podman: fix CVE-2025-9566walnascar

There's a vulnerability in podman where an attacker may use the kube play
command to overwrite host files when the kube file container a Secrete or
a ConfigMap volume mount and such volume contains a symbolic link to a host
file path. In a successful attack, the attacker can only control the target
file to be overwritten but not the content to be written into the file.
[EOL][EOL]Binary-Affected: podman[EOL]Upstream-version-introduced:
v4.0.0[EOL]Upstream-version-fixed: v5.6.1

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-9566

Upstream-patch:
https://github.com/containers/podman/commit/ca994186f07822b9048fe711b6903e51614d3e15

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index d98521ba..dbbe59c3 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -22,6 +22,7 @@ SRC_URI = " \
     ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
     file://run-ptest \
     file://CVE-2025-6032.patch;patchdir=src/import \
+    file://CVE-2025-9566.patch;patchdir=src/import \
 "
 
 LICENSE = "Apache-2.0"