Merge pull request #343 from flatcar-linux/sayan/update-curl-7.84.0

net-misc/curl: Sync with Gentoo upstream; updates to 7.84.0
2025-08-15 08:56:58 +02:00 · 2022-07-15 15:30:38 +05:30 · 2022-07-15 15:30:38 +05:30 · 63e462da73
commit 63e462da73
parent 7faf9d8649 8f676895bc
12 changed files with 62 additions and 904 deletions
--- a/sdk_container/src/third_party/portage-stable/changelog/security/2022-07-15-curl-7.84.0.md
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-07-15-curl-7.84.0.md
@ -0,0 +1 @@
 - curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))
--- a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-07-15-curl-7.84.0.md
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-07-15-curl-7.84.0.md
@ -0,0 +1 @@
 - curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest
@ -1,12 +1,6 @@
 DIST curl-7.79.1.tar.xz 2465212 BLAKE2B 2b694f96661c0aa0a136fdae4159e0ca8e811557c5a1f0b47cccaaad122f3ddbdaa6450c3835290955baf9357e872ee105a8cb0912064af3d3e38d16beb124ad SHA512 1edb71647a7f4dbb070baf1a019b4751aefeda793ff523c504410bb5cc74e5bffc52f20dd889697d1585f9ca3c4e81b1a9caadd182c30c8358ffd25f33e4db4d
 DIST curl-7.79.1.tar.xz.asc 488 BLAKE2B cf1864b15ee4b47a61a03968c4fd9526d4c8d0c5a8a0a1357de61758640e6dfda57334df1e63afd94c0064b7e61527623dd20446b27fa0130e0bf92c647d9820 SHA512 4f7930fde0a21358cf0bd8d5cbde5a05efc34202265b4744e59f49d9dc269987f47b4ead77c33e2ae03acabd7b6d6a731c69b91999eea70542f49d9ea0c2ba94
 DIST curl-7.80.0.tar.xz 2474492 BLAKE2B 0452ecb6943bc56b20ad8f1223135c9cae68cf31089b0e17e84d81af98dc5a47f5edfc271c5b4c23f232db6cea7ff5a9bffa9c7c319255d9afdb06fa5b8f761f SHA512 e04ddd74b0d5b3607a29bcf5d379d83a01c7dffa4ad3e2f25d8c85a3df7dbdb0625b0df1f04f02351695674502828e0e17e8b46c889cbf1e43f86d6e6dd716ab
 DIST curl-7.80.0.tar.xz.asc 488 BLAKE2B 5cde8a91059bb19b9ee9b1aa4c3225522398a0d5837edf3d99b7f9ea758e5df2a729ce1d0a9763967c2319c30d94ba80ff50888dec07665a818216d42b91feee SHA512 e11adb85fb061bba8838f435f6afb200924f24cb7351d9a8208ec3d317d8ef8c1e16f06dedfc623acc749931015c42dcd86236a53602c6632b3a750841345b05
 DIST curl-7.81.0.tar.xz 2486388 BLAKE2B bf8a3a03564648a9d7a5b4e7a523d840230f03237cf9eb5b07dcb4f531b036eb8111c1944bedd0c1df188e09a09468b3487d24ea50781124bc33d194546691f4 SHA512 38355aaee38db04bb2babdc5fd7a88284580c836d15df754f42b104997dd344b7841be8e53b4fc91aea31db170a7d6967c4976833eb4bfe0d265c7275c4800df
 DIST curl-7.81.0.tar.xz.asc 488 BLAKE2B 9280f10b14ddd95a1405fda79f8c51528c91c5e86b8f90d16d20d7f11d212e6e4391377eed971d0b0b27f5f4692c702e9d7a11705f0558ad39df38608d6a0648 SHA512 ca32a639900a9f8211005227dfb594f809c5ca5ec1eb87e944ef33cca60e4844f5b6ebe49de79fba53068e5dee9652b1d43a7d3a74e05419a2ffb5b40dab8176
 DIST curl-7.82.0.tar.xz 2446764 BLAKE2B 838accae4a45c090909cff91477a023789a79535691c80e507fd9e9712861b0c08e25ecd26079cb8ac8946cdf429a50991a7521e7b550b43c19e455625bc0750 SHA512 a977d69360d1793f8872096a21f5c0271e7ad145cd69ad45f4056a0657772f0f298b04bdb41aefd4ea5c4478352c60d80b5a118642280a07a7198aa80ffb1d57
 DIST curl-7.82.0.tar.xz.asc 488 BLAKE2B 9da4ea63671621df956aa5dc191cfc6c8d2a8b1958416ca58ffc04d43ed65b89244968588879e6bd3299ca8f60b1eccb34dede012f8a2a37acf3ca34021da958 SHA512 1f14d8ab55360ba735dff916369ee318e98767718394654ce9443b6013509b6d3ed5597685b142e9823cec7496373b709a8656515d66039c06783879655151fe
 DIST curl-7.83.0.tar.xz 2472560 BLAKE2B 0669f40265a56e7549e8038ed8421680d7264bff44dcc0692cf9f5248621311be5e228314710149bf9d2ccbe739f929039e04402c1d04a1362d0bbf08cb8cdc7 SHA512 be02bb2a8a3140eff3a9046f27cd4f872ed9ddaa644af49e56e5ef7dfec84a15b01db133469269437cddc937eda73953fa8c51bb758f7e98873822cd2290d3a9
 DIST curl-7.83.0.tar.xz.asc 488 BLAKE2B a8f6dcf00f1b01b457a7eecc8364538393f414df60757f3664709c62b6007023a34ddf4ecb4688734e396031d30905b490dd0c115f09a9428db6a6be97cdf72c SHA512 8fb90f9692f4fdb82ea49f0e5151219b2334da5d3910f28e787bb688fb055b8b028ccf75cdcc15cd9f86d780d479f88f902fef7d7b9e007a4b849cb25c6c13cc
 DIST curl-7.83.1.tar.xz 2474940 BLAKE2B 491427b12f082c2246ef6cb2a129340079db28bd93b4381889e7328bef1d61a79bb57cba4b8372759baa4f6e77644966ed95cfa8f839ee9db634786757fb1ce0 SHA512 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
 DIST curl-7.83.1.tar.xz.asc 488 BLAKE2B 78f7a6d9a32cab97e9ce26430eb2be2bc4e20552cf8c59238f30f127e9d7af5b4f9808c3fe0846c18c8f7a67b49f2f75d865d17b7760bb664872934799949441 SHA512 f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191
 DIST curl-7.84.0.tar.xz 2477944 BLAKE2B 811a63285f39a598bc4fd73ae4b8e23e5146b93dcf3eea805345792b7dddd85bbd54240d9871a0dc9f058d58fd7ea7f4efbcb82727218e8afaaae3600bad55e1 SHA512 86231866a35593a1637fbc0c6af3b6761bdfd99fb35580cc52970c36f19604f93dce59fea67a1d5bb4b455f719307599c7916c77d14f2b661f6bf7fb1ca716ce
 DIST curl-7.84.0.tar.xz.asc 488 BLAKE2B d74dea89fa89b6ed0a928e01987669f7dde0bcbb30423ea0f3af9f31eea1e059d458629d80455d772264d744fab236d4f506545afa1bfbd6ded7e2b27192a7c8 SHA512 80ff5274277ad97448fa53511bab6e8a1c302bcb25fc0916d78b8dc6c6af43d944c37c4ed46668b651cc639ec4964780725117ca0e85168ea66ad7cc98d29702
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.80.0-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.80.0-r1.ebuild
@ -1,278 +0,0 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI="7"
 inherit autotools prefix multilib-minimal verify-sig
 DESCRIPTION="A Client that groks URLs"
 HOMEPAGE="https://curl.haxx.se/"
 SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
 	verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
 LICENSE="curl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
 IUSE+=" nghttp3 quiche"
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
 # c-ares must be disabled for threads
 # only one default ssl provider can be enabled
 REQUIRED_USE="
 	threads? ( !adns )
 	ssl? (
 		^^ (
 			curl_ssl_gnutls
 			curl_ssl_mbedtls
 			curl_ssl_nss
 			curl_ssl_openssl
 		)
 	)"
 # lead to lots of false negatives, bug #285669
 RESTRICT="!test? ( test )"
 RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
 	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
 	ssl? (
 		gnutls? (
 			net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
 			dev-libs/nettle:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		mbedtls? (
 			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		openssl? (
 			dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
 		)
 		nss? (
 			dev-libs/nss:0[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 	)
 	http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
 	nghttp3? (
 		net-libs/nghttp3[${MULTILIB_USEDEP}]
 		net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
 	)
 	quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
 	idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
 	adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
 	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
 	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
 	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
 	sys-libs/zlib[${MULTILIB_USEDEP}]
 	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
 # Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
 #	rtmp? (
 #		media-video/rtmpdump
 #		curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
 #		curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
 #	)
 DEPEND="${RDEPEND}"
 BDEPEND="dev-lang/perl
 	virtual/pkgconfig
 	test? (
 		sys-apps/diffutils
 	)
 	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
 DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
 MULTILIB_WRAPPED_HEADERS=(
 	/usr/include/curl/curlbuild.h
 )
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/curl-config
 )
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
 )
 src_prepare() {
 	default
 	eprefixify curl-config.in
 	eautoreconf
 }
 multilib_src_configure() {
 	# We make use of the fact that later flags override earlier ones
 	# So start with all ssl providers off until proven otherwise
 	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
 	local myconf=()
 	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
 	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
 		if use gnutls || use curl_ssl_gnutls; then
 			einfo "SSL provided by gnutls"
 			myconf+=( --with-gnutls --with-nettle )
 		fi
 		if use mbedtls || use curl_ssl_mbedtls; then
 			einfo "SSL provided by mbedtls"
 			myconf+=( --with-mbedtls )
 		fi
 		if use nss || use curl_ssl_nss; then
 			einfo "SSL provided by nss"
 			myconf+=( --with-nss )
 		fi
 		if use openssl || use curl_ssl_openssl; then
 			einfo "SSL provided by openssl"
 			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
 		fi
 		if use curl_ssl_gnutls; then
 			einfo "Default SSL provided by gnutls"
 			myconf+=( --with-default-ssl-backend=gnutls )
 		elif use curl_ssl_mbedtls; then
 			einfo "Default SSL provided by mbedtls"
 			myconf+=( --with-default-ssl-backend=mbedtls )
 		elif use curl_ssl_nss; then
 			einfo "Default SSL provided by nss"
 			myconf+=( --with-default-ssl-backend=nss )
 		elif use curl_ssl_openssl; then
 			einfo "Default SSL provided by openssl"
 			myconf+=( --with-default-ssl-backend=openssl )
 		else
 			eerror "We can't be here because of REQUIRED_USE."
 		fi
 	else
 		einfo "SSL disabled"
 	fi
 	# These configuration options are organized alphabetically
 	# within each category.  This should make it easier if we
 	# ever decide to make any of them contingent on USE flags:
 	# 1) protocols first.  To see them all do
 	# 'grep SUPPORT_PROTOCOLS configure.ac'
 	# 2) --enable/disable options second.
 	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
 	# 3) --with/without options third.
 	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
 	myconf+=(
 		$(use_enable alt-svc)
 		--enable-crypto-auth
 		--enable-dict
 		--disable-ech
 		--enable-file
 		$(use_enable ftp)
 		$(use_enable gopher)
 		$(use_enable hsts)
 		--enable-http
 		$(use_enable imap)
 		$(use_enable ldap)
 		$(use_enable ldap ldaps)
 		--enable-ntlm
 		--disable-ntlm-wb
 		$(use_enable pop3)
 		--enable-rt
 		--enable-rtsp
 		$(use_enable samba smb)
 		$(use_with ssh libssh2)
 		$(use_enable smtp)
 		$(use_enable telnet)
 		$(use_enable tftp)
 		--enable-tls-srp
 		$(use_enable adns ares)
 		--enable-cookies
 		--enable-dateparse
 		--enable-dnsshuffle
 		--enable-doh
 		--enable-symbol-hiding
 		--enable-http-auth
 		$(use_enable ipv6)
 		--enable-largefile
 		--enable-manual
 		--enable-mime
 		--enable-netrc
 		$(use_enable progress-meter)
 		--enable-proxy
 		--disable-sspi
 		$(use_enable static-libs static)
 		$(use_enable threads threaded-resolver)
 		$(use_enable threads pthreads)
 		--disable-versioned-symbols
 		--without-amissl
 		--without-bearssl
 		$(use_with brotli)
 		--without-fish-functions-dir
 		$(use_with http2 nghttp2)
 		--without-hyper
 		$(use_with idn libidn2)
 		$(use_with kerberos gssapi "${EPREFIX}"/usr)
 		--without-libgsasl
 		--without-libpsl
 		$(use_with nghttp3)
 		$(use_with nghttp3 ngtcp2)
 		$(use_with quiche)
 		$(use_with rtmp librtmp)
 		--without-rustls
 		--without-schannel
 		--without-secure-transport
 		--without-winidn
 		--without-wolfssl
 		--with-zlib
 		$(use_with zstd)
 	)
 	ECONF_SOURCE="${S}" \
 	econf "${myconf[@]}"
 	if ! multilib_is_native_abi; then
 		# avoid building the client
 		sed -i -e '/SUBDIRS/s:src::' Makefile || die
 		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
 	fi
 	# Fix up the pkg-config file to be more robust.
 	# https://github.com/curl/curl/issues/864
 	local priv=() libs=()
 	# We always enable zlib.
 	libs+=( "-lz" )
 	priv+=( "zlib" )
 	if use http2; then
 		libs+=( "-lnghttp2" )
 		priv+=( "libnghttp2" )
 	fi
 	if use quiche; then
 		libs+=( "-lquiche" )
 		priv+=( "quiche" )
 	fi
 	if use nghttp3; then
 		libs+=( "-lnghttp3" "-lngtcp2" )
 		priv+=( "libnghttp3" "-libtcp2" )
 	fi
 	if use ssl && use curl_ssl_openssl; then
 		libs+=( "-lssl" "-lcrypto" )
 		priv+=( "openssl" )
 	fi
 	grep -q Requires.private libcurl.pc && die "need to update ebuild"
 	libs=$(printf '|%s' "${libs[@]}")
 	sed -i -r \
 		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
 		libcurl.pc || die
 	echo "Requires.private: ${priv[*]}" >> libcurl.pc
 }
 multilib_src_test() {
 	multilib_is_native_abi && default_src_test
 }
 multilib_src_install_all() {
 	einstalldocs
 	find "${ED}" -type f -name '*.la' -delete || die
 	rm -rf "${ED}"/etc/ || die
 }
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.81.0-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.81.0-r1.ebuild
@ -1,278 +0,0 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI="8"
 inherit autotools prefix multilib-minimal verify-sig
 DESCRIPTION="A Client that groks URLs"
 HOMEPAGE="https://curl.haxx.se/"
 SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
 	verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
 LICENSE="curl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
 IUSE+=" nghttp3 quiche"
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
 # c-ares must be disabled for threads
 # only one default ssl provider can be enabled
 REQUIRED_USE="
 	threads? ( !adns )
 	ssl? (
 		^^ (
 			curl_ssl_gnutls
 			curl_ssl_mbedtls
 			curl_ssl_nss
 			curl_ssl_openssl
 		)
 	)"
 # lead to lots of false negatives, bug #285669
 RESTRICT="!test? ( test )"
 RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
 	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
 	ssl? (
 		gnutls? (
 			net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
 			dev-libs/nettle:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		mbedtls? (
 			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		openssl? (
 			dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
 		)
 		nss? (
 			dev-libs/nss:0[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 	)
 	http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
 	nghttp3? (
 		net-libs/nghttp3[${MULTILIB_USEDEP}]
 		net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
 	)
 	quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
 	idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
 	adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
 	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
 	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
 	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
 	sys-libs/zlib[${MULTILIB_USEDEP}]
 	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
 # Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
 #	rtmp? (
 #		media-video/rtmpdump
 #		curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
 #		curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
 #	)
 DEPEND="${RDEPEND}"
 BDEPEND="dev-lang/perl
 	virtual/pkgconfig
 	test? (
 		sys-apps/diffutils
 	)
 	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
 DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
 MULTILIB_WRAPPED_HEADERS=(
 	/usr/include/curl/curlbuild.h
 )
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/curl-config
 )
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
 )
 src_prepare() {
 	default
 	eprefixify curl-config.in
 	eautoreconf
 }
 multilib_src_configure() {
 	# We make use of the fact that later flags override earlier ones
 	# So start with all ssl providers off until proven otherwise
 	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
 	local myconf=()
 	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
 	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
 		if use gnutls || use curl_ssl_gnutls; then
 			einfo "SSL provided by gnutls"
 			myconf+=( --with-gnutls --with-nettle )
 		fi
 		if use mbedtls || use curl_ssl_mbedtls; then
 			einfo "SSL provided by mbedtls"
 			myconf+=( --with-mbedtls )
 		fi
 		if use nss || use curl_ssl_nss; then
 			einfo "SSL provided by nss"
 			myconf+=( --with-nss )
 		fi
 		if use openssl || use curl_ssl_openssl; then
 			einfo "SSL provided by openssl"
 			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
 		fi
 		if use curl_ssl_gnutls; then
 			einfo "Default SSL provided by gnutls"
 			myconf+=( --with-default-ssl-backend=gnutls )
 		elif use curl_ssl_mbedtls; then
 			einfo "Default SSL provided by mbedtls"
 			myconf+=( --with-default-ssl-backend=mbedtls )
 		elif use curl_ssl_nss; then
 			einfo "Default SSL provided by nss"
 			myconf+=( --with-default-ssl-backend=nss )
 		elif use curl_ssl_openssl; then
 			einfo "Default SSL provided by openssl"
 			myconf+=( --with-default-ssl-backend=openssl )
 		else
 			eerror "We can't be here because of REQUIRED_USE."
 		fi
 	else
 		einfo "SSL disabled"
 	fi
 	# These configuration options are organized alphabetically
 	# within each category.  This should make it easier if we
 	# ever decide to make any of them contingent on USE flags:
 	# 1) protocols first.  To see them all do
 	# 'grep SUPPORT_PROTOCOLS configure.ac'
 	# 2) --enable/disable options second.
 	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
 	# 3) --with/without options third.
 	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
 	myconf+=(
 		$(use_enable alt-svc)
 		--enable-crypto-auth
 		--enable-dict
 		--disable-ech
 		--enable-file
 		$(use_enable ftp)
 		$(use_enable gopher)
 		$(use_enable hsts)
 		--enable-http
 		$(use_enable imap)
 		$(use_enable ldap)
 		$(use_enable ldap ldaps)
 		--enable-ntlm
 		--disable-ntlm-wb
 		$(use_enable pop3)
 		--enable-rt
 		--enable-rtsp
 		$(use_enable samba smb)
 		$(use_with ssh libssh2)
 		$(use_enable smtp)
 		$(use_enable telnet)
 		$(use_enable tftp)
 		--enable-tls-srp
 		$(use_enable adns ares)
 		--enable-cookies
 		--enable-dateparse
 		--enable-dnsshuffle
 		--enable-doh
 		--enable-symbol-hiding
 		--enable-http-auth
 		$(use_enable ipv6)
 		--enable-largefile
 		--enable-manual
 		--enable-mime
 		--enable-netrc
 		$(use_enable progress-meter)
 		--enable-proxy
 		--disable-sspi
 		$(use_enable static-libs static)
 		$(use_enable threads threaded-resolver)
 		$(use_enable threads pthreads)
 		--disable-versioned-symbols
 		--without-amissl
 		--without-bearssl
 		$(use_with brotli)
 		--without-fish-functions-dir
 		$(use_with http2 nghttp2)
 		--without-hyper
 		$(use_with idn libidn2)
 		$(use_with kerberos gssapi "${EPREFIX}"/usr)
 		--without-libgsasl
 		--without-libpsl
 		$(use_with nghttp3)
 		$(use_with nghttp3 ngtcp2)
 		$(use_with quiche)
 		$(use_with rtmp librtmp)
 		--without-rustls
 		--without-schannel
 		--without-secure-transport
 		--without-winidn
 		--without-wolfssl
 		--with-zlib
 		$(use_with zstd)
 	)
 	ECONF_SOURCE="${S}" \
 	econf "${myconf[@]}"
 	if ! multilib_is_native_abi; then
 		# avoid building the client
 		sed -i -e '/SUBDIRS/s:src::' Makefile || die
 		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
 	fi
 	# Fix up the pkg-config file to be more robust.
 	# https://github.com/curl/curl/issues/864
 	local priv=() libs=()
 	# We always enable zlib.
 	libs+=( "-lz" )
 	priv+=( "zlib" )
 	if use http2; then
 		libs+=( "-lnghttp2" )
 		priv+=( "libnghttp2" )
 	fi
 	if use quiche; then
 		libs+=( "-lquiche" )
 		priv+=( "quiche" )
 	fi
 	if use nghttp3; then
 		libs+=( "-lnghttp3" "-lngtcp2" )
 		priv+=( "libnghttp3" "-libtcp2" )
 	fi
 	if use ssl && use curl_ssl_openssl; then
 		libs+=( "-lssl" "-lcrypto" )
 		priv+=( "openssl" )
 	fi
 	grep -q Requires.private libcurl.pc && die "need to update ebuild"
 	libs=$(printf '|%s' "${libs[@]}")
 	sed -i -r \
 		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
 		libcurl.pc || die
 	echo "Requires.private: ${priv[*]}" >> libcurl.pc
 }
 multilib_src_test() {
 	multilib_is_native_abi && default_src_test
 }
 multilib_src_install_all() {
 	einstalldocs
 	find "${ED}" -type f -name '*.la' -delete || die
 	rm -rf "${ED}"/etc/ || die
 }
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.82.0-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.82.0-r2.ebuild
@ -1,279 +0,0 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI="8"
 inherit autotools prefix multilib-minimal verify-sig
 DESCRIPTION="A Client that groks URLs"
 HOMEPAGE="https://curl.haxx.se/"
 SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
 	verify-sig? ( https://curl.haxx.se/download/${P}.tar.xz.asc )"
 LICENSE="curl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
 IUSE+=" nghttp3 quiche"
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/danielstenberg.asc
 # c-ares must be disabled for threads
 # only one default ssl provider can be enabled
 REQUIRED_USE="
 	threads? ( !adns )
 	ssl? (
 		^^ (
 			curl_ssl_gnutls
 			curl_ssl_mbedtls
 			curl_ssl_nss
 			curl_ssl_openssl
 		)
 	)"
 # lead to lots of false negatives, bug #285669
 RESTRICT="!test? ( test )"
 RDEPEND="ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] )
 	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
 	ssl? (
 		gnutls? (
 			net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
 			dev-libs/nettle:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		mbedtls? (
 			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 		openssl? (
 			dev-libs/openssl:0=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
 		)
 		nss? (
 			dev-libs/nss:0[${MULTILIB_USEDEP}]
 			app-misc/ca-certificates
 		)
 	)
 	http2? ( net-libs/nghttp2:=[${MULTILIB_USEDEP}] )
 	nghttp3? (
 		net-libs/nghttp3[${MULTILIB_USEDEP}]
 		net-libs/ngtcp2[ssl,${MULTILIB_USEDEP}]
 	)
 	quiche? ( >=net-libs/quiche-0.3.0[${MULTILIB_USEDEP}] )
 	idn? ( net-dns/libidn2:0=[static-libs?,${MULTILIB_USEDEP}] )
 	adns? ( net-dns/c-ares:0=[${MULTILIB_USEDEP}] )
 	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
 	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
 	ssh? ( net-libs/libssh2[${MULTILIB_USEDEP}] )
 	sys-libs/zlib[${MULTILIB_USEDEP}]
 	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )"
 # Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
 #	rtmp? (
 #		media-video/rtmpdump
 #		curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
 #		curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
 #	)
 DEPEND="${RDEPEND}"
 BDEPEND="dev-lang/perl
 	virtual/pkgconfig
 	test? (
 		sys-apps/diffutils
 	)
 	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )"
 DOCS=( CHANGES README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
 MULTILIB_WRAPPED_HEADERS=(
 	/usr/include/curl/curlbuild.h
 )
 MULTILIB_CHOST_TOOLS=(
 	/usr/bin/curl-config
 )
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
 	"${FILESDIR}"/${P}-certs-processing.patch
 )
 src_prepare() {
 	default
 	eprefixify curl-config.in
 	eautoreconf
 }
 multilib_src_configure() {
 	# We make use of the fact that later flags override earlier ones
 	# So start with all ssl providers off until proven otherwise
 	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
 	local myconf=()
 	myconf+=( --without-gnutls --without-mbedtls --without-nss --without-ssl )
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
 	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
 		if use gnutls || use curl_ssl_gnutls; then
 			einfo "SSL provided by gnutls"
 			myconf+=( --with-gnutls --with-nettle )
 		fi
 		if use mbedtls || use curl_ssl_mbedtls; then
 			einfo "SSL provided by mbedtls"
 			myconf+=( --with-mbedtls )
 		fi
 		if use nss || use curl_ssl_nss; then
 			einfo "SSL provided by nss"
 			myconf+=( --with-nss --with-nss-deprecated )
 		fi
 		if use openssl || use curl_ssl_openssl; then
 			einfo "SSL provided by openssl"
 			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
 		fi
 		if use curl_ssl_gnutls; then
 			einfo "Default SSL provided by gnutls"
 			myconf+=( --with-default-ssl-backend=gnutls )
 		elif use curl_ssl_mbedtls; then
 			einfo "Default SSL provided by mbedtls"
 			myconf+=( --with-default-ssl-backend=mbedtls )
 		elif use curl_ssl_nss; then
 			einfo "Default SSL provided by nss"
 			myconf+=( --with-default-ssl-backend=nss )
 		elif use curl_ssl_openssl; then
 			einfo "Default SSL provided by openssl"
 			myconf+=( --with-default-ssl-backend=openssl )
 		else
 			eerror "We can't be here because of REQUIRED_USE."
 		fi
 	else
 		einfo "SSL disabled"
 	fi
 	# These configuration options are organized alphabetically
 	# within each category.  This should make it easier if we
 	# ever decide to make any of them contingent on USE flags:
 	# 1) protocols first.  To see them all do
 	# 'grep SUPPORT_PROTOCOLS configure.ac'
 	# 2) --enable/disable options second.
 	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
 	# 3) --with/without options third.
 	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
 	myconf+=(
 		$(use_enable alt-svc)
 		--enable-crypto-auth
 		--enable-dict
 		--disable-ech
 		--enable-file
 		$(use_enable ftp)
 		$(use_enable gopher)
 		$(use_enable hsts)
 		--enable-http
 		$(use_enable imap)
 		$(use_enable ldap)
 		$(use_enable ldap ldaps)
 		--enable-ntlm
 		--disable-ntlm-wb
 		$(use_enable pop3)
 		--enable-rt
 		--enable-rtsp
 		$(use_enable samba smb)
 		$(use_with ssh libssh2)
 		$(use_enable smtp)
 		$(use_enable telnet)
 		$(use_enable tftp)
 		--enable-tls-srp
 		$(use_enable adns ares)
 		--enable-cookies
 		--enable-dateparse
 		--enable-dnsshuffle
 		--enable-doh
 		--enable-symbol-hiding
 		--enable-http-auth
 		$(use_enable ipv6)
 		--enable-largefile
 		--enable-manual
 		--enable-mime
 		--enable-netrc
 		$(use_enable progress-meter)
 		--enable-proxy
 		--disable-sspi
 		$(use_enable static-libs static)
 		$(use_enable threads threaded-resolver)
 		$(use_enable threads pthreads)
 		--disable-versioned-symbols
 		--without-amissl
 		--without-bearssl
 		$(use_with brotli)
 		--without-fish-functions-dir
 		$(use_with http2 nghttp2)
 		--without-hyper
 		$(use_with idn libidn2)
 		$(use_with kerberos gssapi "${EPREFIX}"/usr)
 		--without-libgsasl
 		--without-libpsl
 		$(use_with nghttp3)
 		$(use_with nghttp3 ngtcp2)
 		$(use_with quiche)
 		$(use_with rtmp librtmp)
 		--without-rustls
 		--without-schannel
 		--without-secure-transport
 		--without-winidn
 		--without-wolfssl
 		--with-zlib
 		$(use_with zstd)
 	)
 	ECONF_SOURCE="${S}" \
 	econf "${myconf[@]}"
 	if ! multilib_is_native_abi; then
 		# avoid building the client
 		sed -i -e '/SUBDIRS/s:src::' Makefile || die
 		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
 	fi
 	# Fix up the pkg-config file to be more robust.
 	# https://github.com/curl/curl/issues/864
 	local priv=() libs=()
 	# We always enable zlib.
 	libs+=( "-lz" )
 	priv+=( "zlib" )
 	if use http2; then
 		libs+=( "-lnghttp2" )
 		priv+=( "libnghttp2" )
 	fi
 	if use quiche; then
 		libs+=( "-lquiche" )
 		priv+=( "quiche" )
 	fi
 	if use nghttp3; then
 		libs+=( "-lnghttp3" "-lngtcp2" )
 		priv+=( "libnghttp3" "-libtcp2" )
 	fi
 	if use ssl && use curl_ssl_openssl; then
 		libs+=( "-lssl" "-lcrypto" )
 		priv+=( "openssl" )
 	fi
 	grep -q Requires.private libcurl.pc && die "need to update ebuild"
 	libs=$(printf '|%s' "${libs[@]}")
 	sed -i -r \
 		-e "/^Libs.private/s:(${libs#|})( |$)::g" \
 		libcurl.pc || die
 	echo "Requires.private: ${priv[*]}" >> libcurl.pc
 }
 multilib_src_test() {
 	multilib_is_native_abi && default_src_test
 }
 multilib_src_install_all() {
 	einstalldocs
 	find "${ED}" -type f -name '*.la' -delete || die
 	rm -rf "${ED}"/etc/ || die
 }
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.83.1.ebuild
@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
 LICENSE="curl"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
 IUSE+=" nghttp3 quiche"
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.84.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/curl-7.84.0.ebuild
@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz
 LICENSE="curl"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap ipv6 kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl sslv3 static-libs test telnet +tftp threads zstd"
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl"
 IUSE+=" nghttp3 quiche"
@ -95,9 +95,9 @@ MULTILIB_CHOST_TOOLS=(
 PATCHES=(
 	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
 	"${FILESDIR}"/${PN}-7.84.0-easylock.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
-	# Bug 842780, fixed upstream, drop on next version bump
+	"${FILESDIR}"/${PN}-7.84.0-include-sched.patch
 	"${FILESDIR}"/${P}-http2.patch
 )
 src_prepare() {
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.82.0-certs-processing.patch
@ -1,27 +0,0 @@
 https://github.com/curl/curl/issues/8559
 https://bugs.gentoo.org/836629
 From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Tue, 8 Mar 2022 13:38:13 +0100
 Subject: [PATCH] openssl: fix CN check error code
 Due to a missing 'else' this returns error too easily.
 Regressed in: d15692ebb
 Reported-by: Kristoffer Gleditsch
 Fixes #8559
 Closes #8560
 --- a/lib/vtls/openssl.c
 +++ b/lib/vtls/openssl.c
@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
               memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
               peer_CN[peerlen] = '\0';
             }
 -            result = CURLE_OUT_OF_MEMORY;
 +            else
 +              result = CURLE_OUT_OF_MEMORY;
           }
         }
         else /* not a UTF8 name */
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.83.0-http2.patch
@ -1,30 +0,0 @@
 Bug: https://bugs.gentoo.org/842780, https://github.com/curl/curl/pull/8768
 https://github.com/curl/curl/commit/6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3
 From 6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Thu, 28 Apr 2022 17:11:50 +0200
 Subject: [PATCH] mbedtls: fix compile when h2-enabled
 Fixes #8766
 Reported-by: LigH-de on github
 Closes #8768
 ---
 lib/vtls/mbedtls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
 index 64f57c5d8321..5f9b87e6b75b 100644
 --- a/lib/vtls/mbedtls.c
 +++ b/lib/vtls/mbedtls.c
@@ -815,8 +815,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
     if(next_protocol) {
       infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
 #ifdef USE_HTTP2
 -      if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) &&
 -         !next_protocol[ALPN_H2_LEN]) {
 +      if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
 +         !next_protocol[ALPN_H2_LENGTH]) {
         conn->negnpn = CURL_HTTP_VERSION_2;
       }
       else
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.84.0-easylock.patch
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.84.0-easylock.patch
@ -0,0 +1,30 @@
 From 50efb0822aa0e0ab165158dd0a26e65a2290e6d2 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Tue, 28 Jun 2022 09:00:25 +0200
 Subject: [PATCH] easy_lock: switch to using atomic_int instead of bool
 To work with more compilers without requiring separate libs to
 link. Like with gcc-12 for RISC-V on Linux.
 Reported-by: Adam Sampson
 Fixes #9055
 Closes #9061
 ---
 lib/easy_lock.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/lib/easy_lock.h b/lib/easy_lock.h
 index 07c85c5ffdd19..9c11bc50c5f20 100644
 --- a/lib/easy_lock.h
 +++ b/lib/easy_lock.h
@@ -40,8 +40,8 @@
 #include <sched.h>
 #endif
 -#define curl_simple_lock atomic_bool
 -#define CURL_SIMPLE_LOCK_INIT false
 +#define curl_simple_lock atomic_int
 +#define CURL_SIMPLE_LOCK_INIT 0
 static inline void curl_simple_lock_lock(curl_simple_lock *lock)
 {
--- a/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.84.0-include-sched.patch
+++ b/sdk_container/src/third_party/portage-stable/net-misc/curl/files/curl-7.84.0-include-sched.patch
@ -0,0 +1,24 @@
 https://github.com/curl/curl/commit/e2e7f54b7bea521fa8373095d0f43261a720cda0
 https://bugs.gentoo.org/855710
 From e2e7f54b7bea521fa8373095d0f43261a720cda0 Mon Sep 17 00:00:00 2001
 From: Daniel Stenberg <daniel@haxx.se>
 Date: Mon, 27 Jun 2022 08:46:21 +0200
 Subject: [PATCH] easy_lock.h: include sched.h if available to fix build
 Patched-by: Harry Sintonen
 Closes #9054
 --- a/lib/easy_lock.h
 +++ b/lib/easy_lock.h
@@ -36,6 +36,9 @@
 #elif defined (HAVE_ATOMIC)
 #include <stdatomic.h>
 +#if defined(HAVE_SCHED_YIELD)
 +#include <sched.h>
 +#endif
 #define curl_simple_lock atomic_bool
 #define CURL_SIMPLE_LOCK_INIT false
		`@ -0,0 +1 @@`
							`- curl ([CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))`
		`@ -0,0 +1 @@`
							`- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))`