diff --git a/.gitignore b/.gitignore
index d3fc221..68f809f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/mariadb-10.2.22.tar.gz
+SOURCES/mariadb-10.2.33.tar.gz
diff --git a/.rh-mariadb102-mariadb.metadata b/.rh-mariadb102-mariadb.metadata
index 7e05152..51a7012 100644
--- a/.rh-mariadb102-mariadb.metadata
+++ b/.rh-mariadb102-mariadb.metadata
@@ -1 +1 @@
-e44e661b995d01f05abeae1eb3fa480506b910d7 SOURCES/mariadb-10.2.22.tar.gz
+4d53e8326cc4eb91b508cbe38718193789927d3b SOURCES/mariadb-10.2.33.tar.gz
diff --git a/SOURCES/mariadb-logrotate.patch b/SOURCES/mariadb-logrotate.patch
index b0f6566..9ed55b4 100644
--- a/SOURCES/mariadb-logrotate.patch
+++ b/SOURCES/mariadb-logrotate.patch
@@ -14,31 +14,26 @@ Adjust the mysql-log-rotate script in several ways:
 See discussions at RH bugs 799735, 547007
 
 
-diff -up mariadb-10.2.6/support-files/mysql-log-rotate.sh.p4 mariadb-10.2.6/support-files/mysql-log-rotate.sh
---- mariadb-10.2.6/support-files/mysql-log-rotate.sh.p4	2017-05-15 01:13:28.000000000 +0200
-+++ mariadb-10.2.6/support-files/mysql-log-rotate.sh	2017-06-18 18:42:19.930844360 +0200
-@@ -1,9 +1,9 @@
- # This logname can be set in /etc/my.cnf
--# by setting the variable "err-log"
--# in the [safe_mysqld] section as follows:
-+# by setting the variable "log-error"
-+# in the [mysqld_safe] section as follows:
+diff -up mariadb-10.2.29/support-files/mysql-log-rotate.sh mariadb-10.2.29/support-files/mysql-log-rotate.sh_patched
+--- mariadb-10.2.29/support-files/mysql-log-rotate.sh	2019-11-06 12:18:20.000000000 +0100
++++ mariadb-10.2.29/support-files/mysql-log-rotate.sh_patched	2019-11-28 16:37:46.204768638 +0100
+@@ -3,7 +3,7 @@
+ # in the [mysqld] section as follows:
  #
--# [safe_mysqld]
--# err-log=@localstatedir@/mysqld.log
-+# [mysqld_safe]
+ # [mysqld]
+-# log-error=@localstatedir@/mysqld.log
 +# log-error=@LOG_LOCATION@
  #
  # If the root user has a password you have to create a
  # /root/.my.cnf configuration file with the following
-@@ -18,20 +18,21 @@
+@@ -18,20 +18,20 @@
  # ATTENTION: This /root/.my.cnf should be readable ONLY
  # for root !
  
 -@localstatedir@/mysqld.log {
 -        # create 600 mysql mysql
 -        notifempty
--	daily
+-        daily
 -        rotate 3
 -        missingok
 -        compress
@@ -52,11 +47,10 @@ diff -up mariadb-10.2.6/support-files/mysql-log-rotate.sh.p4 mariadb-10.2.6/supp
 -	fi
 -    endscript
 -}
-+# To enable mysql's log file rotation, un-comment the following lines.
 +#@LOG_LOCATION@ {
 +#        create 640 mysql mysql
 +#        notifempty
-+#	daily
++#        daily
 +#        rotate 3
 +#        missingok
 +#        compress
diff --git a/SOURCES/mariadb-ownsetup.patch b/SOURCES/mariadb-ownsetup.patch
index 893999f..3534c43 100644
--- a/SOURCES/mariadb-ownsetup.patch
+++ b/SOURCES/mariadb-ownsetup.patch
@@ -1,14 +1,16 @@
 diff -up mariadb-10.1.8/support-files/CMakeLists.txt.p9 mariadb-10.1.8/support-files/CMakeLists.txt
---- mariadb-10.1.8/support-files/CMakeLists.txt.p9	2015-11-03 11:38:46.029139464 +0100
-+++ mariadb-10.1.8/support-files/CMakeLists.txt	2015-11-03 11:41:07.107605055 +0100
-@@ -62,6 +62,7 @@ IF(UNIX)
+--- mariadb-10.2.32/support-files/CMakeLists.txt	2020-05-08 13:45:27.000000000 +0200
++++ mariadb-10.2.32/support-files/CMakeLists.txt_pacthed	2020-05-13 10:11:30.884190396 +0200
+@@ -100,7 +100,8 @@ IF(UNIX)
    ENDIF()
  
    CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
+-  INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
 +  CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
-   INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
++  INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
  
    INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
+   
 diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
 --- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup	2015-01-24 23:55:55.110063592 +0100
 +++ mariadb-10.0.15/support-files/rpm/server.cnf	2015-01-24 23:57:42.308114387 +0100
diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list
index 430e597..e69de29 100644
--- a/SOURCES/rh-skipped-tests-base.list
+++ b/SOURCES/rh-skipped-tests-base.list
@@ -1 +0,0 @@
-main.mysqldump                               :
diff --git a/SOURCES/rh-skipped-tests-s390.list b/SOURCES/rh-skipped-tests-s390.list
index fd8dbea..86152bc 100644
--- a/SOURCES/rh-skipped-tests-s390.list
+++ b/SOURCES/rh-skipped-tests-s390.list
@@ -1,2 +1 @@
-sys_vars.innodb_ft_result_cache_limit_32     :
 main.func_regexp_pcre                        :
diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec
index 279ce7b..5cbe72b 100644
--- a/SPECS/mariadb.spec
+++ b/SPECS/mariadb.spec
@@ -103,7 +103,7 @@
 
 # MariaDB 10.0 and later requires pcre >= 8.35, otherwise we need to use
 # the bundled library, since the package cannot be build with older version
-%global pcre_version 8.42
+%global pcre_version 8.44
 %if 0%{?fedora} >= 21
 %bcond_without pcre
 %else
@@ -162,7 +162,7 @@
 # Make long macros shorter
 %global sameevr   %{epoch}:%{version}-%{release}
 %global compatver 10.2
-%global bugfixver 22
+%global bugfixver 33
 
 %if 0%{?scl:1}
 %global scl_upper %{lua:print(string.upper(string.gsub(rpm.expand("%{scl}"), "-", "_")))}
@@ -952,7 +952,7 @@ mv %{buildroot}%{_sysconfdir}/my.cnf.d/server.cnf %{buildroot}%{_sysconfdir}/my.
 
 %if %{with init_systemd}
 # Rename sysusers and tmpfiles config files, they should be named after the software they belong to
-mv %{buildroot}/usr/lib/sysusers.d/sysusers.conf %{buildroot}/usr/lib/sysusers.d/%{name}.conf
+mv %{buildroot}/usr/lib/sysusers.d/mariadb.conf %{buildroot}%{_sysusersdir}/%{name}.conf
 %endif
 
 # install systemd unit files and scripts for handling server startup
@@ -960,7 +960,7 @@ mv %{buildroot}/usr/lib/sysusers.d/sysusers.conf %{buildroot}/usr/lib/sysusers.d
 install -D -p -m 644 scripts/mysql.service %{buildroot}%{_unitdir}/%{daemon_name}.service
 install -D -p -m 644 scripts/mysql@.service %{buildroot}%{_unitdir}/%{daemon_name}@.service
 # Remove the upstream version
-rm %{buildroot}/usr/lib/tmpfiles.d/tmpfiles.conf
+rm %{buildroot}/usr/lib/tmpfiles.d/mariadb.conf
 # Install downstream version
 install -D -p -m 0644 scripts/mysql.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf
 %endif
@@ -1066,6 +1066,10 @@ rm -r %{buildroot}%{_datadir}/%{pkg_name}/systemd
 install -p -m 0644 mysql-test/unstable-tests %{buildroot}%{_datadir}/mysql-test
 ln -s unstable-tests %{buildroot}%{_datadir}/mysql-test/rh-skipped-tests.list
 
+# Move new PAM auth plugin files to the correct SCL locations
+mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir}
+mv %{buildroot}/etc/security %{buildroot}%{_sysconfdir}
+
 %if %{without clibrary}
 %{!?scl: rm -r %{buildroot}%{_sysconfdir}/ld.so.conf.d}
 unlink %{buildroot}%{_libdir}/mysql/libmariadb.so
@@ -1117,13 +1121,9 @@ rm %{buildroot}%{_bindir}/mbstream
 %if %{without tokudb}
 %ifarch x86_64
 %if 0%{!?scl:1}
-rm %{buildroot}%{_bindir}/tokuftdump
 rm %{buildroot}%{_bindir}/tokuft_logprint
 %endif
 %endif
-# because upstream ships manpages for tokudb even on architectures that tokudb doesn't support
-rm %{buildroot}%{_mandir}/man1/tokuftdump.1*
-rm %{buildroot}%{_mandir}/man1/tokuft_logprint.1*
 %endif
 
 %if %{without config}
@@ -1422,7 +1422,7 @@ fi
 
 %if %{with common}
 %files common
-%doc COPYING COPYING.thirdparty README.md README.mysql-license README.mysql-docs README.mariadb-devel
+%doc COPYING README.md README.mysql-license README.mysql-docs README.mariadb-devel
 %doc storage/innobase/COPYING.Percona storage/innobase/COPYING.Google
 %doc %{_datadir}/doc/%{_pkgdocdirname}
 %dir %{_libdir}/mysql
@@ -1536,6 +1536,10 @@ fi
 %endif
 
 %{_libdir}/mysql/plugin/*
+
+%{_libdir}/security/pam_user_map.so
+%{_sysconfdir}/security/user_map.conf
+
 %{?with_oqgraph:%exclude %{_libdir}/mysql/plugin/ha_oqgraph.so}
 %{?with_connect:%exclude %{_libdir}/mysql/plugin/ha_connect.so}
 %exclude %{_libdir}/mysql/plugin/dialog.so
@@ -1583,6 +1587,7 @@ fi
 %{_datadir}/%{pkg_name}/mysql_system_tables.sql
 %{_datadir}/%{pkg_name}/mysql_system_tables_data.sql
 %{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql
+%{_datadir}/%{pkg_name}/mysql_test_db.sql
 %{_datadir}/%{pkg_name}/mysql_to_mariadb.sql
 %{_datadir}/%{pkg_name}/mysql_performance_tables.sql
 %{?with_mroonga:%{_datadir}/%{pkg_name}/mroonga/install.sql}
@@ -1723,6 +1728,32 @@ fi
 %endif
 
 %changelog
+* Wed Sep 16 2020 Michal Schorm <mschorm@redhat.com> - 1:10.2.33-1
+- Rebase to 10.2.33
+
+* Wed May 13 2020 Michal Schorm <mschorm@redhat.com> - 1:10.2.32-1
+- Rebase to 10.2.32
+- CVEs fixed: #1880332
+  CVE-2020-13249
+- CVEs fixed: #1880323
+  CVE-2020-2760 CVE-2020-2752 CVE-2020-2814 CVE-2020-2812
+
+* Fri Apr 17 2020 Michal Schorm <mschorm@redhat.com> - 1:10.2.31-1
+- Rebase to 10.2.31
+- CVEs fixed: #1880317
+  CVE-2020-2574
+
+* Tue Dec 03 2019 Michal Schorm <mschorm@redhat.com> - 1:10.2.29-1
+- Rebase to 10.2.29
+- CVEs fixed: #1880308
+  CVE-2019-2614 CVE-2019-2627 CVE-2019-2628
+- CVEs fixed: #1880310
+  CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805
+- CVEs fixed: #1880312
+  CVE-2019-2938 CVE-2019-2974
+- CVEs fixed: #1880323
+  CVE-2020-2922 CVE-2020-2780
+
 * Mon Sep 10 2018 Michal Schorm <mschorm@redhat.com> - 1:10.2.22-1
 - Rebase to 10.2.22
   Resolves: #1510416