diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-16.xml
new file mode 100644
index 0000000000..f6944b12de
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-16">
+  <title>GNU Wget: Header injection</title>
+  <synopsis>A header injection vulnerability in GNU Wget might allow remote
+    attackers to inject arbitrary HTTP headers.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2017-06-20</announced>
+  <revised>2017-06-20: 1</revised>
+  <bug>612326</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.1-r1</unaffected>
+      <vulnerable range="lt">1.19.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that there was a header injection vulnerability in GNU
+      Wget which allowed remote attackers to inject arbitrary HTTP headers via
+      CRLF sequences in the host subcomponent of a URL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject arbitrary HTTP headers in requests by
+      tricking a user running GNU Wget into processing crafted URLs.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.1-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6508">CVE-2017-6508</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-03-23T20:33:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:09:12Z">whissi</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-17.xml
new file mode 100644
index 0000000000..5b704e20ec
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-17.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-17">
+  <title>Kodi: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Kodi, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">kodi</product>
+  <announced>2017-06-20</announced>
+  <revised>2017-06-20: 1</revised>
+  <bug>549342</bug>
+  <bug>619492</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-tv/kodi" auto="yes" arch="*">
+      <unaffected range="ge">17.2</unaffected>
+      <vulnerable range="lt">17.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kodi (formerly XBMC) is a free and open-source media player software
+      application.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Kodi. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using Kodi, possibly resulting in a Denial of Service condition.
+    </p>
+    
+    <p>Furthermore, a remote attacker could entice a user process a specially
+      crafted ZIP file containing subtitles using Kodi, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kodi users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-tv/kodi-17.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8314">CVE-2017-8314</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-06T16:37:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:18:36Z">whissi</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-18.xml
new file mode 100644
index 0000000000..79e77936af
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-18.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-18">
+  <title>mbed TLS: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in mbed TLS, the worst of
+    which could lead to the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">mbedtls</product>
+  <announced>2017-06-20</announced>
+  <revised>2017-06-20: 1</revised>
+  <bug>562608</bug>
+  <bug>571102</bug>
+  <bug>618824</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/mbedtls" auto="yes" arch="*">
+      <unaffected range="ge">2.4.2</unaffected>
+      <vulnerable range="lt">2.4.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>mbed TLS (previously PolarSSL) is an “easy to understand, use,
+      integrate and expand” implementation of the TLS and SSL protocols and
+      the respective cryptographic algorithms and support code required.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mbed TLS. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mbed TLS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/mbedtls-2.4.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5291">CVE-2015-5291</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2784">CVE-2017-2784</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-04-17T22:12:43Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:42:02Z">whissi</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-19.xml
new file mode 100644
index 0000000000..6869b02f42
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-19.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-19">
+  <title>GNU C Library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the GNU C Library, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2017-06-20</announced>
+  <revised>2017-06-20: 2</revised>
+  <bug>608698</bug>
+  <bug>608706</bug>
+  <bug>622220</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.23-r4</unaffected>
+      <vulnerable range="lt">2.23-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU C library is the standard C library used by Gentoo Linux
+      systems.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the GNU C Library.
+      Please review the CVE identifiers and Qualys’ security advisory
+      referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An attacker could possibly execute arbitrary code with the privileges of
+      the process, escalate privileges or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU C Library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.23-r4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180">CVE-2015-5180</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323">CVE-2016-6323</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366">
+      CVE-2017-1000366
+    </uri>
+    <uri link="https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt">
+      Qualys Security Advisory - The Stack Clash
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-20T17:01:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T17:49:43Z">whissi</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-20.xml
new file mode 100644
index 0000000000..e649e4f7ee
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-20.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201706-20">
+  <title>Chromium: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in the Chromium web
+    browser, the worst of which allows remote attackers to execute arbitrary
+    code.
+  </synopsis>
+  <product type="ebuild">Chromium</product>
+  <announced>2017-06-20</announced>
+  <revised>2017-06-20: 1</revised>
+  <bug>617504</bug>
+  <bug>620956</bug>
+  <bug>621886</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">59.0.3071.104</unaffected>
+      <vulnerable range="lt">59.0.3071.104</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in the Chromium web
+      browser. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, obtain
+      sensitive information, bypass security restrictions or spoof content.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-59.0.3071.104"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5068">CVE-2017-5068</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5070">CVE-2017-5070</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5071">CVE-2017-5071</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5072">CVE-2017-5072</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5073">CVE-2017-5073</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5074">CVE-2017-5074</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5075">CVE-2017-5075</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5076">CVE-2017-5076</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5077">CVE-2017-5077</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5078">CVE-2017-5078</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5079">CVE-2017-5079</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5080">CVE-2017-5080</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5081">CVE-2017-5081</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5082">CVE-2017-5082</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5083">CVE-2017-5083</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5084">CVE-2017-5084</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5085">CVE-2017-5085</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5086">CVE-2017-5086</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5087">CVE-2017-5087</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5088">CVE-2017-5088</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5089">CVE-2017-5089</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-06-09T11:21:16Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2017-06-20T19:00:15Z">whissi</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index b71ca59b35..66f5606df3 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 16 Jun 2017 18:39:35 +0000
+Thu, 22 Jun 2017 02:08:59 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
index 0fd976b0ad..ccf6b20b22 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c2f911fc13b81dd715a1b756f739b077f8718170 1496836599 2017-06-07T11:56:39+00:00
+18375d0b60539dde07bb13258d4de5105b9e188e 1497985227 2017-06-20T19:00:27+00:00
diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.18 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.18
deleted file mode 100644
index be3cd21114..0000000000
--- a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.18
+++ /dev/null
@@ -1,14 +0,0 @@
-DEFINED_PHASES=configure install prepare setup test
-DEPEND=!static? ( idn? ( net-dns/libidn ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) ) app-arch/xz-utils virtual/pkgconfig static? ( idn? ( net-dns/libidn[static-libs(+)] ) pcre? ( dev-libs/libpcre[static-libs(+)] ) ssl? ( gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) !gnutls? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl[static-libs(+)] ) ) ) uuid? ( sys-apps/util-linux[static-libs(+)] ) zlib? ( sys-libs/zlib[static-libs(+)] ) ) test? ( || ( dev-lang/python:3.4 ) dev-lang/perl dev-perl/HTTP-Daemon dev-perl/HTTP-Message dev-perl/IO-Socket-SSL ) nls? ( sys-devel/gettext )
-DESCRIPTION=Network utility to retrieve files from the WWW
-EAPI=5
-HOMEPAGE=https://www.gnu.org/software/wget/
-IUSE=debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib
-KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
-LICENSE=GPL-3
-RDEPEND=!static? ( idn? ( net-dns/libidn ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) )
-REQUIRED_USE=ntlm? ( !gnutls ssl ) gnutls? ( ssl )
-SLOT=0
-SRC_URI=mirror://gnu/wget/wget-1.18.tar.xz
-_eclasses_=epatch	8233751dc5105a6ae8fcd86ce2bb0247	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	9c113d6a64826c40154cad7be15d95ea	flag-o-matic	61cad4fb5d800b29d484b27cb033f59b	ltprune	2770eed66a9b8ef944714cd0e968182e	multilib	0236be304ee52e7f179ed2f337075515	python-any-r1	be89e882151ba4b847089b860d79729c	python-utils-r1	c11fc374357e6ad9ddfe2e9f931e4d29	toolchain-funcs	6eb35f81556258a4bc9182ad3dfd58ee
-_md5_=95f23320fa87e20372b16e301d8792a0
diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.19.1-r1 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.19.1-r1
new file mode 100644
index 0000000000..fb677e9eea
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/wget-1.19.1-r1
@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install prepare setup test
+DEPEND=!static? ( idn? ( >=net-dns/libidn2-0.14 ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) ) app-arch/xz-utils virtual/pkgconfig static? ( idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) pcre? ( dev-libs/libpcre[static-libs(+)] ) ssl? ( gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) !gnutls? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl[static-libs(+)] ) ) ) uuid? ( sys-apps/util-linux[static-libs(+)] ) zlib? ( sys-libs/zlib[static-libs(+)] ) ) test? ( || ( dev-lang/python:3.6 dev-lang/python:3.5 dev-lang/python:3.4 ) dev-lang/perl dev-perl/HTTP-Daemon dev-perl/HTTP-Message dev-perl/IO-Socket-SSL ) nls? ( sys-devel/gettext )
+DESCRIPTION=Network utility to retrieve files from the WWW
+EAPI=5
+HOMEPAGE=https://www.gnu.org/software/wget/
+IUSE=debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris
+LICENSE=GPL-3
+RDEPEND=!static? ( idn? ( >=net-dns/libidn2-0.14 ) pcre? ( dev-libs/libpcre ) ssl? ( gnutls? ( net-libs/gnutls:0= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl ) ) ) uuid? ( sys-apps/util-linux ) zlib? ( sys-libs/zlib ) )
+REQUIRED_USE=ntlm? ( !gnutls ssl ) gnutls? ( ssl )
+SLOT=0
+SRC_URI=mirror://gnu/wget/wget-1.19.1.tar.xz
+_eclasses_=epatch	8233751dc5105a6ae8fcd86ce2bb0247	estack	43ddf5aaffa7a8d0482df54d25a66a1f	eutils	9c113d6a64826c40154cad7be15d95ea	flag-o-matic	61cad4fb5d800b29d484b27cb033f59b	ltprune	2770eed66a9b8ef944714cd0e968182e	multilib	0236be304ee52e7f179ed2f337075515	python-any-r1	be89e882151ba4b847089b860d79729c	python-utils-r1	c11fc374357e6ad9ddfe2e9f931e4d29	toolchain-funcs	6eb35f81556258a4bc9182ad3dfd58ee
+_md5_=0559e58957ead79d76144568a14ba39c
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/wget/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/wget/Manifest
index 511353278c..4775ef2745 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/wget/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-misc/wget/Manifest
@@ -1,6 +1,6 @@
-AUX wget-1.17.1-gnulib-cygwin-sys_select.patch 850 SHA256 122a069e24ed07bab7a65ea31f10e14f755a1a464acb9568dc610f171b94b0a8 SHA512 1aaac731af050193a67a45aae7c100e8a6c4e5328b60b2e6f89ef774f66b6d997a1558b104157f65183191c9940c9d4a904f8b32666021ae20dff6b3e5726990 WHIRLPOOL befcfb16d080bcce5247705a32b82cca6af4ad5b1a6bd7e143b1eb6d901e4b3c625088f9b741abf2bd4785f37eb1a710f4897ce8f12053abdb84939d84c1658a
-DIST wget-1.18.tar.xz 1922376 SHA256 b5b55b75726c04c06fe253daec9329a6f1a3c0c1878e3ea76ebfebc139ea9cc1 SHA512 a3f6fe2f44a8d797659d55cffaf81eb82b770c96222a0ee29bc4931b13846f8d8b9a07806f2197723c873a1248922d59cca5a81869661d9c6c3107447c184338 WHIRLPOOL a9e467f8bd17909485329103c17a27da345421257ce82fdf77ff2e00bdae50b13570506a1887300868e99b608c71598596ee260d86879aaeddad14cbb5ec634d
-EBUILD wget-1.18.ebuild 2799 SHA256 7534e3e07d2859a2d8407da7ab0be0283235c01550d6a16528b7057fc0f728d7 SHA512 1db4560e7c6932f14a5a2a437ad95719635f5424ff3a69098f03d6f391ce3f44c1d4d5f9e722e8458092a6f753b75cfac75ea26d7a2db421106b7928bca63eec WHIRLPOOL f77cab1d3e531e3077d22de89aed32a27fef2abc4bf3cc5023c1dace3356be16e927dec57d9df4dc400e446611a2f477a75aada0fec3b5eb9ddf113ac7209a9b
+AUX wget-1.19.1-CRLF_injection.patch 1051 SHA256 4eb2932d33f79b59af345b6ad075893f0a146547d8a7266edfea0d3e7c612093 SHA512 fd36c9225c567e9958f030449f40cb747c0a23b7023fd4eee4e982c867d96be1562377a2d9b80150d9dc714bdbdc2bd509a8a244c4969c731002bdf6434d9cf8 WHIRLPOOL 90cf4613f9e65fabc6d228d361e8ef31a72dc00f5a165ce922fd4ee34568ccabf43954f900a94f13ab51b0d81d1a7272c10c646472066e373ceadd3e4bc4efe1
+DIST wget-1.19.1.tar.xz 2111756 SHA256 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2 SHA512 00864d225439bcb7c5af01d7ef19efa615427812d3320ab3f4c8f62c38191e837b1392397843f935d7dc5860a4d0ce89ee31f2730c4a729402f1f2bf3e5f64e5 WHIRLPOOL 2a4bd80f1e7134637227609f532ee3385472a6895ff22efeface42d082072a09abaa5dd2d8653bfdab015de801d31426b01d73ab5dd1a6864b84c29dc8e72462
+EBUILD wget-1.19.1-r1.ebuild 3197 SHA256 29fc6002b0afa09b6b8718ba1e1a77e1329d4b8b58cd9d95644d7f2c09e968f2 SHA512 bf0b1c2275c6252f8f17c630aa9bb89e9276097f1fa74cf9d56d67c3ea099851ae64cd08996653493dadc39e31737fbeed88f5fc8cc0cbf1313b0b23e824befc WHIRLPOOL 4a989f7804950fa9b4bf1890f717e46a3dd64591df82b9627349b8a4bab9dbba4c9b83ade854effd5e8fd445a5f4223aa807dd3134583e831fde890f71e36926
 MISC ChangeLog 11759 SHA256 b0200db8aa9205aa6cf590936f1758619e1b56fdb17c76314175d6031c287ccf SHA512 eb9e6c7b1d5cb9f3e550b3c7d89493da0026492b629d3b76c5f096b9ef7de499addb31fcf43dd4cfd01eaf73253ddd10ceef5937a9a1a8d18142f9e5c22b764b WHIRLPOOL 679e53afbcbdadd297e78cfbbbbbb4406d23f993f44d38388c0f55b74ec888ea1f81b29be95e36b19dcc92fe6f350861d59549b28a77eb884eba6bee3d0844a2
 MISC ChangeLog-2015 29939 SHA256 902a2f6576d8c8dd01ee76cad7a689cb260d153139adc04b8d76abe91860d86d SHA512 55c752f56737ab6116057f3c158fcd4ba9b0405d43796e4114076c6fe849f7bdf3f771606c69551d5a1bd8a408ff5099158d461b26c840c6a4fe05824d8ae11e WHIRLPOOL 4b1c46b1c0c25428559442be8e2aef443686e00fd1889c908bf7d28291a5064e2dbe9879f0bd2025a8e0f49e42ed89334198f5dc9ee1122c91e1ba7c317678c7
 MISC metadata.xml 570 SHA256 82fb121ee11ecf4d5b5a20e885a9773b301061d7a2b19755c01322aef615e1ae SHA512 add9378a31ae7abc66d8dc6bfc3d355af3eb683ce177e68fbcbedb4b69435d7254b4cac1897d3b8267bddb23467e8f4bb16e439c09a4f91be16845b1113e055c WHIRLPOOL 08ddfe93af78d6f213e2a08f2414e2ae7e1442ec0eddf34ea29e1383a694f342c1dc72df8370b61828e7ef7914f2863519afc83e83a3cbd783a1be015703bcfb
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch b/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch
deleted file mode 100644
index 0755136179..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.17.1-gnulib-cygwin-sys_select.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://lists.gnu.org/archive/html/bug-gnulib/2016-03/msg00065.html
-
---- gnulib/lib/sys_select.in.h.orig	2014-08-03 15:31:22.000000000 +0200
-+++ gnulib/lib/sys_select.in.h	2016-05-19 12:57:51.243064700 +0200
-@@ -81,7 +81,7 @@
-    Also, Mac OS X, AIX, HP-UX, IRIX, Solaris, Interix declare select()
-    in <sys/time.h>.
-    But avoid namespace pollution on glibc systems.  */
--# ifndef __GLIBC__
-+# if !(defined __GLIBC__ || defined __NEWLIB__)
- #  include <sys/time.h>
- # endif
- 
-@@ -102,7 +102,7 @@
-    But avoid namespace pollution on glibc systems.
-    Do this after the include_next (for the sake of OpenBSD 5.0) but before
-    the split double-inclusion guard (for the sake of Solaris).  */
--#if !(defined __GLIBC__ && !defined __UCLIBC__)
-+#if !((defined __GLIBC__ || defined __NEWLIB__) && !defined __UCLIBC__)
- # include <signal.h>
- #endif
- 
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch b/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
new file mode 100644
index 0000000000..aa4e978cfd
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/wget/files/wget-1.19.1-CRLF_injection.patch
@@ -0,0 +1,37 @@
+From 4d729e322fae359a1aefaafec1144764a54e8ad4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Mon, 6 Mar 2017 10:04:22 +0100
+Subject: Fix CRLF injection in Wget host part
+
+* src/url.c (url_parse): Reject control characters in host part of URL
+
+Reported-by: Orange Tsai
+---
+ src/url.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/url.c b/src/url.c
+index 8f8ff0b..7d36b27 100644
+--- a/src/url.c
++++ b/src/url.c
+@@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
+       url_unescape (u->host);
+       host_modified = true;
+ 
++      /* check for invalid control characters in host name */
++      for (p = u->host; *p; p++)
++        {
++          if (c_iscntrl(*p))
++            {
++              url_free(u);
++              error_code = PE_INVALID_HOST_NAME;
++              goto error;
++            }
++        }
++
+       /* Apply IDNA regardless of iri->utf8_encode status */
+       if (opt.enable_iri && iri)
+         {
+-- 
+cgit v1.0-41-gc330
+
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.18.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.19.1-r1.ebuild
similarity index 72%
rename from sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.18.ebuild
rename to sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.19.1-r1.ebuild
index 01c71aabdd..edbca55d91 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.18.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/wget/wget-1.19.1-r1.ebuild
@@ -1,10 +1,9 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
-EAPI="5"
+EAPI=5
 
-PYTHON_COMPAT=( python3_4 )
+PYTHON_COMPAT=( python3_{4,5,6} )
 
 inherit flag-o-matic python-any-r1 toolchain-funcs eutils
 
@@ -14,11 +13,12 @@ SRC_URI="mirror://gnu/wget/${P}.tar.xz"
 
 LICENSE="GPL-3"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib"
 REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
 
-LIB_DEPEND="idn? ( net-dns/libidn[static-libs(+)] )
+# Force a newer libidn2 to avoid libunistring deps. #612498
+LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] )
 	pcre? ( dev-libs/libpcre[static-libs(+)] )
 	ssl? (
 		gnutls? ( net-libs/gnutls:0=[static-libs(+)] )
@@ -45,12 +45,17 @@ DEPEND="${RDEPEND}
 
 DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc )
 
+PATCHES=(
+	"${FILESDIR}"/${P}-CRLF_injection.patch
+)
+
 pkg_setup() {
 	use test && python-any-r1_pkg_setup
 }
 
 src_prepare() {
-	epatch "${FILESDIR}"/${PN}-1.17.1-gnulib-cygwin-sys_select.patch
+	epatch "${PATCHES[@]}"
+
 	# revert some hack that breaks linking, bug #585924
 	if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then
 		sed -i \
@@ -69,18 +74,27 @@ src_configure() {
 		tc-export PKG_CONFIG
 		PKG_CONFIG+=" --static"
 	fi
+
+	# There is no flag that controls this.  libunistring-prefix only
+	# controls the search path (which is why we turn it off below).
+	# Further, libunistring is only needed w/older libidn2 installs,
+	# and since we force the latest, we can force off libunistring. #612498
+	ac_cv_libunistring=no \
 	econf \
 		--disable-assert \
 		--disable-rpath \
-		$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
-		$(use_enable ssl opie) \
-		$(use_enable ssl digest) \
+		--without-included-libunistring \
+		--without-libunistring-prefix \
+		$(use_enable debug) \
 		$(use_enable idn iri) \
 		$(use_enable ipv6) \
 		$(use_enable nls) \
 		$(use_enable ntlm) \
 		$(use_enable pcre) \
-		$(use_enable debug) \
+		$(use_enable ssl digest) \
+		$(use_enable ssl opie) \
+		$(use_with idn libidn) \
+		$(use_with ssl ssl $(usex gnutls gnutls openssl)) \
 		$(use_with uuid libuuid) \
 		$(use_with zlib)
 }