diff --git a/SOURCES/pki-core-Fixed-Number-Range-Depletion-Issue.patch b/SOURCES/pki-core-Fixed-Number-Range-Depletion-Issue.patch
new file mode 100644
index 0000000..3581f6e
--- /dev/null
+++ b/SOURCES/pki-core-Fixed-Number-Range-Depletion-Issue.patch
@@ -0,0 +1,515 @@
+From 93b1ecae5aff7a18e16556f749c8aba5806dc512 Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Wed, 29 Aug 2018 16:55:31 +1000
+Subject: [PATCH 1/5] getTheSerialNumber: only return null if next range not
+ available
+
+When cloning, if the master's current number range has been depleted
+due to a previous UpdateNumberRange request,
+Repository.getTheSerialNumber() returns null because the next serial
+number is out of the current range, but the next range has not been
+activated yet. NullPointerException ensues.
+
+Update getTheSerialNumber() to return the next serial number even
+when it exceeds the current number range, as long as there is a next
+range. If there is no next range, return null (as before). It is
+assumed that the next range is non-empty
+
+Also do a couple of drive-by method extractions to improve
+readability.
+
+Part of: https://pagure.io/dogtagpki/issue/3055
+
+(cherry picked from commit f1615df509053a8f474b82ea6a2fa0883ab06d09)
+---
+ .../src/com/netscape/cmscore/dbs/Repository.java | 61 ++++++++++++++++------
+ 1 file changed, 44 insertions(+), 17 deletions(-)
+
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+index afe9013..c5120c4 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+@@ -317,7 +317,15 @@ public abstract class Repository implements IRepository {
+ }
+
+ /**
+- * get the next serial number in cache
++ * Peek at the next serial number in cache (does not consume the
++ * number).
++ *
++ * The returned number is not necessarily the previously emitted
++ * serial number plus one, i.e. if we are going to roll into the
++ * next range. This method does not actually switch the range.
++ *
++ * Returns null if the next number exceeds the current range and
++ * there is not a next range.
+ */
+ public BigInteger getTheSerialNumber() throws EBaseException {
+
+@@ -327,7 +335,7 @@ public abstract class Repository implements IRepository {
+ BigInteger serial = mLastSerialNo.add(BigInteger.ONE);
+
+ if (mMaxSerialNo != null && serial.compareTo(mMaxSerialNo) > 0)
+- return null;
++ return hasNextRange() ? mNextMinSerialNo : null;
+ else
+ return serial;
+ }
+@@ -390,9 +398,13 @@ public abstract class Repository implements IRepository {
+ }
+
+ /**
+- * Checks to see if range needs to be switched.
++ * Checks if the given number is in the current range.
++ * If it does not exceed the current range, return cleanly.
++ * If it exceeds the given range, and there is a next range, switch the range.
++ * If it exceeds the given range, and there is not a next range, throw EDBException.
+ *
+- * @exception EBaseException thrown when next range is not allocated
++ * @exception EDBException thrown when range switch is needed
++ * but next range is not allocated
+ */
+ protected void checkRange() throws EBaseException
+ {
+@@ -413,7 +425,7 @@ public abstract class Repository implements IRepository {
+
+ if (mDB.getEnableSerialMgmt()) {
+ CMS.debug("Reached the end of the range. Attempting to move to next range");
+- if ((mNextMinSerialNo == null) || (mNextMaxSerialNo == null)) {
++ if (!hasNextRange()) {
+ if (rangeLength != null && mCounter.compareTo(rangeLength) < 0) {
+ return;
+ } else {
+@@ -421,18 +433,7 @@ public abstract class Repository implements IRepository {
+ mLastSerialNo.toString()));
+ }
+ }
+- mMinSerialNo = mNextMinSerialNo;
+- mMaxSerialNo = mNextMaxSerialNo;
+- mLastSerialNo = mMinSerialNo;
+- mNextMinSerialNo = null;
+- mNextMaxSerialNo = null;
+- mCounter = BigInteger.ZERO;
+-
+- // persist the changes
+- mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix));
+- mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString(mRadix));
+- mDB.setNextMinSerialConfig(mRepo, null);
+- mDB.setNextMaxSerialConfig(mRepo, null);
++ switchToNextRange();
+ } else {
+ throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED",
+ mLastSerialNo.toString()));
+@@ -441,6 +442,32 @@ public abstract class Repository implements IRepository {
+ }
+
+ /**
++ * Return true iff there is a next range ready to go.
++ */
++ private boolean hasNextRange() {
++ return (mNextMinSerialNo != null) && (mNextMaxSerialNo != null);
++ }
++
++ /**
++ * Switch to the next range and persist the changes.
++ */
++ private void switchToNextRange()
++ throws EBaseException {
++ mMinSerialNo = mNextMinSerialNo;
++ mMaxSerialNo = mNextMaxSerialNo;
++ mLastSerialNo = mMinSerialNo;
++ mNextMinSerialNo = null;
++ mNextMaxSerialNo = null;
++ mCounter = BigInteger.ZERO;
++
++ // persist the changes
++ mDB.setMinSerialConfig(mRepo, mMinSerialNo.toString(mRadix));
++ mDB.setMaxSerialConfig(mRepo, mMaxSerialNo.toString(mRadix));
++ mDB.setNextMinSerialConfig(mRepo, null);
++ mDB.setNextMaxSerialConfig(mRepo, null);
++ }
++
++ /**
+ * Checks to see if a new range is needed, or if we have reached the end of the
+ * current range, or if a range conflict has occurred.
+ *
+--
+1.8.3.1
+
+
+From 35714763d32425f18a0ac8817aad96c8cfab589b Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Mon, 3 Sep 2018 15:55:35 +1000
+Subject: [PATCH 2/5] Repository: handle depleted range in initCache()
+
+Repository.initCache() does not handle the case where the current
+range has been fully depleted, but the switch to the next range has
+not occurred yet. This situation arises when the range has been
+fully depleted by servicing UpdateNumberRange requests for clones.
+
+Detect this situation and handle it by switching to the next range
+(when available).
+
+Part of: https://pagure.io/dogtagpki/issue/3055
+
+(cherry picked from commit 2fb3611db5145dbdd5e7e14daaad1470691494f0)
+---
+ .../src/com/netscape/cmscore/dbs/Repository.java | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+index c5120c4..828217c 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+@@ -298,6 +298,25 @@ public abstract class Repository implements IRepository {
+ BigInteger theSerialNo = null;
+ theSerialNo = getLastSerialNumberInRange(mMinSerialNo, mMaxSerialNo);
+
++ if (theSerialNo == null) {
++ // This arises when range has been depleted by servicing
++ // UpdateNumberRange requests for clones. Attempt to
++ // move to next range.
++ CMS.debug(
++ "Repository: failed to get last serial number in range "
++ + mMinSerialNo + ".." + mMaxSerialNo);
++
++ if (hasNextRange()) {
++ CMS.debug("Repository: switching to next range.");
++ switchToNextRange();
++ CMS.debug("Repository: new range: " + mMinSerialNo + ".." + mMaxSerialNo);
++ // try again with updated range
++ theSerialNo = getLastSerialNumberInRange(mMinSerialNo, mMaxSerialNo);
++ } else {
++ CMS.debug("Repository: next range not available.");
++ }
++ }
++
+ if (theSerialNo != null) {
+
+ mLastSerialNo = new BigInteger(theSerialNo.toString());
+--
+1.8.3.1
+
+
+From e1345a22c1d5236754fbeb93b0d3f8f2c447d918 Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Wed, 29 Aug 2018 17:31:34 +1000
+Subject: [PATCH 3/5] rename method getTheSerialNumber -> peekNextSerialNumber
+
+Rename Repository.getTheSerialNumber -> peekNextSerialNumber to more
+accurately reflect what it does: peek at the next serial number
+without actually consuming it.
+
+Part of: https://pagure.io/dogtagpki/issue/3055
+
+(cherry picked from commit 85e356580f64f87c0b01736b71dc3d385db0bcba)
+---
+ base/ca/src/com/netscape/ca/CertificateAuthority.java | 2 +-
+ base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java | 2 +-
+ .../cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java | 2 +-
+ base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java
+index 0281db0..f414628 100644
+--- a/base/ca/src/com/netscape/ca/CertificateAuthority.java
++++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java
+@@ -1077,7 +1077,7 @@ public class CertificateAuthority
+ public String getStartSerial() {
+ try {
+ BigInteger serial =
+- mCertRepot.getTheSerialNumber();
++ mCertRepot.peekNextSerialNumber();
+
+ if (serial == null)
+ return "";
+diff --git a/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
+index 39744ac..d0b6135 100644
+--- a/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
++++ b/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
+@@ -50,7 +50,7 @@ public interface IRepository {
+ * @return serial number
+ * @exception EBaseException failed to retrieve next serial number
+ */
+- public BigInteger getTheSerialNumber() throws EBaseException;
++ public BigInteger peekNextSerialNumber() throws EBaseException;
+
+ /**
+ * Set the maximum serial number.
+diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+index 2586da2..e5b5168 100644
+--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
++++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+@@ -187,7 +187,7 @@ public class UpdateNumberRange extends CMSServlet {
+ BigInteger decrement = new BigInteger(decrementStr, radix);
+ beginNum = endNum.subtract(decrement).add(oneNum);
+
+- if (beginNum.compareTo(repo.getTheSerialNumber()) < 0) {
++ if (beginNum.compareTo(repo.peekNextSerialNumber()) < 0) {
+ String nextEndNumStr = cs.getString(nextEndConfig, "");
+ BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
+ CMS.debug("Transferring from the end of on-deck range");
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+index 828217c..55068ea 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+@@ -346,7 +346,7 @@ public abstract class Repository implements IRepository {
+ * Returns null if the next number exceeds the current range and
+ * there is not a next range.
+ */
+- public BigInteger getTheSerialNumber() throws EBaseException {
++ public BigInteger peekNextSerialNumber() throws EBaseException {
+
+ CMS.debug("Repository:In getTheSerialNumber ");
+ if (mLastSerialNo == null)
+--
+1.8.3.1
+
+
+From 26586f3e711f1e238d4692f801dd8de42b88fc53 Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Wed, 29 Aug 2018 21:42:40 +1000
+Subject: [PATCH 4/5] checkRange: small refactor and add commentary
+
+Add some commentary about the behaviour and proper usage of
+Repository.checkRange(). Also perform a small refactor, avoiding
+a redundant stringify and parse.
+
+Part of: https://pagure.io/dogtagpki/issue/3055
+
+(cherry picked from commit 5a606e83719272fb488047b28a9ca7d5ce2ea30b)
+---
+ .../src/com/netscape/cmscore/dbs/Repository.java | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+index 55068ea..9bc7e2a 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+@@ -406,14 +406,17 @@ public abstract class Repository implements IRepository {
+ throw new EBaseException("mLastSerialNo is null");
+ }
+
++ /* Advance the serial number. checkRange() will check if it exceeds
++ * the current range and, if so, rolls to the next range and resets
++ * mLastSerialNo to the start of the new range. Hence we return
++ * mLastSerialNo below, after the call to checkRange().
++ */
+ mLastSerialNo = mLastSerialNo.add(BigInteger.ONE);
+
+ checkRange();
+
+- BigInteger retSerial = new BigInteger(mLastSerialNo.toString());
+-
+- CMS.debug("Repository: getNextSerialNumber: returning retSerial " + retSerial);
+- return retSerial;
++ CMS.debug("Repository: getNextSerialNumber: returning " + mLastSerialNo);
++ return mLastSerialNo;
+ }
+
+ /**
+@@ -422,6 +425,14 @@ public abstract class Repository implements IRepository {
+ * If it exceeds the given range, and there is a next range, switch the range.
+ * If it exceeds the given range, and there is not a next range, throw EDBException.
+ *
++ * Precondition: the serial number should already have been advanced.
++ * This method will detect that and switch to the next range, including
++ * resetting mLastSerialNo to the start of the new (now current) range.
++ *
++ * Postcondition: the caller should again read mLastSerialNo after
++ * calling checkRange(), in case checkRange switched the range and the
++ * new range is not adjacent to the current range.
++ *
+ * @exception EDBException thrown when range switch is needed
+ * but next range is not allocated
+ */
+--
+1.8.3.1
+
+
+From 57edb3ee50b3ae634ee31ed643e2bb3a891b80fa Mon Sep 17 00:00:00 2001
+From: Fraser Tweedale <ftweedal@redhat.com>
+Date: Wed, 29 Aug 2018 22:22:10 +1000
+Subject: [PATCH 5/5] Add missing synchronisation for range management
+
+Several methods in Repository (and CertificateRepository) need
+synchronisation on the intrisic lock. Make these methods
+synchronised.
+
+Also take the lock in UpdateNumberRange so that no serial numbers
+can be handed out in other threads between peekNextSerialNumber()
+and set(Next)?MaxSerial(). Without this synchronisation, it is
+possible that the master instance will use some of the serial
+numbers it transfers to the clone.
+
+Fixes: https://pagure.io/dogtagpki/issue/3055
+(cherry picked from commit 851a0bdd79c12c627a04cfc376338c1727cd50d9)
+---
+ .../cms/servlet/csadmin/UpdateNumberRange.java | 35 +++++++-----
+ .../cmscore/dbs/CertificateRepository.java | 62 ++++++++++------------
+ .../src/com/netscape/cmscore/dbs/Repository.java | 6 +--
+ 3 files changed, 53 insertions(+), 50 deletions(-)
+
+diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+index e5b5168..c2ff7ed 100644
+--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
++++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+@@ -187,20 +187,27 @@ public class UpdateNumberRange extends CMSServlet {
+ BigInteger decrement = new BigInteger(decrementStr, radix);
+ beginNum = endNum.subtract(decrement).add(oneNum);
+
+- if (beginNum.compareTo(repo.peekNextSerialNumber()) < 0) {
+- String nextEndNumStr = cs.getString(nextEndConfig, "");
+- BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
+- CMS.debug("Transferring from the end of on-deck range");
+- String newValStr = endNum2.subtract(decrement).toString(radix);
+- repo.setNextMaxSerial(newValStr);
+- cs.putString(nextEndConfig, newValStr);
+- beginNum = endNum2.subtract(decrement).add(oneNum);
+- endNum = endNum2;
+- } else {
+- CMS.debug("Transferring from the end of the current range");
+- String newValStr = beginNum.subtract(oneNum).toString(radix);
+- repo.setMaxSerial(newValStr);
+- cs.putString(endNumConfig, newValStr);
++ /* We need to synchronise on repo because we peek the next
++ * serial number, then set the max serial of the current or
++ * next range. If we don't synchronize, we could end up
++ * using serial numbers that were transferred.
++ */
++ synchronized (repo) {
++ if (beginNum.compareTo(repo.peekNextSerialNumber()) < 0) {
++ String nextEndNumStr = cs.getString(nextEndConfig, "");
++ BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
++ CMS.debug("Transferring from the end of on-deck range");
++ String newValStr = endNum2.subtract(decrement).toString(radix);
++ repo.setNextMaxSerial(newValStr);
++ cs.putString(nextEndConfig, newValStr);
++ beginNum = endNum2.subtract(decrement).add(oneNum);
++ endNum = endNum2;
++ } else {
++ CMS.debug("Transferring from the end of the current range");
++ String newValStr = beginNum.subtract(oneNum).toString(radix);
++ repo.setMaxSerial(newValStr);
++ cs.putString(endNumConfig, newValStr);
++ }
+ }
+
+ if (beginNum == null) {
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java
+index 367917f..94087c8 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertificateRepository.java
+@@ -251,49 +251,45 @@ public class CertificateRepository extends Repository
+ return nextSerialNumber;
+ }
+
+- private Object nextSerialNumberMonitor = new Object();
+-
+- public BigInteger getNextSerialNumber() throws
++ public synchronized BigInteger getNextSerialNumber() throws
+ EBaseException {
+
+ BigInteger nextSerialNumber = null;
+ BigInteger randomNumber = null;
+
+- synchronized (nextSerialNumberMonitor) {
+- super.initCacheIfNeeded();
+- CMS.debug("CertificateRepository: getNextSerialNumber mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers);
++ super.initCacheIfNeeded();
++ CMS.debug("CertificateRepository: getNextSerialNumber mEnableRandomSerialNumbers="+mEnableRandomSerialNumbers);
+
+- if (mEnableRandomSerialNumbers) {
+- int i = 0;
+- do {
+- if (i > 0) {
+- CMS.debug("CertificateRepository: getNextSerialNumber regenerating serial number");
+- }
+- randomNumber = getRandomNumber();
+- nextSerialNumber = getRandomSerialNumber(randomNumber);
+- nextSerialNumber = checkSerialNumbers(randomNumber, nextSerialNumber);
+- i++;
+- } while (nextSerialNumber == null && i < mMaxCollisionRecoveryRegenerations);
+-
+- if (nextSerialNumber == null) {
+- CMS.debug("CertificateRepository: in getNextSerialNumber nextSerialNumber is null");
+- throw new EBaseException( "nextSerialNumber is null" );
++ if (mEnableRandomSerialNumbers) {
++ int i = 0;
++ do {
++ if (i > 0) {
++ CMS.debug("CertificateRepository: getNextSerialNumber regenerating serial number");
+ }
++ randomNumber = getRandomNumber();
++ nextSerialNumber = getRandomSerialNumber(randomNumber);
++ nextSerialNumber = checkSerialNumbers(randomNumber, nextSerialNumber);
++ i++;
++ } while (nextSerialNumber == null && i < mMaxCollisionRecoveryRegenerations);
+
+- if (mCounter.compareTo(BigInteger.ZERO) >= 0 &&
+- mMinSerialNo != null && mMaxSerialNo != null &&
+- nextSerialNumber != null &&
+- nextSerialNumber.compareTo(mMinSerialNo) >= 0 &&
+- nextSerialNumber.compareTo(mMaxSerialNo) <= 0) {
+- mCounter = mCounter.add(BigInteger.ONE);
+- }
+- CMS.debug("CertificateRepository: getNextSerialNumber nextSerialNumber="+
+- nextSerialNumber+" mCounter="+mCounter);
++ if (nextSerialNumber == null) {
++ CMS.debug("CertificateRepository: in getNextSerialNumber nextSerialNumber is null");
++ throw new EBaseException( "nextSerialNumber is null" );
++ }
+
+- super.checkRange();
+- } else {
+- nextSerialNumber = super.getNextSerialNumber();
++ if (mCounter.compareTo(BigInteger.ZERO) >= 0 &&
++ mMinSerialNo != null && mMaxSerialNo != null &&
++ nextSerialNumber != null &&
++ nextSerialNumber.compareTo(mMinSerialNo) >= 0 &&
++ nextSerialNumber.compareTo(mMaxSerialNo) <= 0) {
++ mCounter = mCounter.add(BigInteger.ONE);
+ }
++ CMS.debug("CertificateRepository: getNextSerialNumber nextSerialNumber="+
++ nextSerialNumber+" mCounter="+mCounter);
++
++ super.checkRange();
++ } else {
++ nextSerialNumber = super.getNextSerialNumber();
+ }
+
+ return nextSerialNumber;
+diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+index 9bc7e2a..c31d376 100644
+--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
++++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/Repository.java
+@@ -185,7 +185,7 @@ public abstract class Repository implements IRepository {
+ * @param serial maximum number
+ * @exception EBaseException failed to set maximum serial number
+ */
+- public void setMaxSerial(String serial) throws EBaseException {
++ public synchronized void setMaxSerial(String serial) throws EBaseException {
+ BigInteger maxSerial = null;
+ CMS.debug("Repository:setMaxSerial " + serial);
+
+@@ -211,7 +211,7 @@ public abstract class Repository implements IRepository {
+ * @param serial maximum number in next range
+ * @exception EBaseException failed to set maximum serial number in next range
+ */
+- public void setNextMaxSerial(String serial) throws EBaseException {
++ public synchronized void setNextMaxSerial(String serial) throws EBaseException {
+ BigInteger maxSerial = null;
+ CMS.debug("Repository:setNextMaxSerial " + serial);
+
+@@ -346,7 +346,7 @@ public abstract class Repository implements IRepository {
+ * Returns null if the next number exceeds the current range and
+ * there is not a next range.
+ */
+- public BigInteger peekNextSerialNumber() throws EBaseException {
++ public synchronized BigInteger peekNextSerialNumber() throws EBaseException {
+
+ CMS.debug("Repository:In getTheSerialNumber ");
+ if (mLastSerialNo == null)
+--
+1.8.3.1
+
diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec
index 23f7248..59f156f 100644
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@@ -65,13 +65,13 @@
Name: pki-core
%if 0%{?rhel}
Version: 10.5.16
-%define redhat_release 5
+%define redhat_release 6
%define redhat_stage 0
#%define default_release %{redhat_release}.%{redhat_stage}
%define default_release %{redhat_release}
%else
Version: 10.5.16
-%define fedora_release 5
+%define fedora_release 6
%define fedora_stage 0
#%define default_release %{fedora_release}.%{fedora_stage}
%define default_release %{fedora_release}
@@ -212,6 +212,7 @@ Patch0: pki-core-Add-Subject-Key-ID-to-CSR.patch
Patch1: pki-core-PKI-startup-init-LDAP-operation-attr-independence.patch
Patch2: pki-core-Fixed-Missing-SAN-extension-for-CA-Clone.patch
Patch3: pki-core-Internal-LDAP-Server-goes-down-Audit-Event.patch
+Patch4: pki-core-Fixed-Number-Range-Depletion-Issue.patch
# Obtain version phase number (e. g. - used by "alpha", "beta", etc.)
#
@@ -809,6 +810,7 @@ This package is a part of the PKI Core used by the Certificate System.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%clean
%{__rm} -rf %{buildroot}
@@ -1345,6 +1347,18 @@ fi
%endif # %{with server}
%changelog
+* Mon Oct 14 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-6
+- ##########################################################################
+- # RHEL 7.7:
+- ##########################################################################
+- Bugzilla Bug #1754845 - number range depletion when multiple clones
+ created from same master (ftweedal)
+- ##########################################################################
+- # RHCS 9.5:
+- ##########################################################################
+- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
+ # pki-console to 10.5.16 in RHCS 9.5
+
* Mon Sep 9 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-5
- ##########################################################################
- # RHEL 7.7: