curl: upgrade to release 7.60.0

This fixes the following CVEs:
* FTP: shutdown response buffer overflow CVE-2018-1000300
* RTSP: bad headers buffer over-read CVE-2018-1000301

Change-Id: Ic3229577083286501162aa5979a94ce934739557
Reviewed-on: https://gerrit.libreoffice.org/54418Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>

download.lst

@@ -29,8 +29,8 @@ export CPPUNIT_SHA256SUM := 3d569869d27b48860210c758c4f313082103a5e58219a7669b52
 export CPPUNIT_TARBALL := cppunit-1.14.0.tar.gz
 export CT2N_SHA256SUM := 71b238efd2734be9800af07566daea8d6685aeed28db5eb5fa0e6453f4d85de3
 export CT2N_TARBALL := 1f467e5bb703f12cbbb09d5cf67ecf4a-converttexttonumber-1-5-0.oxt
-export CURL_SHA256SUM := 099d9c32dc7b8958ca592597c9fabccdf4c08cfb7c114ff1afbbc4c6f13c9e9e
-export CURL_TARBALL := curl-7.59.0.tar.gz
+export CURL_SHA256SUM := e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5
+export CURL_TARBALL := curl-7.60.0.tar.gz
 export EBOOK_SHA256SUM := 7e8d8ff34f27831aca3bc6f9cc532c2f90d2057c778963b884ff3d1e34dfe1f9
 export EBOOK_TARBALL := libe-book-0.1.3.tar.xz
 export EPOXY_SHA256SUM := 1d8668b0a259c709899e1c4bab62d756d9002d546ce4f59c9665e2fc5f001a64

external/curl/curl-7.26.0_win-proxy.patch

@@ -4,8 +4,8 @@
  
  CFLAGS_LIBCURL_STATIC  = /DCURL_STATICLIB
  
--WIN_LIBS    = ws2_32.lib wldap32.lib advapi32.lib
-+WIN_LIBS    = ws2_32.lib wldap32.lib advapi32.lib winhttp.lib
+-WIN_LIBS    = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib
++WIN_LIBS    = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib winhttp.lib
  
  BASE_NAME              = libcurl
  BASE_NAME_DEBUG        = $(BASE_NAME)_debug
@@ -112,9 +112,9 @@
    const char *protop = conn->handler->scheme;
    char *envp = proxy_env;
 @@ -4663,6 +4739,7 @@
-     if(!proxy)
-       proxy = curl_getenv("ALL_PROXY");
    }
+   if(proxy)
+     infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
 +#endif /* WIN32 */
  
    return proxy;