diff --git a/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch b/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch
new file mode 100644
index 0000000000000000000000000000000000000000..058c1cc94cd131eb5144535be7ea68000c250095
--- /dev/null
+++ b/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch
@@ -0,0 +1,107 @@
+From f7a68d3804efabd271f0338391858bc1e7e57422 Mon Sep 17 00:00:00 2001 
+From: Damien Neil <dneil@google.com> 
+Date: Thu, 11 Sep 2025 13:32:10 -0700 
+Subject: [PATCH] archive/tar: set a limit on the size of GNU
+ sparse file 1.0 regions
+
+Sparse files in tar archives contain only the non-zero components
+of the file. There are several different encodings for sparse
+files. When reading GNU tar pax 1.0 sparse files, archive/tar did
+not set a limit on the size of the sparse region data. A malicious
+archive containing a large number of sparse blocks could cause
+archive/tar to read an unbounded amount of data from the archive
+into memory.
+
+Reference: https://go-review.googlesource.com/c/go/+/709861
+Conflict: no
+
+Since a malicious input can be highly compressable, a small
+compressed input could cause very large allocations.
+
+Cap the size of the sparse block data to the same limit used
+for PAX headers (1 MiB).
+
+Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/)
+for reporting this issue.
+
+Fixes CVE-2025-58183
+Fixes #75677
+
+Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Nicholas Husin <husin@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/709861
+Auto-Submit: Michael Pratt <mpratt@google.com>
+TryBot-Bypass: Michael Pratt <mpratt@google.com>
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+---
+ src/archive/tar/common.go      | 1 +
+ src/archive/tar/reader.go      | 9 +++++++--
+ src/archive/tar/reader_test.go | 5 +++++
+ 3 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/archive/tar/common.go b/src/archive/tar/common.go
+index 7b3945f..ad31bbb 100644
+--- a/src/archive/tar/common.go
++++ b/src/archive/tar/common.go
+@@ -39,6 +39,7 @@ var (
+ 	errMissData        = errors.New("archive/tar: sparse file references non-existent data")
+ 	errUnrefData       = errors.New("archive/tar: sparse file contains unreferenced data")
+ 	errWriteHole       = errors.New("archive/tar: write non-NUL byte in sparse hole")
++	errSparseTooLong   = errors.New("archive/tar: sparse map too long")
+ )
+ 
+ type headerError []string
+diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go
+index 8483fb5..16ac2f5 100644
+--- a/src/archive/tar/reader.go
++++ b/src/archive/tar/reader.go
+@@ -531,12 +531,17 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+ 		cntNewline int64
+ 		buf        bytes.Buffer
+ 		blk        block
++		totalSize  int
+ 	)
+ 
+ 	// feedTokens copies data in blocks from r into buf until there are
+ 	// at least cnt newlines in buf. It will not read more blocks than needed.
+ 	feedTokens := func(n int64) error {
+ 		for cntNewline < n {
++			totalSize += len(blk)
++			if totalSize > maxSpecialFileSize {
++				return errSparseTooLong
++			}
+ 			if _, err := mustReadFull(r, blk[:]); err != nil {
+ 				return err
+ 			}
+@@ -569,8 +574,8 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
+ 	}
+ 
+ 	// Parse for all member entries.
+-	// numEntries is trusted after this since a potential attacker must have
+-	// committed resources proportional to what this library used.
++	// numEntries is trusted after this since feedTokens limits the number of
++	// tokens based on maxSpecialFileSize.
+ 	if err := feedTokens(2 * numEntries); err != nil {
+ 		return nil, err
+ 	}
+diff --git a/src/archive/tar/reader_test.go b/src/archive/tar/reader_test.go
+index 99340a3..fca53da 100644
+--- a/src/archive/tar/reader_test.go
++++ b/src/archive/tar/reader_test.go
+@@ -621,6 +621,11 @@ func TestReader(t *testing.T) {
+ 			},
+ 			Format: FormatPAX,
+ 		}},
++	}, {
++		// Small compressed file that uncompresses to
++		// a file with a very large GNU 1.0 sparse map.
++		file: "testdata/gnu-sparse-many-zeros.tar.bz2",
++		err:  errSparseTooLong,
+ 	}}
+ 
+ 	for _, v := range vectors {
+-- 
+2.43.0
+
diff --git a/golang.spec b/golang.spec
index fedefccb48104ff57bbea5a16cfd9fdc8079f05e..fcfc88c23dbc176511a6e91a100c09d1b8e46bd2 100644
--- a/golang.spec
+++ b/golang.spec
@@ -66,7 +66,7 @@
 
 Name:           golang
 Version:        1.24.2
-Release:        39
+Release:        40
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -133,6 +133,7 @@ Patch1006:	1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.pat
 Patch1007:  1007-CVE-2025-22873-avoid-escape-from-Root-via-paths-endi.patch
 # Missing part of Patch1001
 Patch1008:  1008-cmd-internal-obj-enable-got-pcrel-itype-in-fips140-for-riscv64.patch
+Patch1009:  1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch
 
 # Backport of RVA23
 Patch2001:	2001-cpu-internal-provide-runtime-detection-of-RISC-V-ext.patch
@@ -413,6 +414,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Fri Nov 7 2025 huzhangying <huzhangying@huawei.com> - 1.24.2-40
+- Type:CVE
+- CVE:CVE-2025-58183
+- SUG:NA
+- DESC:fix CVE-2025-58183
+
 * Thu Sep 25 2025 Julian Zhu <julian.oerv@isrc.iscas.ac.cn> - 1.24.2-39
 - Backport RISC-V RVA23 support