From 55eced2cf1cb9b564b363758dfc09901d2719174 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Tue, 12 Apr 2022 12:01:23 +0200
Subject: [PATCH 1/2] app-arch/libarchive: update to 3.6.1

Update app-arch/libarchive to 3.6.1 mainly to address CVE-2022-26280.
---
 .../app-arch/libarchive/Manifest              |   4 +
 .../libarchive/libarchive-3.5.3.ebuild        |  23 +++-
 .../libarchive/libarchive-3.6.0.ebuild        |  25 ++--
 .../libarchive/libarchive-3.6.1.ebuild        | 126 ++++++++++++++++++
 4 files changed, 163 insertions(+), 15 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest
index e108d5b3b8..f7e2cd2e36 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest
@@ -1,2 +1,6 @@
 DIST libarchive-3.5.3.tar.gz 7038767 BLAKE2B a9f8b44c42efadb29cba2597c201bf9064d69632db92dad07df3f1bc9667257d8578c2ae7fae65ffc53e075466e3d326e4fe77d18d3f06656a4a255324a81fba SHA512 889879e869f7391e3b85b5e3c2bbad3c1a5e50ec7b62c0be8f2817e2dfa8410e6eb409a3c4dce2675b9e7134bae3f129475e331bc3d15d637b91412c7eb026a2
+DIST libarchive-3.5.3.tar.gz.asc 833 BLAKE2B 2a2af61d25201feef727d05554b3b1553779afeb155d1d68a3e2b64e71eca6ca06cd6d9c77cc98c2d40c0d654c7de535d9901e55f527cb74dc8933a402207553 SHA512 1a6c930e62961ee97d2983ad7f7aded61dd65668737cc7fc42b3f2f32a699931fe74c1b7abe4686e061e7b39500a67adea929f390a8dcb2037d0d58f3b30441d
 DIST libarchive-3.6.0.tar.gz 8570393 BLAKE2B 57a8e1681485a489dc9d3823cc8c9b0d68e7d84510a3eff0b6adc268825bb9aa6179d8a810b249c3f72e3674e1df6e5ba2ed0043196458bedc3c1d880c5d4a0b SHA512 700579c5dd15b61333cc4dbf01ebfbd26d6e8c20d5cbe6525683634418fec5c87a5a1e28a81cc59ad7c94218682e406aa3b55d81036bd9fa31d83d989c6d764c
+DIST libarchive-3.6.0.tar.gz.asc 833 BLAKE2B 0b3600e998ccf3e3862523116db071f5c43165a422f292053d7be14a67a294b4b9ed76a939156ad0f494443d9a6a6dde46e73c1107d50c7e150030c7627d8851 SHA512 2450a3463ec1b4b2c590139ea2b6f0db0afbd8ff7939da5d90c5adfb3d27618ca36b03596b707211de82341ca157acaf510fc51ee26d6901d46e15341406acd2
+DIST libarchive-3.6.1.tar.gz 7431598 BLAKE2B 1f060edb3d7579e406db1e757af8193d6b23c56a07dd7392cacfc37d6634de1a732a4845a38e4c7a539a634475e54f202689c4a46f1c27655e91211783a6364f SHA512 58f7ac0c52116f73326a07dec10ff232be33b318862078785dc39f1fb2f8773b5194eabfa14764bb51ce6a5a1aa8820526e7f4c76087a6f4fcbe7789a22275b4
+DIST libarchive-3.6.1.tar.gz.asc 833 BLAKE2B 6b8ebcfbffdc51b693ba51d1c24bc89b9f8da81257535427ccae7791f7849197685e450b62fdb0972c4313244bf89b659662f678c68e73467bd256873b1ca83c SHA512 4120b21113a21c0afce16be72ac3bd41e744e99c713a2cf005d128c4b2382e9dcac638d4615771b9deceee0e1c99806499aaea35227fd4e435d15e672b4d6624
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild
index f74fb1e58e..d49753f59e 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild
@@ -2,16 +2,20 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
-inherit multilib-minimal toolchain-funcs
+inherit multilib-minimal toolchain-funcs verify-sig
 
 DESCRIPTION="Multi-format archive and compression library"
 HOMEPAGE="https://www.libarchive.org/"
-SRC_URI="https://www.libarchive.org/downloads/${P}.tar.gz"
+SRC_URI="
+	https://www.libarchive.org/downloads/${P}.tar.gz
+	verify-sig? ( https://www.libarchive.org/downloads/${P}.tar.gz.asc )
+"
 
 LICENSE="BSD BSD-2 BSD-4 public-domain"
 SLOT="0/13"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
 
 RDEPEND="
 	sys-libs/zlib[${MULTILIB_USEDEP}]
@@ -29,12 +33,17 @@ RDEPEND="
 	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
 	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
 	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
-	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )"
+	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
+"
 DEPEND="${RDEPEND}
 	kernel_linux? (
 		virtual/os-headers
 		e2fsprogs? ( sys-fs/e2fsprogs )
-	)"
+	)
+"
+BDEPEND="
+	verify-sig? ( sec-keys/openpgp-keys-libarchive )
+"
 
 multilib_src_configure() {
 	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
@@ -60,9 +69,9 @@ multilib_src_configure() {
 	)
 	if multilib_is_native_abi ; then
 		myconf+=(
-			--enable-bsdcat=$(tc-is-static-only && echo static || echo shared)
-			--enable-bsdcpio=$(tc-is-static-only && echo static || echo shared)
-			--enable-bsdtar=$(tc-is-static-only && echo static || echo shared)
+			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
 		)
 	else
 		myconf+=(
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild
index 81d638123a..5da2cc32db 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild
@@ -2,16 +2,20 @@
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
-inherit multilib-minimal toolchain-funcs
+inherit multilib-minimal toolchain-funcs verify-sig
 
 DESCRIPTION="Multi-format archive and compression library"
 HOMEPAGE="https://www.libarchive.org/"
-SRC_URI="https://www.libarchive.org/downloads/${P}.tar.gz"
+SRC_URI="
+	https://www.libarchive.org/downloads/${P}.tar.gz
+	verify-sig? ( https://www.libarchive.org/downloads/${P}.tar.gz.asc )
+"
 
 LICENSE="BSD BSD-2 BSD-4 public-domain"
 SLOT="0/13"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
 
 RDEPEND="
 	sys-libs/zlib[${MULTILIB_USEDEP}]
@@ -29,12 +33,17 @@ RDEPEND="
 	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
 	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
 	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
-	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )"
+	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
+"
 DEPEND="${RDEPEND}
 	kernel_linux? (
 		virtual/os-headers
 		e2fsprogs? ( sys-fs/e2fsprogs )
-	)"
+	)
+"
+BDEPEND="
+	verify-sig? ( sec-keys/openpgp-keys-libarchive )
+"
 
 multilib_src_configure() {
 	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
@@ -60,9 +69,9 @@ multilib_src_configure() {
 	)
 	if multilib_is_native_abi ; then
 		myconf+=(
-			--enable-bsdcat=$(tc-is-static-only && echo static || echo shared)
-			--enable-bsdcpio=$(tc-is-static-only && echo static || echo shared)
-			--enable-bsdtar=$(tc-is-static-only && echo static || echo shared)
+			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
 		)
 	else
 		myconf+=(
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1.ebuild
new file mode 100644
index 0000000000..6c0da89044
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1.ebuild
@@ -0,0 +1,126 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit multilib-minimal toolchain-funcs verify-sig
+
+DESCRIPTION="Multi-format archive and compression library"
+HOMEPAGE="https://www.libarchive.org/"
+SRC_URI="
+	https://www.libarchive.de/downloads/${P}.tar.gz
+	verify-sig? ( https://www.libarchive.de/downloads/${P}.tar.gz.asc )
+"
+
+LICENSE="BSD BSD-2 BSD-4 public-domain"
+SLOT="0/13"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
+
+RDEPEND="
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	acl? ( virtual/acl[${MULTILIB_USEDEP}] )
+	blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] )
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	expat? ( dev-libs/expat[${MULTILIB_USEDEP}] )
+	!expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] )
+	iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] )
+	kernel_linux? (
+		xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] )
+	)
+	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
+	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
+	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
+	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}
+	kernel_linux? (
+		virtual/os-headers
+		e2fsprogs? ( sys-fs/e2fsprogs )
+	)
+"
+BDEPEND="
+	verify-sig? ( sec-keys/openpgp-keys-libarchive )
+"
+
+multilib_src_configure() {
+	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
+
+	local myconf=(
+		$(use_enable acl)
+		$(use_enable static-libs static)
+		$(use_enable xattr)
+		$(use_with blake2 libb2)
+		$(use_with bzip2 bz2lib)
+		$(use_with expat)
+		$(use_with !expat xml2)
+		$(use_with iconv)
+		$(use_with lz4)
+		$(use_with lzma)
+		$(use_with lzo lzo2)
+		$(use_with nettle)
+		--with-zlib
+		$(use_with zstd)
+
+		# Windows-specific
+		--without-cng
+	)
+	if multilib_is_native_abi ; then
+		myconf+=(
+			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
+		)
+	else
+		myconf+=(
+			--disable-bsdcat
+			--disable-bsdcpio
+			--disable-bsdtar
+		)
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		emake libarchive.la
+	fi
+}
+
+src_test() {
+	mkdir -p "${T}"/bin || die
+	# tests fail when lbzip2[symlink] is used in place of ref bunzip2
+	ln -s "${BROOT}/bin/bunzip2" "${T}"/bin || die
+	local -x PATH=${T}/bin:${PATH}
+	multilib-minimal_src_test
+}
+
+multilib_src_test() {
+	# sandbox is breaking long symlink behavior
+	local -x SANDBOX_ON=0
+	local -x LD_PRELOAD=
+	# some locales trigger different output that breaks tests
+	local -x LC_ALL=C
+	emake check
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		emake DESTDIR="${D}" install
+	else
+		local install_targets=(
+			install-includeHEADERS
+			install-libLTLIBRARIES
+			install-pkgconfigDATA
+		)
+		emake DESTDIR="${D}" "${install_targets[@]}"
+	fi
+
+	# Libs.private: should be used from libarchive.pc instead
+	find "${ED}" -type f -name "*.la" -delete || die
+}

From c734e9c3dafbb15c874ec62e87a57de78963fa56 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Wed, 13 Apr 2022 10:23:31 +0200
Subject: [PATCH 2/2] changelog: add changelog for libarchive 3.6.1

---
 .../changelog/security/2022-04-12-libarchive-3.6.1.md            | 1 +
 .../changelog/updates/2022-04-12-libarchive-3.6.1.md             | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/security/2022-04-12-libarchive-3.6.1.md
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/updates/2022-04-12-libarchive-3.6.1.md

diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-04-12-libarchive-3.6.1.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-04-12-libarchive-3.6.1.md
new file mode 100644
index 0000000000..969fd50666
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-04-12-libarchive-3.6.1.md
@@ -0,0 +1 @@
+- libarchive ([CVE-2022-26280](https://nvd.nist.gov/vuln/detail/CVE-2022-26280))
diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-04-12-libarchive-3.6.1.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-04-12-libarchive-3.6.1.md
new file mode 100644
index 0000000000..19c99d3863
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-04-12-libarchive-3.6.1.md
@@ -0,0 +1 @@
+- libarchive [3.6.1](https://github.com/libarchive/libarchive/releases/tag/v3.6.1)