diff --git a/SOURCES/bind-99-dyndb-rh1142150.patch b/SOURCES/bind-99-dyndb-rh1142150.patch
new file mode 100644
index 0000000..0ff2fbf
--- /dev/null
+++ b/SOURCES/bind-99-dyndb-rh1142150.patch
@@ -0,0 +1,114 @@
+From 1f6c240231fcb9fe8bc4a28f3359201c2a1d8465 Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza@redhat.com>
+Date: Wed, 17 Sep 2014 20:00:39 +0200
+Subject: [PATCH] Fix for BZ #1142150
+
+Signed-off-by: Tomas Hozza <thozza@redhat.com>
+---
+ bin/named/server.c               | 14 +++++++++-----
+ lib/dns/dynamic_db.c             | 12 ++++++++++--
+ lib/dns/include/dns/dynamic_db.h |  2 +-
+ 3 files changed, 20 insertions(+), 8 deletions(-)
+
+diff --git a/bin/named/server.c b/bin/named/server.c
+index ee04dda..6f8b0f0 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -1302,6 +1302,12 @@ configure_dynamic_db(const cfg_obj_t *dynamic_db, isc_mem_t *mctx,
+ 	CHECK(dns_dynamic_db_load(libname, name, mctx, argv, dyndb_args));
+ 
+ cleanup:
++
++	if (result != ISC_R_SUCCESS)
++		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
++		              NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
++		              "dynamic database '%s' configuration failed: %s",
++		              name, isc_result_totext(result));
+ 	if (argv != NULL)
+ 		isc_mem_free(mctx, argv);
+ 
+@@ -2165,6 +2171,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ 	unsigned int query_timeout, ndisp;
+ 	struct cfg_context *nzctx;
+ 	dns_rpz_zone_t *rpz;
++	dns_dyndb_arguments_t *args = NULL;
+ 
+ 	REQUIRE(DNS_VIEW_VALID(view));
+ 
+@@ -3330,8 +3337,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ 		(void)cfg_map_get(config, "dynamic-db", &dynamic_db_list);
+ 	element = cfg_list_first(dynamic_db_list);
+ 	if (element != NULL) {
+-		dns_dyndb_arguments_t *args;
+-
+ 		args = dns_dyndb_arguments_create(mctx);
+ 		if (args == NULL) {
+ 			result = ISC_R_NOMEMORY;
+@@ -3344,11 +3349,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ 		while (element != NULL) {
+ 			obj = cfg_listelt_value(element);
+ 			CHECK(configure_dynamic_db(obj, mctx, args));
+-		
+ 			element = cfg_list_next(element);
+ 		}
+-
+-		dns_dyndb_arguments_destroy(mctx, args);
+ 	}
+ 
+ 	/*
+@@ -3536,6 +3538,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ 
+ 	if (cache != NULL)
+ 		dns_cache_detach(&cache);
++	if (args != NULL)
++		dns_dyndb_arguments_destroy(mctx, &args);
+ 
+ 	return (result);
+ }
+diff --git a/lib/dns/dynamic_db.c b/lib/dns/dynamic_db.c
+index bf83161..a0d26eb 100644
+--- a/lib/dns/dynamic_db.c
++++ b/lib/dns/dynamic_db.c
+@@ -280,9 +280,15 @@ dns_dyndb_arguments_create(isc_mem_t *mctx)
+ }
+ 
+ void
+-dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args)
++dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t **argsp)
+ {
+-	REQUIRE(args != NULL);
++	dns_dyndb_arguments_t *args;
++
++	REQUIRE(argsp != NULL);
++
++	args = *argsp;
++	if (args == NULL)
++		return;
+ 
+ 	dns_dyndb_set_view(args, NULL);
+ 	dns_dyndb_set_zonemgr(args, NULL);
+@@ -290,6 +296,8 @@ dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args)
+ 	dns_dyndb_set_timermgr(args, NULL);
+ 
+ 	isc_mem_put(mctx, args, sizeof(*args));
++
++	*argsp = NULL;
+ }
+ 
+ void
+diff --git a/lib/dns/include/dns/dynamic_db.h b/lib/dns/include/dns/dynamic_db.h
+index 673ad4b..5ecee0e 100644
+--- a/lib/dns/include/dns/dynamic_db.h
++++ b/lib/dns/include/dns/dynamic_db.h
+@@ -35,7 +35,7 @@ isc_result_t dns_dynamic_db_load(const char *libname, const char *name,
+ void dns_dynamic_db_cleanup(isc_boolean_t exiting);
+ 
+ dns_dyndb_arguments_t *dns_dyndb_arguments_create(isc_mem_t *mctx);
+-void dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args);
++void dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t **argsp);
+ 
+ void dns_dyndb_set_view(dns_dyndb_arguments_t *args, dns_view_t *view);
+ dns_view_t *dns_dyndb_get_view(dns_dyndb_arguments_t *args);
+-- 
+1.9.3
+
diff --git a/SOURCES/bind99-rh1067424.patch b/SOURCES/bind99-rh1067424.patch
new file mode 100644
index 0000000..9f5faf8
--- /dev/null
+++ b/SOURCES/bind99-rh1067424.patch
@@ -0,0 +1,41 @@
+From 09f1a6e812c02bd8bf1644e2253e21c26d25613a Mon Sep 17 00:00:00 2001
+From: Tomas Hozza <thozza@redhat.com>
+Date: Thu, 20 Feb 2014 11:01:00 +0100
+Subject: [PATCH] check TSIG key ID when receiving NOTIFY
+
+Signed-off-by: Tomas Hozza <thozza@redhat.com>
+---
+ lib/dns/zone.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/dns/zone.c b/lib/dns/zone.c
+index 01ff97b..54b7896 100644
+--- a/lib/dns/zone.c
++++ b/lib/dns/zone.c
+@@ -11846,6 +11846,8 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
+ 	int match = 0;
+ 	isc_netaddr_t netaddr;
+ 	isc_sockaddr_t local, remote;
++	dns_tsigkey_t *tsigkey;
++	dns_name_t *tsig;
+ 
+ 	REQUIRE(DNS_ZONE_VALID(zone));
+ 
+@@ -11928,10 +11930,12 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
+ 
+ 	/*
+ 	 * Accept notify requests from non masters if they are on
+-	 * 'zone->notify_acl'.
++	 * 'zone->notify_acl' or if used key ID match the ACLs.
+ 	 */
++	tsigkey = dns_message_gettsigkey(msg);
++	tsig = dns_tsigkey_identity(tsigkey);
+ 	if (i >= zone->masterscnt && zone->notify_acl != NULL &&
+-	    dns_acl_match(&netaddr, NULL, zone->notify_acl,
++	    dns_acl_match(&netaddr, tsig, zone->notify_acl,
+ 			  &zone->view->aclenv,
+ 			  &match, NULL) == ISC_R_SUCCESS &&
+ 	    match > 0)
+-- 
+1.8.5.3
+
diff --git a/SOURCES/bind99-rh1072379.patch b/SOURCES/bind99-rh1072379.patch
new file mode 100644
index 0000000..2eb0cc2
--- /dev/null
+++ b/SOURCES/bind99-rh1072379.patch
@@ -0,0 +1,53 @@
+From 7f5bdf7f4063c2fefb18900468d2c851f8de7816 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Tue, 18 Feb 2014 23:32:02 -0800
+Subject: [PATCH] [master] fix dns_resolver_destroyfetch race
+
+3747.	[bug]		A race condition could lead to a core dump when
+			destroying a resolver fetch object. [RT #35385]
+---
+ lib/dns/resolver.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index fa188c1..66ab41f 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -357,6 +357,7 @@ typedef struct {
+ 
+ struct dns_fetch {
+ 	unsigned int			magic;
++	isc_mem_t *			mctx;
+ 	fetchctx_t *			private;
+ };
+ 
+@@ -8561,6 +8562,8 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 	fetch = isc_mem_get(res->mctx, sizeof(*fetch));
+ 	if (fetch == NULL)
+ 		return (ISC_R_NOMEMORY);
++	fetch->mctx = NULL;
++	isc_mem_attach(res->mctx, &fetch->mctx);
+ 
+ 	bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets;
+ 
+@@ -8651,7 +8654,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 		FTRACE("created");
+ 		*fetchp = fetch;
+ 	} else
+-		isc_mem_put(res->mctx, fetch, sizeof(*fetch));
++		isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
+ 
+ 	return (result);
+ }
+@@ -8742,7 +8745,7 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp) {
+ 
+ 	UNLOCK(&res->buckets[bucketnum].lock);
+ 
+-	isc_mem_put(res->mctx, fetch, sizeof(*fetch));
++	isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch));
+ 	*fetchp = NULL;
+ 
+ 	if (bucket_empty)
+-- 
+1.9.0
+
diff --git a/SOURCES/bind99-rh1098959.patch b/SOURCES/bind99-rh1098959.patch
new file mode 100644
index 0000000..ef4ce0a
--- /dev/null
+++ b/SOURCES/bind99-rh1098959.patch
@@ -0,0 +1,164 @@
+diff -up bind-9.8.2rc1/bin/named/include/named/lwresd.h.lwres_tasks_clients bind-9.8.2rc1/bin/named/include/named/lwresd.h
+--- bind-9.8.2rc1/bin/named/include/named/lwresd.h.lwres_tasks_clients	2007-06-20 01:46:59.000000000 +0200
++++ bind-9.8.2rc1/bin/named/include/named/lwresd.h	2014-05-19 09:41:56.792427201 +0200
+@@ -36,6 +36,8 @@ struct ns_lwresd {
+ 	dns_view_t *view;
+ 	ns_lwsearchlist_t *search;
+ 	unsigned int ndots;
++	unsigned int ntasks;
++	unsigned int nclients;
+ 	isc_mem_t *mctx;
+ 	isc_boolean_t shutting_down;
+ 	unsigned int refs;
+diff -up bind-9.8.2rc1/bin/named/lwresd.c.lwres_tasks_clients bind-9.8.2rc1/bin/named/lwresd.c
+--- bind-9.8.2rc1/bin/named/lwresd.c.lwres_tasks_clients	2009-09-03 01:48:01.000000000 +0200
++++ bind-9.8.2rc1/bin/named/lwresd.c	2014-05-19 09:41:56.793427201 +0200
+@@ -60,11 +60,7 @@
+ #define LWRESLISTENER_MAGIC	ISC_MAGIC('L', 'W', 'R', 'L')
+ #define VALID_LWRESLISTENER(l)	ISC_MAGIC_VALID(l, LWRESLISTENER_MAGIC)
+ 
+-/*!
+- * The total number of clients we can handle will be NTASKS * NRECVS.
+- */
+-#define NTASKS		2	/*%< tasks to create to handle lwres queries */
+-#define NRECVS		2	/*%< max clients per task */
++#define LWRESD_NCLIENTS_MAX		32768	/*%< max clients per task */
+ 
+ typedef ISC_LIST(ns_lwreslistener_t) ns_lwreslistenerlist_t;
+ 
+@@ -395,6 +391,24 @@ ns_lwdmanager_create(isc_mem_t *mctx, co
+ 		}
+ 	}
+ 
++	obj = NULL;
++	(void)cfg_map_get(lwres, "lwres-tasks", &obj);
++	if (obj != NULL)
++		lwresd->ntasks = cfg_obj_asuint32(obj);
++	else
++		lwresd->ntasks = ns_g_cpus;
++
++	obj = NULL;
++	(void)cfg_map_get(lwres, "lwres-clients", &obj);
++	if (obj != NULL) {
++		lwresd->nclients = cfg_obj_asuint32(obj);
++		if (lwresd->nclients > LWRESD_NCLIENTS_MAX)
++			lwresd->nclients = LWRESD_NCLIENTS_MAX;
++	} else if (ns_g_lwresdonly)
++		lwresd->nclients = 1024;
++	else
++		lwresd->nclients = 256;
++
+ 	lwresd->magic = LWRESD_MAGIC;
+ 
+ 	*lwresdp = lwresd;
+@@ -604,15 +618,24 @@ static isc_result_t
+ listener_startclients(ns_lwreslistener_t *listener) {
+ 	ns_lwdclientmgr_t *cm;
+ 	unsigned int i;
+-	isc_result_t result;
++	isc_result_t result = ISC_R_SUCCESS;
++
++	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
++		      NS_LOGMODULE_LWRESD, ISC_LOG_DEBUG(6),
++		      "listener_startclients: creating %d "
++		      "managers with %d clients each",
++		      listener->manager->ntasks, listener->manager->nclients);
+ 
+ 	/*
+ 	 * Create the client managers.
+ 	 */
+-	result = ISC_R_SUCCESS;
+-	for (i = 0; i < NTASKS && result == ISC_R_SUCCESS; i++)
+-		result = ns_lwdclientmgr_create(listener, NRECVS,
++	for (i = 0; i < listener->manager->ntasks; i++) {
++		result = ns_lwdclientmgr_create(listener,
++						listener->manager->nclients,
+ 						ns_g_taskmgr);
++		if (result != ISC_R_SUCCESS)
++			break;
++	}
+ 
+ 	/*
+ 	 * Ensure that we have created at least one.
+diff -up bind-9.8.2rc1/bin/named/named.conf.docbook.lwres_tasks_clients bind-9.8.2rc1/bin/named/named.conf.docbook
+--- bind-9.8.2rc1/bin/named/named.conf.docbook.lwres_tasks_clients	2011-11-07 01:31:47.000000000 +0100
++++ bind-9.8.2rc1/bin/named/named.conf.docbook	2014-05-19 09:41:56.793427201 +0200
+@@ -185,6 +185,8 @@ lwres {
+ 	view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
+ 	search { <replaceable>string</replaceable>; ... };
+ 	ndots <replaceable>integer</replaceable>;
++	lwres-tasks <replaceable>integer</replaceable>;
++	lwres-clients <replaceable>integer</replaceable>;
+ };
+ </literallayout>
+   </refsect1>
+diff -up bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml.lwres_tasks_clients bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml
+--- bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml.lwres_tasks_clients	2014-05-19 09:41:56.770427201 +0200
++++ bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml	2014-05-19 10:26:40.147380836 +0200
+@@ -2964,7 +2964,12 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.
+         be configured to act as a lightweight resolver daemon using the
+         <command>lwres</command> statement in <filename>named.conf</filename>.
+       </para>
+-
++      <para>
++        The number of client queries that the <command>lwresd</command>
++        daemon is able to serve can be set using the
++        <option>lwres-tasks</option> and <option>lwres-clients</option> 
++        statements in the configuration.
++      </para>
+     </sect1>
+   </chapter>
+ 
+@@ -4959,6 +4964,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
+     <optional> view <replaceable>view_name</replaceable>; </optional>
+     <optional> search { <replaceable>domain_name</replaceable> ; <optional> <replaceable>domain_name</replaceable> ; ... </optional> }; </optional>
+     <optional> ndots <replaceable>number</replaceable>; </optional>
++    <optional> lwres-tasks <replaceable>number</replaceable>; </optional>
++    <optional> lwres-clients <replaceable>number</replaceable>; </optional>
+ };
+ </programlisting>
+ 
+@@ -5017,6 +5024,31 @@ badresp:1,adberr:0,findfail:0,valfail:0]
+           number of dots in a relative domain name that should result in an
+           exact match lookup before search path elements are appended.
+         </para>
++        <para>
++          The <option>lwres-tasks</option> statement specifies the number
++          of worker threads the lightweight resolver will dedicate to serving
++          clients.  By default the number is the same as the number of CPUs on
++          the system; this can be overridden using the <option>-n</option>
++          command line option when starting the server. 
++        </para>
++        <para>
++          The <option>lwres-clients</option> specifies
++          the number of client objects per thread the lightweight
++          resolver should create to serve client queries.
++          By default, if the lightweight resolver runs as a part
++          of <command>named</command>, 256 client objects are
++          created for each task; if it runs as <command>lwresd</command>,
++          1024 client objects are created for each thread. The maximum
++          value is 32768; higher values will be silently ignored and
++          the maximum will be used instead.
++          Note that setting too high a value may overconsume
++          system resources.
++        </para>
++        <para>
++          The maximum number of client queries that the lightweight
++          resolver can handle at any one time equals
++          <option>lwres-tasks</option> times <option>lwres-clients</option>.
++        </para>
+       </sect2>
+       <sect2>
+         <title><command>masters</command> Statement Grammar</title>
+diff -up bind-9.8.2rc1/lib/isccfg/namedconf.c.lwres_tasks_clients bind-9.8.2rc1/lib/isccfg/namedconf.c
+--- bind-9.8.2rc1/lib/isccfg/namedconf.c.lwres_tasks_clients	2014-05-19 09:41:56.771427201 +0200
++++ bind-9.8.2rc1/lib/isccfg/namedconf.c	2014-05-19 09:41:56.797427201 +0200
+@@ -2563,6 +2563,8 @@ lwres_clauses[] = {
+ 	{ "view", &cfg_type_lwres_view, 0 },
+ 	{ "search", &cfg_type_lwres_searchlist, 0 },
+ 	{ "ndots", &cfg_type_uint32, 0 },
++	{ "lwres-tasks", &cfg_type_uint32, 0},
++	{ "lwres-clients", &cfg_type_uint32, 0},
+ 	{ NULL, NULL, 0 }
+ };
+ 
diff --git a/SOURCES/generate-rndc-key.sh b/SOURCES/generate-rndc-key.sh
index 454e7fe..194e65b 100755
--- a/SOURCES/generate-rndc-key.sh
+++ b/SOURCES/generate-rndc-key.sh
@@ -6,7 +6,7 @@
 
 if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
   echo -n $"Generating /etc/rndc.key:"
-  if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then
+  if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then
     chmod 640 /etc/rndc.key
     chown root.named /etc/rndc.key
     [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index 6979f7c..1f0f345 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -29,7 +29,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  14%{?PATCHVER}%{?PREVER}%{?dist}.1
+Release:  18%{?PATCHVER}%{?PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -93,7 +93,10 @@ Patch140:bind99-ISC-Bugs-34870-v3.patch
 Patch141:bind99-ISC-Bugs-35073.patch
 Patch142:bind99-ISC-Bugs-35080.patch
 Patch143:bind99-CVE-2014-0591.patch
-Patch144:bind99-CVE-2014-8500.patch
+Patch144:bind99-rh1067424.patch
+Patch145:bind99-rh1072379.patch
+Patch146:bind99-rh1098959.patch
+Patch147:bind99-CVE-2014-8500.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -103,6 +106,7 @@ Patch62: bind-9.5-sdb-sqlite-bld.patch
 # needs inpection
 Patch17: bind-9.3.2b1-fix_sdb_ldap.patch
 Patch104: bind-96-dyndb.patch
+Patch105: bind-99-dyndb-rh1142150.patch
 
 # IDN paches
 Patch73: bind-9.5-libidn.patch
@@ -166,6 +170,7 @@ will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex.
 Summary: BIND server with database backends and DLZ support
 Group:   System Environment/Daemons
 Requires: bind
+Requires: bind-libs = %{epoch}:%{version}-%{release}
 Requires: systemd-units
 
 %description sdb
@@ -210,6 +215,7 @@ Contains license of the BIND DNS suite.
 %package utils
 Summary: Utilities for querying DNS name servers
 Group:   Applications/System
+Requires: bind-libs = %{epoch}:%{version}-%{release}
 
 %description utils
 Bind-utils contains a collection of utilities for querying DNS (Domain
@@ -280,6 +286,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
 %patch10 -p1 -b .PIE
 %patch16 -p1 -b .redhat_doc
 %patch104 -p1 -b .dyndb
+%patch105 -p1 -b .dyndb_rh1142150
 %ifnarch alpha ia64
 %patch72 -p1 -b .64bit
 %endif
@@ -312,7 +319,10 @@ popd
 %patch141 -p1 -b .leak_35073
 %patch142 -p1 -b .rbt_crash
 %patch143 -p1 -b .CVE-2014-059
-%patch144 -p1 -b .CVE-2014-8500
+%patch144 -p1 -b .rh1067424
+%patch145 -p1 -b .rh1072379
+%patch146 -p1 -b .rh1098959
+%patch147 -p1 -b .CVE-2014-8500
 
 %if %{SDB}
 %patch101 -p1 -b .old-api
@@ -387,6 +397,7 @@ libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
   --with-pkcs11=%{_libdir}/pkcs11/PKCS11_API.so \
 %endif
 %if %{SDB}
+  --with-dlopen=yes \
   --with-dlz-ldap=yes \
   --with-dlz-postgres=yes \
   --with-dlz-mysql=yes \
@@ -627,7 +638,7 @@ if [ "$1" -gt 0 ]; then
 fi
 :;
 
-%triggerun -- bind < bind-9.9.0-0.6.rc1
+%triggerun -- bind < 32:9.9.0-0.6.rc1
 /sbin/chkconfig --del named >/dev/null 2>&1 || :
 /bin/systemctl try-restart named.service >/dev/null 2>&1 || :
 
@@ -639,6 +650,16 @@ fi
 
 %postun libs-lite -p /sbin/ldconfig
 
+%pre chroot
+# updating
+if [ "$1" -gt 1 ]; then
+    # if %%{chroot_prefix}/var/run is a directory, remove it
+    # fix for Bug #1091341
+    if [ -d %{chroot_prefix}/var/run ]; then
+        rm -rf %{chroot_prefix}/var/run
+    fi
+fi
+
 %post chroot
 %systemd_post named-chroot.service
 if [ "$1" -gt 0 ]; then
@@ -921,8 +942,23 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
-* Wed Dec 10 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-14.1
-- Fix CVE-2014-8500 (#1171975)
+* Wed Dec 10 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18
+- Fix CVE-2014-8500 (#1171976)
+
+* Thu Sep 18 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-17
+- Fix error in dyndb API that can cause named to freeze on shutdown (#1142150)
+- Fix error in triggerun scriptlet (#1143033)
+- Remove /var/named/chroot/var/run on bind-chroot update if it is a directory (#1091341)
+
+* Thu Aug 21 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-16
+- Add versioned requires on bind-libs to bind-utils and bind-sdb
+
+* Wed Aug 20 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-15
+- Use /dev/urandom when generating rndc.key file (#1107568)
+- Allow authentication using TSIG in allow-notify configuration statement (#1067424)
+- Fix race condition when destroying a resolver fetch object (#1072379)
+- Increase defaults for lwresd workers and make workers and client objects number configurable (#1098959)
+- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#1096688)
 
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 32:9.9.4-14
 - Mass rebuild 2014-01-24