From adf890b062f66db70f2ffb40674031bcc25fbb95 Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Thu, 1 Jan 2026 07:09:44 +0000
Subject: [PATCH] portage-stable/metadata: Monthly GLSA metadata updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 .../portage-stable/metadata/glsa/Manifest     |  35 +++++++--------
 .../metadata/glsa/Manifest.files.gz           | Bin 605865 -> 606026 bytes
 .../metadata/glsa/glsa-202512-01.xml          |  41 ++++++++++++++++++
 .../metadata/glsa/timestamp.chk               |   2 +-
 .../metadata/glsa/timestamp.commit            |   2 +-
 5 files changed, 61 insertions(+), 19 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202512-01.xml

diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
index 5d35c406a40..176e8b8dd92 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@@ -1,23 +1,24 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 605865 BLAKE2B bcadc158253762e9f24c9e6b055b713a9641d9bfc450941217534a559d82b06bbcb49cffa8d81ca2f49f67ef4ee9530b6f3fe207bd5cb748ba4d010bf5f05a43 SHA512 0a179d9b6436cf36bf8fe75f2d424c5e5a2787d4f2be30bec99d500009833c9172e6703303a8e695c1b53afa286a8aeaa479d0807e86f5b0a383be84bc9c6bbe
-TIMESTAMP 2025-12-01T06:40:11Z
+MANIFEST Manifest.files.gz 606026 BLAKE2B f642a7d3238c8998aee627a1b7086431eb88df4678fdf42f7ddf8d8bb6de107a02fae7c557568660cc9f04cb9ed135534cc32f129482ba4da102bb96be7e68a9 SHA512 aa4b68d334da5329457cfc76655ce927a51c26cff8774aed431df0f4711bf41c231eea1647511c9cabfd8eabec4b84637a0f0f2ccc3d138d509d72522dbd32d7
+TIMESTAMP 2026-01-01T06:40:27Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmktOEtfFIAAAAAALgAo
-aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
-RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDI2A//f1DEIxwY5RAteoK8kAD1VUen5rTkm8/Ed7BQleONRh4qnYK6ic9G05Ei
-nleWa6HgOpMPUPv4AR+xx6vxwBH06sKb2Nwc+dLX0KgMolBryTLz50N1ZDJ6FvLf
-CagByOIXykQt0q6ktR3Px+F6nHupywQxquJnMAUMH8sf1UPD2qAMG6peBXc0BIeJ
-sJ9+lm8ZCU0SAS1jQeLdwoLTfqlOuIMHjdtRYNbqqXc/KVebVl+rzDWadOUCD938
-P2idhdguAtBYc2KtV+XHKdQfSPsujLoWRsS3/nxBj7qAwIobT8o48hDOdQ8vlldE
-ktXxWIdtT2IZL0RbHfwNa9oh7etO/63nGWfZ9/WVoXj5m2MnqM4ZqNINfCpyk4R8
-jtfnQ8YEPk06yfwn/gk4iTgsjU8BTKtQJ8HvIwxQqbCQUXBxeebAPY6wEcO3sN9L
-j4dxu1d9gRBtOdzIngnqhLDVc12gDQQYZsmI0WcF8gYRLD3INyyzUBkOQHYCP39q
-kGy3x7er7vEPbHWgvmY5FI6twYyGBJRC01Bl7023JAk3s+AKKShiUi1nFyLb26ix
-Gwh/vijlztJ5eoqz+MvBosojhKJLaQ5XRMha8z3Hnm26o0dA2h/gW3RDMdzwFFRj
-I3YXZvYvS8Fr/vzzlrdQ3mf2nhjS0j8y2kf/qeG3H3eFpW3zWvo=
-=4q7u
+iQKuBAEBCgCZFiEE4dartjv8+0ugL98c7FkO6skYklAFAmlWFtsbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTEsMiwyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z
+Lm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMUQ2QUJCNjNCRkNGQjRCQTAyRkRG
+MUNFQzU5MEVFQUM5MTg5MjUwAAoJEOxZDurJGJJQGU0P+Mj6Fa4IzlNvGfztJ3vt
+Mgacid6hW8pHl6WnEcBrVUsMw+QXVZmJNeC1erVZ7duOu/VUDD/y787YPM5CAwYN
+fKI5DIrbUvb4vl8r71O6cC0a+7d8t5FERwYkqBwQEHlCJZzy6BIfOswaPdUqyl0m
+FS12GwelAZ6vHM1BqFzwA2vcUcREsaSpos9+QUCKRPeQRG7PGb5pWqiLIa+fgnoz
+pabOe3fSzVY+SqSVZ2ZzC7QVNPLdmjk5JTK7yp+KQRwNY5Tx0DEGkDFtPv5Lxo+R
+zRTCdzL+KmXlpfAYeV21hNbYqCYNJl+/IWts7rr0ykONvHwQpY4qUAtlvsBsTqLg
+dJvfIOkV8ILr5vlW+MoPyyuV5ATWdLQow3SkWNUpXuBBH/h6vpM8CGH5gg+eMpwB
+v8vVKfc87XdPa+OhBwy+DJCyyWG4weFK5sOZbT1mM0K72ZoHCNuolVwFIfKJvJ3Z
+8DWkAq+w6U4ft1nx25TRs0o9/uXkTsLIkJgbeThccuEo5EYLykEmRJ0V8BH4Y5Hc
+VhFtafFPtg87bQx8h2M/f0LsFcr6X2R58FIWyt/WRHdfG7G3q6OxF/nFO/djQF2t
+0R7XXtN3UTQ+XvSzNG25s6QUP8LL2wGKbLsmaU5fBXTW/44Zn9wDdKMdSVNQaAmi
+G6SqbKPoKyQY4uI2gWyvxl0=
+=tC7e
 -----END PGP SIGNATURE-----
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
index 59dbf607b11f36966925bd00f00962e1580176f1..5530746a1f904837bb9507ead1a929e255c7da17 100644
GIT binary patch
delta 243
zcmV<P01W@B{Upl%B!GkggaU*Egam{Iga(8Mgb1_=bUuImPaedFpHKbpic;uZm9m3a
zrN>^^9S2zbq^<mTFFSk$-t*FJh^QZwW#g>@K$mrCpirffRwkEkx@BTC0w?imue()I
zZ{>|-GwVBjDW~bx0EvFQb!^i4kRjP6X+{fg9?5~m;HYG0Il6R7K-X3W<!6(v35C`u
zD5f?OUa?nc@46`ZkL`+hC93$T9Eu*p4#e1>9^0Tq2VX6?Nd!d^zvn;v*Z=b0{`>#<
t&;Rk?|LtG*|NZyzumAI(=KuU(Uw-p{|Lb4>_V54U{{aBi<Ils55dZ{`gM0u0

delta 81
zcmV-X0IvVa{v@gWB!GkggaU*Egam{Iga(8Mgb1_=bUroR|HFU%FaPbo|BwItAOHQ|
n{&oM~e;@z)KmTd|&;Rx1H~;s){`GJF{vZAy2(3rlm5dPp2RAQW

diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202512-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202512-01.xml
new file mode 100644
index 00000000000..d4a6b6b9da9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202512-01.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202512-01">
+    <title>GnuPG: Arbitrary Code Execution</title>
+    <synopsis>A vulnerability has been discovered in GnuPG, which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">gnupg</product>
+    <announced>2025-12-27</announced>
+    <revised count="1">2025-12-27</revised>
+    <bug>967884</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-crypt/gnupg" auto="yes" arch="*">
+            <unaffected range="ge">2.5.14</unaffected>
+            <vulnerable range="lt">2.5.14</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in GnuPG&#39;s armor parser.</p>
+    </description>
+    <impact type="high">
+        <p>A remote attacker could entice a user or automated system to process a specially crafted signature file, possibly resulting in execution of arbitrary commands with the privileges of the process.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GnuPG users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.5.14"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2025-12-27T21:32:04.569640Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2025-12-27T21:32:04.576671Z">sam</metadata>
+</glsa>
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index d4092d021a1..16a53c0a9b1 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 01 Dec 2025 06:40:07 +0000
+Thu, 01 Jan 2026 06:40:24 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
index c7d0129b6bd..a15a549e6aa 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-ec936f5c1002deb9283d4febda05f013db58790c 1764120273 2025-11-26T01:24:33Z
+9e297cd21fe68d36a7180cf1ead3745d99567474 1766871224 2025-12-27T21:33:44Z