diff --git a/SOURCES/bz2174172-refuse-response-end-stream-flag.patch b/SOURCES/bz2161140-refuse-response-end-stream-flag.patch
similarity index 100%
rename from SOURCES/bz2174172-refuse-response-end-stream-flag.patch
rename to SOURCES/bz2161140-refuse-response-end-stream-flag.patch
diff --git a/SOURCES/bz2174174-reject-empty-http-header-fields.patch b/SOURCES/bz2169510-reject-empty-http-header-fields.patch
similarity index 100%
rename from SOURCES/bz2174174-reject-empty-http-header-fields.patch
rename to SOURCES/bz2169510-reject-empty-http-header-fields.patch
diff --git a/SOURCES/haproxy.sysusers b/SOURCES/haproxy.sysusers
new file mode 100644
index 0000000..f17003a
--- /dev/null
+++ b/SOURCES/haproxy.sysusers
@@ -0,0 +1 @@
+u haproxy - "haproxy" /var/lib/haproxy
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
index 85a28e7..a9671a1 100644
--- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec
@@ -8,7 +8,7 @@
 
 Name:           haproxy
 Version:        2.4.17
-Release:        3%{?dist}.2
+Release:        6%{?dist}
 Summary:        HAProxy reverse proxy for high availability environments
 
 License:        GPLv2+
@@ -19,10 +19,11 @@ Source1:        %{name}.service
 Source2:        %{name}.cfg
 Source3:        %{name}.logrotate
 Source4:        %{name}.sysconfig
-Source5:        halog.1
+Source5:        %{name}.sysusers
+Source6:        halog.1
 
-Patch0: bz2174172-refuse-response-end-stream-flag.patch
-Patch1: bz2174174-reject-empty-http-header-fields.patch
+Patch0: bz2161140-refuse-response-end-stream-flag.patch
+Patch1: bz2169510-reject-empty-http-header-fields.patch
 
 BuildRequires:  gcc
 BuildRequires:  lua-devel
@@ -30,6 +31,7 @@ BuildRequires:  pcre2-devel
 BuildRequires:  openssl-devel
 BuildRequires:  systemd-devel
 BuildRequires:  systemd
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  make
 
 Requires(pre):  shadow-utils
@@ -76,7 +78,8 @@ popd
 %{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
 %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
-%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
+%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_sysusersdir}/%{name}.conf
+%{__install} -p -D -m 0644 %{SOURCE6} %{buildroot}%{_mandir}/man1/halog.1
 %{__install} -d -m 0755 %{buildroot}%{haproxy_homedir}
 %{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
 %{__install} -d -m 0755 %{buildroot}%{haproxy_confdir}/conf.d
@@ -102,12 +105,7 @@ do
 done
 
 %pre
-getent group %{haproxy_group} >/dev/null || \
-    groupadd -r %{haproxy_group}
-getent passwd %{haproxy_user} >/dev/null || \
-    useradd -r -g %{haproxy_user} -d %{haproxy_homedir} \
-    -s /sbin/nologin -c "haproxy" %{haproxy_user}
-exit 0
+%sysusers_create_compat %{SOURCE5}
 
 %post
 %systemd_post %{name}.service
@@ -136,13 +134,17 @@ exit 0
 %{_bindir}/iprange
 %{_bindir}/ip6range
 %{_mandir}/man1/*
+%{_sysusersdir}/%{name}.conf
 
 %changelog
-* Thu Mar 02 2023 Ryan O'Hara <rohara@redhat.com> - 2.4.17-3.2
-- Reject empty http header field names (CVE-2023-25725, #2174174)
+* Mon Feb 27 2023 Ryan O'Hara <rohara@redhat.com> - 2.4.17-6
+- Reject empty http header field names (CVE-2023-25725, #2169510)
 
-* Thu Mar 02 2023 Ryan O'Hara <rohara@redhat.com> - 2.4.17-3.1
-- Refuse interim responses with end-stream flag set (CVE-2023-0056, #2174172)
+* Mon Feb 27 2023 Ryan O'Hara <rohara@redhat.com> - 2.4.17-5
+- Refuse interim responses with end-stream flag set (CVE-2023-0056, #2161140)
+
+* Wed Nov 30 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-4
+- Use systemd-sysusers for user/group creation (#2095422)
 
 * Mon Jul 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-3
 - Fix changelog and rebuild