diff --git a/.gitignore b/.gitignore
index 8540e85..f411948 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@
 /openjdk-jdk20u-jdk-20+36.tar.xz
 /openjdk-jdk20u-jdk-20.0.1+9.tar.xz
 /openjdk-jdk20u-jdk-20.0.2+9.tar.xz
+/openjdk-jdk21u-jdk-21+34.tar.xz
diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec
index 6d96bdf..0d8400d 100644
--- a/java-latest-openjdk-portable.spec
+++ b/java-latest-openjdk-portable.spec
@@ -331,14 +331,14 @@
 %endif
 
 # New Version-String scheme-style defines
-%global featurever 20
+%global featurever 21
 %global interimver 0
-%global updatever 2
+%global updatever 0
 %global patchver 0
 # buildjdkver is usually same as %%{featurever},
 # but in time of bootstrap of next jdk, it is featurever-1,
 # and this it is better to change it here, on single place
-%global buildjdkver %{featurever}
+%global buildjdkver 20
 # We don't add any LTS designator for STS packages (Fedora and EPEL).
 # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
 %if 0%{?rhel} && !0%{?epel}
@@ -390,7 +390,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        9
+%global buildver       34
 %global rpmrelease      1
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -417,7 +417,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           1
+%global is_ga           0
 %if %{is_ga}
 %global build_type GA
 %global ea_designator ""
@@ -692,7 +692,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
 # RH2104724: Avoid import/export of DH private keys
 # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
 # Build the systemconf library on all platforms
-Patch1001: fips-20u-%{fipsver}.patch
+# Patch1001: fips-20u-%{fipsver}.patch
 
 #############################################
 #
@@ -977,7 +977,7 @@ pushd %{top_level_dir_name}
 %patch3 -p1
 %patch6 -p1
 # Add crypto policy and FIPS support
-%patch1001 -p1
+# %patch1001 -p1
 # nss.cfg PKCS11 support; must come last as it also alters java.security
 %patch1000 -p1
 popd # openjdk
@@ -1151,7 +1151,6 @@ function buildjdk() {
     --with-boot-jdk=${buildjdk} \
     --with-debug-level=${debuglevel} \
     --with-native-debug-symbols="%{debug_symbols}" \
-    --disable-sysconf-nss \
     --enable-unlimited-crypto \
     --with-zlib=%{link_type} \
     --with-freetype=%{link_type} \
@@ -1534,8 +1533,8 @@ $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|
 %if %{include_staticlibs}
 # Check debug symbols in static libraries (smoke test)
 export STATIC_LIBS_HOME=${top_dir_abs_main_build_path}/../../%{buildoutputdir -- ${suffix}%{staticlibs_suffix}}/images/static-libs/lib/
-readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c
-readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c
+readelf --debug-dump  $STATIC_LIBS_HOME/libnet.a | grep Inet4AddressImpl.c
+readelf --debug-dump  $STATIC_LIBS_HOME/libnet.a | grep Inet6AddressImpl.c
 %endif
 
 # Check src.zip has all sources. See RHBZ#1130490
@@ -1627,6 +1626,13 @@ done
 %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles}
 
 %changelog
+* Tue Aug 08 2023 Petra Alice Mikova <pmikova@redhat.com> 1:21.0.0.0.34-0.1.ea.rolling
+- initial update to jdk21
+- commented out fips patches
+- updated to jdk21 ea
+- updated patch 1001 - rh1648249-add_commented_out_nss_cfg_provider_to_java_security
+- replace smoketests in staticlibs test, as the previous files used were removed by a patch in JDK
+
 * Thu Aug 03 2023 Jiri Vanek <jvanek@redhat.com> - 1:20.0.2.0.9-1.rolling
 - Update to jdk-20.0.2+9
 - Update release notes to 20.0.2+9
diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
index c178077..ff3a79b 100644
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
@@ -1,12 +1,13 @@
-diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
-index 68a9c1a2d08..7aa25eb2cb7 100644
---- openjdk.orig/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
+diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
+index 5149edba0e5..7676c695b36 100644
+--- a/src/java.base/share/conf/security/java.security
++++ b/src/java.base/share/conf/security/java.security
+@@ -84,6 +84,8 @@ security.provider.tbd=SunMSCAPI
  security.provider.tbd=Apple
  #endif
  security.provider.tbd=SunPKCS11
 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
++
  
  #
- # Security providers used when FIPS mode support is active
+ # A list of preferred providers for specific algorithms. These providers will
diff --git a/sources b/sources
index c44230f..c74d310 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openjdk-jdk20u-jdk-20.0.2+9.tar.xz) = ce5383228c42f612e79e65300c048e91ec3ae5941b6769c67c05aa4e98299f8044b2945e64cd38b2e60f3c7558e608a3baa20cf7af2b0108d48c865a71ee1979
+SHA512 (openjdk-jdk21u-jdk-21+34.tar.xz) = 18254fa72851666d9e80a56dc85052d8711794b9c7f81c3f7a80e3c585b13eab783060b04fc3b3bbddbebbb8c4148109a9e822aba2f54aa3b614fd16149017b2