From a4c2fc83b5d3bbc3f6c32396e33dd631eaa97aec Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 1 Nov 2022 20:22:20 +0100
Subject: [PATCH 1/6] profiles: Add accept keywords for
 app-portage/portage-utils

Still unstable for amd64, will likely be marked as stable by next week.
---
 .../profiles/coreos/amd64/sdk/package.accept_keywords          | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
index eec99807dd..6d6adc5739 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
@@ -6,3 +6,6 @@
 
 # It's stable for arm64, so make it available on amd64 SDK too.
 =dev-util/patchelf-0.15.0 ~amd64
+
+# It's stable for arm64, so make it available on amd64 SDK too.
+=app-portage/portage-utils-0.94.3 ~amd64

From 78df8c3cc81312e48d4b30062523cb69dcc4d341 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 1 Nov 2022 20:45:55 +0100
Subject: [PATCH 2/6] profiles: Drop accept keyword for dev-util/meson

---
 .../profiles/coreos/amd64/sdk/package.accept_keywords          | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
index 6d6adc5739..597caacb49 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
@@ -1,9 +1,6 @@
 # Copyright (c) 2022 Flatcar Authors
 # Distributed under the terms of the GNU General Public License v2
 
-# It's stable for arm64, so make it available on amd64 SDK too.
-=dev-util/meson-0.63.2-r1 ~amd64
-
 # It's stable for arm64, so make it available on amd64 SDK too.
 =dev-util/patchelf-0.15.0 ~amd64
 

From e4fbf8c8b7381c715816a56349da5f092704143e Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 1 Nov 2022 20:48:11 +0100
Subject: [PATCH 3/6] profiles: Drop accept keyword for dev-util/patchelf

---
 .../profiles/coreos/amd64/sdk/package.accept_keywords          | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
index 597caacb49..24763fc5fd 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/sdk/package.accept_keywords
@@ -1,8 +1,5 @@
 # Copyright (c) 2022 Flatcar Authors
 # Distributed under the terms of the GNU General Public License v2
 
-# It's stable for arm64, so make it available on amd64 SDK too.
-=dev-util/patchelf-0.15.0 ~amd64
-
 # It's stable for arm64, so make it available on amd64 SDK too.
 =app-portage/portage-utils-0.94.3 ~amd64

From 4ce207765b82ce1b8badf49db9678099da731b77 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 2 Nov 2022 14:14:40 +0100
Subject: [PATCH 4/6] profiles: Drop accept keywords for dev-libs/libxml2

It became stable in portage-stable.
---
 .../profiles/coreos/base/package.accept_keywords               | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 7fb122ad69..f09dba7478 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -2,9 +2,6 @@
 # Copyright (c) 2013 The CoreOS Authors. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 
-# Required for addressing some CVEs
-=dev-libs/libxml2-2.10.3 ~amd64 ~arm64
-
 =app-arch/zstd-1.4.9 ~amd64 ~arm64
 
 =app-emulation/qemu-7.0.0-r1 ~arm64

From c2709f7f0186d36463aa9e0994c665def8ff20af Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 4 Nov 2022 15:49:29 +0100
Subject: [PATCH 5/6] sys-devel/sysroot-wrappers: Bump to 0.2

Pull things from flatcar org, updates the build system, so we can
depend on autoconf 2.71, install symlink for cc too.
---
 .../sys-devel/sysroot-wrappers/Manifest        |  2 +-
 .../sysroot-wrappers-0.1.ebuild                | 18 ------------------
 .../sysroot-wrappers-0.2.ebuild                | 15 +++++++++++++++
 3 files changed, 16 insertions(+), 19 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.1.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.2.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/Manifest
index 7ece0a6ef2..2cb182fa58 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/Manifest
@@ -1 +1 @@
-DIST sysroot-wrappers-0.1.tar.gz 101070 SHA256 9ff56fe7c1db91abc22d0e921308b70ece230e28e47eca452c4c1d827207eee9 SHA512 81f945abb68dd57c7f1f8633d009ebf25bf88bb76752e0f2df8743b7de38c3011c48f78856f5367f7744afc4fe92be9824e9a7cabfe92210766f915924a029c2 WHIRLPOOL 7c132d27973f76a78bad3a146a228cc8ae8db0064b69a2a9932b2e7e0c87a7a34108980295c17a2e65c66830ff05dba1eacfdfdf2c1f2938c1238a000e6c9adf
+DIST sysroot-wrappers-0.2.tar.gz 138063 BLAKE2B 04c5072fd48c0b931ea971aac4e242dc9a213429ebe03527cca5f4dd6c970eb15dee900c6e64d798a41fde48457c241e91ff8dcfbd678282bad390d5a7e07063 SHA512 bb27e2737ecde63bb877b75430c65b18e192b13671bb1a10d939694bff57412e59e51d4151aedf3ebf5f4d17e789a2f34ed1ab6506c20503c878b9c04efcfda6
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.1.ebuild
deleted file mode 100644
index 16f5b00d29..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.1.ebuild
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright (c) 2013 CoreOS Inc. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="Build tool wrappers for using custom SYSROOTs"
-HOMEPAGE="https://github.com/coreos/sysroot-wrappers"
-SRC_URI="https://github.com/coreos/${PN}/releases/download/v${PV}/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 arm64"
-IUSE=""
-
-# Probably can be reduced in later versions but
-# this is what this release is set to expect.
-DEPEND=">=sys-devel/autoconf-2.69
-		>=sys-devel/automake-1.12"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.2.ebuild
new file mode 100644
index 0000000000..57e66703b2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/sysroot-wrappers/sysroot-wrappers-0.2.ebuild
@@ -0,0 +1,15 @@
+# Copyright (c) 2013 CoreOS Inc. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Build tool wrappers for using custom SYSROOTs"
+HOMEPAGE="https://github.com/flatcar/sysroot-wrappers"
+SRC_URI="https://github.com/flatcar/${PN}/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+IUSE=""

From 1c76e1b56976302970d0f70850d1cd34c56c1b55 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 9 Nov 2022 13:23:54 +0100
Subject: [PATCH 6/6] profiles: Update accept keywords for net-misc/curl

---
 .../profiles/coreos/base/package.accept_keywords              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index f09dba7478..70b01c136f 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -14,8 +14,8 @@
 
 =dev-libs/libgcrypt-1.9.4 ~amd64 ~arm64
 
-# To address CVE-2022-35252.
-=net-misc/curl-7.85.0-r2 ~amd64 ~arm64
+# To address CVE-2022-32221, CVE-2022-35260, CVE-2022-42915 and CVE-2022-42916.
+=net-misc/curl-7.86.0-r1 ~amd64 ~arm64
 
 # Required for some CVEs
 =app-editors/vim-9.0.0655-r1 ~amd64 ~arm64