diff --git a/.gitignore b/.gitignore
index 7da61c2..fb37de3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,19 @@
 *~
-/389-admin-1.1.11.tar.bz2
+389-admin-1.1.12.tar.bz2
+/389-admin-1.1.13.tar.bz2
+/389-admin-1.1.14.tar.bz2
+/389-admin-1.1.15.tar.bz2
+/389-admin-1.1.16.tar.bz2
+/389-admin-1.1.17.tar.bz2
+/389-admin-1.1.18.tar.bz2
+/389-admin-1.1.19.tar.bz2
+/389-admin-1.1.20.tar.bz2
+/389-admin-1.1.21.tar.bz2
+/389-admin-1.1.22.tar.bz2
+/389-admin-1.1.23.tar.bz2
+/389-admin-1.1.24.tar.bz2
+/389-admin-1.1.25.tar.bz2
+/389-admin-1.1.26.tar.bz2
+/389-admin-1.1.27.tar.bz2
+/389-admin-1.1.28.tar.bz2
+/389-admin-1.1.29.tar.bz2
diff --git a/389-admin-git-local.sh b/389-admin-git-local.sh
index 96fd6f6..b474d73 100755
--- a/389-admin-git-local.sh
+++ b/389-admin-git-local.sh
@@ -1,12 +1,14 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.11
+VERSION=1.1.29
 PKGNAME=389-admin
 TAG=${TAG:-$PKGNAME-$VERSION}
 SRCNAME=${PKGNAME}-${VERSION}
 echo you must be in the admin server git repo to use this
-test -d .git || {echo bye ; exit 1 }
+test -d .git || {
+echo bye ; exit 1
+}
 if [ -z "$1" ] ; then
 	dir=.
 else
diff --git a/389-admin-git.sh b/389-admin-git.sh
index a0337b9..4b53603 100755
--- a/389-admin-git.sh
+++ b/389-admin-git.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.11
+VERSION=1.1.29
 PKGNAME=389-admin
 #SRCNAME=$PKGNAME-$VERSION-$DATE
 SRCNAME=$PKGNAME-$VERSION
diff --git a/389-admin.spec b/389-admin.spec
index e997154..944214b 100644
--- a/389-admin.spec
+++ b/389-admin.spec
@@ -1,14 +1,14 @@
 %global pkgname   dirsrv
 # for a pre-release, define the prerel field - comment out for official release
-# % global prerel .rc2
+# % global prerel .a1
 # also need the relprefix 0. field for a pre-release - also comment out for official release
 # % global relprefix 0.
 
-%global selinux_variants mls targeted
+%global selinux_variants strict targeted
 
 Summary:          389 Administration Server (admin)
 Name:             389-admin
-Version:          1.1.11
+Version:          1.1.29
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv2 and ASL 2.0
 URL:              http://port389.org/
@@ -40,7 +40,7 @@ Requires:         389-ds-base
 Requires:         mod_nss
 
 # this is needed for using semanage from our setup scripts
-Requires:         policycoreutils-python
+Requires:         policycoreutils
 
 # this is needed to load and unload the policy module
 Requires(post):         policycoreutils
@@ -59,7 +59,7 @@ Requires(preun): /sbin/service
 Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
 # 389-admin-git.sh should be used to generate the source tarball from git
 Source1:          %{name}-git.sh
-Patch1:           f11-httpd.patch
+Patch1:           selinux-policy.patch
 
 %description
 389 Administration Server is an HTTP agent that provides management features
@@ -72,7 +72,7 @@ and CGI utilities used by the console.
 %patch1
 
 %build
-%configure --disable-rpath --with-selinux
+%configure --disable-rpath --with-selinux --enable-service
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
@@ -217,30 +217,126 @@ end
 %{_mandir}/man8/*
 
 %changelog
+* Tue Mar 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.29-1
+- 4ec23c0 If htmladmin fails to connect to the server, the cgi could crash.
+
+* Thu Mar 22 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.28-1
+- Ticket #307 - htmladmin keeps segfaulting
+- Ticket #286 - compilation fixes for 'format-security'
+
+* Fri Feb  3 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.27-1
+- Ticket #281 - TLS not working with latest openldap
+- Ticket #161 - Review and address latest Coverity issues
+
+* Wed Jan 25 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.26-1
+- Bug 767823 - selinux: need to allow admin server to connect to ldap port
+
+* Fri Oct 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.25-1
+- Bug 740959 - 389-console put CA certificates into wrong database
+
+* Wed Sep 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.24-1
+- Bug 695741 - Providing native systemd file
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.23-1
+- Bug 730079 - Update SELinux policy during upgrades
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.22-1
+- Bug 724808 - startup CGIs write temp file to /
+- add man pages for ds_removal and ds_unregister
+- fixes for the makeUpgradeTar.sh script
+
+* Tue Aug  2 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.21-1
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+
+* Tue Jul  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.20-1
+- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
+- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
+- Bug 718079 - Perl errors when running migrate-ds-admin.pl
+- Bug 713000 - Migration stops if old admin server cannot be stopped
+- added tests for the security cgi
+- fix typo in NSS_Shutdown warning message
+- better NSS error handling - reduce memory leaks
+- Bug 710372 - Not able to open the Manage Certificate from DS-console
+
+* Tue Jun 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.19-1
+- look for separate openldap ldif library
+
+* Tue Jun 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.18-1
+- skip rebranding current brand
+- support for skins
+
+* Fri May 13 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.17-1
+- 1.1.17
+- support "in-place" upgrade and rebranding from Red Hat to 389
+- many fixes for coverity issues
+
+* Tue Mar 29 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.16-1
+- 389-admin-1.1.16
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+- Bug 614690 - Don't use exec to call genrb
+- Bug 158926 - Unable to install CA certificate when using
+-     hardware token ( LunaSA )
+- Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
+
+* Wed Feb 23 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.15-1
+- 1.1.15 release - git tag 389-admin-1.1.15
+- Bug 493424 - remove unneeded modules for admin server apache config
+- Bug 618897 - Wrong permissions when creating instance from Console
+- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
+- Bug 245278 - Changing to a password with a single quote does not work
+- Bug 604881 - admin server log files have incorrect permissions/ownerships
+- Bug 387981 - plain files can be chosen on the Restore Directory dialog
+- Bug 668950 - Add posix group support to Console
+- Bug 618858 - move start-ds-admin env file into main admin server config path
+- Bug 616260 - libds-admin-serv linking fails due to unresolved link-time depe
+ndencies
+- start-ds-admin.in -- replaced "return 1" with "exit 1"
+- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
+- Bug 470576 - Migration could do addition checks before commiting actions
+
+* Wed Jan  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.14-1
+- 1.1.14 release
+- Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) 
+required
+- Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
+
+* Tue Nov 23 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.13-1
+- This is the final 1.1.13 release
+- git tag 389-admin-1.1.13
+- Bug 656441 - Missing library path entry causes LD_PRELOAD error
+- setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
+
+* Fri Nov 19 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.12-1
+- This is the final 1.1.12 release
+- git tag 389-admin-1.1.12
+
+* Tue Oct 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.2.a2
+- fix mozldap build breakage
+
+* Tue Sep 28 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.1.a1
+- This is the 1.1.12 alpha 1 release - with openldap support
+
 * Thu Aug 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-1
 - This is the final 1.1.11 release
 
-* Wed Aug  4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.7.rc2
+* Wed Aug  4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc2
 - 1.1.11.rc2 release
 - git tag 389-admin-1.1.11.rc2
 - Bug 594745 - Get rid of dirsrv_lib_t label
 
-* Wed Jun  9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc1
+* Wed Jun  9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.rc1
 - 1.1.11.rc1 release
 
-* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.a4
+* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.4.a4
 - 1.1.11.a4 release
 
-* Tue Apr  7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.4.a3
+* Tue Apr  7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.3.a3
 - 1.1.11.a3 release
 - Bug 570912 - dirsrv-admin SELinux module fails to install
 - Change parsing of start-slapd for instance name
 - Bug 574233 - Updated requirements for selinux policy
 - Moved selinux subpackage into base package
 
-* Fri Apr 02 2010 Caolán McNamara <caolanm@redhat.com> - 1.1.11.a2-0.3
-- rebuild for icu 4.4
-
 * Fri Feb 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11.a2-0.2
 - the 1.1.11.a2 release
 - Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location
diff --git a/f11-httpd.patch b/f11-httpd.patch
deleted file mode 100644
index 630ecb8..0000000
--- a/f11-httpd.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- admserv/cfgstuff/httpd-2.2.conf.in	1 Aug 2007 18:14:53 -0000	1.6
-+++ admserv/cfgstuff/httpd-2.2.conf.in	9 Apr 2009 16:07:53 -0000
-@@ -137,12 +137,10 @@
- LoadModule actions_module @moddir@/mod_actions.so
- LoadModule alias_module @moddir@/mod_alias.so
- LoadModule rewrite_module @moddir@/mod_rewrite.so
- LoadModule cache_module @moddir@/mod_cache.so
- LoadModule disk_cache_module @moddir@/mod_disk_cache.so
--LoadModule file_cache_module @moddir@/mod_file_cache.so
--LoadModule mem_cache_module @moddir@/mod_mem_cache.so
- LoadModule cgi_module @moddir@/mod_cgi.so
- LoadModule restartd_module     @admmoddir@/mod_restartd.so
- LoadModule nss_module         @nssmoddir@/libmodnss.so
- LoadModule admserv_module     @admmoddir@/mod_admserv.so
- 
diff --git a/selinux-policy.patch b/selinux-policy.patch
new file mode 100644
index 0000000..0203012
--- /dev/null
+++ b/selinux-policy.patch
@@ -0,0 +1,31 @@
+--- selinux/dirsrv-admin.if	2010-01-20 10:39:35.765329723 -0800
++++ selinux/dirsrv-admin.if	2010-01-20 11:15:09.351304364 -0800
+@@ -25,7 +25,6 @@
+ 
+ 	files_exec_usr_files(httpd_t)
+ 	files_manage_generic_tmp_files(httpd_t)
+-	userdom_rw_user_tmp_files(httpd_t)
+ 	corenet_tcp_connect_generic_port(httpd_t)
+ 
+ 	# Strict policy
+@@ -81,7 +80,7 @@
+ 
+ 	# Allow dirsrv to interact with CGIs
+ 	allow dirsrv_t httpd_dirsrvadmin_script_t:unix_stream_socket { read write };
+-	allow dirsrv_t dirsrvadmin_tmp_t:file write;
++	allow dirsrv_t httpd_dirsrvadmin_script_rw_t:file write;
+ 
+ 	# Allow dirsrv domain to interact with httpd
+ 	allow dirsrv_t httpd_t:fifo_file { write read };
+--- selinux/dirsrv-admin.te	2009-10-22 14:27:21.228545844 -0700
++++ selinux/dirsrv-admin.te	2009-10-22 14:27:36.348546152 -0700
+@@ -113,9 +113,6 @@
+ # The CGI scripts must be able to manage dirsrv-admin
+ dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)
+ dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)
+-manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+-manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+-files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
+ 
+ # The CGI scripts must be able to manage the dirsrv
+ dirsrv_domtrans(httpd_dirsrvadmin_script_t)
diff --git a/sources b/sources
index fdd0757..f2ab5b7 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3301554c3cd9cb26216a43c037695559  389-admin-1.1.11.tar.bz2
+4bda83e9f5644e0bd25fdf7b6ce9e5ee  389-admin-1.1.29.tar.bz2