From e3d44a3cc8741e88688e433f29e42d2c502a2efb Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Thu, 18 Nov 2021 14:14:20 +0100
Subject: [PATCH] net-misc/rsync: update to 3.2.3-r5

Mainly to address CVE-2020-14387 .
---
 .../portage-stable/net-misc/rsync/Manifest    |   1 -
 .../files/rsync-3.2.2-allow_bwlimit_0.patch   |  77 -----------
 .../files/rsync-3.2.2-zstd_see_token.patch    |  31 -----
 .../rsync/files/rsync-3.2.3-cross.patch       | 129 ++++++++++++++++++
 .../files/rsync-3.2.3-glibc-lchmod.patch      |  58 ++++++++
 .../rsync-3.2.3-verify-certificate.patch      |  26 ++++
 .../net-misc/rsync/files/rsyncd.logrotate     |   2 +-
 .../net-misc/rsync/files/rsyncd.service       |  12 --
 .../net-misc/rsync/metadata.xml               |   2 +-
 ...ync-3.2.3.ebuild => rsync-3.2.3-r4.ebuild} |  93 +++++--------
 ...-3.2.2-r1.ebuild => rsync-3.2.3-r5.ebuild} | 100 +++++---------
 .../net-misc/rsync/rsync-9999.ebuild          |  49 +++----
 12 files changed, 295 insertions(+), 285 deletions(-)
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-allow_bwlimit_0.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-zstd_see_token.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.service
 rename sdk_container/src/third_party/portage-stable/net-misc/rsync/{rsync-3.2.3.ebuild => rsync-3.2.3-r4.ebuild} (51%)
 rename sdk_container/src/third_party/portage-stable/net-misc/rsync/{rsync-3.2.2-r1.ebuild => rsync-3.2.3-r5.ebuild} (50%)

diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
index 3e3ecc5607..c1ee190e0b 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/Manifest
@@ -1,2 +1 @@
-DIST rsync-3.2.2.tar.gz 1057001 BLAKE2B 177a3145303ab7ed296b9233160ca4907c6b284160f4d0d15aeefd7e28009c1ea29fb3632ab57c008f0aad2f6774185cba86d2d0d68f30737fef217bd9fff402 SHA512 78107cf423e9259a7f7e9bf5527a956b648107aba72ea88b4267ae6334539342501d3c060efbc87235563b0253a12c382c4bb1f73335e68a62ff53aa905f9169
 DIST rsync-3.2.3.tar.gz 1069784 BLAKE2B 085adb55d0d7e3d063fa198912fd09df67b63800a65baff5315ccb7dfc0e9d703eef30a7f2e72e3b271162c280abd9809b3f736704752c1663eed65ad8e0ac25 SHA512 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-allow_bwlimit_0.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-allow_bwlimit_0.patch
deleted file mode 100644
index 4a795bb17b..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-allow_bwlimit_0.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 5dcb49c7ddec765d4a24b4f801ffc7212c085db1 Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Tue, 7 Jul 2020 11:40:27 -0700
-Subject: [PATCH] Allow --bwlimit=0 again.
-
----
- options.c            | 12 ++++++------
- testsuite/hands.test |  2 +-
- 2 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/options.c b/options.c
-index 5a372ae7..0b7b9f33 100644
---- a/options.c
-+++ b/options.c
-@@ -1253,7 +1253,7 @@ static int count_args(const char **argv)
- /* If the size_arg is an invalid string or the value is < min_value, an error
-  * is put into err_buf & the return is -1.  Note that this parser does NOT
-  * support negative numbers, so a min_value < 0 doesn't make any sense. */
--static ssize_t parse_size_arg(char *size_arg, char def_suf, const char *opt_name, ssize_t min_value)
-+static ssize_t parse_size_arg(char *size_arg, char def_suf, const char *opt_name, ssize_t min_value, BOOL allow_0)
- {
- 	int reps, mult;
- 	const char *arg, *err = "invalid";
-@@ -1299,7 +1299,7 @@ static ssize_t parse_size_arg(char *size_arg, char def_suf, const char *opt_name
- 		size += atoi(arg), arg += 2;
- 	if (*arg)
- 		goto failure;
--	if (size < min_value) {
-+	if (size < min_value && (!allow_0 || size != 0)) {
- 		err = size < 0 ? "too big" : "too small";
- 		goto failure;
- 	}
-@@ -1683,19 +1683,19 @@ int parse_arguments(int *argc_p, const char ***argv_p)
- 			break;
- 
- 		case OPT_MAX_SIZE:
--			if ((max_size = parse_size_arg(max_size_arg, 'b', "max-size", 0)) < 0)
-+			if ((max_size = parse_size_arg(max_size_arg, 'b', "max-size", 0, True)) < 0)
- 				return 0;
- 			max_size_arg = num_to_byte_string(max_size);
- 			break;
- 
- 		case OPT_MIN_SIZE:
--			if ((min_size = parse_size_arg(min_size_arg, 'b', "min-size", 0)) < 0)
-+			if ((min_size = parse_size_arg(min_size_arg, 'b', "min-size", 0, True)) < 0)
- 				return 0;
- 			min_size_arg = num_to_byte_string(min_size);
- 			break;
- 
- 		case OPT_BWLIMIT: {
--			ssize_t size = parse_size_arg(bwlimit_arg, 'K', "bwlimit", 512);
-+			ssize_t size = parse_size_arg(bwlimit_arg, 'K', "bwlimit", 512, True);
- 			if (size < 0)
- 				return 0;
- 			bwlimit_arg = num_to_byte_string(size);
-@@ -1889,7 +1889,7 @@ int parse_arguments(int *argc_p, const char ***argv_p)
- 			max_alloc_arg = NULL;
- 	}
- 	if (max_alloc_arg) {
--		ssize_t size = parse_size_arg(max_alloc_arg, 'B', "max-alloc", 1024*1024);
-+		ssize_t size = parse_size_arg(max_alloc_arg, 'B', "max-alloc", 1024*1024, False);
- 		if (size < 0)
- 			return 0;
- 		max_alloc = size;
-diff --git a/testsuite/hands.test b/testsuite/hands.test
-index 46928d4e..8e265b7c 100644
---- a/testsuite/hands.test
-+++ b/testsuite/hands.test
-@@ -16,7 +16,7 @@ DEBUG_OPTS="--debug=all0,deltasum0"
- runtest "basic operation" 'checkit "$RSYNC -av \"$fromdir/\" \"$todir\"" "$fromdir/" "$todir"'
- 
- ln "$fromdir/filelist" "$fromdir/dir"
--runtest "hard links" 'checkit "$RSYNC -avH $DEBUG_OPTS \"$fromdir/\" \"$todir\"" "$fromdir/" "$todir"'
-+runtest "hard links" 'checkit "$RSYNC -avH --bwlimit=0 $DEBUG_OPTS \"$fromdir/\" \"$todir\"" "$fromdir/" "$todir"'
- 
- rm "$todir/text"
- runtest "one file" 'checkit "$RSYNC -avH $DEBUG_OPTS \"$fromdir/\" \"$todir\"" "$fromdir/" "$todir"'
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-zstd_see_token.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-zstd_see_token.patch
deleted file mode 100644
index 02f22409d4..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.2-zstd_see_token.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From bb1365dd7736b264738f50b683a0f81a2ed11aba Mon Sep 17 00:00:00 2001
-From: Wayne Davison <wayne@opencoder.net>
-Date: Fri, 10 Jul 2020 09:47:16 -0700
-Subject: [PATCH] Fix see_token zstd case.
-
----
- token.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/token.c b/token.c
-index cad6b641..61be8dd9 100644
---- a/token.c
-+++ b/token.c
-@@ -1093,13 +1093,13 @@ void see_token(char *data, int32 toklen)
- 		break;
- 	case CPRES_ZLIBX:
- 		break;
--#ifdef SUPPORT_LZ4
--	case CPRES_LZ4:
--		/*see_uncompressed_token(data, toklen);*/
-+#ifdef SUPPORT_ZSTD
-+	case CPRES_ZSTD:
- 		break;
- #endif
- #ifdef SUPPORT_LZ4
--	case CPRES_ZSTD:
-+	case CPRES_LZ4:
-+		/*see_uncompressed_token(data, toklen);*/
- 		break;
- #endif
- 	default:
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
new file mode 100644
index 0000000000..c61090b7c4
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-cross.patch
@@ -0,0 +1,129 @@
+From 9f9240b661c5f381831b62d72b6ea928a91ff43a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Thu, 3 Sep 2020 10:07:36 -0700
+Subject: [PATCH] Set CXX_OK=no when cross compiling.
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 64d2e6d6..109546a6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -233,7 +233,7 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+     }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no])
++]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
+ 	AC_LANG(C)
+ 	if test x"$CXX_OK" = x"yes"; then
+ 	    # AC_MSG_RESULT() is called below.
+From 7eb59a9152a2ace7bc7858e9915c671b3ab54344 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Tue, 22 Sep 2020 17:19:45 -0700
+Subject: [PATCH] Change from $build_cpu to $host_cpu as edo1 suggested.
+
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 109546a6..e8c06f42 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -211,7 +211,7 @@ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+ 
+ if test x"$enable_simd" != x"no"; then
+     # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+-    if test x"$build_cpu" = x"x86_64"; then
++    if test x"$host_cpu" = x"x86_64"; then
+ 	AC_LANG(C++)
+ 	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+ #include <immintrin.h>
+@@ -283,8 +283,8 @@ AC_ARG_ENABLE(asm,
+     AS_HELP_STRING([--disable-asm],[disable ASM optimizations]))
+ 
+ if test x"$enable_asm" != x"no"; then
+-    if test x"$build_cpu" = x"x86_64"; then
+-	ASM="$build_cpu"
++    if test x"$host_cpu" = x"x86_64"; then
++	ASM="$host_cpu"
+     elif test x"$enable_asm" = x"yes"; then
+         AC_MSG_RESULT(unavailable)
+         AC_MSG_ERROR(The ASM optimizations are currently x86_64 only.
+From b7fab6f285ff0ff3816b109a8c3131b6ded0b484 Mon Sep 17 00:00:00 2001
+From: edo <edo.rus@gmail.com>
+Date: Wed, 7 Oct 2020 08:33:57 +0300
+Subject: [PATCH] Allow cross-compilation with SIMD (x86_84) (#104)
+
+Replace runtime SIMD check with a compile-only test in case of
+cross-compilation.
+
+You can still use '--enable-simd=no' to build x86_64 code without
+SIMD instructions.
+---
+ configure.ac | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3fd7e5d5..e469981b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -208,12 +208,7 @@ AC_ARG_ENABLE(simd,
+ 
+ # Clag is crashing with -g -O2, so we'll get rid of -g for now.
+ CXXFLAGS=`echo "$CXXFLAGS" | sed 's/-g //'`
+-
+-if test x"$enable_simd" != x"no"; then
+-    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+-    if test x"$host_cpu" = x"x86_64"; then
+-	AC_LANG(C++)
+-	AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
++m4_define(SIMD_X86_64_TEST, [[#include <stdio.h>
+ #include <immintrin.h>
+ __attribute__ ((target("default"))) int test_ssse3(int x) { return x; }
+ __attribute__ ((target("default"))) int test_sse2(int x) { return x; }
+@@ -233,7 +228,18 @@ __attribute__ ((target("ssse3"))) void more_testing(char* buf, int len)
+ 	in8_2 = _mm_lddqu_si128((__m128i_u*)&buf[i + 16]);
+     }
+ }
+-]], [[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],[CXX_OK=yes],[CXX_OK=no],[CXX_OK=no])
++]])
++
++if test x"$enable_simd" != x"no"; then
++    # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
++    if test x"$host_cpu" = x"x86_64"; then
++	AC_LANG(C++)
++	if test x"$host_cpu" = x"$build_cpu"; then
++	    AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
++		[CXX_OK=yes],[CXX_OK=no])
++	else
++	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST])],[CXX_OK=yes],[CXX_OK=no])
++	fi
+ 	AC_LANG(C)
+ 	if test x"$CXX_OK" = x"yes"; then
+ 	    # AC_MSG_RESULT() is called below.
+From 7d830ff52ff7b01f528f39aa27b1ab36ea8c1356 Mon Sep 17 00:00:00 2001
+From: Andrew Aladjev <aladjev.andrew@gmail.com>
+Date: Sun, 7 Nov 2021 22:45:49 +0300
+Subject: [PATCH] improved cross compilation detection (#252)
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fbdd17d8..9e7338cf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -264,7 +264,7 @@ if test x"$enable_simd" != x"no"; then
+     # For x86-64 SIMD, g++ >=5 or clang++ >=7 is required
+     if test x"$host_cpu" = x"x86_64" || test x"$host_cpu" = x"amd64"; then
+ 	AC_LANG(C++)
+-	if test x"$host_cpu" = x"$build_cpu"; then
++	if test x"$host" = x"$build"; then
+ 	    AC_RUN_IFELSE([AC_LANG_PROGRAM([SIMD_X86_64_TEST],[[if (test_ssse3(42) != 42 || test_sse2(42) != 42 || test_avx2(42) != 42) exit(1);]])],
+ 		[CXX_OK=yes],[CXX_OK=no])
+ 	else
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
new file mode 100644
index 0000000000..970d7af42b
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-glibc-lchmod.patch
@@ -0,0 +1,58 @@
+From 9dd62525f3b98d692e031f22c02be8f775966503 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 29 Nov 2020 09:33:54 -0800
+Subject: [PATCH] Work around glibc's lchmod() issue a better way.
+
+diff --git a/syscall.c b/syscall.c
+index b9c3b4ef..11d10e4a 100644
+--- a/syscall.c
++++ b/syscall.c
+@@ -227,27 +227,35 @@ int do_open(const char *pathname, int flags, mode_t mode)
+ #ifdef HAVE_CHMOD
+ int do_chmod(const char *path, mode_t mode)
+ {
++	static int switch_step = 0;
+ 	int code;
+ 	if (dry_run) return 0;
+ 	RETURN_ERROR_IF_RO_OR_LO;
++	switch (switch_step) {
+ #ifdef HAVE_LCHMOD
+-	code = lchmod(path, mode & CHMOD_BITS);
+-#else
+-	if (S_ISLNK(mode)) {
++#include "case_N.h"
++		if ((code = lchmod(path, mode & CHMOD_BITS)) == 0 || errno != ENOTSUP)
++			break;
++		switch_step++;
++#endif
++
++#include "case_N.h"
++		if (S_ISLNK(mode)) {
+ # if defined HAVE_SETATTRLIST
+-		struct attrlist attrList;
+-		uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
++			struct attrlist attrList;
++			uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
+ 
+-		memset(&attrList, 0, sizeof attrList);
+-		attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+-		attrList.commonattr = ATTR_CMN_ACCESSMASK;
+-		code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
++			memset(&attrList, 0, sizeof attrList);
++			attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
++			attrList.commonattr = ATTR_CMN_ACCESSMASK;
++			code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW);
+ # else
+-		code = 1;
++			code = 1;
+ # endif
+-	} else
+-		code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
+-#endif /* !HAVE_LCHMOD */
++		} else
++			code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
++		break;
++	}
+ 	if (code != 0 && (preserve_perms || preserve_executability))
+ 		return code;
+ 	return 0;
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
new file mode 100644
index 0000000000..9b462a1df7
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsync-3.2.3-verify-certificate.patch
@@ -0,0 +1,26 @@
+From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 12:16:08 -0400
+Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using
+ openssl.
+
+---
+ rsync-ssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
+-- 
+2.25.1
+
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.logrotate b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.logrotate
index 34bcf72d21..ec8a98284e 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.logrotate
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.logrotate
@@ -2,7 +2,7 @@
 	compress
 	maxage 365
 	rotate 7
-	size=+1024k
+	size 1024k
 	notifempty
 	missingok
 	copytruncate
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.service b/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.service
deleted file mode 100644
index a2c1de0add..0000000000
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/files/rsyncd.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=rsync daemon
-After=networking.target
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/rsync --daemon --no-detach
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
index 1f39f5419f..6a684b27c6 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/metadata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="project">
 		<email>base-system@gentoo.org</email>
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r4.ebuild
similarity index 51%
rename from sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3.ebuild
rename to sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r4.ebuild
index a877cd8835..38c591855a 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r4.ebuild
@@ -1,72 +1,50 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit flag-o-matic prefix systemd
+if [[ ${PV} != 3.2.3 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.3.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-if [[ "${PV}" == *9999 ]] ; then
-	PYTHON_COMPAT=( python3_{6,7} )
-	inherit autotools git-r3 python-any-r1
-	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
-else
-	if [[ "${PV}" == *_pre* ]] ; then
-		SRC_DIR="src-previews"
-	else
-		SRC_DIR="src"
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-	fi
-	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
-	S="${WORKDIR}/${P/_/}"
-fi
+SRC_DIR="src"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
 
 LICENSE="GPL-3"
 SLOT="0"
-IUSE_CPU_FLAGS_X86=" sse2"
-IUSE="acl examples iconv ipv6 libressl lz4 ssl static stunnel system-zlib xattr xxhash zstd"
-IUSE+=" ${IUSE_CPU_FLAGS_X86// / cpu_flags_x86_}"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
 
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	lz4? ( app-arch/lz4[static-libs(+)] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	system-zlib? ( sys-libs/zlib[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	xxhash? ( dev-libs/xxhash[static-libs(+)] )
-	zstd? ( app-arch/zstd[static-libs(+)] )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-
-if [[ "${PV}" == *9999 ]] ; then
-	BDEPEND="${PYTHON_DEPS}
-		$(python_gen_any_dep '
-			dev-python/commonmark[${PYTHON_USEDEP}]
-		')"
-fi
-
-# Only required for live ebuild
-python_check_deps() {
-	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
-}
+DEPEND="${RDEPEND}"
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/rsync-3.2.3-glibc-lchmod.patch"
+		"${FILESDIR}/rsync-3.2.3-cross.patch"
+	)
 	default
-	if [[ "${PV}" == *9999 ]] ; then
-		eaclocal -I m4
-		eautoconf -o configure.sh
-		eautoheader && touch config.h.in
-	fi
+	eautoconf -o configure.sh
+	touch config.h.in || die
 }
 
 src_configure() {
-	use static && append-ldflags -static
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@@ -81,16 +59,7 @@ src_configure() {
 		$(use_enable zstd)
 	)
 
-	if use elibc_glibc && [[ "${ARCH}" == "amd64" ]] ; then
-		# SIMD is only available for x86_64 right now
-		# and only on glibc (#728868)
-		myeconfargs+=( $(use_enable cpu_flags_x86_sse2 simd) )
-	else
-		myeconfargs+=( --disable-simd )
-	fi
-
 	econf "${myeconfargs[@]}"
-	[[ "${PV}" == *9999 ]] || touch proto.h-tstamp #421625
 }
 
 src_install() {
@@ -124,11 +93,11 @@ src_install() {
 
 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
 
-	systemd_dounit "${FILESDIR}/rsyncd.service"
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
 }
 
 pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
 		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
 		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
 		ewarn "is a security risk which you should fix.  Please check your"
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
similarity index 50%
rename from sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.2-r1.ebuild
rename to sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
index fb9f76cd8f..826911b136 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.2-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-3.2.3-r5.ebuild
@@ -1,77 +1,52 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit flag-o-matic prefix systemd
+if [[ ${PV} != 3.2.3 ]]; then
+	# Make sure we revert the autotools hackery applied in 3.2.3.
+	die "Please use rsync-9999.ebuild as a basis for version bumps"
+fi
+
+WANT_LIBTOOL=none
+
+inherit autotools prefix systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
-if [[ "${PV}" == *9999 ]] ; then
-	PYTHON_COMPAT=( python3_{6,7} )
-	inherit autotools git-r3 python-any-r1
-	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
-else
-	if [[ "${PV}" == *_pre* ]] ; then
-		SRC_DIR="src-previews"
-	else
-		SRC_DIR="src"
-		KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-	fi
-	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
-	S="${WORKDIR}/${P/_/}"
-fi
+SRC_DIR="src"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
+S="${WORKDIR}/${P/_/}"
 
 LICENSE="GPL-3"
 SLOT="0"
-IUSE_CPU_FLAGS_X86=" sse2"
-IUSE="acl examples iconv ipv6 libressl lz4 ssl static stunnel system-zlib xattr xxhash zstd"
-IUSE+=" ${IUSE_CPU_FLAGS_X86// / cpu_flags_x86_}"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
 
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	lz4? ( app-arch/lz4[static-libs(+)] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	system-zlib? ( sys-libs/zlib[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	xxhash? ( dev-libs/xxhash[static-libs(+)] )
-	zstd? ( app-arch/zstd[static-libs(+)] )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-
-if [[ "${PV}" == *9999 ]] ; then
-	BDEPEND="${PYTHON_DEPS}
-		$(python_gen_any_dep '
-			dev-python/commonmark[${PYTHON_USEDEP}]
-		')"
-fi
-
-PATCHES=(
-	"${FILESDIR}/${P}-allow_bwlimit_0.patch" #731306
-	"${FILESDIR}/${P}-zstd_see_token.patch" #733084
-)
-
-# Only required for live ebuild
-python_check_deps() {
-	has_version "dev-python/commonmark[${PYTHON_USEDEP}]"
-}
+DEPEND="${RDEPEND}"
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/${P}-glibc-lchmod.patch"
+		"${FILESDIR}/${P}-cross.patch"
+		# Fix for (CVE-2020-14387) - net-misc/rsync: improper TLS validation in rsync-ssl script
+		"${FILESDIR}/${P}-verify-certificate.patch"
+	)
 	default
-	if [[ "${PV}" == *9999 ]] ; then
-		eaclocal -I m4
-		eautoconf -o configure.sh
-		eautoheader && touch config.h.in
-	fi
+	eautoconf -o configure.sh
+	touch config.h.in || die
 }
 
 src_configure() {
-	use static && append-ldflags -static
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@@ -86,16 +61,7 @@ src_configure() {
 		$(use_enable zstd)
 	)
 
-	if use elibc_glibc && [[ "${ARCH}" == "amd64" ]] ; then
-		# SIMD is only available for x86_64 right now
-		# and only on glibc (#728868)
-		myeconfargs+=( $(use_enable cpu_flags_x86_sse2 simd) )
-	else
-		myeconfargs+=( --disable-simd )
-	fi
-
 	econf "${myeconfargs[@]}"
-	[[ "${PV}" == *9999 ]] || touch proto.h-tstamp #421625
 }
 
 src_install() {
@@ -129,11 +95,11 @@ src_install() {
 
 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
 
-	systemd_dounit "${FILESDIR}/rsyncd.service"
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
 }
 
 pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
 		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
 		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
 		ewarn "is a security risk which you should fix.  Please check your"
diff --git a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
index cc20753190..8c91d4f3a1 100644
--- a/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-misc/rsync/rsync-9999.ebuild
@@ -1,14 +1,14 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
 
-inherit flag-o-matic prefix systemd
+inherit prefix systemd
 
 DESCRIPTION="File transfer program to keep remote files into sync"
 HOMEPAGE="https://rsync.samba.org/"
 if [[ "${PV}" == *9999 ]] ; then
-	PYTHON_COMPAT=( python3_{6,7} )
+	PYTHON_COMPAT=( python3_{6,7,8} )
 	inherit autotools git-r3 python-any-r1
 	EGIT_REPO_URI="https://github.com/WayneD/rsync.git"
 else
@@ -16,7 +16,7 @@ else
 		SRC_DIR="src-previews"
 	else
 		SRC_DIR="src"
-		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 	fi
 	SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz"
 	S="${WORKDIR}/${P/_/}"
@@ -24,25 +24,18 @@ fi
 
 LICENSE="GPL-3"
 SLOT="0"
-IUSE_CPU_FLAGS_X86=" sse2"
-IUSE="acl examples iconv ipv6 libressl lz4 ssl static stunnel system-zlib xattr xxhash zstd"
-IUSE+=" ${IUSE_CPU_FLAGS_X86// / cpu_flags_x86_}"
+IUSE="acl examples iconv ipv6 lz4 ssl stunnel system-zlib xattr xxhash zstd"
 
-LIB_DEPEND="acl? ( virtual/acl[static-libs(+)] )
-	lz4? ( app-arch/lz4[static-libs(+)] )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	system-zlib? ( sys-libs/zlib[static-libs(+)] )
-	xattr? ( kernel_linux? ( sys-apps/attr[static-libs(+)] ) )
-	xxhash? ( dev-libs/xxhash[static-libs(+)] )
-	zstd? ( app-arch/zstd[static-libs(+)] )
-	>=dev-libs/popt-1.5[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+RDEPEND="acl? ( virtual/acl )
+	lz4? ( app-arch/lz4 )
+	ssl? ( dev-libs/openssl:0= )
+	system-zlib? ( sys-libs/zlib )
+	xattr? ( kernel_linux? ( sys-apps/attr ) )
+	xxhash? ( dev-libs/xxhash )
+	zstd? ( >=app-arch/zstd-1.4 )
+	>=dev-libs/popt-1.5
 	iconv? ( virtual/libiconv )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
+DEPEND="${RDEPEND}"
 
 if [[ "${PV}" == *9999 ]] ; then
 	BDEPEND="${PYTHON_DEPS}
@@ -66,7 +59,6 @@ src_prepare() {
 }
 
 src_configure() {
-	use static && append-ldflags -static
 	local myeconfargs=(
 		--with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf
 		--without-included-popt
@@ -81,16 +73,7 @@ src_configure() {
 		$(use_enable zstd)
 	)
 
-	if use elibc_glibc && [[ "${ARCH}" == "amd64" ]] ; then
-		# SIMD is only available for x86_64 right now
-		# and only on glibc (#728868)
-		myeconfargs+=( $(use_enable cpu_flags_x86_sse2 simd) )
-	else
-		myeconfargs+=( --disable-simd )
-	fi
-
 	econf "${myeconfargs[@]}"
-	[[ "${PV}" == *9999 ]] || touch proto.h-tstamp #421625
 }
 
 src_install() {
@@ -124,11 +107,11 @@ src_install() {
 
 	eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd*
 
-	systemd_dounit "${FILESDIR}/rsyncd.service"
+	systemd_newunit "packaging/systemd/rsync.service" "rsyncd.service"
 }
 
 pkg_postinst() {
-	if egrep -qis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
+	if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \
 		"${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then
 		ewarn "You have disabled chroot support in your rsyncd.conf.  This"
 		ewarn "is a security risk which you should fix.  Please check your"