diff --git a/CVE-2020-25219-Rewrite-url-recvline-to-be-nonrecursive.patch b/CVE-2020-25219-Rewrite-url-recvline-to-be-nonrecursive.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6a06ba326b653cb7fab482c306c0807272c4a2a5
--- /dev/null
+++ b/CVE-2020-25219-Rewrite-url-recvline-to-be-nonrecursive.patch
@@ -0,0 +1,60 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+
+Fixes #134
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -388,16 +388,24 @@ string url::to_string() const {
+ 	return m_orig;
+ }
+ 
+-static inline string recvline(int fd) {
+-	// Read a character.
+-	// If we don't get a character, return empty string.
+-	// If we are at the end of the line, return empty string.
+-	char c = '\0';
+-	
+-	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+-		return "";
+-
+-	return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++	string line;
++	int ret;
++
++	// Reserve arbitrary amount of space to avoid small memory reallocations.
++	line.reserve(128);
++
++	do {
++		char c;
++		ret = recv(fd, &c, 1, 0);
++		if (ret == 1) {
++			if (c == '\n')
++				return line;
++			line += c;
++		}
++	} while (ret == 1 || (ret == -1 && errno == EINTR));
++
++	return line;
+ }
+ 
+ char* url::get_pac() {
+-- 
+1.8.3.1
+
diff --git a/libproxy.spec b/libproxy.spec
index dc71378c54387d17eee5b9d0074a9d6e8b05cb41..66c05ee8aca1f75aaf139746496644c683acedb5 100644
--- a/libproxy.spec
+++ b/libproxy.spec
@@ -1,6 +1,6 @@
 Name:           libproxy
 Version:        0.4.15
-Release:        17
+Release:        18
 Summary:        Libproxy is a library that provides automatic proxy configuration management
 
 License:        LGPLv2+
@@ -15,6 +15,7 @@ Patch1:         libproxy-0.4.11-crash.patch
 Patch2:         libproxy-0.4.15-python3738.patch
 Patch3:         Fix-buffer-overflow-when-PAC-is-enabled.patch 
 Patch4:		backport-Fix-mismatched-new-delete-in-proxy.cpp.patch
+Patch5:		CVE-2020-25219-Rewrite-url-recvline-to-be-nonrecursive.patch
 
 BuildRequires:  cmake >= 2.6.0 gcc-c++
 BuildRequires:  pkgconfig(gio-2.0) >= 2.26 pkgconfig(libnm) python2-devel python3-devel
@@ -124,6 +125,12 @@ make test
 %{_mandir}/man1/proxy.1*
 
 %changelog
+* Thu Jul 14 2022 zhouyihang <zhouyihang3@h-partners.com> - 0.4.15-18
+- Type:cves
+- CVE:CVE-2020-25219
+- SUG:NA
+- DESC:fix CVE-2020-25219
+
 * Tue May 25 xinghe <xinghe2@huawei.com> - 0.4.15-17
 - Type:bugfix
 - CVE:NA