package/libcurl: security bump to version 7.83.1

Fixes the following security issues:

- CVE-2022-27778: curl removes wrong file on error
  https://curl.se/docs/CVE-2022-27778.html

- CVE-2022-27779: cookie for trailing dot TLD
  https://curl.se/docs/CVE-2022-27779.html

- CVE-2022-27780: percent-encoded path separator in URL host
  https://curl.se/docs/CVE-2022-27780.html

- CVE-2022-27781: CERTINFO never-ending busy-loop
  https://curl.se/docs/CVE-2022-27781.html

- CVE-2022-27782: TLS and SSH connection too eager reuse
  https://curl.se/docs/CVE-2022-27782.html

- CVE-2022-30115: HSTS bypass via trailing dot
  https://curl.se/docs/CVE-2022-30115.html

Drop now upstreamed 0001-mbedtls-fix-compile-when-h2-enabled.patch

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcurl/0001-mbedtls-fix-compile-when-h2-enabled.patch

@@ -1,32 +0,0 @@
-From 6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 28 Apr 2022 17:11:50 +0200
-Subject: [PATCH] mbedtls: fix compile when h2-enabled
-
-Fixes #8766
-Reported-by: LigH-de on github
-Closes #8768
-
-Downloaded from upstream commit
-https://github.com/curl/curl/commit/6eb7fb37d901ed1e4ce07cbd628ee11bf02db1f3
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- lib/vtls/mbedtls.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
-index 64f57c5d8321..5f9b87e6b75b 100644
---- a/lib/vtls/mbedtls.c
-+++ b/lib/vtls/mbedtls.c
-@@ -815,8 +815,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
-     if(next_protocol) {
-       infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
- #ifdef USE_HTTP2
--      if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LEN) &&
--         !next_protocol[ALPN_H2_LEN]) {
-+      if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
-+         !next_protocol[ALPN_H2_LENGTH]) {
-         conn->negnpn = CURL_HTTP_VERSION_2;
-       }
-       else

package/libcurl/libcurl.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-7.83.0.tar.xz.asc
+# https://curl.se/download/curl-7.83.1.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a  curl-7.83.0.tar.xz
+sha256  2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4  curl-7.83.1.tar.xz
 sha256  321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.83.0
+LIBCURL_VERSION = 7.83.1
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \