curl: upgrade to release 7.65.0

Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.

Apparently there's no code in LO that uses the CURLU_URLENCODE flag.

The other one, CVE-2019-5436, doesn't matter because we disable tftp.

Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>

2 files changed, 2 insertions, 12 deletions

diff --git a/download.lst b/download.lst
index 81b6dbda6516..8fbc74661141 100644
--- a/download.lst
+++ b/download.lst
@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
 export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5
-export CURL_TARBALL := curl-7.64.0.tar.gz
+export CURL_SHA256SUM := 7766d263929404f693905b5e5222aa0f2bdf8c66ab4b8758f0c0820a42b966cd
+export CURL_TARBALL := curl-7.65.0.tar.xz
 export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 002958c5528321edd53440235d3c44e71b5b1e09b9177e8daf677450b6c4433d
diff --git a/external/curl/zlib.patch.0 b/external/curl/zlib.patch.0
index b3e821039740..189e820d1afa 100644
--- a/external/curl/zlib.patch.0
+++ b/external/curl/zlib.patch.0
@@ -1,15 +1,5 @@
 --- configure
 +++ configure
-@@ -937,8 +937,8 @@
- ZLIB_LIBS
- HAVE_LIBZ_FALSE
- HAVE_LIBZ_TRUE
--HAVE_LIBZ
- PKGCONFIG
-+HAVE_LIBZ
- CURL_DISABLE_GOPHER
- CURL_DISABLE_SMTP
- CURL_DISABLE_SMB
 @@ -20709,7 +20709,6 @@
  clean_CPPFLAGS=$CPPFLAGS
  clean_LDFLAGS=$LDFLAGS