diff --git a/0000-fix-compilation-failed.patch b/0000-fix-compilation-failed.patch
deleted file mode 100644
index 6b041cc2ce1e46b730e256641dce4a89c8cfe1c1..0000000000000000000000000000000000000000
--- a/0000-fix-compilation-failed.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff -Nur a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
---- a/ldap/servers/plugins/acl/acl.h	2019-10-19 01:12:19.000000000 +0800
-+++ b/ldap/servers/plugins/acl/acl.h	2021-08-04 16:43:24.182937500 +0800
-@@ -311,8 +311,8 @@
- #define ATTR_ACLPB_MAX_SELECTED_ACLS    "nsslapd-aclpb-max-selected-acls"
- #define DEFAULT_ACLPB_MAX_SELECTED_ACLS 200
- 
--int aclpb_max_selected_acls; /* initialized from plugin config entry */
--int aclpb_max_cache_results; /* initialized from plugin config entry */
-+extern int aclpb_max_selected_acls; /* initialized from plugin config entry */
-+extern int aclpb_max_cache_results; /* initialized from plugin config entry */
- 
- typedef struct result_cache
- {
-diff -Nur a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
---- a/ldap/servers/slapd/slap.h	2019-11-14 09:00:40.000000000 +0800
-+++ b/ldap/servers/slapd/slap.h	2021-08-04 15:57:03.260828000 +0800
-@@ -937,7 +937,7 @@
-     void **elements;   /* array of elements */
-     int element_count; /* number of elements in the array */
-     int alloc_count;   /* number of allocated nodes in the array */
--} datalist;
-+};
- 
- /* data available to plugins */
- typedef struct target_data
-@@ -1739,7 +1739,7 @@
-     int task_refcount;
-     void *origin_plugin;       /* If this is a plugin create task, store the plugin object */
-     PRLock *task_log_lock;     /* To protect task_log to be realloced if it's in use */
--} slapi_task;
-+};
- /* End of interface to support online tasks **********************************/
- 
- /*
diff --git a/389-ds-base-1.4.0.31.tar.bz2 b/389-ds-base-1.4.3.20.tar.bz2
similarity index 49%
rename from 389-ds-base-1.4.0.31.tar.bz2
rename to 389-ds-base-1.4.3.20.tar.bz2
index affd146f1af8faf643769c8297ab0cd31270f1d6..158ada235dcd6f7c846c00d9c797478c3335e7be 100644
Binary files a/389-ds-base-1.4.0.31.tar.bz2 and b/389-ds-base-1.4.3.20.tar.bz2 differ
diff --git a/389-ds-base.spec b/389-ds-base.spec
index 77eb1e5f0bf30dbba6fed810d0a0ff00bc931b1e..ea72392f271f7f3593e3cdc899720c648436a65c 100644
--- a/389-ds-base.spec
+++ b/389-ds-base.spec
@@ -5,18 +5,17 @@ ExcludeArch:   i686
 
 Name:          389-ds-base
 Summary:       Base 389 Directory Server
-Version:       1.4.0.31
-Release:       5
+Version:       1.4.3.20
+Release:       1
 License:       GPLv3+
 URL:           https://www.port389.org
 Source0:       https://releases.pagure.org/389-ds-base/389-ds-base-%{version}.tar.bz2
 Source1:       389-ds-base-git.sh
 Source2:       389-ds-base-devel.README
-Source3:       https://github.com/jemalloc/jemalloc/releases/download/5.2.0/jemalloc-5.2.0.tar.bz2
+Source3:       https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
 
-Patch0:        0000-fix-compilation-failed.patch
-Patch1:        CVE-2021-3652.patch
-Patch2:        CVE-2021-3514.patch
+Patch0:        CVE-2021-3652.patch
+Patch1:        CVE-2021-3514.patch
 
 BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
 BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
@@ -33,7 +32,7 @@ Requires:      python%{python3_pkgversion}-lib389 = %{version}-%{release}
 Requires:      policycoreutils-python-utils /usr/sbin/semanage libsemanage-python%{python3_pkgversion}
 Requires:      selinux-policy >= 3.14.1-29 openldap-clients openssl-perl python%{python3_pkgversion}-ldap
 Requires:      nss-tools nss >= 3.34 krb5-libs libevent cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
-Requires:      libdb-utils perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires:      libdb-utils
 Requires:      perl-Errno >= 1.23-360 perl-DB_File perl-Archive-Tar cracklib-dicts python3-packaging
 %{?systemd_requires}
 
@@ -51,6 +50,9 @@ Summary:       Legacy utilities for 389 Directory Server
 Obsoletes:     389-ds-base <= 1.4.0.9
 Requires:      389-ds-base = %{version}-%{release} perl-Socket perl-NetAddr-IP
 Requires:      perl-Mozilla-LDAP bind-utils
+Requires:      perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+%global __provides_exclude_from %{_libdir}/dirsrv/perl
+%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
 %{?perl_default_filter}
 
 %description   legacy-tools
@@ -116,8 +118,9 @@ OPENLDAP_FLAG="--with-openldap"
 %{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
 NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
 
-cd ../jemalloc-5.2.0
-%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin
+LEGACY_FLAGS="--enable-legacy --enable-perl"
+cd ../jemalloc-5.2.1
+%configure --libdir=%{_libdir}/dirsrv/lib --bindir=%{_libdir}/dirsrv/bin --enable-prof
 %make_build
 cd -
 
@@ -127,7 +130,7 @@ autoreconf -fiv
            --with-systemdsystemunitdir=%{_unitdir} \
            --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
            --with-systemdgroupname=dirsrv.target --libexecdir=%{_libexecdir}/dirsrv \
-           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS --enable-cmocka
+           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $PERL_FLAGS $CLANG_FLAGS $LEGACY_FLAGS --enable-cmocka --enable-perl
 
 cd ./src/lib389
 %py3_build
@@ -161,7 +164,7 @@ install -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/dirsrv.target.wants
 
 sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/dirsrv/script-templates/template-*.pl
 
-cd ../jemalloc-5.2.0
+cd ../jemalloc-5.2.1
 make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
 cp -pa COPYING ../389-ds-base-%{version}/COPYING.jemalloc
 cp -pa README ../389-ds-base-%{version}/README.jemalloc
@@ -277,9 +280,11 @@ done
 exit 0
 
 %files
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl COPYING.jemalloc
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
+%license COPYING.jemalloc
 %{_libdir}/libsvrcore.so.*
-%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libnunc-stans.so.*,libsds.so.*,libldaputil.so.*}
+%{_libdir}/dirsrv/{libslapd.so.*,libns-dshttpd-*.so,libsds.so.*,libldaputil.so.*,librewriters.so*}
+%{_libdir}/dirsrv/lib/libjemalloc.so.2
 %dir %{_sysconfdir}/dirsrv
 %dir %{_sysconfdir}/dirsrv/schema
 %config(noreplace)%{_sysconfdir}/dirsrv/schema/*.ldif
@@ -287,14 +292,10 @@ exit 0
 %dir %{_sysconfdir}/systemd/system/dirsrv.target.wants
 %config(noreplace)%{_sysconfdir}/dirsrv/config/{slapd-collations.conf,certmap.conf,template-initconfig}
 %{_datadir}/dirsrv
-%exclude %{_datadir}/dirsrv/script-templates
-%exclude %{_datadir}/dirsrv/updates
-%exclude %{_datadir}/dirsrv/properties/*.res
 %{_datadir}/gdb/auto-load/*
 %{_unitdir}
 %{_bindir}/{dbscan,ds-replcheck,ds-logpipe.py,ldclt,logconv.pl,pwdhash,readnsstate}
-%{_sbindir}/{ldif2ldap,ns-slapd,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
-%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
+%{_sbindir}/ns-slapd
 %{_libexecdir}/dirsrv/ds_systemd_ask_password_acl
 %{_libdir}/dirsrv/python
 %dir %{_libdir}/dirsrv/plugins
@@ -315,12 +316,15 @@ exit 0
 %{_includedir}/svrcore.h
 %{_includedir}/dirsrv
 %{_libdir}/libsvrcore.so
-%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libnunc-stans.so,libsds.so,libldaputil.so}
-%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc,nunc-stans.pc}
+%{_libdir}/dirsrv/{libslapd.so,libns-dshttpd.so,libsds.so,libldaputil.so}
+%{_libdir}/pkgconfig/{svrcore.pc,dirsrv.pc,libsds.pc}
 
 %files         legacy-tools
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
 %{_bindir}/{infadd,ldif,migratecred,mmldif,rsearch,repl-monitor,cl-dump}
+%config(noreplace)%{_sysconfdir}/dirsrv/config/template-initconfig
+%{_sbindir}/{ldif2ldap,bak2db,db2bak,db2index,db2ldif,dbverify,ldif2db,restart-dirsrv}
+%{_sbindir}/{start-dirsrv,status-dirsrv,stop-dirsrv,upgradedb,vlvindex}
 %{_sbindir}/{monitor,dbmon.sh,dn2rdn,restoreconfig,saveconfig,suffix2instance,upgradednformat}
 %{_libexecdir}/dirsrv/{ds_selinux_enabled,ds_selinux_port_query}
 %{_datadir}/dirsrv/properties/*.res
@@ -340,6 +344,7 @@ exit 0
 %doc LICENSE LICENSE.GPLv3+
 %{python3_sitelib}/lib389*
 %{_sbindir}/{dsconf,dscreate,dsctl,dsidm}
+%{_libexecdir}/dirsrv/dscontainer
 
 %files         -n cockpit-389-ds -f cockpit.list
 %{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
@@ -349,6 +354,9 @@ exit 0
 %{_mandir}/*/*
 
 %changelog
+* Tue Mar 15 2022 wangkai <wangkai385@huawei.com> - 1.4.3.20-1
+- Update to 1.4.3.20 for fix CVE-2020-35518
+
 * Wed Sep 29 2021 caodongxia <caodongxia@huawei.com> - 1.4.0.31-5
 - add install require python3-packaging 
 
diff --git a/jemalloc-5.2.0.tar.bz2 b/jemalloc-5.2.0.tar.bz2
deleted file mode 100644
index c7f678f73469d69d83d96a8f931ce9d5c2f162e6..0000000000000000000000000000000000000000
Binary files a/jemalloc-5.2.0.tar.bz2 and /dev/null differ
diff --git a/jemalloc-5.2.1.tar.bz2 b/jemalloc-5.2.1.tar.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..75baa3f9a1c21f350f28521657c1d907e6235a34
Binary files /dev/null and b/jemalloc-5.2.1.tar.bz2 differ