diff --git a/SOURCES/0035-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch b/SOURCES/0035-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch
new file mode 100644
index 0000000..93eec89
--- /dev/null
+++ b/SOURCES/0035-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch
@@ -0,0 +1,371 @@
+From c510a50bbbb05099159817f8d9da0088c5a0a5c0 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 21 Aug 2020 12:44:18 -0400
+Subject: [PATCH] Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3"
+ is higher than the supported version
+
+ Bug Description: If you try and set the sslVersionMax higher than the
+ default range, but within the supported range, you
+ would still get an error and the server would reset
+ the max to "default" max value.
+
+ Fix Description: Keep track of both the supported and default SSL ranges,
+ and correctly use each range for value validation. If
+ the value is outside the supported range, then use default
+ value, etc, but do not check the requested range against
+ the default range. We only use the default range if
+ there is no specified min or max in the config, or if
+ a invalid min or max value is set in the config.
+
+ Also, refactored the range variable names to be more
+ accurate:
+
+ enabledNSSVersions --> defaultNSSVersions
+ emin, emax --> dmin, dmax
+
+ relates: https://pagure.io/389-ds-base/issue/51129
+
+ Reviewed by: firstyear(Thanks!)
+---
+ ldap/servers/slapd/ssl.c | 167 +++++++++++++++++++++------------------
+ 1 file changed, 88 insertions(+), 79 deletions(-)
+
+diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
+index 71f91f761..1a860b71e 100644
+--- a/ldap/servers/slapd/ssl.c
++++ b/ldap/servers/slapd/ssl.c
+@@ -48,12 +48,12 @@
+ * sslVersionMax: max ssl version supported by NSS
+ ******************************************************************************/
+
+-#define DEFVERSION "TLS1.0"
+-#define CURRENT_DEFAULT_SSL_VERSION SSL_LIBRARY_VERSION_TLS_1_0
++#define DEFVERSION "TLS1.2"
+
+ extern char *slapd_SSL3ciphers;
+ extern symbol_t supported_ciphers[];
+-static SSLVersionRange enabledNSSVersions;
++static SSLVersionRange defaultNSSVersions;
++static SSLVersionRange supportedNSSVersions;
+ static SSLVersionRange slapdNSSVersions;
+
+
+@@ -151,7 +151,7 @@ PRBool enableSSL2 = PR_FALSE;
+ PRBool enableSSL3 = PR_FALSE;
+ /*
+ * nsTLS1: on -- enable TLS1 by default.
+- * Corresonding to SSL_LIBRARY_VERSION_TLS_1_0 and greater.
++ * Corresonding to SSL_LIBRARY_VERSION_TLS_1_2 and greater.
+ */
+ PRBool enableTLS1 = PR_TRUE;
+
+@@ -934,15 +934,24 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
+ int create_certdb = 0;
+ PRUint32 nssFlags = 0;
+ char *certdir;
+- char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
+- /* Get the range of the supported SSL version */
+- SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
++ char dmin[VERSION_STR_LENGTH], dmax[VERSION_STR_LENGTH];
++ char smin[VERSION_STR_LENGTH], smax[VERSION_STR_LENGTH];
+
+- (void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
+- (void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
++ /* Get the range of the supported SSL version */
++ SSL_VersionRangeGetSupported(ssl_variant_stream, &supportedNSSVersions);
++ (void)slapi_getSSLVersion_str(supportedNSSVersions.min, smin, sizeof(smin));
++ (void)slapi_getSSLVersion_str(supportedNSSVersions.max, smax, sizeof(smax));
++
++ /* Get the enabled default range */
++ SSL_VersionRangeGetDefault(ssl_variant_stream, &defaultNSSVersions);
++ (void)slapi_getSSLVersion_str(defaultNSSVersions.min, dmin, sizeof(dmin));
++ (void)slapi_getSSLVersion_str(defaultNSSVersions.max, dmax, sizeof(dmax));
+ slapi_log_err(SLAPI_LOG_CONFIG, "Security Initialization",
+ "slapd_nss_init - Supported range by NSS: min: %s, max: %s\n",
+- emin, emax);
++ smin, smax);
++ slapi_log_err(SLAPI_LOG_CONFIG, "Security Initialization",
++ "slapd_nss_init - Enabled default range by NSS: min: %s, max: %s\n",
++ dmin, dmax);
+
+ /* set in slapd_bootstrap_config,
+ thus certdir is available even if config_available is false */
+@@ -1262,21 +1271,21 @@ static int
+ set_NSS_version(char *val, PRUint16 *rval, int ismin)
+ {
+ char *vp;
+- char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
++ char dmin[VERSION_STR_LENGTH], dmax[VERSION_STR_LENGTH];
+
+ if (NULL == rval) {
+ return 1;
+ }
+- (void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
+- (void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
++ (void)slapi_getSSLVersion_str(defaultNSSVersions.min, dmin, sizeof(dmin));
++ (void)slapi_getSSLVersion_str(defaultNSSVersions.max, dmax, sizeof(dmax));
+
+ if (!strncasecmp(val, SSLSTR, SSLLEN)) { /* ssl# NOT SUPPORTED */
+ if (ismin) {
+- slapd_SSL_warn("SSL3 is no longer supported. Using NSS default min value: %s\n", emin);
+- (*rval) = enabledNSSVersions.min;
++ slapd_SSL_warn("SSL3 is no longer supported. Using NSS default min value: %s", dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+- slapd_SSL_warn("SSL3 is no longer supported. Using NSS default max value: %s\n", emax);
+- (*rval) = enabledNSSVersions.max;
++ slapd_SSL_warn("SSL3 is no longer supported. Using NSS default max value: %s", dmax);
++ (*rval) = defaultNSSVersions.max;
+ }
+ } else if (!strncasecmp(val, TLSSTR, TLSLEN)) { /* tls# */
+ float tlsv;
+@@ -1284,122 +1293,122 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
+ sscanf(vp, "%4f", &tlsv);
+ if (tlsv < 1.1f) { /* TLS1.0 */
+ if (ismin) {
+- if (enabledNSSVersions.min > CURRENT_DEFAULT_SSL_VERSION) {
++ if (supportedNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
+ slapd_SSL_warn("The value of sslVersionMin "
+ "\"%s\" is lower than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+- (*rval) = CURRENT_DEFAULT_SSL_VERSION;
++ (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
+ }
+ } else {
+- if (enabledNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
++ if (supportedNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_0) {
+ /* never happens */
+ slapd_SSL_warn("The value of sslVersionMax "
+ "\"%s\" is higher than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
+ } else {
+- (*rval) = CURRENT_DEFAULT_SSL_VERSION;
++ (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
+ }
+ }
+ } else if (tlsv < 1.2f) { /* TLS1.1 */
+ if (ismin) {
+- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_1) {
++ if (supportedNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_1) {
+ slapd_SSL_warn("The value of sslVersionMin "
+ "\"%s\" is lower than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+ (*rval) = SSL_LIBRARY_VERSION_TLS_1_1;
+ }
+ } else {
+- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
++ if (supportedNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
+ /* never happens */
+ slapd_SSL_warn("The value of sslVersionMax "
+ "\"%s\" is higher than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
+ } else {
+ (*rval) = SSL_LIBRARY_VERSION_TLS_1_1;
+ }
+ }
+ } else if (tlsv < 1.3f) { /* TLS1.2 */
+ if (ismin) {
+- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_2) {
++ if (supportedNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_2) {
+ slapd_SSL_warn("The value of sslVersionMin "
+ "\"%s\" is lower than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+ (*rval) = SSL_LIBRARY_VERSION_TLS_1_2;
+ }
+ } else {
+- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_2) {
++ if (supportedNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+ /* never happens */
+ slapd_SSL_warn("The value of sslVersionMax "
+ "\"%s\" is higher than the supported version; "
+ "the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
+ } else {
+ (*rval) = SSL_LIBRARY_VERSION_TLS_1_2;
+ }
+ }
+ } else if (tlsv < 1.4f) { /* TLS1.3 */
+- if (ismin) {
+- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_3) {
+- slapd_SSL_warn("The value of sslVersionMin "
+- "\"%s\" is lower than the supported version; "
+- "the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
+- } else {
+- (*rval) = SSL_LIBRARY_VERSION_TLS_1_3;
+- }
+- } else {
+- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+- /* never happens */
+- slapd_SSL_warn("The value of sslVersionMax "
+- "\"%s\" is higher than the supported version; "
+- "the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
+- } else {
+- (*rval) = SSL_LIBRARY_VERSION_TLS_1_3;
+- }
+- }
++ if (ismin) {
++ if (supportedNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_3) {
++ slapd_SSL_warn("The value of sslVersionMin "
++ "\"%s\" is lower than the supported version; "
++ "the default value \"%s\" is used.",
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
++ } else {
++ (*rval) = SSL_LIBRARY_VERSION_TLS_1_3;
++ }
++ } else {
++ if (supportedNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) {
++ /* never happens */
++ slapd_SSL_warn("The value of sslVersionMax "
++ "\"%s\" is higher than the supported version; "
++ "the default value \"%s\" is used.",
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
++ } else {
++ (*rval) = SSL_LIBRARY_VERSION_TLS_1_3;
++ }
++ }
+ } else { /* Specified TLS is newer than supported */
+ if (ismin) {
+ slapd_SSL_warn("The value of sslVersionMin "
+ "\"%s\" is out of the range of the supported version; "
+ "the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+ slapd_SSL_warn("The value of sslVersionMax "
+ "\"%s\" is out of the range of the supported version; "
+ "the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
+ }
+ }
+ } else {
+ if (ismin) {
+ slapd_SSL_warn("The value of sslVersionMin "
+ "\"%s\" is invalid; the default value \"%s\" is used.",
+- val, emin);
+- (*rval) = enabledNSSVersions.min;
++ val, dmin);
++ (*rval) = defaultNSSVersions.min;
+ } else {
+ slapd_SSL_warn("The value of sslVersionMax "
+ "\"%s\" is invalid; the default value \"%s\" is used.",
+- val, emax);
+- (*rval) = enabledNSSVersions.max;
++ val, dmax);
++ (*rval) = defaultNSSVersions.max;
+ }
+ }
+ return 0;
+@@ -1429,10 +1438,9 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
+ char *tmpDir;
+ Slapi_Entry *e = NULL;
+ PRBool fipsMode = PR_FALSE;
+- PRUint16 NSSVersionMin = enabledNSSVersions.min;
+- PRUint16 NSSVersionMax = enabledNSSVersions.max;
++ PRUint16 NSSVersionMin = defaultNSSVersions.min;
++ PRUint16 NSSVersionMax = defaultNSSVersions.max;
+ char mymin[VERSION_STR_LENGTH], mymax[VERSION_STR_LENGTH];
+- char newmax[VERSION_STR_LENGTH];
+ int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
+ int_fast16_t renegotiation = (int_fast16_t)SSL_RENEGOTIATE_REQUIRES_XTN;
+
+@@ -1780,7 +1788,11 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
+ }
+ val = slapi_entry_attr_get_ref(e, "sslVersionMin");
+ if (val) {
++ /* Use the user defined minimum */
+ (void)set_NSS_version((char *)val, &NSSVersionMin, 1);
++ } else {
++ /* Force our default minimum */
++ (void)set_NSS_version(DEFVERSION, &NSSVersionMin, 1);
+ }
+ val = slapi_entry_attr_get_ref(e, "sslVersionMax");
+ if (val) {
+@@ -1789,12 +1801,9 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
+ if (NSSVersionMin > NSSVersionMax) {
+ (void)slapi_getSSLVersion_str(NSSVersionMin, mymin, sizeof(mymin));
+ (void)slapi_getSSLVersion_str(NSSVersionMax, mymax, sizeof(mymax));
+- slapd_SSL_warn("The min value of NSS version range \"%s\" is greater than the max value \"%s\".",
++ slapd_SSL_warn("The min value of NSS version range \"%s\" is greater than the max value \"%s\". Adjusting the max to match the miniumum.",
+ mymin, mymax);
+- (void)slapi_getSSLVersion_str(enabledNSSVersions.max, newmax, sizeof(newmax));
+- slapd_SSL_warn("Reset the max \"%s\" to supported max \"%s\".",
+- mymax, newmax);
+- NSSVersionMax = enabledNSSVersions.max;
++ NSSVersionMax = NSSVersionMin;
+ }
+ }
+
+@@ -1810,7 +1819,7 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
+ if (sslStatus != SECSuccess) {
+ errorCode = PR_GetError();
+ slapd_SSL_error("Security Initialization - "
+- "slapd_ssl_init2 - Failed to set SSL range: min: %s, max: %s - error %d (%s)\n",
++ "slapd_ssl_init2 - Failed to set SSL range: min: %s, max: %s - error %d (%s)",
+ mymin, mymax, errorCode, slapd_pr_strerror(errorCode));
+ }
+ /*
+@@ -1840,13 +1849,13 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
+ (void)slapi_getSSLVersion_str(slapdNSSVersions.min, mymin, sizeof(mymin));
+ (void)slapi_getSSLVersion_str(slapdNSSVersions.max, mymax, sizeof(mymax));
+ slapd_SSL_error("Security Initialization - "
+- "slapd_ssl_init2 - Failed to set SSL range: min: %s, max: %s - error %d (%s)\n",
++ "slapd_ssl_init2 - Failed to set SSL range: min: %s, max: %s - error %d (%s)",
+ mymin, mymax, errorCode, slapd_pr_strerror(errorCode));
+ }
+ } else {
+ errorCode = PR_GetError();
+ slapd_SSL_error("Security Initialization - ",
+- "slapd_ssl_init2 - Failed to get SSL range from socket - error %d (%s)\n",
++ "slapd_ssl_init2 - Failed to get SSL range from socket - error %d (%s)",
+ errorCode, slapd_pr_strerror(errorCode));
+ }
+
+@@ -2173,7 +2182,7 @@ slapd_SSL_client_auth(LDAP *ld)
+ }
+ } else {
+ if (token == NULL) {
+- slapd_SSL_warn("slapd_SSL_client_auth - certificate token was not found\n");
++ slapd_SSL_warn("slapd_SSL_client_auth - certificate token was not found");
+ }
+ rc = -1;
+ }
+--
+2.26.2
+
diff --git a/SOURCES/0036-Issue-49731-undo-db_home_dir-under-dev-shm-dirsrv-fo.patch b/SOURCES/0036-Issue-49731-undo-db_home_dir-under-dev-shm-dirsrv-fo.patch
new file mode 100644
index 0000000..6395c28
--- /dev/null
+++ b/SOURCES/0036-Issue-49731-undo-db_home_dir-under-dev-shm-dirsrv-fo.patch
@@ -0,0 +1,76 @@
+From 9ab266c88350c3387a8521897cd599f80b0ec6be Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 21 Apr 2020 14:48:11 -0400
+Subject: [PATCH] Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
+
+Bug Description: There are several issues with using /dec/shm/disrv/
+ for the db home directory. Cantainers have issues,
+ and system reboots can cause issues too.
+
+Fix Description: Using just /dev/shm/slapd-INST solves all the permission
+ issues, but that requires a new selinux label, so
+ for now we will just set the db home directory to the
+ database directory (effectively disabling the change).
+
+relates: https://pagure.io/389-ds-base/issue/49731
+
+Reviewed by: firstyear & tbordaz(Thanks!)
+---
+ ldap/admin/src/defaults.inf.in | 1 +
+ ldap/servers/slapd/util.c | 11 +++++++++++
+ src/lib389/lib389/instance/setup.py | 5 +++--
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
+index f74929581..d60f24cda 100644
+--- a/ldap/admin/src/defaults.inf.in
++++ b/ldap/admin/src/defaults.inf.in
+@@ -57,6 +57,7 @@ access_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/access
+ audit_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/audit
+ error_log = @localstatedir@/log/dirsrv/slapd-{instance_name}/errors
+ db_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/db
++db_home_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/db
+ backup_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/bak
+ ldif_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/ldif
+
+diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
+index e1219c555..78ee68da9 100644
+--- a/ldap/servers/slapd/util.c
++++ b/ldap/servers/slapd/util.c
+@@ -467,6 +467,17 @@ slapi_escape_filter_value(char *filter_str, int len)
+ }
+ }
+
++/* replace c with c2 in str */
++void
++replace_char(char *str, char c, char c2)
++{
++ for (size_t i = 0; (str != NULL) && (str[i] != '\0'); i++) {
++ if (c == str[i]) {
++ str[i] = c2;
++ }
++ }
++}
++
+ /*
+ ** This function takes a quoted attribute value of the form "abc",
+ ** and strips off the enclosing quotes. It also deals with quoted
+diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py
+index bb0ff32f5..887eae57c 100644
+--- a/src/lib389/lib389/instance/setup.py
++++ b/src/lib389/lib389/instance/setup.py
+@@ -853,8 +853,9 @@ class SetupDs(object):
+
+ # Do selinux fixups
+ if general['selinux']:
+- selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir',
+- 'lock_dir', 'log_dir', 'run_dir', 'schema_dir', 'tmp_dir')
++ selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir',
++ 'ldif_dir', 'lock_dir', 'log_dir',
++ 'run_dir', 'schema_dir', 'tmp_dir')
+ for path in selinux_paths:
+ selinux_restorecon(slapd[path])
+
+--
+2.26.2
+
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index d5ee368..39a2325 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -45,7 +45,7 @@ ExcludeArch: i686
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 1.4.2.4
-Release: %{?relprefix}8%{?prerel}%{?dist}
+Release: %{?relprefix}10%{?prerel}%{?dist}
License: GPLv3+
URL: https://www.port389.org
Group: System Environment/Daemons
@@ -118,8 +118,6 @@ BuildRequires: python%{python3_pkgversion}-libselinux
# For cockpit
BuildRequires: rsync
-BuildRequires: npm
-BuildRequires: nodejs
Requires: %{name}-libs = %{version}-%{release}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
@@ -211,6 +209,8 @@ Patch31: 0031-Issue-50886-Typo-in-the-replication-debug-message.patch
Patch32: 0032-Issue-50882-Fix-healthcheck-errors-for-instances-tha.patch
Patch33: 0033-Ticket-50490-objects-and-memory-leaks.patch
Patch34: 0034-Issue-50780-Fix-UI-issues.patch
+Patch35: 0035-Issue-51129-SSL-alert-The-value-of-sslVersionMax-TLS.patch
+Patch36: 0036-Issue-49731-undo-db_home_dir-under-dev-shm-dirsrv-fo.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@@ -309,7 +309,7 @@ Group: Development/Libraries
Requires: openssl
Requires: iproute
Requires: platform-python
-Requires: bash-completion
+Recommends: bash-completion
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-pyasn1
@@ -808,6 +808,16 @@ exit 0
%doc README.md
%changelog
+* Mon Aug 24 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-10
+- Bump version to 1.4.2.4-10
+- Resolves: Bug 1862170 - fix default.ini file
+
+* Fri Aug 21 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-9
+- Bump version to 1.4.2.4-9
+- Resolves: Bug 1867097 - Memory leak in ACI using IP subject
+- Resolves: Bug 1862170 - python3-lib389 pulls unnecessary bash-completion package
+- Resolves: Bug 1867988 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
+
* Fri Mar 6 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.2.4-8
- Bump version to 1.4.2.4-8
- Resolves: Bug 1807971 - dsctl healthcheck fails at checking replica when conflict entries are present