diff --git a/backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch b/backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7fb80ddbde0952295d8c43734a23bd8146b0f72f
--- /dev/null
+++ b/backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch
@@ -0,0 +1,53 @@
+From 0f599d3641bd197ff01f5182fad33169aa46a055 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sat, 22 Apr 2023 08:49:48 -0700
+Subject: [PATCH 1/1] Fix overflow of sum2 buffer for sha1 rolling checksums.
+ Fixed #353.
+
+---
+ checksum.c  | 1 +
+ generator.c | 2 +-
+ match.c     | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/checksum.c b/checksum.c
+index c6007f36..cd741d1b 100644
+--- a/checksum.c
++++ b/checksum.c
+@@ -300,6 +300,7 @@ uint32 get_checksum1(char *buf1, int32 len)
+ }
+ #endif
+ 
++/* The "sum" buffer must be at least MAX_DIGEST_LEN bytes! */
+ void get_checksum2(char *buf, int32 len, char *sum)
+ {
+ #ifdef USE_OPENSSL
+diff --git a/generator.c b/generator.c
+index 21c4a595..557769e6 100644
+--- a/generator.c
++++ b/generator.c
+@@ -783,7 +783,7 @@ static int generate_and_send_sums(int fd, OFF_T len, int f_out, int f_copy)
+ 	for (i = 0; i < sum.count; i++) {
+ 		int32 n1 = (int32)MIN(len, (OFF_T)sum.blength);
+ 		char *map = map_ptr(mapbuf, offset, n1);
+-		char sum2[SUM_LENGTH];
++		char sum2[MAX_DIGEST_LEN];
+ 		uint32 sum1;
+ 
+ 		len -= n1;
+diff --git a/match.c b/match.c
+index 6243994c..192b154a 100644
+--- a/match.c
++++ b/match.c
+@@ -142,7 +142,7 @@ static void hash_search(int f,struct sum_struct *s,
+ {
+ 	OFF_T offset, aligned_offset, end;
+ 	int32 k, want_i, aligned_i, backup;
+-	char sum2[SUM_LENGTH];
++	char sum2[MAX_DIGEST_LEN];
+ 	uint32 s1, s2, sum;
+ 	int more;
+ 	schar *map;
+-- 
+2.25.1
+
diff --git a/rsync.spec b/rsync.spec
index 8891b12ae792d16a3a3f11543b7cbf55a70f58c2..692d0171627ec39dfa7bc0478a663c2cde4ae6c0 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -1,6 +1,6 @@
 Name:           rsync
 Version:        3.2.7
-Release:        3
+Release:        4
 Summary:        Fast incremental file transfer utility
 License:        GPL-3.0-or-later
 URL:            http://rsync.samba.org/
@@ -11,6 +11,8 @@ Source3:        rsyncd.conf
 Source4:        rsyncd.sysconfig
 Source5:        rsyncd@.service
 
+patch1:         backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch
+
 BuildRequires:  git gcc systemd libacl-devel libattr-devel autoconf popt-devel
 BuildRequires:  lz4-devel openssl-devel libzstd-devel
 Provides:       bundled(zlib) = 1.2.8 rsync-daemon
@@ -84,6 +86,12 @@ install -D -m644 %{SOURCE5} %{buildroot}/%{_unitdir}/rsyncd@.service
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Thu Jul 11 2024 Wenhua Huang <huangwenhua@kylinos.cn> - 3.2.7-4
+- Type: bugfix
+- CVE:NA
+- SUG:NA
+- DESC: Fix overflow of sum2 buffer for sha1 rolling checksums.
+
 * Thu Feb 22 2024 Xiaoya Huang <huangxiaoya@iscas.ac.cn> - 3.2.7-3
 - Type: enhencement
 - CVE: