diff --git a/CVE-2022-37434-1.patch b/CVE-2022-37434-1.patch
deleted file mode 100644
index ee3aff5ae6f8ed3e533e6ee22daee6948196eca7..0000000000000000000000000000000000000000
--- a/CVE-2022-37434-1.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a16f5c7b7c5353cda8c8235d9a6765c7fe3c1231 Mon Sep 17 00:00:00 2001
-From: starlet-dx <15929766099@163.com>
-Date: Tue, 16 May 2023 15:15:10 +0800
-Subject: [PATCH 1/1] Fix a bug when getting a gzip header extra field with
- inflate().
-
-If the extra field was larger than the space the user provided with
-inflateGetHeader(), and if multiple calls of inflate() delivered
-the extra header data, then there could be a buffer overflow of the
-provided space. This commit assures that provided space is not
-exceeded.
-
-Origin:
-https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
----
- extra/zlib/inflate.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/extra/zlib/inflate.c b/extra/zlib/inflate.c
-index 7be8c636..7a728974 100644
---- a/extra/zlib/inflate.c
-+++ b/extra/zlib/inflate.c
-@@ -763,9 +763,10 @@ int flush;
-                 copy = state->length;
-                 if (copy > have) copy = have;
-                 if (copy) {
-+                    len = state->head->extra_len - state->length;
-                     if (state->head != Z_NULL &&
--                        state->head->extra != Z_NULL) {
--                        len = state->head->extra_len - state->length;
-+                        state->head->extra != Z_NULL &&
-+                        len < state->head->extra_max) {
-                         zmemcpy(state->head->extra + len, next,
-                                 len + copy > state->head->extra_max ?
-                                 state->head->extra_max - len : copy);
--- 
-2.30.0
-
diff --git a/CVE-2022-37434-2.patch b/CVE-2022-37434-2.patch
deleted file mode 100644
index b9453da056903d9a8b240d32dbd3b92737f04f43..0000000000000000000000000000000000000000
--- a/CVE-2022-37434-2.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 49a8fd61c4f8db9b8e9a50e70114cedc5842178e Mon Sep 17 00:00:00 2001
-From: starlet-dx <15929766099@163.com>
-Date: Tue, 16 May 2023 15:17:40 +0800
-Subject: [PATCH 1/1] Fix extra field processing bug that dereferences NULL
- state->head.
-
-The recent commit to fix a gzip header extra field processing bug
-introduced the new bug fixed here.
-
-Origin:
-https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
----
- extra/zlib/inflate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/extra/zlib/inflate.c b/extra/zlib/inflate.c
-index 7a728974..2a3c4fe9 100644
---- a/extra/zlib/inflate.c
-+++ b/extra/zlib/inflate.c
-@@ -763,10 +763,10 @@ int flush;
-                 copy = state->length;
-                 if (copy > have) copy = have;
-                 if (copy) {
--                    len = state->head->extra_len - state->length;
-                     if (state->head != Z_NULL &&
-                         state->head->extra != Z_NULL &&
--                        len < state->head->extra_max) {
-+                        (len = state->head->extra_len - state->length) <
-+                            state->head->extra_max) {
-                         zmemcpy(state->head->extra + len, next,
-                                 len + copy > state->head->extra_max ?
-                                 state->head->extra_max - len : copy);
--- 
-2.30.0
-
diff --git a/mysql-Add-sw64-architecture.patch b/mysql-Add-sw64-architecture.patch
old mode 100755
new mode 100644
diff --git a/mysql-arm32-timer.patch b/mysql-arm32-timer.patch
index cdd51a72bc40c9c1bc75e5011ee72579fef19258..bafa0bb00b00e2de9aefb18b61c510b44eb8baa8 100644
--- a/mysql-arm32-timer.patch
+++ b/mysql-arm32-timer.patch
@@ -1,14 +1,16 @@
---- mysql-8.0.24-bak/mysql-test/include/mtr_warnings.sql	2021-03-22 16:44:50.000000000 +0800
-+++ mysql-8.0.24/mysql-test/include/mtr_warnings.sql	2021-05-07 10:58:00.852352992 +0800
-@@ -304,6 +304,11 @@
-  ("Invalid systemd notify socket, cannot send: "),
+diff --git a/mysql-test/include/mtr_warnings.sql b/mysql-test/include/mtr_warnings.sql
+index 78b09285..b7153445 100644
+--- a/mysql-test/include/mtr_warnings.sql
++++ b/mysql-test/include/mtr_warnings.sql
+@@ -376,6 +376,11 @@ INSERT INTO global_suppressions VALUES
  
-  /*
+  ("'mysql_native_password' is deprecated and will be removed in a future release."),
+ 
++ /*
 +   ARM32 don't support timers and get this warning in every test.
 + */
 + ("The CYCLE timer is not available. WAIT events in the performance_schema will not be timed."),
 +
-+ /*
-    Manifest file processing
-  */
-  ("Manifest file '.*' is not read-only. For better security, please make sure that the file is read-only."),
+  ("THE_LAST_SUPPRESSION");
+ 
+ 
diff --git a/mysql-boost-8.0.29.tar.gz.ad b/mysql-boost-8.0.29.tar.gz.ad
deleted file mode 100644
index 7fcf8142ed9209192de6caa7e12575e75601043d..0000000000000000000000000000000000000000
Binary files a/mysql-boost-8.0.29.tar.gz.ad and /dev/null differ
diff --git a/mysql-boost-8.0.29.tar.gz b/mysql-boost-8.0.35.tar.gz
similarity index 100%
rename from mysql-boost-8.0.29.tar.gz
rename to mysql-boost-8.0.35.tar.gz
diff --git a/mysql-boost-8.0.29.tar.gz.ac b/mysql-boost-8.0.35.tar.gz.aa
similarity index 77%
rename from mysql-boost-8.0.29.tar.gz.ac
rename to mysql-boost-8.0.35.tar.gz.aa
index 216dfd1c594c2b35999a9f691ee6aebe7a3cd3cc..6d0b548d8cc2d16a5a5e55227265c0c0f7fa28df 100644
Binary files a/mysql-boost-8.0.29.tar.gz.ac and b/mysql-boost-8.0.35.tar.gz.aa differ
diff --git a/mysql-boost-8.0.29.tar.gz.ab b/mysql-boost-8.0.35.tar.gz.ab
similarity index 77%
rename from mysql-boost-8.0.29.tar.gz.ab
rename to mysql-boost-8.0.35.tar.gz.ab
index 1c3322cf20022ee106a2afd5e1e3ffb2068cadb3..8fa32e7246158c3464948b5b713dbcf951ca7102 100644
Binary files a/mysql-boost-8.0.29.tar.gz.ab and b/mysql-boost-8.0.35.tar.gz.ab differ
diff --git a/mysql-boost-8.0.29.tar.gz.aa b/mysql-boost-8.0.35.tar.gz.ac
similarity index 77%
rename from mysql-boost-8.0.29.tar.gz.aa
rename to mysql-boost-8.0.35.tar.gz.ac
index 4c6072befa3d8b5aaa60108ce401628c846ab166..e9435215588281deea0193ee6ee1142bb47b0b4c 100644
Binary files a/mysql-boost-8.0.29.tar.gz.aa and b/mysql-boost-8.0.35.tar.gz.ac differ
diff --git a/mysql-boost-8.0.35.tar.gz.ad b/mysql-boost-8.0.35.tar.gz.ad
new file mode 100644
index 0000000000000000000000000000000000000000..13bb3dba074de800d0d721a4fd5fd2736d64aff5
Binary files /dev/null and b/mysql-boost-8.0.35.tar.gz.ad differ
diff --git a/mysql-chain-certs.patch b/mysql-chain-certs.patch
deleted file mode 100644
index 5f26c48b97efb00a3c5c20dd6567ec9230d49d44..0000000000000000000000000000000000000000
--- a/mysql-chain-certs.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Fix things so that chains of certificates work in the server and client
-certificate files.
-
-This only really works for OpenSSL-based builds, as yassl is unable to read
-multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
-doesn't fix that, but just arranges that the viosslfactories.c patch won't
-have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
-Fedora builds, I'm not feeling motivated to try to fix yassl for this.
-
-See RH bug #598656.  Filed upstream at http://bugs.mysql.com/bug.php?id=54158
- 
-diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
-index 5e881e3..2927e7f 100644
---- a/vio/viosslfactories.cc
-+++ b/vio/viosslfactories.cc
-@@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file,
-   if (!key_file && cert_file) key_file = cert_file;
- 
-   if (cert_file &&
--      SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
-+      SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
-     *error = SSL_INITERR_CERT;
-     DBUG_PRINT("error",
-                ("%s from file '%s'", sslGetErrString(*error), cert_file));
diff --git a/mysql-fix-includes-robin-hood.patch b/mysql-fix-includes-robin-hood.patch
deleted file mode 100644
index 0aca3ef5e8743d074abc9c3d944c70ee128e05a8..0000000000000000000000000000000000000000
--- a/mysql-fix-includes-robin-hood.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-# Prevents fails when compiling with gcc11 (Fedora 34)
-# Upstream PR: https://github.com/mysql/mysql-server/pull/323
-
---- mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h.old	2021-02-04 17:15:31.034997221 +0100
-+++ mysql-8.0.23/extra/robin-hood-hashing/robin_hood.h	2021-02-04 17:15:50.781372066 +0100
-@@ -48,6 +48,7 @@
- #include <string>
- #include <type_traits>
- #include <utility>
-+#include <limits>
- #if __cplusplus >= 201703L
- #    include <string_view>
- #endif
diff --git a/mysql.spec b/mysql.spec
index 7a42ca2cbc4a448e26f00150b99f5a92732074a5..6df10a32a90df92183f3626cf96c01c070b6f4d8 100644
--- a/mysql.spec
+++ b/mysql.spec
@@ -29,8 +29,8 @@
 %bcond_without conflicts
 %global sameevr   %{?epoch:%{epoch}:}%{version}-%{release}
 Name:                mysql
-Version:             8.0.29
-Release:             3
+Version:             8.0.35
+Release:             1
 Summary:             MySQL client programs and shared libraries
 URL:                 http://www.mysql.com
 License:             GPLv2 with exceptions and LGPLv2 and BSD
@@ -48,25 +48,21 @@ Source17:            mysql-wait-stop.sh
 Source18:            mysql@.service.in
 Source30:            %{pkgnamepatch}.rpmlintrc
 Source31:            server.cnf.in
-Source32:           %{name}-boost-%{version}.tar.gz.aa
-Source33:           %{name}-boost-%{version}.tar.gz.ab
-Source34:           %{name}-boost-%{version}.tar.gz.ac
-Source35:           %{name}-boost-%{version}.tar.gz.ad
+Source32:            %{name}-boost-%{version}.tar.gz.aa
+Source33:            %{name}-boost-%{version}.tar.gz.ab
+Source34:            %{name}-boost-%{version}.tar.gz.ac
+Source35:            %{name}-boost-%{version}.tar.gz.ad
 Patch1:              %{pkgnamepatch}-install-test.patch
 Patch3:              %{pkgnamepatch}-file-contents.patch
 Patch4:              %{pkgnamepatch}-scripts.patch
 Patch5:              %{pkgnamepatch}-paths.patch
-Patch51:             %{pkgnamepatch}-chain-certs.patch
 Patch52:             %{pkgnamepatch}-sharedir.patch
 Patch55:             %{pkgnamepatch}-rpath.patch
 Patch75:             %{pkgnamepatch}-arm32-timer.patch
-Patch80:             %{pkgnamepatch}-fix-includes-robin-hood.patch
 Patch81:             disable-moutline-atomics-for-aarch64.patch
 Patch115:            boost-1.58.0-pool.patch
 Patch125:            boost-1.57.0-mpl-print.patch
 Patch126:            mysql-Add-sw64-architecture.patch
-Patch127:            CVE-2022-37434-1.patch
-Patch128:            CVE-2022-37434-2.patch
 
 BuildRequires:       cmake gcc-c++ libaio-devel libedit-devel libevent-devel libicu-devel lz4
 BuildRequires:       lz4-devel mecab-devel bison libzstd-devel
@@ -217,21 +213,17 @@ The package provides Docs for development of MySQL applications.
 
 %prep
 cd ../SOURCES
-cat %{SOURCE32} %{SOURCE33} %{SOURCE34} %{SOURCE35} | tar xj
+cat %{SOURCE32} %{SOURCE33} %{SOURCE34} %{SOURCE35} > %{SOURCE0}
 cd ..
 %setup -q -n mysql-%{version}
 %patch1 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch51 -p1
 %patch52 -p1
 %patch55 -p1
 %patch75 -p1
-%patch80 -p1
 %patch81 -p1
-%patch127 -p1
-%patch128 -p1
 pushd boost/boost_$(echo %{boost_bundled_version}| tr . _)
 %patch115 -p0
 %patch125 -p1
@@ -551,6 +543,9 @@ fi
 %{_mandir}/man1/mysql_config.1*
 
 %changelog
+* Tue Nov 07 2023 yaoxin <yao_xin001@hoperun.com> - 8.0.35-1
+- Upgrade to 8.0.35 for fix cves
+
 * Tue May 16 2023 yaoxin <yao_xin001@hoperun.com> - 8.0.29-3
 - Fix CVE-2022-37434