Created attachment 166316 [details] resolves double free issue in http.c The patch in PR 194483 introduced a double free. Here's a patch to fix it.
I have committed the proposed patch to the pkg master tree, thank you!
A commit references this bug: Author: des Date: Thu Feb 11 17:48:15 UTC 2016 New revision: 295536 URL: https://svnweb.freebsd.org/changeset/base/295536 Log: Fix double-free error: r289419 moved all error handling in http_connect() to the end of the function, but did not remove a fetch_close() call which was made redundant by the one in the shared error-handling code. PR: 206774 Submitted by: Christian Heckendorf <heckendorfc@gmail.com> MFC after: 3 days Changes: head/lib/libfetch/http.c
A commit references this bug: Author: des Date: Wed Feb 17 11:40:03 UTC 2016 New revision: 295692 URL: https://svnweb.freebsd.org/changeset/base/295692 Log: MFH (r295536): fix double-free error when SSL connection fails PR: 206774 Submitted by: Christian Heckendorf <heckendorfc@gmail.com> Approved by: re (glebius) Changes: _U stable/10/ stable/10/lib/libfetch/http.c
A commit references this bug: Author: des Date: Sat Feb 20 13:36:25 UTC 2016 New revision: 295840 URL: https://svnweb.freebsd.org/changeset/base/295840 Log: MFH (r273114, r273124): turn SSLv3 off by default MFH (r294326): fall back to standard / configured CA store MFH (r295536): fix double-free when SSL connection fails PR: 193871 206774 Changes: _U stable/9/ _U stable/9/lib/ _U stable/9/lib/libfetch/ stable/9/lib/libfetch/common.c stable/9/lib/libfetch/fetch.3 stable/9/lib/libfetch/http.c _U stable/9/usr.bin/ _U stable/9/usr.bin/fetch/