diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/Manifest
index c73dc89076..b705601b6d 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/Manifest
@@ -1,6 +1,2 @@
-AUX man-db.cron 217 SHA256 5b2e690a12e6c5335ca3e7d180baa367d54adf18647f0e4a821f14b0ae45ade0 SHA512 81a7082d7f0cdf17d8277af7142aaa98feb8c12cf41bb96c12af53fdd3e436a4d15a57ef76fb90390133cfdb25e1bb1b16e17a39b39b6517afc529b871426331 WHIRLPOOL bda82f5a771cbe68077430798fdb9cacf9d2011f2ae598cba164bf0a2fb95c30348bba94208f78112cfd8bf19741c13699b940650b5c29755a2c13d39e56abe6
-DIST man-db-2.7.6.1.tar.xz 1541316 SHA256 08edbc52f24aca3eebac429b5444efd48b9b90b9b84ca0ed5507e5c13ed10f3f SHA512 623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301 WHIRLPOOL 10ca0e397a53354ba6687c4057c8d8b7f57c0a97b806727ee05285a5aa1d8f2d17eae9f532b0edb364edde149108c765f812e4ecd6a28932cdceef56e0b5dbee
-EBUILD man-db-2.7.6.1-r2.ebuild 3145 SHA256 d69d4a0bd97c49bdbc87543269e4111394a7ef6f49020a4001a771649a0951a2 SHA512 323d3f53ce81d65d6012b310db9b31acb732bb457b0cd1a5e36d5d741668006711e3ed6ca4155c189c0ae59dd747ee36c67c63563ff08a3df0fb06100eac8651 WHIRLPOOL 64b1cff7a4286fd2a09b620be4519a0753cbef2aff3a6f4f9cda5dbba0fb3a3d025a5f5685a4228d23bb3aaefae96d7a13d9d8f99c25600256488ee58687aad0
-MISC ChangeLog 9327 SHA256 cb45d2db7d1cbf34fdbf354f7a6673b5556dbbe81ac6082ef1ee1994fec4ae8f SHA512 aa4100bd98703ab350cea86f9b73c6d8088e6a3f91eaa073db809d079d964387e53038a4438081bf939d06f1addf4d40332847556c0ff8c699b2ad8d2719c2e8 WHIRLPOOL 6fccb055c9e7e41e0c8078940353033c7f1154fc7f7c5c0b9671e0ecc2991c35195aa0e1ff53a52e157b8dd16a7909b76d932ccc210239c9231e24190d51eaa1
-MISC ChangeLog-2015 10778 SHA256 61a539cf1188343ade360c912c661e1519caecb69a988ca71a72851112a5522a SHA512 81a3235e84a62bc6f8d14c753676d1263f93d76707ab0ea4d02f0c445c34c45b0f4ae3a6e81152186abd81a99ca3d414874214cdcd7cfc7261d84d2f664e2e76 WHIRLPOOL 0fa35ef0a80cf94f055c16cb547be92ecbbeaa1bff2d03b48b74e14817fb118a5859d75a02e1c32fce7ed7396b3a062172e88a207a87d7fd3431b62122acf961
-MISC metadata.xml 342 SHA256 c81419f3ac855515743a636bfbd46d0534455d7d2d20f46e907f95dcd04af484 SHA512 553cf56ab0b3b6c9403612a7ccd1db073f557b432c68d60adb4716169250a9986b4c112023f6ae200a6fbc2df31cdafd9ab08e04d92ca35cffb81f690bd43d79 WHIRLPOOL 155a9ad5b173dd5ac75e4c93315b0ddd9ba5ec6299a778c63e2281f7aed499cae99e573585270fdd5d7e29b93160ac967785eeeaa78f9a933147764d56107fff
+DIST man-db-2.10.1.tar.xz 1890536 BLAKE2B b052a7006e1d47dfe7b82f82b6e6e47500ca1c8fa20716af7d3d4193ebde0b109f13f4ed3148c5e4bbc76f34d457ec71bf93ed88f9ab0f5da5b5e1c9066e6d70 SHA512 25a3c4e3d7b171faf0771885a7a7d502c4af801881777231c79d7ee9768c2e48e44afbf5603af13f5ac63e6981cfdb8e36ba8a33d5f926d8122635cf45fcff7a
+DIST man-db-2.9.4.tar.xz 1909020 BLAKE2B 43427e851f0e661ca1cee55211dd7636f4ffde067c75de7715f525029b22c205728f8e86ac49abff60e47a4a4c9e1fbd78e2c87e70bd37778b88594a3897275f SHA512 169f091dd0a1d0dbd1583366f8257afb8f57e030d0f7d4213c14ce0b1fc5debf8b9cf2731de503830cb2826b3a22b3cff7da993d44ec18557935bd293529133c
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-darwin-libdb-intl.patch b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-darwin-libdb-intl.patch
new file mode 100644
index 0000000000..71cbb1c20d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-darwin-libdb-intl.patch
@@ -0,0 +1,30 @@
+https://gitlab.com/cjwatson/man-db/-/merge_requests/3
+
+libdb: link against libintl
+
+necessary since gettext is used for translations
+
+Signed-off-by: Fabian Groffen <grobian@gentoo.org>
+
+--- a/libdb/Makefile.am
++++ b/libdb/Makefile.am
+@@ -43,7 +43,7 @@
+ 	db_xdbm.h \
+ 	mydbm.h
+ 
+-libmandb_la_LIBADD = ../lib/libman.la $(DBLIBS)
++libmandb_la_LIBADD = ../lib/libman.la $(DBLIBS) $(LIBINTL)
+ 
+ libmandb_la_LDFLAGS = \
+ 	-avoid-version -release $(VERSION) -rpath $(pkglibdir) -no-undefined
+--- a/libdb/Makefile.in
++++ b/libdb/Makefile.in
+@@ -1541,7 +1541,7 @@
+ 	db_xdbm.h \
+ 	mydbm.h
+ 
+-libmandb_la_LIBADD = ../lib/libman.la $(DBLIBS)
++libmandb_la_LIBADD = ../lib/libman.la $(DBLIBS) $(LIBINTL)
+ libmandb_la_LDFLAGS = \
+ 	-avoid-version -release $(VERSION) -rpath $(pkglibdir) -no-undefined
+ 
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-sandbox-env-tests.patch b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-sandbox-env-tests.patch
new file mode 100644
index 0000000000..8b2ad26d0e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db-2.9.3-sandbox-env-tests.patch
@@ -0,0 +1,11 @@
+--- a/src/tests/man-deleted-directory
++++ b/src/tests/man-deleted-directory
+@@ -8,6 +8,8 @@
+ 
+ : ${MAN=man}
+ 
++test -n "$SANDBOX_ACTIVE" && skip "Gentoo: Test known bad under sandbox (#699466)"
++
+ init
+ echo "MANDATORY_MANPATH $abstmpdir/usr/share/man" >"$tmpdir/manpath.config"
+ MANPATH="$abstmpdir/usr/share/man"
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron-r1
similarity index 76%
rename from sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron
rename to sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron-r1
index b3794f2557..7f7932360c 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/files/man-db.cron-r1
@@ -8,4 +8,4 @@ if [ ! -d "${cachedir}" ]; then
 	chmod 0755 "${cachedir}"
 fi
 
-exec nice mandb --quiet
+exec su man -s /bin/sh -c 'nice mandb --quiet' 2>/dev/null
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.10.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.10.1.ebuild
new file mode 100644
index 0000000000..1098629151
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.10.1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd prefix tmpfiles
+
+DESCRIPTION="A man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="https://gitlab.com/cjwatson/man-db https://www.nongnu.org/man-db/"
+if [[ ${PV} == *9999 ]] ; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://gitlab.com/cjwatson/man-db.git"
+else
+	# TODO: Change tarballs to gitlab too...?
+	SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="berkdb +manpager nls +seccomp selinux static-libs zlib"
+
+CDEPEND="!sys-apps/man
+	>=dev-libs/libpipeline-1.5.0
+	sys-apps/groff
+	!berkdb? ( sys-libs/gdbm:= )
+	berkdb? ( sys-libs/db:= )
+	seccomp? ( sys-libs/libseccomp )
+	zlib? ( sys-libs/zlib )"
+DEPEND="${CDEPEND}"
+BDEPEND="app-arch/xz-utils
+	virtual/pkgconfig
+	nls? (
+		>=app-text/po4a-0.45
+		sys-devel/gettext
+		virtual/libiconv
+		virtual/libintl
+	)"
+RDEPEND="${CDEPEND}
+	acct-group/man
+	acct-user/man
+	selinux? ( sec-policy/selinux-mandb )"
+PDEPEND="manpager? ( app-text/manpager )"
+
+PATCHES=(
+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
+)
+
+src_unpack() {
+	if [[ ${PV} == *9999 ]] ; then
+		git-r3_src_unpack
+
+		# We need to mess with gnulib
+		EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \
+		EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \
+		git-r3_src_unpack
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ "${PV}" == *9999 ]] ; then
+		local bootstrap_opts=(
+			--gnulib-srcdir=../gnulib
+			--no-bootstrap-sync
+			--copy
+			--no-git
+		)
+		AUTORECONF="/bin/true" \
+		LIBTOOLIZE="/bin/true" \
+		sh ./bootstrap "${bootstrap_opts[@]}" || die
+
+		eautoreconf
+	fi
+
+	hprefixify src/man_db.conf.in
+	if use prefix ; then
+		{
+			echo "#"
+			echo "# Added settings for Gentoo Prefix"
+			[[ ${CHOST} == *-darwin* ]] && \
+				echo "MANDATORY_MANPATH ${EPREFIX}/MacOSX.sdk/usr/share/man"
+			echo "MANDATORY_MANPATH /usr/share/man"
+		} >> src/man_db.conf.in
+	fi
+}
+
+src_configure() {
+	# Set sections we want to search by default
+	local sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o"
+	sections+=" 1x 2x 3x 4x 5x 6x 7x 8x"
+	case ${CHOST} in
+		*-solaris*)
+			# Solaris tends to use sections named after the pkgs that
+			# owns them, in particular for libc functions we want those
+			# sections
+			local s
+			for s in $(cd /usr/share/man/ && echo man*) ; do
+				s=${s#man}
+				[[ " ${sections} " != *" ${s} "* ]] && sections+=" ${s}"
+			done
+			;;
+	esac
+
+	export ac_cv_lib_z_gzopen=$(usex zlib)
+	local myeconfargs=(
+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		--disable-setuid # bug #662438
+		--enable-cache-owner=man
+		--with-sections="${sections}"
+
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		$(use_with seccomp libseccomp)
+
+		--with-db=$(usex berkdb db gdbm)
+	)
+
+	case ${CHOST} in
+		*-solaris*|*-darwin*)
+			myeconfargs+=(
+				$(use_with nls libiconv-prefix "${EPREFIX}"/usr)
+				$(use_with nls libintl-prefix "${EPREFIX}"/usr)
+			)
+			;;
+	esac
+
+	econf "${myeconfargs[@]}"
+
+	# Disable color output from groff so that the manpager can add it. bug #184604
+	sed -i \
+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+		src/man_db.conf || die
+
+	cat > 15man-db <<-EOF || die
+	SANDBOX_PREDICT="/var/cache/man"
+	EOF
+}
+
+src_install() {
+	default
+	dodoc docs/{HACKING.md,TODO}
+	find "${ED}" -type f -name "*.la" -delete || die
+
+	exeinto /etc/cron.daily
+	newexe "${FILESDIR}"/man-db.cron-r1 man-db # bug #289884
+
+	insinto /etc/sandbox.d
+	doins 15man-db
+}
+
+pkg_preinst() {
+	local cachedir="${EROOT}/var/cache/man"
+	# If the system was already exploited, and the attacker is hiding in the
+	# cachedir of the old man-db, let's wipe them out.
+	# see bug  #602588 comment 18
+	local _replacing_version=
+	local _setgid_vuln=0
+	for _replacing_version in ${REPLACING_VERSIONS} ; do
+		if ver_test '2.7.6.1-r2' -le "${_replacing_version}" ; then
+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
+		else
+			_setgid_vuln=1
+			debug-print "Applying cleanup for security bug #602588"
+		fi
+	done
+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+	# Fall back to recreating the cachedir
+	if [[ ! -d ${cachedir} ]] ; then
+		mkdir -p "${cachedir}" || die
+		chown man:man "${cachedir}" || die
+	fi
+
+	# Update the whatis cache
+	if [[ -f ${cachedir}/whatis ]] ; then
+		einfo "Cleaning ${cachedir} from sys-apps/man"
+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process man-db.conf
+
+	if [[ -n "${REPLACING_VERSIONS}" ]] ; then
+		local _replacing_version=
+
+		for _replacing_version in ${REPLACING_VERSIONS} ; do
+			if [[ $(ver_cut 2 ${_replacing_version}) -lt 7 ]] ; then
+				einfo "Rebuilding man-db from scratch with new database format!"
+				su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
+
+				# No need to run it again if we hit one
+				break
+			fi
+		done
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
deleted file mode 100644
index 11c66d57a0..0000000000
--- a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
+++ /dev/null
@@ -1,108 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils user versionator
-
-DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
-HOMEPAGE="http://www.nongnu.org/man-db/"
-SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~arm-linux ~x86-linux"
-IUSE="berkdb +gdbm +manpager nls selinux static-libs zlib"
-
-CDEPEND=">=dev-libs/libpipeline-1.4.0
-	berkdb? ( sys-libs/db:= )
-	gdbm? ( sys-libs/gdbm )
-	!berkdb? ( !gdbm? ( sys-libs/gdbm ) )
-	sys-apps/groff
-	zlib? ( sys-libs/zlib )
-	!sys-apps/man"
-DEPEND="${CDEPEND}
-	app-arch/xz-utils
-	virtual/pkgconfig
-	nls? (
-		>=app-text/po4a-0.45
-		sys-devel/gettext
-	)"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-mandb )
-"
-PDEPEND="manpager? ( app-text/manpager )"
-
-pkg_setup() {
-	# Create user now as Makefile in src_install does setuid/chown
-	enewgroup man 15
-	enewuser man 13 -1 /usr/share/man man
-
-	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
-		ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"
-	fi
-}
-
-src_configure() {
-	export ac_cv_lib_z_gzopen=$(usex zlib)
-	econf \
-		--docdir='$(datarootdir)'/doc/${PF} \
-		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d \
-		--enable-setuid \
-		--enable-cache-owner=man \
-		--with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x" \
-		$(use_enable nls) \
-		$(use_enable static-libs static) \
-		--with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
-
-	# Disable color output from groff so that the manpager can add it. #184604
-	sed -i \
-		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
-		src/man_db.conf || die
-}
-
-src_install() {
-	default
-	dodoc docs/{HACKING,TODO}
-	prune_libtool_files
-
-	exeinto /etc/cron.daily
-	newexe "${FILESDIR}"/man-db.cron man-db #289884
-}
-
-pkg_preinst() {
-	local cachedir="${EROOT}var/cache/man"
-	# If the system was already exploited, and the attacker is hiding in the
-	# cachedir of the old man-db, let's wipe them out.
-	# see bug  #602588 comment 18
-	local _replacing_version=
-	local _setgid_vuln=0
-	for _replacing_version in ${REPLACING_VERSIONS}; do
-		if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; then
-			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
-		else
-			_setgid_vuln=1
-			debug-print "Applying cleanup for security bug #602588"
-		fi
-	done
-	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
-
-	# Fall back to recreating the cachedir
-	if [[ ! -d ${cachedir} ]] ; then
-		mkdir -p "${cachedir}" || die
-		chown man:man "${cachedir}" || die
-	fi
-
-	# Update the whatis cache
-	if [[ -f ${cachedir}/whatis ]] ; then
-		einfo "Cleaning ${cachedir} from sys-apps/man"
-		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
-	fi
-}
-
-pkg_postinst() {
-	if [[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then
-		einfo "Rebuilding man-db from scratch with new database format!"
-		mandb --quiet --create
-	fi
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.9.4-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.9.4-r1.ebuild
new file mode 100644
index 0000000000..4dd59206d9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-2.9.4-r1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd prefix tmpfiles
+
+DESCRIPTION="A man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="http://www.nongnu.org/man-db/"
+if [[ "${PV}" = 9999* ]] ; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git"
+else
+	SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib"
+
+CDEPEND="
+	!sys-apps/man
+	>=dev-libs/libpipeline-1.5.0
+	sys-apps/groff
+	gdbm? ( sys-libs/gdbm:= )
+	!gdbm? ( berkdb? ( sys-libs/db:= ) )
+	!berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )
+	seccomp? ( sys-libs/libseccomp )
+	zlib? ( sys-libs/zlib )
+"
+DEPEND="${CDEPEND}"
+BDEPEND="
+	app-arch/xz-utils
+	virtual/pkgconfig
+	nls? (
+		>=app-text/po4a-0.45
+		sys-devel/gettext
+		virtual/libiconv
+		virtual/libintl
+	)
+"
+RDEPEND="
+	${CDEPEND}
+	acct-group/man
+	acct-user/man
+	selinux? ( sec-policy/selinux-mandb )
+"
+PDEPEND="manpager? ( app-text/manpager )"
+
+PATCHES=(
+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
+	"${FILESDIR}"/man-db-2.9.3-darwin-libdb-intl.patch
+)
+
+pkg_setup() {
+	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
+		ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"
+	fi
+}
+
+src_unpack() {
+	if [[ "${PV}" == *9999 ]] ; then
+		git-r3_src_unpack
+
+		# We need to mess with gnulib :-/
+		EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \
+		EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \
+		git-r3_src_unpack
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	default
+	if [[ "${PV}" == *9999 ]] ; then
+		local bootstrap_opts=(
+			--gnulib-srcdir=../gnulib
+			--no-bootstrap-sync
+			--copy
+			--no-git
+		)
+		AUTORECONF="/bin/true" \
+		LIBTOOLIZE="/bin/true" \
+		sh ./bootstrap "${bootstrap_opts[@]}" || die
+
+		eautoreconf
+	fi
+
+	hprefixify src/man_db.conf.in
+	if use prefix ; then
+		{
+			echo "#"
+			echo "# Added settings for Gentoo Prefix"
+			[[ ${CHOST} == *-darwin* ]] && \
+				echo "MANDATORY_MANPATH ${EPREFIX}/MacOSX.sdk/usr/share/man"
+			echo "MANDATORY_MANPATH /usr/share/man"
+		} >> src/man_db.conf.in
+	fi
+}
+
+src_configure() {
+	# set sections we want to search by default
+	local sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o"
+	sections+=" 1x 2x 3x 4x 5x 6x 7x 8x"
+	case ${CHOST} in
+		*-solaris*)
+			# Solaris tends to use sections named after the pkgs that
+			# owns them, in particular for libc functions we want those
+			# sections
+			local s
+			for s in $(cd /usr/share/man/ && echo man*) ; do
+				s=${s#man}
+				[[ " ${sections} " != *" ${s} "* ]] && sections+=" ${s}"
+			done
+			;;
+	esac
+
+	export ac_cv_lib_z_gzopen=$(usex zlib)
+	local myeconfargs=(
+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		--disable-setuid #662438
+		--enable-cache-owner=man
+		--with-sections="${sections}"
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		$(use_with seccomp libseccomp)
+		--with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
+	)
+	case ${CHOST} in
+		*-solaris*|*-darwin*)
+			myeconfargs+=(
+				$(use_with nls libiconv-prefix ${EPREFIX}/usr)
+				$(use_with nls libintl-prefix ${EPREFIX}/usr)
+			)
+			;;
+	esac
+	econf "${myeconfargs[@]}"
+
+	# Disable color output from groff so that the manpager can add it. #184604
+	sed -i \
+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+		src/man_db.conf || die
+
+	cat > 15man-db <<-EOF || die
+	SANDBOX_PREDICT="/var/cache/man"
+	EOF
+}
+
+src_install() {
+	default
+	dodoc docs/{HACKING,TODO}
+	find "${ED}" -type f -name "*.la" -delete || die
+
+	exeinto /etc/cron.daily
+	newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884
+
+	insinto /etc/sandbox.d
+	doins 15man-db
+}
+
+pkg_preinst() {
+	local cachedir="${EROOT}/var/cache/man"
+	# If the system was already exploited, and the attacker is hiding in the
+	# cachedir of the old man-db, let's wipe them out.
+	# see bug  #602588 comment 18
+	local _replacing_version=
+	local _setgid_vuln=0
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		if ver_test '2.7.6.1-r2' -le "${_replacing_version}"; then
+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
+		else
+			_setgid_vuln=1
+			debug-print "Applying cleanup for security bug #602588"
+		fi
+	done
+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+	# Fall back to recreating the cachedir
+	if [[ ! -d ${cachedir} ]] ; then
+		mkdir -p "${cachedir}" || die
+		chown man:man "${cachedir}" || die
+	fi
+
+	# Update the whatis cache
+	if [[ -f ${cachedir}/whatis ]] ; then
+		einfo "Cleaning ${cachedir} from sys-apps/man"
+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process man-db.conf
+
+	if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then
+		einfo "Rebuilding man-db from scratch with new database format!"
+		su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-9999.ebuild
new file mode 100644
index 0000000000..1098629151
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/man-db-9999.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd prefix tmpfiles
+
+DESCRIPTION="A man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="https://gitlab.com/cjwatson/man-db https://www.nongnu.org/man-db/"
+if [[ ${PV} == *9999 ]] ; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://gitlab.com/cjwatson/man-db.git"
+else
+	# TODO: Change tarballs to gitlab too...?
+	SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="berkdb +manpager nls +seccomp selinux static-libs zlib"
+
+CDEPEND="!sys-apps/man
+	>=dev-libs/libpipeline-1.5.0
+	sys-apps/groff
+	!berkdb? ( sys-libs/gdbm:= )
+	berkdb? ( sys-libs/db:= )
+	seccomp? ( sys-libs/libseccomp )
+	zlib? ( sys-libs/zlib )"
+DEPEND="${CDEPEND}"
+BDEPEND="app-arch/xz-utils
+	virtual/pkgconfig
+	nls? (
+		>=app-text/po4a-0.45
+		sys-devel/gettext
+		virtual/libiconv
+		virtual/libintl
+	)"
+RDEPEND="${CDEPEND}
+	acct-group/man
+	acct-user/man
+	selinux? ( sec-policy/selinux-mandb )"
+PDEPEND="manpager? ( app-text/manpager )"
+
+PATCHES=(
+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
+)
+
+src_unpack() {
+	if [[ ${PV} == *9999 ]] ; then
+		git-r3_src_unpack
+
+		# We need to mess with gnulib
+		EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \
+		EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \
+		git-r3_src_unpack
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ "${PV}" == *9999 ]] ; then
+		local bootstrap_opts=(
+			--gnulib-srcdir=../gnulib
+			--no-bootstrap-sync
+			--copy
+			--no-git
+		)
+		AUTORECONF="/bin/true" \
+		LIBTOOLIZE="/bin/true" \
+		sh ./bootstrap "${bootstrap_opts[@]}" || die
+
+		eautoreconf
+	fi
+
+	hprefixify src/man_db.conf.in
+	if use prefix ; then
+		{
+			echo "#"
+			echo "# Added settings for Gentoo Prefix"
+			[[ ${CHOST} == *-darwin* ]] && \
+				echo "MANDATORY_MANPATH ${EPREFIX}/MacOSX.sdk/usr/share/man"
+			echo "MANDATORY_MANPATH /usr/share/man"
+		} >> src/man_db.conf.in
+	fi
+}
+
+src_configure() {
+	# Set sections we want to search by default
+	local sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o"
+	sections+=" 1x 2x 3x 4x 5x 6x 7x 8x"
+	case ${CHOST} in
+		*-solaris*)
+			# Solaris tends to use sections named after the pkgs that
+			# owns them, in particular for libc functions we want those
+			# sections
+			local s
+			for s in $(cd /usr/share/man/ && echo man*) ; do
+				s=${s#man}
+				[[ " ${sections} " != *" ${s} "* ]] && sections+=" ${s}"
+			done
+			;;
+	esac
+
+	export ac_cv_lib_z_gzopen=$(usex zlib)
+	local myeconfargs=(
+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		--disable-setuid # bug #662438
+		--enable-cache-owner=man
+		--with-sections="${sections}"
+
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		$(use_with seccomp libseccomp)
+
+		--with-db=$(usex berkdb db gdbm)
+	)
+
+	case ${CHOST} in
+		*-solaris*|*-darwin*)
+			myeconfargs+=(
+				$(use_with nls libiconv-prefix "${EPREFIX}"/usr)
+				$(use_with nls libintl-prefix "${EPREFIX}"/usr)
+			)
+			;;
+	esac
+
+	econf "${myeconfargs[@]}"
+
+	# Disable color output from groff so that the manpager can add it. bug #184604
+	sed -i \
+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+		src/man_db.conf || die
+
+	cat > 15man-db <<-EOF || die
+	SANDBOX_PREDICT="/var/cache/man"
+	EOF
+}
+
+src_install() {
+	default
+	dodoc docs/{HACKING.md,TODO}
+	find "${ED}" -type f -name "*.la" -delete || die
+
+	exeinto /etc/cron.daily
+	newexe "${FILESDIR}"/man-db.cron-r1 man-db # bug #289884
+
+	insinto /etc/sandbox.d
+	doins 15man-db
+}
+
+pkg_preinst() {
+	local cachedir="${EROOT}/var/cache/man"
+	# If the system was already exploited, and the attacker is hiding in the
+	# cachedir of the old man-db, let's wipe them out.
+	# see bug  #602588 comment 18
+	local _replacing_version=
+	local _setgid_vuln=0
+	for _replacing_version in ${REPLACING_VERSIONS} ; do
+		if ver_test '2.7.6.1-r2' -le "${_replacing_version}" ; then
+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
+		else
+			_setgid_vuln=1
+			debug-print "Applying cleanup for security bug #602588"
+		fi
+	done
+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+	# Fall back to recreating the cachedir
+	if [[ ! -d ${cachedir} ]] ; then
+		mkdir -p "${cachedir}" || die
+		chown man:man "${cachedir}" || die
+	fi
+
+	# Update the whatis cache
+	if [[ -f ${cachedir}/whatis ]] ; then
+		einfo "Cleaning ${cachedir} from sys-apps/man"
+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process man-db.conf
+
+	if [[ -n "${REPLACING_VERSIONS}" ]] ; then
+		local _replacing_version=
+
+		for _replacing_version in ${REPLACING_VERSIONS} ; do
+			if [[ $(ver_cut 2 ${_replacing_version}) -lt 7 ]] ; then
+				einfo "Rebuilding man-db from scratch with new database format!"
+				su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
+
+				# No need to run it again if we hit one
+				break
+			fi
+		done
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/metadata.xml
index c4bde02092..e840f33805 100644
--- a/sdk_container/src/third_party/portage-stable/sys-apps/man-db/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/man-db/metadata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <maintainer type="project">
 	<email>base-system@gentoo.org</email>