Package: libcurl4
Version: 7.63.0-1
Severity: important
Tags: patch
7.63.0-1 broke POST requests with Negotiation (Content-Length is
always 0). 7.62.0-1 is fine, so I bisected and found the offending
commit[0]. This commit has already been reverted upstream[1] so please
could you either include this revert or ask for a .1 point release and
upload that. I've attached a patch for the first option -- feel free
not to use it.
Thanks,
0. https://github.com/curl/curl/commit/07ebaf8378
1. https://github.com/curl/curl/pull/3275
--
Jonny Lamb
>From 8438ce5840116f3e1b3128abe6edb568a1e84001 Mon Sep 17 00:00:00 2001
From: Jonny Lamb <jo...@debian.org>
Date: Wed, 23 Jan 2019 11:47:32 +0000
Subject: [PATCH] Add 12_revert_http_negotiate.patch from upstream which
reverts changes which breaks HTTP Negotiate POST requests.
---
debian/changelog | 7 +++
debian/patches/12_revert_http_negotiate.patch | 87 +++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 95 insertions(+)
create mode 100644 debian/patches/12_revert_http_negotiate.patch
diff --git a/debian/changelog b/debian/changelog
index 60ce1ff..3816865 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+curl (7.63.0-2) UNRELEASED; urgency=medium
+
+ * Add 12_revert_http_negotiate.patch from upstream which reverts changes
+ which breaks HTTP Negotiate POST requests.
+
+ -- Jonny Lamb <jo...@debian.org> Wed, 23 Jan 2019 11:32:20 +0000
+
curl (7.63.0-1) unstable; urgency=medium
* New upstream release
diff --git a/debian/patches/12_revert_http_negotiate.patch
b/debian/patches/12_revert_http_negotiate.patch
new file mode 100644
index 0000000..646067e
--- /dev/null
+++ b/debian/patches/12_revert_http_negotiate.patch
@@ -0,0 +1,87 @@
+From ebe658c1e5a6577178981a7f406794699305be5c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <dan...@haxx.se>
+Date: Fri, 4 Jan 2019 23:34:50 +0100
+Subject: [PATCH] Revert "http_negotiate: do not close connection until
+ negotiation is completed"
+
+This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
+
+This also reopens PR #3275 which brought the change now reverted.
+
+Fixes #3384
+Closes #3439
+---
+ lib/http.c | 3 ++-
+ lib/http_negotiate.c | 10 +---------
+ 2 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index 8866fdf0a7..303535af6b 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2018, Daniel Stenberg, <dan...@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <dan...@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -616,6 +616,7 @@ output_auth_headers(struct connectdata *conn,
+ result = Curl_output_negotiate(conn, proxy);
+ if(result)
+ return result;
++ authstatus->done = TRUE;
+ negdata->state = GSS_AUTHSENT;
+ }
+ else
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index 444265d11f..4713d1bd5c 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <dan...@haxx.se>, et al.
++ * Copyright (C) 1998 - 2019, Daniel Stenberg, <dan...@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -49,7 +49,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool
proxy,
+
+ /* Point to the correct struct with this */
+ struct negotiatedata *neg_ctx;
+- struct auth *authp;
+
+ if(proxy) {
+ userp = conn->http_proxy.user;
+@@ -58,7 +57,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool
proxy,
+ data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
+ host = conn->http_proxy.host.name;
+ neg_ctx = &data->state.proxyneg;
+- authp = &conn->data->state.authproxy;
+ }
+ else {
+ userp = conn->user;
+@@ -67,7 +65,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool
proxy,
+ data->set.str[STRING_SERVICE_NAME] : "HTTP";
+ host = conn->host.name;
+ neg_ctx = &data->state.negotiate;
+- authp = &conn->data->state.authhost;
+ }
+
+ /* Not set means empty */
+@@ -98,11 +95,6 @@ CURLcode Curl_input_negotiate(struct connectdata *conn,
bool proxy,
+
+ if(result)
+ Curl_auth_spnego_cleanup(neg_ctx);
+- else
+- /* If the status is different than 0 and we encountered no errors
+- it means we have to continue. 0 is the OK value for both GSSAPI
+- (GSS_S_COMPLETE) and SSPI (SEC_E_OK) */
+- authp->done = !neg_ctx->status;
+
+ return result;
+ }
diff --git a/debian/patches/series b/debian/patches/series
index a42ff76..401aeb1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,7 @@
07_do-not-disable-debug-symbols.patch
08_enable-zsh.patch
11_omit-directories-from-config.patch
+12_revert_http_negotiate.patch
# do not add patches below
90_gnutls.patch
--
2.8.0.rc3.246.g6fcbb5e.dirty-twtrsrc