Address "CVE-2022-32221" in the bundled curl library (v7.69).

The patch is applied during the CMake preparation step, before compiling the bundled curl source code.
Closes davix cern-fts#102

Author: mpatrascoiu

cmake/modules/buildCurl.cmake

@@ -10,6 +10,7 @@ macro(buildCurl)
       SOURCE_DIR "${CMAKE_SOURCE_DIR}/deps/curl"
       BINARY_DIR "${CMAKE_BINARY_DIR}/deps/curl"
       PREFIX "${CMAKE_BINARY_DIR}/deps/curl"
+      PATCH_COMMAND bash -c "git checkout -q lib/setopt.c && set -x && git apply ${CMAKE_SOURCE_DIR}/curl-CVE-2022-32221.patch"
       CONFIGURE_COMMAND bash -c "${CMAKE_COMMAND} -DCMAKE_INSTALL_PREFIX=/usr/ -DCMAKE_INSTALL_LIBDIR=lib -DHTTP_ONLY=ON -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_USE_LIBSSH2=OFF ${SECURE_TRANSPORT_FLAGS} ${CMAKE_SOURCE_DIR}/deps/curl && ${CMAKE_SOURCE_DIR}/patch-curl-clock-gettime.sh"
       BUILD_COMMAND make
       INSTALL_COMMAND make DESTDIR=${CMAKE_BINARY_DIR}/deps/curl-install install

curl-CVE-2022-32221.patch

@@ -0,0 +1,12 @@
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 2e494a6df..e64dc23a3 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -486,6 +486,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     }
+     else
+       data->set.httpreq = HTTPREQ_GET;
++    data->set.upload = FALSE;
+     break;
+ 
+   case CURLOPT_COPYPOSTFIELDS: