diff --git a/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch b/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch
new file mode 100644
index 0000000..e2b4ac1
--- /dev/null
+++ b/SOURCES/0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch
@@ -0,0 +1,169 @@
+From be17dc9d31e805c03372b690dde67838b3bfc12d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 24 May 2023 16:34:11 +0200
+Subject: [PATCH] libssh: when keyboard-interactive auth fails, try password
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The state machine had a mistake in that it would not carry on to that
+next step.
+
+This also adds a verbose output what methods that are available from the
+server and renames the macros that change to the next auth methods to
+try.
+
+Reported-by: 左潇峰
+Fixes #11196
+Closes #11197
+---
+ lib/vssh/libssh.c | 43 +++++++++++++++++++++++++++----------------
+ 1 file changed, 27 insertions(+), 16 deletions(-)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 7ebe61321419f..1cecb649cb623 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -565,7 +565,7 @@ static int myssh_is_known(struct Curl_easy *data)
+   break; \
+ }
+ 
+-#define MOVE_TO_LAST_AUTH \
++#define MOVE_TO_PASSWD_AUTH \
+   if(sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD) { \
+     rc = SSH_OK; \
+     state(data, SSH_AUTH_PASS_INIT); \
+@@ -575,25 +575,25 @@ static int myssh_is_known(struct Curl_easy *data)
+     MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED); \
+   }
+ 
+-#define MOVE_TO_TERTIARY_AUTH \
++#define MOVE_TO_KEY_AUTH \
+   if(sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE) { \
+     rc = SSH_OK; \
+     state(data, SSH_AUTH_KEY_INIT); \
+     break; \
+   } \
+   else { \
+-    MOVE_TO_LAST_AUTH; \
++    MOVE_TO_PASSWD_AUTH; \
+   }
+ 
+-#define MOVE_TO_SECONDARY_AUTH \
++#define MOVE_TO_GSSAPI_AUTH \
+   if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) { \
+     rc = SSH_OK; \
+     state(data, SSH_AUTH_GSSAPI); \
+     break; \
+   } \
+   else { \
+-    MOVE_TO_TERTIARY_AUTH; \
++    MOVE_TO_KEY_AUTH; \
+   }
+ 
+ static
+ int myssh_auth_interactive(struct connectdata *conn)
+@@ -740,6 +740,16 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+         }
+ 
+         sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
++        if(sshc->auth_methods)
++          infof(data, "SSH authentication methods available: %s%s%s%s",
++                sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY ?
++                "public key, ": "",
++                sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC ?
++                "GSSAPI, " : "",
++                sshc->auth_methods & SSH_AUTH_METHOD_INTERACTIVE ?
++                "keyboard-interactive, " : "",
++                sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD ?
++                "password": "");
+         if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
+           state(data, SSH_AUTH_PKEY_INIT);
+           infof(data, "Authentication using SSH public key file\n");
+@@ -761,8 +761,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+       }
+     case SSH_AUTH_PKEY_INIT:
+       if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY)) {
+-        MOVE_TO_SECONDARY_AUTH;
++        MOVE_TO_GSSAPI_AUTH;
+       }
+ 
+       /* Two choices, (1) private key was given on CMD,
+        * (2) use the "default" keys. */
+@@ -776,7 +776,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+           }
+ 
+           if(rc != SSH_OK) {
+-            MOVE_TO_SECONDARY_AUTH;
++            MOVE_TO_GSSAPI_AUTH;
+           }
+         }
+ 
+@@ -826,7 +836,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+           break;
+         }
+ 
+-        MOVE_TO_SECONDARY_AUTH;
++        MOVE_TO_GSSAPI_AUTH;
+       }
+       break;
+     case SSH_AUTH_PKEY:
+@@ -828,13 +828,13 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+       }
+       else {
+         infof(data, "Failed public key authentication (rc: %d)\n", rc);
+-        MOVE_TO_SECONDARY_AUTH;
++        MOVE_TO_GSSAPI_AUTH;
+       }
+       break;
+ 
+     case SSH_AUTH_GSSAPI:
+       if(!(data->set.ssh_auth_types & CURLSSH_AUTH_GSSAPI)) {
+-        MOVE_TO_TERTIARY_AUTH;
++        MOVE_TO_KEY_AUTH;
+       }
+ 
+       rc = ssh_userauth_gssapi(sshc->ssh_session);
+@@ -851,7 +851,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+         break;
+       }
+ 
+-      MOVE_TO_TERTIARY_AUTH;
++      MOVE_TO_KEY_AUTH;
+       break;
+ 
+     case SSH_AUTH_KEY_INIT:
+@@ -859,13 +859,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+         state(data, SSH_AUTH_KEY);
+       }
+       else {
+-        MOVE_TO_LAST_AUTH;
++        MOVE_TO_PASSWD_AUTH;
+       }
+       break;
+ 
+     case SSH_AUTH_KEY:
+-
+-      /* Authentication failed. Continue with keyboard-interactive now. */
++      /* keyboard-interactive authentication */
+       rc = myssh_auth_interactive(conn);
+       if(rc == SSH_AGAIN) {
+         break;
+@@ -873,13 +873,15 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+       if(rc == SSH_OK) {
+         sshc->authed = TRUE;
+         infof(data, "completed keyboard interactive authentication\n");
++        state(data, SSH_AUTH_DONE);
++      }
++      else {
++        MOVE_TO_PASSWD_AUTH;
+       }
+-      state(data, SSH_AUTH_DONE);
+       break;
+ 
+     case SSH_AUTH_PASS_INIT:
+       if(!(data->set.ssh_auth_types & CURLSSH_AUTH_PASSWORD)) {
+-        /* Host key authentication is intentionally not implemented */
+         MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED);
+       }
+       state(data, SSH_AUTH_PASS);
diff --git a/SOURCES/0032-curl-7.76.1-CVE-2023-38545.patch b/SOURCES/0033-curl-7.76.1-CVE-2023-38545.patch
similarity index 100%
rename from SOURCES/0032-curl-7.76.1-CVE-2023-38545.patch
rename to SOURCES/0033-curl-7.76.1-CVE-2023-38545.patch
diff --git a/SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch b/SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch
similarity index 98%
rename from SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch
rename to SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch
index 770ff68..36b9afc 100644
--- a/SOURCES/0033-curl-7.61.1-CVE-2023-38546.patch
+++ b/SOURCES/0034-curl-7.76.1-CVE-2023-38546.patch
@@ -102,7 +102,7 @@ index b3c0063b2cfb2..41e9e7a6914e0 100644
  
 -  char *filename;  /* file we read from/write to */
 -  long numcookies; /* number of cookies in the "jar" */
-+  int numcookies;  /* number of cookies in the "jar" */
++  int numcookies; /* number of cookies in the "jar" */
    bool running;    /* state info, for cookie adding information */
    bool newsession; /* new session, discard session cookies on load */
    int lastct;      /* last creation-time used in the jar */
diff --git a/SOURCES/0034-curl-7.61.1-64K-sftp.patch b/SOURCES/0035-curl-7.76.1-64K-sftp.patch
similarity index 100%
rename from SOURCES/0034-curl-7.61.1-64K-sftp.patch
rename to SOURCES/0035-curl-7.76.1-64K-sftp.patch
diff --git a/SOURCES/0035-curl-7.76.1-CVE-2023-46218.patch b/SOURCES/0036-curl-7.76.1-CVE-2023-46218.patch
similarity index 100%
rename from SOURCES/0035-curl-7.76.1-CVE-2023-46218.patch
rename to SOURCES/0036-curl-7.76.1-CVE-2023-46218.patch
diff --git a/SPECS/curl.spec b/SPECS/curl.spec
index ab0e6c3..4ab8cee 100644
--- a/SPECS/curl.spec
+++ b/SPECS/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.76.1
-Release: 26%{?dist}.3
+Release: 29%{?dist}
 License: MIT
 Source: https://curl.se/download/%{name}-%{version}.tar.xz
 
@@ -95,17 +95,20 @@ Patch30:  0030-curl-7.76.1-CVE-2023-28322.patch
 # fix host name wildcard checking
 Patch31:  0031-curl-7.76.1-CVE-2023-28321.patch
 
-# return error if hostname too long for remote resolve (CVE-2023-38545)
-Patch32:  0032-curl-7.76.1-CVE-2023-38545.patch
+# when keyboard-interactive auth fails, try password
+Patch32:  0032-curl-7.76.1-password-when-keyboard-interactive-fails.patch
+
+# return error if hostname too long for remote resolve
+Patch33:  0033-curl-7.76.1-CVE-2023-38545.patch
 
 # fix cookie injection with none file (CVE-2023-38546)
-Patch33:  0033-curl-7.61.1-CVE-2023-38546.patch
+Patch34:  0034-curl-7.76.1-CVE-2023-38546.patch
 
-# cap SFTP packet size sent (RHEL-14837)
-Patch34:  0034-curl-7.61.1-64K-sftp.patch
+# cap SFTP packet size sent (RHEL-14697)
+Patch35:  0035-curl-7.76.1-64K-sftp.patch
 
 # lowercase the domain names before PSL checks (CVE-2023-46218)
-Patch35:  0035-curl-7.76.1-CVE-2023-46218.patch
+Patch36:  0036-curl-7.76.1-CVE-2023-46218.patch
 
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
@@ -316,6 +319,7 @@ be installed.
 %patch33 -p1
 %patch34 -p1
 %patch35 -p1
+%patch36 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -541,15 +545,17 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
-* Tue Nov 28 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26.el9_3.3
-- cap SFTP packet size sent (RHEL-14837)
+* Wed Mar 6 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-29
+- rebuild for 9.4 GA
+
+* Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28
+- return error if hostname too long for remote resolve (CVE-2023-38545)
+- fix cookie injection with none file (CVE-2023-38546)
+- cap SFTP packet size sent (RHEL-14697)
 - lowercase the domain names before PSL checks (CVE-2023-46218)
 
-* Thu Oct 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26.el9_3.2
-- fix cookie injection with none file (CVE-2023-38546)
-
-* Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26.el9_3.1
-- socks: return error if hostname too long for remote resolve (CVE-2023-38545)
+* Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27
+- when keyboard-interactive auth fails, try password (#2229800)
 
 * Mon Jun 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26
 - unify the upload/method handling (CVE-2023-28322)