From 6b4f10bfed64d40047b43c774e15b9aa32a789c9 Mon Sep 17 00:00:00 2001
From: lipengyu <lipengyu@kylinos.cn>
Date: Wed, 27 Aug 2025 13:22:00 +0800
Subject: [PATCH] fix CVE-2025-1795

---
 backport-CVE-2025-1795.patch | 64 ++++++++++++++++++++++++++++++++++++
 python3.spec                 | 10 +++++-
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-1795.patch

diff --git a/backport-CVE-2025-1795.patch b/backport-CVE-2025-1795.patch
new file mode 100644
index 0000000..0f41ca2
--- /dev/null
+++ b/backport-CVE-2025-1795.patch
@@ -0,0 +1,64 @@
+From 9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Sat, 17 Feb 2024 14:00:39 +0100
+Subject: [PATCH] [3.12] gh-100884: email/_header_value_parser: don't encode
+ list separators (GH-100885) (GH-115592)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ListSeparator should not be encoded. This could happen when a long line
+pushes its separator to the next line, which would have been encoded.
+(cherry picked from commit 09fab93c3d857496c0bd162797fab816c311ee48)
+
+Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ Lib/email/_header_value_parser.py                            | 3 ++-
+ Lib/test/test_email/test__header_value_parser.py             | 5 +++++
+ .../Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst   | 2 ++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst
+
+diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
+index 5b653f66c18..e4a342d446f 100644
+--- a/Lib/email/_header_value_parser.py
++++ b/Lib/email/_header_value_parser.py
+@@ -949,6 +949,7 @@ class _InvalidEwError(errors.HeaderParseError):
+ # up other parse trees.  Maybe should have  tests for that, too.
+ DOT = ValueTerminal('.', 'dot')
+ ListSeparator = ValueTerminal(',', 'list-separator')
++ListSeparator.as_ew_allowed = False
+ RouteComponentMarker = ValueTerminal('@', 'route-component-marker')
+ 
+ #
+@@ -2022,7 +2023,7 @@ def get_address_list(value):
+             address_list.defects.append(errors.InvalidHeaderDefect(
+                 "invalid address in address-list"))
+         if value:  # Must be a , at this point.
+-            address_list.append(ValueTerminal(',', 'list-separator'))
++            address_list.append(ListSeparator)
+             value = value[1:]
+     return address_list, value
+ 
+diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
+index bdb0e55f210..f7e80749c45 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
++++ b/Lib/test/test_email/test__header_value_parser.py
+@@ -2985,6 +2985,11 @@ def test_address_list_with_unicode_names_in_quotes(self):
+             '=?utf-8?q?H=C3=BCbsch?= Kaktus <beautiful@example.com>,\n'
+                 ' =?utf-8?q?bei=C3=9Ft_bei=C3=9Ft?= <biter@example.com>\n')
+ 
++    def test_address_list_with_list_separator_after_fold(self):
++        to = '0123456789' * 8 + '@foo, ä <foo@bar>'
++        self._test(parser.get_address_list(to)[0],
++                   '0123456789' * 8 + '@foo,\n =?utf-8?q?=C3=A4?= <foo@bar>\n')
++
+     # XXX Need tests with comments on various sides of a unicode token,
+     # and with unicode tokens in the comments.  Spaces inside the quotes
+     # currently don't do the right thing.
+
+-- 
+2.47.0.windows.2
+
+
diff --git a/python3.spec b/python3.spec
index d0923de..cd53bfd 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.11.6
-Release: 11
+Release: 12
 License: Python-2.0
 
 %global branchversion 3.11
@@ -109,6 +109,7 @@ Patch6013:  backport-CVE-2023-27043.patch
 Patch6014:  backport-CVE-2024-9287.patch
 Patch6015:  backport-CVE-2025-0938.patch
 Patch6016:  backport-CVE-2025-4517,CVE-2025-4138,CVE-2024-12718,CVE-2025-4330,CVE-2025-4435.patch
+Patch6017:  backport-CVE-2025-1795.patch
 
 Patch9000:  add-the-sm3-method-for-obtaining-the-salt-value.patch
 Patch9001:  0001-add-loongarch64-support-for-python.patch
@@ -226,6 +227,7 @@ rm configure pyconfig.h.in
 %patch -P6014 -p1
 %patch -P6015 -p1
 %patch -P6016 -p1
+%patch -P6017 -p1
 
 %patch -P9000 -p1
 %patch -P9001 -p1
@@ -892,6 +894,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Thu Aug 28 2025 lipengyu <lipengyu@kylinos.cn> - 3.11.6-12
+- Type:CVE
+- CVE:CVE-2025-1795
+- SUG:NA
+- DESC:fix CVE-2025-1795
+
 * Fri Jun 27 2025 Funda Wang <fundawang@yeah.net> - 3.11.6-11
 - fix CVE-2025-4517, CVE-2025-4138, CVE-2024-12718, CVE-2025-4330, CVE-2025-4435
 
-- 
Gitee