Fix memleak in function DlgCreate8

Also correct some old time line to avoid the source check failure by factory_bot.

da98987f.patch

@@ -0,0 +1,31 @@
+From da98987fa8c896fce9a7813923f4f1c75b0d8cd3 Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei <zhailiangliang@loongson.cn>
+Date: Mon, 11 Nov 2024 11:00:34 +0800
+Subject: [PATCH] fix memleak in function DlgCreate8 (#5491)
+
+---
+ gdraw/gaskdlg.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/gdraw/gaskdlg.c b/gdraw/gaskdlg.c
+index 3563361796..8178be14c8 100644
+--- a/gdraw/gaskdlg.c
++++ b/gdraw/gaskdlg.c
+@@ -209,12 +209,13 @@ static GWindow DlgCreate8(const char *title,const char *question,va_list ap,
+     extern GBox _GGadget_defaultbutton_box;
+ 
+     if ( d!=NULL )
+-	memset(d,0,sizeof(*d));
++        memset(d,0,sizeof(*d));
+     buf = vsmprintf(question, ap);
+     if ( screen_display==NULL ) {
+-	fprintf(stderr, "%s\n", buf );
+-	if ( d!=NULL ) d->done = true;
+-return( NULL );
++        fprintf(stderr, "%s\n", buf);
++        if ( d!=NULL ) d->done = true;
++        free(buf);
++        return( NULL );
+     }
+     ubuf = utf82u_copy(buf);
+     free(buf);

fontforge.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Nov 23 15:01:25 UTC 2025 - Cliff Zhao <qzhao@suse.com>
+
+- Add da98987f.patch:
+  Backport da98987f from upstream, fix memleak in function DlgCreate8.
+  (CVE-2025-50949, bsc#1252652)
+
 -------------------------------------------------------------------
 Thu Nov 21 20:31:36 UTC 2024 - Dirk Müller <dmueller@suse.com>
 
@@ -690,38 +697,36 @@ Wed Sep  5 19:24:25 CEST 2001 - mfabian@suse.de
 - adapted for SuSE, version 010905
 
 -------------------------------------------------------------------
-Thu May 10 2001 - George Williams <gww@silcom.com>
+Thu May 10 00:00:00 CEST 2001 - George Williams <gww@silcom.com>
 
 - My first attempt at rpm, updated to 10 May sources
 
 -------------------------------------------------------------------
-Tue May 01 2001 - Scott Pakin <pakin@uiuc.edu>
+Tue May 01 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Removed (unused) dynamic library files
 
 -------------------------------------------------------------------
-Sun Apr 29 2001 - Scott Pakin <pakin@uiuc.edu>
+Sun Apr 29 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Upgraded from 220401 to 280401.
 
 -------------------------------------------------------------------
-Tue Apr 24 2001 - Scott Pakin <pakin@uiuc.edu>
+Tue Apr 24 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Upgraded from 190401 to 220401.
 
 -------------------------------------------------------------------
-Fri Apr 20 2001 - Scott Pakin <pakin@uiuc.edu>
+Fri Apr 20 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Upgraded from 020401 to 190401.
 
 -------------------------------------------------------------------
-Tue Apr 10 2001 - Scott Pakin <pakin@uiuc.edu>
+Tue Apr 10 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Upgraded from 210301 to 020401.
 
 -------------------------------------------------------------------
-Thu Mar 22 2001 Scott Pakin <pakin@uiuc.edu>
+Thu Mar 22 00:00:00 CEST 2001 - Scott Pakin <pakin@uiuc.edu>
 
 - Initial release
-
-

fontforge.spec

@@ -32,6 +32,8 @@ Patch2:         fontforge-CVE-2024-25081-CVE-2024-25082.patch
 Patch3:         https://github.com/fontforge/fontforge/commit/642d8a3db6d4bc0e70b429622fdf01ecb09c4c10.patch
 # PATCH-FIX-UPSTREAM: taken from https://github.com/fontforge/fontforge/commit/8c75293e924602ed09a9481b0eeb67ba6c623a81
 Patch4:         use-sysconfig-not-distutils.patch
+# PATCH-FIX-UPSTREAM da98987f.patch CVE-2025-50949 bsc#1252652 qzhao@suse.com -- fix memleak in function DlgCreate8.
+Patch5:         da98987f.patch
 BuildRequires:  cairo-devel
 BuildRequires:  cmake
 BuildRequires:  fdupes