diff --git a/backport-BUG-MINOR-haproxy-only-tid-0-must-not-sleep-if-got-s.patch b/backport-BUG-MINOR-haproxy-only-tid-0-must-not-sleep-if-got-s.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a0e83bdbab0e8e2901219f4bd6c417b0e862439d
--- /dev/null
+++ b/backport-BUG-MINOR-haproxy-only-tid-0-must-not-sleep-if-got-s.patch
@@ -0,0 +1,52 @@
+From 722b22cf7445748a6e78a7a6594237f60f9594c0 Mon Sep 17 00:00:00 2001
+From: Valentine Krasnobaeva <vkrasnobaeva@haproxy.com>
+Date: Mon, 6 May 2024 14:24:41 +0200
+Subject: [PATCH] BUG/MINOR: haproxy: only tid 0 must not sleep if got signal
+
+This patch fixes the commit eea152ee68
+("BUG/MINOR: signals/poller: ensure wakeup from signals").
+
+There is some probability that run_poll_loop() becomes inifinite, if
+TH_FL_SLEEPING is withdrawn from all threads in the second signal_queue_len
+check, when a signal has received just after the first one.
+
+In such particular case, the 'wake' variable, which is used to terminate
+thread's poll loop is never reset to 0. So, we never enter to the "stopping"
+part of the run_poll_loop() and threads, except the one with id 0 (tid 0
+handles signals), will continue to call _do_poll() eternally and will never
+sleep, as its TH_FL_SLEEPING flag was unset.
+
+This flag needs to be removed only for the tid 0, as it was done in the first
+signal_queue_len check.
+
+This fixes an issue #2537 "infinite loop when shutting down".
+
+This fix must be backported in every stable version.
+
+(cherry picked from commit 4a9e3e102e192b9efd17e3241a6cc659afb7e7dc)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit 02819d2e36611d2e19c3ca084f75199c8c215067)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit c58e4a48be4dd3c3efa2bee45d00dd0174274784)
+ [ad: context adjustment]
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+
+Conflict: NA
+Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=722b22cf7445748a6e78a7a6594237f60f9594c0
+---
+ src/haproxy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/haproxy.c b/src/haproxy.c
+index 1259bfec4496..d83fb2757d92 100644
+--- a/src/haproxy.c
++++ b/src/haproxy.c
+@@ -2892,7 +2892,7 @@ void run_poll_loop()
+ 			if (thread_has_tasks()) {
+ 				activity[tid].wake_tasks++;
+ 				_HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
+-			} else if (signal_queue_len) {
++			} else if (signal_queue_len && tid == 0) {
+ 				/* this check is required to avoid
+ 				 * a race with wakeup on signals using wake_threads() */
+ 				_HA_ATOMIC_AND(&sleeping_thread_mask, ~tid_bit);
diff --git a/fix-timehopping-in-freq_ctr_total.patch b/fix-timehopping-in-freq_ctr_total.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae693d5f56e1483ad82217838ded1250e8d29a6b
--- /dev/null
+++ b/fix-timehopping-in-freq_ctr_total.patch
@@ -0,0 +1,44 @@
+From 638b8b2fe4163a85815424549a629a6c9b113d1d Mon Sep 17 00:00:00 2001
+From: zhongxuan <zhongxuan2@huawei.com>
+Date: Fri, 6 Sep 2024 18:42:49 +0800
+Subject: [PATCH] fix timehopping in freq_ctr_total
+ 
+---
+ src/freq_ctr.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+ 
+diff --git a/src/freq_ctr.c b/src/freq_ctr.c
+index 54aa78f..66397a0 100644
+--- a/src/freq_ctr.c
++++ b/src/freq_ctr.c
+@@ -28,6 +28,7 @@ ullong freq_ctr_total(const struct freq_ctr *ctr, uint period, int pend)
+ {
+ 	ullong curr, past, old_curr, old_past;
+ 	uint tick, old_tick;
++	uint toofar = 0;
+ 	int remain;
+ 
+ 	tick = HA_ATOMIC_LOAD(&ctr->curr_tick);
+@@ -75,13 +76,18 @@ ullong freq_ctr_total(const struct freq_ctr *ctr, uint period, int pend)
+ 		__ha_cpu_relax();
+ 	};
+ 
++	if (((tick + 2 * period) < HA_ATOMIC_LOAD(&global_now_ms)) || ((HA_ATOMIC_LOAD(&global_now_ms) + 2 * period) < tick))
++		toofar = 2;
++	else if (((tick + period) < HA_ATOMIC_LOAD(&global_now_ms)) || ((HA_ATOMIC_LOAD(&global_now_ms) + period) < tick))
++		toofar = 1;
++
+ 	remain = tick + period - HA_ATOMIC_LOAD(&global_now_ms);
+-	if (unlikely(remain < 0)) {
++	if (unlikely(remain < 0 || toofar)) {
+ 		/* We're past the first period, check if we can still report a
+ 		 * part of last period or if we're too far away.
+ 		 */
+ 		remain += period;
+-		past = (remain >= 0) ? curr : 0;
++		past = (toofar != 2) ? curr : 0;
+ 		curr = 0;
+ 	}
+ 
+-- 
+2.33.0
\ No newline at end of file
diff --git a/haproxy.spec b/haproxy.spec
index c9db87fdfb18e9dc40a6ff85c7eff984d36d9c3f..e70449d14a03987dee738efc9e29ebf44e604652 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -5,7 +5,7 @@
 
 Name:             haproxy
 Version:          2.6.6
-Release:          11
+Release:          12
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer
 
 License:          GPLv2+
@@ -37,6 +37,8 @@ Patch16:          backport-thread-add-a-check-for-pthread_create.patch
 Patch17:          backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch
 Patch18:          backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch
 Patch19:          backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch
+Patch20:          backport-BUG-MINOR-haproxy-only-tid-0-must-not-sleep-if-got-s.patch
+Patch21:          fix-timehopping-in-freq_ctr_total.patch
 
 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
 %ifarch sw_64
@@ -141,6 +143,13 @@ exit 0
 %{_mandir}/man1/*
 
 %changelog
+* Mon Sep 23 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-12
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:haproxy: only tid 0 must not sleep if got signal
+       fix timehopping in freq_ctr_total
+
 * Mon Jun 24 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-11
 - Type:bugfix
 - CVE:NA