third_party: update libcurl from 8.6.0 to 8.7.1

The patch updates curl module to the version 8.7.1 [1][2] that brings a number of functional and security fixes, and updates CMake module for building curl library. Security fixes: - CVE-2024-2004: Usage of disabled protocol. (low) - CVE-2024-2398: HTTP/2 push headers memory-leak. (medium) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL. (low) - CVE-2024-2466: TLS certificate check bypass with mbedTLS. (medium) Changes in CMake module: - Option `USE_OPENSSL_QUIC` was added and disabled by default [3] Changelog entry has been removed because duplicate entries about bumps confuses end users. 1. https://curl.se/changes.html#8_7_1 2. curl/curl@curl-8_6_0...curl-8_7_1 3. curl/curl@8e74164 NO_DOC=libcurl submodule bump NO_CHANGELOG=libcurl submodule bump NO_TEST=libcurl submodule bump
tarantool · Mar 28, 2024 · 7275216 · 7275216
1 parent 1c9b749
commit 7275216
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 4 deletions.
diff --git a/changelogs/unreleased/bump-libcurl-to-8.6.0.md b/changelogs/unreleased/bump-libcurl-to-8.6.0.md
diff --git a/changelogs/unreleased/bump-libcurl-to-8.7.0.md b/changelogs/unreleased/bump-libcurl-to-8.7.0.md
@@ -0,0 +1,3 @@
+## bugfix/build
+
+* Updated libcurl to version 8.7.0.
diff --git a/cmake/BuildLibCURL.cmake b/cmake/BuildLibCURL.cmake
@@ -145,6 +145,7 @@ macro(curl_build)
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_NGTCP2=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_NGHTTP3=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_QUICHE=OFF")
+    list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_OPENSSL_QUIC=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DCURL_DISABLE_HTTP=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DCURL_DISABLE_PROXY=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DENABLE_IPV6=ON")

diff --git a/third_party/curl b/third_party/curl