mirror of
https://github.com/curl/curl.git
synced 2026-04-14 22:01:41 +03:00
e127f8ce84
Bumping `msys2/setup-msys2` from 2.30.0 to 2.31.0 also brought libssh 0.12.0 (after 0.11.3). libssh has been long known for loading OpenSSH configuration from disk insecurely on Windows. 0.12.0 brings some fixes to this (CVE-2025-14821), which in turn may be changing its behavior on the default GH Windows runner to fail all curl SCP/SFTP tests. Detecting what is the exact root cause, then defining exact runtime conditions for it is difficult and fragile. Same for changing these libssh defaults (if at all possible.) But, since configuration loading remains insecure and broken on Windows even after the mitigations made by 0.12.0 [0], this patch removes libssh from the Windows CI job using it previously. If someone figures out how to run in CI, it can be readded, though in general, using libssh on Windows seems to be less than ideal. [0] |
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| scripts | ||
| workflows | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| dependabot.yml | ||
| FUNDING.yml | ||
| labeler.yml | ||
| lock.yml | ||
| stale.yml | ||