diff --git a/0053-curl-7.61.1-CVE-2023-38546.patch b/0053-curl-7.61.1-CVE-2023-38546.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7b51ad5a303094a7447f208f7d2406c515652f1b
--- /dev/null
+++ b/0053-curl-7.61.1-CVE-2023-38546.patch
@@ -0,0 +1,119 @@
+From f9b271ba5ad1cd931d94f857831e89c3207bcca6 Mon Sep 17 00:00:00 2001
+From: wangkaiqiang <wangkaiqiang@inspur.com>
+Date: Fri, 5 Jan 2024 09:26:22 +0800
+Subject: [PATCH] cookie: remove unnecessary struct fields
+
+---
+ lib/cookie.c | 13 +------------
+ lib/cookie.h |  7 ++-----
+ lib/easy.c   |  4 +---
+ 3 files changed, 4 insertions(+), 20 deletions(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 969b7f8..6fb2e1e 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -110,7 +110,6 @@ static void freecookie(struct Cookie *co)
+   free(co->name);
+   free(co->value);
+   free(co->maxage);
+-  free(co->version);
+   free(co);
+ }
+ 
+@@ -641,11 +640,7 @@ Curl_cookie_add(struct Curl_easy *data,
+           }
+         }
+         else if(strcasecompare("version", name)) {
+-          strstore(&co->version, whatptr);
+-          if(!co->version) {
+-            badcookie = TRUE;
+-            break;
+-          }
++          /* just ignore */
+         }
+         else if(strcasecompare("max-age", name)) {
+           /* Defined in RFC2109:
+@@ -992,7 +987,6 @@ Curl_cookie_add(struct Curl_easy *data,
+         free(clist->path);
+         free(clist->spath);
+         free(clist->expirestr);
+-        free(clist->version);
+         free(clist->maxage);
+ 
+         *clist = *co;  /* then store all the new data */
+@@ -1086,9 +1080,6 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+     c = calloc(1, sizeof(struct CookieInfo));
+     if(!c)
+       return NULL; /* failed to get memory */
+-    c->filename = strdup(file?file:"none"); /* copy the name just in case */
+-    if(!c->filename)
+-      goto fail; /* failed to get memory */
+   }
+   else {
+     /* we got an already existing one, use that */
+@@ -1214,7 +1205,6 @@ static struct Cookie *dup_cookie(struct Cookie *src)
+     CLONE(name);
+     CLONE(value);
+     CLONE(maxage);
+-    CLONE(version);
+     d->expires = src->expires;
+     d->tailmatch = src->tailmatch;
+     d->secure = src->secure;
+@@ -1433,7 +1423,6 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
+ {
+   if(c) {
+     unsigned int i;
+-    free(c->filename);
+     for(i = 0; i < COOKIE_HASH_SIZE; i++)
+       Curl_cookie_freelist(c->cookies[i]);
+     free(c); /* free the base struct as well */
+diff --git a/lib/cookie.h b/lib/cookie.h
+index a9f90ca..0c55f78 100644
+--- a/lib/cookie.h
++++ b/lib/cookie.h
+@@ -36,8 +36,6 @@ struct Cookie {
+   char *expirestr;   /* the plain text version */
+   bool tailmatch;    /* whether we do tail-matching of the domain name */
+ 
+-  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
+-  char *version;     /* Version = <value> */
+   char *maxage;      /* Max-Age = <value> */
+ 
+   bool secure;       /* whether the 'secure' keyword was used */
+@@ -46,15 +44,14 @@ struct Cookie {
+   int creationtime;  /* time when the cookie was written */
+ };
+ 
+-#define COOKIE_HASH_SIZE 256
++#define COOKIE_HASH_SIZE 63
+ 
+ struct CookieInfo {
+   /* linked list of cookies we know of */
+   struct Cookie *cookies[COOKIE_HASH_SIZE];
+ 
+-  char *filename;  /* file we read from/write to */
+   bool running;    /* state info, for cookie adding information */
+-  long numcookies; /* number of cookies in the "jar" */
++  int numcookies;  /* number of cookies in the "jar" */
+   bool newsession; /* new session, discard session cookies on load */
+   int lastct;      /* last creation-time used in the jar */
+ };
+diff --git a/lib/easy.c b/lib/easy.c
+index fe61cdd..ccb6e0c 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -927,9 +927,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+   if(data->cookies) {
+     /* If cookies are enabled in the parent handle, we enable them
+        in the clone as well! */
+-    outcurl->cookies = Curl_cookie_init(data,
+-                                        data->cookies->filename,
+-                                        outcurl->cookies,
++    outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies,
+                                         data->set.cookiesession);
+     if(!outcurl->cookies)
+       goto fail;
+-- 
+2.31.1
+
diff --git a/curl.spec b/curl.spec
index 4526bf69a88b6ec7b7539a23e65951f731301bd0..aa9ea08d494d0e0fbac2c2264b08c50727b2b779 100644
--- a/curl.spec
+++ b/curl.spec
@@ -2,7 +2,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 33%{anolis_release}%{?dist}
+Release: 34%{anolis_release}%{?dist}
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -152,6 +152,10 @@ Patch51:  0051-curl-7.61.1-CVE-2023-28321.patch
 # rebuild certs with 2048-bit RSA keys
 Patch52:  0052-curl-7.61.1-certs.patch
 
+#cookie: remove unnecessary struct fields
+#https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8
+Patch53:  0053-curl-7.61.1-CVE-2023-38546.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -390,6 +394,7 @@ sed -e 's|:8992/|:%{?__isa_bits}92/|g' -i tests/data/test97{3..6}
 %patch50 -p1
 %patch51 -p1
 git apply %{PATCH52}
+%patch53 -p1
 
 %patch1000 -p1
 
@@ -560,6 +565,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %doc docs/TheArtOfHttpScripting docs/TODO
 
 %changelog
+* Fri Jan 05 2024 Kaiqiang Wang <wangkaiqiang@inspur.com> - 7.61.1-34.0.1
+* cookie: remove unnecessary struct fields(CVE-2023-38546)
+
 * Fri Dec 15 2023 Weisson <wenshu.hx@alibaba-inc.com> - 7.61.1-33.0.1
 - Add doc sub package
 - Generate pubkey pinned certs (Liwei Ge)