diff --git a/backport-CVE-2025-0938.patch b/backport-CVE-2025-0938.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e5bc3317f4b489b8ba7b716a9aeb9dba04b9de0b
--- /dev/null
+++ b/backport-CVE-2025-0938.patch
@@ -0,0 +1,137 @@
+From a7084f6075c9595ba60119ce8c62f1496f50c568 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Sun, 2 Feb 2025 09:30:28 +0100
+Subject: [PATCH] [3.12] gh-105704: Disallow square brackets (`[` and `]`) in
+ domain names for parsed URLs (GH-129418) (GH-129527)
+
+gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)
+
+* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs
+
+* Use Sphinx references
+
+
+
+* Add mismatched bracket test cases, fix news format
+
+* Add more test coverage for ports
+
+---------
+
+(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)
+
+Co-authored-by: Seth Michael Larson <seth@python.org>
+Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
+---
+ Lib/test/test_urlparse.py                     | 37 ++++++++++++++++++-
+ Lib/urllib/parse.py                           | 20 +++++++++-
+ ...-01-28-14-08-03.gh-issue-105704.EnhHxu.rst |  4 ++
+ 3 files changed, 58 insertions(+), 3 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 818e7e93dbbe11..5e429b9259fee7 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -1273,16 +1273,51 @@ def test_invalid_bracketed_hosts(self):
+         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')
+         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')
+         self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip')
++        self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix')
+ 
+     def test_splitting_bracketed_hosts(self):
+-        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')
++        p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query')
+         self.assertEqual(p1.hostname, 'v6a.ip')
+         self.assertEqual(p1.username, 'user')
+         self.assertEqual(p1.path, '/path')
++        self.assertEqual(p1.port, 1234)
+         p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')
+         self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test')
+         self.assertEqual(p2.username, 'user')
+         self.assertEqual(p2.path, '/path')
++        self.assertIs(p2.port, None)
+         p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')
+         self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test')
+         self.assertEqual(p3.username, 'user')
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index 24815952037fef..c72138a33ca6d4 100644
+--- a/Lib/urllib/parse.py
++++ b/Lib/urllib/parse.py
+@@ -436,6 +436,23 @@ def _checknetloc(netloc):
+             raise ValueError("netloc '" + netloc + "' contains invalid " +
+                              "characters under NFKC normalization")
+ 
++def _check_bracketed_netloc(netloc):
++    # Note that this function must mirror the splitting
++    # done in NetlocResultMixins._hostinfo().
++    hostname_and_port = netloc.rpartition('@')[2]
++    before_bracket, have_open_br, bracketed = hostname_and_port.partition('[')
++    if have_open_br:
++        # No data is allowed before a bracket.
++        if before_bracket:
++            raise ValueError("Invalid IPv6 URL")
++        hostname, _, port = bracketed.partition(']')
++        # No data is allowed after the bracket but before the port delimiter.
++        if port and not port.startswith(":"):
++            raise ValueError("Invalid IPv6 URL")
++    else:
++        hostname, _, port = hostname_and_port.partition(':')
++    _check_bracketed_host(hostname)
++
+ # Valid bracketed hosts are defined in
+ # https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
+ def _check_bracketed_host(hostname):
+@@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
+                 (']' in netloc and '[' not in netloc)):
+             raise ValueError("Invalid IPv6 URL")
+         if '[' in netloc and ']' in netloc:
+-            bracketed_host = netloc.partition('[')[2].partition(']')[0]
+-            _check_bracketed_host(bracketed_host)
++            _check_bracketed_netloc(netloc)
+     if allow_fragments and '#' in url:
+         url, fragment = url.split('#', 1)
+     if '?' in url:
+diff --git a/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
+new file mode 100644
+index 00000000000000..bff1bc6b0d609c
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
+@@ -0,0 +1,4 @@
++When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host
++parsing would not reject domain names containing square brackets (``[`` and
++``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
++`RFC 3986 Section 3.2.2 <https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.
diff --git a/python3.spec b/python3.spec
index 3b5af8ed9b760077aecb1cfda3157d3c32349d13..c81124aaa8d67ccfa1d0d79c8e57f4b0dd87202d 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.9.9
-Release: 36
+Release: 37
 License: Python-2.0
 
 %global branchversion 3.9
@@ -125,6 +125,7 @@ Patch6031: backport-3.9-gh-107845-Fix-symlink-handling-for-tarfile.data_.patch
 Patch6032: backport-CVE-2023-27043-gh-102988-Reject-malformed-addres.patch
 Patch6033: backport-CVE-2024-9287.patch
 Patch6034: backport-CVE-2024-11168-3.9-gh-103848-Adds-checks-to-ensure-that-bracketed-h.patch
+Patch6035: backport-CVE-2025-0938.patch
 
 Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
 Patch9001: python3-Add-sw64-architecture.patch
@@ -250,6 +251,7 @@ rm -r Modules/expat
 %patch -P6032 -p1
 %patch -P6033 -p1
 %patch -P6034 -p1
+%patch -P6035 -p1
 
 %patch -P9000 -p1
 %patch -P9001 -p1
@@ -879,6 +881,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Tue Feb 11 2025 Funda Wang <fundawang@yeah.net> - 3.9.9-37
+- Type:CVE
+- CVE:CVE-2025-0938
+- SUG:NA
+- DESC:fix CVE-2025-0938
+
 * Wed Dec 25 2024 xinsheng <xinsheng3@huawei.com> - 3.9.9-36
 - Type:CVE
 - CVE:CVE-2024-11168