Merge pull request #2490 from flatcar/krnowak/weekly

Weekly profile updates and python-oem update

sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/0000-bump-baselayout-coreos-overlay.sh

@@ -5,7 +5,7 @@ set -euo pipefail
 stage1_repo="${1}"
 new_repo="${2}"
 
-good_version="3.6.8-r9"
+good_version="3.6.8-r10"
 stage1_version=''
 
 for f in "${stage1_repo}/sys-apps/baselayout/baselayout-"*'.ebuild'; do

sdk_container/src/third_party/coreos-overlay/coreos/stage1_hooks/README.md

@@ -1,6 +1,18 @@
-The scripts there are called when setting up the portage-stable and
-coreos-overlay repos for the stage1 build. When the scripts are
-invoked, they receive a path to the repository as a parameter. The
-script for portage-stable should end with `-portage-stable.sh`, and
-the script for coreos-overlay with '-coreos-overlay.sh`. For example
-`0000-replace-ROOTPATH-coreos-overlay.sh`.
+The scripts in this directory are called by the SDK bootstrapping
+script when setting up the portage-stable and coreos-overlay repos for
+the stage1 build. The scripts are invoked with two arguments - a path
+to the stage1 repository, and a path to the current repository. The
+difference between the two is that the stage1 repository is a copy of
+a repository saved in the seed SDK (thus it's going to be an older
+version of the repository), whereas the current repository is a
+repository that will be a base of the new SDK. The idea here is that
+something in the stage1 repository may be too old, thus it should be
+replaced with its equivalent from the current repository.
+
+For more information about the bootstrap process, please see the
+`bootstrap_sdk` script in [the scripts
+repository](https://github.com/flatcar/scripts).
+
+The script for portage-stable should end with `-portage-stable.sh`,
+and the script for coreos-overlay with '-coreos-overlay.sh`. For
+example: `0000-replace-ROOTPATH-coreos-overlay.sh`.

sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-devel/gcc/0001-constexpr.patch

@@ -1,14 +0,0 @@
-The constexpr keyword is missing for a function that was invoked from
-another constexpr function. Add the missing keyword.
-
---- a/libstdc++-v3/src/c++17/memory_resource.cc	2022-12-09 22:33:43.000000000 -0000
-+++ b/libstdc++-v3/src/c++17/memory_resource.cc	2023-01-25 13:14:24.025359063 -0000
-@@ -603,7 +603,7 @@
-     void* pointer = nullptr;
-     aligned_size<min> _M_size;
- 
--    size_t size() const noexcept
-+    constexpr size_t size() const noexcept
-     {
-       if (_M_size.value == size_t(-1)) [[unlikely]]
- 	return size_t(-1);

sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-devel/gcc/README.md

@@ -1,6 +0,0 @@
-Drop `0001-constexpr.patch` when not applicable any more. It's a weird
-issue, because building the same version of the compiler worked fine
-before. Maybe some patch from gcc patches is at fault here. Didn't
-investigate in hope that the issue is ephemeral. Some newer version of
-gcc is already marked as stable for both amd64 and arm64 in Gentoo, so
-this patch will most likely be dropped next week.

sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/Manifest

@@ -1,3 +1,3 @@
-DIST Python-3.10.9.tar.xz 19612112 BLAKE2B ef2d063a9fbaf234aa4a47149cb184a0379dc403515df10249104a5092750cdaf22ad47916d34e17dd68fff1c30338c0375f4e4e3cc9bde33e0896c1c3ba655b SHA512 d66ea8adeb6dc4951e612175f8838b3092967ff275b7a3470f2d86f470036aa2221e722c3144d90bcd230b88efd53dde204213f72f703e524e4b833e2ccc68e2
-DIST Python-3.10.9.tar.xz.asc 833 BLAKE2B 8895c6cb5031b2463cc6ba3e0dc56bee40c2e99117c062f9c72f2b7adb0d5a49782b968abfc764117e8513bd12816915245677c25b1710e3dae3c9e26937c2b9 SHA512 525e166ede6836086de814c26fc880f41eaf1ed4bff6118f00342e42f7ab1c47148447ced1b565e146d3125fa06b5cd6b394a256bc61096766b26e07f18bbf10
-DIST python-gentoo-patches-3.10.9.tar.xz 12216 BLAKE2B ced4f951089c51ddaab6c62ade9d2c84f69e7e1baf2acf5247559534c7d0fb0e88dca1222f5bd2209b4e61f5aca17279b8054f269535dbc10de0786c2c5779f5 SHA512 2d01f0f3831beeba004517bb82f7d616f25f08e5c755409ecff79cd68e0a619b5bf6802fffd0e5f7f39f1d9d93e65b018b91cdeb337a5e47f1651f36bea0e96e
+DIST Python-3.10.10.tar.xz 19627028 BLAKE2B 57fc6869fa05586158a170c1892d93a3036823bfafb9484b9d70bca6cdc3e76f75357622eace4bde9a4c0ca62a1bb79665e5751b41655f9f4d7e345547013ad8 SHA512 f0aee65970a68287b34c4eafcf35c6fa09c81ba234ac356db16fbbc6c36417e4ac67071e616d118f5e192d541d7f177dcab5585b9780e842f656c09e01c37ced
+DIST Python-3.10.10.tar.xz.asc 833 BLAKE2B fd60e6268f7dd6676ea58bd7e80c513506ac9810c1a62ff060134207b0fd8e7b096d5f11f3cc536a1578144ff54c00bcb076d3c3f5889a69a898660dd280312b SHA512 591746d74c6123bf36c763b6e8e1de1554f02eeff30c855623ef0f12d3864d5573eb5efe96d6e142f24627c77b90738ada3456df4ad59bddcb008658f2ca8af9
+DIST python-gentoo-patches-3.10.10_p2.tar.xz 13992 BLAKE2B e18e708888dd28c8f238d4897aff79483a679396a168d8b5ff4f5e8c7f09cec5f1b13aeb327d3dc3e2149c2117c25da050987f1f1c3322b56c87245ba2d0b54d SHA512 14bc218a2f3c64ef9f42682fd1364208bcaa74f787dee39bd9566e40764c260a65fd42961be47a6e6c6227091cb2fef83e1d689302448647560689e20e07efe0

sdk_container/src/third_party/coreos-overlay/dev-lang/python-oem/python-oem-3.10.10_p2.ebuild

@@ -28,7 +28,7 @@ S="${WORKDIR}/${MY_P}"
 
 LICENSE="PSF-2"
 SLOT="${PYVER}"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 IUSE="
 	bluetooth build +ensurepip examples gdbm hardened libedit lto
 	+ncurses pgo +readline +sqlite +ssl test tk valgrind +xml

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords

@@ -7,20 +7,27 @@
 
 =app-arch/zstd-1.4.9 ~amd64 ~arm64
 
-# Necessary to fix CVE-2023-0049, CVE-2023-0051 and CVE-2023-0054.
-=app-editors/vim-9.0.1157 ~amd64 ~arm64
-=app-editors/vim-core-9.0.1157 ~amd64 ~arm64
-
 =coreos-devel/fero-client-0.1.1 **
 
+# Keep versions even for both arches
+=dev-lang/python-3.10.10_p2 ~arm64
+=dev-lang/python-oem-3.10.10_p2 ~arm64
+
 # Accept unstable host Rust compilers
 =dev-lang/rust-1.67.1 ~amd64 ~arm64
 =virtual/rust-1.67.1 ~amd64 ~arm64
 
 =dev-libs/libgcrypt-1.9.4 ~amd64 ~arm64
 
-# Keep the version of bind-tools the same on all arches.
-=net-dns/bind-tools-9.16.36 ~arm64
+# upstream stabilizes arm64 for dev-lang/cython
+# stabilize dev-python/cython for amd64 to keep the version same for both arch
+=dev-python/cython-0.29.33 ~amd64
+
+# Required for addressing CVE-2023-0361.
+=net-libs/gnutls-3.8.0 ~amd64 ~arm64
+
+# Required for addressing CVE-2023-23914, CVE-2023-23915 and CVE-2023-23916.
+=net-misc/curl-7.88.1-r1 ~amd64 ~arm64
 
 # Required for addressing CVE-2022-29154
 =net-misc/rsync-3.2.7-r2 ~amd64 ~arm64

sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask

@@ -21,8 +21,3 @@
 # Python 3.11 is stable in portage-stable, so avoid picking it
 # up. Drop this when we switch to it.
 >=dev-lang/python-3.11
-
-# sys-devel/gcc-11.3.1_p20230120-r1 is the latest stable gcc version
-# that fixes the CET build issue of glibc. There are newer versions of
-# gcc that are not tested enough for CET, so mask them.
->sys-devel/gcc-11.3.1_p20230120-r1

sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild

@@ -9,7 +9,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="9082621e94ee6a1cdad9e15aa17a747d46c33c6f" # flatcar-master
+	CROS_WORKON_COMMIT="d4d6da73919bacc5b05a012d3d00dc8e2d669c0d" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi
 
@@ -133,11 +133,6 @@ src_install() {
 
 	doenvd "env.d/99flatcar_ldpath"
 
-	# Add /sbin:/bin into the PATH when they aren't links into /usr.
-	if ! use symlink-usr; then
-		echo ROOTPATH=/sbin:/bin > "${D}"/etc/env.d/99flatcar_bin || die
-	fi
-
 	# handle multilib paths.  do it here because we want this behavior
 	# regardless of the C library that you're using.  we do explicitly
 	# list paths which the native ldconfig searches, but this isn't

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/Manifest

@@ -1 +0,0 @@
-DIST texinfo-6.8.tar.gz 10119420 BLAKE2B df9dc1698e7bb4f7c97ba4d44b08631502e3f997b91169ae64161b69701fbb0f85c82295ef6867e716a0addfd7c5677e14079645b167bd74933a0153fee92200 SHA512 f46dfb1c0f324a9c54959a8f256f0dcb8aaa59caccb0f027a5ee39a173b6e51a31a488f9d787707e7aa8401a439b2a01a1f3022dbae24ef377a1c021c1ebeb37

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/README.md

@@ -1,5 +0,0 @@
-We keep this package in overlay, because we need CCACHE_DIR for tool
-build, so we need to modify the configure.ac script and run autoreconf
-again. We also skip building doc, man and js for main build.
-
-There wasn't too much information about the reasons for the changes.

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/files/flatcar-modifications.patch

@@ -1,26 +0,0 @@
-diff -ur texinfo-6.8/Makefile.am texinfo-6.8-patched/Makefile.am
---- texinfo-6.8/Makefile.am	2021-02-16 21:07:41.000000000 +0000
-+++ texinfo-6.8-patched/Makefile.am	2021-09-21 11:05:15.495497278 +0000
-@@ -62,9 +62,7 @@
-   SUBDIRS += info
- endif
- endif
--  SUBDIRS += install-info po po_document tp Pod-Simple-Texinfo texindex util \
--             doc man
--  SUBDIRS += js
-+  SUBDIRS += install-info po po_document tp Pod-Simple-Texinfo texindex util
- endif
- 
- distclean-local:
-diff -ur texinfo-6.8/configure.ac texinfo-6.8-patched/configure.ac
---- texinfo-6.8/configure.ac	2021-07-03 09:12:42.000000000 +0000
-+++ texinfo-6.8-patched/configure.ac	2021-09-21 11:03:11.238623956 +0000
-@@ -192,7 +192,7 @@
-   # env -i gives this build host configure a clean environment;
-   # consequently, we have to re-initialize $PATH.
-   env -i CC="$BUILD_CC" AR="$BUILD_AR" RANLIB="$BUILD_RANLIB" \
--      PATH="$PATH" \
-+      PATH="$PATH" CCACHE_DIR="$CCACHE_DIR" \
-       tools_only=1 \
-     ${confdir}/configure --build=${build} --host=${build} \
-                          --disable-rpath --disable-nls

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/files/texinfo-6.8-undo-gnulib-nonnul.patch

@@ -1,186 +0,0 @@
-
-Patch by Vitezslav Crhonek <vcrhonek@redhat.com>
-Source: https://src.fedoraproject.org/rpms/texinfo/c/9b2cca4817fa4bd8d520fed05e9560fc7183dcdf?branch=rawhide
-
-diff -up texinfo-6.8/gnulib/lib/cdefs.h.orig texinfo-6.8/gnulib/lib/cdefs.h
---- texinfo-6.8/gnulib/lib/cdefs.h.orig	2021-03-11 19:57:53.000000000 +0100
-+++ texinfo-6.8/gnulib/lib/cdefs.h	2021-07-19 12:26:46.985176475 +0200
-@@ -321,15 +321,15 @@
- 
- /* The nonnull function attribute marks pointer parameters that
-    must not be NULL.  */
--#ifndef __attribute_nonnull__
-+#ifndef __nonnull
- # if __GNUC_PREREQ (3,3) || __glibc_has_attribute (__nonnull__)
--#  define __attribute_nonnull__(params) __attribute__ ((__nonnull__ params))
-+#  define __nonnull(params) __attribute__ ((__nonnull__ params))
- # else
--#  define __attribute_nonnull__(params)
-+#  define __nonnull(params)
- # endif
--#endif
--#ifndef __nonnull
--# define __nonnull(params) __attribute_nonnull__ (params)
-+#elif !defined __GLIBC__
-+# undef __nonnull
-+# define __nonnull(params) _GL_ATTRIBUTE_NONNULL (params)
- #endif
- 
- /* If fortification mode, we warn about unused results of certain
-diff -up texinfo-6.8/gnulib/lib/libc-config.h.orig texinfo-6.8/gnulib/lib/libc-config.h
---- texinfo-6.8/gnulib/lib/libc-config.h.orig	2021-03-11 19:57:54.000000000 +0100
-+++ texinfo-6.8/gnulib/lib/libc-config.h	2021-07-19 12:27:58.810590975 +0200
-@@ -33,9 +33,9 @@
- #include <config.h>
- 
- /* On glibc this includes <features.h> and <sys/cdefs.h> and #defines
--   _FEATURES_H, __WORDSIZE, and __set_errno.  On FreeBSD 11 and
--   DragonFlyBSD 5.9 it includes <sys/cdefs.h> which defines __nonnull.
--   Elsewhere it is harmless.  */
-+   _FEATURES_H, __WORDSIZE, and __set_errno.  On FreeBSD 11 it
-+   includes <sys/cdefs.h> which defines __nonnull.  Elsewhere it
-+   is harmless.  */
- #include <errno.h>
- 
- /* From glibc <errno.h>.  */
-diff -up texinfo-6.8/gnulib/lib/malloc/dynarray-skeleton.c.orig texinfo-6.8/gnulib/lib/malloc/dynarray-skeleton.c
---- texinfo-6.8/gnulib/lib/malloc/dynarray-skeleton.c.orig	2021-03-11 19:57:54.000000000 +0100
-+++ texinfo-6.8/gnulib/lib/malloc/dynarray-skeleton.c	2021-07-19 12:24:46.878419397 +0200
-@@ -192,7 +192,7 @@ DYNARRAY_NAME (free__array__) (struct DY
- 
- /* Initialize a dynamic array object.  This must be called before any
-    use of the object.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static void
- DYNARRAY_NAME (init) (struct DYNARRAY_STRUCT *list)
- {
-@@ -202,7 +202,7 @@ DYNARRAY_NAME (init) (struct DYNARRAY_ST
- }
- 
- /* Deallocate the dynamic array and its elements.  */
--__attribute_maybe_unused__ __attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __nonnull ((1))
- static void
- DYNARRAY_FREE (struct DYNARRAY_STRUCT *list)
- {
-@@ -213,7 +213,7 @@ DYNARRAY_FREE (struct DYNARRAY_STRUCT *l
- }
- 
- /* Return true if the dynamic array is in an error state.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline bool
- DYNARRAY_NAME (has_failed) (const struct DYNARRAY_STRUCT *list)
- {
-@@ -222,7 +222,7 @@ DYNARRAY_NAME (has_failed) (const struct
- 
- /* Mark the dynamic array as failed.  All elements are deallocated as
-    a side effect.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static void
- DYNARRAY_NAME (mark_failed) (struct DYNARRAY_STRUCT *list)
- {
-@@ -236,7 +236,7 @@ DYNARRAY_NAME (mark_failed) (struct DYNA
- 
- /* Return the number of elements which have been added to the dynamic
-    array.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline size_t
- DYNARRAY_NAME (size) (const struct DYNARRAY_STRUCT *list)
- {
-@@ -245,7 +245,7 @@ DYNARRAY_NAME (size) (const struct DYNAR
- 
- /* Return a pointer to the array element at INDEX.  Terminate the
-    process if INDEX is out of bounds.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline DYNARRAY_ELEMENT *
- DYNARRAY_NAME (at) (struct DYNARRAY_STRUCT *list, size_t index)
- {
-@@ -257,7 +257,7 @@ DYNARRAY_NAME (at) (struct DYNARRAY_STRU
- /* Return a pointer to the first array element, if any.  For a
-    zero-length array, the pointer can be NULL even though the dynamic
-    array has not entered the failure state.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline DYNARRAY_ELEMENT *
- DYNARRAY_NAME (begin) (struct DYNARRAY_STRUCT *list)
- {
-@@ -267,7 +267,7 @@ DYNARRAY_NAME (begin) (struct DYNARRAY_S
- /* Return a pointer one element past the last array element.  For a
-    zero-length array, the pointer can be NULL even though the dynamic
-    array has not entered the failure state.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline DYNARRAY_ELEMENT *
- DYNARRAY_NAME (end) (struct DYNARRAY_STRUCT *list)
- {
-@@ -294,7 +294,7 @@ DYNARRAY_NAME (add__) (struct DYNARRAY_S
- /* Add ITEM at the end of the array, enlarging it by one element.
-    Mark *LIST as failed if the dynamic array allocation size cannot be
-    increased.  */
--__attribute_nonnull__ ((1))
-+__nonnull ((1))
- static inline void
- DYNARRAY_NAME (add) (struct DYNARRAY_STRUCT *list, DYNARRAY_ELEMENT item)
- {
-@@ -348,8 +348,7 @@ DYNARRAY_NAME (emplace__) (struct DYNARR
- /* Allocate a place for a new element in *LIST and return a pointer to
-    it.  The pointer can be NULL if the dynamic array cannot be
-    enlarged due to a memory allocation failure.  */
--__attribute_maybe_unused__ __attribute_warn_unused_result__
--__attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __attribute_warn_unused_result__ __nonnull ((1))
- static
- /* Avoid inlining with the larger initialization code.  */
- #if !(defined (DYNARRAY_ELEMENT_INIT) || defined (DYNARRAY_ELEMENT_FREE))
-@@ -373,7 +372,7 @@ DYNARRAY_NAME (emplace) (struct DYNARRAY
-    existing size, new elements are added (which can be initialized).
-    Otherwise, the list is truncated, and elements are freed.  Return
-    false on memory allocation failure (and mark *LIST as failed).  */
--__attribute_maybe_unused__ __attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __nonnull ((1))
- static bool
- DYNARRAY_NAME (resize) (struct DYNARRAY_STRUCT *list, size_t size)
- {
-@@ -418,7 +417,7 @@ DYNARRAY_NAME (resize) (struct DYNARRAY_
- }
- 
- /* Remove the last element of LIST if it is present.  */
--__attribute_maybe_unused__ __attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __nonnull ((1))
- static void
- DYNARRAY_NAME (remove_last) (struct DYNARRAY_STRUCT *list)
- {
-@@ -435,7 +434,7 @@ DYNARRAY_NAME (remove_last) (struct DYNA
- 
- /* Remove all elements from the list.  The elements are freed, but the
-    list itself is not.  */
--__attribute_maybe_unused__ __attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __nonnull ((1))
- static void
- DYNARRAY_NAME (clear) (struct DYNARRAY_STRUCT *list)
- {
-@@ -453,8 +452,7 @@ DYNARRAY_NAME (clear) (struct DYNARRAY_S
-    stored in *RESULT if LIST refers to an empty list.  On success, the
-    pointer in *RESULT is heap-allocated and must be deallocated using
-    free.  */
--__attribute_maybe_unused__ __attribute_warn_unused_result__
--__attribute_nonnull__ ((1, 2))
-+__attribute_maybe_unused__ __attribute_warn_unused_result__ __nonnull ((1, 2))
- static bool
- DYNARRAY_NAME (finalize) (struct DYNARRAY_STRUCT *list,
-                           DYNARRAY_FINAL_TYPE *result)
-@@ -485,8 +483,7 @@ DYNARRAY_NAME (finalize) (struct DYNARRA
-    have a sentinel at the end).  If LENGTHP is not NULL, the array
-    length is written to *LENGTHP.  *LIST is re-initialized and can be
-    reused.  */
--__attribute_maybe_unused__ __attribute_warn_unused_result__
--__attribute_nonnull__ ((1))
-+__attribute_maybe_unused__ __attribute_warn_unused_result__ __nonnull ((1))
- static DYNARRAY_ELEMENT *
- DYNARRAY_NAME (finalize) (struct DYNARRAY_STRUCT *list, size_t *lengthp)
- {

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/metadata.xml

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<maintainer type="project">
-	<email>base-system@gentoo.org</email>
-	<name>Gentoo Base System</name>
-</maintainer>
-<maintainer type="project">
-	<email>perl@gentoo.org</email>
-	<name>Gentoo Perl Project</name>
-</maintainer>
-<use>
-	<flag name="standalone">Build standalone version that survives all Portage bugs</flag>
-</use>
-<upstream>
-	<remote-id type="cpe">cpe:/a:gnu:texinfo</remote-id>
-</upstream>
-</pkgmetadata>

sdk_container/src/third_party/coreos-overlay/sys-apps/texinfo/texinfo-6.8.ebuild

@@ -1,75 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Note: if your package uses the texi2dvi utility, it must depend on the
-# virtual/texi2dvi package to pull in all the right deps.  The tool is not
-# usable out-of-the-box because it requires the large tex packages.
-
-EAPI=7
-
-inherit autotools flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU info program and utilities"
-HOMEPAGE="https://www.gnu.org/software/texinfo/"
-SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls +standalone static"
-
-RDEPEND="
-	!=app-text/tetex-2*
-	>=sys-libs/ncurses-5.2-r2:0=
-	standalone? ( dev-lang/perl )
-	!standalone?  (
-		dev-lang/perl:=
-		dev-perl/libintl-perl
-		dev-perl/Unicode-EastAsianWidth
-		dev-perl/Text-Unidecode
-	)
-	nls? ( virtual/libintl )"
-DEPEND="${RDEPEND}"
-BDEPEND="nls? ( >=sys-devel/gettext-0.19.6 )"
-
-PATCHES=(
-	"${FILESDIR}/${P}-undo-gnulib-nonnul.patch"
-	"${FILESDIR}/flatcar-modifications.patch"
-)
-
-src_prepare() {
-	default
-
-	if use prefix ; then
-		sed -i -e '1c\#!/usr/bin/env sh' util/texi2dvi util/texi2pdf || die
-		touch doc/{texi2dvi,texi2pdf,pdftexi2dvi}.1
-	fi
-
-	eautoreconf
-}
-
-src_configure() {
-	# Respect compiler and CPPFLAGS/CFLAGS/LDFLAGS for Perl extensions. #622576
-	local -x PERL_EXT_CC="$(tc-getCC)" PERL_EXT_CPPFLAGS="${CPPFLAGS}" PERL_EXT_CFLAGS="${CFLAGS}" PERL_EXT_LDFLAGS="${LDFLAGS}"
-
-	use static && append-ldflags -static
-	local myeconfargs=( $(use_enable nls) )
-
-	if use standalone ; then
-		myeconfargs+=(
-			--without-external-libintl-perl
-			--without-external-Unicode-EastAsianWidth
-			--without-external-Text-Unidecode
-			--disable-perl-xs
-		)
-	else
-		myeconfargs+=(
-			--with-external-libintl-perl
-			--with-external-Unicode-EastAsianWidth
-			--with-external-Text-Unidecode
-			--enable-perl-xs
-		)
-	fi
-
-	econf "${myeconfargs[@]}"
-}

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15

@@ -282,6 +282,7 @@ CONFIG_INFINIBAND_MTHCA=m
 CONFIG_INFINIBAND_OCRDMA=m
 CONFIG_INFINIBAND_SRP=m
 CONFIG_INFINIBAND_USER_MAD=m
+CONFIG_INIT_STACK_NONE=y
 CONFIG_INPUT_EVDEV=m
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_MOUSEDEV=m

sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.36-r5.ebuild

@@ -466,7 +466,18 @@ setup_flags() {
 	filter-flags '-fsanitize=*'
 
 	# See end of bug #830454; we handle this via USE=cet
-	filter-flags '-fcf-protection='
+	#
+	# Flatcar: When bootstrapping, we may have a situation where
+	# CET-enabled gcc from seed is used to build CET-disabled
+	# glibc. As such, gcc implicitly enables CET if no
+	# -fcf-protection flag is passed. For a typical package it
+	# should not be a problem, but for glibc it matters as it is
+	# dealing with CET in ld.so. So if CET is supposed to be
+	# disabled for glibc, be explicit about it.
+	filter-flags '-fcf-protection=*'
+	if ! use cet; then
+		append-flags '-fcf-protection=none'
+	fi
 }
 
 use_multiarch() {