diff --git a/backport-mcstrans-free-constraint-in-error-branch.patch b/backport-mcstrans-free-constraint-in-error-branch.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2f056898fb8a8e732122ee2172a701b90a2b3959
--- /dev/null
+++ b/backport-mcstrans-free-constraint-in-error-branch.patch
@@ -0,0 +1,32 @@
+From 55b474ee41034e7cec38cf7b739c2a5c5a7886c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Mon, 29 Apr 2024 18:39:01 +0200
+Subject: [PATCH] mcstrans: free constraint in error branch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Free constraint, like in all other error branches.
+
+Reported-by: Cppcheck
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ mcstrans/src/mcstrans.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
+index fded3235..7667e131 100644
+--- a/mcstrans/src/mcstrans.c
++++ b/mcstrans/src/mcstrans.c
+@@ -477,6 +477,7 @@ add_constraint(char op, char *raw, char *tok) {
+ 		}
+ 		if (asprintf(&constraint->text, "%s%c%s", raw, op, tok) < 0) {
+ 			log_error("asprintf failed %s", strerror(errno));
++			free(constraint);
+ 			return -1;
+ 		}
+ 		constraint->op = op;
+-- 
+2.33.0
+
diff --git a/mcstrans.spec b/mcstrans.spec
index c12fb8c9cd17c2948fee3c6405131b84ac2ba90c..d3a1d0f6ee6d2191af4684469846e17362cc29b1 100644
--- a/mcstrans.spec
+++ b/mcstrans.spec
@@ -1,12 +1,13 @@
 Name:           mcstrans
 Version:        3.5
-Release:        2
+Release:        3
 Summary:        SELinux Translation Daemon
 License:        GPL2
 URL:            https://github.com/SELinuxProject/selinux/wiki
 Source:         https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
 
 Patch1:    backport-mcstrans-check-memory-allocations.patch
+Patch2:    backport-mcstrans-free-constraint-in-error-branch.patch
 
 BuildRequires:  gcc systemd-units make
 BuildRequires:  libselinux-devel >= %{version}
@@ -41,6 +42,7 @@ mcstrans-help include help files for man page
 %prep
 %setup -q
 %patch1 -p2
+%patch2 -p2
 
 %build
 %set_build_flags
@@ -90,6 +92,9 @@ rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
 %{_mandir}/ru/man8/*.8.gz
 
 %changelog
+* Wed Oct 23 2024 yixiangzhike <yixiangzhike007@163.com> - 3.5-3
+- backport upstream patch to free constraint in error branch
+
 * Mon Jul 8 2024 yixiangzhike <yixiangzhike007@163.com> - 3.5-2
 - backport upstream patch to avoid NULL dereferences