Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: Fix wrong return code when –retry is used (bsc#1249367). tool_operate: fix return code when –retry is used but not triggered [b42776b] Fix the –ftp-pasv option in curl v8.14.1 (bsc#1246197). tool_getparam: fix –ftp-pasv [5f805ee] Fixed with version 8.14.1: TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and –sigalgs. websocket: add option to disable auto-pong reply. huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. Patch Instructions: To…Read More