Bug 1118751
Summary: | Endless loop with GSSAPI authentication to proxy | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Woodhouse <dwmw2> |
Component: | curl | Assignee: | Kamil Dudka <kdudka> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | kdudka, paul |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | curl-7.32.0-12.fc20 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-08-03 01:57:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Woodhouse
2014-07-11 13:03:33 UTC
Thanks for the pointer and the patches. I would prefer to wait till they are merged upstream before submitting updates for stable releases though. That makes perfect sense. The patches are now merged upstream. They are included in curl-7.37.1-1.fc22 for now, will consider backport later... There is a possible regression of bug #1093348, which is being discussed upstream: http://curl.haxx.se/mail/lib-2014-07/0207.html Yeah, I wish I could remember which server I was using when I saw bug 1093348 :) I still can't find the original server but I've set up something to emulate it and retested with the latest curl code. It still behaves correctly... or as well as it did before, at least :) It's still using the *first* Negotiate response, where using the non-empty one might make more sense. But that's not a regression. Thanks for checking it! Do you want to backport some additional patches on top of the original patchset then? http://pkgs.fedoraproject.org/cgit/curl.git/tree/0001-curl-7.37.1-gssapi.patch?id=8490cd97 No need for anything more at the moment; I think that patch set captures everything that's important. Michael O is working on some other improvements but they are mostly cosmetic. I've just done a test build of your 7.37.1-1.fc22 package locally and it seems to be working correctly for me — Negotiate auth is sanely falling back to GSS-NTLMSSP etc. Thanks. curl-7.32.0-12.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/curl-7.32.0-12.fc20 Package curl-7.32.0-12.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing curl-7.32.0-12.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9070/curl-7.32.0-12.fc20 then log in and leave karma (feedback). curl-7.32.0-12.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |