23 changed files with 523 additions and 691 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/rsync-3.1.3.tar.gz
-SOURCES/rsync-patches-3.1.3.tar.gz
+SOURCES/rsync-3.2.3.tar.gz
+SOURCES/rsync-patches-3.2.3.tar.gz
--- a/.rsync.metadata
+++ b/.rsync.metadata
@ -1,2 +1,2 @@
-82e7829c0b3cefbd33c233005341e2073c425629 SOURCES/rsync-3.1.3.tar.gz
-74c16510a18ef43d797f9ceba6150f0862568cc0 SOURCES/rsync-patches-3.1.3.tar.gz
+00823f43901e7da39f3f0daf20ec9efae47e959e SOURCES/rsync-3.2.3.tar.gz
+5c4c2866931b0f4dbb0d07567b2963c9dc66ec87 SOURCES/rsync-patches-3.2.3.tar.gz
--- a/SOURCES/rsync-3.0.6-iconv-logging.patch
+++ b/SOURCES/rsync-3.0.6-iconv-logging.patch
@ -1,22 +0,0 @@
-diff --git a/log.c b/log.c
-index 34a013b..1aca728 100644
--- a/log.c
-+++ b/log.c
-@@ -377,10 +377,13 @@ output_msg:
- 				filtered_fwrite(f, convbuf, outbuf.len, 0);
- 				outbuf.len = 0;
- 			}
-			if (!ierrno || ierrno == E2BIG)
-				continue;
-			fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
-			inbuf.len--;
-+			/* Log one byte of illegal/incomplete sequence and continue with
-+			 * the next character. Check that the buffer is non-empty for the
-+			 * sake of robustness. */
-+			if ((ierrno == EILSEQ || ierrno == EINVAL) && inbuf.len) {
-+				fprintf(f, "\\#%03o", CVAL(inbuf.buf, inbuf.pos++));
-+				inbuf.len--;
-+			}
- 		}
- 	} else
- #endif
--- a/SOURCES/rsync-3.1.2-remove-symlinks.patch
+++ b/SOURCES/rsync-3.1.2-remove-symlinks.patch
@ -1,33 +0,0 @@
-diff --git a/sender.c b/sender.c
-index 03e4aadd..9b432ed9 100644
--- a/sender.c
-+++ b/sender.c
-@@ -32,6 +32,7 @@ extern int logfile_format_has_i;
- extern int want_xattr_optim;
- extern int csum_length;
- extern int append_mode;
-+extern int copy_links;
- extern int io_error;
- extern int flist_eof;
- extern int allowed_lull;
-@@ -138,17 +139,16 @@ void successful_send(int ndx)
- 		return;
- 	f_name(file, fname);
- 
-	if (do_lstat(fname, &st) < 0) {
-+	if ((copy_links ? do_stat(fname, &st) : do_lstat(fname, &st)) < 0) {
- 		failed_op = "re-lstat";
- 		goto failed;
- 	}
- 
-	if (S_ISREG(file->mode) /* Symlinks & devices don't need this check: */
-	 && (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
-+	if (st.st_size != F_LENGTH(file) || st.st_mtime != file->modtime
- #ifdef ST_MTIME_NSEC
- 	 || (NSEC_BUMP(file) && (uint32)st.ST_MTIME_NSEC != F_MOD_NSEC(file))
- #endif
-	)) {
-+	) {
- 		rprintf(FERROR_XFER, "ERROR: Skipping sender remove for changed file: %s\n", fname);
- 		return;
- 	}
--- a/SOURCES/rsync-3.1.2-vvv-hang.patch
+++ b/SOURCES/rsync-3.1.2-vvv-hang.patch
@ -1,33 +0,0 @@
-diff --git a/io.c b/io.c
-index 999c34e5..ceff3784 100644
--- a/io.c
-+++ b/io.c
-@@ -954,8 +954,17 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
- 	} else
- #endif
- 		needed = len + 4 + 3;
-	if (iobuf.msg.len + needed > iobuf.msg.size)
-		perform_io(needed, PIO_NEED_MSGROOM);
-+	if (iobuf.msg.len + needed > iobuf.msg.size) {
-+		if (!am_receiver)
-+			perform_io(needed, PIO_NEED_MSGROOM);
-+		else { /* We allow the receiver to increase their iobuf.msg size to avoid a deadlock. */
-+			size_t old_size = iobuf.msg.size;
-+			restore_iobuf_size(&iobuf.msg);
-+			realloc_xbuf(&iobuf.msg, iobuf.msg.size * 2);
-+			if (iobuf.msg.pos + iobuf.msg.len > old_size)
-+				memcpy(iobuf.msg.buf + old_size, iobuf.msg.buf, iobuf.msg.pos + iobuf.msg.len - old_size);
-+		}
-+	}
- 
- 	pos = iobuf.msg.pos + iobuf.msg.len; /* Must be set after any flushing. */
- 	if (pos >= iobuf.msg.size)
-@@ -1176,7 +1185,7 @@ int read_line(int fd, char *buf, size_t bufsiz, int flags)
- 
- #ifdef ICONV_OPTION
- 	if (flags & RL_CONVERT && iconv_buf.size < bufsiz)
-		realloc_xbuf(&iconv_buf, bufsiz + 1024);
-+		realloc_xbuf(&iconv_buf, ROUND_UP_1024(bufsiz) + 1024);
- #endif
- 
-   start:
--- a/SOURCES/rsync-3.1.3-append-check.patch
+++ b/SOURCES/rsync-3.1.3-append-check.patch
@ -1,44 +0,0 @@
-commit bd17c2a4e237ca1f38544db65053ecfea6054009
-Author: Tomas Korbar <tkorbar@redhat.com>
-Date:   Thu Sep 24 13:17:45 2020 +0200
-
-    Skip files for transfer that has been truncated during negotiation
-
-diff --git a/rsync.1 b/rsync.1
-index 6cabd44..855dd47 100644
--- a/rsync.1
-+++ b/rsync.1
-@@ -1004,8 +1004,10 @@ This causes rsync to update a file by appending data onto
- the end of the file, which presumes that the data that already exists on
- the receiving side is identical with the start of the file on the sending
- side.  If a file needs to be transferred and its size on the receiver is
-the same or longer than the size on the sender, the file is skipped.  This
-does not interfere with the updating of a file\(cq\&s non\-content attributes
-+the same or longer than the size on the sender, the file is skipped. It
-+also skips any files whose size on the sending side gets shorter during
-+the send negotiations (rsync warns about a "diminished" file when this
-+happens). This does not interfere with the updating of a file\(cq\&s non\-content attributes
- (e.g. permissions, ownership, etc.) when the file does not need to be
- transferred, nor does it affect the updating of any non\-regular files.
- Implies \fB\-\-inplace\fP.
-diff --git a/sender.c b/sender.c
-index 1cc28a1..e22eadd 100644
--- a/sender.c
-+++ b/sender.c
-@@ -379,6 +379,16 @@ void send_files(int f_in, int f_out)
- 			}
- 		}
- 
-+		if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
-+			rprintf(FWARNING, "skipped diminished file: %s\n",
-+				full_fname(fname));
-+			free_sums(s);
-+			close(fd);
-+			if (protocol_version >= 30)
-+				send_msg_int(MSG_NO_SEND, ndx);
-+			continue;
-+		}
-+
- 		if (st.st_size) {
- 			int32 read_size = MAX(s->blength * 3, MAX_MAP_SIZE);
- 			mbuf = map_file(fd, st.st_size, read_size, s->blength);
--- a/SOURCES/rsync-3.1.3-covscan.patch
+++ b/SOURCES/rsync-3.1.3-covscan.patch
@ -1,57 +0,0 @@
-diff --git a/util.c b/util.c
-index fbbfd8ba..235afa82 100644
--- a/util.c
-+++ b/util.c
-@@ -342,6 +342,7 @@ int copy_file(const char *source, const char *dest, int ofd, mode_t mode)
- 		if (robust_unlink(dest) && errno != ENOENT) {
- 			int save_errno = errno;
- 			rsyserr(FERROR_XFER, errno, "unlink %s", full_fname(dest));
-+			close(ifd);
- 			errno = save_errno;
- 			return -1;
- 		}
-diff --git a/lib/pool_alloc.c b/lib/pool_alloc.c
-index 5856d591..a70a3f1a 100644
--- a/lib/pool_alloc.c
-+++ b/lib/pool_alloc.c
-@@ -49,15 +49,15 @@ pool_create(size_t size, size_t quantum, void (*bomb)(const char *), int flags)
- {
- 	struct alloc_pool *pool;
- 
-	if (!(pool = new0(struct alloc_pool)))
-		return NULL;
-
- 	if ((MINALIGN & (MINALIGN - 1)) != 0) {
- 		if (bomb)
- 			(*bomb)("Compiler error: MINALIGN is not a power of 2\n");
- 		return NULL;
- 	}
- 
-+	if (!(pool = new0(struct alloc_pool)))
-+		return NULL;
-+
- 	if (!size)
- 		size = POOL_DEF_EXTENT;
- 	if (!quantum)
-diff --git a/batch.c b/batch.c
-index 21c632fc..1ab66e90 100644
--- a/batch.c
-+++ b/batch.c
-@@ -216,7 +216,7 @@ static void write_filter_rules(int fd)
- void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
- {
- 	int fd, i, len, err = 0;
-	char *p, filename[MAXPATHLEN];
-+	char *p, *p2, filename[MAXPATHLEN];
- 
- 	stringjoin(filename, sizeof filename,
- 		   batch_name, ".sh", NULL);
-@@ -267,7 +267,7 @@ void write_batch_shell_file(int argc, char *argv[], int file_arg_cnt)
- 				err = 1;
- 		}
- 	}
-	if (!(p = check_for_hostspec(argv[argc - 1], &p, &i)))
-+	if (!(p = check_for_hostspec(argv[argc - 1], &p2, &i)))
- 		p = argv[argc - 1];
- 	if (write(fd, " ${1:-", 6) != 6
- 	 || write_arg(fd, p) < 0)
--- a/SOURCES/rsync-3.1.3-ignore-missing.patch
+++ b/SOURCES/rsync-3.1.3-ignore-missing.patch
@ -1,49 +0,0 @@
-commit af6118d98b3482cbcfc223bf2a0777bc19eccb02
-Author: Wayne Davison <wayne@opencoder.net>
-Date:   Sun Apr 26 18:02:17 2020 -0700
-
-    Allow a missing parent dir when --delete-missing-args was specified.
-
-diff --git a/generator.c b/generator.c
-index 3c50f63f..b90c7ccd 100644
--- a/generator.c
-+++ b/generator.c
-@@ -1277,10 +1277,16 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
- 			 && (*dn != '.' || dn[1]) /* Avoid an issue with --relative and the "." dir. */
- 			 && (!prior_dir_file || strcmp(dn, f_name(prior_dir_file, NULL)) != 0)
- 			 && flist_find_name(cur_flist, dn, 1) < 0) {
-				rprintf(FERROR,
-					"ABORTING due to invalid path from sender: %s/%s\n",
-					dn, file->basename);
-				exit_cleanup(RERR_PROTOCOL);
-+				/* The --delete-missing-args option can actually put invalid entries into
-+				 * the file list, so if that option was specified, we'll just complain about
-+				 * it and allow it. */
-+				if (missing_args == 2 && file->mode == 0)
-+					rprintf(FERROR, "WARNING: parent dir is absent in the file list: %s\n", dn);
-+				else {
-+					rprintf(FERROR, "ABORTING due to invalid path from sender: %s/%s\n",
-+						dn, file->basename);
-+					exit_cleanup(RERR_PROTOCOL);
-+				}
- 			}
- 			if (relative_paths && !implied_dirs
- 			 && do_stat(dn, &sx.st) < 0) {
-@@ -1383,7 +1389,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
- 			added_perms = 0;
- 		if (is_dir < 0) {
- 			if (!(preserve_times & PRESERVE_DIR_TIMES))
-				return;
-+				goto cleanup;
- 			/* In inc_recurse mode we want to make sure any missing
- 			 * directories get created while we're still processing
- 			 * the parent dir (which allows us to touch the parent
-@@ -1525,7 +1531,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
- 					"ignoring unsafe symlink \"%s\" -> \"%s\"\n",
- 					fname, sl);
- 			}
-			return;
-+			goto cleanup;
- 		}
- 		if (statret == 0) {
- 			char lnk[MAXPATHLEN];
--- a/SOURCES/rsync-3.1.3-missing-xattr-filter.patch
+++ b/SOURCES/rsync-3.1.3-missing-xattr-filter.patch
@ -1,13 +0,0 @@
-diff --git a/exclude.c.old b/exclude.c
-index 232249f..2f6dccc 100644
--- a/exclude.c.old
-+++ b/exclude.c
-@@ -1575,6 +1575,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
- 	}
- 	if (rule->rflags & FILTRULE_EXCLUDE_SELF)
- 		*op++ = 'e';
-+	if (rule->rflags & FILTRULE_XATTR)
-+		*op++ = 'x';
- 	if (rule->rflags & FILTRULE_SENDER_SIDE
- 	    && (!for_xfer || protocol_version >= 29))
- 		*op++ = 's';
--- a/SOURCES/rsync-3.1.3-skip-compress.patch
+++ b/SOURCES/rsync-3.1.3-skip-compress.patch
@ -1,37 +0,0 @@
-diff --git a/loadparm.c b/loadparm.c
-index 029f358f..534e7b63 100644
--- a/loadparm.c
-+++ b/loadparm.c
-@@ -449,7 +449,7 @@ static struct parm_struct parm_table[] =
- };
- 
- /* Initialise the Default all_vars structure. */
-static void reset_all_vars(void)
-+void reset_daemon_vars(void)
- {
- 	memcpy(&Vars, &Defaults, sizeof Vars);
- }
-@@ -872,7 +872,7 @@ int lp_load(char *pszFname, int globals_only)
- {
- 	bInGlobalSection = True;
- 
-	reset_all_vars();
-+	reset_daemon_vars();
- 
- 	/* We get sections first, so have to start 'behind' to make up. */
- 	iSectionIndex = -1;
-diff --git a/main.c b/main.c
-index 1328c504..9af9e5d3 100644
--- a/main.c
-+++ b/main.c
-@@ -1681,6 +1681,10 @@ int main(int argc,char *argv[])
- 
- 	memset(&stats, 0, sizeof(stats));
- 
-+	/* Even a non-daemon runs needs the default config values to be set, e.g.
-+	 * lp_dont_compress() is queried when no --skip-compress option is set. */
-+	reset_daemon_vars();
-+
- 	if (argc < 2) {
- 		usage(FERROR);
- 		exit_cleanup(RERR_SYNTAX);
--- a/SOURCES/rsync-3.1.3-sparse-block.patch
+++ b/SOURCES/rsync-3.1.3-sparse-block.patch
@ -1,122 +0,0 @@
-diff --git a/fileio.c b/fileio.c
-index b183e20..72d6076 100644
--- a/fileio.c
-+++ b/fileio.c
-@@ -34,6 +34,7 @@
- #define ALIGNED_LENGTH(len) ((((len) - 1) | (ALIGN_BOUNDRY-1)) + 1)
- 
- extern int sparse_files;
-+extern int sparse_files_block_size;
- 
- OFF_T preallocated_len = 0;
- 
-@@ -147,7 +148,7 @@ int write_file(int f, int use_seek, OFF_T offset, const char *buf, int len)
- 	while (len > 0) {
- 		int r1;
- 		if (sparse_files > 0) {
-			int len1 = MIN(len, SPARSE_WRITE_SIZE);
-+			int len1 = MIN(len, sparse_files_block_size ? sparse_files_block_size : SPARSE_WRITE_SIZE);
- 			r1 = write_sparse(f, use_seek, offset, buf, len1);
- 			offset += r1;
- 		} else {
-diff --git a/options.c b/options.c
-index 195672e..d08c05a 100644
--- a/options.c
-+++ b/options.c
-@@ -76,6 +76,7 @@ int remove_source_files = 0;
- int one_file_system = 0;
- int protocol_version = PROTOCOL_VERSION;
- int sparse_files = 0;
-+long sparse_files_block_size = 0;
- int preallocate_files = 0;
- int do_compression = 0;
- int def_compress_level = NOT_SPECIFIED;
-@@ -717,6 +718,7 @@ void usage(enum logcode F)
-   rprintf(F,"     --fake-super            store/recover privileged attrs using xattrs\n");
- #endif
-   rprintf(F," -S, --sparse                turn sequences of nulls into sparse blocks\n");
-+  rprintf(F,"     --sparse-block=SIZE     set block size used to handle sparse files\n");
- #ifdef SUPPORT_PREALLOCATION
-   rprintf(F,"     --preallocate           allocate dest files before writing them\n");
- #else
-@@ -927,6 +929,7 @@ static struct poptOption long_options[] = {
-   {"sparse",          'S', POPT_ARG_VAL,    &sparse_files, 1, 0, 0 },
-   {"no-sparse",        0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
-   {"no-S",             0,  POPT_ARG_VAL,    &sparse_files, 0, 0, 0 },
-+  {"sparse-block",     0,  POPT_ARG_LONG,   &sparse_files_block_size, 0, 0, 0 },
-   {"preallocate",      0,  POPT_ARG_NONE,   &preallocate_files, 0, 0, 0},
-   {"inplace",          0,  POPT_ARG_VAL,    &inplace, 1, 0, 0 },
-   {"no-inplace",       0,  POPT_ARG_VAL,    &inplace, 0, 0, 0 },
-diff --git a/options.c b/options.c
-index b12da55..5a27452 100644
--- a/options.c
-+++ b/options.c
-@@ -2606,6 +2606,12 @@ void server_options(char **args, int *argc_p)
- 		args[ac++] = arg;
- 	}
- 
-+	if (sparse_files_block_size) {
-+		if (asprintf(&arg, "--sparse-block=%lu", sparse_files_block_size) < 0)
-+			goto oom;
-+		args[ac++] = arg;
-+	}
-+
- 	if (io_timeout) {
- 		if (asprintf(&arg, "--timeout=%d", io_timeout) < 0)
- 			goto oom;
-diff --git a/rsync.yo b/rsync.yo
--- a/rsync.yo
-+++ b/rsync.yo
-@@ -377,6 +377,7 @@ to the detailed description below for a complete description.  verb(
-      --super                 receiver attempts super-user activities
-      --fake-super            store/recover privileged attrs using xattrs
-  -S, --sparse                turn sequences of nulls into sparse blocks
-+     --sparse-block=SIZE     set block size used to handle sparse files
-      --preallocate           allocate dest files before writing
-  -n, --dry-run               perform a trial run with no changes made
-  -W, --whole-file            copy files whole (w/o delta-xfer algorithm)
-@@ -1299,6 +1300,15 @@ If combined with bf(--sparse), the file will only have sparse blocks (as
- opposed to allocated sequences of null bytes) if the kernel version and
- filesystem type support creating holes in the allocated data.
-
-+dit(bf(--sparse-block=SIZE)) Change the block size used to handle sparse files
-+to SIZE bytes.  This option only has an effect if the bf(--sparse) (bf(-S))
-+option was also specified.  The default block size used by rsync to detect a
-+file hole is 1024 bytes; when the receiver writes data to the destination file
-+and option bf(--sparse) is used, rsync checks every 1024-bytes chunk to detect
-+if they are actually filled with data or not.  With certain filesystems,
-+optimized to receive data streams for example, enlarging this block size can
-+strongly increase performance.  The option can be used to tune this block size.
-+
- dit(bf(-n, --dry-run)) This makes rsync perform a trial run that doesn't
- make any changes (and produces mostly the same output as a real run).  It
- is most commonly used in combination with the bf(-v, --verbose) and/or
-diff --git a/rsync.1 b/rsync.1
-index 855dd47..1d7af3c 100644
--- a/rsync.1
-+++ b/rsync.1
-@@ -454,6 +454,7 @@ to the detailed description below for a complete description.
-      \-\-super                 receiver attempts super\-user activities
-      \-\-fake\-super            store/recover privileged attrs using xattrs
-  \-S, \-\-sparse                turn sequences of nulls into sparse blocks
-+     \-\-sparse-block=SIZE      set block size used to handle sparse files
-      \-\-preallocate           allocate dest files before writing
-  \-n, \-\-dry\-run               perform a trial run with no changes made
-  \-W, \-\-whole\-file            copy files whole (w/o delta\-xfer algorithm)
-@@ -1493,6 +1493,16 @@ If combined with \fB\-\-sparse\fP, the file will only have sparse blocks (as
- opposed to allocated sequences of null bytes) if the kernel version and
- filesystem type support creating holes in the allocated data.
- .IP 
-+.IP "\fB\-\-sparse\-block=SIZE\fP"
-+Change the block size used to handle sparse files
-+to SIZE bytes.  This option only has an effect if the \fB\-\-sparse\fP (\fB\-S\fP)
-+option was also specified.  The default block size used by rsync to detect a
-+file hole is 1024 bytes; when the receiver writes data to the destination file
-+and option \fB\-\-sparse\fP is used, rsync checks every 1024\-bytes chunk to detect
-+if they are actually filled with data or not.  With certain filesystems,
-+optimized to receive data streams for example, enlarging this block size can
-+strongly increase performance.  The option can be used to tune this block size.
-+.IP
- .IP "\fB\-n, \-\-dry\-run\fP"
- This makes rsync perform a trial run that doesn\(cq\&t
- make any changes (and produces mostly the same output as a real run).  It
--- a/SOURCES/rsync-3.2.2-runtests.patch
+++ b/SOURCES/rsync-3.2.2-runtests.patch
@ -0,0 +1,12 @@
+diff --git a/runtests.sh.old b/runtests.sh
+index ecb383e..1cd1d1a 100755
+--- a/runtests.sh.old
+++ b/runtests.sh
+@@ -276,6 +276,7 @@ do
+ 
+     case "$testscript" in
+     *hardlinks*) TESTRUN_TIMEOUT=600 ;;
+    *default-acls*) continue ;;
+     *) TESTRUN_TIMEOUT=300 ;;
+     esac
+ 
--- a/SOURCES/rsync-3.2.2-ssl-verify-hostname.patch
+++ b/SOURCES/rsync-3.2.2-ssl-verify-hostname.patch
@ -0,0 +1,22 @@
+From Mon Sep 17 00:00:00 2001
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 12:16:08 -0400
+
+rsync-ssl: Verify the hostname in the certificate when using openssl.
+---
+ rsync-ssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
+++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
--- a/SOURCES/rsync-3.2.3-append-mode.patch
+++ b/SOURCES/rsync-3.2.3-append-mode.patch
@ -0,0 +1,36 @@
+diff --git a/rsync.1.md b/rsync.1.md
+index ec971ecc..7bb4c5a1 100644
+--- a/rsync.1.md
+++ b/rsync.1.md
+@@ -949,7 +949,9 @@ your home directory (remove the '=' for that).
+     existing content in the file (it only verifies the content that it is
+     appending).  Rsync skips any files that exist on the receiving side that
+     are not shorter than the associated file on the sending side (which means
+-    that new files are trasnferred).
+    that new files are trasnferred).  It also skips any files whose size on the
+    sending side gets shorter during the send negotiations (rsync warns about a
+    "diminished" file when this happens).
+ 
+     This does not interfere with the updating of a file's non-content
+     attributes (e.g.  permissions, ownership, etc.) when the file does not need
+diff --git a/sender.c b/sender.c
+index 94761c26..9cfca134 100644
+--- a/sender.c
+++ b/sender.c
+@@ -362,6 +362,16 @@ void send_files(int f_in, int f_out)
+ 			exit_cleanup(RERR_FILEIO);
+ 		}
+ 
+		if (append_mode > 0 && st.st_size < F_LENGTH(file)) {
+			rprintf(FWARNING, "skipped diminished file: %s\n",
+				full_fname(fname));
+			free_sums(s);
+			close(fd);
+			if (protocol_version >= 30)
+				send_msg_int(MSG_NO_SEND, ndx);
+			continue;
+		}
+
+ 		if (IS_DEVICE(st.st_mode) && st.st_size == 0)
+ 			st.st_size = get_device_size(fd, fname);
+ 
--- a/SOURCES/rsync-3.2.3-atimes.patch
+++ b/SOURCES/rsync-3.2.3-atimes.patch
@ -0,0 +1,48 @@
+diff --git a/rsync.c b/rsync.c
+index bcecac63..ff9489be 100644
+--- a/rsync.c
+++ b/rsync.c
+@@ -63,8 +63,7 @@ extern char *iconv_opt;
+ #define UPDATED_ATIME (1<<3)
+ #define UPDATED_ACLS  (1<<4)
+ #define UPDATED_MODE  (1<<5)
+-
+-#define UPDATED_TIMES (UPDATED_MTIME|UPDATED_ATIME)
+#define UPDATED_CRTIME (1<<6)
+ 
+ #ifdef ICONV_CONST
+ iconv_t ic_chck = (iconv_t)-1;
+@@ -576,10 +575,11 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
+ 		set_xattr(fname, file, fnamecmp, sxp);
+ #endif
+ 
+-	if (!preserve_times
+-	 || (!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
+-	 || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
+-		flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME;
+	if (!preserve_times)
+		flags |= ATTRS_SKIP_MTIME | (atimes_ndx ? 0 : ATTRS_SKIP_ATIME) | (crtimes_ndx ? 0 : ATTRS_SKIP_CRTIME);
+	else if ((!(preserve_times & PRESERVE_DIR_TIMES) && S_ISDIR(sxp->st.st_mode))
+	      || (!(preserve_times & PRESERVE_LINK_TIMES) && S_ISLNK(sxp->st.st_mode)))
+		flags |= ATTRS_SKIP_MTIME | ATTRS_SKIP_ATIME | ATTRS_SKIP_CRTIME;
+ 	else if (sxp != &sx2)
+ 		memcpy(&sx2.st, &sxp->st, sizeof (sx2.st));
+ 	if (!atimes_ndx || S_ISDIR(sxp->st.st_mode))
+@@ -606,7 +606,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
+ 			updated |= UPDATED_ATIME;
+ 		}
+ 	}
+-	if (updated & UPDATED_TIMES) {
+	if (updated & (UPDATED_MTIME|UPDATED_ATIME)) {
+ 		int ret = set_times(fname, &sx2.st);
+ 		if (ret < 0) {
+ 			rsyserr(FERROR_XFER, errno, "failed to set times on %s",
+@@ -614,7 +614,7 @@ int set_file_attrs(const char *fname, struct file_struct *file, stat_x *sxp,
+ 			goto cleanup;
+ 		}
+ 		if (ret > 0) { /* ret == 1 if symlink could not be set */
+-			updated &= ~UPDATED_TIMES;
+			updated &= ~(UPDATED_MTIME|UPDATED_ATIME);
+ 			file->flags |= FLAG_TIME_FAILED;
+ 		}
+ 	}
--- a/SOURCES/rsync-3.2.3-cve-2022-29154.patch
+++ b/SOURCES/rsync-3.2.3-cve-2022-29154.patch
@ -1,8 +1,8 @@
 diff --git a/exclude.c b/exclude.c
-index 7989fb3..13c4253 100644
+index e095744..7906caa 100644
 --- a/exclude.c
 +++ b/exclude.c
-@@ -24,18 +24,26 @@
+@@ -25,18 +25,26 @@
 
 extern int am_server;
 extern int am_sender;
@ -29,7 +29,7 @@ index 7989fb3..13c4253 100644
 extern char curr_dir[MAXPATHLEN];
 extern unsigned int curr_dir_len;
 extern unsigned int module_dirlen;
-@@ -43,8 +51,10 @@ extern unsigned int module_dirlen;
+@@ -44,8 +51,10 @@ extern unsigned int module_dirlen;
 filter_rule_list filter_list = { .debug_type = "" };
 filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" };
 filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" };
@ -40,7 +40,7 @@ index 7989fb3..13c4253 100644
 
 /* Need room enough for ":MODS " prefix plus some room to grow. */
 #define MAX_RULE_PREFIX (16)
-@@ -293,6 +303,233 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
+@@ -288,6 +297,233 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
 	}
 }
 
@ -143,9 +143,9 @@ index 7989fb3..13c4253 100644
 +			arg = cp + 3;
 +	} else if ((cp = strrchr(arg, '/')) != NULL) {
 +		arg = cp + 1;
+		if (*arg == '.' && arg[1] == '\0')
+			arg++;
 +	}
-+	if (*arg == '.' && arg[1] == '\0')
-+		arg++;
 +	arg_len = strlen(arg);
 +	if (arg_len) {
 +		if (strpbrk(arg, "*[?")) {
@ -274,7 +274,7 @@ index 7989fb3..13c4253 100644
 /* This frees any non-inherited items, leaving just inherited items on the list. */
 static void pop_filter_list(filter_rule_list *listp)
 {
-@@ -709,11 +946,12 @@ static void report_filter_result(enum logcode code, char const *name,
+@@ -702,11 +938,12 @@ static void report_filter_result(enum logcode code, char const *name,
 				 filter_rule const *ent,
 				 int name_flags, const char *type)
 {
@ -290,7 +290,7 @@ index 7989fb3..13c4253 100644
 		static char *actions[2][2]
 		    = { {"show", "hid"}, {"risk", "protect"} };
 		const char *w = who_am_i();
-@@ -721,7 +959,7 @@ static void report_filter_result(enum logcode code, char const *name,
+@@ -714,7 +951,7 @@ static void report_filter_result(enum logcode code, char const *name,
 			      : name_flags & NAME_IS_DIR ? "directory"
 			      : "file";
 		rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n",
@ -299,7 +299,7 @@ index 7989fb3..13c4253 100644
 		    t, name, ent->pattern,
 		    ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type);
 	}
-@@ -894,6 +1132,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr,
+@@ -886,6 +1123,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr,
 		}
 		switch (ch) {
 		case ':':
@ -308,10 +308,10 @@ index 7989fb3..13c4253 100644
 				      | FILTRULE_FINISH_SETUP;
 			/* FALL THROUGH */
 diff --git a/flist.c b/flist.c
-index 499440c..630d685 100644
+index 5a1e424..4e9dd10 100644
 --- a/flist.c
 +++ b/flist.c
-@@ -70,6 +70,7 @@ extern int need_unsorted_flist;
+@@ -72,6 +72,7 @@ extern int need_unsorted_flist;
 extern int sender_symlink_iconv;
 extern int output_needs_newline;
 extern int sender_keeps_checksum;
@ -319,7 +319,7 @@ index 499440c..630d685 100644
 extern int unsort_ndx;
 extern uid_t our_uid;
 extern struct stats stats;
-@@ -80,8 +81,7 @@ extern char curr_dir[MAXPATHLEN];
+@@ -82,8 +83,7 @@ extern char curr_dir[MAXPATHLEN];
 
 extern struct chmod_mode_struct *chmod_modes;
 
@ -329,7 +329,7 @@ index 499440c..630d685 100644
 
 #ifdef ICONV_OPTION
 extern int filesfrom_convert;
-@@ -904,6 +904,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
+@@ -971,6 +971,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
 
@ -350,10 +350,10 @@ index 499440c..630d685 100644
 		if (one_file_system) {
 			/* Room to save the dir's device for -x */
 diff --git a/io.c b/io.c
-index 59105ba..3aea50f 100644
+index b50a066..6d0a389 100644
 --- a/io.c
 +++ b/io.c
-@@ -374,6 +374,7 @@ static void forward_filesfrom_data(void)
+@@ -373,6 +373,7 @@ static void forward_filesfrom_data(void)
 			free_xbuf(&ff_xb);
 			if (ff_reenable_multiplex >= 0)
 				io_start_multiplex_out(ff_reenable_multiplex);
@ -361,7 +361,7 @@ index 59105ba..3aea50f 100644
 		}
 		return;
 	}
-@@ -415,6 +416,7 @@ static void forward_filesfrom_data(void)
+@@ -414,6 +415,7 @@ static void forward_filesfrom_data(void)
 		while (s != eob) {
 			if (*s++ == '\0') {
 				ff_xb.len = s - sob - 1;
@ -369,7 +369,7 @@ index 59105ba..3aea50f 100644
 				if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0)
 					exit_cleanup(RERR_PROTOCOL); /* impossible? */
 				write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */
-@@ -430,6 +432,7 @@ static void forward_filesfrom_data(void)
+@@ -429,6 +431,7 @@ static void forward_filesfrom_data(void)
 			ff_lastchar = '\0';
 		else {
 			/* Handle a partial string specially, saving any incomplete chars. */
@ -377,7 +377,7 @@ index 59105ba..3aea50f 100644
 			flags &= ~ICB_INCLUDE_INCOMPLETE;
 			if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) {
 				if (errno == E2BIG)
-@@ -446,13 +449,17 @@ static void forward_filesfrom_data(void)
+@@ -445,13 +448,17 @@ static void forward_filesfrom_data(void)
 		char *f = ff_xb.buf + ff_xb.pos;
 		char *t = ff_xb.buf;
 		char *eob = f + len;
@ -396,10 +396,10 @@ index 59105ba..3aea50f 100644
 		if ((len = t - ff_xb.buf) != 0) {
 			/* This will not circle back to perform_io() because we only get
 diff --git a/main.c b/main.c
-index 6113563..abe2ebf 100644
+index 46b97b5..f124a2d 100644
 --- a/main.c
 +++ b/main.c
-@@ -42,6 +42,7 @@ extern int output_needs_newline;
+@@ -48,6 +48,7 @@ extern int called_from_signal_handler;
 extern int need_messages_from_generator;
 extern int kluge_around_eof;
 extern int got_xfer_error;
@ -407,15 +407,15 @@ index 6113563..abe2ebf 100644
 extern int msgs2stderr;
 extern int module_id;
 extern int read_only;
-@@ -78,6 +79,7 @@ extern BOOL flist_receiving_enabled;
- extern BOOL shutting_down;
+@@ -87,6 +88,7 @@ extern BOOL shutting_down;
 extern int backup_dir_len;
 extern int basis_dir_cnt;
+ extern int default_af_hint;
 +extern int trust_sender_filter;
 extern struct stats stats;
 extern char *stdout_format;
 extern char *logfile_format;
-@@ -93,7 +95,7 @@ extern char curr_dir[MAXPATHLEN];
+@@ -102,7 +104,7 @@ extern char curr_dir[MAXPATHLEN];
 extern char backup_dir_buf[MAXPATHLEN];
 extern char *basis_dir[MAX_BASIS_DIRS+1];
 extern struct file_list *first_flist;
@ -424,7 +424,7 @@ index 6113563..abe2ebf 100644
 
 uid_t our_uid;
 gid_t our_gid;
-@@ -503,11 +505,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
+@@ -611,11 +613,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 				rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n");
 				exit_cleanup(RERR_SYNTAX);
 			}
@ -437,7 +437,7 @@ index 6113563..abe2ebf 100644
 			remote_argc--;
 		}
 	}
-@@ -534,6 +532,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
+@@ -642,6 +640,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 #ifdef ICONV_CONST
 		setup_iconv();
 #endif
@ -445,7 +445,7 @@ index 6113563..abe2ebf 100644
 	} else if (local_server) {
 		/* If the user didn't request --[no-]whole-file, force
 		 * it on, but only if we're not batch processing. */
-@@ -943,6 +942,7 @@ static int do_recv(int f_in, int f_out, char *local_name)
+@@ -1080,6 +1079,7 @@ static int do_recv(int f_in, int f_out, char *local_name)
 	}
 
 	am_generator = 1;
@ -453,8 +453,8 @@ index 6113563..abe2ebf 100644
 	flist_receiving_enabled = True;
 
 	io_end_multiplex_in(MPLX_SWITCHING);
-@@ -1340,6 +1340,10 @@ static int start_client(int argc, char *argv[])
- 		remote_argc = argc = 1;
+@@ -1475,6 +1475,10 @@ static int start_client(int argc, char *argv[])
+ 		rsync_port = 0;
 	}
 
 +	/* A local transfer doesn't unbackslash anything, so leave the args alone. */
@ -464,28 +464,28 @@ index 6113563..abe2ebf 100644
 	if (!rsync_port && remote_argc && !**remote_argv) /* Turn an empty arg into a dot dir. */
 		*remote_argv = ".";
 
-@@ -1358,6 +1362,8 @@ static int start_client(int argc, char *argv[])
+@@ -1500,6 +1504,8 @@ static int start_client(int argc, char *argv[])
 		char *dummy_host;
 		int dummy_port = rsync_port;
 		int i;
 +		if (filesfrom_fd < 0)
-+			add_implied_include(remote_argv[0], daemon_over_rsh);
+			add_implied_include(remote_argv[0], daemon_connection);
 		/* For remote source, any extra source args must have either
 		 * the same hostname or an empty hostname. */
 		for (i = 1; i < remote_argc; i++) {
-@@ -1381,6 +1387,7 @@ static int start_client(int argc, char *argv[])
+@@ -1523,6 +1529,7 @@ static int start_client(int argc, char *argv[])
 			if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */
 				arg = ".";
 			remote_argv[i] = arg;
-+			add_implied_include(arg, daemon_over_rsh);
+			add_implied_include(arg, daemon_connection);
 		}
 	}
 
 diff --git a/receiver.c b/receiver.c
-index d6a48f1..c0aa893 100644
+index 9df603f..3182e2d 100644
 --- a/receiver.c
 +++ b/receiver.c
-@@ -577,10 +577,13 @@ int recv_files(int f_in, int f_out, char *local_name)
+@@ -584,10 +584,13 @@ int recv_files(int f_in, int f_out, char *local_name)
 		if (DEBUG_GTE(RECV, 1))
 			rprintf(FINFO, "recv_files(%s)\n", fname);
 
@ -504,7 +504,7 @@ index d6a48f1..c0aa893 100644
 
 #ifdef SUPPORT_XATTRS
 diff --git a/options.c b/options.c
-index 43e8257..aaf8cc9 100644
+index 3e530c2..7582236 100644
 --- a/options.c
 +++ b/options.c
@@ -99,6 +99,7 @@ int filesfrom_fd = -1;
@ -514,8 +514,8 @@ index 43e8257..aaf8cc9 100644
 +int old_style_args = -1;
 int human_readable = 1;
 int recurse = 0;
- int allow_inc_recurse = 1;
-@@ -277,7 +278,7 @@ static struct output_struct debug_words[COUNT_DEBUG+1] = {
+ int mkpath_dest_arg = 0;
+@@ -287,7 +288,7 @@ static struct output_struct debug_words[COUNT_DEBUG+1] = {
 	DEBUG_WORD(DELTASUM, W_SND|W_REC, "Debug delta-transfer checksumming (levels 1-4)"),
 	DEBUG_WORD(DUP, W_REC, "Debug weeding of duplicate names"),
 	DEBUG_WORD(EXIT, W_CLI|W_SRV, "Debug exit events (levels 1-3)"),
@ -524,16 +524,16 @@ index 43e8257..aaf8cc9 100644
 	DEBUG_WORD(FLIST, W_SND|W_REC, "Debug file-list operations (levels 1-4)"),
 	DEBUG_WORD(FUZZY, W_REC, "Debug fuzzy scoring (levels 1-2)"),
 	DEBUG_WORD(GENR, W_REC, "Debug generator functions"),
-@@ -824,7 +825,7 @@ enum {OPT_VERSION = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
-       OPT_INCLUDE, OPT_INCLUDE_FROM, OPT_MODIFY_WINDOW, OPT_MIN_SIZE, OPT_CHMOD,
+@@ -575,7 +576,7 @@ enum {OPT_SERVER = 1000, OPT_DAEMON, OPT_SENDER, OPT_EXCLUDE, OPT_EXCLUDE_FROM,
       OPT_READ_BATCH, OPT_WRITE_BATCH, OPT_ONLY_WRITE_BATCH, OPT_MAX_SIZE,
-       OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG,
-      OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT,
-+      OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT, OPT_OLD_ARGS,
-       OPT_SERVER, OPT_REFUSED_BASE = 9000};
+       OPT_NO_D, OPT_APPEND, OPT_NO_ICONV, OPT_INFO, OPT_DEBUG, OPT_BLOCK_SIZE,
+       OPT_USERMAP, OPT_GROUPMAP, OPT_CHOWN, OPT_BWLIMIT, OPT_STDERR,
+-      OPT_OLD_COMPRESS, OPT_NEW_COMPRESS, OPT_NO_COMPRESS,
+      OPT_OLD_COMPRESS, OPT_NEW_COMPRESS, OPT_NO_COMPRESS, OPT_OLD_ARGS,
+       OPT_STOP_AFTER, OPT_STOP_AT,
+       OPT_REFUSED_BASE = 9000};
 
- static struct poptOption long_options[] = {
-@@ -1011,6 +1012,8 @@ static struct poptOption long_options[] = {
+@@ -779,6 +780,8 @@ static struct poptOption long_options[] = {
   {"files-from",       0,  POPT_ARG_STRING, &files_from, 0, 0, 0 },
   {"from0",           '0', POPT_ARG_VAL,    &eol_nulls, 1, 0, 0},
   {"no-from0",         0,  POPT_ARG_VAL,    &eol_nulls, 0, 0, 0},
@ -542,8 +542,8 @@ index 43e8257..aaf8cc9 100644
   {"protect-args",    's', POPT_ARG_VAL,    &protect_args, 1, 0, 0},
   {"no-protect-args",  0,  POPT_ARG_VAL,    &protect_args, 0, 0, 0},
   {"no-s",             0,  POPT_ARG_VAL,    &protect_args, 0, 0, 0},
-@@ -1577,6 +1580,13 @@ int parse_arguments(int *argc_p, const char ***argv_p)
- 			do_compression++;
+@@ -1605,6 +1608,13 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ 			compress_choice = NULL;
 			break;
 
 +		case OPT_OLD_ARGS:
@ -556,8 +556,8 @@ index 43e8257..aaf8cc9 100644
 		case 'M':
 			arg = poptGetOptArg(pc);
 			if (*arg != '-') {
-@@ -1829,6 +1839,21 @@ int parse_arguments(int *argc_p, const char ***argv_p)
- 		}
+@@ -1914,6 +1924,21 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+ 		max_alloc = size;
 	}
 
 +	if (old_style_args < 0) {
@ -578,7 +578,7 @@ index 43e8257..aaf8cc9 100644
 	if (protect_args < 0) {
 		if (am_server)
 			protect_args = 0;
-@@ -2381,6 +2406,71 @@ int parse_arguments(int *argc_p, const char ***argv_p)
+@@ -2451,6 +2476,71 @@ int parse_arguments(int *argc_p, const char ***argv_p)
 }
 
 
@ -650,7 +650,7 @@ index 43e8257..aaf8cc9 100644
 /**
  * Construct a filtered list of options to pass through from the
  * client to the server.
-@@ -2556,9 +2646,7 @@ void server_options(char **args, int *argc_p)
+@@ -2633,9 +2723,7 @@ void server_options(char **args, int *argc_p)
 			set++;
 		else
 			set = iconv_opt;
@ -661,7 +661,7 @@ index 43e8257..aaf8cc9 100644
 	}
 #endif
 
-@@ -2625,23 +2713,17 @@ void server_options(char **args, int *argc_p)
+@@ -2701,33 +2789,24 @@ void server_options(char **args, int *argc_p)
 	}
 
 	if (backup_dir) {
@ -689,9 +689,21 @@ index 43e8257..aaf8cc9 100644
 +	if (checksum_choice)
 +		args[ac++] = safe_arg("--checksum-choice", checksum_choice);
 
+ 	if (do_compression == CPRES_ZLIBX)
+ 		args[ac++] = "--new-compress";
+ 	else if (compress_choice && do_compression == CPRES_ZLIB)
+ 		args[ac++] = "--old-compress";
+-	else if (compress_choice) {
+-		if (asprintf(&arg, "--compress-choice=%s", compress_choice) < 0)
+-			goto oom;
+-		args[ac++] = arg;
+-	}
+	else if (compress_choice)
+		args[ac++] = safe_arg("--compress-choice", compress_choice);
+ 
 	if (am_sender) {
 		if (max_delete > 0) {
-@@ -2650,14 +2732,10 @@ void server_options(char **args, int *argc_p)
+@@ -2736,14 +2815,10 @@ void server_options(char **args, int *argc_p)
 			args[ac++] = arg;
 		} else if (max_delete == 0)
 			args[ac++] = "--max-delete=-1";
@ -710,7 +722,7 @@ index 43e8257..aaf8cc9 100644
 		if (delete_before)
 			args[ac++] = "--delete-before";
 		else if (delete_during == 2)
-@@ -2681,11 +2759,8 @@ void server_options(char **args, int *argc_p)
+@@ -2767,17 +2842,12 @@ void server_options(char **args, int *argc_p)
 		if (do_stats)
 			args[ac++] = "--stats";
 	} else {
@ -723,8 +735,16 @@ index 43e8257..aaf8cc9 100644
 +			args[ac++] = safe_arg("--skip-compress", skip_compress);
 	}
 
+-	if (max_alloc_arg && max_alloc != DEFAULT_MAX_ALLOC) {
+-		args[ac++] = "--max-alloc";
+-		args[ac++] = max_alloc_arg;
+-	}
+	if (max_alloc_arg && max_alloc != DEFAULT_MAX_ALLOC)
+		args[ac++] = safe_arg("--max-alloc", max_alloc_arg);
+ 
 	/* --delete-missing-args needs the cooperation of both sides, but
-@@ -2711,7 +2786,7 @@ void server_options(char **args, int *argc_p)
+ 	 * the sender can handle --ignore-missing-args by itself. */
+@@ -2802,7 +2872,7 @@ void server_options(char **args, int *argc_p)
 	if (partial_dir && am_sender) {
 		if (partial_dir != tmp_partialdir) {
 			args[ac++] = "--partial-dir";
@ -733,7 +753,7 @@ index 43e8257..aaf8cc9 100644
 		}
 		if (delay_updates)
 			args[ac++] = "--delay-updates";
-@@ -2734,17 +2809,11 @@ void server_options(char **args, int *argc_p)
+@@ -2825,17 +2895,11 @@ void server_options(char **args, int *argc_p)
 		args[ac++] = "--use-qsort";
 
 	if (am_sender) {
@ -755,7 +775,7 @@ index 43e8257..aaf8cc9 100644
 
 		if (ignore_existing)
 			args[ac++] = "--ignore-existing";
-@@ -2755,7 +2824,7 @@ void server_options(char **args, int *argc_p)
+@@ -2846,7 +2910,7 @@ void server_options(char **args, int *argc_p)
 
 		if (tmpdir) {
 			args[ac++] = "--temp-dir";
@ -764,16 +784,16 @@ index 43e8257..aaf8cc9 100644
 		}
 
 		if (basis_dir[0]) {
-@@ -2765,7 +2834,7 @@ void server_options(char **args, int *argc_p)
+@@ -2856,7 +2920,7 @@ void server_options(char **args, int *argc_p)
 			 */
 			for (i = 0; i < basis_dir_cnt; i++) {
- 				args[ac++] = dest_option;
+ 				args[ac++] = alt_dest_opt(0);
 -				args[ac++] = basis_dir[i];
 +				args[ac++] = safe_arg("", basis_dir[i]);
 			}
 		}
 	}
-@@ -2790,7 +2859,7 @@ void server_options(char **args, int *argc_p)
+@@ -2877,7 +2941,7 @@ void server_options(char **args, int *argc_p)
 	if (files_from && (!am_sender || filesfrom_host)) {
 		if (filesfrom_host) {
 			args[ac++] = "--files-from";
@ -782,7 +802,7 @@ index 43e8257..aaf8cc9 100644
 			if (eol_nulls)
 				args[ac++] = "--from0";
 		} else {
-@@ -2830,7 +2899,7 @@ void server_options(char **args, int *argc_p)
+@@ -2923,7 +2987,7 @@ void server_options(char **args, int *argc_p)
 			exit_cleanup(RERR_SYNTAX);
 		}
 		for (j = 1; j <= remote_option_cnt; j++)
@ -792,10 +812,10 @@ index 43e8257..aaf8cc9 100644
 
 	*argc_p = ac;
 diff --git a/clientserver.c b/clientserver.c
-index e2e2dc0..c18c024 100644
+index 48c15a6..feca9c8 100644
 --- a/clientserver.c
 +++ b/clientserver.c
-@@ -45,6 +45,7 @@ extern int protocol_version;
+@@ -47,6 +47,7 @@ extern int protocol_version;
 extern int io_timeout;
 extern int no_detach;
 extern int write_batch;
@ -803,7 +823,7 @@ index e2e2dc0..c18c024 100644
 extern int default_af_hint;
 extern int logfile_format_has_i;
 extern int logfile_format_has_o_or_i;
-@@ -255,20 +256,45 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
+@@ -288,20 +289,45 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
 
 	sargs[sargc++] = ".";
 
@ -857,87 +877,90 @@ index e2e2dc0..c18c024 100644
 		argc--;
 	}
 diff --git a/rsync.1 b/rsync.1
-index cf2f573..839f5ad 100644
+index e0e13cf..e363827 100644
 --- a/rsync.1
 +++ b/rsync.1
-@@ -197,7 +197,7 @@ or with the hostname omitted.  For instance, all these work:
- .br 
- \f(CWrsync \-av host::modname/file{1,2} host::modname/file3 /dest/\fP
- .br 
-\f(CWrsync \-av host::modname/file1 ::modname/file{3,4}\fP
-+\f(CWrsync \-av host::modname/file1 ::modname/file{3,4} /dest/\fP
+@@ -194,32 +194,27 @@ the hostname omitted.  For instance, all these work:
+ .nf
+ rsync -av host:file1 :file2 host:file{3,4} /dest/
+ rsync -av host::modname/file{1,2} host::modname/file3 /dest/
+-rsync -av host::modname/file1 ::modname/file{3,4}
+rsync -av host::modname/file1 ::modname/file{3,4} /dest/
+ .fi
 .RE
- 
- .PP 
-@@ -211,18 +211,23 @@ examples:
- .RE
- 
- .PP 
-This word\-splitting still works (by default) in the latest rsync, but is
-not as easy to use as the first method.
-.PP 
-If you need to transfer a filename that contains whitespace, you can either
-specify the \fB\-\-protect\-args\fP (\fB\-s\fP) option, or you\(cq\&ll need to escape
-the whitespace in a way that the remote shell will understand.  For
-instance:
-.PP 
-.RS 
-\f(CWrsync \-av host:'\&file\e name\e with\e spaces'\& /dest\fP
+ .P
+-Older versions of rsync required using quoted spaces in the SRC, like these
+-examples:
 +Starting this version of rsync, filenames are passed to a remote shell
 +in such a way as to preserve the characters you give it.
 +Thus, if you ask for a file with spaces in the name, that's what the
 +remote rsync looks for:
-+.PP
-+.RS
-+\f(CWrsync \-aiv host:'\&a simple file.pdf'\& /dest/\fP
+ .RS 4
+ .P
+ .nf
+-rsync -av host:'dir1/file1 dir2/file2' /dest
+-rsync host::'modname/dir1/file1 modname/dir2/file2' /dest
+rsync -aiv host:'a simple file.pdf' /dest/
+ .fi
 .RE
- 
-+.PP 
+ .P
+-This word-splitting still works (by default) in the latest rsync, but is not as
+-easy to use as the first method.
+-.P
+-If you need to transfer a filename that contains whitespace, you can either
+-specify the \fB\-\-protect-args\fP (\fB\-s\fP) option, or you'll need to escape the
+-whitespace in a way that the remote shell will understand.  For instance:
+-.RS 4
+-.P
+-.nf
+-rsync -av host:'file\\ name\\ with\\ spaces' /dest
+-.fi
+-.RE
 +If you use scripts that have been written to manually apply extra quoting to
 +the remote rsync args (or to require remote arg splitting), you can ask rsync
 +to let your script handle the extra escaping.  This is done by either adding
 +the \fB\-\-old\-args\fP option to the rsync runs in the script (which requires
 +a new rsync) or exporting \fBRSYNC_OLD_ARGS\fP=1 and \fBRSYNC_PROTECT_ARGS\fP=0
 +(which works with old or new rsync versions).
-+
- .PP 
+ .P
 .SH "CONNECTING TO AN RSYNC DAEMON"
- 
-@@ -429,6 +434,7 @@ to the detailed description below for a complete description.
-      \-\-append                append data onto shorter files
-      \-\-append\-verify         \-\-append w/old data in file checksum
-  \-d, \-\-dirs                  transfer directories without recursing
-+      \-\-old\-dirs, \-\-old\-d works like --dirs when talking to old rsync
-  \-l, \-\-links                 copy symlinks as symlinks
-  \-L, \-\-copy\-links            transform symlink into referent file/dir
-      \-\-copy\-unsafe\-links     only \(dq\&unsafe\(dq\& symlinks are transformed
-@@ -511,6 +517,7 @@ to the detailed description below for a complete description.
-      \-\-include\-from=FILE     read include patterns from FILE
-      \-\-files\-from=FILE       read list of source\-file names from FILE
-  \-0, \-\-from0                 all *from/filter files are delimited by 0s
-+     \-\-old\-args              disable the modern arg-protection idiom
-  \-s, \-\-protect\-args          no space\-splitting; wildcard chars only
-      \-\-address=ADDRESS       bind address for outgoing socket to daemon
-      \-\-port=PORT             specify double\-colon alternate port number
-@@ -1857,10 +1864,10 @@ Be cautious using this, as it is possible to toggle an option that will cause
- rsync to have a different idea about what data to expect next over the socket,
- and that will make it fail in a cryptic fashion.
- .IP 
-Note that it is best to use a separate \fB\-\-remote\-option\fP for each option you
-want to pass.  This makes your useage compatible with the \fB\-\-protect\-args\fP
-option.  If that option is off, any spaces in your remote options will be split
-by the remote shell unless you take steps to protect them.
+ .P
+@@ -427,6 +422,7 @@ detailed description below for a complete description.
+ --append                 append data onto shorter files
+ --append-verify          --append w/old data in file checksum
+ --dirs, -d               transfer directories without recursing
+--old-dirs, --old-d      works like --dirs when talking to old rsync
+ --mkpath                 create the destination's path component
+ --links, -l              copy symlinks as symlinks
+ --copy-links, -L         transform symlink into referent file/dir
+@@ -515,6 +511,7 @@ detailed description below for a complete description.
+ --include-from=FILE      read include patterns from FILE
+ --files-from=FILE        read list of source-file names from FILE
+ --from0, -0              all *-from/filter files are delimited by 0s
+--old-args               disable the modern arg-protection idiom
+ --protect-args, -s       no space-splitting; wildcard chars only
+ --copy-as=USER[:GROUP]   specify user & optional group for the copy
+ --address=ADDRESS        bind address for outgoing socket to daemon
+@@ -1950,11 +1947,10 @@ Be cautious using this, as it is possible to toggle an option that will
+ cause rsync to have a different idea about what data to expect next over
+ the socket, and that will make it fail in a cryptic fashion.
+ .IP
+-Note that it is best to use a separate \fB\-\-remote-option\fP for each option
+-you want to pass.  This makes your usage compatible with the
+-\fB\-\-protect-args\fP option.  If that option is off, any spaces in your remote
+-options will be split by the remote shell unless you take steps to protect
+-them.
 +Note that you should use a separate \fB\-M\fP for each remote option you
 +want to pass. On older rsync versions, the presence of any spaces in the
 +remote-option arg could cause it to be split into separate remote args, but
 +this requires the use of \fB\-\-old\-args\fP in this version of rsync.
- .IP 
- When performing a local transfer, the \(dq\&local\(dq\& side is the sender and the
- \(dq\&remote\(dq\& side is the receiver.
-@@ -2054,32 +2061,64 @@ merged files specified in a \fB\-\-filter\fP rule.
- It does not affect \fB\-\-cvs\-exclude\fP (since all names read from a .cvsignore
- file are split on whitespace).
- .IP 
+ .IP
+ When performing a local transfer, the "local" side is the sender and the
+ "remote" side is the receiver.
+@@ -2169,26 +2165,64 @@ terminated by a null ('\\0') character, not a NL, CR, or CR+LF.  This
+ affects \fB\-\-exclude-from\fP, \fB\-\-include-from\fP, \fB\-\-files-from\fP, and any merged
+ files specified in a \fB\-\-filter\fP rule.  It does not affect \fB\-\-cvs-exclude\fP
+ (since all names read from a .cvsignore file are split on whitespace).
 +.IP "\fB\-\-old\-args\fP"
 +This option tells rsync to stop trying to protect the arg values from
 +unintended word-splitting or other misinterpretation by using its new
@ -967,42 +990,38 @@ index cf2f573..839f5ad 100644
 +.IP
 +This option conflicts with the \fB\-\-protect\-args\fP option.
 +.IP
- .IP "\fB\-s, \-\-protect\-args\fP"
-This option sends all filenames and most options to
-the remote rsync without allowing the remote shell to interpret them.  This
-means that spaces are not split in names, and any non\-wildcard special
-characters are not translated (such as ~, $, ;, &, etc.).  Wildcards are
-expanded on the remote host by rsync (instead of the shell doing it).
-+This option sends all filenames and most options to the remote rsync
+ .IP "\fB\-\-protect-args\fP, \fB\-s\fP"
+ This option sends all filenames and most options to the remote rsync
+-without allowing the remote shell to interpret them.  This means that
+-spaces are not split in names, and any non-wildcard special characters are
+-not translated (such as \fB~\fP, \fB$\fP, \fB;\fP, \fB&\fP, etc.).  Wildcards are expanded
+-on the remote host by rsync (instead of the shell doing it).
 +without allowing the remote shell to interpret them.  Wildcards are
 +expanded on the remote host by rsync instead of the shell doing it.
 +.IP
 +This is similar to the new-style backslash-escaping of args that was added
 +in this version of rsync, but supports some extra features and doesn't
 +rely on backslash escaping in the remote shell.
- .IP 
- If you use this option with \fB\-\-iconv\fP, the args related to the remote
- side will also be translated
- from the local to the remote character\-set.  The translation happens before
- wild\-cards are expanded.  See also the \fB\-\-files\-from\fP option.
- .IP 
+ .IP
+ If you use this option with \fB\-\-iconv\fP, the args related to the remote side
+ will also be translated from the local to the remote character-set.  The
+ translation happens before wild-cards are expanded.  See also the
+ \fB\-\-files-from\fP option.
+ .IP
 -You may also control this option via the RSYNC_PROTECT_ARGS environment
-variable.  If this variable has a non\-zero value, this option will be enabled
+-variable.  If this variable has a non-zero value, this option will be
+-enabled by default, otherwise it will be disabled by default.  Either state
 +You may also control this setting via the RSYNC_PROTECT_ARGS environment
 +variable.  If it has a non-zero value, this setting will be enabled
- by default, otherwise it will be disabled by default.  Either state is
- overridden by a manually specified positive or negative version of this option
- (note that \fB\-\-no\-s\fP and \fB\-\-no\-protect\-args\fP are the negative versions).
-Since this option was first introduced in 3.0.0, you\(cq\&ll need to make sure it\(cq\&s
-disabled if you ever need to interact with a remote rsync that is older than
-that.
-.IP 
-Rsync can also be configured (at build time) to have this option enabled by
-default (with is overridden by both the environment and the command\-line).
-This option will eventually become a new default setting at some
-as\-yet\-undetermined point in the future.
-+This environment variable is also superseded by a non-zero \fBRSYNC_OLD_ARGS\fP export.
- .IP 
+by default, otherwise it will be disabled by default.  Either state
+ is overridden by a manually specified positive or negative version of this
+ option (note that \fB\-\-no-s\fP and \fB\-\-no-protect-args\fP are the negative
+-versions).  Since this option was first introduced in 3.0.0, you'll need to
+-make sure it's disabled if you ever need to interact with a remote rsync
+-that is older than that.
+versions). This environment variable is also superseded by a non-zero
+\fBRSYNC_OLD_ARGS\fP export.
+.IP
 +You may need to disable this option when interacting with an older rsync
 +(one prior to 3.0.0).
 +.IP
@ -1010,38 +1029,39 @@ index cf2f573..839f5ad 100644
 +.IP
 +Note that this option is incompatible with the use of the restricted rsync
 +script (`rrsync`) since it hides options from the script's inspection.
-+.IP
- .IP "\fB\-T, \-\-temp\-dir=DIR\fP"
- This option instructs rsync to use DIR as a
- scratch directory when creating temporary copies of the files transferred
-@@ -2371,7 +2410,11 @@ as a super\-user (see also the \fB\-\-fake\-super\fP option).  For the \fB\-\-gr
- option to have any effect, the \fB\-g\fP (\fB\-\-groups\fP) option must be used
- (or implied), and the receiver will need to have permissions to set that
- group.
-.IP 
-+.IP
+ .IP
+ Rsync can also be configured (at build time) to have this option enabled by
+ default (with is overridden by both the environment and the command-line).
+@@ -2675,7 +2708,10 @@ super-user (see also the \fB\-\-fake-super\fP option).  For the \fB\-\-groupmap\
+ option to have any effect, the \fB\-g\fP (\fB\-\-groups\fP) option must be used (or
+ implied), and the receiver will need to have permissions to set that group.
+ .IP
+-If your shell complains about the wildcards, use \fB\-\-protect-args\fP (\fB\-s\fP).
 +An older rsync client may need to use \fB\-\-protect\-args\fP (\fB\-s\fP)
 +to avoid a complaint about wildcard characters, but a modern rsync handles
 +this automatically.
 +.IP
 .IP "\fB\-\-chown=USER:GROUP\fP"
- This option forces all files to be owned by USER
- with group GROUP.  This is a simpler interface than using \fB\-\-usermap\fP and
-@@ -2382,6 +2425,10 @@ be omitted, but if USER is empty, a leading colon must be supplied.
- .IP 
- If you specify \(dq\&\-\-chown=foo:bar, this is exactly the same as specifying
- \(dq\&\-\-usermap=*:foo \-\-groupmap=*:bar\(dq\&, only easier.
+ This option forces all files to be owned by USER with group GROUP.  This is
+ a simpler interface than using \fB\-\-usermap\fP and \fB\-\-groupmap\fP directly, but
+@@ -2685,8 +2721,11 @@ will occur.  If GROUP is empty, the trailing colon may be omitted, but if
+ USER is empty, a leading colon must be supplied.
+ .IP
+ If you specify "\fB\-\-chown=foo:bar\fP", this is exactly the same as specifying
+-"\fB\-\-usermap=*:foo\ \-\-groupmap=*:bar\fP", only easier.  If your shell complains
+-about the wildcards, use \fB\-\-protect-args\fP (\fB\-s\fP).
+"\fB\-\-usermap=*:foo\ \-\-groupmap=*:bar\fP", only easier.
 +.IP
 +An older rsync client may need to use \fB\-\-protect\-args\fP (\fB\-s\fP) to avoid a
 +complaint about wildcard characters, but a modern rsync handles this
 +automatically.
- .IP 
- .IP "\fB\-\-timeout=TIMEOUT\fP"
- This option allows you to set a maximum I/O
-@@ -3983,10 +4030,24 @@ more details.
+ .IP "\fB\-\-timeout=SECONDS\fP"
+ This option allows you to set a maximum I/O timeout in seconds.  If no data
+ is transferred for the specified time then rsync will exit.  The default is
+@@ -4233,10 +4272,24 @@ The CVSIGNORE environment variable supplements any ignore patterns in
 .IP "\fBRSYNC_ICONV\fP"
- Specify a default \fB\-\-iconv\fP setting using this
- environment variable. (First supported in 3.0.0.)
+ Specify a default \fB\-\-iconv\fP setting using this environment variable. (First
+ supported in 3.0.0.)
 +.IP "\fBRSYNC_OLD_ARGS\fP"
 +Specify a "1" if you want the \fB\-\-old\-args\fP option to be enabled by default,
 +a "2" (or more) if you want it to be enabled in the option-repeated state,
@ -1052,14 +1072,14 @@ index cf2f573..839f5ad 100644
 +This variable is ignored if \fB\-\-old\-args\fP, \fB\-\-no\-old\-args\fP, or
 +\fB\-\-protect\-args\fP is specified on the command line.
 .IP "\fBRSYNC_PROTECT_ARGS\fP"
- Specify a non\-zero numeric value if you want the
- \fB\-\-protect\-args\fP option to be enabled by default, or a zero value to make
- sure that it is disabled by default. (First supported in 3.1.0.)
+ Specify a non-zero numeric value if you want the \fB\-\-protect-args\fP option to
+ be enabled by default, or a zero value to make sure that it is disabled by
+ default. (First supported in 3.1.0.)
 +.IP
 +This variable is ignored if \fB\-\-protect\-args\fP, \fB\-\-no\-protect\-args\fP,
 +or \fB\-\-old\-args\fP is specified on the command line.
 +.IP
 +This variable is ignored if \fBRSYNC_OLD_ARGS\fP is set to a non-zero value.
 .IP "\fBRSYNC_RSH\fP"
- The RSYNC_RSH environment variable allows you to
- override the default shell used as the transport for rsync.  Command line
+ The RSYNC_RSH environment variable allows you to override the default shell
+ used as the transport for rsync.  Command line options are permitted after
--- a/SOURCES/rsync-3.2.3-cve-2022-37434.patch
+++ b/SOURCES/rsync-3.2.3-cve-2022-37434.patch
--- a/SOURCES/rsync-3.2.3-filtering-rules.patch
+++ b/SOURCES/rsync-3.2.3-filtering-rules.patch
@ -42,7 +42,7 @@ index 13c4253..232249f 100644
 	char *p;
 	if (am_server || old_style_args || list_only || read_batch || filesfrom_host != NULL)
@@ -407,6 +413,7 @@ void add_implied_include(const char *arg, int skip_daemon_module)
- 		arg++;
+ 	}
 	arg_len = strlen(arg);
 	if (arg_len) {
 +		char *new_pat;
--- a/SOURCES/rsync-3.2.3-lchmod.patch
+++ b/SOURCES/rsync-3.2.3-lchmod.patch
@ -0,0 +1,53 @@
+diff --git a/syscall.c b/syscall.c
+index b9c3b4ef..11d10e4a 100644
+--- a/syscall.c
+++ b/syscall.c
+@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
+ #ifdef HAVE_CHMOD
+ int do_chmod(const char *path, mode_t mode)
+ {
+	static int switch_step = 0;
+ 	int code;
+ 	if (dry_run) return 0;
+ 	RETURN_ERROR_IF_RO_OR_LO;
+	switch (switch_step) {
+ #ifdef HAVE_LCHMOD
+-	code = lchmod(path, mode & CHMOD_BITS);
+-#else
+-	if (S_ISLNK(mode)) {
+#include "case_N.h"
+		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
+			break;
+		switch_step++;
+#endif
+
+#include "case_N.h"
+		if (S_ISLNK(mode)) {
+ # if defined HAVE_SETATTRLIST
+-		struct attrlist attrList;
+-		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+			struct attrlist attrList;
+			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+ 
+-		memset(&attrList, 0, sizeof attrList);
+-		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+-		attrList.commonattr = ATTR_CMN_ACCESSMASK;
+-		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+			memset(&attrList, 0, sizeof attrList);
+			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+			attrList.commonattr = ATTR_CMN_ACCESSMASK;
+			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+ # else
+-		code = 1;
+			code = 1;
+ # endif
+-	} else
+-		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+-#endif /* !HAVE_LCHMOD */
+		} else
+			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+		break;
+	}
+ 	if (code != 0 && (preserve_perms || preserve_executability))
+ 		return code;
+ 	return 0;
--- a/SOURCES/rsync-3.2.3-segfault.patch
+++ b/SOURCES/rsync-3.2.3-segfault.patch
@ -0,0 +1,24 @@
+From f5a9a1013873580d0ad2ae4f5c5038c324d71bfe Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Mon, 21 Feb 2022 14:19:31 -0800
+Subject: [PATCH] Fix possible array deref using invalid index.
+
+---
+ copy-devices.diff | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/patches/copy-devices.diff b/patches/copy-devices.diff
+index 797d046..4138474 100644
+--- a/patches/copy-devices.diff
+++ b/patches/copy-devices.diff
+@@ -111,8 +111,8 @@ diff --git a/rsync.c b/rsync.c
+  	if (iflags & ITEM_TRANSFER) {
+  		int i = ndx - cur_flist->ndx_start;
+ -		if (i < 0 || !S_ISREG(cur_flist->files[i]->mode)) {
+-+		struct file_struct *file = cur_flist->files[i];
+-+		if (i < 0 || !(S_ISREG(file->mode) || (copy_devices && IS_DEVICE(file->mode)))) {
++		if (i < 0
++		 || !(S_ISREG(cur_flist->files[i]->mode) || (copy_devices && IS_DEVICE(cur_flist->files[i]->mode)))) {
+  			rprintf(FERROR,
+  				"received request to transfer non-regular file: %d [%s]\n",
+  				ndx, who_am_i());
--- a/SOURCES/rsync-3.2.3-xattr.patch
+++ b/SOURCES/rsync-3.2.3-xattr.patch
--- a/SOURCES/rsync-man.patch
+++ b/SOURCES/rsync-man.patch
@ -1,10 +0,0 @@
--- rsync-3.0.9/rsync.1   2011-09-23 18:42:26.000000000 +0200
-+++ rsync-3.0.9/rsync.1   2012-09-19 10:40:19.698802861 +0200
-@@ -445,6 +445,7 @@
-  \-o, \-\-owner                 preserve owner (super\-user only)
-  \-g, \-\-group                 preserve group
-      \-\-devices               preserve device files (super\-user only)
-+     \-\-copy-devices          copy device contents as regular file
-      \-\-specials              preserve special files
-  \-D                          same as \-\-devices \-\-specials
-  \-t, \-\-times                 preserve modification times
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@ -1,6 +1,7 @@
 %global _hardened_build 1

 %define isprerelease 0
+%define _lto_cflags %{nil}

 %if %isprerelease
 %define prerelease pre1
@ -8,10 +9,9 @@

 Summary: A program for synchronizing files over a network
 Name: rsync
-Version: 3.1.3
-Release: 19%{?dist}.1
-Group: Applications/Internet
-URL: http://rsync.samba.org/
+Version: 3.2.3
+Release: 19%{?dist}
+URL: https://rsync.samba.org/

 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
 Source1: https://download.samba.org/pub/rsync/src/rsync-patches-%{version}%{?prerelease}.tar.gz
@ -21,27 +21,27 @@ Source4: rsyncd.conf
 Source5: rsyncd.sysconfig
 Source6: rsyncd@.service

+BuildRequires: make
+BuildRequires: gcc gcc-c++
 BuildRequires: libacl-devel, libattr-devel, autoconf, popt-devel, systemd
-#Requires: zlib
+BuildRequires: lz4-devel openssl-devel libzstd-devel
 #Added virtual provide for zlib due to https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries
 Provides: bundled(zlib) = 1.2.8
 License: GPLv3+

-Patch0: rsync-man.patch
-Patch1: rsync-3.0.6-iconv-logging.patch
-Patch2: rsync-3.1.3-covscan.patch
-Patch3: rsync-3.1.2-remove-symlinks.patch
-Patch4: rsync-3.1.2-vvv-hang.patch
-Patch5: rsync-3.1.3-ignore-missing.patch
-Patch6: rsync-3.1.3-append-check.patch
-Patch7: rsync-3.1.3-skip-compress.patch
-Patch8: rsync-3.1.3-xattr.patch
-Patch9: rsync-3.1.3-cve-2018-25032.patch
-Patch10: rsync-3.1.3-sparse-block.patch
-Patch11: rsync-3.1.3-cve-2022-29154.patch
-Patch12: rsync-3.1.3-cve-2022-37434.patch
-Patch13: rsync-3.1.3-filtering-rules.patch
-Patch14: rsync-3.1.3-missing-xattr-filter.patch
+#Added temporarily until new rebase
+Patch0: rsync-3.2.2-ssl-verify-hostname.patch
+#Added due to rhbz#1873975 - default-acls test fail on s390x due to libacl
+Patch1: rsync-3.2.2-runtests.patch
+Patch2: rsync-3.2.3-lchmod.patch
+Patch3: rsync-3.2.3-append-mode.patch
+Patch4: rsync-3.2.3-xattr.patch
+Patch5: rsync-3.2.3-segfault.patch
+Patch6: rsync-3.2.3-atimes.patch
+Patch7: rsync-3.1.3-cve-2018-25032.patch
+Patch8: rsync-3.2.3-cve-2022-37434.patch
+Patch9: rsync-3.2.3-cve-2022-29154.patch
+Patch10: rsync-3.2.3-filtering-rules.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -72,37 +72,33 @@ package provides the anonymous rsync service.
 %setup -q -b 1
 %endif

-#Needed for compatibility with previous patched rsync versions
-patch -p1 -i patches/acls.diff
-patch -p1 -i patches/xattrs.diff
-
 #Enable --copy-devices parameter
 patch -p1 -i patches/copy-devices.diff

-%patch0 -p1 -b .man
-%patch1 -p1 -b .iconv
-%patch2 -p1 -b .covscan
-%patch3 -p1 -b .symlinks
-%patch4 -p1 -b .vvv
-%patch5 -p1 -b .missing
-%patch6 -p1 -b .append
-%patch7 -p1 -b .skip-compress
-%patch8 -p1 -b .xattr
-%patch9 -p1 -b .cve-2018-25032
-%patch10 -p1 -b .spars-block
-%patch11 -p1 -b .cve-2022-29154
-%patch12 -p1 -b .cve-2022-37434
-%patch13 -p1 -b .filtering-rules
-%patch14 -p1 -b .xattr-filter
+%patch0 -p1 -b .verify-hostname
+%patch1 -p1 -b .runtests
+%patch2 -p1 -b .lchmod
+%patch3 -p1 -b .append-mode
+%patch4 -p1 -b .xattr
+%patch5 -p1 -b .segfault
+%patch6 -p1 -b .atimes
+%patch7 -p1 -b .cve-2018-25032
+%patch8 -p1 -b .cve-2022-37434
+%patch9 -p1 -b .cve-2022-29154
+%patch10 -p1 -b .filtering-rules

 %build
-%configure
+%configure --disable-xxhash
 # --with-included-zlib=no temporary disabled because of #1043965

-make %{?_smp_mflags}
+%{make_build}
+
+%check
+make check
+chmod -x support/*

 %install
-%makeinstall INSTALLCMD='install -p' INSTALLMAN='install -p'
+%{make_install} INSTALLCMD='install -p' INSTALLMAN='install -p'

 install -D -m644 %{SOURCE3} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.service
 install -D -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd.socket
@ -110,21 +106,17 @@ install -D -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/rsyncd.conf
 install -D -m644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/rsyncd
 install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service

-%check
-make check
-#scripts in support/* are needed to run upstream tests but after install these should not be executable
-chmod -x support/*
-
 %files
-%{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc NEWS OLDNEWS README support/ tech_report.tex
+%doc support/ tech_report.tex
 %{_bindir}/%{name}
+%{_bindir}/%{name}-ssl
 %{_mandir}/man1/%{name}.1*
-
-%files daemon
+%{_mandir}/man1/%{name}-ssl.1*
 %{_mandir}/man5/rsyncd.conf.5*
 %config(noreplace) %{_sysconfdir}/rsyncd.conf
+
+%files daemon
 %config(noreplace) %{_sysconfdir}/sysconfig/rsyncd
 %{_unitdir}/rsyncd.socket
 %{_unitdir}/rsyncd.service
@ -140,57 +132,102 @@ chmod -x support/*
 %systemd_postun_with_restart rsyncd.service

 %changelog
-* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19.1
- Resolves: #2139118 - rsync-daemon fail on 3.1.3
+* Wed Nov 02 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-19
+- Resolves: #2139349 - rsync error: protocol incompatibility when using rsync-3.2.3-18.el9

-* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19
- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
+* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-18
+- Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers

-* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-18
- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers
+* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
+- Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

-* Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17
- Related: #2043753 - New option should not be sent to the server every time
+* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
+- Related: #2081296 - Adding ci.fmf for separation of testing results

-* Thu Jul 28 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-16
- Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering
+* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-15
+- Related: #2081296 - Disabling STI

-* Tue Apr 12 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-15
- Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs
+* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-14
+- Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs

-* Mon Oct 11 2021 Michal Ruprich <mruprich@redhat.com> - 3.1.3-14
- Related: #1907443 - Adding fmf plans to run tests with tmt
+* Wed May 11 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-13
+- Resolves: #2079639 - rsync --atimes doesn't work

-* Mon Sep 27 2021 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-13
- Resolves: #1907443 - Read-only files that have changed xattrs fail to allow xattr changes
+* Tue May 03 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-12
+- Resolves: #2081296 - Enable fmf tests in centos stream

-* Fri Dec 18 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-12
- Resolves: #1816528 - Defaults for --skip-compress are not working, everything is being compressed
+* Tue Apr 26 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-11
+- Resolves: #2053198 - rsync segmentation fault

-* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-11
- Resolves: #1855981 - rsync segfaults in --append mode
+* Fri Apr 22 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-10
+- Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes

-* Thu Nov 05 2020 Tomas Korbar <tkorbar@redhat.com> - 3.1.3-10
- Resolves: #1727093 - rsync: "ABORTING due to invalid path from sender"
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-9
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Mon Aug 24 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-9
- Resolves: #1667436 - rsyncd.service fails to start at boot if address is configured
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-8
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065

-* Wed Jun 10 2020 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8
- Resolves: #1775561 - rsync 3.1.2 hangs when run with -vvv to sync a large repository
+* Mon May 31 2021 Michal Ruprich <mruprich@redhat.com> - 3.2.3-7
+- Resolves: #1955008 - rsync segfaults in --append mode when file on sender is large (> 2GB) and gets truncated

-* Tue Oct 29 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7
- Resolves: #1693162 - remove-source-files fails with symlinks
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.3-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-6
- Resolves: #1602683 - Please review important issues found by covscan
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Tue Apr 16 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5
- Resolves: #1656761 - [FJ8.0 Bug]: [REG] The rsync command is terminated with SIGSEGV
+* Tue Dec 08 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-4
+- Resolves: #1894485 - rsync is unable to set permissions when chrooted
+- Getting rid of deprecated makeinstall macro

-* Wed Oct 03 2018 Michal Ruprich <mruprich@redhat.com> - 3.1.3-4
- Resolves: #1635631 - Remove --noatime option from rsync
-  Cleaning spec file
+* Fri Nov 20 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-3
+- Disabling LTO as a temporary measure for rhbz#1898912
+
+* Thu Nov 19 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Mon Aug 31 2020 Michal Ruprich <mruprich@redhat.com> - 3.2.3-1
+- New version 3.2.3
+- Removed upstream patches acls.diff and xattrs.diff
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 21 2020 Michal Ruprich <michalruprich@gmail.com> - 3.2.2-1
+- New version 3.2.2
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 10 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-10
+- Enabling upstream test suite during build rhbz#1533846
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Apr 15 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-8
+- Resolves: #1452187 - move man page rsyncd.conf(5) from rsync-daemon to rsync package
+- Moving the config file as well
+
+* Tue Mar 19 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-7
+- Resolves: #1683737 - [abrt] rsync: utf8_internal_loop(): rsync killed by SIGSEGV
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jan 02 2019 Michal Ruprich <mruprich@redhat.com> - 3.1.3-5
+- Fix for rhbz#1586346 - rsyncd.service fails to start at boot if address is configured
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.1.3-3
 - Escape macros in %%changelog