Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-44684

Incorrect backport of BZ 2229800 introduced in 8.10 curl

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10.z
    • rhel-8.10
    • curl
    • None
    • curl-7.61.1-34.el8_10.1
    • Yes
    • Important
    • Regression, EasyFix
    • sst_cs_plumbers
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • All
    • None

      What were you trying to do that didn't work?

      A customer found that after updating curl to 7.61.1-34.el8 his SFTP transfers were failing in timeout, compared to 7.61.1-33.el8_9.5. This occurs with KbdInteractiveAuthentication method.

      It appears that latest 7.61.1-34.el8 code has a bug in patch 0053-curl-7.61.1-password-when-keyboard-interactive-fails.patch as shown while diff'ing patched source:

      diff -u rhel-8.9.0/curl-7.61.1/lib/ssh-libssh.c rhel-8-main/curl-7.61.1/lib/ssh-libssh.c
      --- rhel-8.9.0/curl-7.61.1/lib/ssh-libssh.c	2024-06-24 13:04:47.862554640 +0200
      +++ rhel-8-main/curl-7.61.1/lib/ssh-libssh.c	2024-06-24 13:11:13.138882108 +0200
      @@ -759,7 +759,7 @@
             if(rc == SSH_OK) {
               sshc->authed = TRUE;
               infof(data, "completed keyboard interactive authentication\n");
      -        state(conn, SSH_AUTH_DONE);
      +        state(data, SSH_AUTH_DONE);
      

      Here above state() function is changing data variable instead of conn, which doesn't make sense.

      Please provide the package NVR for which bug is seen:

      curl-7.61.1-34.el8

      How reproducible:

      Always on customer system

            jmigacz@redhat.com Jacek Migacz
            rhn-support-rmetrich Renaud Métrich
            Jacek Migacz Jacek Migacz
            Daniel Rusek Daniel Rusek
            Votes:
            3 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: