From 700f7a90240b6d36b7e845400a1de66b10663e1c Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Thu, 17 Sep 2020 13:28:05 +0200
Subject: [PATCH 1/2] profiles: update keywords for app-misc/jq

Update version of app-misc/jq to 1.6-r3 as well in accept_keywords,
since app-misc/jq in portage-stable was updated to 1.6-r3.
---
 .../profiles/coreos/base/package.accept_keywords             | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index ea3c06b2f3..12f380d33f 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -23,9 +23,10 @@ dev-util/checkbashisms
 # Older versions of sssd fail to build
 =sys-auth/sssd-1.13.1 ~amd64 ~arm64
 
-# heap overflow fix
+# jq 1.5-r2 for heap overflow fix
 # https://bugs.gentoo.org/show_bug.cgi?id=580606
-=app-misc/jq-1.5-r2 ~amd64 ~arm64
+# jq 1.6-r3 for CVE-2015-8863
+>=app-misc/jq-1.5-r2 ~amd64 ~arm64
 
 # Must use the same version across all architectures
 =dev-libs/protobuf-2.6.1-r3

From 8956a52b6a2c7f13bd0e9f20b18b48602e07dfa3 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Thu, 17 Sep 2020 13:28:07 +0200
Subject: [PATCH 2/2] profiles: disable sse2 from CPU_FLAGS_X86 for rsync

Since rsync 3.2.0, the ebuild sets `--enable-simd` option in case of
amd64. However, the cross toolchain in Flatcar SDK is not able to deal
with the SIMD feature, so configure in rsync fails like:

```
gcc version 8.3.0 (Gentoo Hardened 8.3.0-r1 p1.1)
configure.sh:3774: $? = 0
configure.sh:3763: x86_64-cros-linux-gnu-g++ -V >&5
x86_64-cros-linux-gnu-g++: error: unrecognized command line option '-V'
x86_64-cros-linux-gnu-g++: fatal error: no input files
compilation terminated.
```

Until we could resolve the toolchain issue, we should disable
`cpu_flags_x86_sse2`, to disable simd for rsync.
---
 .../coreos-overlay/profiles/coreos/base/package.use            | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index bb7a47c329..c92ec70682 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -102,3 +102,6 @@ sys-fs/btrfs-progs -zstd
 
 # enable regular expression processing in jq
 app-misc/jq oniguruma
+
+# Disable sse2 from CPU_FLAGS_X86 to avoid config error around simd
+net-misc/rsync -cpu_flags_x86_sse2