diff --git a/backport-fix-memleak-fnevr-is-allocatted-via-xmalloc-but-not-.patch b/backport-fix-memleak-fnevr-is-allocatted-via-xmalloc-but-not-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..644dd30ac53d2028244c5f5d90dd0ec381ec8ae3
--- /dev/null
+++ b/backport-fix-memleak-fnevr-is-allocatted-via-xmalloc-but-not-.patch
@@ -0,0 +1,27 @@
+From 758b89ff2fe53075e56c759befcda7b0afa5224f Mon Sep 17 00:00:00 2001
+From: Bonin' O'Brien <jaxiel.kaise@whoisox.com>
+Date: Mon, 20 Jun 2022 13:30:25 +0200
+Subject: [PATCH] Fix memleak: fnevr is allocatted via xmalloc, but not free'd
+
+---
+ applydeltarpm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/applydeltarpm.c b/applydeltarpm.c
+index 6ee3e79..7bf3854 100644
+--- a/applydeltarpm.c
++++ b/applydeltarpm.c
+@@ -1449,8 +1449,10 @@ main(int argc, char **argv)
+   if (strcmp(fnevr, (char *)d.nevr) != 0)
+     {
+       fprintf(stderr, "delta rpm made for %s, not %s\n", d.nevr, fnevr);
++      free(fnevr);
+       exit(1);
+     }
++  free(fnevr);
+   if (!seqmatches)
+     {
+       fprintf(stderr, "rpm does not match the one used for creating the deltarpm\n");
+-- 
+2.33.0
+
diff --git a/deltarpm.spec b/deltarpm.spec
index e110f3159b7e2e73f4c0b428b1596136d2a56fc1..b6b64167801a66276557613d5a568a725a8db2f6 100644
--- a/deltarpm.spec
+++ b/deltarpm.spec
@@ -1,7 +1,7 @@
 %bcond_without  python3
 Name:           deltarpm
 Version:        3.6.3
-Release:        2
+Release:        3
 Summary:        deltarpm contains the difference between an old and a new version of an RPM package.
 License:        BSD
 URL:            https://github.com/rpm-software-management/deltarpm
@@ -18,6 +18,7 @@ Patch6003:      backport-fix-CVE-2016-9843.patch
 Patch6004:      backport-fix-CVE-2018-25032.patch
 Patch6005:      backport-fix-CVE-2022-37434-1.patch
 Patch6006:      backport-fix-CVE-2022-37434-2.patch
+Patch6007:	backport-fix-memleak-fnevr-is-allocatted-via-xmalloc-but-not-.patch
 
 %description
 Delta RPM packages contain the difference between an old and a new
@@ -62,6 +63,8 @@ cd zlib-1.2.2.f-rsyncable
 cd -
 #patch for zlib end
 
+%patch6007 -p1
+
 %build
 %make_build  CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="%__global_ldflags" \
              bindir=%{_bindir} libdir=%{_libdir} mandir=%{_mandir} prefix=%{_prefix} \
@@ -94,6 +97,9 @@ cd -
 %{_bindir}/drpmsync
 
 %changelog
+* Thu Aug 01 2024 zhangruifang <zhangruifang@h-partners.com> - 3.6.3-3
+- backport patch from upstream
+
 * Tue Sep 20 2022 zhoushuiqing <zhoushuiqing2@huawei.com> - 3.6.3-2
 - Type:CVE
 - CVE:CVE-2005-1849,CVE-2016-9840,CVE-2016-9841,CVE-2016-9843,CVE-2018-25032,CVE-2022-37434