From 9dd5d73f3b1c0fcae0ff35500e09e3c3574b2460 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: May 09 2019 08:08:03 +0000 Subject: do not treat failure of gss_init_sec_context() with --negotiate as fatal This commit fixes a major incompatibility introduced in curl-7.64.1. Bug: https://github.com/curl/curl/issues/3726 --- diff --git a/0001-curl-7.64.1-negotiate-without-ticket.patch b/0001-curl-7.64.1-negotiate-without-ticket.patch new file mode 100644 index 0000000..125ee54 --- /dev/null +++ b/0001-curl-7.64.1-negotiate-without-ticket.patch @@ -0,0 +1,68 @@ +From f7c66081721ac54f68457f07994487f416db383f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 6 May 2019 14:16:35 +0200 +Subject: [PATCH] spnego_gssapi: fix return code on gss_init_sec_context() + failure + +Fixes #3726 +Closes #3849 + +Upstream-commit: f65845c1eccc02385cdfb22bf2e521e670f7b295 +Signed-off-by: Kamil Dudka +--- + lib/vauth/spnego_gssapi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c +index 7c4bd4b59..de8bde2ba 100644 +--- a/lib/vauth/spnego_gssapi.c ++++ b/lib/vauth/spnego_gssapi.c +@@ -170,7 +170,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, + Curl_gss_log_error(data, "gss_init_sec_context() failed: ", + major_status, minor_status); + +- return CURLE_OUT_OF_MEMORY; ++ return CURLE_LOGIN_DENIED; + } + + if(!output_token.value || !output_token.length) { +-- +2.20.1 + +From ce0dbcf6f028c84adf4ff3704c04a09d4450a596 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 6 May 2019 14:32:00 +0200 +Subject: [PATCH] http_negotiate: do not treat failure of + gss_init_sec_context() as fatal + +Fixes #3726 +Closes #3849 + +Upstream-commit: f4603708af08f454bca8b74095d0af40a4516512 +Signed-off-by: Kamil Dudka +--- + lib/http_negotiate.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c +index 9415236fb..201c3a785 100644 +--- a/lib/http_negotiate.c ++++ b/lib/http_negotiate.c +@@ -143,7 +143,13 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) + } + if(!neg_ctx->context) { + result = Curl_input_negotiate(conn, proxy, "Negotiate"); +- if(result) ++ if(result == CURLE_LOGIN_DENIED) { ++ /* negotiate auth failed, let's continue unauthenticated to stay ++ * compatible with the behavior before curl-7_64_0-158-g6c6035532 */ ++ conn->data->state.authproblem = TRUE; ++ return CURLE_OK; ++ } ++ else if(result) + return result; + } + +-- +2.20.1 + diff --git a/curl.spec b/curl.spec index 347018f..4f4198d 100644 --- a/curl.spec +++ b/curl.spec @@ -1,10 +1,13 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.64.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz +# do not treat failure of gss_init_sec_context() with --negotiate as fatal +Patch1: 0001-curl-7.64.1-negotiate-without-ticket.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -171,6 +174,7 @@ be installed. %setup -q # upstream patches +%patch1 -p1 # Fedora patches %patch101 -p1 @@ -346,6 +350,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %changelog +* Thu May 09 2019 Kamil Dudka - 7.64.1-2 +- do not treat failure of gss_init_sec_context() with --negotiate as fatal + * Wed Mar 27 2019 Kamil Dudka - 7.64.1-1 - new upstream release