python3: fix CVE-2025-6075

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-6075 Upstream-patch: 9ab89c026a (From OE-Core rev: 5313fa5236cd3943f90804de2af81358971894bc) Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-01-29 21:08:42 +01:00 · 2025-11-21 16:57:23 +05:30
parent adc9e377c8
commit 792947d444
2 changed files with 356 additions and 0 deletions
--- a/meta/recipes-devtools/python/python3_3.12.12.bb
+++ b/meta/recipes-devtools/python/python3_3.12.12.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_deadlock-skip-problematic-test.patch \
 	   file://0001-test_active_children-skip-problematic-test.patch \
           file://0001-test_readline-skip-limited-history-test.patch \
+           file://CVE-2025-6075.patch \
           "

 SRC_URI:append:class-native = " \