diff --git a/0000-fix-compilation-failed.patch b/0000-fix-compilation-failed.patch
deleted file mode 100644
index 6b041cc2ce1e46b730e256641dce4a89c8cfe1c1..0000000000000000000000000000000000000000
--- a/0000-fix-compilation-failed.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff -Nur a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
---- a/ldap/servers/plugins/acl/acl.h	2019-10-19 01:12:19.000000000 +0800
-+++ b/ldap/servers/plugins/acl/acl.h	2021-08-04 16:43:24.182937500 +0800
-@@ -311,8 +311,8 @@
- #define ATTR_ACLPB_MAX_SELECTED_ACLS    "nsslapd-aclpb-max-selected-acls"
- #define DEFAULT_ACLPB_MAX_SELECTED_ACLS 200
- 
--int aclpb_max_selected_acls; /* initialized from plugin config entry */
--int aclpb_max_cache_results; /* initialized from plugin config entry */
-+extern int aclpb_max_selected_acls; /* initialized from plugin config entry */
-+extern int aclpb_max_cache_results; /* initialized from plugin config entry */
- 
- typedef struct result_cache
- {
-diff -Nur a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
---- a/ldap/servers/slapd/slap.h	2019-11-14 09:00:40.000000000 +0800
-+++ b/ldap/servers/slapd/slap.h	2021-08-04 15:57:03.260828000 +0800
-@@ -937,7 +937,7 @@
-     void **elements;   /* array of elements */
-     int element_count; /* number of elements in the array */
-     int alloc_count;   /* number of allocated nodes in the array */
--} datalist;
-+};
- 
- /* data available to plugins */
- typedef struct target_data
-@@ -1739,7 +1739,7 @@
-     int task_refcount;
-     void *origin_plugin;       /* If this is a plugin create task, store the plugin object */
-     PRLock *task_log_lock;     /* To protect task_log to be realloced if it's in use */
--} slapi_task;
-+};
- /* End of interface to support online tasks **********************************/
- 
- /*
diff --git a/389-ds-base-1.4.0.31.tar.bz2 b/389-ds-base-1.4.3.20.tar.bz2
similarity index 49%
rename from 389-ds-base-1.4.0.31.tar.bz2
rename to 389-ds-base-1.4.3.20.tar.bz2
index affd146f1af8faf643769c8297ab0cd31270f1d6..158ada235dcd6f7c846c00d9c797478c3335e7be 100644
Binary files a/389-ds-base-1.4.0.31.tar.bz2 and b/389-ds-base-1.4.3.20.tar.bz2 differ
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 689140b278389ba042f8089484b36ccc5feb1c65..ed3ba732c149c49fecff3e48feba43d13bf0a697 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -5,19 +5,19 @@ ExcludeArch:   i686
 
 Name:          389-ds-base
 Summary:       Base 389 Directory Server
-Version:       1.4.0.31
-Release:       6
+Version:       1.4.3.20
+Release:       1
 License:       GPLv3+
 URL:           https://www.port389.org
 Source0:       https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
 Source1:       389-ds-base-git.sh
 Source2:       389-ds-base-devel.README
-Source3:       https://github.com/jemalloc/jemalloc/releases/download/5.2.0/jemalloc-5.2.0.tar.bz2
+Source3:       https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
 
-Patch0:        0000-fix-compilation-failed.patch
-Patch1:        CVE-2021-3652.patch
-Patch2:        CVE-2021-3514.patch
-Patch3:        Fix-attributeError-type-object-build_manpages.patch
+Patch0:        CVE-2021-3652.patch
+Patch1:        CVE-2021-3514.patch
+# https://github.com/389ds/389-ds-base/commit/5a18aeb49c357a16c138d37a8251d73d8ed35319
+Patch2:        Fix-attributeError-type-object-build_manpages.patch
 
 BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
 BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@@ -34,7 +34,7 @@ Requires:      python%{python3_pkgversion}-lib389 = %{version}-%{release}
 Requires:      policycoreutils-python-utils /usr/sbin/semanage libsemanage-python%{python3_pkgversion}
 Requires:      selinux-policy >= 3.14.1-29 openldap-clients openssl-perl python%{python3_pkgversion}-ldap
 Requires:      nss-tools nss >= 3.34 krb5-libs libevent cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
-Requires:      libdb-utils perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires:      libdb-utils
 Requires:      perl-Errno >= 1.23-360 perl-DB_File perl-Archive-Tar cracklib-dicts
 %{?systemd_requires}
 
@@ -52,6 +52,9 @@ Summary:       Legacy utilities for 389 Directory Server
 Obsoletes:     389-ds-base <= 1.4.0.9
 Requires:      389-ds-base = %{version}-%{release} perl-Socket perl-NetAddr-IP
 Requires:      perl-Mozilla-LDAP bind-utils
+Requires:      perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+%global __provides_exclude_from %{_libdir}/dirsrv/perl
+%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
 %{?perl_default_filter}
 
 %description   legacy-tools
@@ -117,8 +120,9 @@ OPENLDAP_FLAG="--with-openldap"
 %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
 NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
 
-cd ../jemalloc-5.2.0
-%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin
+LEGACY_FLAGS="--enable-legacy --enable-perl"
+cd ../jemalloc-5.2.1
+%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin --enable-prof
 %make_build
 cd -
 
@@ -128,7 +132,7 @@ autoreconf -fiv
            --with-systemdsystemunitdir=%{_unitdir} \
            --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
            --with-systemdgroupname=dirsrv.target --libexecdir=%{_libexecdir}/dirsrv \
-           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS --enable-cmocka
+           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS $LEGACY_FLAGS --enable-cmocka --enable-perl
 
 cd ./src/lib389
 %py3_build
@@ -162,7 +166,7 @@ install -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/dirsrv.target.wants
 
 sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/dirsrv/script-templates/template-*.pl
 
-cd ../jemalloc-5.2.0
+cd ../jemalloc-5.2.1
 make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
 cp -pa COPYING ../389-ds-base-%{version}/COPYING.jemalloc
 cp -pa README ../389-ds-base-%{version}/README.jemalloc
@@ -290,9 +294,11 @@ done
 exit 0
 
 %files
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl COPYING.jemalloc
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
+%license COPYING.jemalloc
 %{_libdir}/libsvrcore.so.*
-%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libnunc-stans.so.*,libsds.so.*,libldaputil.so.*}
+%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libsds.so.*,libldaputil.so.*,librewriters.so*}
+%{_libdir}/dirsrv/lib/libjemalloc.so.2
 %dir %{_sysconfdir}/dirsrv
 %dir %{_sysconfdir}/dirsrv/schema
 %config(noreplace)%{_sysconfdir}/dirsrv/schema/*.ldif
@@ -300,14 +306,10 @@ exit 0
 %dir %{_sysconfdir}/systemd/system/dirsrv.target.wants
 %config(noreplace)%{_sysconfdir}/dirsrv/config/{slapd-collations.conf,certmap.conf,template-initconfig}
 %{_datadir}/dirsrv
-%exclude %{_datadir}/dirsrv/script-templates
-%exclude %{_datadir}/dirsrv/updates
-%exclude %{_datadir}/dirsrv/properties/*.res
 %{_datadir}/gdb/auto-load/*
 %{_unitdir}
 %{_bindir}/{dbscan,ds-replcheck,ds-logpipe.py,ldclt,logconv.pl,pwdhash,readnsstate}
-%{_sbindir}/{ldif2ldap,ns-slapd,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
-%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
+%{_sbindir}/ns-slapd
 %{_libexecdir}/dirsrv/ds_systemd_ask_password_acl
 %{_libdir}/dirsrv/python
 %dir %{_libdir}/dirsrv/plugins
@@ -329,12 +331,15 @@ exit 0
 %{_includedir}/svrcore.h
 %{_includedir}/dirsrv
 %{_libdir}/libsvrcore.so
-%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libnunc-stans.so,libsds.so,libldaputil.so}
-%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc,nunc-stans.pc}
+%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libsds.so,libldaputil.so}
+%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc}
 
 %files         legacy-tools
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
 %{_bindir}/{infadd,ldif,migratecred,mmldif,rsearch,repl-monitor,cl-dump}
+%config(noreplace)%{_sysconfdir}/dirsrv/config/template-initconfig
+%{_sbindir}/{ldif2ldap,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
+%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
 %{_sbindir}/{monitor,dbmon.sh,dn2rdn,restoreconfig,saveconfig,suffix2instance,upgradednformat}
 %{_libexecdir}/dirsrv/{ds_selinux_enabled,ds_selinux_port_query}
 %{_datadir}/dirsrv/properties/*.res
@@ -354,6 +359,7 @@ exit 0
 %doc LICENSE LICENSE.GPLv3+
 %{python3_sitelib}/lib389*
 %{_sbindir}/{dsconf,dscreate,dsctl,dsidm}
+%{_libexecdir}/dirsrv/dscontainer
 
 %files         -n cockpit-389-ds -f cockpit.list
 %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
@@ -363,6 +369,9 @@ exit 0
 %{_mandir}/*/*
 
 %changelog
+* Tue Mar 15 2022 wangkai <wangkai385@huawei.com> - 1.4.3.20-1
+- Update to 1.4.3.20 for fix CVE-2020-35518
+
 * Tue Feb 15 2022 xu_ping<xuping33@huawei.com> - 1.4.0.31-6
 - Fix attributeError
 
diff --git a/Fix-attributeError-type-object-build_manpages.patch b/Fix-attributeError-type-object-build_manpages.patch
index 027970a2d8b0bbbf7309a87e05fd3d2c76da6931..939b58af1840c62b8eef13a140681ae1b93b2892 100644
--- a/Fix-attributeError-type-object-build_manpages.patch
+++ b/Fix-attributeError-type-object-build_manpages.patch
@@ -1,4 +1,4 @@
-From 7cee0c3184f948ff76a907cac007afc7a303169e Mon Sep 17 00:00:00 2001
+From 5a18aeb49c357a16c138d37a8251d73d8ed35319 Mon Sep 17 00:00:00 2001
 From: Viktor Ashirov <vashirov@redhat.com>
 Date: Tue, 18 Jan 2022 13:24:53 +0100
 Subject: [PATCH] Issue 5115 -  AttributeError: type object 'build_manpages'
@@ -18,11 +18,11 @@ Fixes: https://github.com/389ds/389-ds-base/issues/5115
 
 Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
 ---
-src/lib389/setup.py | 8 +++++---
-1 file changed, 5 insertions(+), 3 deletions(-)
+ src/lib389/setup.py | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
 
 diff --git a/src/lib389/setup.py b/src/lib389/setup.py
-index ce8b512..3f7947f 100644
+index cadec25..5974d2c 100644
 --- a/src/lib389/setup.py
 +++ b/src/lib389/setup.py
 @@ -14,7 +14,9 @@
@@ -34,9 +34,9 @@ index ce8b512..3f7947f 100644
 +if bm.__version__ < '2.1':
 +    from build_manpages import build_manpages as bm
  from setuptools.command.build_py import build_py
- from setuptools.command.install import install
  
-@@ -85,8 +87,8 @@ setup(
+ here = path.abspath(path.dirname(__file__))
+@@ -89,8 +91,8 @@ setup(
  
      cmdclass={
          # Dynamically build man pages for cli tools
@@ -47,3 +47,6 @@ index ce8b512..3f7947f 100644
      }
  
  )
+-- 
+2.27.0
+
diff --git a/jemalloc-5.2.0.tar.bz2 b/jemalloc-5.2.0.tar.bz2
deleted file mode 100644
index c7f678f73469d69d83d96a8f931ce9d5c2f162e6..0000000000000000000000000000000000000000
Binary files a/jemalloc-5.2.0.tar.bz2 and /dev/null differ
diff --git a/jemalloc-5.2.1.tar.bz2 b/jemalloc-5.2.1.tar.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..75baa3f9a1c21f350f28521657c1d907e6235a34
Binary files /dev/null and b/jemalloc-5.2.1.tar.bz2 differ