rsync: 3.3.0 -> 3.4.1

[LeSuisse]

Follow-up to edccf51.

Changes:
https://github.com/RsyncProject/rsync/blob/v3.4.1/NEWS.md

The PGP key change is expected and has been confirmed by the maintainers.
In a effort to provide traceability the new key has been signed by Wayne Davison,
another rsync maintainer, see https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6c859fb14b96a8c5 (or other keyservers...)

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[LeSuisse]

Moving back to draft, the security fixes are in (#373784), this can take the long way in. I will re-target at staging tomorrow.

[LeSuisse]

I changed the target and added a fix for a regression (RsyncProject/rsync#702) introduced by one of the security fixes.

We also might want the fix for RsyncProject/rsync#704 before moving forward with this.

[de11n]

rsync 3.4.1 was released with the regression fixed.

[LeSuisse]

Bumped to 3.4.1 with the regression fix. Flagged the PR as security related, out of caution, for the new use-after-free even if it does not look exploitable.

[winterqt]

The PGP key change is expected and has been confirmed by the maintainers.

It might be worthwhile to cite this confirmation in the commit message for future reference, as I can't immediately find anything.

[LeSuisse]

The PGP key change is expected and has been confirmed by the maintainers.

It might be worthwhile to cite this confirmation in the commit message for future reference, as I can't immediately find anything.

AFAIK no public communication has been done but this has been confirmed in private channels and the key has been signed by an existing rsync maintainer. I edited the commit message to mention the publicly verifiable information.

[nixpkgs-ci]

Successfully created backport PR for staging-24.11:

• [Backport staging-24.11] rsync: 3.3.0 -> 3.4.1 #374239

[vcunat]

Also picked to staging-next PR #371501