curl: upgrade 8.11.1 -> 8.12.0

Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725.

Initialize WATT_ROOT variable to avoid looking in host dirs
when autotools are checking available features.

License-Update: copyright year refreshed

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-support/curl/curl_8.11.1.bb b/meta/recipes-support/curl/curl_8.12.0.bb
similarity index 96%
rename from meta/recipes-support/curl/curl_8.11.1.bb
rename to meta/recipes-support/curl/curl_8.12.0.bb
index b4d80e9643c0e98a49ff83b49d3fbe51ce707e65..7b5e6350ba1b64d83e0d9dfbea0231473cfa081e 100644 (file)
--- a/meta/recipes-support/curl/curl_8.11.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.0.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "https://curl.se/"
 BUGTRACKER = "https://github.com/curl/curl/issues"
 SECTION = "console/network"
 LICENSE = "curl"
-LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75"
+LIC_FILES_CHKSUM = "file://COPYING;md5=72f4e9890e99e68d77b7e40703d789b8"
 
 SRC_URI = " \
     https://curl.se/download/${BP}.tar.xz \
@@ -15,7 +15,7 @@ SRC_URI = " \
     file://disable-tests \
     file://no-test-timeout.patch \
 "
-SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56"
+SRC_URI[sha256sum] = "9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
@@ -76,6 +76,7 @@ EXTRA_OECONF = " \
     --without-libpsl \
     --enable-optimize \
     ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \
+    WATT_ROOT=${STAGING_DIR_TARGET}${prefix} \
 "
 
 fix_absolute_paths () {