25 changed files with 2045 additions and 444 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/rsync-3.2.5.tar.gz
+SOURCES/rsync-3.1.3.tar.gz
-SOURCES/rsync-patches-3.2.5.tar.gz
+SOURCES/rsync-patches-3.1.3.tar.gz
--- a/.rsync.metadata
+++ b/.rsync.metadata
@ -1,2 +1,2 @@
-26baded8871b9e2406add210cdbfa744c94642d2 SOURCES/rsync-3.2.5.tar.gz
+82e7829c0b3cefbd33c233005341e2073c425629 SOURCES/rsync-3.1.3.tar.gz
-db897ede46e509347a84ca4e0cb02c452eeabdbe SOURCES/rsync-patches-3.2.5.tar.gz
+74c16510a18ef43d797f9ceba6150f0862568cc0 SOURCES/rsync-patches-3.1.3.tar.gz
--- a/SOURCES/rsync-3.0.6-iconv-logging.patch
+++ b/SOURCES/rsync-3.0.6-iconv-logging.patch
@ -0,0 +1,22 @@
 diff --git a/log.c b/log.c
 index 34a013b..1aca728 100644
 --- a/log.c
 +++ b/log.c
@@ -377,10 +377,13 @@ output_msg:
 				filtered_fwrite(f, convbuf, outbuf.len, 0);
 				outbuf.len = 0;
 			}
 -			if (!ierrno || ierrno == E2BIG)
 -				continue;
 -			fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
 -			inbuf.len--;
 +			/* Log one byte of illegal/incomplete sequence and continue with
 +			 * the next character. Check that the buffer is non-empty for the
 +			 * sake of robustness. */
 +			if ((ierrno == EILSEQ || ierrno == EINVAL) && inbuf.len) {
 +				fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
 +				inbuf.len--;
 +			}
 		}
 	} else
 #endif
--- a/SOURCES/rsync-3.1.2-remove-symlinks.patch
+++ b/SOURCES/rsync-3.1.2-remove-symlinks.patch
@ -0,0 +1,33 @@
 diff --git a/sender.c b/sender.c
 index 03e4aadd..9b432ed9 100644
 --- a/sender.c
 +++ b/sender.c
@@ -32,6 +32,7 @@ extern int logfile_format_has_i;
 extern int want_xattr_optim;
 extern int csum_length;
 extern int append_mode;
 +extern int copy_links;
 extern int io_error;
 extern int flist_eof;
 extern int allowed_lull;
@@ -138,17 +139,16 @@ void successful_send(int ndx)
 		return;
 	f_name(file, fname);
 -	if (do_lstat(fname, &st) < 0) {
 +	if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) {
 		failed_op = "re-lstat";
 		goto failed;
 	}
 -	if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */
 -	 && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
 +	if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
 #ifdef ST_MTIME_NSEC
 	 || (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file))
 #endif
 -	)) {
 +	) {
 		rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname);
 		return;
 	}
--- a/SOURCES/rsync-3.1.2-vvv-hang.patch
+++ b/SOURCES/rsync-3.1.2-vvv-hang.patch
@ -0,0 +1,33 @@
 diff --git a/io.c b/io.c
 index 999c34e5..ceff3784 100644
 --- a/io.c
 +++ b/io.c
@@ -954,8 +954,17 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
 	} else
 #endif
 		needed = len + 4 + 3;
 -	if (iobuf.msg.len + needed > iobuf.msg.size)
 -		perform_io(needed, PIO_NEED_MSGROOM);
 +	if (iobuf.msg.len + needed > iobuf.msg.size) {
 +		if (!am_receiver)
 +			perform_io(needed, PIO_NEED_MSGROOM);
 +		else { /* We allow the receiver to increase their iobuf.msg size to avoid a deadlock. */
 +			size_t old_size = iobuf.msg.size;
 +			restore_iobuf_size(&iobuf.msg);
 +			realloc_xbuf(&iobuf.msg, iobuf.msg.size * 2);
 +			if (iobuf.msg.pos + iobuf.msg.len > old_size)
 +				memcpy(iobuf.msg.buf + old_size, iobuf.msg.buf, iobuf.msg.pos + iobuf.msg.len - old_size);
 +		}
 +	}
 	pos = iobuf.msg.pos + iobuf.msg.len; /* Must be set after any flushing. */
 	if (pos >= iobuf.msg.size)
@@ -1176,7 +1185,7 @@ int read_line(int fd, char *buf, size_t bufsiz, int flags)
 #ifdef ICONV_OPTION
 	if (flags & RL_CONVERT && iconv_buf.size < bufsiz)
 -		realloc_xbuf(&iconv_buf, bufsiz + 1024);
 +		realloc_xbuf(&iconv_buf, ROUND_UP_1024(bufsiz) + 1024);
 #endif
   start:
--- a/SOURCES/rsync-3.1.3-append-check.patch
+++ b/SOURCES/rsync-3.1.3-append-check.patch
@ -0,0 +1,44 @@
 commit bd17c2a4e237ca1f38544db65053ecfea6054009
 Author: Tomas Korbar <tkorbar@redhat.com>
 Date:   Thu Sep 24 13:17:45 2020 +0200
    Skip files for transfer that has been truncated during negotiation
 diff --git a/rsync.1 b/rsync.1
 index 6cabd44..855dd47 100644
 --- a/rsync.1
 +++ b/rsync.1
@@ -1004,8 +1004,10 @@ This causes rsync to update a file by appending data onto
 the end of the file, which presumes that the data that already exists on
 the receiving side is identical with the start of the file on the sending
 side.  If a file needs to be transferred and its size on the receiver is
 -the same or longer than the size on the sender, the file is skipped.  This
 -does not interfere with the updating of a file\(cq\&s non\-content attributes
 +the same or longer than the size on the sender, the file is skipped. It
 +also skips any files whose size on the sending side gets shorter during
 +the send negotiations (rsync warns about a "diminished" file when this
 +happens). This does not interfere with the updating of a file\(cq\&s non\-content attributes
 (e.g. permissions, ownership, etc.) when the file does not need to be
 transferred, nor does it affect the updating of any non\-regular files.
 Implies \fB\-\-inplace\fP.
 diff --git a/sender.c b/sender.c
 index 1cc28a1..e22eadd 100644
 --- a/sender.c
 +++ b/sender.c
@@ -379,6 +379,16 @@ void send_files(int f_in, int f_out)
 			}
 		}
 +		if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
 +			rprintf(FWARNING, "skipped diminished file: %s\n",
 +				full_fname(fname));
 +			free_sums(s);
 +			close(fd);
 +			if (protocol_version >= 30)
 +				send_msg_int(MSG_NO_SEND, ndx);
 +			continue;
 +		}
 +
 		if (st.st_size) {
 			int32 read_size = MAX(s->blength * 3, MAX_MAP_SIZE);
 			mbuf = map_file(fd, st.st_size, read_size, s->blength);
--- a/SOURCES/rsync-3.1.3-covscan.patch
+++ b/SOURCES/rsync-3.1.3-covscan.patch
@ -0,0 +1,57 @@
 diff --git a/util.c b/util.c
 index fbbfd8ba..235afa82 100644
 --- a/util.c
 +++ b/util.c
@@ -342,6 +342,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode)
 		if (robust_unlink(dest) && errno != ENOENT) {
 			int save_errno = errno;
 			rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest));
 +			close(ifd);
 			errno = save_errno;
 			return -1;
 		}
 diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c
 index 5856d591..a70a3f1a 100644
 --- a/lib/pool_alloc.c
 +++ b/lib/pool_alloc.c
@@ -49,15 +49,15 @@ pool_create(size_t size, size_t quantum, void (*bomb)(const char *), int flags)
 {
 	struct alloc_pool *pool;
 -	if (!(pool = new0(struct alloc_pool)))
 -		return NULL;
 -
 	if ((MINALIGN & (MINALIGN - 1)) != 0) {
 		if (bomb)
 			(*bomb)("Compiler error: MINALIGN is not a power of 2\n");
 		return NULL;
 	}
 +	if (!(pool = new0(struct alloc_pool)))
 +		return NULL;
 +
 	if (!size)
 		size = POOL_DEF_EXTENT;
 	if (!quantum)
 diff --git a/batch.c b/batch.c
 index 21c632fc..1ab66e90 100644
 --- a/batch.c
 +++ b/batch.c
@@ -216,7 +216,7 @@ static void write_filter_rules(int fd)
 void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
 {
 	int fd, i, len, err = 0;
 -	char *p, filename[MAXPATHLEN];
 +	char *p, *p2, filename[MAXPATHLEN];
 	stringjoin(filename, sizeof filename,
 		   batch_name, ".sh", NULL);
@@ -267,7 +267,7 @@ void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
 				err = 1;
 		}
 	}
 -	if (!(p = check_for_hostspec(argv[argc - 1], &p, &i)))
 +	if (!(p = check_for_hostspec(argv[argc - 1], &p2, &i)))
 		p = argv[argc - 1];
 	if (write(fd, " ${1:-", 6) != 6
 	 || write_arg(fd, p) < 0)
--- a/SOURCES/rsync-3.1.3-cve-2018-25032.patch
+++ b/SOURCES/rsync-3.1.3-cve-2018-25032.patch
@ -0,0 +1,343 @@
 From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001
 From: Mark Adler <madler@alumni.caltech.edu>
 Date: Tue, 17 Apr 2018 22:09:22 -0700
 Subject: [PATCH] Fix a bug that can crash deflate on some input when using
 Z_FIXED.
 This bug was reported by Danilo Ramos of Eideticom, Inc. It has
 lain in wait 13 years before being found! The bug was introduced
 in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
 option forces the use of fixed Huffman codes. For rare inputs with
 a large number of distant matches, the pending buffer into which
 the compressed data is written can overwrite the distance symbol
 table which it overlays. That results in corrupted output due to
 invalid distances, and can result in out-of-bound accesses,
 crashing the application.
 The fix here combines the distance buffer and literal/length
 buffers into a single symbol buffer. Now three bytes of pending
 buffer space are opened up for each literal or length/distance
 pair consumed, instead of the previous two bytes. This assures
 that the pending buffer cannot overwrite the symbol table, since
 the maximum fixed code compressed length/distance is 31 bits, and
 since there are four bytes of pending space for every three bytes
 of symbol space.
 ---
 deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++---------------
 deflate.h | 25 +++++++++----------
 trees.c   | 50 +++++++++++--------------------------
 3 files changed, 79 insertions(+), 70 deletions(-)
 diff --git a/zlib/deflate.c b/zlib/deflate.c
 index 425babc00..19cba873a 100644
 --- a/zlib/deflate.c
 +++ b/zlib/deflate.c
@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
     int wrap = 1;
     static const char my_version[] = ZLIB_VERSION;
 -    ushf *overlay;
 -    /* We overlay pending_buf and d_buf+l_buf. This works since the average
 -     * output size for (length,distance) codes is <= 24 bits.
 -     */
 -
     if (version == Z_NULL || version[0] != my_version[0] ||
         stream_size != sizeof(z_stream)) {
         return Z_VERSION_ERROR;
@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
     s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
 -    overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
 -    s->pending_buf = (uchf *) overlay;
 -    s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
 +    /* We overlay pending_buf and sym_buf. This works since the average size
 +     * for length/distance pairs over any compressed block is assured to be 31
 +     * bits or less.
 +     *
 +     * Analysis: The longest fixed codes are a length code of 8 bits plus 5
 +     * extra bits, for lengths 131 to 257. The longest fixed distance codes are
 +     * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
 +     * possible fixed-codes length/distance pair is then 31 bits total.
 +     *
 +     * sym_buf starts one-fourth of the way into pending_buf. So there are
 +     * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
 +     * in sym_buf is three bytes -- two for the distance and one for the
 +     * literal/length. As each symbol is consumed, the pointer to the next
 +     * sym_buf value to read moves forward three bytes. From that symbol, up to
 +     * 31 bits are written to pending_buf. The closest the written pending_buf
 +     * bits gets to the next sym_buf symbol to read is just before the last
 +     * code is written. At that time, 31*(n-2) bits have been written, just
 +     * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
 +     * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
 +     * symbols are written.) The closest the writing gets to what is unread is
 +     * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
 +     * can range from 128 to 32768.
 +     *
 +     * Therefore, at a minimum, there are 142 bits of space between what is
 +     * written and what is read in the overlain buffers, so the symbols cannot
 +     * be overwritten by the compressed data. That space is actually 139 bits,
 +     * due to the three-bit fixed-code block header.
 +     *
 +     * That covers the case where either Z_FIXED is specified, forcing fixed
 +     * codes, or when the use of fixed codes is chosen, because that choice
 +     * results in a smaller compressed block than dynamic codes. That latter
 +     * condition then assures that the above analysis also covers all dynamic
 +     * blocks. A dynamic-code block will only be chosen to be emitted if it has
 +     * fewer bits than a fixed-code block would for the same set of symbols.
 +     * Therefore its average symbol length is assured to be less than 31. So
 +     * the compressed data for a dynamic block also cannot overwrite the
 +     * symbols from which it is being constructed.
 +     */
 +
 +    s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
 +    s->pending_buf_size = (ulg)s->lit_bufsize * 4;
     if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
         s->pending_buf == Z_NULL) {
@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
         deflateEnd (strm);
         return Z_MEM_ERROR;
     }
 -    s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
 -    s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
 +    s->sym_buf = s->pending_buf + s->lit_bufsize;
 +    s->sym_end = (s->lit_bufsize - 1) * 3;
 +    /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
 +     * on 16 bit machines and because stored blocks are restricted to
 +     * 64K-1 bytes.
 +     */
     s->level = level;
     s->strategy = strategy;
@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value)
     if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
     s = strm->state;
 -    if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3))
 +    if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
         return Z_BUF_ERROR;
     do {
         put = Buf_size - s->bi_valid;
@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source)
 #else
     deflate_state *ds;
     deflate_state *ss;
 -    ushf *overlay;
     if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source)
     ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
     ds->prev   = (Posf *)  ZALLOC(dest, ds->w_size, sizeof(Pos));
     ds->head   = (Posf *)  ZALLOC(dest, ds->hash_size, sizeof(Pos));
 -    overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
 -    ds->pending_buf = (uchf *) overlay;
 +    ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
     if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
         ds->pending_buf == Z_NULL) {
@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source)
     zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
     ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
 -    ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
 -    ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
 +    ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
     ds->l_desc.dyn_tree = ds->dyn_ltree;
     ds->d_desc.dyn_tree = ds->dyn_dtree;
@@ -1771,7 +1771,7 @@ local block_state deflate_fast(s, flush)
         FLUSH_BLOCK(s, 1);
         return finish_done;
     }
 -    if (s->last_lit)
 +    if (s->sym_next)
         FLUSH_BLOCK(s, 0);
     return block_done;
 }
@@ -1912,7 +1912,7 @@ local block_state deflate_slow(s, flush)
         FLUSH_BLOCK(s, 1);
         return finish_done;
     }
 -    if (s->last_lit)
 +    if (s->sym_next)
         FLUSH_BLOCK(s, 0);
     return block_done;
 }
@@ -1987,7 +1987,7 @@ local block_state deflate_rle(s, flush)
         FLUSH_BLOCK(s, 1);
         return finish_done;
     }
 -    if (s->last_lit)
 +    if (s->sym_next)
         FLUSH_BLOCK(s, 0);
     return block_done;
 }
@@ -2026,7 +2026,7 @@ local block_state deflate_huff(s, flush)
         FLUSH_BLOCK(s, 1);
         return finish_done;
     }
 -    if (s->last_lit)
 +    if (s->sym_next)
         FLUSH_BLOCK(s, 0);
     return block_done;
 }
 diff --git a/zlib/deflate.h b/zlib/deflate.h
 index 23ecdd312..d4cf1a98b 100644
 --- a/zlib/deflate.h
 +++ b/zlib/deflate.h
@@ -217,7 +217,7 @@ typedef struct internal_state {
     /* Depth of each subtree used as tie breaker for trees of equal frequency
      */
 -    uchf *l_buf;          /* buffer for literals or lengths */
 +    uchf *sym_buf;        /* buffer for distances and literals/lengths */
     uInt  lit_bufsize;
     /* Size of match buffer for literals/lengths.  There are 4 reasons for
@@ -239,13 +239,8 @@ typedef struct internal_state {
      *   - I can't count above 4
      */
 -    uInt last_lit;      /* running index in l_buf */
 -
 -    ushf *d_buf;
 -    /* Buffer for distances. To simplify the code, d_buf and l_buf have
 -     * the same number of elements. To use different lengths, an extra flag
 -     * array would be necessary.
 -     */
 +    uInt sym_next;      /* running index in sym_buf */
 +    uInt sym_end;       /* symbol table full when sym_next reaches this */
     ulg opt_len;        /* bit length of current block with optimal trees */
     ulg static_len;     /* bit length of current block with static trees */
@@ -317,20 +317,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
 # define _tr_tally_lit(s, c, flush) \
   { uch cc = (c); \
 -    s->d_buf[s->last_lit] = 0; \
 -    s->l_buf[s->last_lit++] = cc; \
 +    s->sym_buf[s->sym_next++] = 0; \
 +    s->sym_buf[s->sym_next++] = 0; \
 +    s->sym_buf[s->sym_next++] = cc; \
     s->dyn_ltree[cc].Freq++; \
 -    flush = (s->last_lit == s->lit_bufsize-1); \
 +    flush = (s->sym_next == s->sym_end); \
    }
 # define _tr_tally_dist(s, distance, length, flush) \
   { uch len = (length); \
     ush dist = (distance); \
 -    s->d_buf[s->last_lit] = dist; \
 -    s->l_buf[s->last_lit++] = len; \
 +    s->sym_buf[s->sym_next++] = dist; \
 +    s->sym_buf[s->sym_next++] = dist >> 8; \
 +    s->sym_buf[s->sym_next++] = len; \
     dist--; \
     s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
     s->dyn_dtree[d_code(dist)].Freq++; \
 -    flush = (s->last_lit == s->lit_bufsize-1); \
 +    flush = (s->sym_next == s->sym_end); \
   }
 #else
 # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
 diff --git a/zlib/trees.c b/zlib/trees.c
 index 4f4a65011..decaeb7c3 100644
 --- a/zlib/trees.c
 +++ b/zlib/trees.c
@@ -416,7 +416,7 @@ local void init_block(s)
     s->dyn_ltree[END_BLOCK].Freq = 1;
     s->opt_len = s->static_len = 0L;
 -    s->last_lit = s->matches = 0;
 +    s->sym_next = s->matches = 0;
 }
 #define SMALLEST 1
@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
         Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
                 opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
 -                s->last_lit));
 +                s->sym_next / 3));
         if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
     unsigned dist;  /* distance of matched string */
     unsigned lc;    /* match length-MIN_MATCH or unmatched char (if dist==0) */
 {
 -    s->d_buf[s->last_lit] = (ush)dist;
 -    s->l_buf[s->last_lit++] = (uch)lc;
 +    s->sym_buf[s->sym_next++] = dist;
 +    s->sym_buf[s->sym_next++] = dist >> 8;
 +    s->sym_buf[s->sym_next++] = lc;
     if (dist == 0) {
         /* lc is the unmatched char */
         s->dyn_ltree[lc].Freq++;
@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
         s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
         s->dyn_dtree[d_code(dist)].Freq++;
     }
 -
 -#ifdef TRUNCATE_BLOCK
 -    /* Try to guess if it is profitable to stop the current block here */
 -    if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
 -        /* Compute an upper bound for the compressed length */
 -        ulg out_length = (ulg)s->last_lit*8L;
 -        ulg in_length = (ulg)((long)s->strstart - s->block_start);
 -        int dcode;
 -        for (dcode = 0; dcode < D_CODES; dcode++) {
 -            out_length += (ulg)s->dyn_dtree[dcode].Freq *
 -                (5L+extra_dbits[dcode]);
 -        }
 -        out_length >>= 3;
 -        Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
 -               s->last_lit, in_length, out_length,
 -               100L - out_length*100L/in_length));
 -        if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
 -    }
 -#endif
 -    return (s->last_lit == s->lit_bufsize-1);
 -    /* We avoid equality with lit_bufsize because of wraparound at 64K
 -     * on 16 bit machines and because stored blocks are restricted to
 -     * 64K-1 bytes.
 -     */
 +    return (s->sym_next == s->sym_end);
 }
 /* ===========================================================================
@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree)
 {
     unsigned dist;      /* distance of matched string */
     int lc;             /* match length or unmatched char (if dist == 0) */
 -    unsigned lx = 0;    /* running index in l_buf */
 +    unsigned sx = 0;    /* running index in sym_buf */
     unsigned code;      /* the code to send */
     int extra;          /* number of extra bits to send */
 -    if (s->last_lit != 0) do {
 -        dist = s->d_buf[lx];
 -        lc = s->l_buf[lx++];
 +    if (s->sym_next != 0) do {
 +        dist = s->sym_buf[sx++] & 0xff;
 +        dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
 +        lc = s->sym_buf[sx++];
         if (dist == 0) {
             send_code(s, lc, ltree); /* send a literal byte */
             Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree)
             }
         } /* literal or match pair ? */
 -        /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
 -        Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
 -               "pendingBuf overflow");
 +        /* Check that the overlay between pending_buf and sym_buf is ok: */
 +        Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
 -    } while (lx < s->last_lit);
 +    } while (sx < s->sym_next);
     send_code(s, END_BLOCK, ltree);
 }
--- a/SOURCES/rsync-3.1.3-cve-2022-29154.patch
+++ b/SOURCES/rsync-3.1.3-cve-2022-29154.patch
--- a/SOURCES/rsync-3.1.3-cve-2022-37434.patch
+++ b/SOURCES/rsync-3.1.3-cve-2022-37434.patch
@ -0,0 +1,16 @@
 diff --git a/zlib/inflate.c b/zlib/inflate.c
 index e43abd9..bd33c19 100644
 --- a/zlib/inflate.c
 +++ b/zlib/inflate.c
@@ -740,8 +740,9 @@ int flush;
                 if (copy > have) copy = have;
                 if (copy) {
                     if (state->head != Z_NULL &&
 -                        state->head->extra != Z_NULL) {
 -                        len = state->head->extra_len - state->length;
 +                        state->head->extra != Z_NULL &&
 +                        (len = state->head->extra_len - state->length) <
 +			    state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
--- a/SOURCES/rsync-3.1.3-cve-2024-12085.patch
+++ b/SOURCES/rsync-3.1.3-cve-2024-12085.patch
@ -12,4 +12,3 @@ index 36e78ed..dfd6af2 100644
 	/* want_i is used to encourage adjacent matches, allowing the RLL
 	 * coding of the output to work more efficiently. */
 	want_i = 0;
--- a/SOURCES/rsync-3.1.3-cve-2024-12087.patch
+++ b/SOURCES/rsync-3.1.3-cve-2024-12087.patch
@ -20,18 +20,17 @@ index 464d556..087f9da 100644
 +	}
 +
 	flist = flist_new(0, "recv_file_list");
 	flist_expand(flist, FLIST_START_LARGE);
 	if (inc_recurse) {
 diff --git a/rsync.h b/rsync.h
-index 0f9e277..b9a7101 100644
+index b357dad..bc9abac 100644
 --- a/rsync.h
 +++ b/rsync.h
-@@ -84,6 +84,7 @@
+@@ -83,6 +83,7 @@
- #define FLAG_DUPLICATE (1<<4)	/* sender */
+ #define FLAG_SKIP_GROUP (1<<10)	/* receiver/generator */
- #define FLAG_MISSING_DIR (1<<4)	/* generator */
+ #define FLAG_TIME_FAILED (1<<11)/* generator */
- #define FLAG_HLINKED (1<<5)	/* receiver/generator (checked on all types) */
+ #define FLAG_MOD_NSEC (1<<12)	/* sender/receiver/generator */
-+#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
- #define FLAG_HLINK_FIRST (1<<6)	/* receiver/generator (w/FLAG_HLINKED) */
+ 
- #define FLAG_IMPLIED_DIR (1<<6)	/* sender/receiver/generator (dirs only) */
+ /* These flags are passed to functions but not stored. */
- #define FLAG_HLINK_LAST (1<<7)	/* receiver/generator */
+ 
--- a/SOURCES/rsync-3.1.3-cve-2024-12088.patch
+++ b/SOURCES/rsync-3.1.3-cve-2024-12088.patch
@ -11,10 +11,10 @@ index 75e7201..d2e318e 100644
 test_unsafe dir/../..			from				unsafe
 test_unsafe dir/..//..			from				unsafe
-diff --git a/util1.c b/util1.c
+diff --git a/util.c b/util.c
 index da50ff1..f260d39 100644
--- a/util1.c
+--- a/util.c
-+++ b/util1.c
+++ b/util.c
@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
  *
  * "src" is the top source directory currently applicable at the level
@ -55,4 +55,3 @@ index da50ff1..f260d39 100644
 	/* find out what our safety margin is */
 	for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
 		/* ".." segment starts the count over.  "." segment is ignored. */
--- a/SOURCES/rsync-3.1.3-cve-2024-12747.patch
+++ b/SOURCES/rsync-3.1.3-cve-2024-12747.patch
@ -11,38 +11,16 @@ index cb21882..66e8089 100644
 	if (fd == -1)
 		return;
 diff --git a/flist.c b/flist.c
 index 087f9da..1783253 100644
 --- a/flist.c
 +++ b/flist.c
@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
 	if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
 		if (st.st_size == 0) {
 -			int fd = do_open(fname, O_RDONLY, 0);
 +			int fd = do_open_checklinks(fname);
 			if (fd >= 0) {
 				st.st_size = get_device_size(fd, fname);
 				close(fd);
 diff --git a/generator.c b/generator.c
 index 110db28..3f13bb9 100644
 --- a/generator.c
 +++ b/generator.c
@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
 		/* This early open into fd skips the regular open below. */
 -		if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
 +		if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
 			real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
 	}
@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	}
 	/* open the file */
-	if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
+-	if ((fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
-+	if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
+	if ((fd = do_open_checklinks(fnamecmp)) < 0) {
 		rsyserr(FERROR, errno, "failed to open %s, continuing",
 			full_fname(fnamecmp));
 	  pretend_missing:
@ -51,9 +29,9 @@ index 8031b8f..edfbb21 100644
 --- a/receiver.c
 +++ b/receiver.c
@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
 		if (fd1 == -1 && protocol_version < 29) {
 			if (fnamecmp != fname) {
 				fnamecmp = fname;
 				fnamecmp_type = FNAMECMP_FNAME;
 -				fd1 = do_open(fnamecmp, O_RDONLY, 0);
 +				fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
 			}
@ -71,23 +49,23 @@ index 2bbff2f..a4d46c3 100644
 +		fd = do_open_checklinks(fname);
 		if (fd == -1) {
 			if (errno == ENOENT) {
- 				enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
+ 				enum logcode c = am_daemon
 diff --git a/syscall.c b/syscall.c
 index 47c5ea5..c55ae5f 100644
 --- a/syscall.c
 +++ b/syscall.c
@@ -45,6 +45,8 @@ extern int preallocate_files;
 extern int preallocate_files;
 extern int preserve_perms;
 extern int preserve_executability;
 extern int open_noatime;
 +extern int copy_links;
 +extern int copy_unsafe_links;
 #ifndef S_BLKSIZE
 # if defined hpux || defined __hpux__ || defined __hpux
-@@ -793,3 +795,21 @@ cleanup:
+@@ -575,3 +575,21 @@ int do_open_nofollow(const char *pathname, int flags)
- 	return retfd;
+ 
- #endif // O_NOFOLLOW, O_DIRECTORY
+ 	return fd;
 }
 +
 +/*
@ -102,19 +80,19 @@ index 47c5ea5..c55ae5f 100644
 + */
 +int do_open_checklinks(const char *pathname)
 +{
-+	if (copy_links || copy_unsafe_links) {
+ if (copy_links || copy_unsafe_links) {
-+		return do_open(pathname, O_RDONLY, 0);
+   return do_open(pathname, O_RDONLY, 0);
-+	}
+ }
-+	return do_open_nofollow(pathname, O_RDONLY);
+ return do_open_nofollow(pathname, O_RDONLY);
 +}
 diff --git a/t_unsafe.c b/t_unsafe.c
 index 010cac5..e10619a 100644
 --- a/t_unsafe.c
 +++ b/t_unsafe.c
@@ -28,6 +28,9 @@ int am_root = 0;
- int am_sender = 1;
+ int human_readable = 0;
- int read_only = 0;
+ int preserve_perms = 0;
- int list_only = 0;
+ int preserve_executability = 0;
 +int copy_links = 0;
 +int copy_unsafe_links = 0;
 +
@ -126,9 +104,9 @@ index e6b0708..858f8f1 100644
 --- a/tls.c
 +++ b/tls.c
@@ -49,6 +49,9 @@ int list_only = 0;
- int link_times = 0;
+ int preserve_executability = 0;
- int link_owner = 0;
+ int preallocate_files = 0;
- int nsec_times = 0;
+ int inplace = 0;
 +int safe_symlinks = 0;
 +int copy_links = 0;
 +int copy_unsafe_links = 0;
@ -140,18 +118,18 @@ index 1ec928c..f2774cd 100644
 --- a/trimslash.c
 +++ b/trimslash.c
@@ -26,6 +26,8 @@ int am_root = 0;
- int am_sender = 1;
+ int preserve_executability = 0;
- int read_only = 1;
+ int preallocate_files = 0;
- int list_only = 0;
+ int inplace = 0;
 +int copy_links = 0;
 +int copy_unsafe_links = 0;
 int
 main(int argc, char **argv)
-diff --git a/util1.c b/util1.c
+diff --git a/util.c b/util.c
 index f260d39..d84bc41 100644
--- a/util1.c
+--- a/util.c
-+++ b/util1.c
+++ b/util.c
@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
 	int len;   /* Number of bytes read into `buf'. */
 	OFF_T prealloc_len = 0, offset = 0;
@ -161,4 +139,3 @@ index f260d39..d84bc41 100644
 		int save_errno = errno;
 		rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
 		errno = save_errno;
--- a/SOURCES/rsync-3.1.3-filtering-rules.patch
+++ b/SOURCES/rsync-3.1.3-filtering-rules.patch
@ -40,9 +40,9 @@ index 13c4253..232249f 100644
 +	int slash_cnt = 0;
 	const char *cp;
 	char *p;
- 	if (trust_sender_args)
+ 	if (am_server || old_style_args || list_only || read_batch || filesfrom_host != NULL)
@@ -407,6 +413,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
-		arg++;
+ 		arg++;
 	arg_len = strlen(arg);
 	if (arg_len) {
 +		char *new_pat;
@ -287,6 +287,21 @@ index 13c4253..232249f 100644
 }
 /* This is only called by the client. */
 diff --git a/options.c b/options.c
 index afc33ce..4d0a1a6 100644
 --- a/options.c
 +++ b/options.c
@@ -2426,7 +2426,9 @@ char *safe_arg(const char *opt, const char *arg)
 	char *ret;
 	if (!protect_args && old_style_args < 2 && (!old_style_args || (!is_filename_arg && opt != SPLIT_ARG_WHEN_OLD))) {
 		const char *f;
 -		if (!old_style_args && *arg == '~' && (relative_paths || !strchr(arg, '/'))) {
 +		if (!old_style_args && *arg == '~' 
 +				&& ((relative_paths && !strstr(arg, "/./")) 
 +				|| !strchr(arg, '/'))) {
 			extras++;
 			escape_leading_tilde = 1;
 		}
 diff --git a/flist.c b/flist.c
 index 630d685..8c2397b 100644
 --- a/flist.c
--- a/SOURCES/rsync-3.1.3-ignore-missing.patch
+++ b/SOURCES/rsync-3.1.3-ignore-missing.patch
@ -0,0 +1,49 @@
 commit af6118d98b3482cbcfc223bf2a0777bc19eccb02
 Author: Wayne Davison <wayne@opencoder.net>
 Date:   Sun Apr 26 18:02:17 2020 -0700
    Allow a missing parent dir when --delete-missing-args was specified.
 diff --git a/generator.c b/generator.c
 index 3c50f63f..b90c7ccd 100644
 --- a/generator.c
 +++ b/generator.c
@@ -1277,10 +1277,16 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			 && (*dn != '.' || dn[1]) /* Avoid an issue with --relative and the "." dir. */
 			 && (!prior_dir_file || strcmp(dn, f_name(prior_dir_file, NULL)) != 0)
 			 && flist_find_name(cur_flist, dn, 1) < 0) {
 -				rprintf(FERROR,
 -					"ABORTING due to invalid path from sender: %s/%s\n",
 -					dn, file->basename);
 -				exit_cleanup(RERR_PROTOCOL);
 +				/* The --delete-missing-args option can actually put invalid entries into
 +				 * the file list, so if that option was specified, we'll just complain about
 +				 * it and allow it. */
 +				if (missing_args == 2 && file->mode == 0)
 +					rprintf(FERROR, "WARNING: parent dir is absent in the file list: %s\n", dn);
 +				else {
 +					rprintf(FERROR, "ABORTING due to invalid path from sender: %s/%s\n",
 +						dn, file->basename);
 +					exit_cleanup(RERR_PROTOCOL);
 +				}
 			}
 			if (relative_paths && !implied_dirs
 			 && do_stat(dn, &sx.st) < 0) {
@@ -1383,7 +1389,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			added_perms = 0;
 		if (is_dir < 0) {
 			if (!(preserve_times & PRESERVE_DIR_TIMES))
 -				return;
 +				goto cleanup;
 			/* In inc_recurse mode we want to make sure any missing
 			 * directories get created while we're still processing
 			 * the parent dir (which allows us to touch the parent
@@ -1525,7 +1531,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 					"ignoring unsafe symlink \"%s\" -> \"%s\"\n",
 					fname, sl);
 			}
 -			return;
 +			goto cleanup;
 		}
 		if (statret == 0) {
 			char lnk[MAXPATHLEN];
--- a/SOURCES/rsync-3.1.3-missing-xattr-filter.patch
+++ b/SOURCES/rsync-3.1.3-missing-xattr-filter.patch
@ -0,0 +1,13 @@
 diff --git a/exclude.c.old b/exclude.c
 index 232249f..2f6dccc 100644
 --- a/exclude.c.old
 +++ b/exclude.c
@@ -1575,6 +1575,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
 	}
 	if (rule->rflags & FILTRULE_EXCLUDE_SELF)
 		*op++ = 'e';
 +	if (rule->rflags & FILTRULE_XATTR)
 +		*op++ = 'x';
 	if (rule->rflags & FILTRULE_SENDER_SIDE
 	    && (!for_xfer || protocol_version >= 29))
 		*op++ = 's';
--- a/SOURCES/rsync-3.1.3-skip-compress.patch
+++ b/SOURCES/rsync-3.1.3-skip-compress.patch
@ -0,0 +1,37 @@
 diff --git a/loadparm.c b/loadparm.c
 index 029f358f..534e7b63 100644
 --- a/loadparm.c
 +++ b/loadparm.c
@@ -449,7 +449,7 @@ static struct parm_struct parm_table[] =
 };
 /* Initialise the Default all_vars structure. */
 -static void reset_all_vars(void)
 +void reset_daemon_vars(void)
 {
 	memcpy(&Vars, &Defaults, sizeof Vars);
 }
@@ -872,7 +872,7 @@ int lp_load(char *pszFname, int globals_only)
 {
 	bInGlobalSection = True;
 -	reset_all_vars();
 +	reset_daemon_vars();
 	/* We get sections first, so have to start 'behind' to make up. */
 	iSectionIndex = -1;
 diff --git a/main.c b/main.c
 index 1328c504..9af9e5d3 100644
 --- a/main.c
 +++ b/main.c
@@ -1681,6 +1681,10 @@ int main(int argc,char *argv[])
 	memset(&stats, 0, sizeof(stats));
 +	/* Even a non-daemon runs needs the default config values to be set, e.g.
 +	 * lp_dont_compress() is queried when no --skip-compress option is set. */
 +	reset_daemon_vars();
 +
 	if (argc < 2) {
 		usage(FERROR);
 		exit_cleanup(RERR_SYNTAX);
--- a/SOURCES/rsync-3.1.3-sparse-block.patch
+++ b/SOURCES/rsync-3.1.3-sparse-block.patch
@ -0,0 +1,122 @@
 diff --git a/fileio.c b/fileio.c
 index b183e20..72d6076 100644
 --- a/fileio.c
 +++ b/fileio.c
@@ -34,6 +34,7 @@
 #define ALIGNED_LENGTH(len) ((((len) - 1) | (ALIGN_BOUNDRY-1)) + 1)
 extern int sparse_files;
 +extern int sparse_files_block_size;
 OFF_T preallocated_len = 0;
@@ -147,7 +148,7 @@ int write_file(int f, int use_seek, OFF_T offset, const char *buf, int len)
 	while (len > 0) {
 		int r1;
 		if (sparse_files > 0) {
 -			int len1 = MIN(len, SPARSE_WRITE_SIZE);
 +			int len1 = MIN(len, sparse_files_block_size ? sparse_files_block_size : SPARSE_WRITE_SIZE);
 			r1 = write_sparse(f, use_seek, offset, buf, len1);
 			offset += r1;
 		} else {
 diff --git a/options.c b/options.c
 index 195672e..d08c05a 100644
 --- a/options.c
 +++ b/options.c
@@ -76,6 +76,7 @@ int remove_source_files = 0;
 int one_file_system = 0;
 int protocol_version = PROTOCOL_VERSION;
 int sparse_files = 0;
 +long sparse_files_block_size = 0;
 int preallocate_files = 0;
 int do_compression = 0;
 int def_compress_level = NOT_SPECIFIED;
@@ -717,6 +718,7 @@ void usage(enum logcode F)
   rprintf(F,"     --fake-super            store/recover privileged attrs using xattrs\n");
 #endif
   rprintf(F," -S, --sparse                turn sequences of nulls into sparse blocks\n");
 +  rprintf(F,"     --sparse-block=SIZE     set block size used to handle sparse files\n");
 #ifdef SUPPORT_PREALLOCATION
   rprintf(F,"     --preallocate           allocate dest files before writing them\n");
 #else
@@ -927,6 +929,7 @@ static struct poptOption long_options[] = {
   {"sparse",          'S', POPT_ARG_VAL,    &sparse_files, 1, 0, 0 },
   {"no-sparse",        0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
   {"no-S",             0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
 +  {"sparse-block",     0,  POPT_ARG_LONG,   &sparse_files_block_size, 0, 0, 0 },
   {"preallocate",      0,  POPT_ARG_NONE,   &preallocate_files, 0, 0, 0},
   {"inplace",          0,  POPT_ARG_VAL,    &inplace, 1, 0, 0 },
   {"no-inplace",       0,  POPT_ARG_VAL,    &inplace, 0, 0, 0 },
 diff --git a/options.c b/options.c
 index b12da55..5a27452 100644
 --- a/options.c
 +++ b/options.c
@@ -2606,6 +2606,12 @@ void server_options(char **args, int *argc_p)
 		args[ac++] = arg;
 	}
 +	if (sparse_files_block_size) {
 +		if (asprintf(&arg, "--sparse-block=%lu", sparse_files_block_size) < 0)
 +			goto oom;
 +		args[ac++] = arg;
 +	}
 +
 	if (io_timeout) {
 		if (asprintf(&arg, "--timeout=%d", io_timeout) < 0)
 			goto oom;
 diff --git a/rsync.yo b/rsync.yo
 --- a/rsync.yo
 +++ b/rsync.yo
@@ -377,6 +377,7 @@ to the detailed description below for a complete description.  verb(
      --super                 receiver attempts super-user activities
      --fake-super            store/recover privileged attrs using xattrs
  -S, --sparse                turn sequences of nulls into sparse blocks
 +     --sparse-block=SIZE     set block size used to handle sparse files
      --preallocate           allocate dest files before writing
  -n, --dry-run               perform a trial run with no changes made
  -W, --whole-file            copy files whole (w/o delta-xfer algorithm)
@@ -1299,6 +1300,15 @@ If combined with bf(--sparse), the file will only have sparse blocks (as
 opposed to allocated sequences of null bytes) if the kernel version and
 filesystem type support creating holes in the allocated data.
 +dit(bf(--sparse-block=SIZE)) Change the block size used to handle sparse files
 +to SIZE bytes.  This option only has an effect if the bf(--sparse) (bf(-S))
 +option was also specified.  The default block size used by rsync to detect a
 +file hole is 1024 bytes; when the receiver writes data to the destination file
 +and option bf(--sparse) is used, rsync checks every 1024-bytes chunk to detect
 +if they are actually filled with data or not.  With certain filesystems,
 +optimized to receive data streams for example, enlarging this block size can
 +strongly increase performance.  The option can be used to tune this block size.
 +
 dit(bf(-n, --dry-run)) This makes rsync perform a trial run that doesn't
 make any changes (and produces mostly the same output as a real run).  It
 is most commonly used in combination with the bf(-v, --verbose) and/or
 diff --git a/rsync.1 b/rsync.1
 index 855dd47..1d7af3c 100644
 --- a/rsync.1
 +++ b/rsync.1
@@ -454,6 +454,7 @@ to the detailed description below for a complete description.
      \-\-super                 receiver attempts super\-user activities
      \-\-fake\-super            store/recover privileged attrs using xattrs
  \-S, \-\-sparse                turn sequences of nulls into sparse blocks
 +     \-\-sparse-block=SIZE      set block size used to handle sparse files
      \-\-preallocate           allocate dest files before writing
  \-n, \-\-dry\-run               perform a trial run with no changes made
  \-W, \-\-whole\-file            copy files whole (w/o delta\-xfer algorithm)
@@ -1493,6 +1493,16 @@ If combined with \fB\-\-sparse\fP, the file will only have sparse blocks (as
 opposed to allocated sequences of null bytes) if the kernel version and
 filesystem type support creating holes in the allocated data.
 .IP 
 +.IP "\fB\-\-sparse\-block=SIZE\fP"
 +Change the block size used to handle sparse files
 +to SIZE bytes.  This option only has an effect if the \fB\-\-sparse\fP (\fB\-S\fP)
 +option was also specified.  The default block size used by rsync to detect a
 +file hole is 1024 bytes; when the receiver writes data to the destination file
 +and option \fB\-\-sparse\fP is used, rsync checks every 1024\-bytes chunk to detect
 +if they are actually filled with data or not.  With certain filesystems,
 +optimized to receive data streams for example, enlarging this block size can
 +strongly increase performance.  The option can be used to tune this block size.
 +.IP
 .IP "\fB\-n, \-\-dry\-run\fP"
 This makes rsync perform a trial run that doesn\(cq\&t
 make any changes (and produces mostly the same output as a real run).  It
--- a/SOURCES/rsync-3.1.3-xattr.patch
+++ b/SOURCES/rsync-3.1.3-xattr.patch
@ -0,0 +1,38 @@
 diff --git a/xattrs.c b/xattrs.c
 index 508649c0..3c549192 100644
 --- a/xattrs.c
 +++ b/xattrs.c
@@ -1055,7 +1055,7 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
 {
 	rsync_xa_list *glst = rsync_xal_l.items;
 	item_list *lst;
 -	int ndx;
 +	int ndx, added_write_perm = 0;
 	if (dry_run)
 		return 1; /* FIXME: --dry-run needs to compute this value */
@@ -1084,10 +1084,23 @@ int set_xattr(const char *fname, const struct file_struct *file, const char *fna
 	}
 #endif
 +	/* If the target file lacks write permission, we try to add it
 +	 * temporarily so we can change the extended attributes. */
 +	if (!am_root
 +#ifdef SUPPORT_LINKS
 +	 && !S_ISLNK(sxp->st.st_mode)
 +#endif
 +	 && access(fname, W_OK) < 0
 +	 && do_chmod(fname, (sxp->st.st_mode & CHMOD_BITS) | S_IWUSR) == 0)
 +		added_write_perm = 1;
 +
 	ndx = F_XATTR(file);
 	glst += ndx;
 	lst = &glst->xa_items;
 -	return rsync_xal_set(fname, lst, fnamecmp, sxp);
 +	int return_value = rsync_xal_set(fname, lst, fnamecmp, sxp);
 +	if (added_write_perm) /* remove the temporary write permission */
 +		do_chmod(fname, sxp->st.st_mode);
 +	return return_value;
 }
 #ifdef SUPPORT_ACLS
--- a/SOURCES/rsync-3.2.2-runtests.patch
+++ b/SOURCES/rsync-3.2.2-runtests.patch
@ -1,12 +0,0 @@
 diff --git a/runtests.sh.old b/runtests.sh
 index ecb383e..1cd1d1a 100755
 --- a/runtests.sh.old
 +++ b/runtests.sh
@@ -276,6 +276,7 @@ do
     case "$testscript" in
     *hardlinks*) TESTRUN_TIMEOUT=600 ;;
 +    *default-acls*) continue ;;
     *) TESTRUN_TIMEOUT=300 ;;
     esac
--- a/SOURCES/rsync-3.2.5-cve-2024-12086.patch
+++ b/SOURCES/rsync-3.2.5-cve-2024-12086.patch
@ -1,198 +0,0 @@
 diff --git a/receiver.c b/receiver.c
 index 6b4b369..8031b8f 100644
 --- a/receiver.c
 +++ b/receiver.c
@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
 extern struct file_list *cur_flist, *first_flist, *dir_flist;
 extern filter_rule_list daemon_filter_list;
 extern OFF_T preallocated_len;
 +extern int fuzzy_basis;
 static struct bitbag *delayed_bits = NULL;
 static int phase = 0, redoing = 0;
@@ -551,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name)
 	progress_init();
 	while (1) {
 +		const char *basedir = NULL;
 +
 		cleanup_disable();
 		/* This call also sets cur_flist. */
@@ -716,28 +719,34 @@ int recv_files(int f_in, int f_out, char *local_name)
 				fnamecmp = get_backup_name(fname);
 				break;
 			case FNAMECMP_FUZZY:
 +				if (fuzzy_basis == 0) {
 +					rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
 +					exit_cleanup(RERR_PROTOCOL);
 +				}
 				if (file->dirname) {
 -					pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
 -					fnamecmp = fnamecmpbuf;
 -				} else
 -					fnamecmp = xname;
 +					basedir = file->dirname;
 +				}
 +				fnamecmp = xname;
 				break;
 			default:
 				if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) {
 					fnamecmp_type -= FNAMECMP_FUZZY + 1;
 					if (file->dirname) {
 -						stringjoin(fnamecmpbuf, sizeof fnamecmpbuf,
 -							   basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL);
 -					} else
 -						pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname);
 +						pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname);
 +						basedir = fnamecmpbuf;
 +					} else {
 +						basedir = basis_dir[fnamecmp_type];
 +					}
 +					fnamecmp = xname;
 				} else if (fnamecmp_type >= basis_dir_cnt) {
 					rprintf(FERROR,
 						"invalid basis_dir index: %d.\n",
 						fnamecmp_type);
 					exit_cleanup(RERR_PROTOCOL);
 -				} else
 -					pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname);
 -				fnamecmp = fnamecmpbuf;
 +				} else {
 +					basedir = basis_dir[fnamecmp_type];
 +					fnamecmp = fname;
 +				}
 				break;
 			}
 			if (!fnamecmp || (daemon_filter_list.head
@@ -760,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name)
 		}
 		/* open the file */
 -		fd1 = do_open(fnamecmp, O_RDONLY, 0);
 +		fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
 		if (fd1 == -1 && protocol_version < 29) {
 			if (fnamecmp != fname) {
@@ -771,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name)
 			if (fd1 == -1 && basis_dir[0]) {
 				/* pre-29 allowed only one alternate basis */
 -				pathjoin(fnamecmpbuf, sizeof fnamecmpbuf,
 -					 basis_dir[0], fname);
 -				fnamecmp = fnamecmpbuf;
 +				basedir = basis_dir[0];
 +				fnamecmp = fname;
 				fnamecmp_type = FNAMECMP_BASIS_DIR_LOW;
 -				fd1 = do_open(fnamecmp, O_RDONLY, 0);
 +				fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
 			}
 		}
 +		if (basedir) {
 +			// for the following code we need the full
 +			// path name as a single string
 +			pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp);
 +			fnamecmp = fnamecmpbuf;
 +		}
 +
 		one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR;
 		updating_basis_or_equiv = one_inplace
 		    || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP));
 diff --git a/syscall.c b/syscall.c
 index d92074a..47c5ea5 100644
 --- a/syscall.c
 +++ b/syscall.c
@@ -33,6 +33,8 @@
 #include <sys/syscall.h>
 #endif
 +#include "ifuncs.h"
 +
 extern int dry_run;
 extern int am_root;
 extern int am_sender;
@@ -712,3 +714,82 @@ int do_open_nofollow(const char *pathname, int flags)
 	return fd;
 }
 +
 +/*
 +  open a file relative to a base directory. The basedir can be NULL,
 +  in which case the current working directory is used. The relpath
 +  must be a relative path, and the relpath must not contain any
 +  elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
 +  applies to all path components, not just the last component)
 +
 +  The relpath must also not contain any ../ elements in the path
 +*/
 +int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
 +{
 +	if (!relpath || relpath[0] == '/') {
 +		// must be a relative path
 +		errno = EINVAL;
 +		return -1;
 +	}
 +	if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
 +		// no ../ elements allowed in the relpath
 +		errno = EINVAL;
 +		return -1;
 +	}
 +
 +#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
 +	// really old system, all we can do is live with the risks
 +	if (!basedir) {
 +		return open(relpath, flags, mode);
 +	}
 +	char fullpath[MAXPATHLEN];
 +	pathjoin(fullpath, sizeof fullpath, basedir, relpath);
 +	return open(fullpath, flags, mode);
 +#else
 +	int dirfd = AT_FDCWD;
 +	if (basedir != NULL) {
 +		dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
 +		if (dirfd == -1) {
 +			return -1;
 +		}
 +	}
 +	int retfd = -1;
 +
 +	char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
 +	if (!path_copy) {
 +		return -1;
 +	}
 +	
 +	for (const char *part = strtok(path_copy, "/");
 +	     part != NULL;
 +	     part = strtok(NULL, "/"))
 +	{
 +		int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
 +		if (next_fd == -1 && errno == ENOTDIR) {
 +			if (strtok(NULL, "/") != NULL) {
 +				// this is not the last component of the path
 +				errno = ELOOP;
 +				goto cleanup;
 +			}
 +			// this could be the last component of the path, try as a file
 +			retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
 +			goto cleanup;
 +		}
 +		if (next_fd == -1) {
 +			goto cleanup;
 +		}
 +		if (dirfd != AT_FDCWD) close(dirfd);
 +		dirfd = next_fd;
 +	}
 +
 +	// the path must be a directory
 +	errno = EINVAL;
 +
 +cleanup:
 +	free(path_copy);
 +	if (dirfd != AT_FDCWD) {
 +		close(dirfd);
 +	}
 +	return retfd;
 +#endif // O_NOFOLLOW, O_DIRECTORY
 +}
--- a/SOURCES/rsync-3.2.5-rrsync-man.patch
+++ b/SOURCES/rsync-3.2.5-rrsync-man.patch
@ -1,23 +0,0 @@
 diff --git a/Makefile.in b/Makefile.in
 index 3cde955..06232f1 100644
 --- a/Makefile.in
 +++ b/Makefile.in
@@ -106,6 +106,9 @@ rsync$(EXEEXT): $(OBJS)
 rrsync: support/rrsync
 	cp -p $(srcdir)/support/rrsync rrsync
 +rrsync.1.md: support/rrsync.1.md
 +	cp -p $(srcdir)/support/rrsync.1.md rrsync.1.md
 +
 $(OBJS): $(HEADERS)
 $(CHECK_OBJS): $(HEADERS)
 tls.o xattrs.o: lib/sysxattrs.h
@@ -269,7 +269,7 @@ rsyncd.conf.5: rsyncd.conf.5.md md-convert version.h Makefile
 	@$(srcdir)/maybe-make-man rsyncd.conf.5.md
 rrsync.1: support/rrsync.1.md md-convert Makefile
 -	@$(srcdir)/maybe-make-man support/rrsync.1.md
 +	@$(srcdir)/maybe-make-man rrsync.1.md
 .PHONY: clean
 clean: cleantests
--- a/SOURCES/rsync-man.patch
+++ b/SOURCES/rsync-man.patch
@ -0,0 +1,10 @@
 --- rsync-3.0.9/rsync.1   2011-09-23 18:42:26.000000000 +0200
 +++ rsync-3.0.9/rsync.1   2012-09-19 10:40:19.698802861 +0200
@@ -445,6 +445,7 @@
  \-o, \-\-owner                 preserve owner (super\-user only)
  \-g, \-\-group                 preserve group
      \-\-devices               preserve device files (super\-user only)
 +     \-\-copy-devices          copy device contents as regular file
      \-\-specials              preserve special files
  \-D                          same as \-\-devices \-\-specials
  \-t, \-\-times                 preserve modification times
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@ -1,7 +1,6 @@
 %global _hardened_build 1
 %define isprerelease 0
 %define _lto_cflags %{nil}
 %if %isprerelease
 %define prerelease pre1
@ -9,9 +8,10 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
-Version: 3.2.5
+Version: 3.1.3
-Release: 1%{?dist}.alma.1
+Release: 21%{?dist}
-URL: https://rsync.samba.org/
+Group: Applications/Internet
 URL: http://rsync.samba.org/
 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
 Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}%{?prerelease}.tar.gz
@ -21,32 +21,31 @@ Source4: rsyncd.conf
 Source5: rsyncd.sysconfig
 Source6: rsyncd@.service
-BuildRequires: make
+BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel, systemd
-BuildRequires: gcc
+#Requires: zlib
 BuildRequires: gcc-c++
 BuildRequires: libacl-devel
 BuildRequires: libattr-devel
 BuildRequires: autoconf
 BuildRequires: popt-devel
 BuildRequires: systemd
 BuildRequires: lz4-devel
 BuildRequires: openssl-devel
 BuildRequires: libzstd-devel
 #Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
 Provides: bundled(zlib) = 1.2.8
 License: GPLv3+
-#Added due to rhbz#1873975 - default-acls test fail on s390x due to libacl
+Patch0: rsync-man.patch
-Patch1: rsync-3.2.2-runtests.patch
+Patch1: rsync-3.0.6-iconv-logging.patch
-#commonmark would be needed to generate manpage, so we simply copy it
+Patch2: rsync-3.1.3-covscan.patch
-Patch2: rsync-3.2.5-rrsync-man.patch
+Patch3: rsync-3.1.2-remove-symlinks.patch
-#A couple of fixes for the new filtering code
+Patch4: rsync-3.1.2-vvv-hang.patch
-Patch3: rsync-3.2.3-filtering-rules.patch
+Patch5: rsync-3.1.3-ignore-missing.patch
-Patch4: rsync-3.2.5-cve-2024-12085.patch
+Patch6: rsync-3.1.3-append-check.patch
-Patch5: rsync-3.2.5-cve-2024-12086.patch
+Patch7: rsync-3.1.3-skip-compress.patch
-Patch6: rsync-3.2.5-cve-2024-12087.patch
+Patch8: rsync-3.1.3-xattr.patch
-Patch7: rsync-3.2.5-cve-2024-12088.patch
+Patch9: rsync-3.1.3-cve-2018-25032.patch
-Patch8: rsync-3.2.5-cve-2024-12747.patch
+Patch10: rsync-3.1.3-sparse-block.patch
 Patch11: rsync-3.1.3-cve-2022-29154.patch
 Patch12: rsync-3.1.3-cve-2022-37434.patch
 Patch13: rsync-3.1.3-filtering-rules.patch
 Patch14: rsync-3.1.3-missing-xattr-filter.patch
 Patch15: rsync-3.1.3-cve-2024-12085.patch
 Patch16: rsync-3.1.3-cve-2024-12087.patch
 Patch17: rsync-3.1.3-cve-2024-12088.patch
 Patch18: rsync-3.1.3-cve-2024-12747.patch
 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -77,27 +76,41 @@ package provides the anonymous rsync service.
 %setup -q -b 1
 %endif
-%patch1 -p1 -b .runtests
+#Needed for compatibility with previous patched rsync versions
-%patch2 -p1 -b .rrsync-man
+patch -p1 -i patches/acls.diff
-%patch3 -p1 -b .filtering-rules
+patch -p1 -i patches/xattrs.diff
-%patch4 -p1 -b .cve-2024-12085
+
-%patch5 -p1 -b .cve-2024-12086
+#Enable --copy-devices parameter
-%patch6 -p1 -b .cve-2024-12087
+patch -p1 -i patches/copy-devices.diff
-%patch7 -p1 -b .cve-2024-12088
+
-%patch8 -p1 -b .cve-2024-12747
+%patch0 -p1 -b .man
 %patch1 -p1 -b .iconv
 %patch2 -p1 -b .covscan
 %patch3 -p1 -b .symlinks
 %patch4 -p1 -b .vvv
 %patch5 -p1 -b .missing
 %patch6 -p1 -b .append
 %patch7 -p1 -b .skip-compress
 %patch8 -p1 -b .xattr
 %patch9 -p1 -b .cve-2018-25032
 %patch10 -p1 -b .spars-block
 %patch11 -p1 -b .cve-2022-29154
 %patch12 -p1 -b .cve-2022-37434
 %patch13 -p1 -b .filtering-rules
 %patch14 -p1 -b .xattr-filter
 %patch15 -p1 -b .cve-2024-12085
 %patch16 -p1 -b .cve-2024-12087
 %patch17 -p1 -b .cve-2024-12088
 %patch18 -p1 -b .cve-2024-12747
 %build
-%configure --disable-xxhash --with-rrsync
+%configure
 # --with-included-zlib=no temporary disabled because of #1043965
-%{make_build}
+make %{?_smp_mflags}
 %check
 make check
 chmod -x support/*
 %install
-%{make_install} INSTALLCMD='install -p' INSTALLMAN='install -p'
+%makeinstall INSTALLCMD='install -p' INSTALLMAN='install -p'
 install -D -m644 %{SOURCE3} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.service
 install -D -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.socket
@ -105,19 +118,21 @@ install -D -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/rsyncd.conf
 install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/rsyncd
 install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %check
 make check
 #scripts in support/* are needed to run upstream tests but after install these should not be executable
 chmod -x support/*
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc support/ tech_report.tex
+%doc NEWS OLDNEWS README support/ tech_report.tex
 %{_bindir}/%{name}
 %{_bindir}/r%{name}
 %{_bindir}/%{name}-ssl
 %{_mandir}/man1/%{name}.1*
 %{_mandir}/man1/r%{name}.1*
 %{_mandir}/man1/%{name}-ssl.1*
 %{_mandir}/man5/rsyncd.conf.5*
 %config(noreplace) %{_sysconfdir}/rsyncd.conf
 %files daemon
 %{_mandir}/man5/rsyncd.conf.5*
 %config(noreplace) %{_sysconfdir}/rsyncd.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/rsyncd
 %{_unitdir}/rsyncd.socket
 %{_unitdir}/rsyncd.service
@ -133,118 +148,66 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service
 %changelog
-* Tue Jan 14 2025 Jonathan Wright <jonathan@almalinux.org> - 3.2.5-1.alma.1
+* Tue Feb 04 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-21
- Fix for CVE-2024-12085
+- Resolves: RHEL-70207 - Path traversal vulnerability in rsync
 - Fix for CVE-2024-12086
 - Fix for CVE-2024-12087
 - Fix for CVE-2024-12088
 - Fix for CVE-2024-12747
-* Mon Dec 09 2024 Michal Ruprich <mruprich@redhat.com> - 3.2.3-21
+* Mon Feb 03 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-20
- Resolves: RHEL-70265 - Rebase rsync to 3.2.5
+- Resolves: RHEL-70207 - Path traversal vulnerability in rsync
- Resolves: RHEL-67142 - Wrong progress reported by rsync when using copy-devices
+- Resolves: RHEL-70209 - --safe-links option bypass leads to path traversal
- Resolves: RHEL-29340 - Slowness in rsync due to extra validation steps.
+- Resolves: RHEL-72502 - Race Condition in rsync Handling Symbolic Links
- Resolves: RHEL-18216 - rysnc script /usr/share/doc/rsync/support/rrsync is unsecure
+- Resolves: RHEL-70157 - Info Leak via Uninitialized Stack Contents
-* Thu Oct 19 2023 Alex Iribarren <Alex.Iribarren@cern.ch> - 3.2.3-20
+* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19.1
- Resolves: RHEL-14228 - rsync regression with --delay-updates
+- Resolves: #2139118 - rsync-daemon fail on 3.1.3
-* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-19
+* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19
- Resolves: #2139349 - rsync error: protocol incompatibility when using rsync-3.2.3-18.el9
+- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
-* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-18
+* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-18
- Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers
+- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers
-* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
+* Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17
- Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
+- Related: #2043753 - New option should not be sent to the server every time
-* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
+* Thu Jul 28 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-16
- Related: #2081296 - Adding ci.fmf for separation of testing results
+- Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering
-* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-15
+* Tue Apr 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-15
- Related: #2081296 - Disabling STI
+- Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs
-* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-14
+* Mon Oct 11 2021 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14
- Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs
+- Related: #1907443 - Adding fmf plans to run tests with tmt
-* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-13
+* Mon Sep 27 2021 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-13
- Resolves: #2079639 - rsync --atimes doesn't work
+- Resolves: #1907443 - Read-only files that have changed xattrs fail to allow xattr changes
-* Tue May 03 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-12
+* Fri Dec 18 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-12
- Resolves: #2081296 - Enable fmf tests in centos stream
+- Resolves: #1816528 - Defaults for --skip-compress are not working, everything is being compressed
-* Tue Apr 26 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-11
+* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-11
- Resolves: #2053198 - rsync segmentation fault
+- Resolves: #1855981 - rsync segfaults in --append mode
-* Fri Apr 22 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-10
+* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-10
- Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes
+- Resolves: #1727093 - rsync: "ABORTING due to invalid path from sender"
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-9
+* Mon Aug 24 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-9
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Resolves: #1667436 - rsyncd.service fails to start at boot if address is configured
  Related: rhbz#1991688
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-8
+* Wed Jun 10 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Resolves: #1775561 - rsync 3.1.2 hangs when run with -vvv to sync a large repository
  Related: rhbz#1971065
-* Mon May 31 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-7
+* Tue Oct 29 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7
- Resolves: #1955008 - rsync segfaults in --append mode when file on sender is large (> 2GB) and gets truncated
+- Resolves: #1693162 - remove-source-files fails with symlinks
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-6
+* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Resolves: #1602683 - Please review important issues found by covscan
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-5
+* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- Resolves: #1656761 - [FJ8.0 Bug]: [REG] The rsync command is terminated with SIGSEGV
-* Tue Dec 08 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-4
+* Wed Oct 03 2018 Michal Ruprich <mruprich@redhat.com> - 3.1.3-4
- Resolves: #1894485 - rsync is unable to set permissions when chrooted
+- Resolves: #1635631 - Remove --noatime option from rsync
- Getting rid of deprecated makeinstall macro
+  Cleaning spec file
 * Fri Nov 20 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-3
 - Disabling LTO as a temporary measure for rhbz#1898912
 * Thu Nov 19 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-2
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Mon Aug 31 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-1
 - New version 3.2.3
 - Removed upstream patches acls.diff and xattrs.diff
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-3
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jul 21 2020 Michal Ruprich <michalruprich@gmail.com> - 3.2.2-1
 - New version 3.2.2
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Thu Oct 10 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-10
 - Enabling upstream test suite during build rhbz#1533846
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Mon Apr 15 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8
 - Resolves: #1452187 - move man page rsyncd.conf(5) from rsync-daemon to rsync package
 - Moving the config file as well
 * Tue Mar 19 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7
 - Resolves: #1683737 - [abrt] rsync: utf8_internal_loop(): rsync killed by SIGSEGV
 * Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Jan 02 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5
 - Fix for rhbz#1586346 - rsyncd.service fails to start at boot if address is configured
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.1.3-3
 - Escape macros in %%changelog
`@ -1,2 +1,2 @@`
	`SOURCES/rsync-3.2.5.tar.gz`	`SOURCES/rsync-3.1.3.tar.gz`
	`SOURCES/rsync-patches-3.2.5.tar.gz`	`SOURCES/rsync-patches-3.1.3.tar.gz`
`@ -1,2 +1,2 @@`
	`26baded8871b9e2406add210cdbfa744c94642d2 SOURCES/rsync-3.2.5.tar.gz`	`82e7829c0b3cefbd33c233005341e2073c425629 SOURCES/rsync-3.1.3.tar.gz`
	`db897ede46e509347a84ca4e0cb02c452eeabdbe SOURCES/rsync-patches-3.2.5.tar.gz`	`74c16510a18ef43d797f9ceba6150f0862568cc0 SOURCES/rsync-patches-3.1.3.tar.gz`