Add CVE-2025-6075-expandvars-perf-degrad.patch

Avoid simple quadratic complexity vulnerabilities of
os.path.expandvars() (CVE-2025-6075, bsc#1252974).
Skip test_curses on ppc64le (gh#python/cpython#141534)

python315.spec

@@ -224,6 +224,9 @@ Patch40:        fix-test-recursion-limit-15.6.patch
 Patch41:        bsc1243155-sphinx-non-determinism.patch
 # PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
 Patch42:        gh139257-Support-docutils-0.22.patch
+# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
+# Avoid potential quadratic complexity vulnerabilities in path modules
+Patch43:        CVE-2025-6075-expandvars-perf-degrad.patch
 #### Python 3.15 DEVELOPMENT PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
@@ -661,8 +664,10 @@ EXCLUDE="$EXCLUDE test_pydoc"
 EXCLUDE="$EXCLUDE test_multiprocessing_forkserver"
 %endif
 %ifarch ppc ppc64 ppc64le
-# exclue test_faulthandler due to bnc#831629
+# exclude test_faulthandler due to bnc#831629
 EXCLUDE="$EXCLUDE test_faulthandler"
+# exclude test_curse for gh#python/cpython#141534
+EXCLUDE="$EXCLUDE test_curses"
 %endif
 # some tests break in QEMU
 %if 0%{?qemu_user_space_build}