Merge remote-tracking branch 'cos/master' into cos-sdk

BUG=b/277779682
TEST=./update_chroot
RELEASE_NOTE=None

Change-Id: I3bb0e419ae0c8463a1b1756e91510b07316d8622
diff --git a/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch b/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch
new file mode 100644
index 0000000..a9b9434
--- /dev/null
+++ b/app-admin/sudo/files/sudo-1.9.13_p3-configure-clang16.patch
@@ -0,0 +1,105 @@
+ttps://www.sudo.ws/pipermail/sudo-workers/2023-April/001387.html
+https://github.com/sudo-project/sudo/commit/b83140e0f18fb27d310a4839a14f5c3febd2770b
+https://github.com/sudo-project/sudo/commit/075ee0f9dc234f9a7e680b16304809e5546965d5
+
+From b83140e0f18fb27d310a4839a14f5c3febd2770b Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 26 Apr 2023 11:10:46 -0600
+Subject: [PATCH] Use ldap_msgfree() instead of ldap_init() for the lber.h
+ test. The ldap_init() function is marked as deprecated and not defined by
+ default on some systems.  This can cause an error for compilers that do not
+ support implicit function declarations. From Florian Weimer.
+
+--- a/configure
++++ b/configure
+@@ -31515,7 +31515,7 @@ else case e in #(
+ int
+ main (void)
+ {
+-(void)ldap_init(0, 0)
++return ldap_msgfree(NULL)
+   ;
+   return 0;
+ }
+--- a/m4/ldap.m4
++++ b/m4/ldap.m4
+@@ -52,7 +52,7 @@ AC_DEFUN([SUDO_CHECK_LDAP], [
+ #include <lber.h>])
+ 	AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [
+ 	    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+-#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [
++#include <ldap.h>]], [[return ldap_msgfree(NULL)]])], [
+ 		# No need to explicitly include lber.h when including ldap.h.
+ 		sudo_cv_header_lber_h=no
+ 	    ], [
+
+From 075ee0f9dc234f9a7e680b16304809e5546965d5 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Wed, 26 Apr 2023 12:44:10 -0600
+Subject: [PATCH] Add missing stdio.h include for the _FORTIFY_SOURCE=2 check.
+ Implementations of _FORTIFY_SOURCE require the header file to be included. 
+ Also remove the useless test of an empty program with _FORTIFY_SOURCE
+ defined.  Pointed out by Florian Weimer.
+
+--- a/configure
++++ b/configure
+@@ -34207,33 +34207,11 @@ else case e in #(
+   e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ 
+-
+-int
+-main (void)
+-{
+-char buf[4]; (void)sprintf(buf, "%s", "foo");
+-
+-  ;
+-  return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"
+-then :
+-  sudo_cv_use_fortify_source=yes
+-else case e in #(
+-  e) sudo_cv_use_fortify_source=no
+-		 ;;
+-esac
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.beam \
+-    conftest$ac_exeext conftest.$ac_ext
+-
+-	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-
++		    #include <stdio.h>
+ int
+ main (void)
+ {
++char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];
+ 
+   ;
+   return 0;
+--- a/m4/hardening.m4
++++ b/m4/hardening.m4
+@@ -10,18 +10,13 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [
+ 	    [sudo_cv_use_fortify_source],
+ 	    [AC_LINK_IFELSE([
+ 		    AC_LANG_PROGRAM(
+-			[[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]]
++			[[#include <stdio.h>]],
++			[[char buf[4]; sprintf(buf, "%s", "foo"); return buf[0];]]
+ 		    )],
+ 		    [sudo_cv_use_fortify_source=yes],
+ 		    [sudo_cv_use_fortify_source=no]
+ 		)
+ 	    ]
+-	    [AC_LINK_IFELSE(
+-		[AC_LANG_PROGRAM([[]], [[]])],
+-		    [sudo_cv_use_fortify_source=yes],
+-		    [sudo_cv_use_fortify_source=no]
+-		)
+-	    ]
+ 	)
+ 	if test "$sudo_cv_use_fortify_source" != yes; then
+ 	    CPPFLAGS="$O_CPPFLAGS"
+
diff --git a/app-admin/sudo/sudo-1.9.13_p3.ebuild b/app-admin/sudo/sudo-1.9.13_p3-r1.ebuild
similarity index 98%
rename from app-admin/sudo/sudo-1.9.13_p3.ebuild
rename to app-admin/sudo/sudo-1.9.13_p3-r1.ebuild
index 7a40655..cbc86bc 100644
--- a/app-admin/sudo/sudo-1.9.13_p3.ebuild
+++ b/app-admin/sudo/sudo-1.9.13_p3-r1.ebuild
@@ -86,6 +86,10 @@
 
 MAKEOPTS+=" SAMPLES="
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.9.13_p3-configure-clang16.patch
+)
+
 src_prepare() {
 	default
 
diff --git a/app-arch/xz-utils/Manifest b/app-arch/xz-utils/Manifest
index 457b0d0..1bef075 100644
--- a/app-arch/xz-utils/Manifest
+++ b/app-arch/xz-utils/Manifest
@@ -1,8 +1,8 @@
-DIST xz-5.2.10.tar.gz 2123206 BLAKE2B fdd9e77e21ee65482401e0e43e0b291093a227d452991a9182562989b7a4388ceed30d5d54cd7f86320dcc073eb792032a49741880338a29043a8380507c4215 SHA512 c3814680fcad421efa71cf977217a62c34e3223900302a6fd7d505f310a7b338815feee2c8225b1232bd22b9e29c7dda3664e54dae2d80f816daec6adf560ca1
-DIST xz-5.2.10.tar.gz.sig 566 BLAKE2B ce72730816d03084dc0d1559d6f2890b3ebe25a5e6b0720d4775ba2364762b5d1934a3a53f2255f6e68a1cdf42778d85d8b02ab30396b2addab619e95855f733 SHA512 48a0864abee6639116678afab6e8319eb2de903b381362c611fb77f9b6fc21df5f7d9783a250810f7ecc08380fb371a3a791ab55f5a343b68b9d4f9e414da403
 DIST xz-5.2.11.tar.gz 2130684 BLAKE2B e513f99b2e28fa79f32747e21138cc13ab9340e95a302ac742bc6bda088465488173ea212704c4612f4059bbbc6c6a5b041332d84b999dc7df5b3fab1b1ac4e9 SHA512 8f75450380563229465420f4518fa7a60bbe6f0c9a3b580c2a9a7bf9bf380ad69209f792764115c346d89c49711478e8db42325ef9a46ccd3a6ec72292890ac8
 DIST xz-5.2.11.tar.gz.sig 566 BLAKE2B 34186ea22960f508dd796736107b99e1e3884ffae683f26671f455e46e4debf87400f2d7bb64b446fb142370a8bcebc6c05dce34dcc2678a761b9401b1e23860 SHA512 036ed0f663e179057a805a41052d3e437fbfb9dbbe173c5180fbb255f5a01ac4fa2561424228f4e568e63b22802b3a4ffd88dec2ba7c41a454998ebea30bea7c
-DIST xz-5.4.1.tar.gz 2528617 BLAKE2B f4dc8698fb97002aa0548107b448ab0dd8659cce506a83775930f95fd775601f7de1df44866310ac617853410a1915cd4e90ad4088b2fd56418e67b6f0fc4e98 SHA512 5cff8383a68fb88ecbb3770ec48af0ad5582e08de9dccd339e0b685aaa53447e59d6425caa3f63b54a674e5d78c20520876db547d156e6658ad4841660cba85b
-DIST xz-5.4.1.tar.gz.sig 566 BLAKE2B f384bcf7ea6bd7d3af65b6b17b379b48826257f403bca0bed1b42697f88edbc38f38eaac03c5564fc466df670f40e2e7ee49974232da4eb849718e89234c224b SHA512 2e6c3bf04ceb29c1bac8fdde7aa09c4d0f96442515d797e06ea860f365fd94777630b0034b98006cf844083efea8642a0bf87b1ff56de6a58446a644b1fd3c1c
+DIST xz-5.2.12.tar.gz 2190541 BLAKE2B 9ca5ecf753ae264f542ec53b4c9a1c85466bc2a932651aafb0ae2a3ebb7d3979a9384e9a81f16173c2d6d14ca8b86e4a820191817675a5e9fd214a64cf364c98 SHA512 1a67112eb1cfd70352c41a1cbb5e34eacd6da2ae816f5020385772a7698b835d059843c2c30461beb15b7514e95906b2033dac6abf09248b5837270420dfe732
+DIST xz-5.2.12.tar.gz.sig 566 BLAKE2B 93d0fb89186ccf018d17278823c2c6cc724798acfe425fd01ecf54338e53451d94b1ad951f2f1ec58171a3eb827fcd6b5d9dcb97da72c5d8545d57d9fba0597b SHA512 0734e1838dd9ab7ba06675af0f4ff5866c0e5c268f0c3e2ca6f12fa8f27b41830d11063244b0039f8d8ba184efc1c1b7b9a7311c378a02abc1290d7727357cb6
 DIST xz-5.4.2.tar.gz 2799022 BLAKE2B 3c622b0823f0cbb5fbc5eaa0372fc2f0fefe0950d131417f831bce47b6d9747d145429f0649de106819331f9ae6a289c497182c7b6d1e211513308dd083a9b72 SHA512 149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737
 DIST xz-5.4.2.tar.gz.sig 566 BLAKE2B 95c9c70fdd25b92095dd9691e4d9d4306a3f982becfe7bd42ca6132a76f29be2c2bc66f4fc2bda547058c18e227292f4185799eb905084fc3ab415ae867b4b1b SHA512 30e965c228ed3a8ecb804db8eb11703a765b7ee934030ea69bb3940b630811eb71bf74fd20371ef7759761904ece4f0144a0b00be4d843cf98299fd016f161aa
+DIST xz-5.4.3.tar.gz 2869347 BLAKE2B c4192a59ca751567ebab17e08e72aa1bf0f5ca14af0b59fded1c4dff02c1b76ab30119a4138932f78f69bd4b7827071c81d6ca1c56be65491466ea061786ed78 SHA512 aff0fe166af6df4491a6f5df2372cab100b081452461a0e8c6fd65b72af3f250f16c64d9fb8fd309141e9b9ae4e41649f48687cc29e63dd82f27f2eab19b4023
+DIST xz-5.4.3.tar.gz.sig 566 BLAKE2B 1e3f86a2de532e77cae4c31928d57edeac81ca207e03c71523210605dc6bab76a50793697a242b232f74911c6e1872a0339ed977e2dd0d201504bd859fd3b4f4 SHA512 b7c7eedf4d9604ee50ec97275e5ab57e22a567402815281440ca765210c75707bd2de20e7ebfb0842725690ae19557916fc41a9fbdace5fec8190632b038292e
diff --git a/app-arch/xz-utils/xz-utils-5.4.2.ebuild b/app-arch/xz-utils/xz-utils-5.4.3.ebuild
similarity index 92%
rename from app-arch/xz-utils/xz-utils-5.4.2.ebuild
rename to app-arch/xz-utils/xz-utils-5.4.3.ebuild
index 62c0b9f..36055a2 100644
--- a/app-arch/xz-utils/xz-utils-5.4.2.ebuild
+++ b/app-arch/xz-utils/xz-utils-5.4.3.ebuild
@@ -20,7 +20,7 @@
 	# bug #272880 and bug #286068
 	BDEPEND="sys-devel/gettext >=sys-devel/libtool-2"
 else
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/lassecollin.asc
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/jiatan.asc
 	inherit verify-sig
 
 	MY_P="${PN/-utils}-${PV/_}"
@@ -50,13 +50,9 @@
 IUSE="doc +extra-filters nls static-libs"
 
 if [[ ${PV} != 9999 ]] ; then
-	BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-lassecollin-20230213 )"
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-jiatan )"
 fi
 
-PATCHES=(
-	"${FILESDIR}"/${P}-Wsign-conversion.patch
-)
-
 src_prepare() {
 	default
 
diff --git a/app-editors/vim-core/Manifest b/app-editors/vim-core/Manifest
index 7e58053..80edd85 100644
--- a/app-editors/vim-core/Manifest
+++ b/app-editors/vim-core/Manifest
@@ -1,2 +1,2 @@
-DIST vim-9.0.1403.tar.gz 16976705 BLAKE2B 9664d52de488086308fcbcda0b0a1167161afbf0efbb40dd9ce9e2393f0ada35e0a44d7f0c3f789d26ae1427604a281f689e87885fbb1557dce12a69898ec46d SHA512 bd83feba38a4aa9b3cf910a0b5a2c153abc4c6eaf9abf0ebee389879ff9ddee51c6f9dba5151aab5df3f73594cf8921d0a0e34121c50e65366cdcdd6482fd00f
+DIST vim-9.0.1562.tar.gz 17027193 BLAKE2B de4fc65725b7559bcee566d46232321f88c4acc831b3ddae3855de2a0530cab94b48d1b1102448929ceb214c632b948e1e85d0af6db6818414603f9a4f30c584 SHA512 2b0ec811f48895f2c0d624240820dbe15abf6b83f296ee5d36ca539a8192f754d98b3acfa369415c113aa2acee64d9dde176e8804a9af04ef4ab9eb6a4651fda
 DIST vim-patches-vim-9.0.1000-patches.tar.bz2 3245 BLAKE2B 3bf3d0e314cc3f96d5d9675de196a62c4c8a72645d56ef94b80768571c99cba5cc556442e3bd2dfa8818460fd851fe7bd1ae15999af7225fb271b81c43105843 SHA512 2883441a2001bf7ce89a7f0862f780b71cc0164c8fcb8dbdf7040e1bcbcf408d138d3d77f308aa54c762e9975fa5ec89cfceeabbf721344dfc938870a363667a
diff --git a/app-editors/vim-core/vim-core-9.0.1403.ebuild b/app-editors/vim-core/vim-core-9.0.1562.ebuild
similarity index 100%
rename from app-editors/vim-core/vim-core-9.0.1403.ebuild
rename to app-editors/vim-core/vim-core-9.0.1562.ebuild
diff --git a/app-editors/vim/Manifest b/app-editors/vim/Manifest
index 7e58053..80edd85 100644
--- a/app-editors/vim/Manifest
+++ b/app-editors/vim/Manifest
@@ -1,2 +1,2 @@
-DIST vim-9.0.1403.tar.gz 16976705 BLAKE2B 9664d52de488086308fcbcda0b0a1167161afbf0efbb40dd9ce9e2393f0ada35e0a44d7f0c3f789d26ae1427604a281f689e87885fbb1557dce12a69898ec46d SHA512 bd83feba38a4aa9b3cf910a0b5a2c153abc4c6eaf9abf0ebee389879ff9ddee51c6f9dba5151aab5df3f73594cf8921d0a0e34121c50e65366cdcdd6482fd00f
+DIST vim-9.0.1562.tar.gz 17027193 BLAKE2B de4fc65725b7559bcee566d46232321f88c4acc831b3ddae3855de2a0530cab94b48d1b1102448929ceb214c632b948e1e85d0af6db6818414603f9a4f30c584 SHA512 2b0ec811f48895f2c0d624240820dbe15abf6b83f296ee5d36ca539a8192f754d98b3acfa369415c113aa2acee64d9dde176e8804a9af04ef4ab9eb6a4651fda
 DIST vim-patches-vim-9.0.1000-patches.tar.bz2 3245 BLAKE2B 3bf3d0e314cc3f96d5d9675de196a62c4c8a72645d56ef94b80768571c99cba5cc556442e3bd2dfa8818460fd851fe7bd1ae15999af7225fb271b81c43105843 SHA512 2883441a2001bf7ce89a7f0862f780b71cc0164c8fcb8dbdf7040e1bcbcf408d138d3d77f308aa54c762e9975fa5ec89cfceeabbf721344dfc938870a363667a
diff --git a/app-editors/vim/vim-9.0.1403.ebuild b/app-editors/vim/vim-9.0.1562.ebuild
similarity index 100%
rename from app-editors/vim/vim-9.0.1403.ebuild
rename to app-editors/vim/vim-9.0.1562.ebuild
diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index b791487..3a148c8 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,7 @@
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B b807a6415126afdc11896efea8e6509d7ad58b26bc8562b276e93176e80bb8b467a5bd2ba948d3dbbeaf0e4477d93f3ea2b99d3186e856fb47d1033cb779d560 SHA512 00571bdc87897813fd7dbe024f3a186cfc9f0d4f55e92545a90888c9e5282f99cb8d75b5932c034731b911bf27a9b38fd7d062dd511eb1152acf8b2811490fa7
-DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
-DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
-DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
+DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
+DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
similarity index 100%
rename from app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild
rename to app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
diff --git a/app-misc/mime-types/Manifest b/app-misc/mime-types/Manifest
index 52320ca..12cffff 100644
--- a/app-misc/mime-types/Manifest
+++ b/app-misc/mime-types/Manifest
@@ -1 +1,2 @@
 DIST mailcap-r2-1-53.tar.gz 27238 BLAKE2B ffc9067287d951775c417d7a583a9f64fc09f98990f3f760643e76e3b91d2205040828cd452aa1004f0bc76c3e913f5da93887b385cc3cd9464327ba1ffde57a SHA512 3f952a031f9e86321a4583dba42fa7778a2821c55fc42b6096cc56c531bc957e50c545ab0d470ab72782eb3815e8278df122e20c1ae532b7bbb55db12e00cb77
+DIST mailcap-r2-1-54.tar.gz 28518 BLAKE2B d56fcd5d662bc7feeb20b310f7582e4b670d400e1059371bfce8a5e36a69ea24675c6016b7ed6bde9ba8d078a0ad10281ede3f7060f063302dba2ec7da707b5d SHA512 6c68df26caac326ce14630e2cec582ab88cda27710155f336dbab4681e76a94d2818452ed39f2e9edd2d960603b783a6e801da6e7c400bb708b910e61ed66b6e
diff --git a/app-misc/mime-types/mime-types-2.1.53.ebuild b/app-misc/mime-types/mime-types-2.1.54.ebuild
similarity index 92%
rename from app-misc/mime-types/mime-types-2.1.53.ebuild
rename to app-misc/mime-types/mime-types-2.1.54.ebuild
index 69eccb5..25b414b 100644
--- a/app-misc/mime-types/mime-types-2.1.53.ebuild
+++ b/app-misc/mime-types/mime-types-2.1.54.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
diff --git a/dev-python/contextvars/metadata.xml b/dev-python/contextvars/metadata.xml
index 2cd9d59..d35393c 100644
--- a/dev-python/contextvars/metadata.xml
+++ b/dev-python/contextvars/metadata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="project">
 		<email>python@gentoo.org</email>
diff --git a/dev-python/jmespath/metadata.xml b/dev-python/jmespath/metadata.xml
index 46ef8e0..05b4c49 100644
--- a/dev-python/jmespath/metadata.xml
+++ b/dev-python/jmespath/metadata.xml
@@ -7,6 +7,7 @@
   </maintainer>
   <stabilize-allarches/>
   <upstream>
+    <remote-id type="cpe">cpe:/a:jmespath_project:jmespath</remote-id>
     <remote-id type="pypi">jmespath</remote-id>
     <remote-id type="github">jmespath/jmespath.py</remote-id>
   </upstream>
diff --git a/dev-python/pydantic/metadata.xml b/dev-python/pydantic/metadata.xml
index 8370aeb..efded51 100644
--- a/dev-python/pydantic/metadata.xml
+++ b/dev-python/pydantic/metadata.xml
@@ -6,6 +6,7 @@
 		<name>Python</name>
 	</maintainer>
 	<upstream>
+		<remote-id type="cpe">cpe:/a:pydantic_project:pydantic</remote-id>
 		<remote-id type="pypi">pydantic</remote-id>
 		<remote-id type="github">pydantic/pydantic</remote-id>
 		<bugs-to>https://github.com/pydantic/pydantic/issues</bugs-to>
diff --git a/net-dns/c-ares/Manifest b/net-dns/c-ares/Manifest
index 5c761d9..ba56429 100644
--- a/net-dns/c-ares/Manifest
+++ b/net-dns/c-ares/Manifest
@@ -1,3 +1,4 @@
-DIST c-ares-1.18.1.tar.gz 1560165 BLAKE2B c03a572726c6bbb24a3e4773673d0c87f4833bb9582aed57a424eea8c965beb6e232f502b61922b124d37403d91ebfefe0db7373673fc22e0d752c4e5036eb07 SHA512 1276ec0799916019f8c0af6b55a139701bd15e0ca4a00811d07963893978bc96c107b980f0fd49f81aa70bc8b3b8cd671195ba357c390772d4c2c5643c50c5a5
 DIST c-ares-1.19.0.tar.gz 1572210 BLAKE2B d77be535dfa852bf3d91258ddf06b3c63a40123883adb83a4e5652d4b1b16801ddefefad70d83a7d6d9aa81c9c81956fef42bc778d7380d6b398ccfc9f8b82dc SHA512 a7f5988bef393afec08a225be92f6eee54a3e67170fb26cbe00dcc5c5a457b27037bbcfeccc39fb855ed72f100196958d6cbbe251bf1ccfbdd353be18f098359
 DIST c-ares-1.19.0.tar.gz.asc 488 BLAKE2B 1b8dc3ad7b916cb5ea1c95ffd12315d303f78880416836d11d2fa7d8ca93fa1ca30898e6a865af79a35e5dc4d0f4fccfcc9eae6f028d456d38ede9fe8b7edd71 SHA512 814aad5dbe2bb987035b53d977e03a73a90356200f671f36949a77e978cf8311ccc8375e63ade6fe2e1380f1f9c3b34c1ba7d48365fd5689cf5c24425ab8a129
+DIST c-ares-1.19.1.tar.gz 1579100 BLAKE2B 4b6c9593edb1a91ab76d54ddacb1cd5d67006d5e628ea1f3289f54e9360be32abeb5d8fc7d23e193feab3e7928e8efde82757eb12fe217dc92ed0d9132bedf5d SHA512 466a94efda626e815a6ef7a890637056339f883d549ea6055e289fd8cd2391130e5682c905c0fb3bd7e955af7f6deb793562c170eb0ee066a4a62085a82ba470
+DIST c-ares-1.19.1.tar.gz.asc 488 BLAKE2B 9c47d7b3e67d9a2bd1e332912d21d20ca591fc34f81707c18a4615ea14ba2da00146d1998250a5f4dd2a0b1c04f9bd2013d4940ac734674c0bdff6815985e19d SHA512 1b204ab1a667af1326be4b7c62c0919aacd447a2e00efea4b8ef2ec9f2b13ffb236a836ff8953b0b3359727faf3fb8cfcd71d0b06a0e533a09f9e9ea66024f4e
diff --git a/net-dns/c-ares/c-ares-1.19.0.ebuild b/net-dns/c-ares/c-ares-1.19.1.ebuild
similarity index 100%
rename from net-dns/c-ares/c-ares-1.19.0.ebuild
rename to net-dns/c-ares/c-ares-1.19.1.ebuild
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 7b6217a..11654ed 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,6 +1,8 @@
-DIST curl-7.87.0.tar.xz 2547932 BLAKE2B b272ec928c5ef1728434630d8910f58834327a30570913df9d47921a2810d002bd88b81371005197db857d3a53386420c1e28b1e463e6241d46c1e50fbce0c13 SHA512 aa125991592667280dce3788aabe81487cf8c55b0afc59d675cc30b76055bb7114f5380b4a0e3b6461a8f81bf9812fa26d493a85f7e01d84263d484a0d699ee7
-DIST curl-7.87.0.tar.xz.asc 488 BLAKE2B 031d8236b357bd3c519548b181254dc0aea1efc1375738bce04f4f331d35bafe99d1ca394ecf5943ede7cae040854b6d2b478fd305147eb7330f8d50e5d95c96 SHA512 0bcc12bafc4ae50d80128af2cf4bf1a1ec6018ebb8d5b9c49f52b51c0c25acc77e820858965656549ef43c1f923f4e5fe75b0a3523623154b4cfb9dc8a1d76e4
-DIST curl-7.88.1.tar.xz 2581032 BLAKE2B ed7e7aa29efb02fd89a53d5c8d0ec79b4d17612ea07d2a6b5a951f0ca651b4cf7264704344b1a0c2d82196f4cb5c08525e06b4cdd432bc3278ff23c7a6580839 SHA512 b8d30c52a6d1c3e272608a7a8db78dfd79aef21330f34d6f1df43839a400e13ac6aac72a383526db0b711a70ecbec89a3b934677d7ecf5094fd64d3dbcb3492f
-DIST curl-7.88.1.tar.xz.asc 488 BLAKE2B ea90d840846fca3f0b17838a84431cb44d6e3f8d2b42c3eced1fb1c929a58e8899b303c93d27ca3cafcaa52e7269ac440e7102191d6b2c2751729a6c4116e82f SHA512 d6dc720533004c4d533cc4fb3dd33ac28d95e114f440ec011e4b58f65d1f4c40cfa10ba26d2e2f2f1f9de99511632578b4758c5e79593c7c30d29788fdf1cbb6
 DIST curl-8.0.1.tar.xz 2575544 BLAKE2B 67d82e9d71f0a351b5c2ed3ad5eab02e367ded872658a295179b935729d5105015f8c29569c396e11cd14036656af894ded85c8838cba260d9f6f1a8dcb5e22b SHA512 3bb777982659ed697ae90f113ff7b65d6ce8ba9fe6a8984cfd6769d2f051a72ba953c911abe234c204ec2cc5a35d68b4d033037fad7fba31bb92a52543f8d13d
 DIST curl-8.0.1.tar.xz.asc 488 BLAKE2B 452e1bebe1028e7621bbf8829e50cf56e254cd63a8cf2a4c0332176b9f18fb2821304ae556a203996d273c986bddbd04db2218c18fd34dee66e9155861ba50ce SHA512 92c6a0570e9a8a708fe2f717b8b37a68dcb9cd4520ca50c9baafec5891bda103bce2d2dcb67f1387bf11bd7e51e0e64ccd52d196e61d58b598ad3aa1960386cf
+DIST curl-8.1.0.tar.xz 2612568 BLAKE2B 768a824b8f5f6ddaa073599c4106f07a8134bcbe0e0d666390be1bce16ba25386d85930853bb47bc90b2c8a499a0b2abb9c685042563801e0fe58b9c315ac6cc SHA512 b99926f372ddd715cd1d2b54d8fb96b26b085e6501715e25aa57b6c6a7f8452473506ddb284e2f280f8afdb301b7f0c3bfde7ad7ed393b12c022430a9301096d
+DIST curl-8.1.0.tar.xz.asc 488 BLAKE2B c1a8e50eddc7dd140af2af29736eb486e96a6d3b67a9161244daa86558f65522527380c92597a5f10e5dad187f0bda6ac5b9cadc29386bef4492bc047c77b423 SHA512 191a74c7a6b6aa78b7f36e1535fda0701bde8b333a61c90343e1f1b2d65cc5097b5febc5fa42b2f373795ef1b34078790deaaa71c8aaa45eed1c753729a45f3d
+DIST curl-8.1.1.tar.xz 2613348 BLAKE2B 465a3237335e73665086ac43f5c66cfbab7e9b163e1ae0e2345da82f9c736d87fccf4d76369cc069abc29621f10db7ddbf22d0337db9ca85042bb12438d4aaed SHA512 d034b1ab9c00e8a0acf7ba6c6344734945d45666b4f38394f5456fcd9b22623146a897270861b7411412ca25c912e1bbf24eb139a6dfc1a8c00d098b3b925399
+DIST curl-8.1.1.tar.xz.asc 488 BLAKE2B c92017d0fe4933d6c27d833944c231967263607a7871a658e0cbb9de46f7df8dfbec141e269296caf17ced004fb2b237b8311ec9f7bf98f03fb405b5755950fc SHA512 6a71c18d67de8c340b5d80c7452a82c00f7ef466f690eec12edcd6123aee6866e8a0e757e1cc6c9af87a63fdeaafbc9fc1b1a4e2e0fd8a75b5952d4738fd0b27
+DIST curl-8.1.2.tar.xz 2612652 BLAKE2B 66d0828912bb9971dac99025aa8b5c1c2fac1f8b568f2a8a97bd9f66986bdb164b603b539ec3e123cd6a26ea65829e58c90fc9852be88b42074cf40c89c566d1 SHA512 532ab96eba6dea66d272f3be56f5af5c5da922480f9a10e203de98037c311f12f8145ba6bf813831e42815e068874ccfd108f84f7650743f5dbb3ebc3bc9c4f4
+DIST curl-8.1.2.tar.xz.asc 488 BLAKE2B 304dbdb51aa113c0b70b2662e29b1be3294b04f5f00264ce60703756363999cd567dcd0301e27b294d1d53f16ecc016ba429fcbea240949b372750f7e6e7375a SHA512 d120299a2d59259aeb19ae0fa3a3e181e25b6927677187037c61a0901879956177ce8dda10764073a47848f81dcbbcb94e0b6008742994042b6b8fd194e169c3
diff --git a/net-misc/curl/curl-8.0.1.ebuild b/net-misc/curl/curl-8.1.2.ebuild
similarity index 82%
rename from net-misc/curl/curl-8.0.1.ebuild
rename to net-misc/curl/curl-8.1.2.ebuild
index 0fff9da..c7265d1 100644
--- a/net-misc/curl/curl-8.0.1.ebuild
+++ b/net-misc/curl/curl-8.1.2.ebuild
@@ -8,20 +8,28 @@
 
 DESCRIPTION="A Client that groks URLs"
 HOMEPAGE="https://curl.se/"
-SRC_URI="
-	https://curl.se/download/${P}.tar.xz
-	verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
-"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+	SRC_URI="
+		https://curl.se/download/${P}.tar.xz
+		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+	"
+	KEYWORDS="*"
+fi
 
 LICENSE="curl"
 SLOT="0"
-KEYWORDS="*"
 IUSE="+adns alt-svc brotli +ftp gnutls gopher hsts +http2 idn +imap kerberos ldap mbedtls nss +openssl +pop3 +progress-meter rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp websockets zstd"
+# These select the default SSL implementation
 IUSE+=" curl_ssl_gnutls curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_rustls"
 IUSE+=" nghttp3"
 RESTRICT="!test? ( test )"
 
 # Only one default ssl provider can be enabled
+# The default ssl provider needs its USE satisfied
 REQUIRED_USE="
 	ssl? (
 		^^ (
@@ -32,6 +40,11 @@
 			curl_ssl_rustls
 		)
 	)
+	curl_ssl_gnutls? ( gnutls )
+	curl_ssl_mbedtls? ( mbedtls )
+	curl_ssl_nss? ( nss )
+	curl_ssl_openssl? ( openssl )
+	curl_ssl_rustls? ( rustls )
 "
 
 RDEPEND="
@@ -106,11 +119,8 @@
 )
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-7.30.0-prefix.patch
+	"${FILESDIR}"/${PN}-prefix.patch
 	"${FILESDIR}"/${PN}-respect-cflags-3.patch
-
-	# Backports
-	"${FILESDIR}"/${PN}-8.0.1-onion-resolution.patch
 )
 
 src_prepare() {
@@ -127,44 +137,43 @@
 	local myconf=()
 
 	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
-	#myconf+=( --without-default-ssl-backend )
 	if use ssl ; then
 		myconf+=( --without-gnutls --without-mbedtls --without-nss --without-rustls )
 
-		if use gnutls || use curl_ssl_gnutls; then
-			einfo "SSL provided by gnutls"
+		if use gnutls; then
+			multilib_is_native_abi && einfo "SSL provided by gnutls"
 			myconf+=( --with-gnutls )
 		fi
-		if use mbedtls || use curl_ssl_mbedtls; then
-			einfo "SSL provided by mbedtls"
+		if use mbedtls; then
+			multilib_is_native_abi && einfo "SSL provided by mbedtls"
 			myconf+=( --with-mbedtls )
 		fi
-		if use nss || use curl_ssl_nss; then
-			einfo "SSL provided by nss"
+		if use nss; then
+			multilib_is_native_abi && einfo "SSL provided by nss"
 			myconf+=( --with-nss --with-nss-deprecated )
 		fi
-		if use openssl || use curl_ssl_openssl; then
-			einfo "SSL provided by openssl"
+		if use openssl; then
+			multilib_is_native_abi && einfo "SSL provided by openssl"
 			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
 		fi
-		if use rustls || use curl_ssl_rustls; then
-			einfo "SSL provided by rustls"
+		if use rustls; then
+			multilib_is_native_abi && einfo "SSL provided by rustls"
 			myconf+=( --with-rustls )
 		fi
 		if use curl_ssl_gnutls; then
-			einfo "Default SSL provided by gnutls"
+			multilib_is_native_abi && einfo "Default SSL provided by gnutls"
 			myconf+=( --with-default-ssl-backend=gnutls )
 		elif use curl_ssl_mbedtls; then
-			einfo "Default SSL provided by mbedtls"
+			multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
 			myconf+=( --with-default-ssl-backend=mbedtls )
 		elif use curl_ssl_nss; then
-			einfo "Default SSL provided by nss"
+			multilib_is_native_abi && einfo "Default SSL provided by nss"
 			myconf+=( --with-default-ssl-backend=nss )
 		elif use curl_ssl_openssl; then
-			einfo "Default SSL provided by openssl"
+			multilib_is_native_abi && einfo "Default SSL provided by openssl"
 			myconf+=( --with-default-ssl-backend=openssl )
 		elif use curl_ssl_rustls; then
-			einfo "Default SSL provided by rustls"
+			multilib_is_native_abi && einfo "Default SSL provided by rustls"
 			myconf+=( --with-default-ssl-backend=rustls )
 		else
 			eerror "We can't be here because of REQUIRED_USE."
@@ -296,6 +305,8 @@
 	echo "Requires.private: ${priv[*]}" >> libcurl.pc || die
 }
 
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
 multilib_src_test() {
 	# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
 	# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
@@ -306,7 +317,10 @@
 	# -p: print logs if test fails
 	# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
 	# or just read https://github.com/curl/curl/tree/master/tests#run.
-	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p"
+	# Note: we don't run the testsuite for cross-compilation.
+	# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+	# as most gentoo users don't have an 'ip6-localhost'
+	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p !241 !1083"
 }
 
 multilib_src_install_all() {
diff --git a/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch b/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
deleted file mode 100644
index 88463dc..0000000
--- a/net-misc/curl/files/curl-7.87.0-gnutls-openssl-build.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://bugs.gentoo.org/887833
-https://github.com/curl/curl/issues/10110
-https://github.com/curl/curl/commit/aef4dc892d012d990c85c7bad0d9d06c2ebfa775
-
-From aef4dc892d012d990c85c7bad0d9d06c2ebfa775 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 22 Dec 2022 17:40:26 +0100
-Subject: [PATCH] md4: fix build with GnuTLS + OpenSSL v1
-
-Reported-by: Esdras de Morais da Silva
-
-Fixes #10110
-Closes #10142
---- a/lib/md4.c
-+++ b/lib/md4.c
-@@ -86,11 +86,7 @@
- #include "memdebug.h"
- 
- 
--#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
--
--#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
--
--#elif defined(USE_GNUTLS)
-+#if defined(USE_GNUTLS)
- 
- typedef struct md4_ctx MD4_CTX;
- 
-@@ -109,6 +105,10 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
-   md4_digest(ctx, MD4_DIGEST_SIZE, result);
- }
- 
-+#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
-+
-+#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
-+
- #elif defined(AN_APPLE_OS)
- typedef CC_MD4_CTX MD4_CTX;
- 
diff --git a/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch b/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
deleted file mode 100644
index dec6d11..0000000
--- a/net-misc/curl/files/curl-7.87.0-typecheck-deprecated.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-https://bugs.gentoo.org/890587
-https://github.com/curl/curl/issues/10148
-https://github.com/curl/curl/commit/e2aed004302e51cfa5b6ce8c8ab65ef92aa83196
-
-From e2aed004302e51cfa5b6ce8c8ab65ef92aa83196 Mon Sep 17 00:00:00 2001
-From: Patrick Monnerat <patrick@monnerat.net>
-Date: Fri, 23 Dec 2022 15:35:27 +0100
-Subject: [PATCH] typecheck: accept expressions for option/info parameters
-
-As expressions can have side effects, evaluate only once.
-
-To enable deprecation reporting only once, get rid of the __typeof__
-use to define the local temporary variable and use the target type
-(CURLoption/CURLINFO). This also avoids multiple reports on type
-conflicts (if some) by the curlcheck_* macros.
-
-Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
-their values: a curl_easy_setopt call with an integer constant as option
-will never report a deprecation.
-
-Reported-by: Thomas Klausner
-Fixes #10148
-Closes #10149
---- a/include/curl/typecheck-gcc.h
-+++ b/include/curl/typecheck-gcc.h
-@@ -42,9 +42,8 @@
-  */
- #define curl_easy_setopt(handle, option, value)                         \
-   __extension__({                                                       \
--      CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;)   \
-+      CURLoption _curl_opt = (option);                                  \
-       if(__builtin_constant_p(_curl_opt)) {                             \
--        (void) option;                                                  \
-         CURL_IGNORE_DEPRECATION(                                        \
-           if(curlcheck_long_option(_curl_opt))                          \
-             if(!curlcheck_long(value))                                  \
-@@ -120,9 +119,8 @@
- /* wraps curl_easy_getinfo() with typechecking */
- #define curl_easy_getinfo(handle, info, arg)                            \
-   __extension__({                                                       \
--      CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;)      \
-+      CURLINFO _curl_info = (info);                                     \
-       if(__builtin_constant_p(_curl_info)) {                            \
--        (void) info;                                                    \
-         CURL_IGNORE_DEPRECATION(                                        \
-           if(curlcheck_string_info(_curl_info))                         \
-             if(!curlcheck_arr((arg), char *))                           \
-
diff --git a/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch b/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
deleted file mode 100644
index 48ebb7a..0000000
--- a/net-misc/curl/files/curl-7.88.1-header-dump-segfault.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://github.com/curl/curl/commit/1c9cfb7af368feefb522caf81b052ee742a76da8
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Mon, 20 Feb 2023 18:35:13 +0100
-Subject: [PATCH] tool_operate: avoid fclose(NULL) on bad header dump file
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes #10570
-Reported-by: Jérémy Rabasco
-Closes #10571
---- a/src/tool_operate.c
-+++ b/src/tool_operate.c
-@@ -984,12 +984,13 @@ static CURLcode single_transfer(struct GlobalConfig *global,
-              */
-             if(!per->prev || per->prev->config != config) {
-               newfile = fopen(config->headerfile, "wb+");
--              fclose(newfile);
-+              if(newfile)
-+                fclose(newfile);
-             }
-             newfile = fopen(config->headerfile, "ab+");
- 
-             if(!newfile) {
--              warnf(global, "Failed to open %s\n", config->headerfile);
-+              errorf(global, "Failed to open %s\n", config->headerfile);
-               result = CURLE_WRITE_ERROR;
-               break;
-             }
diff --git a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch b/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
deleted file mode 100644
index d338562..0000000
--- a/net-misc/curl/files/curl-7.88.1-onion-resolution.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-https://bugs.gentoo.org/887287
-https://github.com/curl/curl/pull/10705
-
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Wed, 8 Mar 2023 02:16:45 +1100
-Subject: [PATCH] Refuse to resolve the .onion TLD.
-
-RFC 7686 states that:
-
-> Applications that do not implement the Tor
-> protocol SHOULD generate an error upon the use of .onion and
-> SHOULD NOT perform a DNS lookup.
-
-Let's do that.
-
-See curl/curl#543
-https://www.rfc-editor.org/rfc/rfc7686#section-2
---- a/lib/hostip.c
-+++ b/lib/hostip.c
-@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
-   CURLcode result;
-   enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
-   struct connectdata *conn = data->conn;
-+  /* We should intentionally error and not resolve .onion TLDs */
-+  size_t hostname_len = strlen(hostname);
-+  if(hostname_len >= 7 &&
-+  (curl_strequal(&hostname[hostname_len-6], ".onion") ||
-+  curl_strequal(&hostname[hostname_len-7], ".onion."))) {
-+    failf(data, "Not resolving .onion address (RFC 7686)");
-+    return CURLRESOLV_ERROR;
-+  }
-   *entry = NULL;
- #ifndef CURL_DISABLE_DOH
-   conn->bits.doh = FALSE; /* default is not */
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
- test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
- test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
- test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
--test1464 test1465 test1466 test1467 test1468 test1469 \
--\
-+test1464 test1465 test1466 test1467 test1468 test1469 test1471 \
-+test1472 \
- test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
- test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
- test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
---- /dev/null
-+++ b/tests/data/test1471
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion TLD
-+</name>
-+<command>
-+red.onion
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
---- /dev/null
-+++ b/tests/data/test1472
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion. TLD
-+</name>
-+<command>
-+tasty.onion.
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
--- 
-2.39.2
-
diff --git a/net-misc/curl/files/curl-7.88.1-pipewait.patch b/net-misc/curl/files/curl-7.88.1-pipewait.patch
deleted file mode 100644
index 6c626a8..0000000
--- a/net-misc/curl/files/curl-7.88.1-pipewait.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-https://github.com/curl/curl/commit/821f6e2a89de8aec1c7da3c0f381b92b2b801efc
-From: Stefan Eissing <stefan@eissing.org>
-Date: Thu, 9 Feb 2023 16:07:34 +0100
-Subject: [PATCH] CURLOPT_PIPEWAIT: allow waited reuse also for subsequent
- connections
-
-note: Dropped test portion of patch; not shipped in source tarball!
-
-As tested in test_02_07, when firing off 200 urls with --parallel, 199
-wait for the first connection to be established. if that is multiuse,
-urls are added up to its capacity.
-
-The first url over capacity opens another connection. But subsequent
-urls found the same situation and open a connection too. They should
-have waited for the second connection to actually connect and make its
-capacity known.
-
-This change fixes that by
-
-- setting `connkeep()` early in the HTTP setup handler. as otherwise
-  a new connection is marked as closeit by default and not considered
-  for multiuse at all
-- checking the "connected" status for a candidate always and continuing
-  to PIPEWAIT if no alternative is found.
-
-pytest:
-- removed "skip" from test_02_07
-- added test_02_07b to check that http/1.1 continues to work as before
-
-Closes #10456
---- a/lib/http.c
-+++ b/lib/http.c
-@@ -233,6 +233,7 @@ static CURLcode http_setup_conn(struct Curl_easy *data,
- 
-   Curl_mime_initpart(&http->form);
-   data->req.p.http = http;
-+  connkeep(conn, "HTTP default");
- 
-   if((data->state.httpwant == CURL_HTTP_VERSION_3)
-      || (data->state.httpwant == CURL_HTTP_VERSION_3ONLY)) {
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -1170,14 +1170,14 @@ ConnectionExists(struct Curl_easy *data,
-             continue;
-           }
-         }
-+      }
- 
--        if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
--          foundPendingCandidate = TRUE;
--          /* Don't pick a connection that hasn't connected yet */
--          infof(data, "Connection #%ld isn't open enough, can't reuse",
--                check->connection_id);
--          continue;
--        }
-+      if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
-+        foundPendingCandidate = TRUE;
-+        /* Don't pick a connection that hasn't connected yet */
-+        infof(data, "Connection #%ld isn't open enough, can't reuse",
-+              check->connection_id);
-+        continue;
-       }
- 
- #ifdef USE_UNIX_SOCKETS
diff --git a/net-misc/curl/files/curl-7.88.1-silent-parallel.patch b/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
deleted file mode 100644
index 1162067..0000000
--- a/net-misc/curl/files/curl-7.88.1-silent-parallel.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-https://github.com/curl/curl/commit/475207c1c834ecf203dc4f3bc1917ae87628b6d0
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 21 Feb 2023 11:38:03 +0100
-Subject: [PATCH] tool_progress: shut off progress meter for --silent in
- parallel
-
-Reported-by: finkjsc on github
-Fixes #10573
-Closes #10579
---- a/src/tool_progress.c
-+++ b/src/tool_progress.c
-@@ -173,7 +173,7 @@ bool progress_meter(struct GlobalConfig *global,
-   struct timeval now;
-   long diff;
- 
--  if(global->noprogress)
-+  if(global->noprogress || global->silent)
-     return FALSE;
- 
-   now = tvnow();
diff --git a/net-misc/curl/files/curl-8.1.0-header-length.patch b/net-misc/curl/files/curl-8.1.0-header-length.patch
new file mode 100644
index 0000000..6229fd8
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.0-header-length.patch
@@ -0,0 +1,86 @@
+https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
+From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
+Date: Thu, 18 May 2023 18:22:57 +0200
+Subject: [PATCH] http2: double http request parser max line length
+
+This works around #11138, by doubling the limit, and should be a
+relatively safe fix.
+
+Ideally the buffer would grow as needed and there would be no need for a
+limit? But that might be follow-up material.
+
+Fixes #11138
+Closes #11139
+---
+ lib/http1.h             | 2 ++
+ lib/http2.c             | 2 +-
+ lib/vquic/curl_msh3.c   | 2 +-
+ lib/vquic/curl_ngtcp2.c | 2 +-
+ lib/vquic/curl_quiche.c | 2 +-
+ 5 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lib/http1.h b/lib/http1.h
+index c2d107587a6f8..8acb9db401a95 100644
+--- a/lib/http1.h
++++ b/lib/http1.h
+@@ -33,6 +33,8 @@
+ #define H1_PARSE_OPT_NONE       (0)
+ #define H1_PARSE_OPT_STRICT     (1 << 0)
+ 
++#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
++
+ struct h1_req_parser {
+   struct http_req *req;
+   struct bufq scratch;
+diff --git a/lib/http2.c b/lib/http2.c
+index 47e6f71393156..4e3b182b8d815 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
+   nghttp2_priority_spec pri_spec;
+   ssize_t nwritten;
+ 
+-  Curl_h1_req_parse_init(&h1, (4*1024));
++  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+ 
+   *err = http2_data_setup(cf, data, &stream);
+diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
+index 40e89379fc402..173886739b6dc 100644
+--- a/lib/vquic/curl_msh3.c
++++ b/lib/vquic/curl_msh3.c
+@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+ 
+   CF_DATA_SAVE(save, cf, data);
+ 
+-  Curl_h1_req_parse_init(&h1, (4*1024));
++  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+ 
+   /* Sizes must match for cast below to work" */
+diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
+index 05f960afdffa1..7794f148c6ec9 100644
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
+   nghttp3_data_reader reader;
+   nghttp3_data_reader *preader = NULL;
+ 
+-  Curl_h1_req_parse_init(&h1, (4*1024));
++  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+ 
+   *err = h3_data_setup(cf, data);
+diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
+index 392b9beb83c59..c63e8e10a22e0 100644
+--- a/lib/vquic/curl_quiche.c
++++ b/lib/vquic/curl_quiche.c
+@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
+     DEBUGASSERT(stream);
+   }
+ 
+-  Curl_h1_req_parse_init(&h1, (4*1024));
++  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+ 
+   DEBUGASSERT(stream);
diff --git a/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch b/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch
new file mode 100644
index 0000000..6a0dd13
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.0-numeric-hostname.patch
@@ -0,0 +1,227 @@
+https://github.com/curl/curl/commit/92772e6d395bbdda0e7822d980caf86e8c4aa51c.patch
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 18 May 2023 00:31:17 +0200
+Subject: [PATCH] urlapi: allow numerical parts in the host name
+
+It can only be an IPv4 address if all parts are all digits and no more than
+four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be
+passed through as a host name.
+
+Regression from 17a15d88467 shipped in 8.1.0
+
+Extended test 1560 accordingly.
+
+Reported-by: Pavel Kalyugin
+Fixes #11129
+Closes #11131
+--- a/lib/urlapi.c
++++ b/lib/urlapi.c
+@@ -34,6 +34,7 @@
+ #include "inet_ntop.h"
+ #include "strdup.h"
+ #include "idn.h"
++#include "curl_memrchr.h"
+ 
+ /* The last 3 #include files should be in this order */
+ #include "curl_printf.h"
+@@ -643,8 +644,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
+  * Handle partial IPv4 numerical addresses and different bases, like
+  * '16843009', '0x7f', '0x7f.1' '0177.1.1.1' etc.
+  *
+- * If the given input string is syntactically wrong or any part for example is
+- * too big, this function returns FALSE and doesn't create any output.
++ * If the given input string is syntactically wrong IPv4 or any part for
++ * example is too big, this function returns HOST_NAME.
+  *
+  * Output the "normalized" version of that input string in plain quad decimal
+  * integers.
+@@ -675,7 +676,7 @@ static int ipv4_normalize(struct dynbuf *host)
+     unsigned long l;
+     if(!ISDIGIT(*c))
+       /* most importantly this doesn't allow a leading plus or minus */
+-      return n ? HOST_BAD : HOST_NAME;
++      return HOST_NAME;
+     l = strtoul(c, &endp, 0);
+ 
+     parts[n] = l;
+@@ -684,7 +685,7 @@ static int ipv4_normalize(struct dynbuf *host)
+     switch(*c) {
+     case '.':
+       if(n == 3)
+-        return HOST_BAD;
++        return HOST_NAME;
+       n++;
+       c++;
+       break;
+@@ -694,39 +695,40 @@ static int ipv4_normalize(struct dynbuf *host)
+       break;
+ 
+     default:
+-      return n ? HOST_BAD : HOST_NAME;
++      return HOST_NAME;
+     }
+ 
+     /* overflow */
+     if((l == ULONG_MAX) && (errno == ERANGE))
+-      return HOST_BAD;
++      return HOST_NAME;
+ 
+ #if SIZEOF_LONG > 4
+     /* a value larger than 32 bits */
+     if(l > UINT_MAX)
+-      return HOST_BAD;
++      return HOST_NAME;
+ #endif
+   }
+ 
+-  /* this is a valid IPv4 numerical address */
+-  Curl_dyn_reset(host);
+-
+   switch(n) {
+   case 0: /* a -- 32 bits */
++    Curl_dyn_reset(host);
++
+     result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+                            parts[0] >> 24, (parts[0] >> 16) & 0xff,
+                            (parts[0] >> 8) & 0xff, parts[0] & 0xff);
+     break;
+   case 1: /* a.b -- 8.24 bits */
+     if((parts[0] > 0xff) || (parts[1] > 0xffffff))
+-      return HOST_BAD;
++      return HOST_NAME;
++    Curl_dyn_reset(host);
+     result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+                            parts[0], (parts[1] >> 16) & 0xff,
+                            (parts[1] >> 8) & 0xff, parts[1] & 0xff);
+     break;
+   case 2: /* a.b.c -- 8.8.16 bits */
+     if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xffff))
+-      return HOST_BAD;
++      return HOST_NAME;
++    Curl_dyn_reset(host);
+     result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+                            parts[0], parts[1], (parts[2] >> 8) & 0xff,
+                            parts[2] & 0xff);
+@@ -734,7 +736,8 @@ static int ipv4_normalize(struct dynbuf *host)
+   case 3: /* a.b.c.d -- 8.8.8.8 bits */
+     if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff) ||
+        (parts[3] > 0xff))
+-      return HOST_BAD;
++      return HOST_NAME;
++    Curl_dyn_reset(host);
+     result = Curl_dyn_addf(host, "%u.%u.%u.%u",
+                            parts[0], parts[1], parts[2], parts[3]);
+     break;
+@@ -796,6 +799,9 @@ static CURLUcode parse_authority(struct Curl_URL *u,
+   if(result)
+     goto out;
+ 
++  if(!Curl_dyn_len(host))
++    return CURLUE_NO_HOST;
++
+   switch(ipv4_normalize(host)) {
+   case HOST_IPV4:
+     break;
+--- a/tests/libtest/lib1560.c
++++ b/tests/libtest/lib1560.c
+@@ -474,6 +474,13 @@ static const struct testcase get_parts_list[] ={
+ };
+ 
+ static const struct urltestcase get_url_list[] = {
++  {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_OK},
++  {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
++  {"https://1.2.3.256.com", "https://1.2.3.256.com/", 0, 0, CURLUE_OK},
++  {"https://10.com", "https://10.com/", 0, 0, CURLUE_OK},
++  {"https://1.2.com", "https://1.2.com/", 0, 0, CURLUE_OK},
++  {"https://1.2.3.com", "https://1.2.3.com/", 0, 0, CURLUE_OK},
++  {"https://1.2.com.99", "https://1.2.com.99/", 0, 0, CURLUE_OK},
+   {"https://[fe80::0000:20c:29ff:fe9c:409b]:80/moo",
+    "https://[fe80::20c:29ff:fe9c:409b]:80/moo",
+    0, 0, CURLUE_OK},
+@@ -522,22 +529,24 @@ static const struct urltestcase get_url_list[] = {
+ 
+   /* IPv4 trickeries */
+   {"https://16843009", "https://1.1.1.1/", 0, 0, CURLUE_OK},
+-  {"https://0x7f.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
+   {"https://0177.1", "https://127.0.0.1/", 0, 0, CURLUE_OK},
+   {"https://0111.02.0x3", "https://73.2.0.3/", 0, 0, CURLUE_OK},
++  {"https://0111.02.0x3.", "https://0111.02.0x3./", 0, 0, CURLUE_OK},
++  {"https://0111.02.030", "https://73.2.0.24/", 0, 0, CURLUE_OK},
++  {"https://0111.02.030.", "https://0111.02.030./", 0, 0, CURLUE_OK},
+   {"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK},
+   {"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK},
+   /* IPv4 numerical overflows or syntax errors will not normalize */
+   {"https://a127.0.0.1", "https://a127.0.0.1/", 0, 0, CURLUE_OK},
+   {"https://\xff.127.0.0.1", "https://%FF.127.0.0.1/", 0, CURLU_URLENCODE,
+    CURLUE_OK},
+-  {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_BAD_HOSTNAME},
++  {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK},
+   {"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_MALFORMED_INPUT},
+-  {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_BAD_HOSTNAME},
+-  {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_BAD_HOSTNAME},
+-  {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_BAD_HOSTNAME},
+-  {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_BAD_HOSTNAME},
+-  {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_BAD_HOSTNAME},
++  {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_OK},
++  {"https://1.2.3.256.", "https://1.2.3.256./", 0, 0, CURLUE_OK},
++  {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_OK},
++  {"https://1.2.0x100.3", "https://1.2.0x100.3/", 0, 0, CURLUE_OK},
++  {"https://4294967296", "https://4294967296/", 0, 0, CURLUE_OK},
+   {"https://123host", "https://123host/", 0, 0, CURLUE_OK},
+   /* 40 bytes scheme is the max allowed */
+   {"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA://hostname/path",
+@@ -599,20 +608,11 @@ static const struct urltestcase get_url_list[] = {
+    0, 0, CURLUE_OK},
+   /* here the password has the semicolon */
+   {"http://user:pass;word@host/file",
+-   "http://user:pass;word@host/file",
+-   0, 0, CURLUE_OK},
+-  {"file:///file.txt#moo",
+-   "file:///file.txt#moo",
+-   0, 0, CURLUE_OK},
+-  {"file:////file.txt",
+-   "file:////file.txt",
+-   0, 0, CURLUE_OK},
+-  {"file:///file.txt",
+-   "file:///file.txt",
+-   0, 0, CURLUE_OK},
+-  {"file:./",
+-   "file://",
+-   0, 0, CURLUE_BAD_SCHEME},
++   "http://user:pass;word@host/file", 0, 0, CURLUE_OK},
++  {"file:///file.txt#moo", "file:///file.txt#moo", 0, 0, CURLUE_OK},
++  {"file:////file.txt", "file:////file.txt", 0, 0, CURLUE_OK},
++  {"file:///file.txt", "file:///file.txt", 0, 0, CURLUE_OK},
++  {"file:./", "file://", 0, 0, CURLUE_OK},
+   {"http://example.com/hello/../here",
+    "http://example.com/hello/../here",
+    CURLU_PATH_AS_IS, 0, CURLUE_OK},
+@@ -1124,7 +1124,7 @@ static int get_url(void)
+       }
+       curl_free(url);
+     }
+-    else if(rc != get_url_list[i].ucode) {
++    if(rc != get_url_list[i].ucode) {
+       fprintf(stderr, "Get URL\nin: %s\nreturned %d (expected %d)\n",
+               get_url_list[i].in, (int)rc, get_url_list[i].ucode);
+       error++;
+@@ -1515,6 +1515,9 @@ int test(char *URL)
+ {
+   (void)URL; /* not used */
+ 
++  if(get_url())
++    return 3;
++
+   if(huge())
+     return 9;
+ 
+@@ -1533,9 +1536,6 @@ int test(char *URL)
+   if(set_parts())
+     return 2;
+ 
+-  if(get_url())
+-    return 3;
+-
+   if(get_parts())
+     return 4;
+ 
diff --git a/net-misc/curl/files/curl-8.1.1-configure-compiler.patch b/net-misc/curl/files/curl-8.1.1-configure-compiler.patch
new file mode 100644
index 0000000..f769b35
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.1-configure-compiler.patch
@@ -0,0 +1,73 @@
+The check for "basic compiler options" hangs otherwise.
+
+https://github.com/curl/curl/commit/471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36
+https://github.com/curl/curl/commit/c4a019603b82a08c3572591a9393df0818ee02f6
+
+From 471dab2da0c6b2b08ca2b96a1da0a4825e2c3c36 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Tue, 23 May 2023 09:40:18 +0200
+Subject: [PATCH] configure: quote the assignments for run-compiler
+
+Building for multilib failed, as the compiler command contains an
+extra argument. That needs quoting.
+
+Regression from b78ca50cb3dda361f9c1
+
+Fixes #11179
+Closes #11180
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,8 +193,8 @@ dnl something different but only have that affect the execution of the results
+ dnl of the compile, not change the libraries for the compiler itself.
+ dnl
+ compilersh="run-compiler"
+-echo "CC=$CC" > $compilersh
+-echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $compilersh
++echo "CC=\"$CC\"" > $compilersh
++echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh
+ echo 'exec $CC $@' >> $compilersh
+ 
+ dnl **********************************************************************
+
+From c4a019603b82a08c3572591a9393df0818ee02f6 Mon Sep 17 00:00:00 2001
+From: Emanuele Torre <torreemanuele6@gmail.com>
+Date: Tue, 23 May 2023 11:59:59 +0200
+Subject: [PATCH] configure: fix build with arbitrary CC and LD_LIBRARY_PATH
+
+Since ./configure and processes that inherit its environment variables
+are the only callers of the run-compiler script, we can just save the
+current value of the LD_LIBRARY_PATH and CC variables to another pair of
+environment variables, and make run-compiler a static script that
+simply restores CC and LD_LIBRARY_PATH to the saved value, and before
+running the compiler.
+
+This avoids having to inject the values of the variables in the script,
+possibly causing problems if they contains spaces, quotes, and other
+special characters.
+
+Also add exports in the script just in case LD_LIBRARY_PATH and CC are
+not already in the environment.
+
+follow-up from 471dab2
+
+Closes #11182
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,9 +193,13 @@ dnl something different but only have that affect the execution of the results
+ dnl of the compile, not change the libraries for the compiler itself.
+ dnl
+ compilersh="run-compiler"
+-echo "CC=\"$CC\"" > $compilersh
+-echo "LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH\"" >> $compilersh
+-echo 'exec $CC $@' >> $compilersh
++export "CURL_SAVED_CC=$CC"
++export "CURL_SAVED_LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
++cat <<\EOF > "$compilersh"
++export "CC=$CURL_SAVED_CC"
++export "LD_LIBRARY_PATH=$CURL_SAVED_LD_LIBRARY_PATH"
++exec $CC "$@"
++EOF
+ 
+ dnl **********************************************************************
+ dnl See which TLS backend(s) that are requested. Just do all the
+
diff --git a/net-misc/curl/files/curl-8.1.1-hanging-http2.patch b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch
new file mode 100644
index 0000000..4777c4d
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.1-hanging-http2.patch
@@ -0,0 +1,36 @@
+https://github.com/curl/curl/commit/5c58cb0212bcf63cce33a974906bf9905948b4bb
+From: Stefan Eissing <stefan@eissing.org>
+Date: Wed, 24 May 2023 18:48:16 +0200
+Subject: [PATCH] http2: fix EOF handling on uploads with auth negotiation
+
+- doing a POST with `--digest` does an override on the initial request
+  with `Content-Length: 0`, but the http2 filter was unaware of that
+  and expected the originally request body. It did therefore not
+  send a final DATA frame with EOF flag to the server.
+- The fix overrides any initial notion of post size when the `done_send`
+  event is triggered by the transfer loop, leading to the EOF that
+  is necessary.
+- refs #11194. The fault did not happen in testing, as Apache httpd
+  never tries to read the request body of the initial request,
+  sends the 401 reply and closes the stream. The server used in the
+  reported issue however tried to read the EOF and timed out on the
+  request.
+
+Reported-by: Aleksander Mazur
+Fixes #11194
+Cloes #11200
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1527,10 +1527,8 @@ static CURLcode http2_data_done_send(struct Curl_cfilter *cf,
+   if(!stream->send_closed) {
+     stream->send_closed = TRUE;
+     if(stream->upload_left) {
+-      /* If we operated with unknown length, we now know that everything
+-       * that is buffered is all we have to send. */
+-      if(stream->upload_left == -1)
+-        stream->upload_left = Curl_bufq_len(&stream->sendbuf);
++      /* we now know that everything that is buffered is all there is. */
++      stream->upload_left = Curl_bufq_len(&stream->sendbuf);
+       /* resume sending here to trigger the callback to get called again so
+          that it can signal EOF to nghttp2 */
+       (void)nghttp2_session_resume_data(ctx->h2, stream->id);
diff --git a/net-misc/curl/files/curl-7.30.0-prefix.patch b/net-misc/curl/files/curl-prefix.patch
similarity index 100%
rename from net-misc/curl/files/curl-7.30.0-prefix.patch
rename to net-misc/curl/files/curl-prefix.patch
diff --git a/net-misc/curl/metadata.xml b/net-misc/curl/metadata.xml
index cdd47f1..10ae7d7 100644
--- a/net-misc/curl/metadata.xml
+++ b/net-misc/curl/metadata.xml
@@ -20,7 +20,6 @@
 		<flag name="imap">Enable Internet Message Access Protocol support</flag>
 		<flag name="mbedtls">Enable mbedtls ssl backend</flag>
 		<flag name="nghttp3">Enable HTTP/3.0 support using <pkg>net-libs/nghttp3</pkg> and <pkg>net-libs/ngtcp2</pkg></flag>
-		<flag name="quiche">Enable HTTP/3.0 support using <pkg>net-libs/quiche</pkg></flag>
 		<flag name="nss">Enable nss ssl backend</flag>
 		<flag name="openssl">Enable openssl ssl backend</flag>
 		<flag name="pop3">Enable Post Office Protocol 3 support</flag>
diff --git a/net-misc/wget/Manifest b/net-misc/wget/Manifest
index 7053a35..f74c516 100644
--- a/net-misc/wget/Manifest
+++ b/net-misc/wget/Manifest
@@ -1,2 +1,4 @@
 DIST wget-1.21.3.tar.gz 5079864 BLAKE2B 4ff40a30cb3be82ea492d0eae324a9d43de30a0169d3b219ce25f3d667915f90c7eb1559760d1605340f112e96e028613265e0be73aaba7935c69cc06a4ae4f6 SHA512 29889ecbf590dff0f39183d9e0621741d731a554d990e5c995a4644725dca62e8e19601d40db0ef7d62ebf54e5457c7409965e4832b6e60e4ccbc9c8caa30718
 DIST wget-1.21.3.tar.gz.sig 854 BLAKE2B 71f69492397ae9e36284be9acdd1c94da34a7397c14a6de1a867c0d1e807bf961f8a2e098ab5629425691ce595227fb08f046416245fda2a6025929079f2d7c2 SHA512 b9f41496e0083545bc703c97b0758500f337527647cdc422152d7855d05351e3a62685269238c78300eafdbfaed8afecaeb988901a3d8a6b002e9fb3d70efe4f
+DIST wget-1.21.4.tar.gz 5059591 BLAKE2B ced6fb9a20343d41e4d8e0c8f171c60535847504fa4c32abc81d104a1594dc7b7c97b5b301836e31dacc7a0f2155c0a2e70e42ff60dc3fa471deb1dad33ba736 SHA512 7a1539045174f6b97ab6980811c2ac1799edc20db72987b5ba9b1710cffb19669a7736813d15c8da3aa2d4a384246ff946b77ecb0baeb6fd3e12ae591f1bf6a3
+DIST wget-1.21.4.tar.gz.sig 854 BLAKE2B 162c4f358e781bbfb0fa73910191c29dd411f48c9b2c8e8fe00a12741153e624955393d769aa7311b03115d04b6b946a84b636f643d7cdc8c8cd81387b9cf143 SHA512 72603493c2d799dca08700175a2010d8736fd6d3cb9bea3987db8814e9f133ab0fbd1477892115f7fbbd1a7d4d416ec370bdbff6dbe8f00d1eea84f0c4f8d84b
diff --git a/net-misc/wget/wget-1.21.3-r1.ebuild b/net-misc/wget/wget-1.21.4.ebuild
similarity index 96%
rename from net-misc/wget/wget-1.21.3-r1.ebuild
rename to net-misc/wget/wget-1.21.4.ebuild
index 00fdfc0..5fe7620 100644
--- a/net-misc/wget/wget-1.21.3-r1.ebuild
+++ b/net-misc/wget/wget-1.21.4.ebuild
@@ -54,15 +54,11 @@
 		dev-perl/HTTP-Message
 		dev-perl/IO-Socket-SSL
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-wget-20230313 )
+	verify-sig? ( >=sec-keys/openpgp-keys-wget-20230511 )
 "
 
 DOCS=( AUTHORS MAILING-LIST NEWS README )
 
-PATCHES=(
-	"${FILESDIR}"/${P}-hsts-type.patch
-)
-
 pkg_setup() {
 	use test && python-any-r1_pkg_setup
 }
diff --git a/sys-apps/acl/acl-2.3.1-r1.ebuild b/sys-apps/acl/acl-2.3.1-r2.ebuild
similarity index 94%
rename from sys-apps/acl/acl-2.3.1-r1.ebuild
rename to sys-apps/acl/acl-2.3.1-r2.ebuild
index 0da60b9..c3a5ae9 100644
--- a/sys-apps/acl/acl-2.3.1-r1.ebuild
+++ b/sys-apps/acl/acl-2.3.1-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -20,6 +20,10 @@
 DEPEND="${RDEPEND}"
 BDEPEND="nls? ( sys-devel/gettext )"
 
+PATCHES=(
+	"${FILESDIR}/${PN}-2.3.1-musl-1.2.4-lfs64-fix.patch"
+)
+
 src_prepare() {
 	default
 
diff --git a/sys-apps/acl/files/acl-2.3.1-musl-1.2.4-lfs64-fix.patch b/sys-apps/acl/files/acl-2.3.1-musl-1.2.4-lfs64-fix.patch
new file mode 100644
index 0000000..3b5d2c6
--- /dev/null
+++ b/sys-apps/acl/files/acl-2.3.1-musl-1.2.4-lfs64-fix.patch
@@ -0,0 +1,37 @@
+Bug: https://bugs.gentoo.org/905910
+Upstream Bug: https://savannah.nongnu.org/bugs/index.php?64162
+
+From a9100afd77fea00b311f114a5a04108283aa681a Mon Sep 17 00:00:00 2001
+From: Violet Purcell <vimproved@inventati.org>
+Date: Mon, 8 May 2023 04:17:07 +0000
+Subject: [PATCH] musl 1.2.4 LFS64 removal fixes
+
+---
+ tools/chacl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/chacl.c b/tools/chacl.c
+index 525a7ff..8fff875 100644
+--- a/tools/chacl.c
++++ b/tools/chacl.c
+@@ -320,7 +320,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname)
+ {
+ 	int failed = 0;
+ 	DIR *dir;
+-	struct dirent64 *d;
++	struct dirent *d;
+ 	char *name;
+ 
+ 	if ((dir = opendir(fname)) == NULL) {
+@@ -332,7 +332,7 @@ walk_dir(acl_t acl, acl_t dacl, const char *fname)
+ 		return(0);	/* got a file, not an error */
+ 	}
+ 
+-	while ((d = readdir64(dir)) != NULL) {
++	while ((d = readdir(dir)) != NULL) {
+ 		/* skip "." and ".." entries */
+ 		if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0)
+ 			continue;
+-- 
+2.40.1
+
diff --git a/sys-apps/coreutils/Manifest b/sys-apps/coreutils/Manifest
index fb0594f..ad56e3b 100644
--- a/sys-apps/coreutils/Manifest
+++ b/sys-apps/coreutils/Manifest
@@ -3,7 +3,5 @@
 DIST coreutils-9.0_p20220409-patches-01.tar.xz 6244 BLAKE2B 8ca9855680719660782931467ec70095c826e66b9850890b8cf456963f8114f63940707386b97c766172d01e55e17b7db2aa1c329208a873a76e2293b29f565f SHA512 4b43c25832122d241f33e6b4eff24bc1fa045b9ca5af45a49d22ecb1fa282986c4e4a045ef24c34b3d94fd9a2247247c42c344261e3f464d881969e6f3351d3f
 DIST coreutils-9.1.tar.xz 5712104 BLAKE2B f5654e4935535275615d44a56c071d1c0746af36cf4615fcc0a5a0d387af9c9023adac31f31a52e16b3d1105b9d4c0fb7ebff9b2862498849f867a866049dd6e SHA512 a6ee2c549140b189e8c1b35e119d4289ec27244ec0ed9da0ac55202f365a7e33778b1dc7c4e64d1669599ff81a8297fe4f5adbcc8a3a2f75c919a43cd4b9bdfa
 DIST coreutils-9.1.tar.xz.sig 833 BLAKE2B e9627a066f3c67596feaa8d43d5785076230f440bacea84d8b5736e51a22787c2d5df1f3e2cd8523d01fb7b468933d3c17fce3cb1fbefef322a0e0d820b81842 SHA512 9f0766531afd4faa3e2c337730f61db55605cf06729e9c61f644594883732c2e0b1ddb0005b492be309c53e6f45b8ff875398163a48699d52517ea49e9bdbc91
-DIST coreutils-9.2.tar.xz 5773008 BLAKE2B 026e01718d79dd95bf645088d395584cbd422bb318f414a6ad325aea5deeec7aecb63217c1ce8231e81dd3b6fee1c85c60616c57ef8e2e1d0b9d764fa5a68908 SHA512 7e3108fefba4ef995cc73c64ac5f4e09827a44649a97ddd624eb61d67ce82da5ed6dc8c0f79d3e269f5cdb7d43877a61ef5b93194dd905bec432a7e31f9f479c
-DIST coreutils-9.2.tar.xz.sig 833 BLAKE2B 225f6ea9d6c2a2b0e47093b6c10d648b8d847daf0733eeb779eb01cffde47f67b3328bdfb214298d669689f5de76f3c64384a6471dfc4ccc3a238bfc1943e654 SHA512 4219f3103d829841a11bf1fe42ae277a44347e555fbbaf48e5e87cce48deb96753cb6d25f2571b88685a164acb9f016ff7ea02346b799ce954599fa0124ef070
 DIST coreutils-9.3.tar.xz 5808696 BLAKE2B 11502cd2dbeef150d0d4cece2546bf6b835941b94456c258f6058338f0477f22e68e88934d075b08fe51ee4d1c0c50cb23d8084ac06a457d6e8975f01643b1cd SHA512 242271f212a6860bdc6c8d7e5c4f85ce66c1b48ef781aca9daa56e0fe7c2b7809ef72b4392120219fe5b687637c83ce89ceef8bb35f6274f43f8f968a6901694
 DIST coreutils-9.3.tar.xz.sig 833 BLAKE2B c45ae10ff706907ae65d31228e432f7d6f34acbdb733bf521437d9e2fc75828a59da9d432d894a1ed8b7341f7e15d0e8d4e816e209c799b75c14d0ec055bfdf2 SHA512 522a2072f8ef940228ccdd856a4041c3c16b98e309168ccf2066fe7c1013685ba6cdea8a7317dfa1f4507b37ca016ecedaf54438d4a5007927b0e1a8fd223eb5
diff --git a/sys-apps/coreutils/coreutils-9.3.ebuild b/sys-apps/coreutils/coreutils-9.3-r3.ebuild
similarity index 93%
rename from sys-apps/coreutils/coreutils-9.3.ebuild
rename to sys-apps/coreutils/coreutils-9.3-r3.ebuild
index 87c673e..244ec67 100644
--- a/sys-apps/coreutils/coreutils-9.3.ebuild
+++ b/sys-apps/coreutils/coreutils-9.3-r3.ebuild
@@ -4,8 +4,10 @@
 EAPI=7
 
 # Try to keep an eye on Fedora's packaging: https://src.fedoraproject.org/rpms/coreutils
-# The upstream coreutils maintianers also maintain the package in Fedora and may
+# The upstream coreutils maintainers also maintain the package in Fedora and may
 # backport fixes which we want to pick up.
+#
+# Also recommend subscribing to the coreutils and bug-coreutils MLs.
 
 PYTHON_COMPAT=( python3_{6..9} )
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/coreutils.asc
@@ -108,6 +110,8 @@
 src_prepare() {
 	local PATCHES=(
 		# Upstream patches
+		"${FILESDIR}"/${P}-cp-parents-preserve-permissions.patch
+		"${FILESDIR}"/${P}-old-kernel-copy_file_range.patch
 	)
 
 	if ! use vanilla && [[ -d "${WORKDIR}"/patch ]] ; then
@@ -116,6 +120,9 @@
 
 	default
 
+	# Just for ${P}-old-kernel-copy_file_range.patch
+	touch aclocal.m4 configure.ac Makefile.in gnulib-tests/Makefile.in configure || die
+
 	# Since we've patched many .c files, the make process will try to
 	# re-build the manpages by running `./bin --help`.  When doing a
 	# cross-compile, we can't do that since 'bin' isn't a native bin.
@@ -133,6 +140,10 @@
 }
 
 src_configure() {
+	# On alpha at least, gnulib (as of 9.3) can't seem to figure out we need
+	# _F_O_B=64: https://debbugs.gnu.org/64123
+	append-lfs-flags
+
 	local myconf=(
 		--with-packager="Gentoo"
 		--with-packager-version="${PVR} (p${PATCH_VER:-0})"
diff --git a/sys-apps/coreutils/files/coreutils-9.2-cksum-result-reporting.patch b/sys-apps/coreutils/files/coreutils-9.2-cksum-result-reporting.patch
deleted file mode 100644
index 4381d75..0000000
--- a/sys-apps/coreutils/files/coreutils-9.2-cksum-result-reporting.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://www.reddit.com/r/archlinux/comments/11zdecf/sha256sum_c_prints_ok_for_a_failed_checksum_when/
-https://bugs.archlinux.org/task/77969
-https://bugs.gnu.org/62403
-
-https://github.com/coreutils/coreutils/commit/76f2fb627118a26c25003dbd98c22c153b7ee1d2
-
-From 76f2fb627118a26c25003dbd98c22c153b7ee1d2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Thu, 23 Mar 2023 12:31:24 +0000
-Subject: [PATCH] cksum: fix reporting of failed checks
-
-This applies to all checksumming utilities,
-where we incorrectly report all subsequent files as checking 'OK'
-once any file has passed a digest check.
-The exit status was not impacted, only the printed status.
-
-* src/digest.c (digest_check): Use the correct state variable
-to determine if the _current_ file has passed or not.
-* tests/misc/md5sum.pl: Add a test case.
-Fixes https://bugs.gnu.org/62403
---- a/src/digest.c
-+++ b/src/digest.c
-@@ -1254,14 +1254,14 @@ digest_check (char const *checkfile_name)
- 
-               if (!status_only)
-                 {
--                  if ( ! matched_checksums || ! quiet)
-+                  if (! match || ! quiet)
-                     {
-                       if (needs_escape)
-                         putchar ('\\');
-                       print_filename (filename, needs_escape);
-                     }
- 
--                  if ( ! matched_checksums)
-+                  if (! match)
-                     printf (": %s\n", _("FAILED"));
-                   else if (!quiet)
-                     printf (": %s\n", _("OK"));
---- a/tests/misc/md5sum.pl
-+++ b/tests/misc/md5sum.pl
-@@ -101,6 +101,16 @@
-                   . "md5sum: WARNING: 1 line is improperly formatted\n"
-                   . "md5sum: WARNING: 2 computed checksums did NOT match\n"},
-                                 {EXIT=> 1}],
-+     # Ensure we use appropriate state to track failures (broken in 9.2)
-+     ['check-multifail-state', '--check', '--warn',
-+                                {IN=>{'f.md5' =>
-+                                      "$degenerate  f\n"
-+                                      . "$degenerate  g\n"
-+                                      . "$degenerate  f\n" }},
-+                                {AUX=> {f=> ''}}, {AUX=> {g=> 'a'}},
-+                                {OUT=>"f: OK\ng: FAILED\nf: OK\n"},
-+              {ERR=>"md5sum: WARNING: 1 computed checksum did NOT match\n"},
-+                                {EXIT=> 1}],
-      # The sha1sum and md5sum drivers share a lot of code.
-      # Ensure that md5sum does *not* share the part that makes
-      # sha1sum accept BSD format.
-
diff --git a/sys-apps/coreutils/files/coreutils-9.2-cp-reflink-auto-fallback.patch b/sys-apps/coreutils/files/coreutils-9.2-cp-reflink-auto-fallback.patch
deleted file mode 100644
index 0b2ea0f..0000000
--- a/sys-apps/coreutils/files/coreutils-9.2-cp-reflink-auto-fallback.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=093a8b4bfaba60005f14493ce7ef11ed665a0176
-
-From 093a8b4bfaba60005f14493ce7ef11ed665a0176 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Thu, 23 Mar 2023 13:19:04 +0000
-Subject: copy: fix --reflink=auto to fallback in more cases
-
-On restricted systems like android or some containers,
-FICLONE could return EPERM, EACCES, or ENOTTY,
-which would have induced the command to fail to copy
-rather than falling back to a more standard copy.
-
-* src/copy.c (is_terminal_failure): A new function refactored
-from handle_clone_fail().
-(is_CLONENOTSUP): Merge in the handling of EACCES, ENOTTY, EPERM
-as they also pertain to determination of whether cloning is supported
-if we ever use this function in that context.
-(handle_clone_fail): Use is_terminal_failure() in all cases,
-so that we assume a terminal failure in less errno cases.
-* NEWS: Mention the bug fix.
-Addresses https://bugs.gnu.org/62404
---- a/src/copy.c
-+++ b/src/copy.c
-@@ -278,15 +278,27 @@ create_hole (int fd, char const *name, bool punch_holes, off_t size)
- }
- 
- 
--/* Whether the errno from FICLONE, or copy_file_range
--   indicates operation is not supported for this file or file system.  */
-+/* Whether the errno indicates the operation is a transient failure.
-+   I.e., a failure that would indicate the operation _is_ supported,
-+   but has failed in a terminal way.  */
-+
-+static bool
-+is_terminal_error (int err)
-+{
-+  return err == EIO || err == ENOMEM || err == ENOSPC || err == EDQUOT;
-+}
-+
-+
-+/* Whether the errno from FICLONE, or copy_file_range indicates
-+   the operation is not supported/allowed for this file or process.  */
- 
- static bool
- is_CLONENOTSUP (int err)
- {
--  return err == ENOSYS || is_ENOTSUP (err)
-+  return err == ENOSYS || err == ENOTTY || is_ENOTSUP (err)
-          || err == EINVAL || err == EBADF
--         || err == EXDEV || err == ETXTBSY;
-+         || err == EXDEV || err == ETXTBSY
-+         || err == EPERM || err == EACCES;
- }
- 
- 
-@@ -339,20 +351,18 @@ sparse_copy (int src_fd, int dest_fd, char **abuf, size_t buf_size,
-           {
-             copy_debug.offload = COPY_DEBUG_UNSUPPORTED;
- 
--            if (is_CLONENOTSUP (errno))
--              break;
--
--            /* copy_file_range might not be enabled in seccomp filters,
--               so retry with a standard copy.  EPERM can also occur
--               for immutable files, but that would only be in the edge case
--               where the file is made immutable after creating/truncating,
-+            /* Consider operation unsupported only if no data copied.
-+               For example, EPERM could occur if copy_file_range not enabled
-+               in seccomp filters, so retry with a standard copy.  EPERM can
-+               also occur for immutable files, but that would only be in the
-+               edge case where the file is made immutable after creating,
-                in which case the (more accurate) error is still shown.  */
--            if (errno == EPERM && *total_n_read == 0)
-+            if (*total_n_read == 0 && is_CLONENOTSUP (errno))
-               break;
- 
-             /* ENOENT was seen sometimes across CIFS shares, resulting in
-                no data being copied, but subsequent standard copies succeed.  */
--            if (errno == ENOENT && *total_n_read == 0)
-+            if (*total_n_read == 0 && errno == ENOENT)
-               break;
- 
-             if (errno == EINTR)
-@@ -1172,17 +1182,15 @@ handle_clone_fail (int dst_dirfd, char const* dst_relname,
-                    char const* src_name, char const* dst_name,
-                    int dest_desc, bool new_dst, enum Reflink_type reflink_mode)
- {
--  /* If the clone operation is creating the destination,
--     then don't try and cater for all non transient file system errors,
--     and instead only cater for specific transient errors.  */
--  bool transient_failure;
--  if (dest_desc < 0) /* currently for fclonefileat().  */
--    transient_failure = errno == EIO || errno == ENOMEM
--                        || errno == ENOSPC || errno == EDQUOT;
--  else /* currently for FICLONE.  */
--    transient_failure = ! is_CLONENOTSUP (errno);
--
--  if (reflink_mode == REFLINK_ALWAYS || transient_failure)
-+  /* When the clone operation fails, report failure only with errno values
-+     known to mean trouble when the clone is supported and called properly.
-+     Do not report failure merely because !is_CLONENOTSUP (errno),
-+     as systems may yield oddball errno values here with FICLONE.
-+     Also is_CLONENOTSUP() is not appropriate for the range of errnos
-+     possible from fclonefileat(), so it's more consistent to avoid. */
-+  bool report_failure = is_terminal_error (errno);
-+
-+  if (reflink_mode == REFLINK_ALWAYS || report_failure)
-     error (0, errno, _("failed to clone %s from %s"),
-            quoteaf_n (0, dst_name), quoteaf_n (1, src_name));
- 
-@@ -1190,14 +1198,14 @@ handle_clone_fail (int dst_dirfd, char const* dst_relname,
-      but cloned no data.  */
-   if (new_dst /* currently not for fclonefileat().  */
-       && reflink_mode == REFLINK_ALWAYS
--      && ((! transient_failure) || lseek (dest_desc, 0, SEEK_END) == 0)
-+      && ((! report_failure) || lseek (dest_desc, 0, SEEK_END) == 0)
-       && unlinkat (dst_dirfd, dst_relname, 0) != 0 && errno != ENOENT)
-     error (0, errno, _("cannot remove %s"), quoteaf (dst_name));
- 
--  if (! transient_failure)
-+  if (! report_failure)
-     copy_debug.reflink = COPY_DEBUG_UNSUPPORTED;
- 
--  if (reflink_mode == REFLINK_ALWAYS || transient_failure)
-+  if (reflink_mode == REFLINK_ALWAYS || report_failure)
-     return false;
- 
-   return true;
--- 
-cgit v1.1
diff --git a/sys-apps/coreutils/files/coreutils-9.3-cp-parents-preserve-permissions.patch b/sys-apps/coreutils/files/coreutils-9.3-cp-parents-preserve-permissions.patch
new file mode 100644
index 0000000..c8f2a9b
--- /dev/null
+++ b/sys-apps/coreutils/files/coreutils-9.3-cp-parents-preserve-permissions.patch
@@ -0,0 +1,86 @@
+https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=c6b1fe43474b48a6bf5793e11cc1d0d6e895fdf4
+
+From c6b1fe43474b48a6bf5793e11cc1d0d6e895fdf4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Wed, 3 May 2023 17:01:37 +0100
+Subject: cp: -p --parents: fix failure to preserve permissions for absolute
+ paths
+
+* src/cp.c (re_protect): Ensure copy_acl() is passed an absolute path.
+* tests/cp/cp-parents.sh: Add a test case.
+* NEWS: Mention the bug.
+Fixes https://bugs.gnu.org/63245
+--- a/src/cp.c
++++ b/src/cp.c
+@@ -296,15 +296,19 @@ regular file.\n\
+    when done.  */
+ 
+ static bool
+-re_protect (char const *const_dst_name, int dst_dirfd, char const *dst_relname,
++re_protect (char const *const_dst_name, int dst_dirfd, char const *dst_fullname,
+             struct dir_attr *attr_list, const struct cp_options *x)
+ {
+   struct dir_attr *p;
+   char *dst_name;		/* A copy of CONST_DST_NAME we can change. */
+-  char *src_name;		/* The source name in 'dst_name'. */
++  char *src_name;		/* The relative source name in 'dst_name'. */
++  char *full_src_name;		/* The full source name in 'dst_name'. */
+ 
+   ASSIGN_STRDUPA (dst_name, const_dst_name);
+-  src_name = dst_name + (dst_relname - const_dst_name);
++  full_src_name = dst_name + (dst_fullname - const_dst_name);
++  src_name = full_src_name;
++  while (*src_name == '/')
++    src_name++;
+ 
+   for (p = attr_list; p; p = p->next)
+     {
+@@ -347,7 +351,7 @@ re_protect (char const *const_dst_name, int dst_dirfd, char const *dst_relname,
+ 
+       if (x->preserve_mode)
+         {
+-          if (copy_acl (src_name, -1, dst_name, -1, p->st.st_mode) != 0)
++          if (copy_acl (full_src_name, -1, dst_name, -1, p->st.st_mode) != 0)
+             return false;
+         }
+       else if (p->restore_mode)
+@@ -687,6 +691,7 @@ do_copy (int n_files, char **file, char const *target_directory,
+           bool parent_exists = true;  /* True if dir_name (dst_name) exists. */
+           struct dir_attr *attr_list;
+           char *arg_in_concat = NULL;
++          char *full_arg_in_concat = NULL;
+           char *arg = file[i];
+ 
+           /* Trailing slashes are meaningful (i.e., maybe worth preserving)
+@@ -719,6 +724,7 @@ do_copy (int n_files, char **file, char const *target_directory,
+                   (x->verbose ? "%s -> %s\n" : NULL),
+                   &attr_list, &new_dst, x));
+ 
++              full_arg_in_concat = arg_in_concat;
+               while (*arg_in_concat == '/')
+                 arg_in_concat++;
+             }
+@@ -747,7 +753,7 @@ do_copy (int n_files, char **file, char const *target_directory,
+                           new_dst, x, &copy_into_self, NULL);
+ 
+               if (parents_option)
+-                ok &= re_protect (dst_name, target_dirfd, arg_in_concat,
++                ok &= re_protect (dst_name, target_dirfd, full_arg_in_concat,
+                                   attr_list, x);
+             }
+ 
+--- a/tests/cp/cp-parents.sh
++++ b/tests/cp/cp-parents.sh
+@@ -66,4 +66,10 @@ p=$(ls -ld g/sym/b/c|cut -b-10); case $p in drwxr-xr-x);; *) fail=1;; esac
+ cp --parents --no-preserve=mode np/b/file np_dest/ || fail=1
+ p=$(ls -ld np_dest/np|cut -b-10); case $p in drwxr-xr-x);; *) fail=1;; esac
+ 
++# coreutils 9.1-9.3 inclusive would fail to copy acls for absolute dirs
++mkdir dest || framework_failure_
++if test -f /bin/ls; then
++  cp -t dest --parents -p /bin/ls || fail=1
++fi
++
+ Exit $fail
+-- 
+cgit v1.1
diff --git a/sys-apps/coreutils/files/coreutils-9.3-old-kernel-copy_file_range.patch b/sys-apps/coreutils/files/coreutils-9.3-old-kernel-copy_file_range.patch
new file mode 100644
index 0000000..27767e3
--- /dev/null
+++ b/sys-apps/coreutils/files/coreutils-9.3-old-kernel-copy_file_range.patch
@@ -0,0 +1,89 @@
+https://bugs.gentoo.org/907474
+
+From 87b95c17dc8611f9483b966d052eefc930f43927 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 5 Jun 2023 22:04:37 -0700
+Subject: [PATCH] copy-file-range: support building for older kernels
+
+* m4/copy-file-range.m4 (gl_FUNC_COPY_FILE_RANGE):
+Remove static check, to support the dubious practice of
+building for platforms that predate the build platform.
+On working kernels this adds an extra syscall the first time
+that copy_file_range is used.  Problem reported for Gentoo by
+Sam James <https://bugs.gnu.org/63850>.
+--- a/m4/copy-file-range.m4
++++ b/m4/copy-file-range.m4
+@@ -39,21 +39,9 @@ AC_DEFUN([gl_FUNC_COPY_FILE_RANGE],
+ 
+     case $host_os in
+       linux*)
+-        AC_CACHE_CHECK([whether copy_file_range is known to work],
+-          [gl_cv_copy_file_range_known_to_work],
+-          [AC_COMPILE_IFELSE(
+-             [AC_LANG_PROGRAM(
+-                [[#include <linux/version.h>
+-                ]],
+-                [[#if LINUX_VERSION_CODE < KERNEL_VERSION (5, 3, 0)
+-                   #error "copy_file_range is buggy"
+-                  #endif
+-                ]])],
+-             [gl_cv_copy_file_range_known_to_work=yes],
+-             [gl_cv_copy_file_range_known_to_work=no])])
+-        if test "$gl_cv_copy_file_range_known_to_work" = no; then
+-          REPLACE_COPY_FILE_RANGE=1
+-        fi;;
++        # See copy-file-range.c comment re pre-5.3 Linux kernel bugs.
++        # We should be able to remove this hack in 2025.
++        REPLACE_COPY_FILE_RANGE=1;;
+     esac
+   fi
+ ])
+
+--- a/configure
++++ b/configure
+@@ -39903,42 +39903,9 @@ printf "%s\n" "#define HAVE_COPY_FILE_RANGE 1" >>confdefs.h
+ 
+     case $host_os in
+       linux*)
+-        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether copy_file_range is known to work" >&5
+-printf %s "checking whether copy_file_range is known to work... " >&6; }
+-if test ${gl_cv_copy_file_range_known_to_work+y}
+-then :
+-  printf %s "(cached) " >&6
+-else case e in #(
+-  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+-#include <linux/version.h>
+-
+-int
+-main (void)
+-{
+-#if LINUX_VERSION_CODE < KERNEL_VERSION (5, 3, 0)
+-                   #error "copy_file_range is buggy"
+-                  #endif
+-
+-  ;
+-  return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"
+-then :
+-  gl_cv_copy_file_range_known_to_work=yes
+-else case e in #(
+-  e) gl_cv_copy_file_range_known_to_work=no ;;
+-esac
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+-esac
+-fi
+-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gl_cv_copy_file_range_known_to_work" >&5
+-printf "%s\n" "$gl_cv_copy_file_range_known_to_work" >&6; }
+-        if test "$gl_cv_copy_file_range_known_to_work" = no; then
+-          REPLACE_COPY_FILE_RANGE=1
+-        fi;;
++        # See copy-file-range.c comment re pre-5.3 Linux kernel bugs.
++        # We should be able to remove this hack in 2025.
++        REPLACE_COPY_FILE_RANGE=1;;
+     esac
+   fi
+ 
diff --git a/sys-apps/coreutils/metadata.xml b/sys-apps/coreutils/metadata.xml
index ddaba54..1e1f3ac 100644
--- a/sys-apps/coreutils/metadata.xml
+++ b/sys-apps/coreutils/metadata.xml
@@ -17,5 +17,6 @@
 </use>
 <upstream>
 	<remote-id type="cpe">cpe:/a:gnu:coreutils</remote-id>
+	<remote-id type="savannah">coreutils</remote-id>
 </upstream>
 </pkgmetadata>
diff --git a/sys-apps/diffutils/Manifest b/sys-apps/diffutils/Manifest
index eda49ea..ac73eb7 100644
--- a/sys-apps/diffutils/Manifest
+++ b/sys-apps/diffutils/Manifest
@@ -1,3 +1,5 @@
+DIST diffutils-3.10.tar.xz 1624240 BLAKE2B 24a90162b3d876e6378243f19a85a1f1bb4cdfe98d130dee684740a902f2987509d5830dd32df4e26678b468b96960f6f9785ffb922e828cb8b4acce0d8587f6 SHA512 219d2c815a120690c6589846271e43aee5c96c61a7ee4abbef97dfcdb3d6416652ed494b417de0ab6688c4322540d48be63b5e617beb6d20530b5d55d723ccbb
+DIST diffutils-3.10.tar.xz.sig 833 BLAKE2B 06650838d6a3327fda6b2ab09693170ec18b730b1f5981c8f3e2180b2c8a553307ae93199e4be0532a534a8a3f95e4a7b4fccbbd9e5f8d1b1cedd0816b0aac90 SHA512 91aa1fcfca224454e292540ea7813f4a0eb348f06a4374017326d524949775359fc833de597cc201c97f357eb6c675800828a6e3332572376f3554f1f2e1aca1
 DIST diffutils-3.8.tar.xz 1585120 BLAKE2B 573abbfba55c62ba30d2084ca68860e9681cfe92648407f7fb04e1aaed2e4719e2fb5a29cf25bd125d762f4dfd52f85ee91f2ec19b099365bada7fe27a0394af SHA512 279441270987e70d5ecfaf84b6285a4866929c43ec877e50f154a788858d548a8a316f2fc26ad62f7348c8d289cb29a09d06dfadce1806e3d8b4ea88c8b1aa7c
 DIST diffutils-3.8.tar.xz.sig 833 BLAKE2B 439d331d9839d8b434b7192c52628bc9e8e1c11cada28170f85c9390abc3e5e9ea86aee696a4f9260552133053194680ff54b960ed539fabec85fdff54dee3a2 SHA512 0464ac89209411993800666b45ff90243d22fbda53bf1d71c6870d565b39cc8d9c54c141b9d297a181ce74ad8fb5313953f416bced179ff7728a52a3e9a4f5a5
 DIST diffutils-3.9.tar.xz 1587916 BLAKE2B d43ed9f1643ac46b69083755974fc9611ad00c3b98b08332c681223d17d762567562233b51342a16f7dad8f28dfc5536999143594e33a64e6624001a71787c8f SHA512 d43280cb1cb2615a8867d971467eb9a3fa037fe9a411028068036f733dab42b10d42767093cea4de71e62b2659a3ec73bd7d1a8f251befd49587e32802682d0f
diff --git a/sys-apps/diffutils/diffutils-3.9-r1.ebuild b/sys-apps/diffutils/diffutils-3.10.ebuild
similarity index 85%
rename from sys-apps/diffutils/diffutils-3.9-r1.ebuild
rename to sys-apps/diffutils/diffutils-3.10.ebuild
index f3f7df6..44aeba7 100644
--- a/sys-apps/diffutils/diffutils-3.9-r1.ebuild
+++ b/sys-apps/diffutils/diffutils-3.10.ebuild
@@ -4,7 +4,7 @@
 EAPI=7
 
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/diffutils.asc
-inherit flag-o-matic verify-sig
+inherit verify-sig
 
 DESCRIPTION="Tools to make diffs and compare files"
 HOMEPAGE="https://www.gnu.org/software/diffutils/"
@@ -12,7 +12,7 @@
 if [[ ${PV} == *_p* ]] ; then
 	# Subscribe to the 'platform-testers' ML to find these.
 	# Useful to test on our especially more niche arches and report issues upstream.
-	MY_COMMIT="43-2d50"
+	MY_COMMIT="17-cc36"
 	MY_P=${PN}-$(ver_cut 1-2).${MY_COMMIT}
 	SRC_URI="https://meyering.net/diff/${MY_P}.tar.xz"
 	SRC_URI+=" verify-sig? ( https://meyering.net/diff/${MY_P}.tar.xz.sig )"
@@ -25,28 +25,21 @@
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="nls static"
+IUSE="nls"
 
 BDEPEND="
 	nls? ( sys-devel/gettext )
 	verify-sig? ( sec-keys/openpgp-keys-diffutils )
 "
 
-PATCHES=(
-	"${FILESDIR}"/${P}-make-4.4-test-color.patch
-	"${FILESDIR}"/${P}-diff-D-option-regression.patch
-)
-
 src_prepare() {
 	default
 
 	# Needed because of ${P}-diff-D-option-regression.patch
-	touch man/diff.1 || die
+	#touch man/diff.1 || die
 }
 
 src_configure() {
-	use static && append-ldflags -static
-
 	# Disable automagic dependency over libsigsegv; see bug #312351.
 	export ac_cv_libsigsegv=no
 
diff --git a/sys-apps/ethtool/Manifest b/sys-apps/ethtool/Manifest
index 1854085..bf35a36 100644
--- a/sys-apps/ethtool/Manifest
+++ b/sys-apps/ethtool/Manifest
@@ -2,3 +2,4 @@
 DIST ethtool-5.19.tar.xz 324472 BLAKE2B 44cc292db04f411a57a0a5ae0cdfbef733c7ee739fc252523c713489a13ae33de3927b500db796bc584fef3c83d7238dca2af4e6b6a5c594bbf21e87ed2380a7 SHA512 71103c6856a889161ef2bf81eadec69b2f3a84c94aa776d545f889dc1c55b91d566d3b7394dbd2cb70ed92ac19d5f26967b1f829c204f23831d1fb81a0464972
 DIST ethtool-6.1.tar.xz 327644 BLAKE2B 002a4edffda42520d77e8f0c27adf909090823f1a08689b67fc7c75de3048bdc9c94d7d32973bd17562d7dbf295479e796c2529b5db66b5fce42a2ede5851cd6 SHA512 6ca478ec75dae7cc347b859802e1965e6c78310ec4b276dec29bdf76d3464e4186c6e5ed0cb8f013171d6c0562c1156cb0442419f5b947c314e8b91ad9fd2d93
 DIST ethtool-6.2.tar.xz 332708 BLAKE2B b3fa2571b1efef3b686eb4f20b33e6cc32bdb8cff5f2e642454ca3d41c427b1953df7b07e5ac8ef149f8b4be614210e05e593233655e5fe317c48630b20b68e8 SHA512 ff1f14c7876163bef93ca48e22a3429f09b4bcb3e1d101ef297d9f226e3fc2d3c3f19faf5b85f54cb558479e4a408ef5356a2d12e7ba132cc4cadaf92effccaf
+DIST ethtool-6.3.tar.xz 338764 BLAKE2B c06509525db47f8ee7c220d0b880fe80323a4a00036e9698432b1b9c85ad75045e98b23498f6283497728cafd187ca173b15f3ad60f8e6f8b4d0c5688d84a1f9 SHA512 85e5ecd20abf737e94ddc093f15ab0b876f763a886e3327027c448c0efcc091628c3df42070f30583551fa12f866f5b49d41fb3333acdf854a59bba671646320
diff --git a/sys-apps/ethtool/ethtool-6.2.ebuild b/sys-apps/ethtool/ethtool-6.3.ebuild
similarity index 100%
rename from sys-apps/ethtool/ethtool-6.2.ebuild
rename to sys-apps/ethtool/ethtool-6.3.ebuild
diff --git a/sys-apps/grep/Manifest b/sys-apps/grep/Manifest
index fe709b8..2d2d7f8 100644
--- a/sys-apps/grep/Manifest
+++ b/sys-apps/grep/Manifest
@@ -1,8 +1,6 @@
-DIST grep-3.10.tar.xz 1687464 BLAKE2B 5ff169a4ed39e8af1e6729fd2e1bafd39036a4f56cf831f990d58bf9e76bc7d8b055254ae7f60509be4e8bf2f3737edb15431a8ecfc7fc058578d2abea3d73b9 SHA512 865e8f3fd7afc68f1a52f5e1e1ee05fb9c6d6182201efb0dbdf6075347b0b1d2bf0784537a8f8dd4fb050d523f7a1d2fb5b9c3e3245087d0e6cc12d6e9d3961b
-DIST grep-3.10.tar.xz.sig 833 BLAKE2B 0b13c8c8955b4e38889cf79b426618e006b05bc3b224e0705b2cb592b1520a7fc751d5cc386371707a53c8b6888c4e1f9dd31c3ea2ef5cbf4c97ddef3ba7d037 SHA512 02224ff2d6b3a9a50d0e15f7a9b3c264aa717602d133ac32b36a7315bf29ec3b94ef7ec31ee979b199264d10003dc502e20f9bf932bb32b4abe4426ea564d4be
+DIST grep-3.11.tar.xz 1703776 BLAKE2B e21785bca20b5a090d32bb5dc525fb298af30165106ed4c289b1518ea3d2acdcacfd6309b12f13be29a4b958f19588546119c695deb2b7500d49dcff86357bdc SHA512 f254a1905a08c8173e12fbdd4fd8baed9a200217fba9d7641f0d78e4e002c1f2a621152d67027d9b25f0bb2430898f5233dc70909d8464fd13d7dd9298e65c42
+DIST grep-3.11.tar.xz.sig 833 BLAKE2B 5edfba20e3a9f54d25ae63cf04985382bf6afb0ca643979561321090614e68b5d234767b07e48211888722c52c441233093735e183ff69432d5ee2e6a4f53aea SHA512 487aba063373ca0594c519991f19b2a6a33b3da0d74735c890f3828fd0880e7e6f64495d2c8f9efa5da53d1eb2d446609bab2399a4b89dcb4510a632e31ffb54
 DIST grep-3.7.tar.xz 1641196 BLAKE2B acf03b1fe8065dac48d686de070bab9ecddae65c97f3b0e2be484e8abdd06d1fbdbb396f3d73dadadf9618aad2f02cf6416094bad64d5f2f15eab6b6b3adfeda SHA512 e9e45dcd40af8367f819f2b93c5e1b4e98a251a9aa251841fa67a875380fae52cfa27c68c6dbdd6a4dde1b1017ee0f6b9833ef6dd6e419d32d71b6df5e972b82
 DIST grep-3.7.tar.xz.sig 833 BLAKE2B 02a2850e22e8054dcfd02b6f08747a97d43dae9adb908516bdaed35750aa7f773832ad1b0b4c53d7b0ebc8f1fe2979e7938bbbeeb09ea00c11b4a0d5846c7b9c SHA512 9db28883b696fbbb0fad32f4ecd168954dc475d5f0a8f2b4f960ff615ef7dd8348a7caaee85a96287824472a29485ff921af121c582083ca5ad5c30960f99cf4
 DIST grep-3.8.tar.xz 1709536 BLAKE2B 24cf6f7aa35c85f59f508969ee9731c5be1e5c613e64e636f464bbdde917bb99ba739e4b82abf08da127ad0400d62e27d139f85142035745121d381982ec6c36 SHA512 2014519a80c6dcd799837e1bd7d9d5ebe8729ec54b0dc76981dac4755a9a8a9f200470cdcc911e2825bed8162e61da39e3dd60289f7393b48bf67314077d0c79
 DIST grep-3.8.tar.xz.sig 833 BLAKE2B 40f472389705375611015ba0eb85eb32643304b1a324877a75821d086a128a20d00df3d7cd960ec45709f40f21488bbcf993c6fe667ef23663688b33296e650b SHA512 8266b58485f225c2189814e3898c72e59d251b729e0c302d31f57abdb7ac2e6e28dde2c5c8095673b6f007b2a3ebc26db1dca910a7771aba80dad4b3c6761ee4
-DIST grep-3.9.tar.xz 1680380 BLAKE2B 33fefce2a831ad6f00f2eb1d8a063cf280635f2d9c481c98981f7a2ff143c846ab570a448c9c02c3ba08cf2c98612cb364d2d033baf92d62c4515315453cc6f9 SHA512 38aaa28bded9f6d1d527356e9e63bb1dafb4ec8f09e83f2d3bc86c1d6af1a5a8cb9895067375b5b8929ec2cba6ab71c369ed4c6e2a0f7a01dec3c11a6f4c1836
-DIST grep-3.9.tar.xz.sig 833 BLAKE2B bbb8a07986368755276c6648378afdbec44da2873574ebb0dce634b0e90da2cb6fd0eaf64969843e2fe65ae5e83aba6b1fea9fde9b246fbedf982393cf54b715 SHA512 d50e11d0d333c09a6afcae511c93cfb54d9dd0a6600f271abf5e103cbf8bdcf9b8606924d7c71770e20c35df5d5468dc339cea1f05d257776734e17f8378d891
diff --git a/sys-apps/grep/grep-3.10.ebuild b/sys-apps/grep/grep-3.11.ebuild
similarity index 96%
rename from sys-apps/grep/grep-3.10.ebuild
rename to sys-apps/grep/grep-3.11.ebuild
index f561246..9161693 100644
--- a/sys-apps/grep/grep-3.10.ebuild
+++ b/sys-apps/grep/grep-3.11.ebuild
@@ -12,7 +12,7 @@
 if [[ ${PV} == *_p* ]] ; then
 	# Subscribe to the 'platform-testers' ML to find these.
 	# Useful to test on our especially more niche arches and report issues upstream.
-	MY_COMMIT="8-026c"
+	MY_COMMIT="19-2ea9"
 	MY_P=${PN}-$(ver_cut 1-2).${MY_COMMIT}
 	SRC_URI="https://meyering.net/${PN}/${MY_P}.tar.xz"
 	SRC_URI+=" verify-sig? ( https://meyering.net/${PN}/${MY_P}.tar.xz.sig )"
@@ -31,7 +31,7 @@
 REQUIRED_USE="static? ( !sparc )"
 
 LIB_DEPEND="
-	pcre? ( >=dev-libs/libpcre2-7.8-r1[static-libs(+)] )
+	pcre? ( >=dev-libs/libpcre2-10.42-r1[static-libs(+)] )
 	sparc? ( dev-libs/libsigsegv )
 "
 RDEPEND="
diff --git a/sys-apps/less/Manifest b/sys-apps/less/Manifest
index fad615d..e7ca470 100644
--- a/sys-apps/less/Manifest
+++ b/sys-apps/less/Manifest
@@ -1 +1,3 @@
 DIST less-608.tar.gz 362346 BLAKE2B 988940745fef1222c43b0bf4edec7cc7206ded0ac5d89d3faf4dab706a249913581c2fe7aa6063cf3d717176ed07b69299d3e791ba8a60358483fe9d1bf7f7c6 SHA512 7945b7f88921832ebb1b45fba8cbb449ee0133342796b654a52c146dfff3d84db18724ee84e53349eeea6017a0ebe2d8eb5366210275981dde7bb7190118fa66
+DIST less-632.tar.gz 375440 BLAKE2B 26c27a2e25882a4ce34e5e6e83bc0af784c8d4e8ac20691e0e31f1021bfb30f96e07024a6ff1ad634f7812875e0d920bd52394ccdba47a2a944ba7de92aa4c97 SHA512 5104f1fd76cdd59dfa957a61f8ccffe7c6e79345b94a5961abbd30f2d059f2b6d4b359a27dd5528993e5e1248c655439c1e4a39fd92234e4af23c7167f69f066
+DIST less-633.tar.gz 375733 BLAKE2B e9df180794af365f86734c6b8fde766c1bba42b111717ee5e1cf11001fc7ec3d78910db9bb7c51a76816086f599808b1b60f514011ec40e37650d6bc4f8b3d5c SHA512 a29aaf72abca07fb29d12f218bbd422a39e3898b3d53e8dbd5265ae47ecf68b88c3381aa3a9bf7caa8db1e2d8e2c138b333f0d69fddd4cf014e39118c53f7fb1
diff --git a/sys-apps/less/files/lesspipe-r2.sh b/sys-apps/less/files/lesspipe-r2.sh
new file mode 100644
index 0000000..fc54d5b
--- /dev/null
+++ b/sys-apps/less/files/lesspipe-r2.sh
@@ -0,0 +1,291 @@
+#!/bin/bash
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Preprocessor for 'less'. Used when this environment variable is set:
+# LESSOPEN="|lesspipe %s"
+
+# TODO: handle compressed files better
+
+[[ -n ${LESSDEBUG+set} ]] && set -x
+
+trap 'exit 0' PIPE
+
+guesscompress() {
+	case "$1" in
+		*.gz|*.z)   echo "gunzip -c" ;;
+		*.bz2|*.bz) echo "bunzip2 -c" ;;
+		*.lz)       echo "lzip -dc" ;;
+		*.lzma)     echo "unlzma -c" ;;
+		*.lzo)      echo "lzop -dc" ;;
+		*.xz)       echo "xzdec" ;;
+		*.zst)      echo "zstdcat" ;;
+		*)          echo "cat" ;;
+	esac
+}
+
+lesspipe_file() {
+	local out=$(file -L -- "$1")
+	local suffix
+	case ${out} in
+		*" 7-zip archive"*) suffix="7z";;
+		*" ar archive"*)    suffix="a";;
+		*" CAB-Installer"*) suffix="cab";;
+		*" cpio archive"*)  suffix="cpio";;
+		*" ELF "*)          suffix="elf";;
+		*" LHa"*archive*)   suffix="lha";;
+		*" troff "*)        suffix="man";;
+		*" script text"*)   suffix="sh";;
+		*" shared object"*) suffix="so";;
+		*" tar archive"*)   suffix="tar";;
+		*" Zip archive"*)   suffix="zip";;
+		*": data")          hexdump -C -- "$1"; return 0;;
+		*)                  return 1;;
+	esac
+	lesspipe "$1" ".${suffix}"
+	return 0
+}
+
+lesspipe() {
+	local match=$2
+	[[ -z ${match} ]] && match=$1
+
+	local DECOMPRESSOR=$(guesscompress "${match}")
+
+	# User filters
+	if [[ -x ~/.lessfilter ]] ; then
+		~/.lessfilter "$1" && exit 0
+	fi
+
+	local ignore
+	for ignore in ${LESSIGNORE} ; do
+		[[ ${match} == *.${ignore} ]] && exit 0
+	done
+
+	# Handle non-regular file types.
+	if [[ -d $1 ]] ; then
+		ls -alF -- "$1"
+		return
+	elif [[ ! -f $1 ]] ; then
+		# Only return if the stat passes.  This is needed to handle pseudo
+		# arguments like URIs.
+		stat -- "$1" && return
+	fi
+
+	case "${match}" in
+
+	### Doc files ###
+	*.[0-9n]|*.man|\
+	*.[0-9n].bz2|*.man.bz2|\
+	*.[0-9n].gz|*.man.gz|\
+	*.[0-9n].lzma|*.man.lzma|\
+	*.[0-9n].xz|*.man.xz|\
+	*.[0-9n].zst|*.man.zst|\
+	*.[0-9][a-z].gz|*.[0-9][a-z].gz)
+		local out=$(${DECOMPRESSOR} -- "$1" | file -)
+		case ${out} in
+			*troff*)
+				# Need to make sure we pass path to man or it will try
+				# to locate "$1" in the man search paths
+				if [[ $1 == /* ]] ; then
+					man -- "$1"
+				else
+					man -- "./$1"
+				fi
+				;;
+			*text*)
+				${DECOMPRESSOR} -- "$1"
+				;;
+			*)
+				# We could have matched a library (libc.so.6), so let
+				# `file` figure out what the hell this thing is
+				lesspipe_file "$1"
+				;;
+		esac
+		;;
+	*.dvi)      dvi2tty "$1" ;;
+	*.ps)       ps2ascii "$1" || pstotext "$1" ;;
+	*.pdf)      pdftotext "$1" - || ps2ascii "$1" || pstotext "$1" ;;
+	*.doc)      antiword "$1" || catdoc "$1" ;;
+	*.rtf)      unrtf --nopict --text "$1" ;;
+	*.conf|*.txt|*.log) ;; # force less to work on these directly #150256
+	*.json)     python -mjson.tool "$1" ;;
+
+	### URLs ###
+	ftp://*|http://*|https://|*.htm|*.html)
+		for b in elinks links2 links lynx ; do
+			${b} -dump "$1" && exit 0
+		done
+		html2text -style pretty "$1"
+		;;
+
+	### Tar files ###
+	*.tar|\
+	*.tar.bz2|*.tar.bz|*.tar.gz|*.tar.z|*.tar.zst|\
+	*.tar.lz|*.tar.tlz|\
+	*.tar.lzma|*.tar.xz)
+		${DECOMPRESSOR} -- "$1" | tar tvvf -;;
+	*.tbz2|*.tbz|*.tgz|*.tlz|*.txz)
+		lesspipe "$1" "$1.tar.${1##*.t}" ;;
+
+	### Misc archives ###
+	*.bz2|\
+	*.gz|*.z|\
+	*.zst|\
+	*.lz|\
+	*.lzma|*.xz)  ${DECOMPRESSOR} -- "$1" ;;
+	*.rpm)        rpm -qpivl --changelog -- "$1" || rpm2tar -O "$1" | tar tvvf -;;
+	*.cpi|*.cpio) cpio -itv < "$1" ;;
+	*.ace)        unace l "$1" ;;
+	*.arc)        arc v "$1" ;;
+	*.arj)        arj l -- "$1" || unarj l "$1" ;;
+	*.cab)        cabextract -l -- "$1" ;;
+	*.lha|*.lzh)  lha v "$1" ;;
+	*.zoo)        zoo -list "$1" || unzoo -l "$1" ;;
+	*.7z|*.exe)   7z l -- "$1" || 7za l -- "$1" || 7zr l -- "$1" ;;
+	*.a)          ar tv "$1" ;;
+	*.elf)        readelf -a -W -- "$1" ;;
+	*.so)         readelf -h -d -s -W -- "$1" ;;
+	*.mo|*.gmo)   msgunfmt -- "$1" ;;
+
+	*.rar|.r[0-9][0-9])  unrar l -- "$1" ;;
+
+	*.jar|*.war|*.ear|*.xpi|*.zip)
+		unzip -v "$1" || miniunzip -l "$1" || miniunz -l "$1" || zipinfo -v "$1"
+		;;
+
+	*.deb|*.udeb)
+		if type -P dpkg > /dev/null ; then
+			dpkg --info "$1"
+			dpkg --contents "$1"
+		else
+			ar tv "$1"
+			ar p "$1" data.tar.gz | tar tzvvf -
+		fi
+		;;
+
+	### Filesystems ###
+	*.squashfs)   unsquashfs -s "$1" && unsquashfs -ll "$1" ;;
+
+	### Media ###
+	*.bmp|*.gif|*.jpeg|*.jpg|*.ico|*.pcd|*.pcx|*.png|*.ppm|*.tga|*.tiff|*.tif|*.webp)
+		identify -verbose -- "$1" || file -L -- "$1"
+		;;
+	*.asf|*.avi|*.flv|*.mkv|*.mov|*.mp4|*.mpeg|*.mpg|*.qt|*.ram|*.rm|*.webm|*.wmv)
+		midentify "$1" || file -L -- "$1"
+		;;
+	*.mp3)        mp3info "$1" || id3info "$1" ;;
+	*.ogg)        ogginfo "$1" ;;
+	*.flac)       metaflac --list "$1" ;;
+	*.torrent)    torrentinfo "$1" || torrentinfo-console "$1" || ctorrent -x "$1" ;;
+	*.bin|*.cue|*.raw)
+		# not all .bin/.raw files are cd images #285507
+		# fall back to lesspipe_file if .cue doesn't exist, or if
+		# cd-info failed to parse things sanely
+		[[ -e ${1%.*}.cue ]] \
+			&& cd-info --no-header --no-device-info "$1" \
+			|| lesspipe_file "$1"
+		;;
+	*.iso)
+		iso_info=$(isoinfo -d -i "$1")
+		echo "${iso_info}"
+		# Joliet output overrides Rock Ridge, so prefer the better Rock
+		case ${iso_info} in
+			*$'\n'"Rock Ridge"*) iso_opts="-R";;
+			*$'\n'"Joliet"*)     iso_opts="-J";;
+			*)                   iso_opts="";;
+		esac
+		isoinfo -l ${iso_opts} -i "$1"
+		;;
+
+	### Encryption stuff ###
+	*.crl) openssl crl -hash -text -noout -in "$1" ;;
+	*.csr) openssl req -text -noout -in "$1" ;;
+	*.crt|*.pem) openssl x509 -hash -text -noout -in "$1" ;;
+
+# May not be such a good idea :)
+#	### Device nodes ###
+#	/dev/[hs]d[a-z]*)
+#		fdisk -l "${1:0:8}"
+#		[[ $1 == *hd* ]] && hdparm -I "${1:0:8}"
+#		;;
+
+	### Everything else ###
+	*)
+		case $(( recur++ )) in
+			# Maybe we didn't match due to case issues ...
+			0) lesspipe "$1" "$(echo "$1" | LC_ALL=C tr '[:upper:]' '[:lower:]')" ;;
+
+			# Maybe we didn't match because the file is named weird ...
+			1) lesspipe_file "$1" ;;
+		esac
+
+		# So no matches from above ... finally fall back to an external
+		# coloring package.  No matching here so we don't have to worry
+		# about keeping in sync with random packages.  Any coloring tool
+		# you use should not output errors about unsupported files to
+		# stdout.  If it does, it's your problem.
+
+		# Allow people to flip color off if they dont want it
+		case ${LESSCOLOR} in
+			always)                   LESSCOLOR=2;;
+			[yY][eE][sS]|[yY]|1|true) LESSCOLOR=1;;
+			[nN][oO]|[nN]|0|false)    LESSCOLOR=0;;
+			*)                        LESSCOLOR=1;;
+		esac
+		if [[ ${LESSCOLOR} != "0" ]] && [[ -n ${LESSCOLORIZER=pygmentize} ]] ; then
+			# 2: Only colorize if user forces it ...
+			# 1: ... or we know less will handle raw codes -- this will
+			#    not detect -seiRM, so set LESSCOLORIZER yourself
+			if [[ ${LESSCOLOR} == "2" ]] || [[ " ${LESS} " == *" -"[rR]" "* ]] ; then
+				LESSQUIET=true ${LESSCOLORIZER} "$1"
+			fi
+		fi
+
+		# Nothing left to do but let less deal
+		exit 0
+		;;
+	esac
+}
+
+if [[ $# -eq 0 ]] ; then
+	echo "Usage: lesspipe <file>"
+elif [[ $1 == "-V" || $1 == "--version" ]] ; then
+	cat <<-EOF
+		lesspipe (git)
+		Copyright 1999-2019 Gentoo Authors
+		Mike Frysinger <vapier@gentoo.org>
+		     (with plenty of ideas stolen from other projects/distros)
+
+	EOF
+	less -V
+elif [[ $1 == "-h" || $1 == "--help" ]] ; then
+	cat <<-EOF
+		lesspipe: preprocess files before sending them to less
+
+		Usage: lesspipe <file>
+
+		lesspipe specific settings:
+		  LESSCOLOR env     - toggle colorizing of output (no/yes/always; default: no)
+		  LESSCOLORIZER env - program used to colorize output (default: pygmentize)
+		  LESSIGNORE        - list of extensions to ignore (don't do anything fancy)
+
+		You can create per-user filters as well by creating the executable file:
+		  ~/.lessfilter
+		One argument is passed to it: the file to display.  The script should exit 0
+		to indicate it handled the file, or non-zero to tell lesspipe to handle it.
+
+		To use lesspipe, simply add to your environment:
+		  export LESSOPEN="|lesspipe %s"
+
+		For colorization, install dev-python/pygments for the pygmentize program. Note,
+		if using alternative code2color from sys app-text/lesspipe you may run out of
+		memory due to #188835.
+
+		Run 'less --help' or 'man less' for more info.
+	EOF
+else
+	recur=0
+	[[ -z ${LESSDEBUG+set} ]] && exec 2>/dev/null
+	lesspipe "$1"
+fi
diff --git a/sys-apps/less/less-608-r2.ebuild b/sys-apps/less/less-608-r2.ebuild
deleted file mode 100644
index de27f3a..0000000
--- a/sys-apps/less/less-608-r2.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-WANT_AUTOMAKE=none
-WANT_LIBTOOL=none
-inherit autotools flag-o-matic
-
-DESCRIPTION="Excellent text file viewer"
-HOMEPAGE="http://www.greenwoodsoftware.com/less/"
-SRC_URI="http://www.greenwoodsoftware.com/less/${P}.tar.gz"
-
-LICENSE="|| ( GPL-3 BSD-2 )"
-SLOT="0"
-KEYWORDS="*"
-IUSE="pcre unicode"
-
-DEPEND=">=app-misc/editor-wrapper-3
-	>=sys-libs/ncurses-5.2:0=
-	pcre? ( dev-libs/libpcre2 )"
-RDEPEND="${DEPEND}"
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/less-608-procfs.patch"
-		"${FILESDIR}/less-608-CVE-2022-46663.patch"
-	)
-
-	default
-	# Upstream uses unpatched autoconf-2.69, which breaks with clang-16.
-	# https://bugs.gentoo.org/870412
-	eautoreconf
-}
-
-src_configure() {
-	# ChromeOS: enable large file support.
-	# Upstream bug: https://bugs.gentoo.org/896316
-	append-lfs-flags
-
-	export ac_cv_lib_ncursesw_initscr=$(usex unicode)
-	export ac_cv_lib_ncurses_initscr=$(usex !unicode)
-	local myeconfargs=(
-		--with-regex=$(usex pcre pcre2 posix)
-		--with-editor="${EPREFIX}"/usr/libexec/editor
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	newbin "${FILESDIR}"/lesspipe-r1.sh lesspipe
-	newenvd "${FILESDIR}"/less.envd 70less
-}
-
-pkg_preinst() {
-	if has_version "<${CATEGORY}/${PN}-483-r1" ; then
-		elog "The lesspipe.sh symlink has been dropped.  If you are still setting"
-		elog "LESSOPEN to that, you will need to update it to '|lesspipe %s'."
-		elog "Colorization support has been dropped.  If you want that, check out"
-		elog "the new app-text/lesspipe package."
-	fi
-}
diff --git a/sys-apps/less/less-633-r1.ebuild b/sys-apps/less/less-633-r1.ebuild
new file mode 100644
index 0000000..7c406d5
--- /dev/null
+++ b/sys-apps/less/less-633-r1.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+WANT_AUTOMAKE=none
+WANT_LIBTOOL=none
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://github.com/gwsw/less"
+	inherit git-r3
+fi
+
+inherit autotools optfeature
+
+# Releases are usually first a beta then promoted to stable if no
+# issues were found. Upstream explicitly ask "to not generally distribute"
+# the beta versions. It's okay to keyword beta versions if they fix
+# a serious bug, but otherwise try to avoid it.
+
+MY_PV=${PV/_beta/-beta}
+MY_P=${PN}-${MY_PV}
+DESCRIPTION="Excellent text file viewer"
+HOMEPAGE="https://www.greenwoodsoftware.com/less/"
+[[ ${PV} != 9999 ]] && SRC_URI="https://www.greenwoodsoftware.com/less/${MY_P}.tar.gz"
+S="${WORKDIR}"/${MY_P/?beta}
+
+LICENSE="|| ( GPL-3 BSD-2 )"
+SLOT="0"
+if [[ ${PV} != 9999 && ${PV} != *_beta* ]] ; then
+	KEYWORDS="*"
+fi
+IUSE="pcre"
+# As of 623_beta, lesstest is not included in dist tarballs
+# https://github.com/gwsw/less/issues/344
+RESTRICT="test"
+
+DEPEND="
+	>=app-misc/editor-wrapper-3
+	>=sys-libs/ncurses-5.2:=
+	pcre? ( dev-libs/libpcre2 )
+"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	default
+	# Per upstream README to prepare live build
+	[[ ${PV} == 9999 ]] && emake -f Makefile.aut distfiles
+	# Upstream uses unpatched autoconf-2.69, which breaks with clang-16.
+	# https://bugs.gentoo.org/870412
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-regex=$(usex pcre pcre2 posix)
+		--with-editor="${EPREFIX}"/usr/libexec/editor
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	emake check VERBOSE=1
+}
+
+src_install() {
+	default
+
+	newbin "${FILESDIR}"/lesspipe-r2.sh lesspipe
+	newenvd "${FILESDIR}"/less.envd 70less
+}
+
+pkg_preinst() {
+	optfeature "Colorized output supprt" dev-python/pygments
+
+	if has_version "<${CATEGORY}/${PN}-483-r1" ; then
+		elog "The lesspipe.sh symlink has been dropped.  If you are still setting"
+		elog "LESSOPEN to that, you will need to update it to '|lesspipe %s'."
+	fi
+}
diff --git a/sys-fs/e2fsprogs/e2fsprogs-1.47.0-r1.ebuild b/sys-fs/e2fsprogs/e2fsprogs-1.47.0-r2.ebuild
similarity index 95%
rename from sys-fs/e2fsprogs/e2fsprogs-1.47.0-r1.ebuild
rename to sys-fs/e2fsprogs/e2fsprogs-1.47.0-r2.ebuild
index a68052b..662b7a3 100644
--- a/sys-fs/e2fsprogs/e2fsprogs-1.47.0-r1.ebuild
+++ b/sys-fs/e2fsprogs/e2fsprogs-1.47.0-r2.ebuild
@@ -44,6 +44,8 @@
 	# upgrade. See bug #904093 and bug #904048.
 	"${FILESDIR}"/${PN}-1.47.0-disable-metadata_csum_seed-and-orphan_file-by-default.patch
 
+	"${FILESDIR}"/e2fsprogs-1.47.0-parallel-make.patch
+
 	# Upstream patches (can usually removed with next version bump)
 )
 
@@ -66,8 +68,8 @@
 	# Keep the package from doing silly things, bug #261411
 	export VARTEXFONTS="${T}/fonts"
 
-	# Needs open64() prototypes and friends
-	append-cppflags -D_GNU_SOURCE
+	# needed for >=musl-1.2.4, bug 908892
+	use elibc_musl && append-cflags -D_FILE_OFFSET_BITS=64
 
 	local myeconfargs=(
 		--with-root-prefix="${EPREFIX}"
@@ -83,8 +85,8 @@
 		--disable-fsck
 		--disable-uuidd
 		--disable-lto
-		--disable-largefile # need to check effect on ABI
 		--with-pthread
+		--enable-largefile
 	)
 
 	# We use blkid/uuid from util-linux now
diff --git a/sys-fs/e2fsprogs/files/e2fsprogs-1.47.0-parallel-make.patch b/sys-fs/e2fsprogs/files/e2fsprogs-1.47.0-parallel-make.patch
new file mode 100644
index 0000000..3396aa4
--- /dev/null
+++ b/sys-fs/e2fsprogs/files/e2fsprogs-1.47.0-parallel-make.patch
@@ -0,0 +1,68 @@
+From 711ed1823c7676533d5f6d5e4d1558a792d43837 Mon Sep 17 00:00:00 2001
+From: David Seifert <soap@gentoo.org>
+Date: Tue, 25 Apr 2023 21:53:19 +0200
+Subject: [PATCH] Add missing Makefile dependencies
+
+* With very high -j parallelism, we get failures in Gentoo:
+
+  In file included from lib/ext2fs/blknum.c:15:
+  lib/ext2fs/ext2fs.h:105:10: fatal error: ext2fs/ext2_err.h: No such file or directory
+    105 | #include <ext2fs/ext2_err.h>
+        |          ^~~~~~~~~~~~~~~~~~~
+  compilation terminated.
+  In file included from lib/ext2fs/fallocate.c:19:
+  lib/ext2fs/ext2fs.h:105:10: fatal error: ext2fs/ext2_err.h: No such file or directory
+    105 | #include <ext2fs/ext2_err.h>
+        |          ^~~~~~~~~~~~~~~~~~~
+
+Bug: https://bugs.gentoo.org/806875#c17
+Signed-off-by: David Seifert <soap@gentoo.org>
+---
+ lib/ext2fs/Makefile.in | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/lib/ext2fs/Makefile.in b/lib/ext2fs/Makefile.in
+index 798ff609..2c4e0277 100644
+--- a/lib/ext2fs/Makefile.in
++++ b/lib/ext2fs/Makefile.in
+@@ -731,6 +731,12 @@ blkmap64_rb.o: $(srcdir)/blkmap64_rb.c $(top_builddir)/lib/config.h \
+  $(top_builddir)/lib/ext2fs/ext2_err.h $(srcdir)/ext2_ext_attr.h \
+  $(srcdir)/hashmap.h $(srcdir)/bitops.h $(srcdir)/bmap64.h $(srcdir)/rbtree.h \
+  $(srcdir)/compiler.h
++blknum.o: $(srcdir)/blknum.c $(top_builddir)/lib/config.h \
++ $(srcdir)/ext2_fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
++ $(srcdir)/ext2fs.h $(srcdir)/ext2_fs.h $(srcdir)/ext3_extents.h \
++ $(top_srcdir)/lib/et/com_err.h $(srcdir)/ext2_io.h \
++ $(top_builddir)/lib/ext2fs/ext2_err.h $(srcdir)/ext2_ext_attr.h \
++ $(srcdir)/hashmap.h $(srcdir)/bitops.h $(srcdir)/bmap64.h
+ block.o: $(srcdir)/block.c $(top_builddir)/lib/config.h \
+  $(top_builddir)/lib/dirpaths.h $(srcdir)/ext2_fs.h \
+  $(top_builddir)/lib/ext2fs/ext2_types.h $(srcdir)/ext2fs.h \
+@@ -842,6 +848,12 @@ extent.o: $(srcdir)/extent.c $(top_builddir)/lib/config.h \
+  $(top_srcdir)/lib/et/com_err.h $(srcdir)/ext2_io.h \
+  $(top_builddir)/lib/ext2fs/ext2_err.h $(srcdir)/ext2_ext_attr.h \
+  $(srcdir)/hashmap.h $(srcdir)/bitops.h $(srcdir)/e2image.h
++fallocate.o: $(srcdir)/fallocate.c $(top_builddir)/lib/config.h \
++ $(srcdir)/ext2_fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
++ $(srcdir)/ext2fs.h $(srcdir)/ext2_fs.h $(srcdir)/ext3_extents.h \
++ $(top_srcdir)/lib/et/com_err.h $(srcdir)/ext2_io.h \
++ $(top_builddir)/lib/ext2fs/ext2_err.h $(srcdir)/ext2_ext_attr.h \
++ $(srcdir)/hashmap.h $(srcdir)/bitops.h $(srcdir)/bmap64.h
+ fileio.o: $(srcdir)/fileio.c $(top_builddir)/lib/config.h \
+  $(top_builddir)/lib/dirpaths.h $(srcdir)/ext2_fs.h \
+  $(top_builddir)/lib/ext2fs/ext2_types.h $(srcdir)/ext2fs.h \
+@@ -1049,6 +1061,12 @@ openfs.o: $(srcdir)/openfs.c $(top_builddir)/lib/config.h \
+  $(srcdir)/ext2_io.h $(top_builddir)/lib/ext2fs/ext2_err.h \
+  $(srcdir)/ext2_ext_attr.h $(srcdir)/hashmap.h $(srcdir)/bitops.h \
+  $(srcdir)/e2image.h
++orphan.o: $(srcdir)/orphan.c $(top_builddir)/lib/config.h \
++ $(srcdir)/ext2_fs.h $(top_builddir)/lib/ext2fs/ext2_types.h \
++ $(srcdir)/ext2fs.h $(srcdir)/ext2_fs.h $(srcdir)/ext3_extents.h \
++ $(top_srcdir)/lib/et/com_err.h $(srcdir)/ext2_io.h \
++ $(top_builddir)/lib/ext2fs/ext2_err.h $(srcdir)/ext2_ext_attr.h \
++ $(srcdir)/hashmap.h $(srcdir)/bitops.h $(srcdir)/bmap64.h
+ progress.o: $(srcdir)/progress.c $(top_builddir)/lib/config.h \
+  $(top_builddir)/lib/dirpaths.h $(srcdir)/ext2fs.h \
+  $(top_builddir)/lib/ext2fs/ext2_types.h $(srcdir)/ext2_fs.h \
+-- 
+2.40.0
diff --git a/sys-fs/e2fsprogs/metadata.xml b/sys-fs/e2fsprogs/metadata.xml
index a7ce0f4..3030299 100644
--- a/sys-fs/e2fsprogs/metadata.xml
+++ b/sys-fs/e2fsprogs/metadata.xml
@@ -8,7 +8,6 @@
 	<use>
 		<flag name="cron">Install e2scrub_all cron script</flag>
 		<flag name="fuse">Build fuse2fs, a FUSE file system client for ext2/ext3/ext4 file systems</flag>
-		<flag name="lto">Build with link time optimization (LTO)</flag>
 		<flag name="tools">Build extfs tools (mke2fs, e2fsck, tune2fs, etc.)</flag>
 	</use>
 	<upstream>
diff --git a/sys-libs/libcap/Manifest b/sys-libs/libcap/Manifest
index 0e9fa29..65e812b 100644
--- a/sys-libs/libcap/Manifest
+++ b/sys-libs/libcap/Manifest
@@ -1,3 +1,2 @@
-DIST libcap-2.66.tar.xz 181592 BLAKE2B e79bf10c6a3dbffe96dc97aad0bed67caa0b3805d9dcaff1e4a8a833396ee5c6da4f7f0d321b254e99a00073bc39021b9f3a4b350d93094d0df4d74889b3ca56 SHA512 ac005b622f6e065f30ce282a5c87240e7b9da75366ee537aa4835bc501b44bc242c10a4ba4dc070e2415fc7f635d1c3c4e45fbeeaf962cf7973dda82bf6377f0
-DIST libcap-2.67.tar.xz 186864 BLAKE2B bd9be22e439397a3c1726093cfee2410df93773b3139d50a1cdc10daecb666ddb9b64daded6e0ec9f2fd6defd16ea156dbd66bd55360ea266131f31ea0f0e989 SHA512 2e52c5a571cc1565e6829b0889f63216af10dfd9a86485f8ae7d0fcf4cc0db96aa21eb2ddea29e8dadf41a1194e91fb5961fe84ba07beb2ce950b6131be099d4
 DIST libcap-2.68.tar.xz 188824 BLAKE2B 659ee2b0f92ab7490e7f4c9ccd6aafa02ae36c509654fdb53a0b9da4d5ba8be2d1b5afd2073b2b1c75f9585a0593a9d3e70af59fe0c213e178782bbd11cd3b3d SHA512 ede3e1356aef22e18a46dc8ff0727500ab023bea698cf2bb822abb06625e272940afea52ad6457d0cd8cf1c7f435f1b568baf0a6bf0a08ae96fbf6d7502f9de2
+DIST libcap-2.69.tar.xz 189200 BLAKE2B 94d1fef7666a1c383a8b96f1f6092bd242164631532868b628d2f5de71b42a371d041a978ef7fbadfee3eeb433165444995d1078cd790275bc0433a7875a697e SHA512 647c307dc451517da9d089495ab959b4a6fbbe41c79f4e1e9bb663569dad630ead0c2e413dfb393319e3ea14dc9848c81b392107fe3382ce1813d278c3394a7f
diff --git a/sys-libs/libcap/files/libcap-2.62-ignore-RAISE_SETFCAP-install-failures.patch b/sys-libs/libcap/files/libcap-2.62-ignore-RAISE_SETFCAP-install-failures.patch
index 04c5935..bd1c22f 100644
--- a/sys-libs/libcap/files/libcap-2.62-ignore-RAISE_SETFCAP-install-failures.patch
+++ b/sys-libs/libcap/files/libcap-2.62-ignore-RAISE_SETFCAP-install-failures.patch
@@ -8,11 +8,6 @@
 
 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
 
-Forward ported from libcap-2.20 to libcap-2.25
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-diff --git a/progs/Makefile b/progs/Makefile
-index 2cb7520..6d417de 100644
 --- a/progs/Makefile
 +++ b/progs/Makefile
 @@ -39,7 +39,7 @@ install: all
diff --git a/sys-libs/libcap/libcap-2.68.ebuild b/sys-libs/libcap/libcap-2.69.ebuild
similarity index 100%
rename from sys-libs/libcap/libcap-2.68.ebuild
rename to sys-libs/libcap/libcap-2.69.ebuild
diff --git a/sys-libs/ncurses/ncurses-6.4_p20230424.ebuild b/sys-libs/ncurses/ncurses-6.4_p20230424.ebuild
index 04739a7..62d7401 100644
--- a/sys-libs/ncurses/ncurses-6.4_p20230424.ebuild
+++ b/sys-libs/ncurses/ncurses-6.4_p20230424.ebuild
@@ -98,7 +98,7 @@
 # The subslot reflects the SONAME.
 SLOT="0/6"
 KEYWORDS="*"
-IUSE="ada +cxx debug doc gpm minimal profile split-usr +stack-realign static-libs test tinfo trace"
+IUSE="ada +cxx debug doc gpm minimal profile split-usr +stack-realign static-libs test tinfo trace unicode"
 RESTRICT="!test? ( test )"
 
 DEPEND="gpm? ( sys-libs/gpm[${MULTILIB_USEDEP}] )"