From 6561f0e4b8082c35b94b1fa447190a69bdf044fc Mon Sep 17 00:00:00 2001
From: lipengyu <lipengyu@kylinos.cn>
Date: Mon, 1 Sep 2025 12:59:23 +0800
Subject: [PATCH] fix cve-2025-1795

---
 backport-CVE-2025-1795.patch | 71 ++++++++++++++++++++++++++++++++++++
 python3.spec                 |  6 ++-
 2 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-1795.patch

diff --git a/backport-CVE-2025-1795.patch b/backport-CVE-2025-1795.patch
new file mode 100644
index 0000000..95afe49
--- /dev/null
+++ b/backport-CVE-2025-1795.patch
@@ -0,0 +1,71 @@
+From 9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Sat, 17 Feb 2024 14:00:39 +0100
+Subject: [PATCH] [3.12] gh-100884: email/_header_value_parser: don't encode
+ list separators (GH-100885) (GH-115592)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ListSeparator should not be encoded. This could happen when a long line
+pushes its separator to the next line, which would have been encoded.
+(cherry picked from commit 09fab93c3d857496c0bd162797fab816c311ee48)
+
+Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ Lib/email/_header_value_parser.py                            | 3 ++-
+ Lib/test/test_email/test__header_value_parser.py             | 5 +++++
+ .../Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst   | 2 ++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst
+
+diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
+index 5b653f66c18..e4a342d446f 100644
+--- a/Lib/email/_header_value_parser.py
++++ b/Lib/email/_header_value_parser.py
+@@ -949,6 +949,7 @@ class _InvalidEwError(errors.HeaderParseError):
+ # up other parse trees.  Maybe should have  tests for that, too.
+ DOT = ValueTerminal('.', 'dot')
+ ListSeparator = ValueTerminal(',', 'list-separator')
++ListSeparator.as_ew_allowed = False
+ RouteComponentMarker = ValueTerminal('@', 'route-component-marker')
+ 
+ #
+@@ -2022,7 +2023,7 @@ def get_address_list(value):
+             address_list.defects.append(errors.InvalidHeaderDefect(
+                 "invalid address in address-list"))
+         if value:  # Must be a , at this point.
+-            address_list.append(ValueTerminal(',', 'list-separator'))
++            address_list.append(ListSeparator)
+             value = value[1:]
+     return address_list, value
+ 
+diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
+index bdb0e55f210..f7e80749c45 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
++++ b/Lib/test/test_email/test__header_value_parser.py
+@@ -2985,6 +2985,11 @@ def test_address_list_with_unicode_names_in_quotes(self):
+             '=?utf-8?q?H=C3=BCbsch?= Kaktus <beautiful@example.com>,\n'
+                 ' =?utf-8?q?bei=C3=9Ft_bei=C3=9Ft?= <biter@example.com>\n')
+ 
++    def test_address_list_with_list_separator_after_fold(self):
++        to = '0123456789' * 8 + '@foo, ä <foo@bar>'
++        self._test(parser.get_address_list(to)[0],
++                   '0123456789' * 8 + '@foo,\n =?utf-8?q?=C3=A4?= <foo@bar>\n')
++
+     # XXX Need tests with comments on various sides of a unicode token,
+     # and with unicode tokens in the comments.  Spaces inside the quotes
+     # currently don't do the right thing.
+diff --git a/Misc/NEWS.d/next/Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst b/Misc/NEWS.d/next/Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst
+new file mode 100644
+index 00000000000..2a388178810
+--- /dev/null
++++ b/Misc/NEWS.d/next/Library/2023-01-09-14-08-02.gh-issue-100884.DcmdLl.rst
+@@ -0,0 +1,2 @@
++email: fix misfolding of comma in address-lists over multiple lines in
++combination with unicode encoding.
+-- 
+2.47.0.windows.2
+
+
diff --git a/python3.spec b/python3.spec
index fdadc5b..d3f66c1 100644
--- a/python3.spec
+++ b/python3.spec
@@ -6,7 +6,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.11.13
-Release: 2
+Release: 3
 License: Python-2.0
 
 %global branchversion 3.11
@@ -96,6 +96,7 @@ Patch1:   00001-rpath.patch
 Patch251: 00251-change-user-install-location.patch
 
 Patch6000:  backport-CVE-2025-8194.patch
+Patch6001:  backport-CVE-2025-1795.patch
 
 Patch9000:  add-the-sm3-method-for-obtaining-the-salt-value.patch
 Patch9001:  0001-add-loongarch64-support-for-python.patch
@@ -855,6 +856,9 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Mon Sep 01 2025 lipengyu <lipengyu@kylinos.cn> - 3.11.13-3
+- fix CVE-2025-1795
+
 * Thu Jul 31 2025 Funda Wang <fundawang@yeah.net> - 3.11.13-2
 - fix CVE-2025-8194
 
-- 
Gitee