Commit 2fe85279a0f for php.net

commit 2fe85279a0f7b333ff99fc16b55d736d4583560b
Author: Jarne Clauw <67628242+JarneClauw@users.noreply.github.com>
Date:   Mon Apr 13 18:11:49 2026 +0200

    ext/phar: Fix memory leak in phar_verify_signature() when md_ctx is invalid

    Closes GH-21750

diff --git a/ext/phar/util.c b/ext/phar/util.c
index a1f9863ae3a..fe177f96444 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1640,6 +1640,7 @@ zend_result phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t s
 				if (md_ctx) {
 					EVP_MD_CTX_destroy(md_ctx);
 				}
+				EVP_PKEY_free(key);
 				if (error) {
 					spprintf(error, 0, "openssl signature could not be verified");
 				}