diff --git a/sdk_container/src/third_party/portage-stable/app-arch/gzip/Manifest b/sdk_container/src/third_party/portage-stable/app-arch/gzip/Manifest
index 25b7f1c633..bf24f30d75 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/gzip/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-arch/gzip/Manifest
@@ -1,2 +1,2 @@
-DIST gzip-1.10.tar.xz 775144 BLAKE2B 431dc0fd11061eabd9db86594777b86510b124b124fd74799eacd67334631af60f638be2638413bee0153a9da35528d0aecc5b5083152c395223705400c9103b SHA512 e6ba9e3906cdb6a6235b213515093d02afa1722686f73eddacbacae628542b586b449829783b6a1701e9b9e0c4d4dfa6845904d3b6b010f5cf21aec4997c9299
-DIST gzip-1.11.tar.xz 804096 BLAKE2B c251066f0bded6a6557a5cbfe5d20090c6446051c31fad610af4f9f7b2537c28fed1cfab424a459452db73b7d1df1361e5aeba163a9e980fc611faf408cac128 SHA512 af297c173297d588722f4d0f140a2ae4d3ea3861464191772fb2e11e47be43644b5ae01ed63f0051d6eb4751666284de53e14c4dd9f0c1d25f61cf676fbf11f3
+DIST gzip-1.12.tar.xz 825548 BLAKE2B 7e2d482c08555f5fb0ff5408c0afe48c61034e9779eed6e3dd8046c847234c0a8a6bc34d49a934a54db0d73033e12c71a228d373551384a4cd663315071637e0 SHA512 116326fe991828227de150336a0c016f4fe932dfbb728a16b4a84965256d9929574a4f5cfaf3cf6bb4154972ef0d110f26ab472c93e62ec9a5fd7a5d65abea24
+DIST gzip-1.12.tar.xz.sig 833 BLAKE2B ab7b4a759ef163d67f20773607ba0408ea9f1f7c7c224f43635fc3752acc521b74dbea4ec9ebb58a2f4fa13ecae19e00779b4b56c2cb95976301445beff817aa SHA512 1f4702797f7c5f1873c2f9c2f6210ba23824455d17ee82f50f0bf24240ed5bdf0090cf85338ccf76ba82422f8b4ad3a329d8bbf1350cb094d7bd61aa45550397
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.10.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.10.ebuild
deleted file mode 100644
index c7101f9155..0000000000
--- a/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.10.ebuild
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic
-
-DESCRIPTION="Standard GNU compressor"
-HOMEPAGE="https://www.gnu.org/software/gzip/"
-SRC_URI="mirror://gnu/gzip/${P}.tar.xz
-	https://alpha.gnu.org/gnu/gzip/${P}.tar.xz
-	mirror://gentoo/${P}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="pic static"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-1.3.8-install-symlinks.patch"
-)
-
-src_configure() {
-	use static && append-flags -static
-	# avoid text relocation in gzip
-	use pic && export DEFS="NO_ASM"
-	econf --disable-gcc-warnings #663928
-}
-
-src_install() {
-	default
-	docinto txt
-	dodoc algorithm.doc gzip.doc
-
-	# keep most things in /usr, just the fun stuff in /
-	dodir /bin
-	mv "${ED}"/usr/bin/{gunzip,gzip,uncompress,zcat} "${ED}"/bin/ || die
-	sed -e "s:${EPREFIX}/usr:${EPREFIX}:" -i "${ED}"/bin/gunzip || die
-}
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.11.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.12.ebuild
similarity index 53%
rename from sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.11.ebuild
rename to sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.12.ebuild
index 0d00a0f7aa..dd0eefb15a 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.11.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/gzip/gzip-1.12.ebuild
@@ -3,32 +3,42 @@
 
 EAPI=7
 
-inherit flag-o-matic
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gzip.asc
+inherit flag-o-matic verify-sig
 
 DESCRIPTION="Standard GNU compressor"
 HOMEPAGE="https://www.gnu.org/software/gzip/"
 SRC_URI="mirror://gnu/gzip/${P}.tar.xz
-	https://alpha.gnu.org/gnu/gzip/${P}.tar.xz
-	mirror://gentoo/${P}.tar.xz"
+	https://alpha.gnu.org/gnu/gzip/${P}.tar.xz"
+SRC_URI+=" verify-sig? (
+		mirror://gnu/gzip/${P}.tar.xz.sig
+		https://alpha.gnu.org/gnu/gzip/${P}.tar.xz.sig
+	)"
 
 LICENSE="GPL-3"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="pic static"
 
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-gzip )"
+
 PATCHES=(
 	"${FILESDIR}/${PN}-1.3.8-install-symlinks.patch"
 )
 
 src_configure() {
 	use static && append-flags -static
-	# avoid text relocation in gzip
+
+	# Avoid text relocation in gzip
 	use pic && export DEFS="NO_ASM"
-	econf --disable-gcc-warnings #663928
+
+	# bug #663928
+	econf --disable-gcc-warnings
 }
 
 src_install() {
 	default
+
 	docinto txt
 	dodoc algorithm.doc gzip.doc
 
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest
index dc2229967e..77263933d7 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/Manifest
@@ -1 +1,2 @@
 DIST xz-5.2.5.tar.gz 1791345 BLAKE2B aded57324e129572c41646b3cc3b0b59a459452d9338d9245663b63dac2a463fb1f1b2b1d2d4ad3c09cb71fb8439df52cd94f24db99e782fc899b94a288a3043 SHA512 7443674247deda2935220fbc4dfc7665e5bb5a260be8ad858c8bd7d7b9f0f868f04ea45e62eb17c0a5e6a2de7c7500ad2d201e2d668c48ca29bd9eea5a73a3ce
+DIST xz-5.2.5.tar.gz.sig 566 BLAKE2B 8b40d8d7913eaebe2595ea41a735d972d1969d8b58f42b2bee6591b51e2e626473fc85d64f1bbbff3cba6b0e1b4423556d6ddaf16f646ccc18ba1bad5cf45d83 SHA512 3aa21484bef0282ed0b83e3fcd5cf3d87bf51fa68e24d55bb11f91bc96f0ac29f468949bc4c8cc20fbd6ad12f5735686fe09ee42efe2b8d728010da9668aa5a9
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
new file mode 100644
index 0000000000..7293a982c2
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
@@ -0,0 +1,88 @@
+https://bugs.gentoo.org/837155
+https://git.tukaani.org/?p=xz.git;a=commitdiff;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6;hp=bd93b776c1bd15e90661033c918cdeb354dbcc38
+
+From: Lasse Collin <lasse.collin@tukaani.org>
+Date: Tue, 29 Mar 2022 19:19:12 +0300
+Subject: [PATCH 1/1] xzgrep: Fix escaping of malicious filenames
+ (ZDI-CAN-16587).
+
+Malicious filenames can make xzgrep to write to arbitrary files
+or (with a GNU sed extension) lead to arbitrary code execution.
+
+xzgrep from XZ Utils versions up to and including 5.2.5 are
+affected. 5.3.1alpha and 5.3.2alpha are affected as well.
+This patch works for all of them.
+
+This bug was inherited from gzip's zgrep. gzip 1.12 includes
+a fix for zgrep.
+
+The issue with the old sed script is that with multiple newlines,
+the N-command will read the second line of input, then the
+s-commands will be skipped because it's not the end of the
+file yet, then a new sed cycle starts and the pattern space
+is printed and emptied. So only the last line or two get escaped.
+
+One way to fix this would be to read all lines into the pattern
+space first. However, the included fix is even simpler: All lines
+except the last line get a backslash appended at the end. To ensure
+that shell command substitution doesn't eat a possible trailing
+newline, a colon is appended to the filename before escaping.
+The colon is later used to separate the filename from the grep
+output so it is fine to add it here instead of a few lines later.
+
+The old code also wasn't POSIX compliant as it used \n in the
+replacement section of the s-command. Using \<newline> is the
+POSIX compatible method.
+
+LC_ALL=C was added to the two critical sed commands. POSIX sed
+manual recommends it when using sed to manipulate pathnames
+because in other locales invalid multibyte sequences might
+cause issues with some sed implementations. In case of GNU sed,
+these particular sed scripts wouldn't have such problems but some
+other scripts could have, see:
+
+    info '(sed)Locale Considerations'
+
+This vulnerability was discovered by:
+cleemy desu wayo working with Trend Micro Zero Day Initiative
+
+Thanks to Jim Meyering and Paul Eggert discussing the different
+ways to fix this and for coordinating the patch release schedule
+with gzip.
+--- a/src/scripts/xzgrep.in
++++ b/src/scripts/xzgrep.in
+@@ -180,22 +180,26 @@ for i; do
+          { test $# -eq 1 || test $no_filename -eq 1; }; then
+       eval "$grep"
+     else
++      # Append a colon so that the last character will never be a newline
++      # which would otherwise get lost in shell command substitution.
++      i="$i:"
++
++      # Escape & \ | and newlines only if such characters are present
++      # (speed optimization).
+       case $i in
+       (*'
+ '* | *'&'* | *'\'* | *'|'*)
+-        i=$(printf '%s\n' "$i" |
+-            sed '
+-              $!N
+-              $s/[&\|]/\\&/g
+-              $s/\n/\\n/g
+-            ');;
++        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
+       esac
+-      sed_script="s|^|$i:|"
++
++      # $i already ends with a colon so don't add it here.
++      sed_script="s|^|$i|"
+ 
+       # Fail if grep or sed fails.
+       r=$(
+         exec 4>&1
+-        (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
++        (eval "$grep" 4>&-; echo $? >&4) 3>&- |
++            LC_ALL=C sed "$sed_script" >&3 4>&-
+       ) || r=2
+       exit $r
+     fi >&3 5>&-
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/metadata.xml b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/metadata.xml
index 290b6fa614..75ad4f69f9 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/metadata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <maintainer type="project">
 	<email>base-system@gentoo.org</email>
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
similarity index 62%
rename from sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
index 6b76f4511b..752953853e 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # Remember: we cannot leverage autotools in this ebuild in order
@@ -8,20 +8,27 @@ EAPI=7
 
 inherit libtool multilib multilib-minimal preserve-libs usr-ldscript
 
-if [[ ${PV} == "9999" ]] ; then
+if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.tukaani.org/xz.git"
 	inherit git-r3 autotools
-	SRC_URI=""
-	BDEPEND="sys-devel/gettext dev-vcs/cvs >=sys-devel/libtool-2" #272880 286068
+
+	# bug #272880 and bug #286068
+	BDEPEND="sys-devel/gettext >=sys-devel/libtool-2"
 else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/lassecollin.asc
+	inherit verify-sig
+
 	MY_P="${PN/-utils}-${PV/_}"
 	SRC_URI="https://tukaani.org/xz/${MY_P}.tar.gz"
-	[[ "${PV}" == *_alpha* ]] || [[ "${PV}" == *_beta* ]] || \
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	SRC_URI+=" verify-sig? ( https://tukaani.org/xz/${MY_P}.tar.gz.sig )"
+
+	if [[ ${PV} != *_alpha* ]] && [[ ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
 	S="${WORKDIR}/${MY_P}"
 fi
 
-DESCRIPTION="utils for managing LZMA compressed files"
+DESCRIPTION="Utils for managing LZMA compressed files"
 HOMEPAGE="https://tukaani.org/xz/"
 
 # See top-level COPYING file as it outlines the various pieces and their licenses.
@@ -33,17 +40,24 @@ RDEPEND="!<app-arch/lzma-4.63
 	!<app-arch/p7zip-4.57
 	!<app-i18n/man-pages-de-2.16"
 DEPEND="${RDEPEND}"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-lassecollin )"
 
 # Tests currently do not account for smaller feature set
 RESTRICT="!extra-filters? ( test )"
 
+PATCHES=(
+	"${FILESDIR}"/${P}-xzgrep-ZDI-CAN-16587.patch
+)
+
 src_prepare() {
 	default
-	if [[ ${PV} == "9999" ]] ; then
+
+	if [[ ${PV} == 9999 ]] ; then
 		eautopoint
 		eautoreconf
 	else
-		elibtoolize  # to allow building shared libs on Solaris/x64
+		# Allow building shared libs on Solaris/x64
+		elibtoolize
 	fi
 }
 
@@ -53,24 +67,32 @@ multilib_src_configure() {
 		$(use_enable nls)
 		$(use_enable static-libs static)
 	)
-	multilib_is_native_abi ||
-		myconf+=( --disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts} )
-	if ! use extra-filters; then
+
+	if ! multilib_is_native_abi ; then
+		myconf+=(
+			--disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts}
+		)
+	fi
+
+	if ! use extra-filters ; then
 		myconf+=(
 			# LZMA1 + LZMA2 for standard .lzma & .xz files
 			--enable-encoders=lzma1,lzma2
 			--enable-decoders=lzma1,lzma2
+
 			# those are used by default, depending on preset
 			--enable-match-finders=hc3,hc4,bt4
+
 			# CRC64 is used by default, though some (old?) files use CRC32
 			--enable-checks=crc32,crc64
 		)
 	fi
 
 	if [[ ${CHOST} == *-solaris* ]] ; then
-		# undo Solaris-based defaults pointing to /usr/xpg5/bin
+		export gl_cv_posix_shell="${EPREFIX}"/bin/sh
+
+		# Undo Solaris-based defaults pointing to /usr/xpg5/bin
 		myconf+=( --disable-path-for-script )
-		export gl_cv_posix_shell=${EPREFIX}/bin/sh
 	fi
 
 	ECONF_SOURCE="${S}" econf "${myconf[@]}"
@@ -78,6 +100,7 @@ multilib_src_configure() {
 
 multilib_src_install() {
 	default
+
 	gen_usr_ldscript -a lzma
 }
 
diff --git a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-9999.ebuild b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-9999.ebuild
index 605cc8401a..0397c369c1 100644
--- a/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/xz-utils/xz-utils-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # Remember: we cannot leverage autotools in this ebuild in order
@@ -8,20 +8,27 @@ EAPI=7
 
 inherit libtool multilib multilib-minimal preserve-libs usr-ldscript
 
-if [[ ${PV} == "9999" ]] ; then
+if [[ ${PV} == 9999 ]] ; then
 	EGIT_REPO_URI="https://git.tukaani.org/xz.git"
 	inherit git-r3 autotools
-	SRC_URI=""
-	BDEPEND="sys-devel/gettext dev-vcs/cvs >=sys-devel/libtool-2" #272880 286068
+
+	# bug #272880 and bug #286068
+	BDEPEND="sys-devel/gettext >=sys-devel/libtool-2"
 else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/lassecollin.asc
+	inherit verify-sig
+
 	MY_P="${PN/-utils}-${PV/_}"
 	SRC_URI="https://tukaani.org/xz/${MY_P}.tar.gz"
-	[[ "${PV}" == *_alpha* ]] || [[ "${PV}" == *_beta* ]] || \
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	SRC_URI+=" verify-sig? ( https://tukaani.org/xz/${MY_P}.tar.gz.sig )"
+
+	if [[ ${PV} != *_alpha* ]] && [[ ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
 	S="${WORKDIR}/${MY_P}"
 fi
 
-DESCRIPTION="utils for managing LZMA compressed files"
+DESCRIPTION="Utils for managing LZMA compressed files"
 HOMEPAGE="https://tukaani.org/xz/"
 
 # See top-level COPYING file as it outlines the various pieces and their licenses.
@@ -34,16 +41,22 @@ RDEPEND="!<app-arch/lzma-4.63
 	!<app-i18n/man-pages-de-2.16"
 DEPEND="${RDEPEND}"
 
+if [[ ${PV} != 9999 ]] ; then
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-lassecollin )"
+fi
+
 # Tests currently do not account for smaller feature set
 RESTRICT="!extra-filters? ( test )"
 
 src_prepare() {
 	default
-	if [[ ${PV} == "9999" ]] ; then
+
+	if [[ ${PV} == 9999 ]] ; then
 		eautopoint
 		eautoreconf
 	else
-		elibtoolize  # to allow building shared libs on Solaris/x64
+		# Allow building shared libs on Solaris/x64
+		elibtoolize
 	fi
 }
 
@@ -53,24 +66,32 @@ multilib_src_configure() {
 		$(use_enable nls)
 		$(use_enable static-libs static)
 	)
-	multilib_is_native_abi ||
-		myconf+=( --disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts} )
-	if ! use extra-filters; then
+
+	if ! multilib_is_native_abi ; then
+		myconf+=(
+			--disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts}
+		)
+	fi
+
+	if ! use extra-filters ; then
 		myconf+=(
 			# LZMA1 + LZMA2 for standard .lzma & .xz files
 			--enable-encoders=lzma1,lzma2
 			--enable-decoders=lzma1,lzma2
+
 			# those are used by default, depending on preset
 			--enable-match-finders=hc3,hc4,bt4
+
 			# CRC64 is used by default, though some (old?) files use CRC32
 			--enable-checks=crc32,crc64
 		)
 	fi
 
 	if [[ ${CHOST} == *-solaris* ]] ; then
-		# undo Solaris-based defaults pointing to /usr/xpg5/bin
+		export gl_cv_posix_shell="${EPREFIX}"/bin/sh
+
+		# Undo Solaris-based defaults pointing to /usr/xpg5/bin
 		myconf+=( --disable-path-for-script )
-		export gl_cv_posix_shell=${EPREFIX}/bin/sh
 	fi
 
 	ECONF_SOURCE="${S}" econf "${myconf[@]}"
@@ -78,6 +99,7 @@ multilib_src_configure() {
 
 multilib_src_install() {
 	default
+
 	gen_usr_ldscript -a lzma
 }
 
diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-05-02-gzip-xz-utils.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-05-02-gzip-xz-utils.md
new file mode 100644
index 0000000000..d8bfd5854a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-05-02-gzip-xz-utils.md
@@ -0,0 +1 @@
+- gzip,xz-utils ([CVE-2022-1271](https://nvd.nist.gov/vuln/detail/CVE-2022-1271))
diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-05-02-gzip-1.12.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-05-02-gzip-1.12.md
new file mode 100644
index 0000000000..ace8b3b629
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-05-02-gzip-1.12.md
@@ -0,0 +1 @@
+- gzip [1.12](https://savannah.gnu.org/forum/forum.php?forum_id=10157)