From 893d6480f6cd39e0d5bd10f6e26ecf4c5d685899 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 26 Aug 2021 14:55:52 +0200
Subject: [PATCH] authselect-1.2.3-7: rhbz#1970871

Resolves: rhbz#1970871
---
 ...g-uninitialized-variable-in-authsele.patch | 31 +++++++++++++++++++
 authselect.spec                               |  7 ++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch

diff --git a/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch b/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
new file mode 100644
index 0000000..091d8f7
--- /dev/null
+++ b/0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
@@ -0,0 +1,31 @@
+From 6924b8f8d82ecd32e897cf5f441e5c87f8816859 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Thu, 22 Jul 2021 11:29:20 +0200
+Subject: [PATCH] lib: avoid freeing uninitialized variable in
+ authselect_apply_changes()
+
+If authselect_profile() fails, we goto done and try to free uninitialized
+variable.
+
+Resolves:
+https://github.com/authselect/authselect/issues/265
+---
+ src/lib/authselect.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/authselect.c b/src/lib/authselect.c
+index 0f43e12202c16769dfc6ac7dee41812159cc1d3a..a901e02719713bd13d5a4fab606ee713b3d6ddca 100644
+--- a/src/lib/authselect.c
++++ b/src/lib/authselect.c
+@@ -163,7 +163,7 @@ authselect_uninstall(void)
+ _PUBLIC_ int
+ authselect_apply_changes(void)
+ {
+-    struct authselect_profile *profile;
++    struct authselect_profile *profile = NULL;
+     char **supported = NULL;
+     char *profile_id;
+     char **features;
+-- 
+2.31.1
+
diff --git a/authselect.spec b/authselect.spec
index cd919ba..9c7ecbb 100644
--- a/authselect.spec
+++ b/authselect.spec
@@ -3,13 +3,15 @@
 
 Name:           authselect
 Version:        1.2.3
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/authselect/authselect
 
 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
+Patch0001: 0001-lib-avoid-freeing-uninitialized-variable-in-authsele.patch
+
 ### Downstream Patches ###
 %if 0%{?rhel}
 Patch9001: 9001-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
@@ -291,6 +293,9 @@ exit 0
 exit 0
 
 %changelog
+* Thu Aug 26 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-7
+- Avoid freeing uninitialized variable in authselect_apply_changes (rhbz#1970871)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.3-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688