- prefer `--branch` over `-b`, where missing.
- add `--depth 1` where missing.
- sync option order between docs and GHA.
- bump quiche and rustls-ffi versions in documentation.
- ECH.md: update for OpenSSL 4.
Closes#21447
Pass all operations parameters to a SOCKS filter at creation
time, not relying on "global" connectdata values.
Eliminate modifications to `conn->ip_version` when local resolving
for SOCKS4.
Do not retrieve the socket for GSSAPI blocking calls from connectdata,
but from the filters "below" the SOCKS one.
Closes#21436
failf() needs an easy handle to work. This change removes the call since
there is normnally nowhere to show the output if init fails.
Bonus: improve language in an infof() call
Spotted by Copilot
Closes#21441
Necessary when the libssh2/libssh client library does not support KEX
algos offered by default by the OpenSSH server. E.g. libssh2 with WinCNG
combined with OpenSSH 10+.
Also: use this option in GHA/windows.
Follow-up to 3b8bb1a86a#21219
Follow-up to c98d0a2e9a#21220Closes#21438
Several mbedTLS resources (entropy/CTR-DRBG, CA/client certs, keys, CRL)
are initialized and may allocate memory before initialized is set, and
must still be cleaned up.
Follow-up to 1c4813c769
Caught by Codex Security
Closes#21440
So that CURLcode failure is correct and not figured out later via
`conn->bits.proxy`. Add the flag to the async struct.
`for_proxy` is figured out by the caller of Curl_resolv() when it
figures out which host/proxy name it wants the addresses for.
Remove CONN_IS_PROXIED macro as no longer needed.
Closes#21423
Before this fix, Curl_tls_keylog_open() assigned the environment
variable result to a global keylog_file_name without freeing any prior
allocation. If the file cannot be opened (e.g., permission error)
keylog_file_fp stays NULL, so subsequent calls to Curl_tls_keylog_open
will overwrite keylog_file_name and leak the previous allocation.
Spotted by Codex Security
Closes#21427
Since we have a new struct instance for each async operation now and
async operation may happen in parallel, remove the connection bit
indicating doh is in progress.
Closes#21422
When trying to connect a pending transfer, remember the `mid` that was
last reactivated and start looking for future pending handles from the
last one forward through the pending bitset.
Background: when many pending handles exist, iterating the bitset always
from the start may become unfair to transfers that were assigned higher
`mid` values.
Fixes#21396
Reported-by: Juan Belón
Closes#21412
- unify the query and fragment separator logic
- read the bitflags directly instead of via a temp variable
- narrow the scope of a few variables
Closes#21417
Due to year-long unreliability.
The default Ubuntu mirror works as fast as the Azure one when it's
working at its normal speed. And has HTTPS.
Also:
- replac the retry hack that turn out to not solve the problem.
- add timeouts to each download step to catch slowness early.
Follow-up to a5838847c4#21181
Follow-up to 5172ba5475#21107Closes#21414
GitHub runners are getting new 3rd-party sources frequntly now, last
week `docker.list`, this week: `google-chrome.sources`. To avoid
playing catch up, allowlist the only one we use: `ubuntu.sources`. If
this is renamed, CI would break. Let's hope this happens much less
often than new sources.
Bug: https://github.com/curl/curl/pull/21414#issuecomment-4297788640
Follow-up to 3e0e2cc1ab#21344Closes#21416
When starting an c-ares query, the provided callback may be invoked
right away, leading to a decrement of `queries_ongoing`. Increment
the counter *before* call c-ares. Otherwise, the `async->done` bit
is not properly set.
Closes#21399
As 'flags' may already have been set to something when
parse_conversion() is called, make sure to only OR the new flags.
Follow-up to 4e0bfd8cf7Closes#21398
- httpsrr: drop redundant checks.
Follow-up to 809dda3a37#21354
- httpsrr.h: drop obsolete comment.
Follow-up to 2b3dfb4ad4#21175
- ws: drop redundant check in `curl_ws_start_frame()`.
Follow-up to 37cecfc7b9#17683
- ws: fix typo in comment.
- tool_operate: fix VMS build. (broken since 2019-07-20, v7.66.0)
Follow-up to b889408500#3804
Pointed out by Copilot Code Quality
Closes#21393
- introduce 'struct when' to hold the parser result
- initwhen() initializes a 'struct when'
- datestring() parses strings
- datenum() parses numbers
- datecheck() does some final checks
- tzadjust() adds the time zone offset
- convert math to 64 bit, squeeze into time_t only in the last step,
mktimet() does the time_t storing
Closes#21394
Seen with unity, H3, wolfssl with `HAVE_EX_DATA`.
Fixing:
```
lib/vtls/wolfssl.c:412:10: error: no previous prototype for function 'Curl_wssl_cache_session' [-Wmissing-prototypes]
412 | CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
| ^
lib/vtls/wolfssl.c:412:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
412 | CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
| ^
| static
1 error generated.
```
Follow-up to cc5c1553fb#19852Closes#21392
