fix a memory leak in g10

fix-a-memory-leak-in-g10.patch

@@ -0,0 +1,36 @@
+From a861f9343d6e6d18064e4e54aeb914c5a10b2095 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 17 Apr 2019 09:58:07 +0900
+Subject: [PATCH] g10: Fix a memory leak.
+
+* g10/import.c (import): Care PNDING_PKT on error.
+
+--
+
+GnuPG-bug-id: 4461
+Reported-by: Philippe Antoine
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/import.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/g10/import.c b/g10/import.c
+index 565086773..00bc47cc1 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -689,6 +689,13 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
+     log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc));
+ 
+   release_kbnode (secattic);
++
++  /* When read_block loop was stopped by error, we have PENDING_PKT left.  */
++  if (pending_pkt)
++    {
++      free_packet (pending_pkt, NULL);
++      xfree (pending_pkt);
++    }
+   return rc;
+ }
+ 
+-- 
+2.11.0

gnupg2.spec

@@ -1,6 +1,6 @@
 Name: gnupg2
 Version: 2.2.17
-Release: 6
+Release: 7
 Summary: Utility for secure communication and data storage
 
 License: GPLv3+
@@ -10,6 +10,7 @@ Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 Patch0: fix-CVE-2019-14855-0-Ignore-all-SHA-1-3rd-party-key-sig.patch
 Patch1: fix-CVE-2019-14855-1-Add-option-allow-weak-key-signatures.patch
 Patch2: fix-CVE-2019-14855-2-Forbid-creation-of-SHA-1-3rd-party-key-sig.patch
+Patch3: fix-a-memory-leak-in-g10.patch
 
 BuildRequires: zlib-devel, npth-devel, gdb, texinfo
 BuildRequires: libgpg-error-devel >= 1.31
@@ -104,6 +105,9 @@ make check
 
 
 %changelog
+* Wed Jun 3 2020 Anakin Zhang <nbztx@126.com> - 2.2.17-7
+- fix a memory leak in g10
+
 * Wed Apr 22 2020 Anakin Zhang <nbztx@126.com> - 2.2.17-6
 - fix CVE-2019-14855