[packages/h2o] fix free() on random buffer

Fri Sep 29 15:29:45 CEST 2017

commit be673e616ff96006c2e5d721fb8b57b4c3a88696
Author: Elan Ruusamäe <glen at pld-linux.org>
Date:   Fri Sep 29 16:29:11 2017 +0300

    fix free() on random buffer
    
    fixes
    https://github.com/h2o/h2o/issues/1438

 h2o.spec        |  2 +-
 system-ca.patch | 16 ++++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)
---

diff --git a/h2o.spec b/h2o.spec
index 5c4b105..47a5d5f 100644
--- a/h2o.spec
+++ b/h2o.spec
@@ -7,7 +7,7 @@
 Summary:	H2O - an optimized HTTP server with support for HTTP/1.x and HTTP/2
 Name:		h2o
 Version:	2.2.2
-Release:	0.3
+Release:	0.8
 License:	MIT
 Group:		Networking/Daemons/HTTP
 Source0:	https://github.com/h2o/h2o/archive/v%{version}/%{name}-%{version}.tar.gz
diff --git a/system-ca.patch b/system-ca.patch
index cf9e477..f7f184a 100644
--- a/system-ca.patch
+++ b/system-ca.patch
@@ -1,5 +1,5 @@
---- h2o-2.2.2/./CMakeLists.txt~	2017-04-23 06:26:35.000000000 +0300
-+++ h2o-2.2.2/./CMakeLists.txt	2017-09-29 15:26:44.945814814 +0300
+--- h2o-2.2.2/CMakeLists.txt~	2017-04-23 06:26:35.000000000 +0300
++++ h2o-2.2.2/CMakeLists.txt	2017-09-29 15:26:44.945814814 +0300
 @@ -495,7 +495,6 @@
  ENDIF ()
  
@@ -8,14 +8,18 @@
  INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status)
  INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE)
  INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples)
---- h2o-2.2.2/./lib/handler/configurator/proxy.c~	2017-04-23 06:26:35.000000000 +0300
-+++ h2o-2.2.2/./lib/handler/configurator/proxy.c	2017-09-29 15:27:40.468710510 +0300
-@@ -298,7 +298,7 @@
+--- h2o-2.2.2/lib/handler/configurator/proxy.c	2017-09-29 15:27:40.468710510 +0300
++++ h2o-2.2.2/lib/handler/configurator/proxy.c	2017-09-29 16:26:31.316113990 +0300
+@@ -298,11 +298,10 @@
      if (ctx->pathconf == NULL && ctx->hostconf == NULL) {
          /* is global conf, setup the default SSL context */
          self->vars->ssl_ctx = create_ssl_ctx();
 -        char *ca_bundle = h2o_configurator_get_cmd_path("share/h2o/ca-bundle.crt");
-+        char *ca_bundle = "/etc/certs/ca-certificates.crt";
++        const char *ca_bundle = "/etc/certs/ca-certificates.crt";
          if (SSL_CTX_load_verify_locations(self->vars->ssl_ctx, ca_bundle, NULL) != 1)
              fprintf(stderr, "Warning: failed to load the default certificates file at %s. Proxying to HTTPS servers may fail.\n",
                      ca_bundle);
+-        free(ca_bundle);
+         SSL_CTX_set_verify(self->vars->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+         h2o_cache_t *ssl_session_cache =
+             create_ssl_session_cache(H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_CAPACITY, H2O_DEFAULT_PROXY_SSL_SESSION_CACHE_DURATION);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/h2o.git/commitdiff/be673e616ff96006c2e5d721fb8b57b4c3a88696

