diff --git a/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl b/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl
new file mode 100644
index 0000000000000000000000000000000000000000..46dbca2f1dc1896100f87c556a0b685e14eca668
Binary files /dev/null and b/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl differ
diff --git a/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl b/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl
new file mode 100644
index 0000000000000000000000000000000000000000..15c254520ed8f71ba86e8dcae2fd4f4d8655ae5a
Binary files /dev/null and b/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl differ
diff --git a/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
index 97707a57a8341007a4c3ea814fe25d54f6d33889..56494f24ec55b66b9dab2c558bc8167da93d4efe 100644
--- a/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
+++ b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
@@ -12,6 +12,5 @@
 +                    # Fallback to a possibly dangerous extraction (before PEP 706)
 +                    tf.extract(name, tmpdir)
              filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
- 
-             _run_zic(zonedir, filepaths)
-
+             try:
+                 check_call(["zic", "-d", zonedir] + filepaths)
diff --git a/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch b/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
index 9706cecb6605600afa3f63d87a9e3d513761bf56..831ca45f7656c47650f4356e468507ff258b0cc5 100644
--- a/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
+++ b/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
@@ -12,9 +12,8 @@
 +                    # Fallback to a possibly dangerous extraction (before PEP 706)
 +                    tf.extract(name, tmpdir)
              filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
- 
-             _run_zic(zonedir, filepaths)
-
+             try:
+                 check_call(["zic", "-d", zonedir] + filepaths)
 --- a/awscli/dateutil/zoneinfo/rebuild.py	2023-01-26 16:29:30.000000000 +0100
 +++ b/awscli/dateutil/zoneinfo/rebuild.py	2023-07-19 10:12:42.277559948 +0200
 @@ -21,7 +21,12 @@
@@ -29,9 +28,8 @@
 +                    # Fallback to a possibly dangerous extraction (before PEP 706)
 +                    tf.extract(name, tmpdir)
              filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
- 
-             _run_zic(zonedir, filepaths)
-
+             try:
+                 check_call(["zic", "-d", zonedir] + filepaths)
 --- a/azure/dateutil/zoneinfo/rebuild.py	2023-01-26 16:29:30.000000000 +0100
 +++ b/azure/dateutil/zoneinfo/rebuild.py	2023-07-19 10:12:42.277559948 +0200
 @@ -21,7 +21,12 @@
@@ -46,5 +44,5 @@
 +                    # Fallback to a possibly dangerous extraction (before PEP 706)
 +                    tf.extract(name, tmpdir)
              filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
- 
-             _run_zic(zonedir, filepaths)
+             try:
+                 check_call(["zic", "-d", zonedir] + filepaths)
diff --git a/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl b/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl
new file mode 100644
index 0000000000000000000000000000000000000000..a6271bc46c1af307dc70a59e9308477b9db34926
Binary files /dev/null and b/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl differ
diff --git a/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl b/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl
new file mode 100644
index 0000000000000000000000000000000000000000..3893155d03aab66e1d58d99663105968817ca441
Binary files /dev/null and b/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl differ
diff --git a/download b/download
index cbb78856d6aa2b2bc7982eba0dd3e927f14bc985..36347074dbd216b05d4446225cde858874970865 100644
--- a/download
+++ b/download
@@ -7,7 +7,7 @@ a56b8dc55158a41ab3c89c4c8feb8824  colorama-0.3.3.tar.gz
 62655d4b45872572f243d0eb7e9dd1f9  fence-agents-4.10.0.tar.gz
 a61b1015a213f1a9cf27252fbac579ee  google-auth-2.3.0.tar.gz
 5856306eac5f25db8249e37a4c6ee3e7  idna-3.3.tar.gz
-caf5418c851eac59e70a78d9730d4cea  Jinja2-3.1.3.tar.gz
+a66396e3080a68928ff98276d6809138  Jinja2-3.1.3.tar.gz
 d44bf469fcc16312e12fe8548cb177ee  kubernetes-12.0.1.tar.gz
 892e0fefa3c488387e5cc0cad2daa523  MarkupSafe-2.0.1.tar.gz
 e46e2af1ad29245ddbd93972770f528b  msal-1.18.0.tar.gz
@@ -28,7 +28,6 @@ bb9d65e5b9f0a6f37365a15922440155  pyroute2.ipset-0.6.13.tar.gz
 29aef69d25536baa1c0a121c8cefdf72  pyroute2.ndb-0.6.13.tar.gz
 d0db73bc8015af946b3578330fb1e020  pyroute2.nftables-0.6.13.tar.gz
 6016e3a0381e31cfeffd1e4e6f10843b  pyroute2.nslink-0.6.13.tar.gz
-5970010bb72452344df3d76a10281b65  python-dateutil-2.8.2.tar.gz
 70ef5c5e6b05badc8675dcc3106d90cc  python-string-utils-1.0.0.tar.gz
 3b07eb596071bac75c886129de881d22  PyYAML-5.1.tar.gz
 8c745949ad3e9ae83d9927fed213db8a  requests-2.26.0.tar.gz
diff --git a/fence-agents.spec b/fence-agents.spec
index 8cb97ffdb451c9bc962ab5dde8468a8c40ae995f..c4b690f17987be1be71b8b9eb7350426dce901ac 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -56,7 +56,6 @@
 %global ruamelyaml_version	0.17.16
 %global setuptools		setuptools
 %global setuptools_version	58.3.0
-%global __python3 /usr/bin/python3.9
 
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
@@ -165,7 +164,6 @@ Source1073: %{googleauth}-%{googleauth_version}.tar.gz
 Source1074: %{cachetools}-%{cachetools_version}.tar.gz
 Source1075: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz
 Source1076: %{pyasn1}-%{pyasn1_version}.tar.gz
-Source1077: python-%{dateutil}-%{dateutil_version}.tar.gz
 Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz
 ## rsa is dependency for "pip install",
 ## but gets removed to use cryptography lib instead
@@ -188,6 +186,17 @@ Source1093: poetry-core-1.0.7.tar.gz
 Source1094: pyparsing-3.0.1.tar.gz
 Source1095: tomli-1.0.1.tar.gz
 Source1096: wheel-0.37.0-py2.py3-none-any.whl
+Source2000: pycryptodome-3.10.1.tar.gz
+Source2001: cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl
+Source2002: awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl
+Source2003: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl 
+Source2004: urllib3-1.24.3-py2.py3-none-any.whl
+Source2005: importlib_metadata-4.8.1-py3-none-any.whl 
+Source2006: protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
+Source2007: zipp-3.5.0-py3-none-any.whl
+Source2008: typing_extensions-3.10.0.2-py3-none-any.whl
+Source2009: importlib_resources-5.2.2-py3-none-any.whl 
+Source2010: MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl
 ### END
 
 Patch0: ha-cloud-support-aliyun.patch
@@ -322,10 +331,11 @@ BuildRequires: gcc
 BuildRequires: libxslt
 ## Python dependencies
 %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version}
-BuildRequires: python39-devel python39-pip
+BuildRequires: python3-devel python3-pip
 # wheel for HA support subpackages
-BuildRequires: python39-wheel
-BuildRequires: python39-pycurl python39-requests
+BuildRequires: python3-wheel
+BuildRequires: python3-pycurl python3-requests
+BuildRequires: python3-markupsafe
 %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7
 BuildRequires: openwsman-python3
 %endif
@@ -433,18 +443,19 @@ echo "awscli" >> %{_sourcedir}/requirements-awscli.txt
 %ifnarch x86_64
 LIBS="%{_sourcedir}/requirements-common.txt"
 %endif
+# %{__python3} -m pip install --target support/$(echo $x | sed -E "s/.*requirements-(.*).txt/\1/") --no-index --find-links %{_sourcedir} setuptools_scm
 for x in $LIBS; do
 	%{__python3} -m pip install --target support/$(echo $x | sed -E "s/.*requirements-(.*).txt/\1/") --no-index --find-links %{_sourcedir} -r $x
 done
 
 # fix incorrect #! detected by CI
-%ifarch x86_64
-sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/jp support/awscli/bin/jp
-%endif
+# %ifarch x86_64
+# sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/jp support/awscli/bin/jp
+# %endif
 
-%ifarch x86_64
-sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws
-%endif
+# %ifarch x86_64
+# sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws
+# %endif
 
 # kubevirt
 %{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
@@ -1494,8 +1505,10 @@ are located on corosync cluster nodes.
 %endif
 
 %changelog
-* Tue Sep 10 2024 Bo Ren <rb01097748@alibaba-inc.com> - 4.10.0-62.0.1.4
-- Build with python39
+* Wed Sep 11 2024 Chang Gao <gc-taifu@linux.alibaba.com> - 4.10.0-62.0.1.4
+- Replace some packages with build env
+- Update CVE-2007-4559 patches
+- Change Jinja2 require python version
 
 * Mon Jun 24 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-62.4
 - bundled urllib3: fix CVE-2024-37891
diff --git a/importlib_metadata-4.8.1-py3-none-any.whl b/importlib_metadata-4.8.1-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..0a226fb73c259dde1679607eafd87faabaf307fb
Binary files /dev/null and b/importlib_metadata-4.8.1-py3-none-any.whl differ
diff --git a/importlib_resources-5.2.2-py3-none-any.whl b/importlib_resources-5.2.2-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..45047a5a848b39592607c46611a3cbb458eea331
Binary files /dev/null and b/importlib_resources-5.2.2-py3-none-any.whl differ
diff --git a/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl b/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
new file mode 100644
index 0000000000000000000000000000000000000000..51f6ceadcf10bdaac6542d8eebd4904b234297d6
Binary files /dev/null and b/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl differ
diff --git a/pycryptodome-3.10.1.tar.gz b/pycryptodome-3.10.1.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..ee913bf6f69f491e34d52758369cfeb8e9824378
Binary files /dev/null and b/pycryptodome-3.10.1.tar.gz differ
diff --git a/typing_extensions-3.10.0.2-py3-none-any.whl b/typing_extensions-3.10.0.2-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..7d994c5ef03d22e66d317e923f491ad812f997c2
Binary files /dev/null and b/typing_extensions-3.10.0.2-py3-none-any.whl differ
diff --git a/urllib3-1.24.3-py2.py3-none-any.whl b/urllib3-1.24.3-py2.py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..8da9f547675f6c4b7c0bfe0e9078d0b03af4b378
Binary files /dev/null and b/urllib3-1.24.3-py2.py3-none-any.whl differ
diff --git a/zipp-3.5.0-py3-none-any.whl b/zipp-3.5.0-py3-none-any.whl
new file mode 100644
index 0000000000000000000000000000000000000000..9b606195459d3fa4808b0ad26caafe3a4a3d669d
Binary files /dev/null and b/zipp-3.5.0-py3-none-any.whl differ