From 2c7c123fcef534abf2774019e33866de705950e4 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <andrew.lukoshko@gmail.com>
Date: Tue, 21 Apr 2026 00:25:50 +0200
Subject: [PATCH] Fix premature free() in sftp_readdir_async()

---
 config.yaml                               | 15 ++++++++++
 files/1000-sshfs-fix-premature-free.patch | 34 +++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 config.yaml
 create mode 100644 files/1000-sshfs-fix-premature-free.patch

diff --git a/config.yaml b/config.yaml
new file mode 100644
index 0000000..5a03de0
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,15 @@
+actions:
+  - modify_release:
+    - suffix: ".alma.1"
+      enabled: true
+
+  - changelog_entry:
+    - name: "Andrew Lukoshko"
+      email: "alukoshko@almalinux.org"
+      line:
+        - "Fix premature free() in sftp_readdir_async()"
+
+  - add_files:
+    - type: "patch"
+      name: "1000-sshfs-fix-premature-free.patch"
+      number: 1000
diff --git a/files/1000-sshfs-fix-premature-free.patch b/files/1000-sshfs-fix-premature-free.patch
new file mode 100644
index 0000000..36b1eb5
--- /dev/null
+++ b/files/1000-sshfs-fix-premature-free.patch
@@ -0,0 +1,34 @@
+diff -ur sshfs-2.8.old/ChangeLog sshfs-2.8/ChangeLog
+--- sshfs-2.8.old/ChangeLog	2016-06-22 19:38:01.000000000 +0100
++++ sshfs-2.8/ChangeLog	2021-09-07 08:17:35.352080786 +0100
+@@ -1,3 +1,9 @@
++ Unreleased Changes
++ ------------------
++
+++* Fixed a crash due to a race condition when listing
+++  directory contents.
++
+ Release 2.7 (2016-06-22)
+ ------------------------
+ 
+diff -ur sshfs-2.8.old/sshfs.c sshfs-2.8/sshfs.c
+--- sshfs-2.8.old/sshfs.c	2016-06-08 16:42:12.000000000 +0100
++++ sshfs-2.8/sshfs.c	2021-09-07 08:17:06.339682726 +0100
+@@ -2173,11 +2173,16 @@
+ 			outstanding--;
+ 
+ 			if (done) {
++				/* We need to cache want_reply, since processing
++				   thread may free req right after unlock() if
++				   want_reply == 0 */
++				int want_reply;
+ 				pthread_mutex_lock(&sshfs.lock);
+ 				if (sshfs_req_pending(req))
+ 					req->want_reply = 0;
++				want_reply = req->want_reply;
+ 				pthread_mutex_unlock(&sshfs.lock);
+-				if (!req->want_reply)
++				if (!want_reply)
+ 					continue;
+ 			}
+