From 742241952b38029cff46c0fe9f9e8130c492d6cc Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 12 Sep 2022 11:54:57 +0200
Subject: [PATCH 1/2] profiles: update rsync version to 3.2.6

To address CVE-2022-29154, we need to accept keywords ~amd64 and
~arm64 for rsync 3.2.6.
---
 .../profiles/coreos/base/package.accept_keywords              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 62a04d5959..c268f1c9f5 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -19,8 +19,8 @@
 
 =net-misc/openssh-8.8_p1-r3 ~amd64 ~arm64
 
-# Required for addressing CVE-2018-25032 in its bundled zlib
-=net-misc/rsync-3.2.4-r1 ~amd64 ~arm64
+# Required for addressing CVE-2022-29154
+=net-misc/rsync-3.2.6 ~amd64 ~arm64
 
 # To address security issues like CVE-2021-31879, we need to accept
 # keywords for wget 1.21.2.

From f9299ed19be953dd5858039ce55b1154d5c02582 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 12 Sep 2022 11:55:00 +0200
Subject: [PATCH 2/2] profiles: delete cpu_flags_x86_sse2 USE flag from rsync

Since rsync 3.2.4, IUSE_CPU_FLAGS_X86="sse2" does not exist any
more in upstream ebuilds. So it is not necessary to disable
`cpu_flags_x86_sse2` USE flag for avoiding cross toolchain build
failures.
---
 .../coreos-overlay/profiles/coreos/base/package.use            | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index 4fb4e507f1..baeb75273c 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -100,9 +100,6 @@ app-emulation/docker-runc selinux
 # enable regular expression processing in jq
 app-misc/jq oniguruma
 
-# Disable sse2 from CPU_FLAGS_X86 to avoid config error around simd
-net-misc/rsync -cpu_flags_x86_sse2
-
 # Don't read the firmware config from /etc/portage/savedconfig/
 sys-kernel/coreos-firmware -savedconfig