python3-ldap: patch CVE-2025-61911

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61911 Pick the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2026-01-13 07:35:44 +01:00 · 2026-01-13 07:35:44 +01:00 · 3a9a13832b
commit 3a9a13832b
parent e07db81979
2 changed files with 42 additions and 0 deletions
--- a/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch
+++ b/meta-networking/recipes-devtools/python/python3-ldap/CVE-2025-61911.patch
@ -0,0 +1,41 @@
+From ecbd037205723884036b4a467c19d7904b8b6cee Mon Sep 17 00:00:00 2001
+From: lukas-eu <62448426+lukas-eu@users.noreply.github.com>
+Date: Fri, 10 Oct 2025 19:47:46 +0200
+Subject: [PATCH] Merge commit from fork
+
+CVE: CVE-2025-61911
+Upstream-Status: Backport [https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ Lib/ldap/filter.py     | 2 ++
+ Tests/t_ldap_filter.py | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/Lib/ldap/filter.py b/Lib/ldap/filter.py
+index 782737a..5bd41b2 100644
+--- a/Lib/ldap/filter.py
+++ b/Lib/ldap/filter.py
+@@ -24,6 +24,8 @@ def escape_filter_chars(assertion_value,escape_mode=0):
+       If 1 all NON-ASCII chars are escaped.
+       If 2 all chars are escaped.
+   """
+  if not isinstance(assertion_value, str):
+    raise TypeError("assertion_value must be of type str.")
+   if escape_mode:
+     r = []
+     if escape_mode==1:
+diff --git a/Tests/t_ldap_filter.py b/Tests/t_ldap_filter.py
+index 313b373..5431205 100644
+--- a/Tests/t_ldap_filter.py
+++ b/Tests/t_ldap_filter.py
+@@ -49,6 +49,10 @@ class TestDN(unittest.TestCase):
+             ),
+             r'\c3\a4\c3\b6\c3\bc\c3\84\c3\96\c3\9c\c3\9f'
+         )
+        with self.assertRaises(TypeError):
+            escape_filter_chars(["abc@*()/xyz"], escape_mode=1)
+        with self.assertRaises(TypeError):
+            escape_filter_chars({"abc@*()/xyz": 1}, escape_mode=1)
+ 
+     def test_escape_filter_chars_mode2(self):
+         """
--- a/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
+++ b/meta-networking/recipes-devtools/python/python3-ldap_3.4.0.bb
@ -13,6 +13,7 @@ PYPI_PACKAGE = "python-ldap"

 inherit pypi setuptools3

+SRC_URI += "file://CVE-2025-61911.patch"
 SRC_URI[sha256sum] = "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"

 do_configure:prepend() {