package/libcurl: security bump to version 8.5.0

Fixes the following security issues:

- CVE-2023-46218: cookie mixed case PSL bypass

  This flaw allows a malicious HTTP server to set "super cookies" in curl
  that are then passed back to more origins than what is otherwise allowed
  or possible.  This allows a site to set cookies that then would get sent
  to different and unrelated sites and domains.

  https://curl.se/docs/CVE-2023-46218.html

- CVE-2023-46219: HSTS long file name clears contents

  When saving HSTS data to an excessively long file name, curl could end up
  removing all contents, making subsequent requests using that file unaware
  of the HSTS status they should otherwise use.

  https://curl.se/docs/CVE-2023-46219.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/libcurl/libcurl.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.4.0.tar.xz.asc
+# https://curl.se/download/curl-8.5.0.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d  curl-8.4.0.tar.xz
+sha256  42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb  curl-8.5.0.tar.xz
 sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 8.4.0
+LIBCURL_VERSION = 8.5.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \