commit 15a6bc8e1353a0278a3ce54c1701380a0ff23538
from: Sergey Bronnikov <sergeyb@tarantool.org>
date: Tue Jun 18 13:57:02 2024 UTC

third_party: update libcurl from 8.6.0 to 8.7.1

The patch updates curl module to the version 8.7.1 [1][2] that
brings a number of functional and security fixes, and updates
CMake module for building curl library.

Security fixes:

- CVE-2024-2004: Usage of disabled protocol. (low)
- CVE-2024-2398: HTTP/2 push headers memory-leak. (medium)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL. (low)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS. (medium)

Changes in CMake module:

- Option `USE_OPENSSL_QUIC` was added and disabled by default [3]

Previous changelog entry has been removed because duplicate
entries about bumps in release changelog confuses end users.

The bump was blocked by a regression in libcurl [4][5].

1. https://curl.se/changes.html#8_7_1
2. https://github.com/curl/curl/compare/curl-8_6_0...curl-8_7_1
3. https://github.com/curl/curl/commit/8e741644a229c3791963b4f5cae1dcfccba842dd
4. https://curl.se/mail/lib-2024-03/0059.html
5. https://github.com/curl/curl/issues/13260

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

commit - ce4390285a76d3d95b26b735e1badd1788ec4e29
commit + 15a6bc8e1353a0278a3ce54c1701380a0ff23538
blob - bf03d48511f0d2616ab54d851ac28940085e9364 (mode 644)
blob + /dev/null
--- changelogs/unreleased/bump-libcurl-to-8.6.0.md
+++ /dev/null
@@ -1,3 +0,0 @@
-## bugfix/build
-
-* Updated libcurl to version 8.6.0.
blob - /dev/null
blob + 878a567091d1e5f4c9452d6a7a5f27d479e97343 (mode 644)
--- /dev/null
+++ changelogs/unreleased/bump-libcurl-to-8.7.0.md
@@ -0,0 +1,3 @@
+## bugfix/build
+
+* Updated libcurl to version 8.7.0.
blob - 0905becf29c9b346934df0dc038ebb658e8dd7a2
blob + 872058ec71c8b674b5796179118e8f3e85630606
--- cmake/BuildLibCURL.cmake
+++ cmake/BuildLibCURL.cmake
@@ -145,6 +145,7 @@ macro(curl_build)
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_NGTCP2=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_NGHTTP3=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_QUICHE=OFF")
+    list(APPEND LIBCURL_CMAKE_FLAGS "-DUSE_OPENSSL_QUIC=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DCURL_DISABLE_HTTP=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DCURL_DISABLE_PROXY=OFF")
     list(APPEND LIBCURL_CMAKE_FLAGS "-DENABLE_IPV6=ON")