curl: Upgrade 8.6.0 -> 8.7.1

This includes 4 security fixes:

CVE-2024-2466 - TLS certificate check bypass with mbedTLS
CVE-2024-2398 - HTTP/2 push headers memory-leak
CVE-2024-2379 - QUIC certificate check bypass with wolfSSL
CVE-2024-2004 - Usage of disabled protocol

Along with many other changes, mostly bugfixes: https://curl.se/changes.html

(From OE-Core rev: 8e27b472d1bc872c6da2b22f57b30d36e231d745)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-support/curl/curl/no-test-timeout.patch

@@ -1,10 +1,17 @@
-Set the max-time timeout to 600 so the timeout is 10 minutes instead of 13 seconds.
+From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 15 Mar 2024 14:37:37 +0000
+Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes
+ instead of 13 seconds.
 
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ tests/servers.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/tests/servers.pm b/tests/servers.pm
-index d4472d509..aeab62c47 100644
+index d4472d5..9999938 100644
 --- a/tests/servers.pm
 +++ b/tests/servers.pm
 @@ -120,7 +120,7 @@ my $sshdverstr;  # for socks server, ssh daemon version string

meta/recipes-support/curl/curl_8.7.1.bb

@@ -15,7 +15,7 @@ SRC_URI = " \
     file://disable-tests \
     file://no-test-timeout.patch \
 "
-SRC_URI[sha256sum] = "3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15"
+SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"