diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/CVE-2022-2928.patch b/SOURCES/CVE-2022-2928.patch
new file mode 100644
index 0000000..4ad31c4
--- /dev/null
+++ b/SOURCES/CVE-2022-2928.patch
@@ -0,0 +1,32 @@
+diff --git a/common/options.c b/common/options.c
+index a53484e..40238f7 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4499,6 +4499,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4510,6 +4512,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4518,6 +4522,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 
diff --git a/SOURCES/CVE-2022-2929.patch b/SOURCES/CVE-2022-2929.patch
new file mode 100644
index 0000000..938a275
--- /dev/null
+++ b/SOURCES/CVE-2022-2929.patch
@@ -0,0 +1,25 @@
+diff --git a/common/options.c b/common/options.c
+index 40238f7..11b1961 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {
diff --git a/SOURCES/dhcp.sysusers b/SOURCES/dhcp.sysusers
new file mode 100644
index 0000000..4841cdd
--- /dev/null
+++ b/SOURCES/dhcp.sysusers
@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                 Home directory Shell
+g     dhcpd    177
+u     dhcpd    177            "DHCP server"         /              /sbin/nologin
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 3292311..ce39e57 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -15,7 +15,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.4.2
-Release:  17.b1%{?dist}
+Release:  18.b1%{?dist}
 
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
@@ -32,6 +32,7 @@ Source5:  56dhclient
 Source6:  dhcpd.service
 Source7:  dhcpd6.service
 Source8:  dhcrelay.service
+Source9:  dhcp.sysusers
 
 Patch1: 0001-change-bug-url.patch
 Patch2: 0002-additional-dhclient-options.patch
@@ -64,6 +65,8 @@ Patch28: 0028-Fix-for-CVE-2021-25217.patch
 Patch29: 0029-Use-system-getaddrinfo-for-dhcp.patch
 Patch30: CVE-2021-25220.patch
 Patch31: omshell-hmac-sha512-support.patch
+Patch32: CVE-2022-2928.patch
+Patch33: CVE-2022-2929.patch
 
 
 BuildRequires: autoconf
@@ -85,6 +88,7 @@ BuildRequires: doxygen
 BuildRequires: systemtap-sdt-devel
 %global tapsetdir    /usr/share/systemtap/tapset
 %endif
+BuildRequires: systemd-rpm-macros
 
 # In _docdir we ship some perl scripts and module from contrib subdirectory.
 # Because nothing under _docdir is allowed to "require" anything,
@@ -98,11 +102,9 @@ DHCP (Dynamic Host Configuration Protocol)
 %package server
 Summary: Provides the ISC DHCP server
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
-Requires(pre): shadow-utils
 Requires(post): coreutils grep sed
-Requires(post): systemd
-Requires(preun): systemd
-Requires(postun): systemd
+%{?sysusers_requires_compat}
+%{?systemd_requires}
 
 %description server
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@@ -117,9 +119,7 @@ This package provides the ISC DHCP server.
 Summary: Provides the ISC DHCP relay agent
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires(post): grep sed
-Requires(post): systemd
-Requires(preun): systemd
-Requires(postun): systemd
+%{?systemd_requires}
 
 %description relay
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
@@ -200,7 +200,7 @@ This package contains doxygen-generated documentation.
 %prep
 %setup -n dhcp-%{DHCPVERSION}
 pushd bind
-tar -xvf bind.tar.gz
+tar -xf bind.tar.gz
 ln -s bind-9* bind
 popd
 %autopatch -p1 
@@ -288,6 +288,9 @@ install -m 644 %{SOURCE6} %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE7} %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE8} %{buildroot}%{_unitdir}
 
+# systemd-sysusers
+install -p -D -m 0644 %{SOURCE9} %{buildroot}%{_sysusersdir}/dhcp.conf
+
 # Start empty lease databases
 mkdir -p %{buildroot}%{_localstatedir}/lib/dhcpd/
 touch %{buildroot}%{_localstatedir}/lib/dhcpd/dhcpd.leases
@@ -364,17 +367,7 @@ install -D -p -m 0644 contrib/ldap/dhcp.schema %{buildroot}%{_sysconfdir}/openld
 find %{buildroot} -type f -name "*.la" -delete -print
 
 %pre server
-# /usr/share/doc/setup/uidgid
-%global gid_uid 177
-getent group dhcpd >/dev/null || groupadd --force --gid %{gid_uid} --system dhcpd
-if ! getent passwd dhcpd >/dev/null ; then
-    if ! getent passwd %{gid_uid} >/dev/null ; then
-      useradd --system --uid %{gid_uid} --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd
-    else
-      useradd --system --gid dhcpd --home / --shell /sbin/nologin --comment "DHCP server" dhcpd
-    fi
-fi
-exit 0
+%sysusers_create_compat %{SOURCE9}
 
 %post server
 # Initial installation
@@ -458,6 +451,7 @@ done
 %config(noreplace) %{_sysconfdir}/openldap/schema/dhcp.schema
 %attr(0644,root,root)   %{_unitdir}/dhcpd.service
 %attr(0644,root,root)   %{_unitdir}/dhcpd6.service
+%{_sysusersdir}/dhcp.conf
 %{_sbindir}/dhcpd
 %{_bindir}/omshell
 %attr(0644,root,root) %{_mandir}/man1/omshell.1.gz
@@ -514,8 +508,10 @@ done
 %endif
 
 %changelog
-* Tue Sep 27 2022 CentOS Sources <bugs@centos.org> - 4.4.2-17.b1.el9.centos
-- Apply debranding changes
+* Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
+- Fix for CVE-2022-2928
+- Fix for CVE-2022-2929
+- Use systemd-sysusers for dhcp user and group (#2095396)
 
 * Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-17.b1
 - omshell: add support for hmac-sha512 algorithm (#2083553)