libcurl (and therefore curl) < 7.18.1 segfaults when trying to reuse a connection after performing negotiate-auth. This bug is reproducible by attempting to pull down any negotiate-auth-protected URL twice in a single command: curl --negotiate -u : https://example.com/ https://example.com/ No workaround is possible, since curl does not provide any options to prevent connection reuse. RHEL 5.3 includes curl-7.15.5-2.1.el5_3.4, which is affected by this bug. I'd like to request a backport of the upstream fix for this bug, first posted to the curl-library mailing list here: http://curl.haxx.se/mail/lib-2008-02/0308.html And applied to curl CVS with these commits: http://cool.haxx.se/cvs.cgi/curl/lib/http_negotiate.c.diff?r1=1.24&r2=1.25 http://cool.haxx.se/cvs.cgi/curl/lib/http.c.diff?r1=1.364&r2=1.365
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0273.html