From 00408624f527353799675aaa44c2865f2773f7b0 Mon Sep 17 00:00:00 2001
From: maxonxie <maxonxie@tencent.com>
Date: Fri, 29 May 2026 20:37:29 +0800
Subject: [PATCH] fix CVE-2026-48863

Add patch for wrong memcpy length in Ed25519 PGP signature verification
---
 Fix-CVE-2026-48863.patch | 22 ++++++++++++++++++++++
 libsolv.spec             |  8 +++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2026-48863.patch

diff --git a/Fix-CVE-2026-48863.patch b/Fix-CVE-2026-48863.patch
new file mode 100644
index 0000000..fe68de7
--- /dev/null
+++ b/Fix-CVE-2026-48863.patch
@@ -0,0 +1,22 @@
+From 44f8c085045b1f771641091bbb2b810d12cff9e8 Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Tue, 26 May 2026 10:30:31 +0200
+Subject: [PATCH] Fix wrong variable being used in solv_pgpvrfy
+
+---
+ ext/solv_pgpvrfy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/solv_pgpvrfy.c b/ext/solv_pgpvrfy.c
+index 8fec835..7e6e31e 100644
+--- a/ext/solv_pgpvrfy.c
++++ b/ext/solv_pgpvrfy.c
+@@ -589,7 +589,7 @@ solv_pgpvrfy(const unsigned char *pub, int publ, const unsigned char *sig, int s
+ 	if (rlen)
+ 	  memcpy(sigdata + 32 - rlen, r, rlen);
+ 	if (slen)
+-	  memcpy(sigdata + 64 - slen, s, rlen);
++	  memcpy(sigdata + 64 - slen, s, slen);
+ 	res = mped25519(pub + 1 + 10 + 2 + 1, sigdata, sig + 2, hashl);
+ 	break;
+       }
diff --git a/libsolv.spec b/libsolv.spec
index dd70665..10b3fdb 100644
--- a/libsolv.spec
+++ b/libsolv.spec
@@ -1,10 +1,12 @@
 Summary:        Library for solving packages and reading repositories
 Name:           libsolv
 Version:        0.7.24
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        BSD
 URL:            https://github.com/openSUSE/libsolv
 Source0:        https://github.com/openSUSE/libsolv/archive/%{version}/%{name}-%{version}.tar.gz
+# https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8
+Patch001:       Fix-CVE-2026-48863.patch
 
 BuildRequires:  cmake gcc-c++ ninja-build rpm-devel zlib-devel libxml2-devel xz-devel bzip2-devel libzstd-devel
 
@@ -141,6 +143,10 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %{python3_sitearch}/__pycache__/solv.*
 
 %changelog
+* Fri May 29 2026 Maxon Xie <maxonxie@tencent.com> - 0.7.24-7
+- [Type] security
+- [DESC] Fix CVE-2026-48863: use correct length in Ed25519 signature memcpy
+
 * Thu Sep 26 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 0.7.24-6
 - Rebuilt for clarifying the packages requirement in BaseOS and AppStream
 
-- 
Gitee