--- PKGBUILD	2020-09-05 13:55:45.000000000 +0200
+++ PKGBUILD	2020-10-01 03:12:35.306008617 +0200
@@ -19,10 +19,16 @@
             'python2-pip')
 conflicts=('python<3')
 source=("https://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.xz"{,.asc}
-        mtime-workaround.patch)
+        mtime-workaround.patch
+	0017-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-.patch
+	0018-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch
+	0019-bpo-39603-Prevent-header-injection-in-http-methods-G.patch)
 sha512sums=('a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c'
             'SKIP'
-            '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076')
+            '4e761cfd57791e8b72ecdf84c2e03875bf074311130eea5b8e97409fa304fa3468dbd359a511c4e9978e686e662c58054b4174d3e73f845fa9ded2e83a3a8076'
+            '739c4d7a8dbf3ad26447868b83e9f60a0c29597ab9303d8fdbd3cd594aaadad6e527184f3bf8ee3bda9984dfcd301d770594c446dd3e74e00868c9eac59b813f'
+            'f820b0a94a28e76ebd9a9e1290ba70e707b01f48eeef3e70440f265af257dca69960783eaf70674d4b3cc040e559a0a487f170004c921ed5e2bb4c11b299e28a'
+            '052b5b4c44d918b2a9932777b4080c3d7658a7097090113fddf30889dd239614e5a43a75e510ff67f042a149c7bb16990a495a84233dc97bf2f2c04d2eb324e8')
 validpgpkeys=('C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF')  # Benjamin Peterson
 
 prepare() {
@@ -57,6 +63,12 @@
 
   # Workaround asdl_c.py/makeopcodetargets.py errors after we touched the shebangs
   touch Include/Python-ast.h Python/Python-ast.c Python/opcode_targets.h
+
+  # Apply security fixes backported from Python3
+  patch -Np1 -i "$srcdir/0017-bpo-39017-Avoid-infinite-loop-in-the-tarfile-module-.patch"
+  patch -Np1 -i "$srcdir/0018-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch"
+  patch -Np1 -i "$srcdir/0019-bpo-39603-Prevent-header-injection-in-http-methods-G.patch"
+
 }
 
 build() {