diff --git a/backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch b/backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9f1b13b0ad3ee6e8b299f3d6ce6d5b604eeaa80c
--- /dev/null
+++ b/backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch
@@ -0,0 +1,73 @@
+From 439b9cfaf43080e91c4ad69f312f21fa098befc7 Mon Sep 17 00:00:00 2001
+From: Ben Kallus <49924171+kenballus@users.noreply.github.com>
+Date: Sun, 13 Nov 2022 18:25:55 +0000
+Subject: [PATCH] gh-99418: Make urllib.parse.urlparse enforce that a scheme
+ must begin with an alphabetical ASCII character. (#99421)
+
+Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
+
+RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
+RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
+
+The WHATWG URL spec defines a scheme like this:
+`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
+---
+ Lib/test/test_urlparse.py                      | 18 ++++++++++++++++++
+ Lib/urllib/parse.py                            |  2 +-
+ ...22-11-12-15-45-51.gh-issue-99418.FxfAXS.rst |  2 ++
+ 3 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 3509278..5655fc3 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -676,6 +676,24 @@ class UrlParseTestCase(unittest.TestCase):
+                         with self.assertRaises(ValueError):
+                             p.port
+ 
++    def test_attributes_bad_scheme(self):
++        """Check handling of invalid schemes."""
++        for bytes in (False, True):
++            for parse in (urllib.parse.urlsplit, urllib.parse.urlparse):
++                for scheme in (".", "+", "-", "0", "http&", "६http"):
++                    with self.subTest(bytes=bytes, parse=parse, scheme=scheme):
++                        url = scheme + "://www.example.net"
++                        if bytes:
++                            if url.isascii():
++                                url = url.encode("ascii")
++                            else:
++                                continue
++                        p = parse(url)
++                        if bytes:
++                            self.assertEqual(p.scheme, b"")
++                        else:
++                            self.assertEqual(p.scheme, "")
++
+     def test_attributes_without_netloc(self):
+         # This example is straight from RFC 3261.  It looks like it
+         # should allow the username, hostname, and port to be filled
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index 4f21ce7..fc4d8b7 100644
+--- a/Lib/urllib/parse.py
++++ b/Lib/urllib/parse.py
+@@ -435,7 +435,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+         clear_cache()
+     netloc = query = fragment = ''
+     i = url.find(':')
+-    if i > 0:
++    if i > 0 and url[0].isascii() and url[0].isalpha():
+         if url[:i] == 'http': # optimize the common case
+             url = url[i+1:]
+             if url[:2] == '//':
+diff --git a/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst
+new file mode 100644
+index 0000000..0a06e7c
+--- /dev/null
++++ b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rst
+@@ -0,0 +1,2 @@
++Fix bug in :func:`urllib.parse.urlparse` that causes URL schemes that begin
++with a digit, a plus sign, or a minus sign to be parsed incorrectly.
+-- 
+2.27.0
+
diff --git a/fix-CVE-2023-24329.patch b/fix-CVE-2023-24329.patch
new file mode 100644
index 0000000000000000000000000000000000000000..05ea1645a8c526388022d98ac7a24b20177bc732
--- /dev/null
+++ b/fix-CVE-2023-24329.patch
@@ -0,0 +1,43 @@
+From 1bad5b2ebc2f3cb663ce425b9979b4ec4dce27b2 Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong1@huawei.com>
+Date: Thu, 6 Apr 2023 03:30:44 +0000
+Subject: [PATCH] fix CVE-2023-24329
+
+---
+ Lib/test/test_urlparse.py | 7 +++++++
+ Lib/urllib/parse.py       | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 5655fc3..bddc7b4 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -694,6 +694,13 @@ class UrlParseTestCase(unittest.TestCase):
+                         else:
+                             self.assertEqual(p.scheme, "")
+ 
++    def test_attributes_bad_scheme_CVE_2023_24329(self):
++        """Check handling of invalid schemes that starts with blank characters."""
++        for parse in (urllib.parse.urlsplit, urllib.parse.urlparse):
++            url = " https://www.example.net"
++            p = parse(url)
++            self.assertEqual(p.scheme, "https")
++
+     def test_attributes_without_netloc(self):
+         # This example is straight from RFC 3261.  It looks like it
+         # should allow the username, hostname, and port to be filled
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index fc4d8b7..9a867a0 100644
+--- a/Lib/urllib/parse.py
++++ b/Lib/urllib/parse.py
+@@ -423,6 +423,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+     Return a 5-tuple: (scheme, netloc, path, query, fragment).
+     Note that we don't break the components up in smaller bits
+     (e.g. netloc is a single string) and we don't expand % escapes."""
++    url = url.lstrip()
+     url, scheme, _coerce_result = _coerce_args(url, scheme)
+     url = _remove_unsafe_bytes_from_url(url)
+     scheme = _remove_unsafe_bytes_from_url(scheme)
+-- 
+2.27.0
+
diff --git a/python3.spec b/python3.spec
index b0e21dffc3b17bef61616f4d5687b72fd1ca04a7..03239af8fdf908425f44a05740df2aabc3d31e38 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.7.9
-Release: 31
+Release: 32
 License: Python-2.0
 
 %global branchversion 3.7
@@ -165,8 +165,10 @@ Patch6054: backport-CVE-2021-28861.patch
 Patch6055: backport-CVE-2020-10735.patch
 Patch6066: backport-CVE-2022-45061.patch
 Patch6067: backport-CVE-2022-37454.patch
+Patch6068: backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch
 
 Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
+Patch9001: fix-CVE-2023-24329.patch 
 
 Provides: python%{branchversion} = %{version}-%{release}
 Provides: python(abi) = %{branchversion}
@@ -317,8 +319,10 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch6055 -p1
 %patch6066 -p1
 %patch6067 -p1
+%patch6068 -p1
 
 %patch9000 -p1
+%patch9001 -p1
 
 sed -i "s/generic_os/%{_vendor}/g" Lib/platform.py
 rm configure pyconfig.h.in
@@ -910,6 +914,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Thu Apr 06 2023 shixuantong <shixuantong1@huawei.com> - 3.7.9-32
+- Type:CVE
+- CVE:CVE-2023-24329
+- SUG:NA
+- DESC:fix CVE-2023-24329
+
 * Mon Nov 28 2022 zhuofeng <zhuofeng2@huawei.com> - 3.7.9-31
 - Type:CVE
 - CVE:CVE-2022-37454