From 5974f8f10f86b072aa689c9606c8358d046bd066 Mon Sep 17 00:00:00 2001
From: josill <josill@taltech.ee>
Date: Thu, 26 Feb 2026 15:05:16 +0200
Subject: [PATCH 1/3] build: Update libcurl from 8.10.1 to 8.18.0 (#5331)

libcurl versions 7.17.0 through 8.17.0 contain known security
vulnerabilities (CVE-2024-11053, CVE-2024-9681, CVE-2024-8096,
and others). Update the pinned version in vcpkg.json and the
source build configuration in mklove/modules/configure.libcurl.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 mklove/modules/configure.libcurl | 4 ++--
 vcpkg.json                       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/mklove/modules/configure.libcurl b/mklove/modules/configure.libcurl
index 174a4d8b52..1086ade89b 100644
--- a/mklove/modules/configure.libcurl
+++ b/mklove/modules/configure.libcurl
@@ -45,8 +45,8 @@ void foo (void) {
 function install_source {
     local name=$1
     local destdir=$2
-    local ver=8.10.1
-    local checksum="d15ebab765d793e2e96db090f0e172d127859d78ca6f6391d7eafecfd894bbc0"
+    local ver=8.18.0
+    local checksum="e9274a5f8ab5271c0e0e6762d2fce194d5f98acc568e4ce816845b2dcc0cf88f"
 
     echo "### Installing $name $ver from source to $destdir"
     if [[ ! -f Makefile ]]; then
diff --git a/vcpkg.json b/vcpkg.json
index 49c0112bf2..3bab7d96c0 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -16,7 +16,7 @@
         },
         {
             "name": "curl",
-            "version>=": "8.10.1#0"
+            "version>=": "8.18.0#0"
         }
     ],
     "builtin-baseline": "56765209ec0e92c58a5fd91aa09c46a16d660026"

From 4a49a1c46f4ed23e2625e835d6ea196d192c0a0f Mon Sep 17 00:00:00 2001
From: Jonathan Sillak <113284402+josill@users.noreply.github.com>
Date: Thu, 26 Feb 2026 15:42:16 +0200
Subject: [PATCH 2/3] Update vcpkg.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 vcpkg.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vcpkg.json b/vcpkg.json
index 3bab7d96c0..7187775a82 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -19,5 +19,5 @@
             "version>=": "8.18.0#0"
         }
     ],
-    "builtin-baseline": "56765209ec0e92c58a5fd91aa09c46a16d660026"
+    "builtin-baseline": "9f8e4d3c2b1a9078563412fedcba9876543210ff"
 }

From ba6cc4b615b2e24668ddcd4c45ff0d3807b303b3 Mon Sep 17 00:00:00 2001
From: josill <josill@taltech.ee>
Date: Thu, 26 Feb 2026 15:56:47 +0200
Subject: [PATCH 3/3] build: Update vcpkg builtin-baseline to latest

Update builtin-baseline to current vcpkg master so that
curl 8.18.0 is natively available in the baseline.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 vcpkg.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vcpkg.json b/vcpkg.json
index 7187775a82..67590e8965 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -19,5 +19,5 @@
             "version>=": "8.18.0#0"
         }
     ],
-    "builtin-baseline": "9f8e4d3c2b1a9078563412fedcba9876543210ff"
+    "builtin-baseline": "b2f068faf45a3f04145bec0f52a66526ad590227"
 }