Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.10
Component/s: curl
Labels:
None

Fixed in Build:
curl-7.61.1-34.el8_10.1
Regression:
Yes
Severity:
Important
Keywords:

Regression, EasyFix

Pool Team:

sst_cs_plumbers
Sub-System Group:

ssg_core_services

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/136968
Test Coverage:
None

Experience:
Architecture:

All

PX Impact Score:
PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

A customer found that after updating curl to 7.61.1-34.el8 his SFTP transfers were failing in timeout, compared to 7.61.1-33.el8_9.5. This occurs with KbdInteractiveAuthentication method.

It appears that latest 7.61.1-34.el8 code has a bug in patch 0053-curl-7.61.1-password-when-keyboard-interactive-fails.patch as shown while diff'ing patched source:

diff -u rhel-8.9.0/curl-7.61.1/lib/ssh-libssh.c rhel-8-main/curl-7.61.1/lib/ssh-libssh.c
--- rhel-8.9.0/curl-7.61.1/lib/ssh-libssh.c	2024-06-24 13:04:47.862554640 +0200
+++ rhel-8-main/curl-7.61.1/lib/ssh-libssh.c	2024-06-24 13:11:13.138882108 +0200
@@ -759,7 +759,7 @@
       if(rc == SSH_OK) {
         sshc->authed = TRUE;
         infof(data, "completed keyboard interactive authentication\n");
-        state(conn, SSH_AUTH_DONE);
+        state(data, SSH_AUTH_DONE);

Here above state() function is changing data variable instead of conn, which doesn't make sense.

Please provide the package NVR for which bug is seen:

curl-7.61.1-34.el8

How reproducible:

Always on customer system

links to

KCS

RHBA-2024:136968 curl update

RHBA-2024:137782 updated ubi8-minimal container image

RHBA-2024:137812 updated rhel8/grafana container image

RHBA-2024:137813 updated rhel8/buildah container image

RHBA-2024:137814 updated rhel8/cups container image

RHBA-2024:137816 updated Red Hat Enterprise Linux 8 container images

RHBA-2024:137817 updated rhel8/gcc-toolset-12-toolchain container image

RHBA-2024:137818 updated rhel8/gcc-toolset-13-toolchain container image

RHBA-2024:137819 updated rhel8/go-toolset container image

RHBA-2024:137820 updated rhel8/memcached container image

RHBA-2024:137821 updated rhel8/net-snmp container image

RHBA-2024:137822 updated rhel8/pcp container image

RHBA-2024:137823 updated rhel8/podman container image

RHBA-2024:137824 updated Red Hat Enterprise Linux 8 container images

RHBA-2024:137825 updated rhel8/rsyslog container image

RHBA-2024:137826 updated rhel8/skopeo container image

RHBA-2024:137827 updated rhel8/support-tools container image

RHBA-2024:137828 updated rhel8/tang container image

RHBA-2024:137829 updated toolbox-container container image

RHBA-2024:137830 updated ubi8/ubi8-init container image

(16 links to)

Assignee:: Jacek Migacz

Reporter:: Renaud Métrich

Developer:: Jacek Migacz

QA Contact:: Daniel Rusek

Votes:: 3 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2024/06/24 1:28 PM

Updated:: 2024/10/16 2:39 AM

Resolved:: 2024/08/20 6:15 PM

Release Date:: 2024/09/09

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Attachments

Issue Links

Activity

People

Dates