diff --git a/rsync-3.2.3.tar.gz b/rsync-3.2.3.tar.gz
deleted file mode 100644
index 5dfab68..0000000
--- a/rsync-3.2.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e
-size 1069784
diff --git a/rsync-3.2.3.tar.gz.asc b/rsync-3.2.3.tar.gz.asc
deleted file mode 100644
index e08605a..0000000
--- a/rsync-3.2.3.tar.gz.asc
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCXyzRugAKCRBshZ+xS5ao
-xa7uAJ0fzldqVXlP3AiBI1PBJISTn/VjpQCfVBo0o0veH0KZZJyCcEmfTggiJDc=
-=ck3O
------END PGP SIGNATURE-----
diff --git a/rsync-3.2.4.tar.gz b/rsync-3.2.4.tar.gz
new file mode 100644
index 0000000..1ff574b
--- /dev/null
+++ b/rsync-3.2.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6f761838d08052b0b6579cf7f6737d93e47f01f4da04c5d24d3447b7f2a5fad1
+size 1114853
diff --git a/rsync-3.2.4.tar.gz.asc b/rsync-3.2.4.tar.gz.asc
new file mode 100644
index 0000000..aafcba1
--- /dev/null
+++ b/rsync-3.2.4.tar.gz.asc
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYlnXXQAKCRBshZ+xS5ao
+xc+IAKD048bZqvc6HNIKwE1YeUe+x/46lgCfYwuhXBwgdOqeJ+5YCjfXqsAJcXw=
+=QsHS
+-----END PGP SIGNATURE-----
diff --git a/rsync-CVE-2020-14387.patch b/rsync-CVE-2020-14387.patch
deleted file mode 100644
index 7e97476..0000000
--- a/rsync-CVE-2020-14387.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-X-Git-Url: http://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=rsync-ssl;h=46701af160ecff16680b30faf6a1f325fac62359;hp=8101975ac6ef1e9e683e6658a61e49fbe02c5f52;hb=c3f7414;hpb=4c4fce51072c9189cfb11b52aa54fed79f5741bd
-
-diff --git a/rsync-ssl b/rsync-ssl
-index 8101975a..46701af1 100755
---- a/rsync-ssl
-+++ b/rsync-ssl
-@@ -129,7 +129,7 @@ function rsync_ssl_helper {
-     fi
- 
-     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
--	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
-+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
-     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
- 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
-     else
diff --git a/rsync-patches-3.2.3.tar.gz b/rsync-patches-3.2.3.tar.gz
deleted file mode 100644
index 2b45f66..0000000
--- a/rsync-patches-3.2.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de6645b46967bd701b7d6f3e29cccb19d2b46a6fa2d26a9db165847dca0e42f2
-size 157092
diff --git a/rsync-patches-3.2.3.tar.gz.asc b/rsync-patches-3.2.3.tar.gz.asc
deleted file mode 100644
index c3fd266..0000000
--- a/rsync-patches-3.2.3.tar.gz.asc
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCXyzRugAKCRBshZ+xS5ao
-xa2oAKDaZfy8axuxsYyrrY+tkygSagjFjwCgk0MMptlzjWEJ23ogzrTQ4E7Eb6c=
-=I7Yo
------END PGP SIGNATURE-----
diff --git a/rsync-patches-3.2.4.tar.gz b/rsync-patches-3.2.4.tar.gz
new file mode 100644
index 0000000..9ad441d
--- /dev/null
+++ b/rsync-patches-3.2.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:70a597590af6c61cf3d05d663429ff9f60ffe24e44f9c73a4cdc69ebdc1322a4
+size 133580
diff --git a/rsync-patches-3.2.4.tar.gz.asc b/rsync-patches-3.2.4.tar.gz.asc
new file mode 100644
index 0000000..528112d
--- /dev/null
+++ b/rsync-patches-3.2.4.tar.gz.asc
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYlnXXQAKCRBshZ+xS5ao
+xa40AJ9nhXAe+WGpq+hCo6D9TGPNDmKsWwCfR5dNecRPJBCsiffMAJXQUr7Mfg0=
+=jE+s
+-----END PGP SIGNATURE-----
diff --git a/rsync.changes b/rsync.changes
index d4969a6..bcb006b 100644
--- a/rsync.changes
+++ b/rsync.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Apr 19 06:38:55 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Update to 3.2.4
+  * A new form of arg protection was added that works similarly to
+    the older `--protect-args` (`-s`) option but in a way that 
+    avoids breaking things like rrsync.
+  * A long-standing bug was preventing rsync from figuring out the
+    current locale's decimal point character, which made rsync 
+    always output numbers using the "C" locale.
+  * Too many changes to list, see included NEWS.md file.
+- Drop rsync-CVE-2020-14387.patch, already included upstream.
+
 -------------------------------------------------------------------
 Tue Nov 16 08:59:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/rsync.spec b/rsync.spec
index c8a0c94..a640eb2 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package rsync
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
 %endif
 
 Name:           rsync
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 Summary:        Versatile tool for fast incremental file transfer
 License:        GPL-3.0-or-later
@@ -42,7 +42,6 @@ Source10:       http://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz.asc
 Source11:       http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc
 Source12:       %{name}.keyring
 Patch0:         rsync-no-libattr.patch
-Patch1:         rsync-CVE-2020-14387.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  c++_compiler
@@ -79,7 +78,6 @@ rm -f zlib/*.h
 patch -p1 < patches/slp.diff
 
 %patch0 -p1
-%patch1 -p1
 
 %build
 autoreconf -fiv