Merge pull request #2070 from flatcar/buildbot/weekly-portage-stable-…

…package-updates-2024-07-01

Weekly portage-stable package updates 2024-07-01

.github/workflows/portage-stable-packages-list

@@ -97,16 +97,27 @@ app-arch/zstd
 
 app-cdr/cdrtools
 
+app-containers/aardvark-dns
+app-containers/catatonit
+app-containers/conmon
+app-containers/containers-common
+app-containers/containers-image
+app-containers/containers-shortnames
+app-containers/containers-storage
 app-containers/cri-tools
+app-containers/crun
 app-containers/docker
 app-containers/docker-cli
+app-containers/netavark
+app-containers/podman
 app-containers/runc
 
 app-crypt/adcli
 app-crypt/argon2
 app-crypt/ccid
 app-crypt/efitools
 app-crypt/gnupg
+app-crypt/gpgme
 app-crypt/libb2
 app-crypt/libmd
 app-crypt/mhash
@@ -174,13 +185,16 @@ dev-build/meson
 dev-build/meson-format-array
 dev-build/ninja
 
+dev-cpp/abseil-cpp
 dev-cpp/gtest
 
 dev-db/sqlite
 
 dev-debug/gdb
 dev-debug/strace
 
+dev-go/go-md2man
+
 dev-lang/duktape
 dev-lang/go-bootstrap
 dev-lang/lua
@@ -240,6 +254,7 @@ dev-libs/libxslt
 dev-libs/libyaml
 dev-libs/lzo
 dev-libs/mpc
+dev-libs/mpdecimal
 dev-libs/mpfr
 dev-libs/nettle
 dev-libs/npth
@@ -250,11 +265,13 @@ dev-libs/popt
 dev-libs/protobuf
 dev-libs/userspace-rcu
 dev-libs/xmlsec
+dev-libs/yajl
 
 dev-perl/File-Slurp
 dev-perl/Parse-Yapp
 
 dev-python/autocommand
+dev-python/backports-tarfile
 dev-python/crcmod
 dev-python/cython
 dev-python/distro
@@ -268,7 +285,6 @@ dev-python/flit-core
 dev-python/gentoo-common
 dev-python/gpep517
 dev-python/hatchling
-dev-python/inflect
 dev-python/installer
 dev-python/jaraco-context
 dev-python/jaraco-functools
@@ -278,9 +294,11 @@ dev-python/lazy-object-proxy
 dev-python/lxml
 dev-python/markupsafe
 dev-python/more-itertools
+dev-python/olefile
 dev-python/ordered-set
 dev-python/packaging
 dev-python/pathspec
+dev-python/pillow
 dev-python/platformdirs
 dev-python/pluggy
 dev-python/pydecomp
@@ -289,9 +307,7 @@ dev-python/setuptools
 dev-python/setuptools-scm
 dev-python/six
 dev-python/snakeoil
-dev-python/tomli
 dev-python/trove-classifiers
-dev-python/typing-extensions
 dev-python/wheel
 
 dev-util/bpftool
@@ -350,6 +366,7 @@ eclass/lua-utils.eclass
 eclass/meson-multilib.eclass
 eclass/meson.eclass
 eclass/mount-boot.eclass
+eclass/mount-boot-utils.eclass
 eclass/multibuild.eclass
 eclass/multilib-build.eclass
 eclass/multilib-minimal.eclass
@@ -384,6 +401,7 @@ eclass/toolchain-autoconf.eclass
 eclass/toolchain-funcs.eclass
 eclass/toolchain.eclass
 eclass/udev.eclass
+eclass/unpacker.eclass
 eclass/user-info.eclass
 # This file is modified by us to be an empty file, so can't be synced for now.
 #
@@ -465,6 +483,7 @@ sec-policy/selinux-base
 sec-policy/selinux-base-policy
 sec-policy/selinux-container
 sec-policy/selinux-dbus
+sec-policy/selinux-policykit
 sec-policy/selinux-sssd
 sec-policy/selinux-unconfined
 
@@ -550,6 +569,7 @@ sys-fs/dosfstools
 sys-fs/e2fsprogs
 sys-fs/fuse
 sys-fs/fuse-common
+sys-fs/fuse-overlayfs
 sys-fs/lsscsi
 sys-fs/mtools
 sys-fs/multipath-tools
@@ -559,7 +579,6 @@ sys-fs/udisks
 sys-fs/xfsprogs
 sys-fs/zfs
 sys-fs/zfs-kmod
-app-containers/podman
 net-misc/passt
 
 sys-kernel/linux-headers

changelog/security/2024-07-05-weekly-updates.md

@@ -0,0 +1,7 @@
+- libarchive ([CVE-2024-26256](https://nvd.nist.gov/vuln/detail/CVE-2024-26256), [CVE-2024-37407](https://nvd.nist.gov/vuln/detail/CVE-2024-37407))
+- mit-krb5 ([CVE-2024-26461](https://nvd.nist.gov/vuln/detail/CVE-2024-26461), [CVE-2024-26462](https://nvd.nist.gov/vuln/detail/CVE-2024-26462), [CVE-2024-37370](https://nvd.nist.gov/vuln/detail/CVE-2024-37370), [CVE-2024-37371](https://nvd.nist.gov/vuln/detail/CVE-2024-37371))
+- tpm2-tools ([CVE-2024-29038](https://nvd.nist.gov/vuln/detail/CVE-2024-29038), [CVE-2024-29039](https://nvd.nist.gov/vuln/detail/CVE-2024-29039), [CVE-2024-29040](https://nvd.nist.gov/vuln/detail/CVE-2024-29040))
+- glib ([CVE-2024-34397](https://nvd.nist.gov/vuln/detail/CVE-2024-34397))
+- libxml2 ([CVE-2024-34459](https://nvd.nist.gov/vuln/detail/CVE-2024-34459))
+- git ([CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002), [CVE-2024-32004](https://nvd.nist.gov/vuln/detail/CVE-2024-32004), [CVE-2024-32020](https://nvd.nist.gov/vuln/detail/CVE-2024-32020), [CVE-2024-32021](https://nvd.nist.gov/vuln/detail/CVE-2024-32021), [CVE-2024-32465](https://nvd.nist.gov/vuln/detail/CVE-2024-32465))
+- intel-microcode ([CVE-2023-45733](https://nvd.nist.gov/vuln/detail/CVE-2023-45733), [CVE-2023-45745](https://nvd.nist.gov/vuln/detail/CVE-2023-45745), [CVE-2023-46103](https://nvd.nist.gov/vuln/detail/CVE-2023-46103), [CVE-2023-47855](https://nvd.nist.gov/vuln/detail/CVE-2023-47855))

changelog/updates/2024-07-05-weekly-updates.md

@@ -0,0 +1,49 @@
+- audit ([3.1.2](https://github.com/linux-audit/audit-userspace/releases/tag/v3.1.2))
+- binutils ([2.42](https://sourceware.org/pipermail/binutils/2024-January/132213.html))
+- bpftool ([6.8.2](https://kernelnewbies.org/Linux_6.8#Tracing.2C_perf_and_BPF))
+- c-ares ([1.28.1](https://github.com/c-ares/c-ares/releases/tag/cares-1_28_1) (includes [1.28.0](https://github.com/c-ares/c-ares/releases/tag/cares-1_28_0)))
+- cJSON ([1.7.18](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.18))
+- containers-common ([0.59.1](https://github.com/containers/common/releases/tag/v0.59.1))
+- git ([2.44.2](https://github.com/git/git/blob/v2.44.2/Documentation/RelNotes/2.44.2.txt) (includes [2.44.1](https://github.com/git/git/blob/v2.44.1/Documentation/RelNotes/2.44.1.txt), [2.44.0](https://github.com/git/git/blob/v2.44.0/Documentation/RelNotes/2.44.0.txt)))
+- glib ([2.78.6](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.6) (includes [2.78.5](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.5), [2.78.4](https://gitlab.gnome.org/GNOME/glib/-/releases/2.78.4)))
+- gnupg ([2.4.5](https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000482.html))
+- hwdata ([0.382](https://github.com/vcrhonek/hwdata/commits/v0.382))
+- intel-microcode ([20240514_p20240514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514))
+- iproute2 ([6.8.0](https://lwn.net/Articles/965125/) (includes [6.7.0](https://lwn.net/Articles/957171/)))
+- kexec-tools ([2.0.28](https://github.com/horms/kexec-tools/commits/v2.0.28/))
+- kmod ([32](https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/tree/NEWS?h=v32))
+- libarchive ([3.7.4](https://github.com/libarchive/libarchive/releases/tag/v3.7.4) (includes [3.7.3](https://github.com/libarchive/libarchive/releases/tag/v3.7.3)))
+- libassuan ([2.5.7](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=047f12b7c3ee0c8c1718a2da8b5a6bb9dd541fd8;hb=cc2f776904e0b5e56e2b81b2672ca98d7787ed1b))
+- libcap ([2.70](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.hde102t8xd0v))
+- libcap-ng ([0.8.5](https://github.com/stevegrubb/libcap-ng/releases/tag/v0.8.5))
+- libdnet ([1.18.0](https://github.com/ofalk/libdnet/releases/tag/libdnet-1.18.0))
+- libgpg-error ([1.49](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=8ac4bf36113fe9254a361e2bc8d0ed52383839ce;hb=faed9c271ad22bbd2ed265d8e11badb53b7a2f32))
+- libnl ([3.9.0](http://lists.infradead.org/pipermail/libnl/2023-December/002436.html))
+- libnvme ([1.9](https://github.com/linux-nvme/libnvme/releases/tag/v1.9))
+- libpcre2 ([10.43](https://github.com/PCRE2Project/pcre2/blob/pcre2-10.43/NEWS))
+- libunwind ([1.8.1](https://github.com/libunwind/libunwind/releases/tag/v1.8.1) (includes [1.8.0](https://github.com/libunwind/libunwind/releases/tag/v1.8.0)))
+- libusb ([1.0.27](https://github.com/libusb/libusb/blob/v1.0.27/ChangeLog))
+- libxml2 ([2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) (includes [2.12.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6)))
+- lshw ([02.20.2b](https://www.ezix.org/project/wiki/HardwareLiSter#Changes))
+- mit-krb5 ([1.21.3](https://web.mit.edu/kerberos/krb5-1.21/README-1.21.3.txt))
+- multipath-tools ([0.9.8](https://github.com/opensvc/multipath-tools/blob/0.9.8/NEWS.md))
+- nmap ([7.95](https://nmap.org/changelog.html#7.95))
+- nvme-cli ([2.9.1](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.9.1) (includes [2.9](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.9)))
+- pciutils ([3.12.0](https://github.com/pciutils/pciutils/blob/v3.12.0/ChangeLog))
+- SDK: portage ([3.0.63](https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.63))
+- SDK: qemu ([8.2.3](https://wiki.qemu.org/ChangeLog/8.2))
+- qemu-guest-agent ([8.2.0](https://wiki.qemu.org/ChangeLog/8.2#Guest_agent))
+- rsync ([3.3.0](https://github.com/RsyncProject/rsync/blob/v3.3.0/NEWS.md))
+- sqlite ([3.45.3](https://www.sqlite.org/releaselog/3_45_3.html))
+- talloc ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/791e2817e13182344447590313f7e372a27c1d48))
+- tdb ([1.4.9](https://gitlab.com/samba-team/samba/-/commit/b649c7d3c2b1e13e900c80ff7a20959a70b1c528))
+- tevent ([0.15.0](https://gitlab.com/samba-team/samba/-/commit/6a80d170bca0c938f78ab12e37481b52792a9d83))
+- tpm2-tools ([5.6.1](https://github.com/tpm2-software/tpm2-tools/releases/tag/5.6.1) (includes [5.6](https://github.com/tpm2-software/tpm2-tools/releases/tag/5.6)))
+- tpm2-tss ([4.0.2](https://github.com/tpm2-software/tpm2-tss/releases/tag/4.0.2))
+- vim ([9.1.0366](https://github.com/vim/vim/commits/v9.1.0366/) (includes [9.1](https://www.vim.org/vim-9.1-released.php)))
+- wget ([1.24.5](https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00002.html))
+- whois ([5.5.21](https://github.com/rfc1036/whois/blob/v5.5.21/debian/changelog))
+- xfsprogs ([6.6.0](https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.6.0))
+- zfs ([2.2.3](https://github.com/openzfs/zfs/releases/tag/zfs-2.2.3))
+- zlib ([1.3.1](https://github.com/madler/zlib/releases/tag/v1.3.1))
+- zstd ([1.5.6](https://github.com/facebook/zstd/releases/tag/v1.5.6))

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild

@@ -150,6 +150,7 @@ RDEPEND="${RDEPEND}
 	sec-policy/selinux-base-policy
 	sec-policy/selinux-container
 	sec-policy/selinux-dbus
+	sec-policy/selinux-policykit
 	sec-policy/selinux-unconfined
 	sys-apps/acl
 	sys-apps/attr

sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/kmod

@@ -0,0 +1,20 @@
+# sbin and bin are still separate directories and the build system of
+# kmod puts the tool symlinks into bin, whereas most places that use
+# absolute paths to the tools expect them to be in sbin. Move them
+# there. This can be removed if we merge bin and sbin directories
+# (likely to happen when we migrate to 23.0 profiles).
+cros_post_src_install_move_kmod_tools_symlinks() {
+    local kmod tool
+
+    # path to kmod relative to sbin
+    if [[ -x "${ED}/usr/sbin/kmod" ]]; then
+        kmod=kmod
+    else
+        kmod=../bin/kmod
+    fi
+    mkdir -p "${ED}/usr/sbin"
+    for tool in modprobe rmmod insmod depmod; do
+        rm -f "${ED}/usr/bin/${tool}" "${ED}/bin/${tool}"
+        ln -sf "${kmod}" "${ED}/usr/sbin/${tool}"
+    done
+}