From ed5ec9010b8a9fc7d961b9414c250d8aff0d3b35 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 18 Mar 2022 13:54:02 +0530
Subject: [PATCH 1/2] sys-apps/util-linux: Sync with Gentoo upstream

gentoo sync ref: https://github.com/gentoo/gentoo/commit/2dc9e5e7580bc0aec5151d48872d4fab5e492876

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 .../sys-apps/util-linux/Manifest              |   4 +-
 .../sys-apps/util-linux/files/su-l.pamd       |   5 +
 ...l-linux-2.37.1-ipcutils_calloc_check.patch |  25 ----
 ...-linux-2.37.1-libmount_setgroups_fix.patch |  38 ------
 ...ux-2.37.1-lscpu_NULL_dereference_fix.patch |  50 --------
 .../sys-apps/util-linux/metadata.xml          |   7 +-
 .../util-linux/util-linux-2.37.2-r1.ebuild    |  46 ++------
 ...-r1.ebuild => util-linux-2.37.3-r1.ebuild} |  77 ++++++-------
 ...6.2-r1.ebuild => util-linux-2.37.4.ebuild} | 108 ++++++++++--------
 .../util-linux/util-linux-9999.ebuild         |  69 ++++++-----
 10 files changed, 156 insertions(+), 273 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/su-l.pamd
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch
 rename sdk_container/src/third_party/portage-stable/sys-apps/util-linux/{util-linux-2.37.1-r1.ebuild => util-linux-2.37.3-r1.ebuild} (84%)
 rename sdk_container/src/third_party/portage-stable/sys-apps/util-linux/{util-linux-2.36.2-r1.ebuild => util-linux-2.37.4.ebuild} (78%)

diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
index c330ae5648..9e6b39616f 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
@@ -1,3 +1,3 @@
-DIST util-linux-2.36.2.tar.xz 5348032 BLAKE2B 17e49515f8d0430f3ed26b80bf1d6e811d847141020d0dae1340dc92887549b7b711f3db6e3913120871fc912435def73586a7aef09d8d9cc6ff7ca331b2770f SHA512 6ab141f44ca4cb6b600081f10eae17e15d23abd122a37eb3ac6c845513a6a4396dc9dcff30b3032de80116ddde50e27dfbc86f92708c1051f84f0c919194664b
-DIST util-linux-2.37.1.tar.xz 5628360 BLAKE2B 309ea7202f32c0ec750cb01486cf32c3e9dd457d83e5beab8d6b97a5e7f312332ecfcd1ddbb88ae5ec9ee483bb15452b8d58bce1f931f9dfa35be3ce042da3da SHA512 ec300c830869e10a0d7f8c0b99e9bb46e0b88fc51f3c6c6a4d9752a89f035e8d69d81f25fd103ef8d7d253e81440695ef3f5d72dccc94815ec8d5f6f949f7555
 DIST util-linux-2.37.2.tar.xz 5621624 BLAKE2B 40ab80485781dfc58e6d0e98dae115b96f11ee0cc370524e1e13d3c4a4dfed3a5a4a248311f8ca645f6f84bbaf4785412ca8282b840af4e37a01312764885abe SHA512 38f0fe820445e3bfa79550e6581c230f98c7661566ccc4daa51c7208a5f972c61b4e57dfc86bed074fdbc7c40bc79f856be8f6a05a8860c1c0cecc4208e8b81d
+DIST util-linux-2.37.3.tar.xz 6126260 BLAKE2B 6a541dd1f243f0fc303cd813b50be3e0edd8dc7377734aed90fe0af03321bf03fd727285e406b95a1db176572742245220f2e6e7f4d35e508e948816ec4b6345 SHA512 2303b5c55b1fd932c73b0a079d37e56e10b6a20270b72d0b7e81ec7a6b715b42ebaa336714c3e1722d05e5aa4499f8be17ceaf61bb1341532bf9697c9a2174e9
+DIST util-linux-2.37.4.tar.xz 6114232 BLAKE2B 7f6cd12ec9bc68a6db787be78c1ee19fdfbb37710df36d4278d869676ba531afd414097e57e5287efed6c7c80d6b6ef36d5812ff2bea611080d3ce5bf5ad4ac5 SHA512 ada2629b0a8e83ea83513e04f7b1ccceb3b8ab82acd119c5d8389d1abc48c92d0b591f39fb34b1fd65db3ab630f03a672a9f3dacf1a6e4f124bdb083fc1be6d7
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/su-l.pamd b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/su-l.pamd
new file mode 100644
index 0000000000..24f29d751f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/su-l.pamd
@@ -0,0 +1,5 @@
+auth	   include      su
+account    include      su
+password   include      su
+session	   optional pam_lastlog.so
+session	   include      su
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch
deleted file mode 100644
index 44490ce1bd..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 86d5de52d43501711586054e7b601fbc57403085 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Tue, 27 Jul 2021 11:58:31 +0200
-Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64
- nmembs
-
-Fix: https://github.com/karelzak/util-linux/issues/1395
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- sys-utils/ipcutils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
-index e784c4dcb9..18868cfd38 100644
---- a/sys-utils/ipcutils.c
-+++ b/sys-utils/ipcutils.c
-@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
- {
- 	size_t i;
- 
--	if (!p || !p->sem_nsems || p->sem_perm.id < 0)
-+	if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0)
- 		return;
- 
- 	p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch
deleted file mode 100644
index ebde207986..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 420e914c4cc4c2ba34fd75790ea194d7f4a47d2c Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Thu, 29 Jul 2021 11:50:48 +0200
-Subject: [PATCH] libmount: fix setgroups() use
-
-* keep process in single supplementary group, which is the real group ID for the process
-
-* make sure we have rights to call setgroups(), requires group permissions
-
-Fixes: https://github.com/karelzak/util-linux/issues/1398
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- include/c.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/include/c.h b/include/c.h
-index c1e4c5ffc..a4504e3ba 100644
---- a/include/c.h
-+++ b/include/c.h
-@@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void)
- 
- static inline int drop_permissions(void)
- {
-+	gid_t newgid = getgid();
-+
- 	errno = 0;
- 
- 	/* drop supplementary groups */
--	if (setgroups(0, NULL) != 0)
-+	if (geteuid() == 0 && setgroups(1, &newgid) != 0)
- 		goto fail;
- 
- 	/* drop GID */
--	if (setgid(getgid()) < 0)
-+	if (setgid(newgid) < 0)
- 		goto fail;
- 
- 	/* drop UID */
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch
deleted file mode 100644
index 50322e63a8..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 0d7cef3ddbd2aacbea8c11e8524a3de68dfb8ff6 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Fri, 30 Jul 2021 14:35:25 +0200
-Subject: [PATCH] lscpu: fix NULL dereference
-
-Fixes: https://github.com/karelzak/util-linux/issues/1401
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- sys-utils/lscpu-cputype.c | 2 +-
- sys-utils/lscpu.c         | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/sys-utils/lscpu-cputype.c b/sys-utils/lscpu-cputype.c
-index 795a4acf5..be16199e0 100644
---- a/sys-utils/lscpu-cputype.c
-+++ b/sys-utils/lscpu-cputype.c
-@@ -569,7 +569,7 @@ int lscpu_read_cpuinfo(struct lscpu_cxt *cxt)
- 	/* Set the default type to CPUs which are missing (or not parsed)
- 	 * in cpuinfo */
- 	ct = lscpu_cputype_get_default(cxt);
--	for (i = 0; i < cxt->npossibles; i++) {
-+	for (i = 0; ct && i < cxt->npossibles; i++) {
- 		struct lscpu_cpu *cpu = cxt->cpus[i];
- 
- 		if (cpu && !cpu->type)
-diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c
-index 827e84a6d..e11b2f42f 100644
---- a/sys-utils/lscpu.c
-+++ b/sys-utils/lscpu.c
-@@ -991,7 +991,7 @@ static void print_summary(struct lscpu_cxt *cxt)
- 		*(p - 2) = '\0';
- 		add_summary_s(tb, sec, _("CPU op-mode(s):"), buf);
- 	}
--	if (ct->addrsz)
-+	if (ct && ct->addrsz)
- 		add_summary_s(tb, sec, _("Address sizes:"), ct->addrsz);
- #if !defined(WORDS_BIGENDIAN)
- 	add_summary_s(tb, sec, _("Byte Order:"), "Little Endian");
-@@ -1033,9 +1033,9 @@ static void print_summary(struct lscpu_cxt *cxt)
- 	sec = NULL;
- 
- 	/* Section: cpu type description */
--	if (ct->vendor)
-+	if (ct && ct->vendor)
- 		sec = add_summary_s(tb, NULL, _("Vendor ID:"), ct->vendor);
--	if (ct->bios_vendor)
-+	if (ct && ct->bios_vendor)
- 		add_summary_s(tb, sec, _("BIOS Vendor ID:"), ct->bios_vendor);
- 
- 	for (i = 0; i < cxt->ncputypes; i++)
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/metadata.xml
index 6d41d90fe5..f06c42f329 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/metadata.xml
@@ -15,10 +15,13 @@
 	<flag name="kill">build the kill program</flag>
 	<flag name="logger">build the logger program</flag>
 	<flag name="pam">build runuser helper</flag>
+	<flag name="rtas">Add support for the Run Time Abstraction Services (RTAS)</flag>
 	<flag name="su">build the su program</flag>
 	<flag name="suid">
-		install mount/umount as setuid so non-root users may mount/umount devices,
-		and wall/write as setgid so non-root users can notify other users
+		Install some programs with suid bit set to provide additional functionality.
+		mount/umount: non-root users may mount/umount devices
+		wall/write: non-root users can notify other users
+		su: non-root users may become root
 	</flag>
 	<flag name="tty-helpers">install the mesg/wall/write tools for talking to local users</flag>
 </use>
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.2-r1.ebuild
index 8d063d705b..619414e131 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.2-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.2-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -25,7 +25,7 @@ HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/
 
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline selinux slang static-libs su +suid systemd test tty-helpers udev unicode userland_GNU"
+IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs su +suid systemd test tty-helpers udev unicode"
 
 # Most lib deps here are related to programs rather than our libs,
 # so we rarely need to specify ${MULTILIB_USEDEP}.
@@ -42,10 +42,9 @@ RDEPEND="
 	)
 	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
 	pam? ( sys-libs/pam )
-	ppc? ( sys-libs/librtas )
-	ppc64? ( sys-libs/librtas )
 	python? ( ${PYTHON_DEPS} )
 	readline? ( sys-libs/readline:0= )
+	rtas? ( sys-libs/librtas )
 	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
 	slang? ( sys-libs/slang )
 	!build? ( systemd? ( sys-apps/systemd ) )
@@ -71,7 +70,6 @@ RDEPEND+="
 		!>=sys-apps/shadow-4.7-r2[su]
 	)
 	!net-wireless/rfkill
-	!<app-shells/bash-completion-2.7-r1
 "
 
 # Required for man-page generation
@@ -99,13 +97,6 @@ src_prepare() {
 		-e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \
 		tests/ts/uuid/uuidd || die "Failed to fix uuidd test"
 
-	if ! use userland_GNU ; then
-		# test runner is using GNU-specific xargs call
-		sed -i -e 's:xargs:gxargs:' tests/run.sh || die
-		# test requires util-linux uuidgen (which we don't build)
-		rm tests/ts/uuid/oids || die
-	fi
-
 	if [[ ${PV} == 9999 ]] ; then
 		po/update-potfiles
 		eautoreconf
@@ -134,14 +125,10 @@ python_configure() {
 		--disable-bash-completion
 		--without-systemdsystemunitdir
 		--with-python
+		--enable-libblkid
+		--enable-libmount
+		--enable-pylibmount
 	)
-	if use userland_GNU ; then
-		myeconfargs+=(
-			--enable-libblkid
-			--enable-libmount
-			--enable-pylibmount
-		)
-	fi
 	mkdir "${BUILD_DIR}" || die
 	pushd "${BUILD_DIR}" >/dev/null || die
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
@@ -161,6 +148,9 @@ multilib_src_configure() {
 	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
 	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
 
+	# Avoid automagic dependency on ppc*
+	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
+
 	# configure args shared by python and non-python builds
 	local commonargs=(
 		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
@@ -187,8 +177,7 @@ multilib_src_configure() {
 		$(use_with ncurses tinfo)
 		$(use_with selinux)
 	)
-	# build programs only on GNU, on *BSD we want libraries only
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		myeconfargs+=(
 			--disable-chfn-chsh
 			--disable-login
@@ -235,13 +224,8 @@ multilib_src_configure() {
 			--enable-libblkid
 			--enable-libsmartcols
 			--enable-libfdisk
+			--enable-libmount
 		)
-		if use userland_GNU ; then
-			# those libraries don't work on *BSD
-			myeconfargs+=(
-				--enable-libmount
-			)
-		fi
 	fi
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 
@@ -292,7 +276,7 @@ multilib_src_install() {
 	# This needs to be called AFTER python_install call (#689190)
 	emake DESTDIR="${D}" install
 
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		# need the libs in /
 		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
 	fi
@@ -304,12 +288,6 @@ multilib_src_install_all() {
 	# e2fsprogs-libs didnt install .la files, and .pc work fine
 	find "${ED}" -name "*.la" -delete || die
 
-	if ! use userland_GNU ; then
-		# manpage collisions
-		# TODO: figure out a good way to keep them
-		rm "${ED}"/usr/share/man/man3/uuid* || die
-	fi
-
 	if use pam ; then
 		newpamd "${FILESDIR}/runuser.pamd" runuser
 		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
similarity index 84%
rename from sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
index fa2c51c57e..0f0d85a2f3 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_COMPAT=( python3_{8,9,10} )
 
 inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 usr-ldscript \
 	pam python-r1 multilib-minimal multiprocessing systemd
@@ -16,7 +16,7 @@ if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
 else
 	[[ "${PV}" = *_rc* ]] || \
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
 	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
 fi
 
@@ -25,7 +25,7 @@ HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/
 
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat hardlink kill +logger magic ncurses nls pam python +readline selinux slang static-libs su +suid systemd test tty-helpers udev unicode userland_GNU"
+IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
 
 # Most lib deps here are related to programs rather than our libs,
 # so we rarely need to specify ${MULTILIB_USEDEP}.
@@ -42,10 +42,9 @@ RDEPEND="
 	)
 	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
 	pam? ( sys-libs/pam )
-	ppc? ( sys-libs/librtas )
-	ppc64? ( sys-libs/librtas )
 	python? ( ${PYTHON_DEPS} )
 	readline? ( sys-libs/readline:0= )
+	rtas? ( sys-libs/librtas )
 	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
 	slang? ( sys-libs/slang )
 	!build? ( systemd? ( sys-apps/systemd ) )
@@ -71,7 +70,6 @@ RDEPEND+="
 		!>=sys-apps/shadow-4.7-r2[su]
 	)
 	!net-wireless/rfkill
-	!<app-shells/bash-completion-2.7-r1
 "
 
 # Required for man-page generation
@@ -81,18 +79,23 @@ if [[ "${PV}" == 9999 ]] ; then
 	"
 fi
 
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )"
 RESTRICT="!test? ( test )"
 
 S="${WORKDIR}/${MY_P}"
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-2.37.1-ipcutils_calloc_check.patch #806070
-	"${FILESDIR}"/${PN}-2.37.1-libmount_setgroups_fix.patch #805218
 	"${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972
-	"${FILESDIR}"/${PN}-2.37.1-lscpu_NULL_dereference_fix.patch #802606
+	"${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch
 )
 
+pkg_pretend() {
+	if use su && ! use suid ; then
+		elog "su will be installed as suid despite USE=-suid (bug #832092)"
+		elog "To use su without suid, see e.g. Portage's suidctl feature."
+	fi
+}
+
 src_prepare() {
 	default
 
@@ -101,13 +104,6 @@ src_prepare() {
 		-e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \
 		tests/ts/uuid/uuidd || die "Failed to fix uuidd test"
 
-	if ! use userland_GNU ; then
-		# test runner is using GNU-specific xargs call
-		sed -i -e 's:xargs:gxargs:' tests/run.sh || die
-		# test requires util-linux uuidgen (which we don't build)
-		rm tests/ts/uuid/oids || die
-	fi
-
 	if [[ ${PV} == 9999 ]] ; then
 		po/update-potfiles
 		eautoreconf
@@ -136,14 +132,10 @@ python_configure() {
 		--disable-bash-completion
 		--without-systemdsystemunitdir
 		--with-python
+		--enable-libblkid
+		--enable-libmount
+		--enable-pylibmount
 	)
-	if use userland_GNU ; then
-		myeconfargs+=(
-			--enable-libblkid
-			--enable-libmount
-			--enable-pylibmount
-		)
-	fi
 	mkdir "${BUILD_DIR}" || die
 	pushd "${BUILD_DIR}" >/dev/null || die
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
@@ -163,6 +155,9 @@ multilib_src_configure() {
 	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
 	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
 
+	# Avoid automagic dependency on ppc*
+	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
+
 	# configure args shared by python and non-python builds
 	local commonargs=(
 		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
@@ -189,20 +184,19 @@ multilib_src_configure() {
 		$(use_with ncurses tinfo)
 		$(use_with selinux)
 	)
-	# build programs only on GNU, on *BSD we want libraries only
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		myeconfargs+=(
 			--disable-chfn-chsh
 			--disable-login
 			--disable-newgrp
 			--disable-nologin
 			--disable-pylibmount
+			--disable-raw
 			--disable-vipw
 			--enable-agetty
 			--enable-bash-completion
 			--enable-line
 			--enable-partx
-			--enable-raw
 			--enable-rename
 			--enable-rfkill
 			--enable-schedutils
@@ -237,13 +231,8 @@ multilib_src_configure() {
 			--enable-libblkid
 			--enable-libsmartcols
 			--enable-libfdisk
+			--enable-libmount
 		)
-		if use userland_GNU ; then
-			# those libraries don't work on *BSD
-			myeconfargs+=(
-				--enable-libmount
-			)
-		fi
 	fi
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 
@@ -294,7 +283,7 @@ multilib_src_install() {
 	# This needs to be called AFTER python_install call (#689190)
 	emake DESTDIR="${D}" install
 
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		# need the libs in /
 		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
 	fi
@@ -306,15 +295,21 @@ multilib_src_install_all() {
 	# e2fsprogs-libs didnt install .la files, and .pc work fine
 	find "${ED}" -name "*.la" -delete || die
 
-	if ! use userland_GNU ; then
-		# manpage collisions
-		# TODO: figure out a good way to keep them
-		rm "${ED}"/usr/share/man/man3/uuid* || die
-	fi
-
 	if use pam ; then
+		# See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt
 		newpamd "${FILESDIR}/runuser.pamd" runuser
 		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
+
+		newpamd "${FILESDIR}/su-l.pamd" su-l
+	fi
+
+	if use su && ! use suid ; then
+		# Always force suid su, even when USE=-suid, as su is useless
+		# for the overwhelming-majority case without suid.
+		# Users who wish to truly have a no-suid su can strip it out
+		# via e.g. Portage's suidctl or some other hook.
+		# See bug #832092
+		fperms u+s /bin/su
 	fi
 
 	# Note:
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.36.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.4.ebuild
similarity index 78%
rename from sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.36.2-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.4.ebuild
index 92191cf91e..0f0d85a2f3 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.36.2-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.37.4.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{7,8,9} )
+PYTHON_COMPAT=( python3_{8,9,10} )
 
 inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 usr-ldscript \
 	pam python-r1 multilib-minimal multiprocessing systemd
@@ -25,7 +25,7 @@ HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/
 
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat hardlink kill +logger magic ncurses nls pam python +readline selinux slang static-libs su +suid systemd test tty-helpers udev unicode userland_GNU"
+IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
 
 # Most lib deps here are related to programs rather than our libs,
 # so we rarely need to specify ${MULTILIB_USEDEP}.
@@ -42,10 +42,9 @@ RDEPEND="
 	)
 	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
 	pam? ( sys-libs/pam )
-	ppc? ( sys-libs/librtas )
-	ppc64? ( sys-libs/librtas )
 	python? ( ${PYTHON_DEPS} )
 	readline? ( sys-libs/readline:0= )
+	rtas? ( sys-libs/librtas )
 	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
 	slang? ( sys-libs/slang )
 	!build? ( systemd? ( sys-apps/systemd ) )
@@ -71,13 +70,32 @@ RDEPEND+="
 		!>=sys-apps/shadow-4.7-r2[su]
 	)
 	!net-wireless/rfkill
-	!<app-shells/bash-completion-2.7-r1"
+"
 
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+# Required for man-page generation
+if [[ "${PV}" == 9999 ]] ; then
+	BDEPEND+="
+		dev-ruby/asciidoctor
+	"
+fi
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )"
 RESTRICT="!test? ( test )"
 
 S="${WORKDIR}/${MY_P}"
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972
+	"${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch
+)
+
+pkg_pretend() {
+	if use su && ! use suid ; then
+		elog "su will be installed as suid despite USE=-suid (bug #832092)"
+		elog "To use su without suid, see e.g. Portage's suidctl feature."
+	fi
+}
+
 src_prepare() {
 	default
 
@@ -86,13 +104,6 @@ src_prepare() {
 		-e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \
 		tests/ts/uuid/uuidd || die "Failed to fix uuidd test"
 
-	if ! use userland_GNU; then
-		# test runner is using GNU-specific xargs call
-		sed -i -e 's:xargs:gxargs:' tests/run.sh || die
-		# test requires util-linux uuidgen (which we don't build)
-		rm tests/ts/uuid/oids || die
-	fi
-
 	if [[ ${PV} == 9999 ]] ; then
 		po/update-potfiles
 		eautoreconf
@@ -121,14 +132,10 @@ python_configure() {
 		--disable-bash-completion
 		--without-systemdsystemunitdir
 		--with-python
+		--enable-libblkid
+		--enable-libmount
+		--enable-pylibmount
 	)
-	if use userland_GNU; then
-		myeconfargs+=(
-			--enable-libblkid
-			--enable-libmount
-			--enable-pylibmount
-		)
-	fi
 	mkdir "${BUILD_DIR}" || die
 	pushd "${BUILD_DIR}" >/dev/null || die
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
@@ -148,6 +155,9 @@ multilib_src_configure() {
 	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
 	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
 
+	# Avoid automagic dependency on ppc*
+	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
+
 	# configure args shared by python and non-python builds
 	local commonargs=(
 		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
@@ -174,18 +184,19 @@ multilib_src_configure() {
 		$(use_with ncurses tinfo)
 		$(use_with selinux)
 	)
-	# build programs only on GNU, on *BSD we want libraries only
-	if multilib_is_native_abi && use userland_GNU; then
+	if multilib_is_native_abi ; then
 		myeconfargs+=(
 			--disable-chfn-chsh
 			--disable-login
+			--disable-newgrp
 			--disable-nologin
 			--disable-pylibmount
+			--disable-raw
+			--disable-vipw
 			--enable-agetty
 			--enable-bash-completion
 			--enable-line
 			--enable-partx
-			--enable-raw
 			--enable-rename
 			--enable-rfkill
 			--enable-schedutils
@@ -203,9 +214,16 @@ multilib_src_configure() {
 			$(use_enable tty-helpers write)
 			$(use_with cryptsetup)
 		)
+		if [[ ${PV} == *9999 ]] ; then
+			myeconfargs+=( --enable-asciidoc )
+		else
+			# Upstream is shipping pre-generated man-pages for releases
+			myeconfargs+=( --disable-asciidoc )
+		fi
 	else
 		myeconfargs+=(
 			--disable-all-programs
+			--disable-asciidoc
 			--disable-bash-completion
 			--without-systemdsystemunitdir
 			# build libraries
@@ -213,17 +231,12 @@ multilib_src_configure() {
 			--enable-libblkid
 			--enable-libsmartcols
 			--enable-libfdisk
+			--enable-libmount
 		)
-		if use userland_GNU; then
-			# those libraries don't work on *BSD
-			myeconfargs+=(
-				--enable-libmount
-			)
-		fi
 	fi
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 
-	if multilib_is_native_abi && use python; then
+	if multilib_is_native_abi && use python ; then
 		python_foreach_impl python_configure
 	fi
 }
@@ -237,7 +250,7 @@ python_compile() {
 multilib_src_compile() {
 	emake all
 
-	if multilib_is_native_abi && use python; then
+	if multilib_is_native_abi && use python ; then
 		python_foreach_impl python_compile
 	fi
 }
@@ -250,7 +263,7 @@ python_test() {
 
 multilib_src_test() {
 	emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot"
-	if multilib_is_native_abi && use python; then
+	if multilib_is_native_abi && use python ; then
 		python_foreach_impl python_test
 	fi
 }
@@ -263,14 +276,14 @@ python_install() {
 }
 
 multilib_src_install() {
-	if multilib_is_native_abi && use python; then
+	if multilib_is_native_abi && use python ; then
 		python_foreach_impl python_install
 	fi
 
 	# This needs to be called AFTER python_install call (#689190)
 	emake DESTDIR="${D}" install
 
-	if multilib_is_native_abi && use userland_GNU; then
+	if multilib_is_native_abi ; then
 		# need the libs in /
 		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
 	fi
@@ -278,20 +291,25 @@ multilib_src_install() {
 
 multilib_src_install_all() {
 	dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*}
-	chmod -x "${ED}"/usr/share/doc/util-linux-${PVR}/getopt/getopt-parse* || die
 
 	# e2fsprogs-libs didnt install .la files, and .pc work fine
 	find "${ED}" -name "*.la" -delete || die
 
-	if ! use userland_GNU; then
-		# manpage collisions
-		# TODO: figure out a good way to keep them
-		rm "${ED}"/usr/share/man/man3/uuid* || die
-	fi
-
-	if use pam; then
+	if use pam ; then
+		# See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt
 		newpamd "${FILESDIR}/runuser.pamd" runuser
 		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
+
+		newpamd "${FILESDIR}/su-l.pamd" su-l
+	fi
+
+	if use su && ! use suid ; then
+		# Always force suid su, even when USE=-suid, as su is useless
+		# for the overwhelming-majority case without suid.
+		# Users who wish to truly have a no-suid su can strip it out
+		# via e.g. Portage's suidctl or some other hook.
+		# See bug #832092
+		fperms u+s /bin/su
 	fi
 
 	# Note:
@@ -304,11 +322,11 @@ multilib_src_install_all() {
 }
 
 pkg_postinst() {
-	if ! use tty-helpers; then
+	if ! use tty-helpers ; then
 		elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers."
 	fi
 
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
+	if [[ -z ${REPLACING_VERSIONS} ]] ; then
 		elog "The agetty util now clears the terminal by default. You"
 		elog "might want to add --noclear to your /etc/inittab lines."
 	fi
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
index e79f37069b..658e0639ff 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{8,9} )
+PYTHON_COMPAT=( python3_{8,9,10} )
 
 inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 usr-ldscript \
 	pam python-r1 multilib-minimal multiprocessing systemd
@@ -25,7 +25,7 @@ HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/
 
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline selinux slang static-libs su +suid systemd test tty-helpers udev unicode userland_GNU"
+IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
 
 # Most lib deps here are related to programs rather than our libs,
 # so we rarely need to specify ${MULTILIB_USEDEP}.
@@ -42,10 +42,9 @@ RDEPEND="
 	)
 	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
 	pam? ( sys-libs/pam )
-	ppc? ( sys-libs/librtas )
-	ppc64? ( sys-libs/librtas )
 	python? ( ${PYTHON_DEPS} )
 	readline? ( sys-libs/readline:0= )
+	rtas? ( sys-libs/librtas )
 	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
 	slang? ( sys-libs/slang )
 	!build? ( systemd? ( sys-apps/systemd ) )
@@ -71,7 +70,6 @@ RDEPEND+="
 		!>=sys-apps/shadow-4.7-r2[su]
 	)
 	!net-wireless/rfkill
-	!<app-shells/bash-completion-2.7-r1
 "
 
 # Required for man-page generation
@@ -81,11 +79,18 @@ if [[ "${PV}" == 9999 ]] ; then
 	"
 fi
 
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )"
 RESTRICT="!test? ( test )"
 
 S="${WORKDIR}/${MY_P}"
 
+pkg_pretend() {
+	if use su && ! use suid ; then
+		elog "su will be installed as suid despite USE=-suid (bug #832092)"
+		elog "To use su without suid, see e.g. Portage's suidctl feature."
+	fi
+}
+
 src_prepare() {
 	default
 
@@ -94,13 +99,6 @@ src_prepare() {
 		-e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \
 		tests/ts/uuid/uuidd || die "Failed to fix uuidd test"
 
-	if ! use userland_GNU ; then
-		# test runner is using GNU-specific xargs call
-		sed -i -e 's:xargs:gxargs:' tests/run.sh || die
-		# test requires util-linux uuidgen (which we don't build)
-		rm tests/ts/uuid/oids || die
-	fi
-
 	if [[ ${PV} == 9999 ]] ; then
 		po/update-potfiles
 		eautoreconf
@@ -129,14 +127,10 @@ python_configure() {
 		--disable-bash-completion
 		--without-systemdsystemunitdir
 		--with-python
+		--enable-libblkid
+		--enable-libmount
+		--enable-pylibmount
 	)
-	if use userland_GNU ; then
-		myeconfargs+=(
-			--enable-libblkid
-			--enable-libmount
-			--enable-pylibmount
-		)
-	fi
 	mkdir "${BUILD_DIR}" || die
 	pushd "${BUILD_DIR}" >/dev/null || die
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
@@ -156,6 +150,9 @@ multilib_src_configure() {
 	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
 	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
 
+	# Avoid automagic dependency on ppc*
+	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
+
 	# configure args shared by python and non-python builds
 	local commonargs=(
 		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
@@ -182,8 +179,7 @@ multilib_src_configure() {
 		$(use_with ncurses tinfo)
 		$(use_with selinux)
 	)
-	# build programs only on GNU, on *BSD we want libraries only
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		myeconfargs+=(
 			--disable-chfn-chsh
 			--disable-login
@@ -230,13 +226,8 @@ multilib_src_configure() {
 			--enable-libblkid
 			--enable-libsmartcols
 			--enable-libfdisk
+			--enable-libmount
 		)
-		if use userland_GNU ; then
-			# those libraries don't work on *BSD
-			myeconfargs+=(
-				--enable-libmount
-			)
-		fi
 	fi
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 
@@ -287,7 +278,7 @@ multilib_src_install() {
 	# This needs to be called AFTER python_install call (#689190)
 	emake DESTDIR="${D}" install
 
-	if multilib_is_native_abi && use userland_GNU ; then
+	if multilib_is_native_abi ; then
 		# need the libs in /
 		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
 	fi
@@ -299,15 +290,21 @@ multilib_src_install_all() {
 	# e2fsprogs-libs didnt install .la files, and .pc work fine
 	find "${ED}" -name "*.la" -delete || die
 
-	if ! use userland_GNU ; then
-		# manpage collisions
-		# TODO: figure out a good way to keep them
-		rm "${ED}"/usr/share/man/man3/uuid* || die
-	fi
-
 	if use pam ; then
+		# See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt
 		newpamd "${FILESDIR}/runuser.pamd" runuser
 		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
+
+		newpamd "${FILESDIR}/su-l.pamd" su-l
+	fi
+
+	if use su && ! use suid ; then
+		# Always force suid su, even when USE=-suid, as su is useless
+		# for the overwhelming-majority case without suid.
+		# Users who wish to truly have a no-suid su can strip it out
+		# via e.g. Portage's suidctl or some other hook.
+		# See bug #832092
+		fperms u+s /bin/su
 	fi
 
 	# Note:

From 8851c0baa2e8ce5e2adcfcfa054e49a6414fd847 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 21 Mar 2022 11:41:26 +0100
Subject: [PATCH 2/2] changelog: add changelog for util-linux 2.37.4

---
 .../changelog/security/2022-03-18-util-linux-2.37.4.md           | 1 +
 .../changelog/updates/2022-03-18-util-linux-2.37.4.md            | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/security/2022-03-18-util-linux-2.37.4.md
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/updates/2022-03-18-util-linux-2.37.4.md

diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-03-18-util-linux-2.37.4.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-03-18-util-linux-2.37.4.md
new file mode 100644
index 0000000000..53e80af8dc
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-03-18-util-linux-2.37.4.md
@@ -0,0 +1 @@
+- util-linux ([CVE-2021-3995](https://nvd.nist.gov/vuln/detail/CVE-2021-3995), [CVE-2021-3996](https://nvd.nist.gov/vuln/detail/CVE-2021-3996), [CVE-2022-0563](https://nvd.nist.gov/vuln/detail/CVE-2022-0563))
diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-03-18-util-linux-2.37.4.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-03-18-util-linux-2.37.4.md
new file mode 100644
index 0000000000..421f160a8f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-03-18-util-linux-2.37.4.md
@@ -0,0 +1 @@
+- util-linux ([2.37.4](https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.4-ChangeLog))