diff --git a/0012-graceful-restart.patch b/0012-graceful-restart.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e874cc4c0a765eac520108db851869225736f09
--- /dev/null
+++ b/0012-graceful-restart.patch
@@ -0,0 +1,79 @@
+From 12f9f8472d0f8cfc026352906b8e5342df2846cc Mon Sep 17 00:00:00 2001
+From: Donatas Abraitis <donatas@opensourcerouting.org>
+Date: Tue, 27 Sep 2022 17:30:16 +0300
+Subject: [PATCH] bgpd: Do not send Deconfig/Shutdown message when restarting
+
+We might disable sending unconfig/shutdown notifications when
+Graceful-Restart is enabled and negotiated.
+
+Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
+---
+ bgpd/bgpd.c | 35 ++++++++++++++++++++++++++---------
+ 1 file changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
+index 3d4ef7c..f8089c6 100644
+--- a/bgpd/bgpd.c
++++ b/bgpd/bgpd.c
+@@ -2564,11 +2564,34 @@ int peer_group_remote_as(struct bgp *bgp, const char *group_name, as_t *as,
+ 
+ void peer_notify_unconfig(struct peer *peer)
+ {
++	if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
++		if (bgp_debug_neighbor_events(peer))
++			zlog_debug(
++				"%pBP configured Graceful-Restart, skipping unconfig notification",
++				peer);
++		return;
++	}
++
+ 	if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
+ 		bgp_notify_send(peer, BGP_NOTIFY_CEASE,
+ 				BGP_NOTIFY_CEASE_PEER_UNCONFIG);
+ }
+ 
++static void peer_notify_shutdown(struct peer *peer)
++{
++	if (BGP_PEER_GRACEFUL_RESTART_CAPABLE(peer)) {
++		if (bgp_debug_neighbor_events(peer))
++			zlog_debug(
++				"%pBP configured Graceful-Restart, skipping shutdown notification",
++				peer);
++		return;
++	}
++
++	if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
++		bgp_notify_send(peer, BGP_NOTIFY_CEASE,
++				BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
++}
++
+ void peer_group_notify_unconfig(struct peer_group *group)
+ {
+ 	struct peer *peer, *other;
+@@ -3380,11 +3403,8 @@ int bgp_delete(struct bgp *bgp)
+ 	}
+ 
+ 	/* Inform peers we're going down. */
+-	for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer)) {
+-		if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
+-			bgp_notify_send(peer, BGP_NOTIFY_CEASE,
+-					BGP_NOTIFY_CEASE_ADMIN_SHUTDOWN);
+-	}
++	for (ALL_LIST_ELEMENTS(bgp->peer, node, next, peer))
++		peer_notify_shutdown(peer);
+ 
+ 	/* Delete static routes (networks). */
+ 	bgp_static_delete(bgp);
+@@ -7238,11 +7258,7 @@ void bgp_terminate(void)
+ 
+ 	for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
+ 		for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer))
+-			if (peer->status == Established
+-			    || peer->status == OpenSent
+-			    || peer->status == OpenConfirm)
+-				bgp_notify_send(peer, BGP_NOTIFY_CEASE,
+-						BGP_NOTIFY_CEASE_PEER_UNCONFIG);
++			peer_notify_unconfig(peer);
+ 
+ 	if (bm->process_main_queue)
+ 		work_queue_free_and_null(&bm->process_main_queue);
diff --git a/0013-CVE-2022-37032.patch b/0013-CVE-2022-37032.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4899c720d5313a698e3a28881d09b7dbc09facf1
--- /dev/null
+++ b/0013-CVE-2022-37032.patch
@@ -0,0 +1,32 @@
+From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Thu, 21 Jul 2022 08:11:58 -0400
+Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
+ expected
+
+Ensure that if the capability length specified is enough data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+---
+ bgpd/bgp_packet.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
+index dbf6c0b2e99..45752a8ab6d 100644
+--- a/bgpd/bgp_packet.c
++++ b/bgpd/bgp_packet.c
+@@ -2620,6 +2620,14 @@ static int bgp_capability_msg_parse(struct peer *peer, uint8_t *pnt,
+ 				"%s CAPABILITY has action: %d, code: %u, length %u",
+ 				peer->host, action, hdr->code, hdr->length);
+ 
++		if (hdr->length < sizeof(struct capability_mp_data)) {
++			zlog_info(
++				"%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
++				peer, sizeof(struct capability_mp_data),
++				hdr->length);
++			return BGP_Stop;
++		}
++
+ 		/* Capability length check. */
+ 		if ((pnt + hdr->length + 3) > end) {
+ 			zlog_info("%s Capability length error", peer->host);
diff --git a/frr.fc b/frr.fc
index acc5508bc573b55f2bc2352de1343f59b49368cb..8cd3b3da65f1b2facae3c0e97da8226e832a6e1b 100644
--- a/frr.fc
+++ b/frr.fc
@@ -1,4 +1,4 @@
-/usr/libexec/frr(/.*)?        	gen_context(system_u:object_r:frr_exec_t,s0)
+/usr/libexec/frr/(.*)?        	gen_context(system_u:object_r:frr_exec_t,s0)
 
 /usr/lib/systemd/system/frr.*   gen_context(system_u:object_r:frr_unit_file_t,s0)
 
diff --git a/frr.spec b/frr.spec
index f96da720fa0b37f1b5b1fa72a5ec829fa0c064dc..529bae44d49154d285e8102fe0c0c057dee33cef 100644
--- a/frr.spec
+++ b/frr.spec
@@ -8,7 +8,7 @@
 
 Name: frr
 Version: 7.5.1
-Release: 4%{?checkout}%{anolis_release}%{?dist}
+Release: 7%{?checkout}%{anolis_release}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -17,6 +17,7 @@ Source1: %{name}-tmpfiles.conf
 Source2: frr.fc
 Source3: frr.te
 Source4: frr.if
+Excludearch: loongarch64
 BuildRequires: perl-generators
 BuildRequires: gcc
 BuildRequires: net-snmp-devel
@@ -54,6 +55,8 @@ Patch0008: 0008-designated-router.patch
 Patch0009: 0009-routemap.patch
 Patch0010: 0010-moving-executables.patch
 Patch0011: 0011-reload-bfd-profile.patch
+Patch0012: 0012-graceful-restart.patch
+Patch0013: 0013-CVE-2022-37032.patch
 
 %description
 FRRouting is free software that manages TCP/IP based routing protocols. It takes
@@ -226,8 +229,10 @@ fi
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %selinux_relabel_post -s %{selinuxtype}
 #/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
-%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
-%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
+if [ $1 == 2 ]; then
+	%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
+	%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
+fi
 
 %postun selinux
 if [ $1 -eq 0 ]; then
@@ -282,11 +287,21 @@ make check PYTHON=%{__python3}
 %doc doc/mpls
 
 %changelog
-* Tue Dec 13 2022 DengXiewei <dengxiewei@linux.alibaba.com> - 7.5.1-4.0.1
+* Fri May 26 2023 DengXiewei <dengxiewei@linux.alibaba.com> - 7.5.1-7.0.1
 - Add doc sub package
+- Remove loongarch64 arch (wb-zh951434@alibaba-inc.com)
+
+* Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
+- Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
+
+* Tue Nov 29 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-6
+- Resolves: #1939516 - frr service cannot reload itself, due to executing in the wrong SELinux context
+
+* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-5
+- Resolves: #2127140 - Frr is unable to push routes to the system routing table
 
-* Thu Sep 15 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
-- Resolves: #2126040 - Frr is unable to push routes to the system routing table
+* Mon Nov 14 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
+- Resolves: #1948422 - BGP incorrectly withdraws routes on graceful restart capable routers
 
 * Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-3
 - Resolves: #2054160 - FRR reloader does not disable BFD when unsetting BFD profile
diff --git a/frr.te b/frr.te
index 1dac7e472cea497d724d7e35509e3d7784da36d3..e41b75d03396fb0f44fbee7ab1f5437d6487d194 100644
--- a/frr.te
+++ b/frr.te
@@ -93,6 +93,7 @@ corenet_tcp_bind_zebra_port(frr_t)
 domain_use_interactive_fds(frr_t)
 
 fs_read_nsfs_files(frr_t)
+fs_search_cgroup_dirs(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
 
@@ -119,4 +120,5 @@ optional_policy(`
 
 optional_policy(`
 	userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
+	userdom_inherit_append_admin_home_files(frr_t, frr_conf_t, file, ".history_frr")
 ')