KDE-x86_64-v4-Fedora/SPECS/openssl/0074-CVE-2026-28387.patch

From 444958deaf450aea819171f97ae69eaedede42c3 Mon Sep 17 00:00:00 2001
From: Alexandr Nedvedicky <sashan@openssl.org>
Date: Tue, 3 Mar 2026 13:23:46 +0100
Subject: [PATCH] dane_match_cert() should X509_free() on ->mcert instead of
 OPENSSL_free()

Fixes: 170b735820ac "DANE support for X509_verify_cert()"

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Thu Mar  5 12:37:17 2026
(Merged from https://github.com/openssl/openssl/pull/30250)

(cherry picked from commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a)
---
 crypto/x509/x509_vfy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8f1b9f58cacdb..01ce14982d6e0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3016,7 +3016,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth)
                     break;
                 }
 
-                OPENSSL_free(dane->mcert);
+                X509_free(dane->mcert);
                 dane->mcert = cert;
                 dane->mdpth = depth;
                 dane->mtlsa = t;