gentoo auto-resync : 16:01:2025 - 06:41:40

author: V3n3RiX <venerix@koprulu.sector> 2025-01-16 06:41:40 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2025-01-16 06:41:40 +0000
commit: cb2f73d10494730ba590096a1f24ebc6d0d61a9f (patch)
tree: 6b17212245a07479b72573fb8380352300de6b65 /net-misc/rsync
parent: 8e26aeaca2a19592a9eea3917f3139bfde8641f0 (diff)
12 files changed, 728 insertions, 209 deletions
diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest
index 41442bf50e83..a89aecb49015 100644
--- a/net-misc/rsync/Manifest
+++ b/net-misc/rsync/Manifest
@@ -1,3 +1,12 @@
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12084.patch 4491 BLAKE2B c30ec7ea30e22aa83a3f91e227352435d774004edf54ca9baffbc35f41bb033f49da3b983c51feb02dd68b32a93d5e9d90f7887667b32395b5a793bead96f947 SHA512 f607742801a86badb03c94e398372cadc5a724ff2d31582407f02b7a58cc2f88a0ebf22a571c82a5e86ca96887551d344bbecf86ace40b925a3c6eb20beeb579
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12085.patch 475 BLAKE2B 8bd0b7419ebda64e3f5025cb4d5d5c0dfc33796d702744268ef31649bb002d6408a9c531412966d3ef4796e484d70899ad87745a91b0632c83ffbf8b9b29ce49 SHA512 9458c3ef99c4b9b8905155835d49b22b9d1b060beec13ccac9c3d730d1838b4a348d0206541dc2246cf33cdac73d4b7bfdcd4a6e44f9d14ad92f756ead4ae1e1
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch 5951 BLAKE2B 3df63a136201a800ef7e77debfa57270679577bd88dc67e0a776fca179a44f9396caf6321a0a4d74e780c769d005037837409f4a48e87ff0380166ed35ce23f3 SHA512 a1d4d0491fe494f80898c4663581ba257e1533f91622af7126855c2ffac8bc9eb482cbd5afb98d8ca8edfb4b7c9be9732a9beb62b3e6caf62ad5b9a19dfb2f9a
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch 858 BLAKE2B 0304bcddc59ae1f3fe4ad60c5f3c32639324a4dc24c9733d437d8db8211d814cd98e29d0d3c08f35673b2af2724db6ba920a416c9a08b5d91ba5e383d77b4518 SHA512 51e5355958dafbcb12176a8b2fd8377aad9ed9b0ebd62137a0d58723f5d9f6bd935f39d9f2a8f901ee722184d870c63b7e030cf4effc08866fe60b86b02fb678
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch 1417 BLAKE2B 54f66373ad63e7a4d2f33053a45b37445e5eb176ab9a359ae8fb812061debc18de7c25ba8b631d608314f3896e50b421317cb9e7e41350bcab7045cc54f6fa2d SHA512 837f06bf2f4ba6be96e09e644bc1ee344ce75cd21fa3648871ef7aa6deb3da2d5003dc1c10f888bf2591a66ec25284bb24f21871b9a08e4bac52d7c51be7469f
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch 1415 BLAKE2B 963e96a7b5ebf9f4910bc87df0a803af80d73f1b1b5765934006c5daa770b42369a8fe793376bb6ac41c162bae028ef420b9cefd4be6ac7c721e75254100b981 SHA512 e2233917710157fce268a4e349d12085e4f0d0ab426004b77ce281174724c771b84b193c60311d68fdfc9ae99e327904a2bbaf6a91aff31e1e5014ca24e3bb79
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12088.patch 2250 BLAKE2B c0454a03bc4868fcff7a3f94d68b6284197327f5ee909f1938d9e7e59ccfafbcd2d0d914c2e217aa1ccb5a93de4626d5c70950110e8bb39a8bdac6b6aec07ab9 SHA512 2e7efec103a8e8e0d32b881c9dac2673e7db66f7df77b1fc7689e6ae5f9a5c7246bae314dffedc45314164fbbb8ada951db69e8aa6a0e6544a3acae39f3841d8
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch 4916 BLAKE2B 335ec75ddc22e4f42723a98e839cf18d40d909a5d84a6dc0208a95582e6358be3f8c5b2fcc9fa804ee56b32ee6ecb8ff2739cf4a374dc58c0881934db7aab5fe SHA512 fd6f8c2f72441d77736cf223eeb33de415de1c1e13b4a399f4c1846aa678cd90b26952d55c62316ebf1633a901c35192baa15270c552131a5e687c2243f02364
+AUX 3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch 1110 BLAKE2B 4b049d3fee2fcdcfdeafca0560c9bab12de69657469bfab8f337d25a184e756361d154e9533d97b95417a066018bae9d135411f1342c0ccbf7f2eb6e409269d3 SHA512 e636c0b8b95582d2955eb38b7090706ed5a860d5835c5ef1e9432b58dd9d47c07bba599960931f4d503b1d25ddee02caffe325379c012e7d7849c4ad87894a58
 AUX rsync-3.2.7-flist-memcmp-ub.patch 773 BLAKE2B 9a30609a0bf09298dc2b1daeae7dcf3ba173d1d2431c077d612be03a3a531bf59b16d1846a8f7c467ef2ca576e01f0fe512067a04f834a9ca3d387e389b5d6e8 SHA512 4212d704d9b4b1a0d2d2cfca48ae91d29b90111ce4256ec8f9779d0778fe2bbb4a33b95e8a32ef181e1ab0ac2d1ea330e724a46f078826b39d2e09d374be6730
 AUX rsync-3.2.7-fortify-source-3.patch 1947 BLAKE2B c907e4ddc07693d8a6292f32782831953eee8711148c2e9aa5623dc5615474b59f25e309302c103a6c4a4177b18291a00983a62fa77c7faee04731114634c65d SHA512 b2bd012f318b1816a299a766c28a64cfc86307e4e1b047098f2a0334d775513f83724cdfa33ce567120c9b4fbbf9f6b8e0bbad0d434ac2444afff39fb5fa41da
 AUX rsync-3.2.7-ipv6-configure-c99.patch 1001 BLAKE2B 1ddb96eecef82a056af00ae221b9f5bc26284863a1ce63ae423e0b14979cfd57eb18f966f7572315e495ae25e4762da4115def7f04e32fe90cbc2b7a522805c0 SHA512 19a10798b8460741b8a3341a210d1828e1daeae707ad8cc910e4aa003e8bba405466a6cc64465294bd4eda81f1f876410a395e5012c3872cfce025f7ed0eec94
@@ -11,9 +20,8 @@ DIST rsync-3.2.7.tar.gz 1149787 BLAKE2B 1b910b321e8d6b49af9f26bef813509f0da12ded
 DIST rsync-3.2.7.tar.gz.asc 195 BLAKE2B d2bca9276d9a0c96a9156a8da60e391f58eceb2e1ffaa51b7e7ffd592feaba3ce54772bd563a251e3b30efb0ad07fc96da01158a77dd77c6534eac5d80b46e53 SHA512 bad9f48e033966566c6abf8cd485d35c0d9cf130eafb0c5fff9bcb928882283bbcdd2375e7c2880cf71cf81496ba6b743b61adca3d4678421c32915a2464acc3
 DIST rsync-3.3.0.tar.gz 1153969 BLAKE2B 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 SHA512 df5c53bc2f2b0e7e30f475903e5e4296dc2fbcf08e9ea6c3c61462d0e52b067c27e82deeb4be79102c86e9aa55a825182e126f22df44dabf5b7328acb2a01d10
 DIST rsync-3.3.0.tar.gz.asc 195 BLAKE2B bd077217bd44d406ac49a55b0c0d38c2accd4867b9fbf78a13fe906f52e1773d5a69aa3116a0c245abdeb1af54705d6ffc75aaba8b276ba9229bbb3340d7c3e8 SHA512 611d26374e0ff98ffb11b6ad6555f08773b9f09e1fbf232abc73c5d472b0defd28fd559bd42707774204d055b93be289f19f4db94bbdfe0b0935918fd922cced
-EBUILD rsync-3.2.7-r4.ebuild 5576 BLAKE2B 3e67c9f3786956aa97bd39010738bc9b0c17b5116abee6c802a3038a125199259c2faa5fecdb79b89e532e6a7367ba0838d7d6b19c2dabe1e3d4fb46e00b8aae SHA512 7ef46478145f92bcf7c6c6f29cf421f5507dd4990a37027faa1d7b7e1c91ed8059a0a5de76d117b6598f7c8b0e264c9a6371fa90de1fcffd765d6102b4c3bbdd
 EBUILD rsync-3.2.7-r5.ebuild 5576 BLAKE2B 5a8e3a2fb7c47ab5c1fb90d763cbad907b6640461e6ceba95873f396328582fd072e759bac9f7e237e0d33d121aed906be360c120ec7d927623f180633793e7c SHA512 b061f5535543cb940083326ce4aad8792f101cd3e1826094c887bea5aedadf2ee325cad8b1682c8efc4390b845524c7c8624a61492ed8ffeefdbb57d29ee0a64
 EBUILD rsync-3.3.0-r1.ebuild 5538 BLAKE2B 99329c9b455670a69887520f675ceb6455ab2ae11eedcce5320efe3b6e6d7d4350a7117dcc057c3f624b88dc83ba84212d8ed9c02be8a51eb8a24c89b6957423 SHA512 c41012aff6a0a5fa8c5140d888aeba80f950b6c631a8f0705b5d588fc533902838d04ce7cc23d48c3c59fddb67f778935dcae11d5098ba44dbb5832febc47bc9
-EBUILD rsync-3.3.0.ebuild 5427 BLAKE2B ec1b71e99947ec4d5ec5756e26ce945dcb92aea304d76689b3bcadbe65e6737a4f87a5db7b549defb618f6d257e7e68b7fee4872f6a05d45edc6699c941b4862 SHA512 a3cdefe211df712d583d8794cf246a1f177386c9020c76381259aa0df4980973bb4f1d31704967a784e688e929485085b4bdd50c19f2ad626fd5d4fe89a15b77
+EBUILD rsync-3.3.0-r2.ebuild 5620 BLAKE2B 4f842f113a664fcabe1d1779cd201bc998e16b84f44c273ed0fcef5c489b63a3a2f358e5e654aca6a32f6cbaca3e82bbba93057218aa933a538e4afbb694e22a SHA512 35f476ca6d92607e113bf3f3db7ee04aa7ba1d3f5309c7f2a25ecd3f340e1ff69993412a6e2f0d58b27eb16c5bc8608f0227cee56902f1aee2ae16ec0e8c7218
 EBUILD rsync-9999.ebuild 5435 BLAKE2B fdc933e79da83abdd9df7e33aa4bba0e138f60efdc8a5723ca11c2bbc9009f07952cc88a8c4f126e76acb33cf8a7c4350e25917c0259289601954387f875388d SHA512 030e390d9e4b8c3895a4798684fd6d7ed203232cebedc6d1bc75cb9e6f8e3f6ad8466266641a889eb865da208d87fdcd9aef73a2f5b116005819e8608f9315b3
 MISC metadata.xml 886 BLAKE2B 65871157f4f8f6340408431fa5f019d7dd58382212b7b5c2021d77ecddcfba56f5528594dda16e624882b79a99235a1c3f5a4f8e7f175551922edd67e2d7c756 SHA512 0291f2876aa480d7d1a4d5834ac9b2e0267bb4b77874f43079d9ebb0420ee64f17df0ca28d71f94d0c3738f92d6fda44222ea0904360826bf3ce87c92375d081
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch
new file mode 100644
index 000000000000..c4479ef8a80f
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch
@@ -0,0 +1,132 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/io.c b/io.c
+index a99ac0e..bb60eec 100644
+--- a/io.c
++++ b/io.c
+@@ -55,6 +55,7 @@ extern int read_batch;
+ extern int compat_flags;
+ extern int protect_args;
+ extern int checksum_seed;
++extern int xfer_sum_len;
+ extern int daemon_connection;
+ extern int protocol_version;
+ extern int remove_source_files;
+@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum)
+ 		exit_cleanup(RERR_PROTOCOL);
+ 	}
+ 	sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f);
+-	if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) {
++	if (sum->s2length < 0 || sum->s2length > xfer_sum_len) {
+ 		rprintf(FERROR, "Invalid checksum length %d [%s]\n",
+ 			sum->s2length, who_am_i());
+ 		exit_cleanup(RERR_PROTOCOL);
+diff --git a/match.c b/match.c
+index cdb30a1..36e78ed 100644
+--- a/match.c
++++ b/match.c
+@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s,
+ 				done_csum2 = 1;
+ 			}
+ 
+-			if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) {
++			if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) {
+ 				false_alarms++;
+ 				continue;
+ 			}
+@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s,
+ 					if (i != aligned_i) {
+ 						if (sum != s->sums[aligned_i].sum1
+ 						 || l != s->sums[aligned_i].len
+-						 || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0)
++						 || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0)
+ 							goto check_want_i;
+ 						i = aligned_i;
+ 					}
+@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s,
+ 						if (sum != s->sums[i].sum1)
+ 							goto check_want_i;
+ 						get_checksum2((char *)map, l, sum2);
+-						if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0)
++						if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0)
+ 							goto check_want_i;
+ 						/* OK, we have a re-alignment match.  Bump the offset
+ 						 * forward to the new match point. */
+@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s,
+ 			 && (!updating_basis_file || s->sums[want_i].offset >= offset
+ 			  || s->sums[want_i].flags & SUMFLG_SAME_OFFSET)
+ 			 && sum == s->sums[want_i].sum1
+-			 && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) {
++			 && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) {
+ 				/* we've found an adjacent match - the RLL coder
+ 				 * will be happy */
+ 				i = want_i;
+diff --git a/rsync.c b/rsync.c
+index cd288f5..b130aba 100644
+--- a/rsync.c
++++ b/rsync.c
+@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha
+   */
+ void free_sums(struct sum_struct *s)
+ {
+-	if (s->sums) free(s->sums);
++	if (s->sums) {
++		free(s->sums);
++		free(s->sum2_array);
++	}
+ 	free(s);
+ }
+ 
+diff --git a/rsync.h b/rsync.h
+index d3709fe..0f9e277 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -958,12 +958,12 @@ struct sum_buf {
+ 	uint32 sum1;	        /**< simple checksum */
+ 	int32 chain;		/**< next hash-table collision */
+ 	short flags;		/**< flag bits */
+-	char sum2[SUM_LENGTH];	/**< checksum  */
+ };
+ 
+ struct sum_struct {
+ 	OFF_T flength;		/**< total file length */
+ 	struct sum_buf *sums;	/**< points to info for each chunk */
++	char *sum2_array;	/**< checksums of length xfer_sum_len */
+ 	int32 count;		/**< how many chunks */
+ 	int32 blength;		/**< block_length */
+ 	int32 remainder;	/**< flength % block_length */
+@@ -982,6 +982,8 @@ struct map_struct {
+ 	int status;		/* first errno from read errors		*/
+ };
+ 
++#define sum2_at(s, i)	((s)->sum2_array + ((size_t)(i) * xfer_sum_len))
++
+ #define NAME_IS_FILE		(0)    /* filter name as a file */
+ #define NAME_IS_DIR		(1<<0) /* filter name as a dir */
+ #define NAME_IS_XATTR		(1<<2) /* filter name as an xattr */
+diff --git a/sender.c b/sender.c
+index 3d4f052..2bbff2f 100644
+--- a/sender.c
++++ b/sender.c
+@@ -31,6 +31,7 @@ extern int log_before_transfer;
+ extern int stdout_format_has_i;
+ extern int logfile_format_has_i;
+ extern int want_xattr_optim;
++extern int xfer_sum_len;
+ extern int csum_length;
+ extern int append_mode;
+ extern int copy_links;
+@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f)
+ 		return(s);
+ 
+ 	s->sums = new_array(struct sum_buf, s->count);
++	s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len);
+ 
+ 	for (i = 0; i < s->count; i++) {
+ 		s->sums[i].sum1 = read_int(f);
+-		read_buf(f, s->sums[i].sum2, s->s2length);
++		read_buf(f, sum2_at(s, i), s->s2length);
+ 
+ 		s->sums[i].offset = offset;
+ 		s->sums[i].flags = 0;
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch
new file mode 100644
index 000000000000..d841ad0716dc
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch
@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/match.c b/match.c
+index 36e78ed..dfd6af2 100644
+--- a/match.c
++++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+ 	int more;
+ 	schar *map;
+ 
++	// prevent possible memory leaks
++	memset(sum2, 0, sizeof sum2);
++
+ 	/* want_i is used to encourage adjacent matches, allowing the RLL
+ 	 * coding of the output to work more efficiently. */
+ 	want_i = 0;
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch
new file mode 100644
index 000000000000..b0ab88e8c106
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch
@@ -0,0 +1,200 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/receiver.c b/receiver.c
+index 6b4b369..8031b8f 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern filter_rule_list daemon_filter_list;
+ extern OFF_T preallocated_len;
++extern int fuzzy_basis;
+ 
+ extern struct name_num_item *xfer_sum_nni;
+ extern int xfer_sum_len;
+@@ -551,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 	progress_init();
+ 
+ 	while (1) {
++		const char *basedir = NULL;
++
+ 		cleanup_disable();
+ 
+ 		/* This call also sets cur_flist. */
+@@ -716,28 +719,34 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 				fnamecmp = get_backup_name(fname);
+ 				break;
+ 			case FNAMECMP_FUZZY:
++				if (fuzzy_basis == 0) {
++					rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
++					exit_cleanup(RERR_PROTOCOL);
++				}
+ 				if (file->dirname) {
+-					pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+-					fnamecmp = fnamecmpbuf;
+-				} else
+-					fnamecmp = xname;
++					basedir = file->dirname;
++				}
++				fnamecmp = xname;
+ 				break;
+ 			default:
+ 				if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) {
+ 					fnamecmp_type -= FNAMECMP_FUZZY + 1;
+ 					if (file->dirname) {
+-						stringjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+-							   basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL);
+-					} else
+-						pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname);
++						pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname);
++						basedir = fnamecmpbuf;
++					} else {
++						basedir = basis_dir[fnamecmp_type];
++					}
++					fnamecmp = xname;
+ 				} else if (fnamecmp_type >= basis_dir_cnt) {
+ 					rprintf(FERROR,
+ 						"invalid basis_dir index: %d.\n",
+ 						fnamecmp_type);
+ 					exit_cleanup(RERR_PROTOCOL);
+-				} else
+-					pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname);
+-				fnamecmp = fnamecmpbuf;
++				} else {
++					basedir = basis_dir[fnamecmp_type];
++					fnamecmp = fname;
++				}
+ 				break;
+ 			}
+ 			if (!fnamecmp || (daemon_filter_list.head
+@@ -760,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 		}
+ 
+ 		/* open the file */
+-		fd1 = do_open(fnamecmp, O_RDONLY, 0);
++		fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+ 
+ 		if (fd1 == -1 && protocol_version < 29) {
+ 			if (fnamecmp != fname) {
+@@ -771,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 
+ 			if (fd1 == -1 && basis_dir[0]) {
+ 				/* pre-29 allowed only one alternate basis */
+-				pathjoin(fnamecmpbuf, sizeof fnamecmpbuf,
+-					 basis_dir[0], fname);
+-				fnamecmp = fnamecmpbuf;
++				basedir = basis_dir[0];
++				fnamecmp = fname;
+ 				fnamecmp_type = FNAMECMP_BASIS_DIR_LOW;
+-				fd1 = do_open(fnamecmp, O_RDONLY, 0);
++				fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0);
+ 			}
+ 		}
+ 
++		if (basedir) {
++			// for the following code we need the full
++			// path name as a single string
++			pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp);
++			fnamecmp = fnamecmpbuf;
++		}
++
+ 		one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR;
+ 		updating_basis_or_equiv = one_inplace
+ 		    || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP));
+diff --git a/syscall.c b/syscall.c
+index d92074a..47c5ea5 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -33,6 +33,8 @@
+ #include <sys/syscall.h>
+ #endif
+ 
++#include "ifuncs.h"
++
+ extern int dry_run;
+ extern int am_root;
+ extern int am_sender;
+@@ -712,3 +714,82 @@ int do_open_nofollow(const char *pathname, int flags)
+ 
+ 	return fd;
+ }
++
++/*
++  open a file relative to a base directory. The basedir can be NULL,
++  in which case the current working directory is used. The relpath
++  must be a relative path, and the relpath must not contain any
++  elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
++  applies to all path components, not just the last component)
++
++  The relpath must also not contain any ../ elements in the path
++*/
++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
++{
++	if (!relpath || relpath[0] == '/') {
++		// must be a relative path
++		errno = EINVAL;
++		return -1;
++	}
++	if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
++		// no ../ elements allowed in the relpath
++		errno = EINVAL;
++		return -1;
++	}
++
++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
++	// really old system, all we can do is live with the risks
++	if (!basedir) {
++		return open(relpath, flags, mode);
++	}
++	char fullpath[MAXPATHLEN];
++	pathjoin(fullpath, sizeof fullpath, basedir, relpath);
++	return open(fullpath, flags, mode);
++#else
++	int dirfd = AT_FDCWD;
++	if (basedir != NULL) {
++		dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
++		if (dirfd == -1) {
++			return -1;
++		}
++	}
++	int retfd = -1;
++
++	char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
++	if (!path_copy) {
++		return -1;
++	}
++	
++	for (const char *part = strtok(path_copy, "/");
++	     part != NULL;
++	     part = strtok(NULL, "/"))
++	{
++		int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
++		if (next_fd == -1 && errno == ENOTDIR) {
++			if (strtok(NULL, "/") != NULL) {
++				// this is not the last component of the path
++				errno = ELOOP;
++				goto cleanup;
++			}
++			// this could be the last component of the path, try as a file
++			retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
++			goto cleanup;
++		}
++		if (next_fd == -1) {
++			goto cleanup;
++		}
++		if (dirfd != AT_FDCWD) close(dirfd);
++		dirfd = next_fd;
++	}
++
++	// the path must be a directory
++	errno = EINVAL;
++
++cleanup:
++	free(path_copy);
++	if (dirfd != AT_FDCWD) {
++		close(dirfd);
++	}
++	return retfd;
++#endif // O_NOFOLLOW, O_DIRECTORY
++}
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch
new file mode 100644
index 000000000000..ae0a85bc4a5d
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch
@@ -0,0 +1,26 @@
+https://github.com/RsyncProject/rsync/pull/707
+
+From 4e9b6476325eb08931025d719cfc3ff2c94d2b23 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 15 Jan 2025 15:59:17 +0100
+Subject: [PATCH] Fix build on ancient glibc without openat(AT_FDCWD
+
+Fixes: https://github.com/RsyncProject/rsync/issues/701
+---
+ syscall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/syscall.c b/syscall.c
+index 8cea2900..34a9bba0 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -734,7 +734,7 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
+ 		return -1;
+ 	}
+ 
+-#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) || !defined(AT_FDCWD)
+ 	// really old system, all we can do is live with the risks
+ 	if (!basedir) {
+ 		return open(relpath, flags, mode);
+
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch
new file mode 100644
index 000000000000..2328f3c0f6eb
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/flist.c b/flist.c
+index 464d556..087f9da 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2584,6 +2584,19 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+ 		init_hard_links();
+ #endif
+ 
++	if (inc_recurse && dir_ndx >= 0) {
++		if (dir_ndx >= dir_flist->used) {
++			rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
++			exit_cleanup(RERR_PROTOCOL);
++		}
++		struct file_struct *file = dir_flist->files[dir_ndx];
++		if (file->flags & FLAG_GOT_DIR_FLIST) {
++			rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
++			exit_cleanup(RERR_PROTOCOL);
++		}
++		file->flags |= FLAG_GOT_DIR_FLIST;
++	}
++
+ 	flist = flist_new(0, "recv_file_list");
+ 	flist_expand(flist, FLIST_START_LARGE);
+ 
+diff --git a/rsync.h b/rsync.h
+index 0f9e277..b9a7101 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,6 +84,7 @@
+ #define FLAG_DUPLICATE (1<<4)	/* sender */
+ #define FLAG_MISSING_DIR (1<<4)	/* generator */
+ #define FLAG_HLINKED (1<<5)	/* receiver/generator (checked on all types) */
++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6)	/* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6)	/* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7)	/* receiver/generator */
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch
new file mode 100644
index 000000000000..dd4c7fb87a74
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch
@@ -0,0 +1,36 @@
+https://github.com/RsyncProject/rsync/pull/705
+
+From efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 15 Jan 2025 15:10:24 +0100
+Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
+
+fixes commit 688f5c379a43 (Refuse a duplicate dirlist.)
+
+Fixes: https://github.com/RsyncProject/rsync/issues/702
+Fixes: https://github.com/RsyncProject/rsync/issues/697
+---
+ rsync.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync.h b/rsync.h
+index 9be1297b..479ac484 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -84,7 +84,6 @@
+ #define FLAG_DUPLICATE (1<<4)	/* sender */
+ #define FLAG_MISSING_DIR (1<<4)	/* generator */
+ #define FLAG_HLINKED (1<<5)	/* receiver/generator (checked on all types) */
+-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
+ #define FLAG_HLINK_FIRST (1<<6)	/* receiver/generator (w/FLAG_HLINKED) */
+ #define FLAG_IMPLIED_DIR (1<<6)	/* sender/receiver/generator (dirs only) */
+ #define FLAG_HLINK_LAST (1<<7)	/* receiver/generator */
+@@ -93,6 +92,7 @@
+ #define FLAG_SKIP_GROUP (1<<10)	/* receiver/generator */
+ #define FLAG_TIME_FAILED (1<<11)/* generator */
+ #define FLAG_MOD_NSEC (1<<12)	/* sender/receiver/generator */
++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
+ 
+ /* These flags are passed to functions but not stored. */
+ 
+
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch
new file mode 100644
index 000000000000..422a45e2c03e
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch
@@ -0,0 +1,60 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test
+index 75e7201..d2e318e 100644
+--- a/testsuite/unsafe-byname.test
++++ b/testsuite/unsafe-byname.test
+@@ -40,7 +40,7 @@ test_unsafe ..//../dest 		from/dir			unsafe
+ test_unsafe ..				from/file			safe
+ test_unsafe ../..			from/file			unsafe
+ test_unsafe ..//..			from//file			unsafe
+-test_unsafe dir/..			from				safe
++test_unsafe dir/..			from				unsafe
+ test_unsafe dir/../..			from				unsafe
+ test_unsafe dir/..//..			from				unsafe
+ 
+diff --git a/util1.c b/util1.c
+index da50ff1..f260d39 100644
+--- a/util1.c
++++ b/util1.c
+@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create)
+  *
+  * "src" is the top source directory currently applicable at the level
+  * of the referenced symlink.  This is usually the symlink's full path
+- * (including its name), as referenced from the root of the transfer. */
++ * (including its name), as referenced from the root of the transfer.
++ *
++ * NOTE: this also rejects dest names with a .. component in other
++ * than the first component of the name ie. it rejects names such as
++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or
++ * 'b' could later be replaced with symlinks such as a link to '.'
++ * resulting in the link being transferred now becoming unsafe
++ */
+ int unsafe_symlink(const char *dest, const char *src)
+ {
+ 	const char *name, *slash;
+@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src)
+ 	if (!dest || !*dest || *dest == '/')
+ 		return 1;
+ 
++	// reject destinations with /../ in the name other than at the start of the name
++	const char *dest2 = dest;
++	while (strncmp(dest2, "../", 3) == 0) {
++	    dest2 += 3;
++	    while (*dest2 == '/') {
++		// allow for ..//..///../foo
++		dest2++;
++	    }
++	}
++	if (strstr(dest2, "/../"))
++	    return 1;
++
++	// reject if the destination ends in /..
++	const size_t dlen = strlen(dest);
++	if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0)
++	    return 1;
++
+ 	/* find out what our safety margin is */
+ 	for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
+ 		/* ".." segment starts the count over.  "." segment is ignored. */
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch
new file mode 100644
index 000000000000..527da2046125
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch
@@ -0,0 +1,166 @@
+https://bugs.gentoo.org/948106
+
+Backport provided by Red Hat on the VINCE case.
+diff --git a/checksum.c b/checksum.c
+index cb21882..66e8089 100644
+--- a/checksum.c
++++ b/checksum.c
+@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
+ 	int32 remainder;
+ 	int fd;
+ 
+-	fd = do_open(fname, O_RDONLY, 0);
++	fd = do_open_checklinks(fname);
+ 	if (fd == -1) {
+ 		memset(sum, 0, file_sum_len);
+ 		return;
+diff --git a/flist.c b/flist.c
+index 087f9da..1783253 100644
+--- a/flist.c
++++ b/flist.c
+@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
+ 
+ 	if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
+ 		if (st.st_size == 0) {
+-			int fd = do_open(fname, O_RDONLY, 0);
++			int fd = do_open_checklinks(fname);
+ 			if (fd >= 0) {
+ 				st.st_size = get_device_size(fd, fname);
+ 				close(fd);
+diff --git a/generator.c b/generator.c
+index 110db28..3f13bb9 100644
+--- a/generator.c
++++ b/generator.c
+@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+ 
+ 	if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
+ 		/* This early open into fd skips the regular open below. */
+-		if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0)
++		if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
+ 			real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
+ 	}
+ 
+@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
+ 	}
+ 
+ 	/* open the file */
+-	if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
++	if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
+ 		rsyserr(FERROR, errno, "failed to open %s, continuing",
+ 			full_fname(fnamecmp));
+ 	  pretend_missing:
+diff --git a/receiver.c b/receiver.c
+index 8031b8f..edfbb21 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			if (fnamecmp != fname) {
+ 				fnamecmp = fname;
+ 				fnamecmp_type = FNAMECMP_FNAME;
+-				fd1 = do_open(fnamecmp, O_RDONLY, 0);
++				fd1 = do_open_nofollow(fnamecmp, O_RDONLY);
+ 			}
+ 
+ 			if (fd1 == -1 && basis_dir[0]) {
+diff --git a/sender.c b/sender.c
+index 2bbff2f..a4d46c3 100644
+--- a/sender.c
++++ b/sender.c
+@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out)
+ 			exit_cleanup(RERR_PROTOCOL);
+ 		}
+ 
+-		fd = do_open(fname, O_RDONLY, 0);
++		fd = do_open_checklinks(fname);
+ 		if (fd == -1) {
+ 			if (errno == ENOENT) {
+ 				enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING;
+diff --git a/syscall.c b/syscall.c
+index 47c5ea5..c55ae5f 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -45,6 +45,8 @@ extern int preallocate_files;
+ extern int preserve_perms;
+ extern int preserve_executability;
+ extern int open_noatime;
++extern int copy_links;
++extern int copy_unsafe_links;
+ 
+ #ifndef S_BLKSIZE
+ # if defined hpux || defined __hpux__ || defined __hpux
+@@ -793,3 +795,21 @@ cleanup:
+ 	return retfd;
+ #endif // O_NOFOLLOW, O_DIRECTORY
+ }
++
++/*
++  varient of do_open/do_open_nofollow which does do_open() if the
++  copy_links or copy_unsafe_links options are set and does
++  do_open_nofollow() otherwise
++
++  This is used to prevent a race condition where an attacker could be
++  switching a file between being a symlink and being a normal file
++
++  The open is always done with O_RDONLY flags
++ */
++int do_open_checklinks(const char *pathname)
++{
++	if (copy_links || copy_unsafe_links) {
++		return do_open(pathname, O_RDONLY, 0);
++	}
++	return do_open_nofollow(pathname, O_RDONLY);
++}
+diff --git a/t_unsafe.c b/t_unsafe.c
+index 010cac5..e10619a 100644
+--- a/t_unsafe.c
++++ b/t_unsafe.c
+@@ -28,6 +28,9 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 0;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
++
+ short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG];
+ 
+ int
+diff --git a/tls.c b/tls.c
+index e6b0708..858f8f1 100644
+--- a/tls.c
++++ b/tls.c
+@@ -49,6 +49,9 @@ int list_only = 0;
+ int link_times = 0;
+ int link_owner = 0;
+ int nsec_times = 0;
++int safe_symlinks = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+ 
+ #ifdef SUPPORT_XATTRS
+ 
+diff --git a/trimslash.c b/trimslash.c
+index 1ec928c..f2774cd 100644
+--- a/trimslash.c
++++ b/trimslash.c
+@@ -26,6 +26,8 @@ int am_root = 0;
+ int am_sender = 1;
+ int read_only = 1;
+ int list_only = 0;
++int copy_links = 0;
++int copy_unsafe_links = 0;
+ 
+ int
+ main(int argc, char **argv)
+diff --git a/util1.c b/util1.c
+index f260d39..d84bc41 100644
+--- a/util1.c
++++ b/util1.c
+@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode)
+ 	int len;   /* Number of bytes read into `buf'. */
+ 	OFF_T prealloc_len = 0, offset = 0;
+ 
+-	if ((ifd = do_open(source, O_RDONLY, 0)) < 0) {
++	if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) {
+ 		int save_errno = errno;
+ 		rsyserr(FERROR_XFER, errno, "open %s", full_fname(source));
+ 		errno = save_errno;
diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch
new file mode 100644
index 000000000000..2a3add75e0a9
--- /dev/null
+++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch
@@ -0,0 +1,34 @@
+https://github.com/RsyncProject/rsync/pull/706
+
+From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 15 Jan 2025 15:48:04 +0100
+Subject: [PATCH] Fix use-after-free in generator
+
+full_fname() will free the return value in the next call so we need to
+duplicate it before passing it to rsyserr.
+
+Fixes: https://github.com/RsyncProject/rsync/issues/704
+---
+ generator.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/generator.c b/generator.c
+index 3f13bb95..b56fa569 100644
+--- a/generator.c
++++ b/generator.c
+@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const
+ 
+ 	if (!skip_atomic) {
+ 		if (do_rename(tmpname, fname) < 0) {
++			char *full_tmpname = strdup(full_fname(tmpname));
++			if (full_tmpname == NULL)
++				out_of_memory("atomic_create");
+ 			rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed",
+-				full_fname(tmpname), full_fname(fname));
++				full_tmpname, full_fname(fname));
++			free(full_tmpname);
+ 			do_unlink(tmpname);
+ 			return 0;
+ 		}
+
diff --git a/net-misc/rsync/rsync-3.2.7-r4.ebuild b/net-misc/rsync/rsync-3.3.0-r2.ebuild
index a747693763f0..7fbdb2af33fe 100644
--- a/net-misc/rsync/rsync-3.2.7-r4.ebuild
+++ b/net-misc/rsync/rsync-3.3.0-r2.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 
 # Uncomment when introducing a patch which touches configure
 RSYNC_NEEDS_AUTOCONF=1
-PYTHON_COMPAT=( python3_{9..11} )
+PYTHON_COMPAT=( python3_{10..13} )
 inherit flag-o-matic prefix python-single-r1 systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
@@ -77,9 +77,8 @@ else
 fi
 
 PATCHES=(
-	"${FILESDIR}"/${P}-flist-memcmp-ub.patch
-	"${FILESDIR}"/${P}-fortify-source-3.patch
-	"${FILESDIR}"/${PN}-3.2.7-ipv6-configure-c99.patch
+	# Temporary just for the bug #948106 CVE fixes
+	"${FILESDIR}"/3.3.0
 )
 
 pkg_setup() {
@@ -114,6 +113,9 @@ src_prepare() {
 }
 
 src_configure() {
+	# Should be fixed upstream in next release (>3.3.0) (bug #943745)
+	append-cflags $(test-flags-CC -std=gnu17)
+
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@@ -149,7 +151,7 @@ src_install() {
 	dodoc NEWS.md README.md TODO tech_report.tex
 
 	insinto /etc
-	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+	newins "${FILESDIR}"/rsyncd.conf-3.2.7-r5 rsyncd.conf
 
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
diff --git a/net-misc/rsync/rsync-3.3.0.ebuild b/net-misc/rsync/rsync-3.3.0.ebuild
deleted file mode 100644
index 8c66b403fc31..000000000000
--- a/net-misc/rsync/rsync-3.3.0.ebuild
+++ /dev/null
@@ -1,201 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Uncomment when introducing a patch which touches configure
-RSYNC_NEEDS_AUTOCONF=1
-PYTHON_COMPAT=( python3_{10..12} )
-inherit flag-o-matic prefix python-single-r1 systemd
-
-DESCRIPTION="File transfer program to keep remote files into sync"
-HOMEPAGE="https://rsync.samba.org/"
-if [[ ${PV} == *9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
-	inherit autotools git-r3
-
-	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc
-	inherit verify-sig
-
-	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
-		inherit autotools
-	fi
-
-	if [[ ${PV} == *_pre* ]] ; then
-		SRC_DIR="src-previews"
-	else
-		SRC_DIR="src"
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-	fi
-
-	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
-		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
-	S="${WORKDIR}"/${P/_/}
-fi
-
-LICENSE="GPL-3"
-SLOT="0"
-IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd"
-REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
-REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )"
-
-RDEPEND="
-	>=dev-libs/popt-1.5
-	acl? ( virtual/acl )
-	examples? (
-		${PYTHON_DEPS}
-		dev-lang/perl
-	)
-	lz4? ( app-arch/lz4:= )
-	rrsync? (
-		${PYTHON_DEPS}
-		$(python_gen_cond_dep '
-			dev-python/bracex[${PYTHON_USEDEP}]
-		')
-	)
-	ssl? ( dev-libs/openssl:= )
-	system-zlib? ( sys-libs/zlib )
-	xattr? ( kernel_linux? ( sys-apps/attr ) )
-	xxhash? ( >=dev-libs/xxhash-0.8 )
-	zstd? ( >=app-arch/zstd-1.4:= )
-	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	examples? ( ${PYTHON_DEPS} )
-	rrsync? ( ${PYTHON_DEPS} )
-"
-
-if [[ ${PV} == *9999 ]] ; then
-	BDEPEND+=" ${PYTHON_DEPS}
-		$(python_gen_cond_dep '
-			dev-python/commonmark[${PYTHON_USEDEP}]
-		')"
-else
-	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
-fi
-
-pkg_setup() {
-	# - USE=examples needs Python itself at runtime, but nothing else
-	# - 9999 needs commonmark at build time
-	if [[ ${PV} == *9999 ]] || use examples || use rrsync; then
-		python-single-r1_pkg_setup
-	fi
-}
-
-src_prepare() {
-	default
-
-	sed -i -e 's/AC_HEADER_MAJOR_FIXED/AC_HEADER_MAJOR/' configure.ac
-
-	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
-		eaclocal -I m4
-		eautoconf -o configure.sh
-		eautoheader && touch config.h.in
-	fi
-
-	if use examples || use rrsync; then
-		python_fix_shebang support/
-	fi
-
-	if [[ -f rrsync.1 ]]; then
-		# If the pre-build rrsync.1 man page exists, then link to it
-		# from support/rrsync.1 to avoid rsync's build system attempting
-		# re-creating the man page (bug #883049).
-		ln -s ../rrsync.1 support/rrsync.1 || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
-		--without-included-popt
-		--enable-ipv6
-		$(use_enable acl acl-support)
-		$(use_enable iconv)
-		$(use_enable lz4)
-		$(use_with rrsync)
-		$(use_enable ssl openssl)
-		$(use_with !system-zlib included-zlib)
-		$(use_enable xattr xattr-support)
-		$(use_enable xxhash)
-		$(use_enable zstd)
-	)
-
-	# https://github.com/WayneD/rsync/pull/428
-	if is-flagq -fsanitize=undefined ; then
-		sed -E -i \
-			-e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \
-			byteorder.h || die
-		append-flags -DCAREFUL_ALIGNMENT
-	fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-
-	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
-	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
-
-	dodoc NEWS.md README.md TODO tech_report.tex
-
-	insinto /etc
-	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
-
-	insinto /etc/xinetd.d
-	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
-
-	# Install stunnel helpers
-	if use stunnel ; then
-		emake DESTDIR="${D}" install-ssl-daemon
-	fi
-
-	# Install the useful contrib scripts
-	if use examples ; then
-		# The 'rrsync' script is installed conditionally via the 'rrysnc'
-		# USE flag, and not via the 'examples' USE flag.
-		rm support/rrsync* || die
-
-		exeinto /usr/share/rsync
-		doexe support/*
-
-		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
-	fi
-
-	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
-
-	systemd_newunit packaging/systemd/rsync.service rsyncd.service
-}
-
-pkg_postinst() {
-	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
-		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
-		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
-		ewarn "is a security risk which you should fix.  Please check your"
-		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
-	fi
-
-	if use stunnel ; then
-		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
-		einfo
-		einfo "You maybe have to update the certificates configured in"
-		einfo "${EROOT}/etc/stunnel/rsync.conf"
-	fi
-
-	if use system-zlib ; then
-		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
-		ewarn "using the --compress option."
-		ewarn
-		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
-		ewarn "and the --compress option, add --new-compress (-zz)."
-		ewarn
-		ewarn "For syncing the portage tree, add:"
-		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
-	fi
-}
author	V3n3RiX <venerix@koprulu.sector>	2025-01-16 06:41:40 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2025-01-16 06:41:40 +0000
commit	cb2f73d10494730ba590096a1f24ebc6d0d61a9f (patch)
tree	6b17212245a07479b72573fb8380352300de6b65 /net-misc/rsync
parent	8e26aeaca2a19592a9eea3917f3139bfde8641f0 (diff)