diff --git a/SOURCES/0204-replica-install-drop-in-IPA-specific-config-to-tmpfi.patch b/SOURCES/0204-replica-install-drop-in-IPA-specific-config-to-tmpfi.patch
new file mode 100644
index 0000000..4e27e7f
--- /dev/null
+++ b/SOURCES/0204-replica-install-drop-in-IPA-specific-config-to-tmpfi.patch
@@ -0,0 +1,34 @@
+From 9c70e00901ed1453767d085ea4c5496b2341c212 Mon Sep 17 00:00:00 2001
+From: Martin Babinsky <mbabinsk@redhat.com>
+Date: Tue, 11 Jul 2017 12:41:38 +0200
+Subject: [PATCH] replica install: drop-in IPA specific config to tmpfiles.d
+
+While server installation and upgrade code configures the IPA specific
+tmpfiles location and creates relevant directories, the replica
+installer code path is covered incompletely and one step is missing.
+
+https://pagure.io/freeipa/issue/7053
+
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
+---
+ ipaserver/install/server/replicainstall.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
+index 4f28de25bd0adf958187c19edf90de4ba57dd98e..814925de152809808f726c60ae7f35a24bc32a4a 100644
+--- a/ipaserver/install/server/replicainstall.py
++++ b/ipaserver/install/server/replicainstall.py
+@@ -1515,6 +1515,9 @@ def install(installer):
+         # remove the extracted replica file
+         remove_replica_info_dir(installer)
+ 
++    # Make sure the files we crated in /var/run are recreated at startup
++    tasks.configure_tmpfiles()
++
+     # Everything installed properly, activate ipa service.
+     services.knownservices.ipa.enable()
+ 
+-- 
+2.9.4
+
diff --git a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
index 96e6e1f..f44dd1f 100644
--- a/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
+++ b/SOURCES/1001-Change-branding-to-IPA-and-Identity-Management.patch
@@ -1,4 +1,4 @@
-From dd5b62fb629724f7fd96939684abf5a31769118c Mon Sep 17 00:00:00 2001
+From f7b0cbd43590be6255d61b55cf6b06ffa3904e79 Mon Sep 17 00:00:00 2001
 From: Jan Cholasta <jcholast@redhat.com>
 Date: Tue, 14 Mar 2017 15:48:07 +0000
 Subject: [PATCH] Change branding to IPA and Identity Management
@@ -982,7 +982,7 @@ index dced253e7f039dc9d66466bf8bcd777e53919f54..2906cad2f4535a5f4aace1e24397314f
      print("This includes:")
      if setup_ca:
 diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
-index 4f28de25bd0adf958187c19edf90de4ba57dd98e..3e3be75f09348639ed421cc67ca74ff2a71f9084 100644
+index 814925de152809808f726c60ae7f35a24bc32a4a..05f263cd2b1c6a7cd9d21b0d9a076d32d241ab96 100644
 --- a/ipaserver/install/server/replicainstall.py
 +++ b/ipaserver/install/server/replicainstall.py
 @@ -604,7 +604,7 @@ def check_domain_level_is_supported(current):
diff --git a/SOURCES/1002-Package-copy-schema-to-ca.py.patch b/SOURCES/1002-Package-copy-schema-to-ca.py.patch
index 3763a22..b6534aa 100644
--- a/SOURCES/1002-Package-copy-schema-to-ca.py.patch
+++ b/SOURCES/1002-Package-copy-schema-to-ca.py.patch
@@ -1,4 +1,4 @@
-From 09e2d6fd7de45e19a108fd52fe443e1a87f790a5 Mon Sep 17 00:00:00 2001
+From 9800e6fcc16455635e2d774a33009d6fb02646db Mon Sep 17 00:00:00 2001
 From: Jan Cholasta <jcholast@redhat.com>
 Date: Tue, 14 Mar 2017 16:07:15 +0000
 Subject: [PATCH] Package copy-schema-to-ca.py
diff --git a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
index 0dcf1aa..2ec7313 100644
--- a/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
+++ b/SOURCES/1003-Revert-Increased-mod_wsgi-socket-timeout.patch
@@ -1,4 +1,4 @@
-From 9aa845931ac9e4571d5e301fbd262544f21b5196 Mon Sep 17 00:00:00 2001
+From 1c88c60dd72621e77fc2605e6bd4d670a3d65b1d Mon Sep 17 00:00:00 2001
 From: Jan Cholasta <jcholast@redhat.com>
 Date: Wed, 22 Jun 2016 13:53:46 +0200
 Subject: [PATCH] Revert "Increased mod_wsgi socket-timeout"
diff --git a/SOURCES/1004-Remove-csrgen.patch b/SOURCES/1004-Remove-csrgen.patch
index 0b60e8f..b917a5a 100644
--- a/SOURCES/1004-Remove-csrgen.patch
+++ b/SOURCES/1004-Remove-csrgen.patch
@@ -1,4 +1,4 @@
-From 3342ff9534bb477e49c8dbbc233f188fd74af040 Mon Sep 17 00:00:00 2001
+From c211f36d3cc765379ff0ae324dfb052d7ce13b99 Mon Sep 17 00:00:00 2001
 From: Jan Cholasta <jcholast@redhat.com>
 Date: Thu, 16 Mar 2017 09:44:21 +0000
 Subject: [PATCH] Remove csrgen
diff --git a/SOURCES/ipa-centos-branding.patch b/SOURCES/ipa-centos-branding.patch
deleted file mode 100644
index 673cd2f..0000000
--- a/SOURCES/ipa-centos-branding.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 99efecaf87dc1fc9517efaff441a6a7ce46444eb Mon Sep 17 00:00:00 2001
-From: Jim Perrin <jperrin@centos.org>
-Date: Wed, 11 Mar 2015 10:37:03 -0500
-Subject: [PATCH] update for new ntp server method
-
----
- ipaplatform/base/paths.py        | 1 +
- ipaserver/install/ntpinstance.py | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
-index af50262..5090062 100644
---- a/ipaplatform/base/paths.py
-+++ b/ipaplatform/base/paths.py
-@@ -99,6 +99,7 @@ class BasePathNamespace(object):
-     PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias/"
-     PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
-     ETC_REDHAT_RELEASE = "/etc/redhat-release"
-+    ETC_CENTOS_RELEASE = "/etc/centos-release"
-     RESOLV_CONF = "/etc/resolv.conf"
-     SAMBA_KEYTAB = "/etc/samba/samba.keytab"
-     SMB_CONF = "/etc/samba/smb.conf"
-diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py
-index c653525..4b0578b 100644
---- a/ipaserver/install/ntpinstance.py
-+++ b/ipaserver/install/ntpinstance.py
-@@ -44,6 +44,8 @@ class NTPInstance(service.Service):
-         os = ""
-         if ipautil.file_exists(paths.ETC_FEDORA_RELEASE):
-             os = "fedora"
-+        elif ipautil.file_exists(paths.ETC_CENTOS_RELEASE):
-+            os = "centos"
-         elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
-             os = "rhel"
- 
--- 
-1.8.3.1
-
diff --git a/SPECS/ipa.spec b/SPECS/ipa.spec
index 1aa643d..1b12397 100644
--- a/SPECS/ipa.spec
+++ b/SPECS/ipa.spec
@@ -68,7 +68,7 @@
 
 Name:           ipa
 Version:        %{IPA_VERSION}
-Release:        20%{?dist}
+Release:        21%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -76,10 +76,10 @@ License:        GPLv3+
 URL:            http://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
 # RHEL spec file only: START: Change branding to IPA and Identity Management
-#Source1:        header-logo.png
-#Source2:        login-screen-background.jpg
-#Source3:        login-screen-logo.png
-#Source4:        product-name.png
+Source1:        header-logo.png
+Source2:        login-screen-background.jpg
+Source3:        login-screen-logo.png
+Source4:        product-name.png
 # RHEL spec file only: END: Change branding to IPA and Identity Management
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -287,12 +287,12 @@ Patch0200:      0200-Remove-network-and-broadcast-address-warnings.patch
 Patch0201:      0201-ipa-sam-replace-encode_nt_key-with-E_md4hash.patch
 Patch0202:      0202-ipa_pwd_extop-do-not-generate-NT-hashes-in-FIPS-mode.patch
 Patch0203:      0203-Make-sure-we-check-ccaches-in-all-rpcserver-paths.patch
+Patch0204:      0204-replica-install-drop-in-IPA-specific-config-to-tmpfi.patch
 
 Patch1001:      1001-Change-branding-to-IPA-and-Identity-Management.patch
 Patch1002:      1002-Package-copy-schema-to-ca.py.patch
 Patch1003:      1003-Revert-Increased-mod_wsgi-socket-timeout.patch
 Patch1004:      1004-Remove-csrgen.patch
-Patch1005:      ipa-centos-branding.patch
 # RHEL spec file only: END
 
 BuildRequires:  openldap-devel
@@ -664,11 +664,12 @@ Summary: IPA integrated DNS server with support for automatic DNSSEC signing
 Group: System Environment/Base
 BuildArch: noarch
 Requires: %{name}-server = %{version}-%{release}
-Requires: bind-dyndb-ldap >= 11.1-1
-Requires: bind >= 9.9.4-44
-Requires: bind-utils >= 9.9.4-44
-Requires: bind-pkcs11 >= 9.9.4-44
-Requires: bind-pkcs11-utils >= 9.9.4-44
+# bumped because of https://bugzilla.redhat.com/show_bug.cgi?id=1469480
+Requires: bind-dyndb-ldap >= 11.1-4
+Requires: bind >= 9.9.4-51
+Requires: bind-utils >= 9.9.4-51
+Requires: bind-pkcs11 >= 9.9.4-51
+Requires: bind-pkcs11-utils >= 9.9.4-51
 Requires: opendnssec >= 1.4.6-4
 
 Provides: %{alt_name}-server-dns = %{version}
@@ -1086,10 +1087,10 @@ cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3
 %endif # with_python3
 
 # RHEL spec file only: START: Change branding to IPA and Identity Management
-#cp %SOURCE1 install/ui/images/header-logo.png
-#cp %SOURCE2 install/ui/images/login-screen-background.jpg
-#cp %SOURCE3 install/ui/images/login-screen-logo.png
-#cp %SOURCE4 install/ui/images/product-name.png
+cp %SOURCE1 install/ui/images/header-logo.png
+cp %SOURCE2 install/ui/images/login-screen-background.jpg
+cp %SOURCE3 install/ui/images/login-screen-logo.png
+cp %SOURCE4 install/ui/images/product-name.png
 # RHEL spec file only: END: Change branding to IPA and Identity Management
 
 
@@ -1837,8 +1838,13 @@ fi
 
 
 %changelog
-* Mon Jul 31 2017 CentOS Sources <bugs@centos.org> - 4.5.0-20.el7.centos
-- Roll in CentOS Branding
+* Wed Jul 12 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7
+- Resolves: #1470125 Replica install fails to configure IPA-specific
+  temporary files/directories
+  - replica install: drop-in IPA specific config to tmpfiles.d
+- Resolves: #1469978 bind package is not automatically updated during
+  ipa-server upgrade process
+  - Bumped Required version of bind-dyndb-ldap and bind package
 
 * Tue Jun 27 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-20.el7
 - Resolves: #1452216 Replica installation grants HTTP principal