Fix to create the top directory `foo` when specified as
`X:foo\bar\filename`, on Windows and MS-DOS. Add test to verify.
Caught by Codex Security
Follow-up to 787ee935ac#16566Closes#21449
To avoid difficult to track down crashes when a tested function ends up
outputing a message via `errorf()`, `warnf()` or siblings.
Cherry-picked from #21449Closes#21454
- prefer `--branch` over `-b`, where missing.
- add `--depth 1` where missing.
- sync option order between docs and GHA.
- bump quiche and rustls-ffi versions in documentation.
- ECH.md: update for OpenSSL 4.
Closes#21447
Pass all operations parameters to a SOCKS filter at creation
time, not relying on "global" connectdata values.
Eliminate modifications to `conn->ip_version` when local resolving
for SOCKS4.
Do not retrieve the socket for GSSAPI blocking calls from connectdata,
but from the filters "below" the SOCKS one.
Closes#21436
failf() needs an easy handle to work. This change removes the call since
there is normnally nowhere to show the output if init fails.
Bonus: improve language in an infof() call
Spotted by Copilot
Closes#21441
Necessary when the libssh2/libssh client library does not support KEX
algos offered by default by the OpenSSH server. E.g. libssh2 with WinCNG
combined with OpenSSH 10+.
Also: use this option in GHA/windows.
Follow-up to 3b8bb1a86a#21219
Follow-up to c98d0a2e9a#21220Closes#21438
Several mbedTLS resources (entropy/CTR-DRBG, CA/client certs, keys, CRL)
are initialized and may allocate memory before initialized is set, and
must still be cleaned up.
Follow-up to 1c4813c769
Caught by Codex Security
Closes#21440
So that CURLcode failure is correct and not figured out later via
`conn->bits.proxy`. Add the flag to the async struct.
`for_proxy` is figured out by the caller of Curl_resolv() when it
figures out which host/proxy name it wants the addresses for.
Remove CONN_IS_PROXIED macro as no longer needed.
Closes#21423
Before this fix, Curl_tls_keylog_open() assigned the environment
variable result to a global keylog_file_name without freeing any prior
allocation. If the file cannot be opened (e.g., permission error)
keylog_file_fp stays NULL, so subsequent calls to Curl_tls_keylog_open
will overwrite keylog_file_name and leak the previous allocation.
Spotted by Codex Security
Closes#21427
Since we have a new struct instance for each async operation now and
async operation may happen in parallel, remove the connection bit
indicating doh is in progress.
Closes#21422
When trying to connect a pending transfer, remember the `mid` that was
last reactivated and start looking for future pending handles from the
last one forward through the pending bitset.
Background: when many pending handles exist, iterating the bitset always
from the start may become unfair to transfers that were assigned higher
`mid` values.
Fixes#21396
Reported-by: Juan Belón
Closes#21412
- unify the query and fragment separator logic
- read the bitflags directly instead of via a temp variable
- narrow the scope of a few variables
Closes#21417
Due to year-long unreliability.
The default Ubuntu mirror works as fast as the Azure one when it's
working at its normal speed. And has HTTPS.
Also:
- replac the retry hack that turn out to not solve the problem.
- add timeouts to each download step to catch slowness early.
Follow-up to a5838847c4#21181
Follow-up to 5172ba5475#21107Closes#21414
GitHub runners are getting new 3rd-party sources frequntly now, last
week `docker.list`, this week: `google-chrome.sources`. To avoid
playing catch up, allowlist the only one we use: `ubuntu.sources`. If
this is renamed, CI would break. Let's hope this happens much less
often than new sources.
Bug: https://github.com/curl/curl/pull/21414#issuecomment-4297788640
Follow-up to 3e0e2cc1ab#21344Closes#21416
