sys-apps/file: update to 5.39

Update sys-apps/file to 5.39 to address
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218 .

sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest

@@ -1 +1,3 @@
-DIST file-5.33.tar.gz 817060 BLAKE2B 735f176f09085243dacaddda1b734ef2191ff1684f08022ed1874e84fd0c84679b5a765383c5c5ad27a7216abc23b9c2211fb7110846122563e18285de0f0e51 SHA512 36c9f2e2aa814b5557eef114fdd3de159688c7a3c9632a9f5c6355c4d2a5694cee81279bda80897616fca07289a7fedb1f797439a2903c76dc84870694773c9e
+DIST file-5.37.tar.gz 887682 BLAKE2B c5635e5de879af31cbef1c988275ab8620133909d146769b27a2f8eefa90871fad5fa75e66b9e1d77a6261e5d6dec315fb5a8ad587d8c214eaa0bc2e5a929fe7 SHA512 bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d
+DIST file-5.38.tar.gz 932528 BLAKE2B 08d8d56e2e1b6a0c9fb0caed89ca6145bf683ecc52a639c036ded01b913e7eea75d9235851a2fbd410cbc9b929c26579b06fe1d54fb73817c951bef3544bc345 SHA512 9eeeba69cbc9f0c00a0bdf9eaf60c73a4a709e797068f109d85c1ef2a19c8b0e012ecd73714f03cbb1770dfa717e8a661ad746b644cc030cafbfb1f7aac35a40
+DIST file-5.39.tar.gz 954266 BLAKE2B 4d6d9a6317961e0a2aa391f502b0be8bbb40ede57c3470230d91aaf9ce5d35bcaceb32d551ca5a391fc8c40b64517fdb996833a8b1ca47ced7e92e9e545d2682 SHA512 9cf1a7b769c56eb6f5b25c66ce85fa1300128396e445b2e53dbbd8951e5da973a7a07c4ef9f7ebd1fe945d47bdaf2cd9ef09bd2be6c217a0bcb907d9449835e6

sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.37-r1.ebuild

@@ -1,19 +1,19 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+PYTHON_COMPAT=( python3_{6,7} )
 DISTUTILS_OPTIONAL=1
 
-inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal
+inherit distutils-r1 libtool toolchain-funcs multilib-minimal
 
 if [[ ${PV} == "9999" ]] ; then
 	EGIT_REPO_URI="https://github.com/glensc/file.git"
 	inherit autotools git-r3
 else
 	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
-	KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 fi
 
 DESCRIPTION="identify a file's format by scanning binary data for patterns"
@@ -33,7 +33,7 @@ DEPEND="
 RDEPEND="${DEPEND}
 	python? ( !dev-python/python-magic )"
 
-PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch )
+PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch )
 
 src_prepare() {
 	default
@@ -42,7 +42,8 @@ src_prepare() {
 	elibtoolize
 
 	# don't let python README kill main README #60043
-	mv python/README{,.python} || die
+	mv python/README.md python/README.python.md || die
+	sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
 }
 
 multilib_src_configure() {
@@ -63,7 +64,7 @@ src_configure() {
 		mkdir -p "${WORKDIR}"/build || die
 		cd "${WORKDIR}"/build || die
 		tc-export_build_env BUILD_C{C,XX}
-		ECONF_SOURCE=${S} \
+		ECONF_SOURCE="${S}" \
 		ac_cv_header_zlib_h=no \
 		ac_cv_lib_z_gzopen=no \
 		CHOST=${CBUILD} \
@@ -123,5 +124,5 @@ multilib_src_install_all() {
 		cd python || die
 		distutils-r1_src_install
 	fi
-	prune_libtool_files
+	find "${ED}" -type f -name "*.la" -delete || die
 }

sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild

@@ -0,0 +1,142 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..7} )
+DISTUTILS_OPTIONAL=1
+
+inherit distutils-r1 libtool toolchain-funcs multilib-minimal
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit autotools git-r3
+else
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="bzip2 lzma python static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	python? ( !dev-python/python-magic )"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch
+	"${FILESDIR}"/${P}-td-is-for-ptrdiff_t-not-for-off_t.patch
+	"${FILESDIR}"/${P}-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch
+)
+
+src_prepare() {
+	default
+
+	[[ ${PV} == "9999" ]] && eautoreconf
+	elibtoolize
+
+	# don't let python README kill main README #60043
+	mv python/README.md python/README.python.md || die
+	sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--disable-libseccomp
+		--enable-fsect-man5
+		$(use_enable bzip2 bzlib)
+		$(use_enable lzma xzlib)
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+build_src_configure() {
+	local myeconfargs=(
+		--disable-shared
+		--disable-libseccomp
+		--disable-bzlib
+		--disable-xzlib
+		--disable-zlib
+	)
+	tc-env_build econf "${myeconfargs[@]}"
+}
+
+need_build_file() {
+	# when cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions #362941
+	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
+}
+
+src_configure() {
+	local ECONF_SOURCE=${S}
+
+	if need_build_file; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		build_src_configure
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		cd src || die
+		emake magic.h #586444
+		emake libmagic.la
+	fi
+}
+
+src_compile() {
+	if need_build_file; then
+		emake -C "${WORKDIR}"/build/src magic.h #586444
+		emake -C "${WORKDIR}"/build/src file
+		local -x PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT README
+
+	# Required for `file -C`
+	dodir /usr/share/misc/magic
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+	find "${ED}" -type f -name "*.la" -delete || die
+}

sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild

@@ -0,0 +1,146 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..7} )
+DISTUTILS_OPTIONAL=1
+
+inherit distutils-r1 libtool toolchain-funcs multilib-minimal
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit autotools git-r3
+else
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="bzip2 lzma python seccomp static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	python? ( !dev-python/python-magic )
+	seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )"
+
+PATCHES=(
+	"${FILESDIR}/file-5.39-add-missing-termios.patch" #728416
+	"${FILESDIR}/file-5.39-seccomp-musl.patch"
+	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
+)
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+
+	elibtoolize
+
+	# don't let python README kill main README #60043
+	mv python/README.md python/README.python.md || die
+	sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-fsect-man5
+		$(use_enable bzip2 bzlib)
+		$(use_enable lzma xzlib)
+		$(use_enable seccomp libseccomp)
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+build_src_configure() {
+	local myeconfargs=(
+		--disable-shared
+		--disable-libseccomp
+		--disable-bzlib
+		--disable-xzlib
+		--disable-zlib
+	)
+	tc-env_build econf "${myeconfargs[@]}"
+}
+
+need_build_file() {
+	# when cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions #362941
+	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
+}
+
+src_configure() {
+	local ECONF_SOURCE=${S}
+
+	if need_build_file; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		build_src_configure
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		cd src || die
+		emake magic.h #586444
+		emake libmagic.la
+	fi
+}
+
+src_compile() {
+	if need_build_file; then
+		emake -C "${WORKDIR}"/build/src magic.h #586444
+		emake -C "${WORKDIR}"/build/src file
+		local -x PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT README
+
+	# Required for `file -C`
+	dodir /usr/share/misc/magic
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+	find "${ED}" -type f -name "*.la" -delete || die
+}

sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild

@@ -1,19 +1,19 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
-PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+PYTHON_COMPAT=( python3_{6..7} )
 DISTUTILS_OPTIONAL=1
 
-inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal
+inherit distutils-r1 libtool toolchain-funcs multilib-minimal
 
 if [[ ${PV} == "9999" ]] ; then
 	EGIT_REPO_URI="https://github.com/glensc/file.git"
 	inherit autotools git-r3
 else
 	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 fi
 
 DESCRIPTION="identify a file's format by scanning binary data for patterns"
@@ -21,10 +21,12 @@ HOMEPAGE="https://www.darwinsys.com/file/"
 
 LICENSE="BSD-2"
 SLOT="0"
-IUSE="python seccomp static-libs zlib"
+IUSE="bzip2 lzma python seccomp static-libs zlib"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
 DEPEND="
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
 	python? (
 		${PYTHON_DEPS}
 		dev-python/setuptools[${PYTHON_USEDEP}]
@@ -32,47 +34,63 @@ DEPEND="
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
 RDEPEND="${DEPEND}
 	python? ( !dev-python/python-magic )
-	seccomp? ( sys-libs/libseccomp )"
+	seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )"
+
+PATCHES=(
+	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
+)
 
 src_prepare() {
 	default
 
-	[[ ${PV} == "9999" ]] && eautoreconf
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+
 	elibtoolize
 
 	# don't let python README kill main README #60043
-	mv python/README.md README.python || die
+	mv python/README.md python/README.python.md || die
+	sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
 }
 
 multilib_src_configure() {
 	local myeconfargs=(
 		--enable-fsect-man5
+		$(use_enable bzip2 bzlib)
+		$(use_enable lzma xzlib)
 		$(use_enable seccomp libseccomp)
 		$(use_enable static-libs static)
 		$(use_enable zlib)
 	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+	econf "${myeconfargs[@]}"
 }
 
-src_configure() {
+build_src_configure() {
+	local myeconfargs=(
+		--disable-shared
+		--disable-libseccomp
+		--disable-bzlib
+		--disable-xzlib
+		--disable-zlib
+	)
+	tc-env_build econf "${myeconfargs[@]}"
+}
+
+need_build_file() {
 	# when cross-compiling, we need to build up our own file
 	# because people often don't keep matching host/target
 	# file versions #362941
-	if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then
+	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
+}
+
+src_configure() {
+	local ECONF_SOURCE=${S}
+
+	if need_build_file; then
 		mkdir -p "${WORKDIR}"/build || die
 		cd "${WORKDIR}"/build || die
-		tc-export_build_env BUILD_C{C,XX}
-		ECONF_SOURCE=${S} \
-		ac_cv_header_zlib_h=no \
-		ac_cv_lib_z_gzopen=no \
-		CHOST=${CBUILD} \
-		CFLAGS=${BUILD_CFLAGS} \
-		CXXFLAGS=${BUILD_CXXFLAGS} \
-		CPPFLAGS=${BUILD_CPPFLAGS} \
-		LDFLAGS="${BUILD_LDFLAGS} -static" \
-		CC=${BUILD_CC} \
-		CXX=${BUILD_CXX} \
-		econf --disable-shared $(use_enable seccomp libseccomp)
+		build_src_configure
 	fi
 
 	multilib-minimal_src_configure
@@ -89,10 +107,10 @@ multilib_src_compile() {
 }
 
 src_compile() {
-	if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then
+	if need_build_file; then
 		emake -C "${WORKDIR}"/build/src magic.h #586444
 		emake -C "${WORKDIR}"/build/src file
-		PATH="${WORKDIR}/build/src:${PATH}"
+		local -x PATH="${WORKDIR}/build/src:${PATH}"
 	fi
 	multilib-minimal_src_compile
 
@@ -122,5 +140,5 @@ multilib_src_install_all() {
 		cd python || die
 		distutils-r1_src_install
 	fi
-	prune_libtool_files
+	find "${ED}" -type f -name "*.la" -delete || die
 }

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch

@@ -1,18 +0,0 @@
-Avoid reading past the end of buffer
-
-CVE-2018-10360
-
-https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
-
---- a/src/readelf.c
-+++ b/src/readelf.c
-@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
- 
- 				cname = (unsigned char *)
- 				    &nbuf[doff + prpsoffsets(i)];
--				for (cp = cname; *cp && isprint(*cp); cp++)
-+				for (cp = cname; cp < nbuf + size && *cp
-+				    && isprint(*cp); cp++)
- 					continue;
- 				/*
- 				 * Linux apparently appends a space at the end

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch

@@ -0,0 +1,36 @@
+CVE-2019-18218
+https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch

@@ -0,0 +1,40 @@
+From c9d21a58bea2ecb2dc8876e09e471094d54a25e4 Mon Sep 17 00:00:00 2001
+From: Thomas Deutschmann <whissi@gentoo.org>
+Date: Mon, 13 Apr 2020 01:08:12 +0200
+Subject: [PATCH 1/3] Revert "PR/93: iaeiaeiaeiae: Do as the comment says, and
+ count as dynamically linked"
+
+This reverts commit 24c9c086cd7c55b7b0a003a145b32466468e2608.
+
+Fixes misdetection of shared libraries as statically linked as
+reported in bug 717264.
+
+Bug: https://bugs.gentoo.org/717264
+Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
+---
+ src/readelf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 40bcfab1..afec31d1 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -1638,6 +1638,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 		/* Things we can determine before we seek */
+ 		switch (xph_type) {
+ 		case PT_DYNAMIC:
++			linking_style = "dynamically";
+ 			doread = 1;
+ 			break;
+ 		case PT_NOTE:
+@@ -1653,7 +1654,6 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ 			}
+ 			/*FALLTHROUGH*/
+ 		case PT_INTERP:
+-			linking_style = "dynamically";
+ 			doread = 1;
+ 			break;
+ 		default:
+-- 
+2.26.0
+

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch

@@ -0,0 +1,29 @@
+From ed971e5e3ae79bd28697d16c8b78b693052484e4 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 12 Feb 2020 22:17:33 +0000
+Subject: [PATCH 3/3] The executable bit is only set when DF_1_PIE bit is set
+ so it is fine.
+
+---
+ magic/Magdir/elf | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/magic/Magdir/elf b/magic/Magdir/elf
+index b5a2e00b..f5e1af9a 100644
+--- a/magic/Magdir/elf
++++ b/magic/Magdir/elf
+@@ -50,8 +50,9 @@
+ !:mime	application/x-object
+ >16	leshort		2		executable,
+ !:mime	application/x-executable
+->16	leshort		3		shared object,
+-!:mime	application/x-sharedlib
++>16	leshort		3		${x?pie executable:shared object},
++
++!:mime	application/x-${x?pie-executable:sharedlib}
+ >16	leshort		4		core file,
+ !:mime	application/x-coredump
+ # OS-specific
+-- 
+2.26.0
+

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch

@@ -0,0 +1,27 @@
+From c49dc91df427f89ebcf9cdec556b8fc88cdfc3c1 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Tue, 17 Dec 2019 15:27:27 +0000
+Subject: [PATCH 2/3] %td is for ptrdiff_t not for off_t.
+
+---
+ src/readelf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index afec31d1..8ac3b7d6 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -1349,8 +1349,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
+ 	name_off = xsh_offset;
+ 
+ 	if (fsize != SIZE_UNKNOWN && fsize < name_off) {
+-		if (file_printf(ms, ", too large section header offset %td",
+-		    name_off) == -1)
++		if (file_printf(ms, ", too large section header offset %jd",
++		    (intmax_t)name_off) == -1)
+ 			return -1;
+ 		return 0;
+ 	}
+-- 
+2.26.0
+

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch

@@ -0,0 +1,30 @@
+From 471e2c6c61ecd30ba6e304ae0444d364cfd44254 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Thu, 18 Jun 2020 16:25:12 +0000
+Subject: [PATCH] PR/168: gyakovlev: Include <termios.h>
+
+---
+ src/seccomp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index e667adfe4..68c56485d 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -27,7 +27,7 @@
+ #include "file.h"
+ 
+ #ifndef	lint
+-FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
++FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
+ #endif	/* lint */
+ 
+ #if HAVE_LIBSECCOMP
+@@ -35,6 +35,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
+ #include <sys/prctl.h> /* prctl */
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
++#include <termios.h>
+ #include <fcntl.h>
+ #include <stdlib.h>
+ #include <errno.h>

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch

@@ -0,0 +1,26 @@
+From 81765a2d4fcce23f42495d5ec03bbfecb2a3c381 Mon Sep 17 00:00:00 2001
+From: tka <tka@kamph.org>
+Date: Wed, 24 Jun 2020 11:18:45 +0200
+Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox
+
+Bug: https://bugs.gentoo.org/728978
+---
+ src/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index db9364ae..7f5d6f26 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -229,6 +229,8 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(write);
+ 	ALLOW_RULE(writev);
+ 
++	// needed by Gentoo's portage sandbox
++	ALLOW_RULE(getcwd);
+ 
+ #if 0
+ 	// needed by valgrind
+-- 
+2.28.0
+

sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch

@@ -0,0 +1,37 @@
+From 93c91e2ba8042d499fee168e27cbd526438454c6 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sat, 5 Sep 2020 17:20:32 +0000
+Subject: [PATCH] PR/194: puchuu: Handle muslc syscalls
+
+---
+ src/seccomp.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index 68c56485d..db9364ae4 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -27,7 +27,7 @@
+ #include "file.h"
+ 
+ #ifndef	lint
+-FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
++FILE_RCSID("@(#)$File: seccomp.c,v 1.17 2020/09/05 17:20:32 christos Exp $")
+ #endif	/* lint */
+ 
+ #if HAVE_LIBSECCOMP
+@@ -220,12 +220,14 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(rt_sigreturn);
+ 	ALLOW_RULE(select);
+ 	ALLOW_RULE(stat);
++	ALLOW_RULE(statx);
+ 	ALLOW_RULE(stat64);
+ 	ALLOW_RULE(sysinfo);
+ 	ALLOW_RULE(umask);	// Used in file_pipe2file()
+ 	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
+ 	ALLOW_RULE(unlink);
+ 	ALLOW_RULE(write);
++	ALLOW_RULE(writev);
+ 
+ 
+ #if 0

sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml

@@ -6,6 +6,7 @@
 	<name>Gentoo Base System</name>
 </maintainer>
 <upstream>
-	<bugs-to>http://bugs.gw.com/</bugs-to>
+	<bugs-to>https://bugs.astron.com/</bugs-to>
+	<remote-id type="cpe">cpe:/a:file_project:file</remote-id>
 </upstream>
 </pkgmetadata>