diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
index a00b2a5070..3e28df35ce 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/Manifest
@@ -1,6 +1,2 @@
-DIST util-linux-2.38.1.tar.sign 833 BLAKE2B 2468c6b8c881d7a17666aac954edfd421085111937f5d0daada37a679e9bbfe61fc98bb57cca9bf7bea20be483f38e2a758039f9baf5b1a901852e2b5dd014d8 SHA512 d8b3e936065ae1dc105b8ce773c874bb037ebf84ee571676509543f79c39950180e7f252c6b0d4500119568ed4ac3aa7117793de839f983e9287f26649e91dad
-DIST util-linux-2.38.1.tar.xz 7495904 BLAKE2B a0e86ca62f82adaccc01ad6ec5a058dac429b81c310989cbad136f96c2770c60bbd4287067817520e8e0653146a10f13128e0af32122402bab416e1c2d6680b8 SHA512 07f11147f67dfc6c8bc766dfc83266054e6ede776feada0566b447d13276b6882ee85c6fe53e8d94a17c03332106fc0549deca3cf5f2e92dda554e9bc0551957
-DIST util-linux-2.39.2.tar.sign 833 BLAKE2B 7d804e1e1f162c176cd7f826f505590ed5fcefc76ecbaa27b1b96fac6160cf46b696fe1c6a761094a91c05878b2169a1227039a7f82ee3d135e283e7907179a2 SHA512 e6acc5a20251aa7c69f3853271959f80428f1825dda1d1a046663e345af8fb17e5d65ebd78aef3dba21e843de58e4dd1a1639415fa9a22b91080cc6436e9a45a
-DIST util-linux-2.39.2.tar.xz 8362220 BLAKE2B 963c257b86f8a025a3452f102656f479382b9e03dd8ce39b9561302b484c595005aa0bbce9b91422d9be038037143772483363c2a1eec569355316fc8d5d5765 SHA512 cebecdd62749d0aeea2c4faf7ad1606426eff03ef3b15cd9c2df1126f216a4ed546d8fc3218c649fa95944eb87a98bb6a7cdd0bea31057c481c5cf608ffc19a3
 DIST util-linux-2.39.3.tar.sign 833 BLAKE2B 433b9ad6e97d9e2ffbd516addf8406587d009d9c7661ac126ae89b370f22a39f1f1243e86ef383133d656833d3ad35054397d60e0e0c67bd1e9402939903570b SHA512 d9993d7a77531ca8fe3e58458d65e7d721c38aa53838547479fea169941a69b1c07fb02ac90ed5a0360025814b0999167621dbc4215348810584947a9e67756d
 DIST util-linux-2.39.3.tar.xz 8526168 BLAKE2B cd7b2b3c820e920d4a6ecd46fd807e018fc8e54439292f5e62c5f6863dd0f2505df3ec02c470d9be255a437c6ee8e4077908ac78d19a0d1273854d99eb571df0 SHA512 a2de1672f06ca5d2d431db1265a8499808770c3781019ec4a3a40170df4685826d8e3ca120841dcc5df4681ca8c935a993317bd0dc70465b21bf8e0efef65afa
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-check-for-sys-pidfd.h.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-check-for-sys-pidfd.h.patch
deleted file mode 100644
index 0a1975fff6..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-check-for-sys-pidfd.h.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-https://github.com/util-linux/util-linux/pull/1769
-https://bugs.gentoo.org/893966
-
-From 84732a8849a08d42a9a95dcbee9005116be78eb8 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 7 Aug 2022 14:39:19 -0700
-Subject: [PATCH] check for sys/pidfd.h
-
-This header in newer glibc defines the signatures of functions
-pidfd_send_signal() and pidfd_open() and when these functions are
-defined by libc then we need to include the relevant header to get
-the definitions. Clang 15+ has started to error out when function
-signatures are missing.
-
-Fixes errors like
-misc-utils/kill.c:402:6: error: call to undeclared function 'pidfd_send_signal'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
-        if (pidfd_send_signal(pfd, ctl->numsig, &info, 0) < 0)
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.ac          | 1 +
- include/pidfd-utils.h | 4 +++-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 51deeecd4e..daa8f0dca4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -342,6 +342,7 @@ AC_CHECK_HEADERS([ \
- 	sys/mkdev.h \
- 	sys/mount.h \
- 	sys/param.h \
-+	sys/pidfd.h \
- 	sys/prctl.h \
- 	sys/resource.h \
- 	sys/sendfile.h \
-diff --git a/include/pidfd-utils.h b/include/pidfd-utils.h
-index eddede9767..d9e33cbc57 100644
---- a/include/pidfd-utils.h
-+++ b/include/pidfd-utils.h
-@@ -4,8 +4,10 @@
- #ifdef HAVE_SYS_SYSCALL_H
- # include <sys/syscall.h>
- # if defined(SYS_pidfd_send_signal) && defined(SYS_pidfd_open)
-+#  ifdef HAVE_SYS_PIDFD_H
-+#   include <sys/pidfd.h>
-+#  endif
- #  include <sys/types.h>
--
- #  ifndef HAVE_PIDFD_SEND_SIGNAL
- static inline int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
- 				    unsigned int flags)
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-more-posix-exit-on-eof.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-more-posix-exit-on-eof.patch
deleted file mode 100644
index 07d158761c..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.38.1-more-posix-exit-on-eof.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://forums.gentoo.org/viewtopic-t-1160959.html
-https://github.com/util-linux/util-linux/issues/1703
-https://github.com/util-linux/util-linux/commit/28b391ce7e58f8327c092b3911c05f526d0ad586
-
-From 28b391ce7e58f8327c092b3911c05f526d0ad586 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Wed, 15 Jun 2022 10:03:44 +0200
-Subject: [PATCH] more: restore exit-on-eof if POSIXLY_CORRECT is not set
-
-In version 2.38, exit-on-eof has been disabled by default. This change
-is annoying for users and forces many users to use 'alias more="more
--e"'. It seems better to force POSIX lovers to use POSIXLY_CORRECT
-env. variable and stay backwardly compatible by default.
-
-Addresses: https://github.com/util-linux/util-linux/issues/1703
-Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2088493
-Signed-off-by: Karel Zak <kzak@redhat.com>
---- a/text-utils/more.c
-+++ b/text-utils/more.c
-@@ -2052,8 +2052,11 @@ int main(int argc, char **argv)
- 	if (!(strcmp(program_invocation_short_name, "page")))
- 		ctl.no_scroll++;
- 
-+	ctl.exit_on_eof = getenv("POSIXLY_CORRECT") ? 0 : 1;
-+
- 	if ((s = getenv("MORE")) != NULL)
- 		env_argscan(&ctl, s);
-+
- 	argscan(&ctl, argc, argv);
- 
- 	/* clear any inherited settings */
-
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-CVE-2024-28085.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-CVE-2024-28085.patch
new file mode 100644
index 0000000000..99092c05aa
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-CVE-2024-28085.patch
@@ -0,0 +1,25 @@
+https://bugs.gentoo.org/927980
+https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
+https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
+
+From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
+
+Let's use for all cases the same output function.
+
+Reported-by: Skyler Ferrante <sjf5462@rit.edu>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
++			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+ 			if (i < mvecsz - 1)
+ 				fputc(' ', fs);
+ 		}
+
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch
new file mode 100644
index 0000000000..6ebbd0a430
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch
@@ -0,0 +1,52 @@
+https://bugs.gentoo.org/928396
+https://github.com/util-linux/util-linux/commit/4b2e6f5071a4c5beebbd9668d24dc05defc096d7
+
+From 4b2e6f5071a4c5beebbd9668d24dc05defc096d7 Mon Sep 17 00:00:00 2001
+From: Tanish Yadav <devtany@gmail.com>
+Date: Tue, 5 Mar 2024 00:51:41 +0530
+Subject: [PATCH] su: fix use after free in run_shell
+
+Do not free tmp for non login branch as basename may return a pointer to
+some part of it.
+
+[kzak@redhat.com: - improve coding style of the function]
+
+Signed-off-by: Tanish Yadav <devtany@gmail.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/su-common.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/login-utils/su-common.c b/login-utils/su-common.c
+index 242b6ce4ea..9bc0231961 100644
+--- a/login-utils/su-common.c
++++ b/login-utils/su-common.c
+@@ -835,13 +835,14 @@ static void run_shell(
+ 	size_t n_args = 1 + su->fast_startup + 2 * ! !command + n_additional_args + 1;
+ 	const char **args = xcalloc(n_args, sizeof *args);
+ 	size_t argno = 1;
++	char *tmp;
+ 
+ 	DBG(MISC, ul_debug("starting shell [shell=%s, command=\"%s\"%s%s]",
+ 				shell, command,
+ 				su->simulate_login ? " login" : "",
+ 				su->fast_startup ? " fast-start" : ""));
++	tmp = xstrdup(shell);
+ 
+-  char* tmp = xstrdup(shell);
+ 	if (su->simulate_login) {
+ 		char *arg0;
+ 		char *shell_basename;
+@@ -851,10 +852,8 @@ static void run_shell(
+ 		arg0[0] = '-';
+ 		strcpy(arg0 + 1, shell_basename);
+ 		args[0] = arg0;
+-	} else {
+-    args[0] = basename(tmp);
+-  }
+-  free(tmp);
++	} else
++		args[0] = basename(tmp);
+ 
+ 	if (su->fast_startup)
+ 		args[argno++] = "-f";
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.38.1-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.38.1-r3.ebuild
deleted file mode 100644
index 68439d236b..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.38.1-r3.ebuild
+++ /dev/null
@@ -1,395 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-
-inherit toolchain-funcs autotools flag-o-matic bash-completion-r1 usr-ldscript \
-	pam python-r1 multilib-minimal multiprocessing systemd
-
-MY_PV="${PV/_/-}"
-MY_P="${PN}-${MY_PV}"
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
-	inherit autotools git-r3
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/karelzak.asc
-	inherit verify-sig
-
-	if [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos"
-	fi
-
-	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
-	SRC_URI+=" verify-sig? ( https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.sign )"
-fi
-
-S="${WORKDIR}/${MY_P}"
-
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
-LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
-SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
-
-# Most lib deps here are related to programs rather than our libs,
-# so we rarely need to specify ${MULTILIB_USEDEP}.
-RDEPEND="
-	virtual/libcrypt:=
-	audit? ( >=sys-process/audit-2.6:= )
-	caps? ( sys-libs/libcap-ng )
-	cramfs? ( sys-libs/zlib:= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.1.0 )
-	hardlink? ( dev-libs/libpcre2:= )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)?]
-		magic? ( sys-apps/file:0= )
-	)
-	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
-	pam? ( sys-libs/pam )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	rtas? ( sys-libs/librtas )
-	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
-	slang? ( sys-libs/slang )
-	!build? (
-		systemd? ( sys-apps/systemd )
-		udev? ( virtual/libudev:= )
-	)"
-BDEPEND="
-	virtual/pkgconfig
-	nls? ( sys-devel/gettext )
-	test? ( app-alternatives/bc )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	acct-group/root
-"
-RDEPEND+="
-	hardlink? ( !app-arch/hardlink )
-	logger? ( !>=app-admin/sysklogd-2.0[logger] )
-	kill? (
-		!sys-apps/coreutils[kill]
-		!sys-process/procps[kill]
-	)
-	su? (
-		!<sys-apps/shadow-4.7-r2
-		!>=sys-apps/shadow-4.7-r2[su]
-	)
-	!net-wireless/rfkill
-"
-
-if [[ ${PV} == 9999 ]] ; then
-	# Required for man-page generation
-	BDEPEND+=" dev-ruby/asciidoctor"
-else
-	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-karelzak )"
-fi
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )"
-RESTRICT="!test? ( test )"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-more-posix-exit-on-eof.patch
-	"${FILESDIR}"/util-linux-2.38.1-check-for-sys-pidfd.h.patch
-)
-
-pkg_pretend() {
-	if use su && ! use suid ; then
-		elog "su will be installed as suid despite USE=-suid (bug #832092)"
-		elog "To use su without suid, see e.g. Portage's suidctl feature."
-	fi
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]] ; then
-		git-r3_src_unpack
-		return
-	fi
-
-	if use verify-sig ; then
-		mkdir "${T}"/verify-sig || die
-		pushd "${T}"/verify-sig &>/dev/null || die
-
-		# Upstream sign the decompressed .tar
-		# Let's do it separately in ${T} then cleanup to avoid external
-		# effects on normal unpack.
-		cp "${DISTDIR}"/${MY_P}.tar.xz . || die
-		xz -d ${MY_P}.tar.xz || die
-		verify-sig_verify_detached ${MY_P}.tar "${DISTDIR}"/${MY_P}.tar.sign
-
-		popd &>/dev/null || die
-		rm -r "${T}"/verify-sig || die
-	fi
-
-	default
-}
-
-src_prepare() {
-	default
-
-	if use test ; then
-		# Prevent uuidd test failure due to socket path limit, bug #593304
-		sed -i \
-			-e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \
-			tests/ts/uuid/uuidd || die "Failed to fix uuidd test"
-
-		# Known-failing tests
-		# TODO: investigate these
-		local known_failing_tests=(
-			# Subtest 'options-maximum-size-8192' fails
-			hardlink/options
-
-			lsfd/mkfds-symlink
-			lsfd/mkfds-rw-character-device
-		)
-
-		local known_failing_test
-		for known_failing_test in "${known_failing_tests[@]}" ; do
-			einfo "Removing known-failing test: ${known_failing_test}"
-			rm tests/ts/${known_failing_test} || die
-		done
-
-	fi
-
-	eautoreconf
-}
-
-python_configure() {
-	local myeconfargs=(
-		"${commonargs[@]}"
-		--disable-all-programs
-		--disable-bash-completion
-		--without-systemdsystemunitdir
-		--with-python
-		--enable-libblkid
-		--enable-libmount
-		--enable-pylibmount
-	)
-
-	mkdir "${BUILD_DIR}" || die
-	pushd "${BUILD_DIR}" >/dev/null || die
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-	popd >/dev/null || die
-}
-
-multilib_src_configure() {
-	# The scanf test in a run-time test which fails while cross-compiling.
-	# Blindly assume a POSIX setup since we require libmount, and libmount
-	# itself fails when the scanf test fails. bug #531856
-	tc-is-cross-compiler && export scanf_cv_alloc_modifier=ms
-
-	# bug #485486
-	export ac_cv_header_security_pam_misc_h=$(multilib_native_usex pam)
-	# bug #545042
-	export ac_cv_header_security_pam_appl_h=$(multilib_native_usex pam)
-
-	# Undo bad ncurses handling by upstream. Fall back to pkg-config.
-	# bug #601530
-	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
-	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
-
-	# Avoid automagic dependency on ppc*
-	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
-
-	# configure args shared by python and non-python builds
-	local commonargs=(
-		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
-	)
-
-	local myeconfargs=(
-		"${commonargs[@]}"
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		--without-python
-		$(multilib_native_use_enable suid makeinstall-chown)
-		$(multilib_native_use_enable suid makeinstall-setuid)
-		$(multilib_native_use_with readline)
-		$(multilib_native_use_with slang)
-		$(multilib_native_usex ncurses "$(use_with magic libmagic)" '--without-libmagic')
-		$(multilib_native_usex ncurses "$(use_with unicode ncursesw)" '--without-ncursesw')
-		$(multilib_native_usex ncurses "$(use_with !unicode ncurses)" '--without-ncurses')
-		$(multilib_native_use_with audit)
-		$(tc-has-tls || echo --disable-tls)
-		$(use_enable nls)
-		$(use_enable unicode widechar)
-		$(use_enable static-libs static)
-		$(use_with ncurses tinfo)
-		$(use_with selinux)
-	)
-
-	if use build ; then
-		myeconfargs+=(
-			--without-systemd
-			--without-udev
-		)
-	else
-		myeconfargs+=(
-			$(multilib_native_use_with systemd)
-			$(multilib_native_use_with udev)
-		)
-	fi
-
-	if multilib_is_native_abi ; then
-		myeconfargs+=(
-			--disable-chfn-chsh
-			--disable-login
-			--disable-newgrp
-			--disable-nologin
-			--disable-pylibmount
-			--disable-raw
-			--disable-vipw
-			--enable-agetty
-			--enable-bash-completion
-			--enable-line
-			--enable-partx
-			--enable-rename
-			--enable-rfkill
-			--enable-schedutils
-			--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-			$(use_enable caps setpriv)
-			$(use_enable cramfs)
-			$(use_enable fdformat)
-			$(use_enable hardlink)
-			$(use_enable kill)
-			$(use_enable logger)
-			$(use_enable ncurses pg)
-			$(use_enable su)
-			$(use_enable tty-helpers mesg)
-			$(use_enable tty-helpers wall)
-			$(use_enable tty-helpers write)
-			$(use_with cryptsetup)
-		)
-		if [[ ${PV} == *9999 ]] ; then
-			myeconfargs+=( --enable-asciidoc )
-		else
-			# Upstream is shipping pre-generated man-pages for releases
-			myeconfargs+=( --disable-asciidoc )
-		fi
-	else
-		myeconfargs+=(
-			--disable-all-programs
-			--disable-asciidoc
-			--disable-bash-completion
-			--without-systemdsystemunitdir
-
-			# build libraries
-			--enable-libuuid
-			--enable-libblkid
-			--enable-libsmartcols
-			--enable-libfdisk
-			--enable-libmount
-		)
-	fi
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_configure
-	fi
-}
-
-src_configure() {
-	append-lfs-flags
-	multilib-minimal_src_configure
-}
-
-python_compile() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake all
-	popd >/dev/null || die
-}
-
-multilib_src_compile() {
-	emake all
-
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_compile
-	fi
-}
-
-python_test() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot"
-	popd >/dev/null || die
-}
-
-multilib_src_test() {
-	emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot"
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_test
-	fi
-}
-
-python_install() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake DESTDIR="${D}" install
-	python_optimize
-	popd >/dev/null || die
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_install
-	fi
-
-	# This needs to be called AFTER python_install call, bug #689190
-	emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi ; then
-		# Need the libs in /
-		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
-	fi
-}
-
-multilib_src_install_all() {
-	dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*}
-
-	# e2fsprogs-libs didn't install .la files, and .pc work fine
-	find "${ED}" -name "*.la" -delete || die
-
-	if use pam ; then
-		# See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt
-		newpamd "${FILESDIR}/runuser.pamd" runuser
-		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
-
-		newpamd "${FILESDIR}/su-l.pamd" su-l
-	fi
-
-	if use su && ! use suid ; then
-		# Always force suid su, even when USE=-suid, as su is useless
-		# for the overwhelming-majority case without suid.
-		# Users who wish to truly have a no-suid su can strip it out
-		# via e.g. Portage's suidctl or some other hook.
-		# See bug #832092
-		fperms u+s /bin/su
-	fi
-
-	# Note:
-	# Bash completion for "runuser" command is provided by same file which
-	# would also provide bash completion for "su" command. However, we don't
-	# use "su" command from this package.
-	# This triggers a known QA warning which we ignore for now to magically
-	# keep bash completion for "su" command which shadow package does not
-	# provide.
-
-	local ver=$(tools/git-version-gen .tarballversion)
-	local major=$(ver_cut 1 ${ver})
-	local minor=$(ver_cut 2 ${ver})
-	local release=$(ver_cut 3 ${ver})
-	export QA_PKGCONFIG_VERSION="${major}.${minor}.${release:-0}"
-}
-
-pkg_postinst() {
-	if ! use tty-helpers ; then
-		elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers."
-	fi
-
-	if [[ -z ${REPLACING_VERSIONS} ]] ; then
-		elog "The agetty util now clears the terminal by default. You"
-		elog "might want to add --noclear to your /etc/inittab lines."
-	fi
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.2-r1.ebuild
deleted file mode 100644
index facafaf1a6..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.2-r1.ebuild
+++ /dev/null
@@ -1,413 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{10..11} )
-
-inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 usr-ldscript \
-	pam python-r1 multilib-minimal multiprocessing systemd
-
-MY_PV="${PV/_/-}"
-MY_P="${PN}-${MY_PV}"
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
-	inherit autotools git-r3
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/karelzak.asc
-	inherit verify-sig
-
-	if [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos"
-	fi
-
-	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
-	SRC_URI+=" verify-sig? ( https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.sign )"
-fi
-
-S="${WORKDIR}/${MY_P}"
-
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
-LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
-SLOT="0"
-IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
-
-# Most lib deps here are related to programs rather than our libs,
-# so we rarely need to specify ${MULTILIB_USEDEP}.
-RDEPEND="
-	virtual/libcrypt:=
-	audit? ( >=sys-process/audit-2.6:= )
-	caps? ( sys-libs/libcap-ng )
-	cramfs? ( sys-libs/zlib:= )
-	cryptsetup? ( >=sys-fs/cryptsetup-2.1.0 )
-	hardlink? ( dev-libs/libpcre2:= )
-	ncurses? (
-		sys-libs/ncurses:=[unicode(+)?]
-		magic? ( sys-apps/file:0= )
-	)
-	nls? ( virtual/libintl[${MULTILIB_USEDEP}] )
-	pam? ( sys-libs/pam )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	rtas? ( sys-libs/librtas )
-	selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] )
-	slang? ( sys-libs/slang )
-	!build? (
-		systemd? ( sys-apps/systemd )
-		udev? ( virtual/libudev:= )
-	)
-"
-BDEPEND="
-	virtual/pkgconfig
-	nls? (
-		app-text/po4a
-		sys-devel/gettext
-	)
-	test? ( app-alternatives/bc )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	acct-group/root
-"
-RDEPEND+="
-	hardlink? ( !app-arch/hardlink )
-	logger? ( !>=app-admin/sysklogd-2.0[logger] )
-	kill? (
-		!sys-apps/coreutils[kill]
-		!sys-process/procps[kill]
-	)
-	su? (
-		!<sys-apps/shadow-4.7-r2
-		!>=sys-apps/shadow-4.7-r2[su]
-	)
-	!net-wireless/rfkill
-"
-
-if [[ ${PV} == 9999 ]] ; then
-	# Required for man-page generation
-	BDEPEND+=" dev-ruby/asciidoctor"
-else
-	BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-karelzak-20230517 )"
-fi
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )"
-RESTRICT="!test? ( test )"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.39.2-fincore-test.patch
-	"${FILESDIR}"/${PN}-2.39.2-backport-pr2251.patch
-	"${FILESDIR}"/${PN}-2.39.2-backport-1d4456d.patch
-)
-
-pkg_pretend() {
-	if use su && ! use suid ; then
-		elog "su will be installed as suid despite USE=-suid (bug #832092)"
-		elog "To use su without suid, see e.g. Portage's suidctl feature."
-	fi
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]] ; then
-		git-r3_src_unpack
-		return
-	fi
-
-	if use verify-sig ; then
-		mkdir "${T}"/verify-sig || die
-		pushd "${T}"/verify-sig &>/dev/null || die
-
-		# Upstream sign the decompressed .tar
-		# Let's do it separately in ${T} then cleanup to avoid external
-		# effects on normal unpack.
-		cp "${DISTDIR}"/${MY_P}.tar.xz . || die
-		xz -d ${MY_P}.tar.xz || die
-		verify-sig_verify_detached ${MY_P}.tar "${DISTDIR}"/${MY_P}.tar.sign
-
-		popd &>/dev/null || die
-		rm -r "${T}"/verify-sig || die
-	fi
-
-	default
-}
-
-src_prepare() {
-	default
-
-	if use test ; then
-		# Known-failing tests
-		# TODO: investigate these
-		local known_failing_tests=(
-			# Subtest 'options-maximum-size-8192' fails
-			hardlink/options
-
-			# Fails in sandbox
-			lsns/ioctl_ns
-
-			lsfd/mkfds-symlink
-			lsfd/mkfds-rw-character-device
-			# Fails with network-sandbox at least in nspawn
-			lsfd/option-inet
-			utmp/last-ipv6
-		)
-
-		local known_failing_test
-		for known_failing_test in "${known_failing_tests[@]}" ; do
-			einfo "Removing known-failing test: ${known_failing_test}"
-			rm tests/ts/${known_failing_test} || die
-		done
-	fi
-
-	if [[ ${PV} == 9999 ]] ; then
-		po/update-potfiles
-		eautoreconf
-	else
-		elibtoolize
-	fi
-}
-
-python_configure() {
-	local myeconfargs=(
-		"${commonargs[@]}"
-		--disable-all-programs
-		--disable-bash-completion
-		--without-systemdsystemunitdir
-		--with-python
-		--enable-libblkid
-		--enable-libmount
-		--enable-pylibmount
-	)
-
-	mkdir "${BUILD_DIR}" || die
-	pushd "${BUILD_DIR}" >/dev/null || die
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-	popd >/dev/null || die
-}
-
-multilib_src_configure() {
-	# The scanf test in a run-time test which fails while cross-compiling.
-	# Blindly assume a POSIX setup since we require libmount, and libmount
-	# itself fails when the scanf test fails. bug #531856
-	tc-is-cross-compiler && export scanf_cv_alloc_modifier=ms
-
-	# bug #485486
-	export ac_cv_header_security_pam_misc_h=$(multilib_native_usex pam)
-	# bug #545042
-	export ac_cv_header_security_pam_appl_h=$(multilib_native_usex pam)
-
-	# Undo bad ncurses handling by upstream. Fall back to pkg-config.
-	# bug #601530
-	export NCURSES6_CONFIG=false NCURSES5_CONFIG=false
-	export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false
-
-	# Avoid automagic dependency on ppc*
-	export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas)
-
-	# configure args shared by python and non-python builds
-	local commonargs=(
-		--localstatedir="${EPREFIX}/var"
-		--runstatedir="${EPREFIX}/run"
-		--enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin"
-
-		# Temporary workaround until ~2.39.2. 2.39.x introduced a big rewrite.
-		# https://github.com/util-linux/util-linux/issues/2287#issuecomment-1576640373
-		--disable-libmount-mountfd-support
-	)
-
-	local myeconfargs=(
-		"${commonargs[@]}"
-		--with-bashcompletiondir="$(get_bashcompdir)"
-		--without-python
-		$(multilib_native_use_enable suid makeinstall-chown)
-		$(multilib_native_use_enable suid makeinstall-setuid)
-		$(multilib_native_use_with readline)
-		$(multilib_native_use_with slang)
-		$(multilib_native_usex ncurses "$(use_with magic libmagic)" '--without-libmagic')
-		$(multilib_native_usex ncurses "$(use_with unicode ncursesw)" '--without-ncursesw')
-		$(multilib_native_usex ncurses "$(use_with !unicode ncurses)" '--without-ncurses')
-		$(multilib_native_use_with audit)
-		$(tc-has-tls || echo --disable-tls)
-		$(use_enable nls)
-		$(use_enable nls poman)
-		$(use_enable unicode widechar)
-		$(use_enable static-libs static)
-		$(use_with ncurses tinfo)
-		$(use_with selinux)
-	)
-
-	if use build ; then
-		myeconfargs+=(
-			--without-systemd
-			--without-udev
-		)
-	else
-		myeconfargs+=(
-			$(multilib_native_use_with systemd)
-			$(multilib_native_use_with udev)
-		)
-	fi
-
-	if multilib_is_native_abi ; then
-		myeconfargs+=(
-			--disable-chfn-chsh
-			--disable-login
-			--disable-newgrp
-			--disable-nologin
-			--disable-pylibmount
-			--disable-raw
-			--disable-vipw
-			--enable-agetty
-			--enable-bash-completion
-			--enable-line
-			--enable-partx
-			--enable-rename
-			--enable-rfkill
-			--enable-schedutils
-			--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-			$(use_enable caps setpriv)
-			$(use_enable cramfs)
-			$(use_enable fdformat)
-			$(use_enable hardlink)
-			$(use_enable kill)
-			$(use_enable logger)
-			$(use_enable ncurses pg)
-			$(use_enable su)
-			$(use_enable tty-helpers mesg)
-			$(use_enable tty-helpers wall)
-			$(use_enable tty-helpers write)
-			$(use_with cryptsetup)
-		)
-		if [[ ${PV} == *9999 ]] ; then
-			myeconfargs+=( --enable-asciidoc )
-		else
-			# Upstream is shipping pre-generated man-pages for releases
-			myeconfargs+=( --disable-asciidoc )
-		fi
-	else
-		myeconfargs+=(
-			--disable-all-programs
-			--disable-asciidoc
-			--disable-bash-completion
-			--without-systemdsystemunitdir
-			--disable-poman
-
-			# build libraries
-			--enable-libuuid
-			--enable-libblkid
-			--enable-libsmartcols
-			--enable-libfdisk
-			--enable-libmount
-		)
-	fi
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_configure
-	fi
-}
-
-src_configure() {
-	append-lfs-flags
-	multilib-minimal_src_configure
-}
-
-python_compile() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake all
-	popd >/dev/null || die
-}
-
-multilib_src_compile() {
-	emake all
-
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_compile
-	fi
-}
-
-python_test() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot"
-	popd >/dev/null || die
-}
-
-multilib_src_test() {
-	emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot"
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_test
-	fi
-}
-
-python_install() {
-	pushd "${BUILD_DIR}" >/dev/null || die
-	emake DESTDIR="${D}" install
-	python_optimize
-	popd >/dev/null || die
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi && use python ; then
-		python_foreach_impl python_install
-	fi
-
-	# This needs to be called AFTER python_install call, bug #689190
-	emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi ; then
-		# Need the libs in /
-		gen_usr_ldscript -a blkid fdisk mount smartcols uuid
-	fi
-}
-
-multilib_src_install_all() {
-	dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*}
-
-	# e2fsprogs-libs didn't install .la files, and .pc work fine
-	find "${ED}" -name "*.la" -delete || die
-
-	if use pam ; then
-		# See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt
-		newpamd "${FILESDIR}/runuser.pamd" runuser
-		newpamd "${FILESDIR}/runuser-l.pamd" runuser-l
-
-		newpamd "${FILESDIR}/su-l.pamd" su-l
-	fi
-
-	if use su && ! use suid ; then
-		# Always force suid su, even when USE=-suid, as su is useless
-		# for the overwhelming-majority case without suid.
-		# Users who wish to truly have a no-suid su can strip it out
-		# via e.g. Portage's suidctl or some other hook.
-		# See bug #832092
-		fperms u+s /bin/su
-	fi
-
-	# Note:
-	# Bash completion for "runuser" command is provided by same file which
-	# would also provide bash completion for "su" command. However, we don't
-	# use "su" command from this package.
-	# This triggers a known QA warning which we ignore for now to magically
-	# keep bash completion for "su" command which shadow package does not
-	# provide.
-
-	local ver=$(tools/git-version-gen .tarballversion)
-	local major=$(ver_cut 1 ${ver})
-	local minor=$(ver_cut 2 ${ver})
-	local release=$(ver_cut 3 ${ver})
-	export QA_PKGCONFIG_VERSION="${major}.${minor}.${release:-0}"
-}
-
-pkg_postinst() {
-	if ! use tty-helpers ; then
-		elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers."
-	fi
-
-	if [[ -z ${REPLACING_VERSIONS} ]] ; then
-		elog "The agetty util now clears the terminal by default. You"
-		elog "might want to add --noclear to your /etc/inittab lines."
-	fi
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r5.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r5.ebuild
index 110e710683..30a4c80b43 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r5.ebuild
@@ -11,6 +11,9 @@ inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \
 MY_PV="${PV/_/-}"
 MY_P="${PN}-${MY_PV}"
 
+DESCRIPTION="Various useful Linux utilities"
+HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
+
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
 	inherit autotools git-r3
@@ -19,7 +22,7 @@ else
 	inherit verify-sig
 
 	if [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos"
+		KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos"
 	fi
 
 	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
@@ -28,9 +31,6 @@ fi
 
 S="${WORKDIR}/${MY_P}"
 
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
 IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r4.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r6.ebuild
similarity index 98%
rename from sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r4.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r6.ebuild
index ab8e27a235..256c7ca3c7 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r4.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r6.ebuild
@@ -11,6 +11,9 @@ inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \
 MY_PV="${PV/_/-}"
 MY_P="${PN}-${MY_PV}"
 
+DESCRIPTION="Various useful Linux utilities"
+HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
+
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
 	inherit autotools git-r3
@@ -28,9 +31,6 @@ fi
 
 S="${WORKDIR}/${MY_P}"
 
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
 IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
@@ -103,6 +103,8 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.39.2-backport-1d4456d.patch
 	"${FILESDIR}"/${PN}-2.39.3-libblkid-luks.patch
 	"${FILESDIR}"/${PN}-2.39.3-musl-1.2.5-basename.patch
+	"${FILESDIR}"/${PN}-2.39.3-libmount-Fix-export-of-mnt_context_is_lazy-and-mnt_c.patch
+	"${FILESDIR}"/${PN}-2.39.3-CVE-2024-28085.patch
 )
 
 pkg_pretend() {
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild
similarity index 96%
rename from sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r3.ebuild
rename to sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild
index 2e67860394..3ce3abaad9 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild
@@ -11,6 +11,9 @@ inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \
 MY_PV="${PV/_/-}"
 MY_P="${PN}-${MY_PV}"
 
+DESCRIPTION="Various useful Linux utilities"
+HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
+
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
 	inherit autotools git-r3
@@ -19,7 +22,7 @@ else
 	inherit verify-sig
 
 	if [[ ${PV} != *_rc* ]] ; then
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos"
+		KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos"
 	fi
 
 	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
@@ -28,9 +31,6 @@ fi
 
 S="${WORKDIR}/${MY_P}"
 
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
 IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"
@@ -101,6 +101,11 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.39.2-fincore-test.patch
 	"${FILESDIR}"/${PN}-2.39.2-backport-pr2251.patch
 	"${FILESDIR}"/${PN}-2.39.2-backport-1d4456d.patch
+	"${FILESDIR}"/${PN}-2.39.3-libblkid-luks.patch
+	"${FILESDIR}"/${PN}-2.39.3-musl-1.2.5-basename.patch
+	"${FILESDIR}"/${PN}-2.39.3-libmount-Fix-export-of-mnt_context_is_lazy-and-mnt_c.patch
+	"${FILESDIR}"/${PN}-2.39.3-CVE-2024-28085.patch
+	"${FILESDIR}"/${PN}-2.39.3-fix-use-after-free.patch
 )
 
 pkg_pretend() {
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
index 4732e2661e..f25f71aca3 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/util-linux/util-linux-9999.ebuild
@@ -11,6 +11,9 @@ inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \
 MY_PV="${PV/_/-}"
 MY_P="${PN}-${MY_PV}"
 
+DESCRIPTION="Various useful Linux utilities"
+HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
+
 if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
 	inherit autotools git-r3
@@ -28,9 +31,6 @@ fi
 
 S="${WORKDIR}/${MY_P}"
 
-DESCRIPTION="Various useful Linux utilities"
-HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"
-
 LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain"
 SLOT="0"
 IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode"