From ee575fef51b193f9f2974efb938efafee6056c09 Mon Sep 17 00:00:00 2001
From: Sergey Bronnikov <sergeyb@tarantool.org>
Date: Tue, 17 Oct 2023 13:19:19 +0300
Subject: [PATCH] third_party: update libcurl from 8.3.0 to 8.4.0

The patch updates curl module to the version 8.4.0 [1] that brings a
number of functional fixes and security fix of SOCKS5 heap buffer
overflow (CVE-2023-38545), see description in [2] and commit
fb4415d8aee6 ("socks: return error if hostname too long for remote
resolve") in [3].

1. https://curl.se/changes.html#8_4_0
2. https://curl.se/docs/CVE-2023-38545.html
3. https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump
---
 changelogs/unreleased/bump-libcurl-to-8.4.0.md | 3 +++
 third_party/curl                               | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/bump-libcurl-to-8.4.0.md

diff --git a/changelogs/unreleased/bump-libcurl-to-8.4.0.md b/changelogs/unreleased/bump-libcurl-to-8.4.0.md
new file mode 100644
index 0000000000..578a55683e
--- /dev/null
+++ b/changelogs/unreleased/bump-libcurl-to-8.4.0.md
@@ -0,0 +1,3 @@
+## bugfix/build
+
+* Updated libcurl to version 8.4.0.
diff --git a/third_party/curl b/third_party/curl
index 6fa1d817e5..d755a5f7c0 160000
--- a/third_party/curl
+++ b/third_party/curl
@@ -1 +1 @@
-Subproject commit 6fa1d817e5b1a00d7d0c8168091877476b499317
+Subproject commit d755a5f7c009dd63a61b2c745180d8ba937cbfeb
-- 
GitLab