toolchain-funcs tmpfiles
+
+SASLAUTHD_CONF_VER="2.1.26"
+MY_PATCH_VER="${PN}-2.1.28-r3-patches"
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH_VER}.tar.xz"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+REQUIRED_USE="ldapdb? ( openldap )"
+
+DEPEND="net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1:=[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${WORKDIR}"/${MY_PATCH_VER}/
+)
+
+src_prepare() {
+	default
+
+	# Use plugindir for sasldir
+	# https://github.com/cyrusimap/cyrus-sasl/issues/339 (I think)
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# bug #486740 and bug #468556 (dropped AM_CONFIG_HEADER sed in 2.1.28)
+	sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
+	append-flags -fno-strict-aliasing
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}/usr/$(get_libdir)/sasl2"
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}/usr/$(get_libdir)/postgresql")
+		$(use_with sqlite sqlite3 "${EPREFIX}/usr/$(get_libdir)")
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (bug #674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}"/usr/share/doc/${PF}/release-notes
+
+	docinto html
+	dodoc doc/html/*.html
+
+	if use pam; then
+		newpamd "${FILESDIR}"/saslauthd.pam-include saslauthd
+	fi
+
+	newinitd "${FILESDIR}"/pwcheck.rc6 pwcheck
+	systemd_dounit "${FILESDIR}"/pwcheck.service
+
+	newinitd "${FILESDIR}"/saslauthd2.rc7 saslauthd
+	newconfd "${FILESDIR}"/saslauthd-${SASLAUTHD_CONF_VER}.conf saslauthd
+	systemd_dounit "${FILESDIR}"/saslauthd.service
+	dotmpfiles "${FILESDIR}"/${PN}.conf
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r4.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r4.ebuild
new file mode 100644
index 0000000000..9594bed0f5
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r4.ebuild
@@ -0,0 +1,219 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools edos2unix flag-o-matic multilib multilib-minimal pam db-use systemd toolchain-funcs tmpfiles
+
+SASLAUTHD_CONF_VER="2.1.26"
+MY_PATCH_VER="${PN}-2.1.28-r3-patches"
+DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
+HOMEPAGE="https://www.cyrusimap.org/sasl/"
+#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
+SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH_VER}.tar.xz"
+
+LICENSE="BSD-with-attribution"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
+REQUIRED_USE="ldapdb? ( openldap )"
+
+# See bug #855890 for sys-libs/db slot
+DEPEND="net-mail/mailbase
+	virtual/libcrypt:=
+	authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
+	berkdb? ( >=sys-libs/db-4.8.30-r1:4.8[${MULTILIB_USEDEP}] )
+	gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	openldap? ( >=net-nds/openldap-2.4.38-r1:=[${MULTILIB_USEDEP}] )
+	mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
+	pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
+	postgres? ( dev-db/postgresql:* )
+	sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
+	ssl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-sasl )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/sasl/md5global.h
+)
+
+PATCHES=(
+	"${WORKDIR}"/${MY_PATCH_VER}/
+)
+
+src_prepare() {
+	default
+
+	# Use plugindir for sasldir
+	# https://github.com/cyrusimap/cyrus-sasl/issues/339 (I think)
+	sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
+		"${S}"/plugins/Makefile.{am,in} || die "sed failed"
+
+	# bug #486740 and bug #468556 (dropped AM_CONFIG_HEADER sed in 2.1.28)
+	sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	export CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
+	append-flags -fno-strict-aliasing
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# getpassphrase is defined in /usr/include/stdlib.h
+		append-cppflags -DHAVE_GETPASSPHRASE
+	else
+		# this horrendously breaks things on Solaris
+		append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
+		# replaces BSD_SOURCE (bug #579218)
+		append-cppflags -D_DEFAULT_SOURCE
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-login
+		--enable-ntlm
+		--enable-auth-sasldb
+		--disable-cmulocal
+		--disable-krb4
+		--disable-macos-framework
+		--enable-otp
+		--without-sqlite
+		--with-saslauthd="${EPREFIX}"/run/saslauthd
+		--with-pwcheck="${EPREFIX}"/run/saslauthd
+		--with-configdir="${EPREFIX}"/etc/sasl2
+		--with-plugindir="${EPREFIX}/usr/$(get_libdir)/sasl2"
+		--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
+		--with-sphinx-build=no
+		$(use_with ssl openssl)
+		$(use_with pam)
+		$(use_with openldap ldap)
+		$(use_enable ldapdb)
+		$(multilib_native_use_enable sample)
+		$(use_enable kerberos gssapi)
+		$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
+		$(multilib_native_use_with postgres pgsql "${EPREFIX}/usr/$(get_libdir)/postgresql")
+		$(use_with sqlite sqlite3 "${EPREFIX}/usr/$(get_libdir)")
+		$(use_enable srp)
+		$(use_enable static-libs static)
+
+		# Add authdaemond support (bug #56523).
+		$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
+
+		# Fix for bug #59634.
+		$(usex ssl '' --without-des)
+
+		# Use /dev/urandom instead of /dev/random (bug #46038).
+		$(usex urandom --with-devrandom=/dev/urandom '')
+	)
+
+	if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
+		myeconfargs+=( --enable-sql )
+	else
+		myeconfargs+=( --disable-sql )
+	fi
+
+	# Default to GDBM if both 'gdbm' and 'berkdb' are present.
+	if use gdbm ; then
+		einfo "Building with GNU DB as database backend for your SASLdb"
+		myeconfargs+=( --with-dblib=gdbm )
+	elif use berkdb ; then
+		einfo "Building with BerkeleyDB as database backend for your SASLdb"
+		myeconfargs+=(
+			--with-dblib=berkeley
+			--with-bdb-incdir="$(db_includedir)"
+		)
+	else
+		einfo "Building without SASLdb support"
+		myeconfargs+=( --with-dblib=none )
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_install() {
+	default
+
+	if multilib_is_native_abi; then
+		if use sample ; then
+			docinto sample
+			dodoc "${S}"/sample/*.c
+			exeinto /usr/share/doc/${P}/sample
+			doexe sample/client sample/server
+		fi
+
+		dosbin saslauthd/testsaslauthd
+	fi
+}
+
+multilib_src_install_all() {
+	doman man/*
+
+	keepdir /etc/sasl2
+
+	# Reset docinto to default value (bug #674296)
+	docinto
+	dodoc AUTHORS ChangeLog doc/legacy/TODO
+	newdoc pwcheck/README README.pwcheck
+
+	newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
+	edos2unix "${ED}"/usr/share/doc/${PF}/release-notes
+
+	docinto html
+	dodoc doc/html/*.html
+
+	if use pam; then
+		newpamd "${FILESDIR}"/saslauthd.pam-include saslauthd
+	fi
+
+	newinitd "${FILESDIR}"/pwcheck.rc6 pwcheck
+	systemd_dounit "${FILESDIR}"/pwcheck.service
+
+	newinitd "${FILESDIR}"/saslauthd2.rc7 saslauthd
+	newconfd "${FILESDIR}"/saslauthd-${SASLAUTHD_CONF_VER}.conf saslauthd
+	systemd_dounit "${FILESDIR}"/saslauthd.service
+	dotmpfiles "${FILESDIR}"/${PN}.conf
+
+	# The get_modname bit is important: do not remove the .la files on
+	# platforms where the lib isn't called .so for cyrus searches the .la to
+	# figure out what the name is supposed to be instead
+	if ! use static-libs && [[ $(get_modname) == .so ]] ; then
+		find "${ED}" -name "*.la" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
+	# Generate an empty sasldb2 with correct permissions.
+	if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
+		einfo "Generating an empty sasldb2 with correct permissions ..."
+
+		echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
+			|| die "Failed to generate sasldb2"
+
+		"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
+			|| die "Failed to delete temp user"
+
+		chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
+		chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
+			|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
+	fi
+
+	if use authdaemond ; then
+		elog "You need to add a user running a service using Courier's"
+		elog "authdaemon to the 'mail' group. For example, do:"
+		elog "	gpasswd -a postfix mail"
+		elog "to add the 'postfix' user to the 'mail' group."
+	fi
+
+	elog "pwcheck and saslauthd home directories have moved to:"
+	elog "  /run/saslauthd, using tmpfiles.d"
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.28-fix-configure-time-check.patch b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.28-fix-configure-time-check.patch
new file mode 100644
index 0000000000..873dac53fe
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.28-fix-configure-time-check.patch
@@ -0,0 +1,50 @@
+https://github.com/cyrusimap/cyrus-sasl/pull/709
+
+From 399625c3413c313e93432d0f5907350722b861c7 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 23 Feb 2022 00:45:15 +0000
+Subject: [PATCH] Fix <time.h> check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We're conditionally including based on HAVE_TIME_H in a bunch of places,
+but we're not actually checking for time.h, so that's never going to be defined.
+
+While at it, add in a missing include in the cram plugin.
+
+This fixes a bunch of implicit declaration warnings:
+```
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration]
+ * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration]
+```
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1290,7 +1290,7 @@ AC_CHECK_HEADERS_ONCE([sys/time.h])
+ 
+ AC_HEADER_DIRENT
+ AC_HEADER_SYS_WAIT
+-AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
++AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h time.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h)
+ 
+ IPv6_CHECK_SS_FAMILY()
+ IPv6_CHECK_SA_LEN()
+--- a/plugins/cram.c
++++ b/plugins/cram.c
+@@ -53,6 +53,10 @@
+ #endif
+ #include <fcntl.h>
+ 
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++
+ #include <sasl.h>
+ #include <saslplug.h>
+ #include <saslutil.h>
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl.conf b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
new file mode 100644
index 0000000000..d4809f73c8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/cyrus-sasl.conf
@@ -0,0 +1 @@
+d /run/saslauthd 0755 root root -
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.rc6 b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.rc6
new file mode 100644
index 0000000000..7b43c4ea15
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.rc6
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need localmount
+	use logger
+}
+
+start() {
+	ebegin "Starting sasl pwcheck daemon"
+	start-stop-daemon --start --quiet --exec /usr/sbin/pwcheck
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping sasl pwcheck daemon"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/pwcheck
+	eend $?
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.service b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.service
new file mode 100644
index 0000000000..74ff4859ab
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/pwcheck.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=SASL pwcheck daemon
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/pwcheck
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
new file mode 100644
index 0000000000..dd487b0eda
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf
@@ -0,0 +1,19 @@
+# Config file for /etc/init.d/saslauthd and systemd unit
+
+# PLEASE READ THIS IF YOU ARE USING SYSTEMD
+# Please note that systemd does not expand shell variables
+# thus, something like FOO="${FOO} bar" won't work.
+
+# Specify the authentications mechanism.
+# **NOTE** For a list see: saslauthd -v
+# Since 2.1.19, add "-r" to options for old behavior,
+# ie. reassemble user and realm to user@realm form.
+#
+# Specify the hostname for remote IMAP server using:
+# "-O localhost".
+# Specify the number of worker processes to create using:
+# "-n <N>".
+# Enable credential cache, set cache size and timeout using:
+# "-c -s <cache size, like 128> -t <timeout seconds>".
+# 
+SASLAUTHD_OPTS="-a pam"
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.pam-include b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.pam-include
new file mode 100644
index 0000000000..d50a84946a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.pam-include
@@ -0,0 +1,8 @@
+#%PAM-1.0
+
+auth       required     pam_nologin.so
+auth       include      system-auth
+
+account    include      system-auth
+
+session    include      system-auth
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.service b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.service
new file mode 100644
index 0000000000..1609a651e4
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=SASL Authentication Daemon
+
+[Service]
+Type=forking
+PIDFile=/run/saslauthd/saslauthd.pid
+EnvironmentFile=/etc/conf.d/saslauthd
+ExecStart=/usr/sbin/saslauthd $SASLAUTHD_OPTS
+ExecStop=/bin/kill -15 $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd2.rc7 b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd2.rc7
new file mode 100644
index 0000000000..0abeaf6f57
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/files/saslauthd2.rc7
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting saslauthd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+		-- ${SASLAUTHD_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping saslauthd"
+	start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid
+	eend $?
+}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/metadata.xml
new file mode 100644
index 0000000000..dbb996c447
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/cyrus-sasl/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<!-- maintainer-needed -->
+	<use>
+		<flag name="authdaemond">
+			Add Courier-IMAP authdaemond unix socket
+			support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)
+		</flag>
+		<flag name="openldap">Add ldap support for saslauthd</flag>
+		<flag name="ldapdb">Enable ldapdb plugin</flag>
+		<flag name="sample">Enable sample client and server</flag>
+		<flag name="srp">Enable SRP authentication</flag>
+		<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">cyrusimap/cyrus-sasl</remote-id>
+	</upstream>
+</pkgmetadata>

From 3eb1461237c897b9ebcc9a2b02919af108648f60 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 18 Aug 2022 10:49:14 +0200
Subject: [PATCH 2/3] changelog: Add an entry

---
 .../portage-stable/changelog/updates/2022-08-18-cyrus-sasl.md    | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/updates/2022-08-18-cyrus-sasl.md

diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-08-18-cyrus-sasl.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-08-18-cyrus-sasl.md
new file mode 100644
index 0000000000..931ced7fa4
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-08-18-cyrus-sasl.md
@@ -0,0 +1 @@
+- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))

From 19633c28d2b9880ad81cf2ca66c2f7ac68e176bc Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 18 Aug 2022 11:45:29 +0200
Subject: [PATCH 3/3] eclass/tmpfiles: Sync with Gentoo

It's from Gentoo commit 0b999ae3827969168427437e5d1d9aff39e4e56a.

The updated dev-libs/cyrus-sasl started using EAPI 8, and the tmpfiles
eclass did not support it. Update it to gain support for EAPI 8 too.
---
 .../portage-stable/eclass/tmpfiles.eclass            | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sdk_container/src/third_party/portage-stable/eclass/tmpfiles.eclass b/sdk_container/src/third_party/portage-stable/eclass/tmpfiles.eclass
index b9238a6434..39650401a6 100644
--- a/sdk_container/src/third_party/portage-stable/eclass/tmpfiles.eclass
+++ b/sdk_container/src/third_party/portage-stable/eclass/tmpfiles.eclass
@@ -1,4 +1,4 @@
-# Copyright 2016-2021 Gentoo Authors
+# Copyright 2016-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # @ECLASS: tmpfiles.eclass
@@ -8,7 +8,7 @@
 # @AUTHOR:
 # Mike Gilbert <floppym@gentoo.org>
 # William Hubbs <williamh@gentoo.org>
-# @SUPPORTED_EAPIS: 5 6 7
+# @SUPPORTED_EAPIS: 5 6 7 8
 # @BLURB: Functions related to tmpfiles.d files
 # @DESCRIPTION:
 # This eclass provides functionality related to installing and
@@ -52,15 +52,15 @@
 #
 # @CODE
 
-if [[ -z ${TMPFILES_ECLASS} ]]; then
-TMPFILES_ECLASS=1
+if [[ -z ${_TMPFILES_ECLASS} ]]; then
+_TMPFILES_ECLASS=1
 
 case "${EAPI}" in
-5|6|7) ;;
+5|6|7|8) ;;
 *) die "API is undefined for EAPI ${EAPI}" ;;
 esac
 
-# @ECLASS-VARIABLE: TMPFILES_OPTIONAL
+# @ECLASS_VARIABLE: TMPFILES_OPTIONAL
 # @PRE_INHERIT
 # @DEFAULT_UNSET
 # @DESCRIPTION: