libcurl3-gnutls in cosmic breaks git with Azure DevOps

Bug #1805203 reported by Mark Inderhees on 2018-11-26
40
This bug affects 8 people
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
High
Unassigned

Bug Description

* Impact
Git auth fails when trying to work with an Azure DevOps repository

* Test case
Try to git clone from an Azure DevOps repository using a Personal Access Token
The clone should work and not fail on an authentification error

* Regression potential
The diff is in the curl http code, it would be good to test a few rdepends to make sure they have no regression

--------------------------------------------

The version of libcurl3-gnutls in cosmic (7.61.0) causes authentication failures with Azure DevOps. This causes all git operations with the server to fail (eg clone, push, pull). For details see this curl bug: https://github.com/curl/curl/pull/2754

To work around this I downgraded libcurl3-gnutls to the version in bionic (7.58.0)

From the curl change list https://curl.haxx.se/changes.html#7_61_1, this issue should be fixed in package version 7.61.1 or above.

Request: please upgrade package in cosmic for libcurl3-gnutls to 7.61.1 or above

Details:
1 - Ubuntu 18.10
2 - libcurl3-gnutls (7.61.0-1ubuntu2.2 and others)
3 - Be able to git clone from an Azure DevOps repository using a Personal Access Token
4 - git operations fail to authenticate

Thank you,
Mark

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in curl (Ubuntu):
status: New → Confirmed
Johannes (johannes-schindelin) wrote :

I am the author of https://github.com/curl/curl/pull/2754 (which is the bug fix Mark talks about), and I can confirm that the upgrade is necessary to fix that bug.

Mark Inderhees (markind-msft) wrote :

Someone contacted me and requested the steps for the work around. Sharing here:

First, you need to add the bionic security repository to your apt sources list
$ sudo vim /etc/apt/sources.list
Add this line:
deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted

Update packages
$ sudo apt-get update

Then you need to downgrade libcurl3-gnutls:
$ sudo apt-get install libcurl3-gnutls=7.58.0*

As security packages are updated automatically by Ubuntu on a daily basis, you'll need to re-run this last command to downgrade libcurl3-gnutls every morning.

Mikhail Shevtsov (mesouug) wrote :

Faced same issue and solved by downgrading.

To avoid upgrade of package and adding bionic-security to sources list One can do:
1. Manually download package from https://packages.ubuntu.com/bionic/libcurl3-gnutls
2. Install libcurl3-gnutls with dpkg -i libcurl3-gnutls*.deb
3. Lock package version with apt-mark hold libcurl3-gnutls
4. Once update will be pushed just unlock package with apt-mark unhold libcurl3-gnutls

Sebastien Bacher (seb128) wrote :

That's fixed to disco, upload a SRU backport to cosmic now

Changed in curl (Ubuntu):
importance: Undecided → High
status: Confirmed → Fix Released
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers