diff --git a/rsync-3.0.1-xattr-alloc.diff b/rsync-3.0.1-xattr-alloc.diff
new file mode 100644
index 0000000..258a85d
--- /dev/null
+++ b/rsync-3.0.1-xattr-alloc.diff
@@ -0,0 +1,23 @@
+--- a/util.c
++++ b/util.c
+@@ -1329,7 +1329,7 @@ void *_new_array(unsigned long num, unsigned int size, int use_calloc)
+ 	return use_calloc ? calloc(num, size) : malloc(num * size);
+ }
+ 
+-void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
++void *_realloc_array(void *ptr, unsigned int size, size_t num)
+ {
+ 	if (num >= MALLOC_MAX/size)
+ 		return NULL;
+@@ -1550,7 +1550,10 @@ void *expand_item_list(item_list *lp, size_t item_size,
+ 			new_size += incr;
+ 		else
+ 			new_size *= 2;
+-		new_ptr = realloc_array(lp->items, char, new_size * item_size);
++		if (new_size < lp->malloced)
++			overflow_exit("expand_item_list");
++		/* Using _realloc_array() lets us pass the size, not a type. */
++		new_ptr = _realloc_array(lp->items, item_size, new_size);
+ 		if (verbose >= 4) {
+ 			rprintf(FINFO, "[%s] expand %s to %.0f bytes, did%s move\n",
+ 				who_am_i(), desc, (double)new_size * item_size,
diff --git a/rsync.spec b/rsync.spec
index b0ff29b..75b300c 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -1,7 +1,7 @@
 Summary: A program for synchronizing files over a network.
 Name: rsync
 Version: 2.6.9
-Release: 3.2%{?dist}
+Release: 4%{?dist}
 Group: Applications/Internet
 # TAG: for pre versions use
 #Source:	ftp://rsync.samba.org/pub/rsync/rsync-%{version}pre1.tar.gz
@@ -9,6 +9,7 @@ Source:	ftp://rsync.samba.org/pub/rsync/rsync-%{version}.tar.gz
 Source1: rsync.xinetd
 Patch1: rsync-2.6.9-acl-xattr-delete-bug.patch
 Patch2: rsync-2.6.9-hlink-segv.patch
+Patch3: rsync-3.0.1-xattr-alloc.diff
 BuildRequires: libacl-devel, libattr-devel, autoconf, make, gcc, popt-devel
 Prefix: %{_prefix}
 BuildRoot: /var/tmp/%{name}-root
@@ -31,6 +32,7 @@ patch -p1 < patches/acls.diff
 patch -p1 < patches/xattrs.diff
 %patch1 -p1 -b .acl_xattrs_bug
 %patch2 -p1 -b .hlink_segv
+%patch3 -p1 -b .xattr-alloc
 
 %build
 rm -fr autom4te.cache
@@ -60,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Tue Apr  8 2008 Simo Sorce <ssorce@redhat.com> 2.6.9-4.fc8
+- Security release: http://rsync.samba.org/security.html#s3_0_2
+
 * Sat Oct 13 2007 Simo Sorce <ssorce@redhat.com> 2.6.9-3.2.fc8
 - Add flags = IPv6 to rsync.xinetd (bz#330301)