From f540ae2dad351bec50eed0ad56ee14dec115da7b Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Thu, 16 Jun 2022 13:13:36 +0200
Subject: [PATCH 1/2] dev-libs/libpcre2: update to 10.40

Update dev-libs/libpcre2 to 10.40, mainly to address CVE-2022-1586
and CVE-2022-1587.
---
 .../portage-stable/dev-libs/libpcre2/Manifest |  4 +-
 .../files/libpcre2-10.37-jit_fixes.patch      | 80 ----------------
 ...ternatives-in-first-character-search.patch | 49 ----------
 .../dev-libs/libpcre2/libpcre2-10.38.ebuild   | 94 -------------------
 ....37-r2.ebuild => libpcre2-10.39-r1.ebuild} |  9 +-
 .../dev-libs/libpcre2/libpcre2-10.39.ebuild   | 94 -------------------
 ...-10.38-r1.ebuild => libpcre2-10.40.ebuild} | 55 ++++++-----
 .../dev-libs/libpcre2/metadata.xml            |  6 +-
 8 files changed, 37 insertions(+), 354 deletions(-)
 delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.37-jit_fixes.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.38-fix-fix-incorrect-detection-of-alternatives-in-first-character-search.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38.ebuild
 rename sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/{libpcre2-10.37-r2.ebuild => libpcre2-10.39-r1.ebuild} (89%)
 delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39.ebuild
 rename sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/{libpcre2-10.38-r1.ebuild => libpcre2-10.40.ebuild} (65%)

diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/Manifest
index dcba31a9c9..3a22ba675e 100644
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/Manifest
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/Manifest
@@ -1,4 +1,4 @@
 DIST libpcre2-10.36-patchset-01.tar.xz 1364 BLAKE2B bfef3c876a092e06972107b44794c23b758a030181f3040c8b722db166789eac794783169b468fc71334fd660bc2f1c31422a8cb8e5bdc18a69b72654b1b59b2 SHA512 04324d1efa6d155fa3ffbc328638e4674bea305fef7f57d4369ab4a6399a0f489b4c0ecfb49643feff310d91872e1673e965c48a5c60f1bf54a319f0d275c306
-DIST pcre2-10.37.tar.bz2 1729384 BLAKE2B b4e56041010d7f44e84a63a17b35e87329d258107d8b27ccead10f51e7deacc93cbee64a22c71b9f0b8f244920b3a22fa4d9b786ec441a428e0ad0bb8535773e SHA512 69f4bf4736b986e0fc855eedb292efe72a0df2e803bc0e61a6cf47775eed433bb1b2f28d7e641591ef4603d47beb543a64ed0eef9538d00f0746bc3435c143ec
-DIST pcre2-10.38.tar.bz2 1729078 BLAKE2B 9438ff2422afaa83d5a4b2e64d5897068c35add28d66956431f9937191416d6df4903ecf35af72c788480d7def08e0ce17922e9b036698ce1bbe6cacbb799df2 SHA512 3634cb2db6ccba9720c1b69890bcd9eb7057f6a6cb6981f12b3f2d6b2bb4e75e4e5014f566045f9ba1b79edf01fa5c4d81eb333727b9462e843dfb70f3a58f95
 DIST pcre2-10.39.tar.bz2 1730729 BLAKE2B 9ee01ac2704e9cb7a107d402fa0c32828fc66425b62270f6891667bde5fb00c1e779c9730df3522acbd62d11703343bf48265050c09d3754183de314baf7cddd SHA512 b3d898198f4b5ffc3453d2ba56fe2a7298c01c52e5f67d45f1e046fc0dee62e16a4024fcb65839ac9c367beedb531647affd6f8599fbeb102f19423c150d80d4
+DIST pcre2-10.40.tar.bz2 1765440 BLAKE2B 627a204585b92238eda81b4befc88757a81d75b0d9fa26ea6d51afcdd93f7e2d102a2245bf3c8e1f5f9ddf69a316c419c948b741a64442bb567480015543e49b SHA512 00e7b48a6554b9127cb6fe24c5cacf72783416a9754ec88f62f73c52f46ed72c86c1869e62c91a31b2ff2cbafbbedabca44b3f1eb7670bc92f49d8401c7374e8
+DIST pcre2-10.40.tar.bz2.sig 310 BLAKE2B 9609111a64b66893b12e36d1cbc77b64d6a0cc30b9288e52753785ddcab37cc3e169d0f117d94e4ad7d7ff897a6ba0a574c9a2e529c3c7e171f5a1bc6f64fe23 SHA512 faa4b47fdac1543cd323651f251b8abb94b31b5966b42d445b8cbb38c441df4742e3c3517c2bc6c0a4464e9fb5feab5d5beda1250a03d56bec2d8383be2f63ab
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.37-jit_fixes.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.37-jit_fixes.patch
deleted file mode 100644
index 6ee5494f2b..0000000000
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.37-jit_fixes.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Index: pcre2/ChangeLog
-===================================================================
---- pcre2/ChangeLog	(revision 1314)
-+++ pcre2/ChangeLog	(revision 1315)
-@@ -1,7 +1,14 @@
- Change Log for PCRE2
- --------------------
- 
-+Version 10.38-RC1 xx-xxx-2021
-+-----------------------------
- 
-+1. Fix invalid single character repetition issues in JIT when the repetition
-+is inside a capturing bracket and the bracket is preceeded by character
-+literals.
-+
-+
- Version 10.37 26-May-2021
- -------------------------
- 
-Index: pcre2/src/pcre2_jit_compile.c
-===================================================================
---- pcre2/src/pcre2_jit_compile.c	(revision 1314)
-+++ pcre2/src/pcre2_jit_compile.c	(revision 1315)
-@@ -1236,15 +1236,16 @@
- 
- return: current number of iterators enhanced with fast fail
- */
--static int detect_early_fail(compiler_common *common, PCRE2_SPTR cc, int *private_data_start, sljit_s32 depth, int start)
-+static int detect_early_fail(compiler_common *common, PCRE2_SPTR cc, int *private_data_start,
-+   sljit_s32 depth, int start, BOOL fast_forward_allowed)
- {
- PCRE2_SPTR begin = cc;
- PCRE2_SPTR next_alt;
- PCRE2_SPTR end;
- PCRE2_SPTR accelerated_start;
-+BOOL prev_fast_forward_allowed;
- int result = 0;
- int count;
--BOOL fast_forward_allowed = TRUE;
- 
- SLJIT_ASSERT(*cc == OP_ONCE || *cc == OP_BRA || *cc == OP_CBRA);
- SLJIT_ASSERT(*cc != OP_CBRA || common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] != 0);
-@@ -1476,6 +1477,7 @@
-       case OP_CBRA:
-       end = cc + GET(cc, 1);
- 
-+      prev_fast_forward_allowed = fast_forward_allowed;
-       fast_forward_allowed = FALSE;
-       if (depth >= 4)
-         break;
-@@ -1484,7 +1486,7 @@
-       if (*end != OP_KET || (*cc == OP_CBRA && common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0))
-         break;
- 
--      count = detect_early_fail(common, cc, private_data_start, depth + 1, count);
-+      count = detect_early_fail(common, cc, private_data_start, depth + 1, count, prev_fast_forward_allowed);
- 
-       if (PRIVATE_DATA(cc) != 0)
-         common->private_data_ptrs[begin - common->start] = 1;
-@@ -13657,7 +13659,7 @@
- private_data_size = common->cbra_ptr + (re->top_bracket + 1) * sizeof(sljit_sw);
- 
- if ((re->overall_options & PCRE2_ANCHORED) == 0 && (re->overall_options & PCRE2_NO_START_OPTIMIZE) == 0 && !common->has_skip_in_assert_back)
--  detect_early_fail(common, common->start, &private_data_size, 0, 0);
-+  detect_early_fail(common, common->start, &private_data_size, 0, 0, TRUE);
- 
- set_private_data_ptrs(common, &private_data_size, ccend);
- 
-Index: pcre2/src/pcre2_jit_test.c
-===================================================================
---- pcre2/src/pcre2_jit_test.c	(revision 1314)
-+++ pcre2/src/pcre2_jit_test.c	(revision 1315)
-@@ -351,6 +351,7 @@
- 	{ MU, A, 0, 0, ".[ab]*a", "xxa" },
- 	{ MU, A, 0, 0, ".[ab]?.", "xx" },
- 	{ MU, A, 0, 0, "_[ab]+_*a", "_aa" },
-+	{ MU, A, 0, 0, "#(A+)#\\d+", "#A#A#0" },
- 
- 	/* Bracket repeats with limit. */
- 	{ MU, A, 0, 0, "(?:(ab){2}){5}M", "abababababababababababM" },
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.38-fix-fix-incorrect-detection-of-alternatives-in-first-character-search.patch b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.38-fix-fix-incorrect-detection-of-alternatives-in-first-character-search.patch
deleted file mode 100644
index 936bd057a0..0000000000
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/files/libpcre2-10.38-fix-fix-incorrect-detection-of-alternatives-in-first-character-search.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-https://github.com/PhilipHazel/pcre2/pull/22
-
---- a/src/pcre2_jit_compile.c
-+++ b/src/pcre2_jit_compile.c
-@@ -1251,10 +1251,13 @@ SLJIT_ASSERT(*cc == OP_ONCE || *cc == OP_BRA || *cc == OP_CBRA);
- SLJIT_ASSERT(*cc != OP_CBRA || common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] != 0);
- SLJIT_ASSERT(start < EARLY_FAIL_ENHANCE_MAX);
- 
-+next_alt = cc + GET(cc, 1);
-+if (*next_alt == OP_ALT)
-+  fast_forward_allowed = FALSE;
-+
- do
-   {
-   count = start;
--  next_alt = cc + GET(cc, 1);
-   cc += 1 + LINK_SIZE + ((*cc == OP_CBRA) ? IMM2_SIZE : 0);
- 
-   while (TRUE)
-@@ -1512,7 +1515,7 @@ do
-         {
-         count++;
- 
--        if (fast_forward_allowed && *next_alt == OP_KET)
-+        if (fast_forward_allowed)
-           {
-           common->fast_forward_bc_ptr = accelerated_start;
-           common->private_data_ptrs[(accelerated_start + 1) - common->start] = ((*private_data_start) << 3) | type_skip;
-@@ -1562,8 +1565,8 @@ do
-   else if (result < count)
-     result = count;
- 
--  fast_forward_allowed = FALSE;
-   cc = next_alt;
-+  next_alt = cc + GET(cc, 1);
-   }
- while (*cc == OP_ALT);
- 
---- a/src/pcre2_jit_test.c
-+++ b/src/pcre2_jit_test.c
-@@ -352,6 +352,7 @@ static struct regression_test_case regression_test_cases[] = {
- 	{ MU, A, 0, 0, ".[ab]?.", "xx" },
- 	{ MU, A, 0, 0, "_[ab]+_*a", "_aa" },
- 	{ MU, A, 0, 0, "#(A+)#\\d+", "#A#A#0" },
-+	{ MU, A, 0, 0, "(?P<size>\\d+)m|M", "4M" },
- 
- 	/* Bracket repeats with limit. */
- 	{ MU, A, 0, 0, "(?:(ab){2}){5}M", "abababababababababababM" },
- 
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38.ebuild
deleted file mode 100644
index 6f868c1cfe..0000000000
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38.ebuild
+++ /dev/null
@@ -1,94 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal usr-ldscript
-
-PATCH_SET="${PN}-10.36-patchset-01.tar.xz"
-
-DESCRIPTION="Perl-compatible regular expression library"
-HOMEPAGE="https://www.pcre.org/"
-MY_P="pcre2-${PV/_rc/-RC}"
-if [[ ${PV} != *_rc* ]] ; then
-	# Only the final releases are available here.
-	SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
-		https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2
-		https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2"
-else
-	SRC_URI="https://ftp.pcre.org/pub/pcre/Testing/${MY_P}.tar.bz2"
-fi
-
-if [[ -n "${PATCH_SET}" ]] ; then
-	SRC_URI+=" https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}"
-fi
-
-LICENSE="BSD"
-SLOT="0/3" # libpcre2-posix.so version
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
-REQUIRED_USE="?? ( libedit readline )"
-
-BDEPEND="
-	virtual/pkgconfig
-"
-RDEPEND="
-	bzip2? ( app-arch/bzip2 )
-	libedit? ( dev-libs/libedit )
-	readline? ( sys-libs/readline:0= )
-	zlib? ( sys-libs/zlib )
-"
-DEPEND="${RDEPEND}"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/pcre2-config
-)
-
-src_prepare() {
-	if [[ -d "${WORKDIR}/patches" ]] ; then
-		rm "${WORKDIR}"/patches/pcre2-10.36-001-issue2698.patch || die
-		eapply "${WORKDIR}"/patches
-	fi
-
-	default
-
-	elibtoolize
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--enable-pcre2-8
-		--enable-shared
-		--with-match-limit-depth=$(usex recursion-limit 8192 MATCH_LIMIT)
-		$(multilib_native_use_enable bzip2 pcre2grep-libbz2)
-		$(multilib_native_use_enable libedit pcre2test-libedit)
-		$(multilib_native_use_enable readline pcre2test-libreadline)
-		$(multilib_native_use_enable zlib pcre2grep-libz)
-		$(use_enable jit)
-		$(use_enable jit pcre2grep-jit)
-		$(use_enable pcre16 pcre2-16)
-		$(use_enable pcre32 pcre2-32)
-		$(use_enable static-libs static)
-		$(use_enable unicode)
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
-}
-
-multilib_src_install() {
-	emake \
-		DESTDIR="${D}" \
-		$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
-		install
-	multilib_is_native_abi && gen_usr_ldscript -a pcre2-posix
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name "*.la" -delete || die
-}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.37-r2.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39-r1.ebuild
similarity index 89%
rename from sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.37-r2.ebuild
rename to sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39-r1.ebuild
index abd807adeb..9a9a699cb9 100644
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.37-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39-r1.ebuild
@@ -12,7 +12,7 @@ HOMEPAGE="https://www.pcre.org/"
 MY_P="pcre2-${PV/_rc/-RC}"
 if [[ ${PV} != *_rc* ]] ; then
 	# Only the final releases are available here.
-	SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
+	SRC_URI="https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2
 		https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2"
 else
 	SRC_URI="https://ftp.pcre.org/pub/pcre/Testing/${MY_P}.tar.bz2"
@@ -26,7 +26,7 @@ fi
 LICENSE="BSD"
 SLOT="0/3" # libpcre2-posix.so version
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
+IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline static-libs unicode zlib"
 REQUIRED_USE="?? ( libedit readline )"
 
 BDEPEND="
@@ -42,10 +42,6 @@ DEPEND="${RDEPEND}"
 
 S="${WORKDIR}/${MY_P}"
 
-PATCHES=(
-	"${FILESDIR}/${P}-jit_fixes.patch"
-)
-
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/pcre2-config
 )
@@ -65,7 +61,6 @@ multilib_src_configure() {
 	local myeconfargs=(
 		--enable-pcre2-8
 		--enable-shared
-		--with-match-limit-depth=$(usex recursion-limit 8192 MATCH_LIMIT)
 		$(multilib_native_use_enable bzip2 pcre2grep-libbz2)
 		$(multilib_native_use_enable libedit pcre2test-libedit)
 		$(multilib_native_use_enable readline pcre2test-libreadline)
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39.ebuild
deleted file mode 100644
index 477a50daf5..0000000000
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.39.ebuild
+++ /dev/null
@@ -1,94 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit libtool multilib-minimal usr-ldscript
-
-PATCH_SET="${PN}-10.36-patchset-01.tar.xz"
-
-DESCRIPTION="Perl-compatible regular expression library"
-HOMEPAGE="https://www.pcre.org/"
-MY_P="pcre2-${PV/_rc/-RC}"
-if [[ ${PV} != *_rc* ]] ; then
-	# Only the final releases are available here.
-	SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
-		https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2
-		https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2"
-else
-	SRC_URI="https://ftp.pcre.org/pub/pcre/Testing/${MY_P}.tar.bz2"
-fi
-
-if [[ -n "${PATCH_SET}" ]] ; then
-	SRC_URI+=" https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}
-		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}"
-fi
-
-LICENSE="BSD"
-SLOT="0/3" # libpcre2-posix.so version
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
-REQUIRED_USE="?? ( libedit readline )"
-
-BDEPEND="
-	virtual/pkgconfig
-"
-RDEPEND="
-	bzip2? ( app-arch/bzip2 )
-	libedit? ( dev-libs/libedit )
-	readline? ( sys-libs/readline:0= )
-	zlib? ( sys-libs/zlib )
-"
-DEPEND="${RDEPEND}"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_CHOST_TOOLS=(
-	/usr/bin/pcre2-config
-)
-
-src_prepare() {
-	if [[ -d "${WORKDIR}/patches" ]] ; then
-		rm "${WORKDIR}"/patches/pcre2-10.36-001-issue2698.patch || die
-		eapply "${WORKDIR}"/patches
-	fi
-
-	default
-
-	elibtoolize
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--enable-pcre2-8
-		--enable-shared
-		--with-match-limit-depth=$(usex recursion-limit 8192 MATCH_LIMIT)
-		$(multilib_native_use_enable bzip2 pcre2grep-libbz2)
-		$(multilib_native_use_enable libedit pcre2test-libedit)
-		$(multilib_native_use_enable readline pcre2test-libreadline)
-		$(multilib_native_use_enable zlib pcre2grep-libz)
-		$(use_enable jit)
-		$(use_enable jit pcre2grep-jit)
-		$(use_enable pcre16 pcre2-16)
-		$(use_enable pcre32 pcre2-32)
-		$(use_enable static-libs static)
-		$(use_enable unicode)
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
-}
-
-multilib_src_install() {
-	emake \
-		DESTDIR="${D}" \
-		$(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \
-		install
-	multilib_is_native_abi && gen_usr_ldscript -a pcre2-posix
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name "*.la" -delete || die
-}
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.40.ebuild
similarity index 65%
rename from sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.40.ebuild
index 84077f8a1f..fb332ff04d 100644
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.38-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/libpcre2-10.40.ebuild
@@ -3,18 +3,19 @@
 
 EAPI=7
 
-inherit libtool multilib-minimal usr-ldscript
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/philiphazel.asc
+inherit libtool multilib-minimal usr-ldscript verify-sig
 
 PATCH_SET="${PN}-10.36-patchset-01.tar.xz"
+MY_P="pcre2-${PV/_rc/-RC}"
 
 DESCRIPTION="Perl-compatible regular expression library"
 HOMEPAGE="https://www.pcre.org/"
-MY_P="pcre2-${PV/_rc/-RC}"
 if [[ ${PV} != *_rc* ]] ; then
 	# Only the final releases are available here.
-	SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
+	SRC_URI="https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2
 		https://ftp.pcre.org/pub/pcre/${MY_P}.tar.bz2
-		https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2"
+		verify-sig? ( https://github.com/PhilipHazel/pcre2/releases/download/${MY_P}/${MY_P}.tar.bz2.sig )"
 else
 	SRC_URI="https://ftp.pcre.org/pub/pcre/Testing/${MY_P}.tar.bz2"
 fi
@@ -24,31 +25,35 @@ if [[ -n "${PATCH_SET}" ]] ; then
 		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}"
 fi
 
-LICENSE="BSD"
-SLOT="0/3" # libpcre2-posix.so version
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib"
-REQUIRED_USE="?? ( libedit readline )"
-
-BDEPEND="
-	virtual/pkgconfig
-"
-RDEPEND="
-	bzip2? ( app-arch/bzip2 )
-	libedit? ( dev-libs/libedit )
-	readline? ( sys-libs/readline:0= )
-	zlib? ( sys-libs/zlib )
-"
-DEPEND="${RDEPEND}"
-
 S="${WORKDIR}/${MY_P}"
 
-PATCHES=( "${FILESDIR}"/${P}-fix-fix-incorrect-detection-of-alternatives-in-first-character-search.patch )
+LICENSE="BSD"
+SLOT="0/3" # libpcre2-posix.so version
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 +jit libedit +pcre16 pcre32 +readline static-libs unicode zlib"
+REQUIRED_USE="?? ( libedit readline )"
+
+RDEPEND="bzip2? ( app-arch/bzip2 )
+	libedit? ( dev-libs/libedit )
+	readline? ( sys-libs/readline:= )
+	zlib? ( sys-libs/zlib )"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-philiphazel )"
 
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/pcre2-config
 )
 
+src_unpack() {
+	if use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.bz2{,.sig}
+	fi
+
+	default
+}
+
 src_prepare() {
 	if [[ -d "${WORKDIR}/patches" ]] ; then
 		rm "${WORKDIR}"/patches/pcre2-10.36-001-issue2698.patch || die
@@ -64,7 +69,6 @@ multilib_src_configure() {
 	local myeconfargs=(
 		--enable-pcre2-8
 		--enable-shared
-		--with-match-limit-depth=$(usex recursion-limit 8192 MATCH_LIMIT)
 		$(multilib_native_use_enable bzip2 pcre2grep-libbz2)
 		$(multilib_native_use_enable libedit pcre2test-libedit)
 		$(multilib_native_use_enable readline pcre2test-libreadline)
@@ -76,6 +80,7 @@ multilib_src_configure() {
 		$(use_enable static-libs static)
 		$(use_enable unicode)
 	)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
@@ -83,6 +88,10 @@ multilib_src_compile() {
 	emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
 }
 
+multilib_src_test() {
+	emake check VERBOSE=yes
+}
+
 multilib_src_install() {
 	emake \
 		DESTDIR="${D}" \
diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/metadata.xml
index 0d201299bd..66bde795d3 100644
--- a/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/dev-libs/libpcre2/metadata.xml
@@ -16,10 +16,6 @@
 			Add support for command line editing to pcretest, through
 			<pkg>sys-libs/readline</pkg>.
 		</flag>
-		<flag name="recursion-limit">
-			Limit match recursion to 8192; if disabled, the default limit is
-			used, which is the same as the match limit.
-		</flag>
 		<flag name="zlib">
 			Add support for pcregrep command to search within
 			gzip-compressed files (via <pkg>sys-libs/zlib</pkg>).
@@ -30,6 +26,6 @@
 	</slots>
 	<upstream>
 		<remote-id type="cpe">cpe:/a:pcre:pcre</remote-id>
-		<remote-id type="sourceforge">pcre</remote-id>
+		<remote-id type="github">PhilipHazel/pcre2</remote-id>
 	</upstream>
 </pkgmetadata>

From 205779ddaaa3d913e3455855c845513e1ed7a2f9 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Thu, 16 Jun 2022 13:19:52 +0200
Subject: [PATCH 2/2] changelog: add changelog for libpcre2 10.40

---
 .../changelog/security/2022-06-16-libpcre2-10.40.md              | 1 +
 .../changelog/updates/2022-06-16-libpcre2-10.40.md               | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/security/2022-06-16-libpcre2-10.40.md
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/updates/2022-06-16-libpcre2-10.40.md

diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-06-16-libpcre2-10.40.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-06-16-libpcre2-10.40.md
new file mode 100644
index 0000000000..7a1d96ba9e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-06-16-libpcre2-10.40.md
@@ -0,0 +1 @@
+- libpcre2 ([CVE-2022-1586](https://nvd.nist.gov/vuln/detail/CVE-2022-1586), [CVE-2022-1587](https://nvd.nist.gov/vuln/detail/CVE-2022-1587))
diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-06-16-libpcre2-10.40.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-06-16-libpcre2-10.40.md
new file mode 100644
index 0000000000..7b04b38156
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-06-16-libpcre2-10.40.md
@@ -0,0 +1 @@
+- libpcre2 ([10.40](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS))