package/libcurl: security bump to version 8.14.1

Fixes the following security issues:
- CVE-2025-5025:
  No QUIC certificate pinning with wolfSSL.
  https://curl.se/docs/CVE-2025-5025.html

- CVE-2025-4947:
  QUIC certificate check skip with wolfSSL.
  https://curl.se/docs/CVE-2025-4947.html

- CVE-2025-5399:
  WebSocket endless loop
  https://curl.se/docs/CVE-2025-5399.html

Changelog:
https://curl.se/ch/8.14.0.html
https://curl.se/ch/8.14.1.html

Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
[Peter: bump to 8.14.1 instead]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/libcurl/libcurl.hash

@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.13.0.tar.xz.asc
+# https://curl.se/download/curl-8.14.1.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  4a093979a3c2d02de2fbc00549a32771007f2e78032c6faa5ecd2f7a9e152025  curl-8.13.0.tar.xz
+sha256  f4619a1e2474c4bbfedc88a7c2191209c8334b48fa1f4e53fd584cc12e9120dd  curl-8.14.1.tar.xz
 sha256  e18f1989333b70044b2adfb7dc2f905d0119dbdcac3bc9f4bc9d540e3a29de5b  COPYING

package/libcurl/libcurl.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 8.13.0
+LIBCURL_VERSION = 8.14.1
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -14,6 +14,7 @@ LIBCURL_LICENSE = curl
 LIBCURL_LICENSE_FILES = COPYING
 LIBCURL_CPE_ID_VENDOR = haxx
 LIBCURL_INSTALL_STAGING = YES
+LIBCURL_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE"
 
 # We disable NTLM delegation to winbinds ntlm_auth ('--disable-ntlm-wb')
 # support because it uses fork(), which doesn't work on non-MMU platforms.