From a113b6b50f9f0a5a1e5049421ff2a70611aea5d8 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 12 Sep 2022 11:52:27 +0200
Subject: [PATCH 1/2] net-misc/rsync: update to 3.2.6

Update net-misc/rsync to 3.2.6, mainly to address CVE-2022-29154.
---
 .../portage-stable/net-misc/rsync/Manifest    |   6 +-
 .../rsync/files/rsync-3.2.3-cross.patch       | 129 -------------
 .../files/rsync-3.2.3-glibc-lchmod.patch      |  58 ------
 .../rsync-3.2.3-verify-certificate.patch      |  26 ---
 .../rsync/files/rsync-3.2.4-strlcpy.patch     |  46 +++++
 .../rsync-3.2.4-unsigned-char-checksum.patch  |  12 ++
 .../files/rsync-3.2.5-pedantic-errors.patch   |  53 ++++++
 .../net-misc/rsync/metadata.xml               |   3 +-
 .../net-misc/rsync/rsync-3.2.4-r1.ebuild      |   2 +-
 ...-3.2.3-r5.ebuild => rsync-3.2.4-r3.ebuild} |  79 ++++++--
 .../net-misc/rsync/rsync-3.2.5-r1.ebuild      | 171 ++++++++++++++++++
 .../net-misc/rsync/rsync-3.2.6.ebuild         | 167 +++++++++++++++++
 .../net-misc/rsync/rsync-9999.ebuild          |  37 ++--
 13 files changed, 537 insertions(+), 252 deletions(-)
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch
 rename sdk_container/src/third_party/portage-stable/net-misc/rsync/{rsync-3.2.3-r5.ebuild => rsync-3.2.4-r3.ebuild} (63%)
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.5-r1.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.6.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
index f217d9271b..5503dee541 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
@@ -1,4 +1,6 @@
-DIST rsync-3.2.3.tar.gz 1069784 BLAKE2B 085adb55d0d7e3d063fa198912fd09df67b63800a65baff5315ccb7dfc0e9d703eef30a7f2e72e3b271162c280abd9809b3f736704752c1663eed65ad8e0ac25 SHA512 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e
-DIST rsync-3.2.3.tar.gz.asc 195 BLAKE2B cc18dd2589c09f869e35ecaf94a610e5b605dcb10ceaf01e6c0eb2667666a9a73feb7dcb2325638686c772f91a74d6d1f15ea33fdb6a38e89640f32a8cd0e04a SHA512 b7e512d8bb0aaff7c48571b918a7b0362942c65ef2a0aa076574ec86c05822dc5df41f8796fdf62b762b12d166a671c9e979f9962357b89e3649459c4567525b
 DIST rsync-3.2.4.tar.gz 1114853 BLAKE2B a67fcb9619874f1c5346a876138e59f4bf508a90736f830fb2b4eaf180ab11f15a0a7db9b3b28c3b990b77c2b0973d8e668bf509e4134f464159ed3172f53d80 SHA512 96318e2754fbddf84d16df671c721e577766969dfa415925c4dc1be2e4e60a51246623747a8aec0c6e9c0824e6aa7335235ccd07f3d6fd901f8cf28e2d6e91b6
 DIST rsync-3.2.4.tar.gz.asc 195 BLAKE2B 9bc2fbd59e5396a91de82f27a461367ad2a129820e2d1926c3b1e26dacf93c676a7231f186c341b6dec9c764a9619b504bc9b5f95925982e78de4607eddf6c65 SHA512 7e1bbebc777d5710345fdec1efd4c2ef1079d6c0ec90272a1a4a51a59ae3cb619b9d1c0ae2f337ecdd06827bb3536b969b6f21f9108f8d21114713aa1750012b
+DIST rsync-3.2.5.tar.gz 1129957 BLAKE2B a0d1c4a2dbebe37bad4f6e2e5e4fae41c53529d96e0ca5a429d29d1dee8c63c8ee1b7dc686b732a88049c547271260e8361ac798673970d5327d08dda01ce811 SHA512 6d115acb5bae546cd2b5df2c11390f8609107b7a45aa649158d8daa0c9290ab5f15640fdd4000b21d1ab39f7385b85d77cd8fe4628fa13b2adeea6fcd53d057a
+DIST rsync-3.2.5.tar.gz.asc 195 BLAKE2B 9ca9034afc39299c2178190412b188f561d274d8e38d58a988487f2db14a8135840acf3413096d26f080358b69779fa3b48e292670ba6b23ae4eb0c05f9df614 SHA512 b384f48b2fd459a51715c8ab2a14e540c5fa7f7f12453282db770893d6121b1b3c9809e667ccacaf910fd90548abeb700a2c717d76fbea22fe3d6a22aa6b2c44
+DIST rsync-3.2.6.tar.gz 1138593 BLAKE2B fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d705e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73 SHA512 d141d04732c91e055708e8d1f14b976f9483208a93076bb66dc75cbf87d54f2dcbffc11423f0c9c005d2d4e20cb9c147a7672f7a9c0b987f4e2c39b4c3645cfe
+DIST rsync-3.2.6.tar.gz.asc 195 BLAKE2B 945c60ca67aa4234bc9d5b38c9228125f3040bccecf60c08892286c1b4fa32878d92bfc78ee664d4f6453ccaaf6d394dbe203f0a8be149e557fabede1c111b07 SHA512 1316b358dfa87ad7c35b2b5d11e0be111a182041150cf9c9ae30f73e0af1430a59136250dc853f784e9e80d0ee20cc46e9a34b07cc7c7a48040db168a8c8941b
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
deleted file mode 100644
index c61090b7c4..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 9f9240b661c5f381831b62d72b6ea928a91ff43a Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Thu, 3 Sep 2020 10:07:36 -0700
-Subject: [PATCH] Set CXX_OK=no when cross compiling.
-
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 64d2e6d6..109546a6 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
- 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
-     }
- }
--]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
-+]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
- 	AC_LANG(C)
- 	if test x"$CXX_OK" = x"yes"; then
- 	    # AC_MSG_RESULT() is called below.
-From 7eb59a9152a2ace7bc7858e9915c671b3ab54344 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Tue, 22 Sep 2020 17:19:45 -0700
-Subject: [PATCH] Change from $build_cpu to $host_cpu as edo1 suggested.
-
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 109546a6..e8c06f42 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -211,7 +211,7 @@ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
- 
- if test x"$enable_simd" != x"no"; then
-     # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
--    if test x"$build_cpu" = x"x86_64"; then
-+    if test x"$host_cpu" = x"x86_64"; then
- 	AC_LANG(C++)
- 	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
- #include <immintrin.h>
-@@ -283,8 +283,8 @@ AC_ARG_ENABLE(asm,
-     AS_HELP_STRING([--disable-asm],[disable ASM optimizations]))
- 
- if test x"$enable_asm" != x"no"; then
--    if test x"$build_cpu" = x"x86_64"; then
--	ASM="$build_cpu"
-+    if test x"$host_cpu" = x"x86_64"; then
-+	ASM="$host_cpu"
-     elif test x"$enable_asm" = x"yes"; then
-         AC_MSG_RESULT(unavailable)
-         AC_MSG_ERROR(The ASM optimizations are currently x86_64 only.
-From b7fab6f285ff0ff3816b109a8c3131b6ded0b484 Mon Sep 17 00:00:00 2001
-From: edo <edo.rus@gmail.com>
-Date: Wed, 7 Oct 2020 08:33:57 +0300
-Subject: [PATCH] Allow cross-compilation with SIMD (x86_84) (#104)
-
-Replace runtime SIMD check with a compile-only test in case of
-cross-compilation.
-
-You can still use '--enable-simd=no' to build x86_64 code without
-SIMD instructions.
----
- configure.ac | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 3fd7e5d5..e469981b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -208,12 +208,7 @@ AC_ARG_ENABLE(simd,
- 
- # Clag is crashing with -g -O2, so we'll get rid of -g for now.
- CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
--
--if test x"$enable_simd" != x"no"; then
--    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
--    if test x"$host_cpu" = x"x86_64"; then
--	AC_LANG(C++)
--	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
-+m4_define(SIMD_X86_64_TEST, [[#include <stdio.h>
- #include <immintrin.h>
- __attribute__ ((target("default"))) int test_ssse3(int x) { return x; }
- __attribute__ ((target("default"))) int test_sse2(int x) { return x; }
-@@ -233,7 +228,18 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
- 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
-     }
- }
--]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
-+]])
-+
-+if test x"$enable_simd" != x"no"; then
-+    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
-+    if test x"$host_cpu" = x"x86_64"; then
-+	AC_LANG(C++)
-+	if test x"$host_cpu" = x"$build_cpu"; then
-+	    AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
-+		[CXX_OK=yes],[CXX_OK=no])
-+	else
-+	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST])],[CXX_OK=yes],[CXX_OK=no])
-+	fi
- 	AC_LANG(C)
- 	if test x"$CXX_OK" = x"yes"; then
- 	    # AC_MSG_RESULT() is called below.
-From 7d830ff52ff7b01f528f39aa27b1ab36ea8c1356 Mon Sep 17 00:00:00 2001
-From: Andrew Aladjev <aladjev.andrew@gmail.com>
-Date: Sun, 7 Nov 2021 22:45:49 +0300
-Subject: [PATCH] improved cross compilation detection (#252)
-
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index fbdd17d8..9e7338cf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -264,7 +264,7 @@ if test x"$enable_simd" != x"no"; then
-     # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
-     if test x"$host_cpu" = x"x86_64" || test x"$host_cpu" = x"amd64"; then
- 	AC_LANG(C++)
--	if test x"$host_cpu" = x"$build_cpu"; then
-+	if test x"$host" = x"$build"; then
- 	    AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
- 		[CXX_OK=yes],[CXX_OK=no])
- 	else
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
deleted file mode 100644
index 970d7af42b..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Sun, 29 Nov 2020 09:33:54 -0800
-Subject: [PATCH] Work around glibc's lchmod() issue a better way.
-
-diff --git a/syscall.c b/syscall.c
-index b9c3b4ef..11d10e4a 100644
---- a/syscall.c
-+++ b/syscall.c
-@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
- #ifdef HAVE_CHMOD
- int do_chmod(const char *path, mode_t mode)
- {
-+	static int switch_step = 0;
- 	int code;
- 	if (dry_run) return 0;
- 	RETURN_ERROR_IF_RO_OR_LO;
-+	switch (switch_step) {
- #ifdef HAVE_LCHMOD
--	code = lchmod(path, mode & CHMOD_BITS);
--#else
--	if (S_ISLNK(mode)) {
-+#include "case_N.h"
-+		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
-+			break;
-+		switch_step++;
-+#endif
-+
-+#include "case_N.h"
-+		if (S_ISLNK(mode)) {
- # if defined HAVE_SETATTRLIST
--		struct attrlist attrList;
--		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
-+			struct attrlist attrList;
-+			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
- 
--		memset(&attrList, 0, sizeof attrList);
--		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
--		attrList.commonattr = ATTR_CMN_ACCESSMASK;
--		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
-+			memset(&attrList, 0, sizeof attrList);
-+			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
-+			attrList.commonattr = ATTR_CMN_ACCESSMASK;
-+			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
- # else
--		code = 1;
-+			code = 1;
- # endif
--	} else
--		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
--#endif /* !HAVE_LCHMOD */
-+		} else
-+			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
-+		break;
-+	}
- 	if (code != 0 && (preserve_perms || preserve_executability))
- 		return code;
- 	return 0;
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
deleted file mode 100644
index 9b462a1df7..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
-From: Matt McCutchen <matt@mattmccutchen.net>
-Date: Wed, 26 Aug 2020 12:16:08 -0400
-Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
- openssl.
-
----
- rsync-ssl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rsync-ssl b/rsync-ssl
-index 8101975a..46701af1 100755
---- a/rsync-ssl
-+++ b/rsync-ssl
-@@ -129,7 +129,7 @@ function rsync_ssl_helper {
-     fi
- 
-     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
--	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
-+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
-     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
- 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
-     else
--- 
-2.25.1
-
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch
new file mode 100644
index 0000000000..d5a02f0e31
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-strlcpy.patch
@@ -0,0 +1,46 @@
+https://github.com/WayneD/rsync/issues/324
+https://github.com/WayneD/rsync/commit/3592ac3c025da23b2dd291561ec6113940b9c11b
+
+From 3592ac3c025da23b2dd291561ec6113940b9c11b Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 19 Jun 2022 10:02:51 -0700
+Subject: [PATCH] Include bsd/strings.h if it exists
+
+Some systems apparently put strlcpy() into a separate bsd/strings.h file
+without putting the function into a separate library. Thus, configure
+finds that the function exists for linking but the build does not have
+the declaration (which rsync only supplies if it is also supplying its
+own version of the function).
+---
+ configure.ac | 3 ++-
+ rsync.h      | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 37dbb18a..37241637 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -13,7 +13,8 @@ AC_CHECK_HEADERS(sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h \
+     netdb.h malloc.h float.h limits.h iconv.h libcharset.h langinfo.h mcheck.h \
+     sys/acl.h acl/libacl.h attr/xattr.h sys/xattr.h sys/extattr.h dl.h \
+     popt.h popt/popt.h linux/falloc.h netinet/in_systm.h netgroup.h \
+-    zlib.h xxhash.h openssl/md4.h openssl/md5.h zstd.h lz4.h sys/file.h)
++    zlib.h xxhash.h openssl/md4.h openssl/md5.h zstd.h lz4.h sys/file.h \
++    bsd/string.h)
+ AC_CHECK_HEADERS([netinet/ip.h], [], [], [[#include <netinet/in.h>]])
+ AC_HEADER_MAJOR_FIXED
+ 
+diff --git a/rsync.h b/rsync.h
+index e5aacd25..1cc037c5 100644
+--- a/rsync.h
++++ b/rsync.h
+@@ -338,6 +338,9 @@ enum delret {
+ # endif
+ # include <string.h>
+ #endif
++#ifdef HAVE_BSD_STRING_H
++# include <bsd/string.h>
++#endif
+ #ifdef HAVE_STRINGS_H
+ # include <strings.h>
+ #endif
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch
new file mode 100644
index 0000000000..18e56c31ce
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.4-unsigned-char-checksum.patch
@@ -0,0 +1,12 @@
+https://lists.samba.org/archive/rsync-announce/2022/000111.html
+--- a/configure.ac
++++ b/configure.ac
+@@ -1117,7 +1117,7 @@ else
+ fi
+ 
+ AC_CACHE_CHECK([for unsigned char],rsync_cv_SIGNED_CHAR_OK,[
+-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[signed char *s = ""]])],[rsync_cv_SIGNED_CHAR_OK=yes],[rsync_cv_SIGNED_CHAR_OK=no])])
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[signed char *s = (signed char *)""]])],[rsync_cv_SIGNED_CHAR_OK=yes],[rsync_cv_SIGNED_CHAR_OK=no])])
+ if test x"$rsync_cv_SIGNED_CHAR_OK" = x"yes"; then
+     AC_DEFINE(SIGNED_CHAR_OK, 1, [Define to 1 if "signed char" is a valid type])
+ fi
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch
new file mode 100644
index 0000000000..33afbd954a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.5-pedantic-errors.patch
@@ -0,0 +1,53 @@
+https://github.com/WayneD/rsync/commit/9a3449a3980421f84ac55498ba565bc112b20d6c
+
+In particular, avoids attr configure test failing.
+
+From 9a3449a3980421f84ac55498ba565bc112b20d6c Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 18 Aug 2022 17:33:54 -0700
+Subject: [PATCH] Stop enabling -pedantic-errors.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then
+     with_included_popt=yes
+ fi
+ 
+-if test x"$GCC" = x"yes"; then
+-    if test x"$with_included_popt" != x"yes"; then
+-	# Turn pedantic warnings into errors to ensure an array-init overflow is an error.
+-	CFLAGS="$CFLAGS -pedantic-errors"
+-    else
+-	# Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
+-	# turn off pedantic warnings (which will not lose the error for array-init overflow).
+-	# Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
+-	# -Wpedantic and use that as a flag.
+-	case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
+-	    *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
+-	esac
+-    fi
+-fi
+-
+ AC_MSG_CHECKING([whether to use included libpopt])
+ if test x"$with_included_popt" = x"yes"; then
+     AC_MSG_RESULT($srcdir/popt)
+
+--- a/configure.sh
++++ b/configure.sh
+@@ -9982,14 +9982,14 @@ fi
+ if test x"$GCC" = x"yes"; then
+     if test x"$with_included_popt" != x"yes"; then
+ 	# Turn pedantic warnings into errors to ensure an array-init overflow is an error.
+-	CFLAGS="$CFLAGS -pedantic-errors"
++	CFLAGS="$CFLAGS "
+     else
+ 	# Our internal popt code cannot be compiled with pedantic warnings as errors, so try to
+ 	# turn off pedantic warnings (which will not lose the error for array-init overflow).
+ 	# Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists
+ 	# -Wpedantic and use that as a flag.
+ 	case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in
+-	    *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;;
++	    *-Wpedantic*) CFLAGS="$CFLAGS  -Wno-pedantic" ;;
+ 	esac
+     fi
+ fi
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
index 6a684b27c6..e0cef9bf0c 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
@@ -7,9 +7,10 @@
 	</maintainer>
 	<upstream>
 		<remote-id type="cpe">cpe:/a:samba:rsync</remote-id>
+		<remote-id type="github">WayneD/rsync</remote-id>
 	</upstream>
 	<use>
-		<flag name="stunnel">Provide helper scripts for using rsync via &gt;=net-misc/stunnel-4</flag>
+		<flag name="stunnel">Provide helper scripts for using rsync via &gt;=<pkg>net-misc/stunnel</pkg>-4</flag>
 		<flag name="system-zlib">Use system zlib instead of bundled one. This is incompatible with older rsync releases!</flag>
 		<flag name="xxhash">Enable <pkg>dev-libs/xxhash</pkg> support for hashing</flag>
 	</use>
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild
index a5cde37a69..d569ca909e 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r1.ebuild
@@ -21,7 +21,7 @@ else
 		SRC_DIR="src-previews"
 	else
 		SRC_DIR="src"
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 	fi
 
 	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r3.ebuild
similarity index 63%
rename from sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
rename to sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r3.ebuild
index 4e060aaa03..41447f110e 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.4-r3.ebuild
@@ -3,29 +3,49 @@
 
 EAPI=7
 
-if [[ ${PV} != 3.2.3 ]]; then
-	# Make sure we revert the autotools hackery applied in 3.2.3.
+if [[ ${PV} != 3.2.4 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.4.
 	die "Please use rsync-9999.ebuild as a basis for version bumps"
 fi
 
 WANT_LIBTOOL=none
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
 
-inherit autotools flag-o-matic prefix systemd verify-sig
+PYTHON_COMPAT=( python3_{8..10} )
+inherit autotools flag-o-matic prefix python-single-r1 systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-SRC_DIR="src"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
-	verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
-S="${WORKDIR}/${P/_/}"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
 
 LICENSE="GPL-3"
 SLOT="0"
 IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
 
 RDEPEND="acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
 	lz4? ( app-arch/lz4 )
 	ssl? ( dev-libs/openssl:0= )
 	system-zlib? ( sys-libs/zlib )
@@ -35,18 +55,36 @@ RDEPEND="acl? ( virtual/acl )
 	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
-BDEPEND="verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-unsigned-char-checksum.patch
+	# https://github.com/WayneD/rsync/issues/324
+	"${FILESDIR}"/${P}-strlcpy.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}
 
 src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/${P}-glibc-lchmod.patch"
-		"${FILESDIR}/${P}-cross.patch"
-		# Fix for (CVE-2020-14387) - net-misc/rsync: improper TLS validation in rsync-ssl script
-		"${FILESDIR}/${P}-verify-certificate.patch"
-	)
 	default
+
 	eautoconf -o configure.sh
-	touch config.h.in || die
+	eautoheader && touch config.h.in
 }
 
 src_configure() {
@@ -95,14 +133,17 @@ src_install() {
 
 	# Install the useful contrib scripts
 	if use examples ; then
+		python_fix_shebang support/
+
 		exeinto /usr/share/rsync
 		doexe support/*
+
 		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
 	fi
 
 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
 
-	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
 }
 
 pkg_postinst() {
@@ -112,12 +153,14 @@ pkg_postinst() {
 		ewarn "is a security risk which you should fix.  Please check your"
 		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
 	fi
+
 	if use stunnel ; then
 		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
 		einfo
 		einfo "You maybe have to update the certificates configured in"
 		einfo "${EROOT}/etc/stunnel/rsync.conf"
 	fi
+
 	if use system-zlib ; then
 		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
 		ewarn "using the --compress option."
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.5-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.5-r1.ebuild
new file mode 100644
index 0000000000..6e6e4bd34c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.5-r1.ebuild
@@ -0,0 +1,171 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{8..10} )
+inherit prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+PATCHES=(
+	"${FILESDIR}"/${P}-pedantic-errors.patch
+)
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		python_fix_shebang support/
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.6.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.6.ebuild
new file mode 100644
index 0000000000..804909ae11
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.6.ebuild
@@ -0,0 +1,167 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Uncomment when introducing a patch which touches configure
+#RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{8..10} )
+inherit prefix python-single-r1 systemd
+
+DESCRIPTION="File transfer program to keep remote files into sync"
+HOMEPAGE="https://rsync.samba.org/"
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
+	inherit autotools git-r3
+
+	REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
+	inherit verify-sig
+
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
+	if [[ ${PV} == *_pre* ]] ; then
+		SRC_DIR="src-previews"
+	else
+		SRC_DIR="src"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	fi
+
+	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
+		verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )"
+	S="${WORKDIR}"/${P/_/}
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="acl examples iconv lz4 ssl stunnel system-zlib xattr xxhash zstd"
+REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
+	examples? (
+		${PYTHON_DEPS}
+		dev-lang/perl
+	)
+	lz4? ( app-arch/lz4:= )
+	ssl? ( dev-libs/openssl:= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
+	iconv? ( virtual/libiconv )"
+DEPEND="${RDEPEND}"
+BDEPEND="examples? ( ${PYTHON_DEPS} )"
+
+if [[ ${PV} == *9999 ]] ; then
+	BDEPEND+=" ${PYTHON_DEPS}
+		$(python_gen_cond_dep '
+			dev-python/commonmark[${PYTHON_USEDEP}]
+		')"
+else
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )"
+fi
+
+pkg_setup() {
+	# - USE=examples needs Python itself at runtime, but nothing else
+	# - 9999 needs commonmark at build time
+	if [[ ${PV} == *9999 ]] || use examples ; then
+		python-single-r1_pkg_setup
+	fi
+}
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		eaclocal -I m4
+		eautoconf -o configure.sh
+		eautoheader && touch config.h.in
+	fi
+}
+
+src_configure() {
+	local myeconfargs=(
+		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
+		--without-included-popt
+		--enable-ipv6
+		$(use_enable acl acl-support)
+		$(use_enable iconv)
+		$(use_enable lz4)
+		$(use_enable ssl openssl)
+		$(use_with !system-zlib included-zlib)
+		$(use_enable xattr xattr-support)
+		$(use_enable xxhash)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd
+	newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd
+
+	dodoc NEWS.md README.md TODO tech_report.tex
+
+	insinto /etc
+	newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/rsyncd.logrotate rsyncd
+
+	insinto /etc/xinetd.d
+	newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd
+
+	# Install stunnel helpers
+	if use stunnel ; then
+		emake DESTDIR="${D}" install-ssl-daemon
+	fi
+
+	# Install the useful contrib scripts
+	if use examples ; then
+		python_fix_shebang support/
+
+		exeinto /usr/share/rsync
+		doexe support/*
+
+		rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c}
+	fi
+
+	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
+
+	systemd_newunit packaging/systemd/rsync.service rsyncd.service
+}
+
+pkg_postinst() {
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
+		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
+		ewarn "is a security risk which you should fix.  Please check your"
+		ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'."
+	fi
+
+	if use stunnel ; then
+		einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature."
+		einfo
+		einfo "You maybe have to update the certificates configured in"
+		einfo "${EROOT}/etc/stunnel/rsync.conf"
+	fi
+
+	if use system-zlib ; then
+		ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when"
+		ewarn "using the --compress option."
+		ewarn
+		ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib,"
+		ewarn "and the --compress option, add --new-compress (-zz)."
+		ewarn
+		ewarn "For syncing the portage tree, add:"
+		ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf"
+	fi
+}
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
index d172d6ec72..804909ae11 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
@@ -1,10 +1,12 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
-PYTHON_COMPAT=( python3_{8,9,10} )
-inherit flag-o-matic prefix python-single-r1 systemd
+# Uncomment when introducing a patch which touches configure
+#RSYNC_NEEDS_AUTOCONF=1
+PYTHON_COMPAT=( python3_{8..10} )
+inherit prefix python-single-r1 systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
@@ -17,11 +19,15 @@ else
 	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/waynedavison.asc
 	inherit verify-sig
 
+	if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
+		inherit autotools
+	fi
+
 	if [[ ${PV} == *_pre* ]] ; then
 		SRC_DIR="src-previews"
 	else
 		SRC_DIR="src"
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 	fi
 
 	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz
@@ -31,21 +37,22 @@ fi
 
 LICENSE="GPL-3"
 SLOT="0"
-IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
+IUSE="acl examples iconv lz4 ssl stunnel system-zlib xattr xxhash zstd"
 REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )"
 
-RDEPEND="acl? ( virtual/acl )
+RDEPEND="
+	>=dev-libs/popt-1.5
+	acl? ( virtual/acl )
 	examples? (
 		${PYTHON_DEPS}
 		dev-lang/perl
 	)
-	lz4? ( app-arch/lz4 )
-	ssl? ( dev-libs/openssl:0= )
+	lz4? ( app-arch/lz4:= )
+	ssl? ( dev-libs/openssl:= )
 	system-zlib? ( sys-libs/zlib )
 	xattr? ( kernel_linux? ( sys-apps/attr ) )
-	xxhash? ( dev-libs/xxhash )
-	zstd? ( >=app-arch/zstd-1.4 )
-	>=dev-libs/popt-1.5
+	xxhash? ( >=dev-libs/xxhash-0.8 )
+	zstd? ( >=app-arch/zstd-1.4:= )
 	iconv? ( virtual/libiconv )"
 DEPEND="${RDEPEND}"
 BDEPEND="examples? ( ${PYTHON_DEPS} )"
@@ -70,7 +77,7 @@ pkg_setup() {
 src_prepare() {
 	default
 
-	if [[ ${PV} == *9999 ]] ; then
+	if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then
 		eaclocal -I m4
 		eautoconf -o configure.sh
 		eautoheader && touch config.h.in
@@ -78,16 +85,12 @@ src_prepare() {
 }
 
 src_configure() {
-	# Force enable IPv6 on musl - upstream bug:
-	# https://bugzilla.samba.org/show_bug.cgi?id=10715
-	use elibc_musl && use ipv6 && append-cppflags -DINET6
-
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
+		--enable-ipv6
 		$(use_enable acl acl-support)
 		$(use_enable iconv)
-		$(use_enable ipv6)
 		$(use_enable lz4)
 		$(use_enable ssl openssl)
 		$(use_with !system-zlib included-zlib)

From a3dd748493023b251c524b38238236743b282e18 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 12 Sep 2022 11:53:22 +0200
Subject: [PATCH 2/2] changelog: add changelog for rsync 3.2.6

---
 .../portage-stable/changelog/security/2022-09-12-rsync-3.2.6.md  | 1 +
 .../portage-stable/changelog/updates/2022-09-12-rsync-3.2.6.md   | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/security/2022-09-12-rsync-3.2.6.md
 create mode 100644 sdk_container/src/third_party/portage-stable/changelog/updates/2022-09-12-rsync-3.2.6.md

diff --git a/sdk_container/src/third_party/portage-stable/changelog/security/2022-09-12-rsync-3.2.6.md b/sdk_container/src/third_party/portage-stable/changelog/security/2022-09-12-rsync-3.2.6.md
new file mode 100644
index 0000000000..e34cd82e02
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-09-12-rsync-3.2.6.md
@@ -0,0 +1 @@
+- rsync ([CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))
diff --git a/sdk_container/src/third_party/portage-stable/changelog/updates/2022-09-12-rsync-3.2.6.md b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-09-12-rsync-3.2.6.md
new file mode 100644
index 0000000000..d625bd1cc4
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/changelog/updates/2022-09-12-rsync-3.2.6.md
@@ -0,0 +1 @@
+- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))