diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/dhcp-bind-9.11.patch b/SOURCES/dhcp-bind-9.11.patch
new file mode 100644
index 0000000..d404197
--- /dev/null
+++ b/SOURCES/dhcp-bind-9.11.patch
@@ -0,0 +1,85 @@
+From ffb24c0bbd4d6f2b4718a1a8f4f2da237cc6ed66 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 14 Sep 2018 13:41:41 -0400
+Subject: [PATCH] [master] Added includes of new BIND9 compatibility headers,
+ updated util/bind.sh
+
+    Merges in rt48072.
+
+(cherry picked from commit 8194daabfd590f17825f0c61e9534bee5c99cc86)
+---
+ includes/omapip/isclib.h |  3 +++
+ includes/omapip/result.h |  1 +
+ server/dhcpv6.c          | 13 +++++++++----
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index e2963089..fa5d9ad3 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -48,6 +48,9 @@
+ #include <string.h>
+ #include <netdb.h>
+ 
++#include <isc/boolean.h>
++#include <isc/int.h>
++
+ #include <isc/buffer.h>
+ #include <isc/lex.h>
+ #include <isc/lib.h>
+diff --git a/includes/omapip/result.h b/includes/omapip/result.h
+index ae5f7d6a..9c1fab23 100644
+--- a/includes/omapip/result.h
++++ b/includes/omapip/result.h
+@@ -26,6 +26,7 @@
+ #ifndef DHCP_RESULT_H
+ #define DHCP_RESULT_H 1
+ 
++#include <isc/boolean.h>
+ #include <isc/lang.h>
+ #include <isc/resultclass.h>
+ #include <isc/types.h>
+diff --git a/server/dhcpv6.c b/server/dhcpv6.c
+index 74487667..1a6ff241 100644
+--- a/server/dhcpv6.c
++++ b/server/dhcpv6.c
+@@ -1003,7 +1003,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 				  shared_name,
+ 				  inet_ntop(AF_INET6, &lease->addr,
+ 					    tmp_addr, sizeof(tmp_addr)),
+-				  used, count);
++				  (long long unsigned)(used),
++				  (long long unsigned)(count));
+ 		}
+ 		return;
+ 	}
+@@ -1035,7 +1036,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 		  "address: %s; high threshold %d%% %llu/%llu.",
+ 		  shared_name,
+ 		  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
+-		  poolhigh, used, count);
++		  poolhigh, (long long unsigned)(used),
++		  (long long unsigned)(count));
+ 
+ 	/* handle the low threshold now, if we don't
+ 	 * have one we default to 0. */
+@@ -1383,12 +1385,15 @@ pick_v6_address(struct reply_state *reply)
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  " 2^64-1 < total, %llu active,  %llu abandoned",
+-			  shared_name, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(active - abandoned),
++			  (long long unsigned)(abandoned));
+ 	} else {
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  "%llu total, %llu active,  %llu abandoned",
+-			  shared_name, total, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(total),
++			  (long long unsigned)(active - abandoned),
++		          (long long unsigned)(abandoned));
+ 	}
+ 
+ 	return ISC_R_NORESOURCES;
+-- 
+2.14.5
diff --git a/SOURCES/dhcp-detect-system-time-jumps.patch b/SOURCES/dhcp-detect-system-time-jumps.patch
new file mode 100644
index 0000000..cf38d0d
--- /dev/null
+++ b/SOURCES/dhcp-detect-system-time-jumps.patch
@@ -0,0 +1,93 @@
+From 41c6032ace65119e6a400365f7e90283c930afd4 Mon Sep 17 00:00:00 2001
+From: Pavel Zhukov <pzhukov@redhat.com>
+Date: Tue, 22 Oct 2019 16:23:01 +0200
+Subject: [PATCH 24/26] Detect system time changes
+Cc: pzhukov@redhat.com
+
+---
+ client/dhclient.c |  6 ++++++
+ common/dispatch.c | 11 ++++++++++-
+ includes/dhcpd.h  |  3 ++-
+ server/dhcpd.c    |  6 ++++++
+ 4 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/client/dhclient.c b/client/dhclient.c
+index 9b65438..44d508a 100644
+--- a/client/dhclient.c
++++ b/client/dhclient.c
+@@ -5408,6 +5408,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ 		  case server_awaken:
+ 		    state_reboot (client);
+ 		    break;
++
++                  case server_time_changed:
++                    if (client->active){
++                      state_reboot (client);
++                    }
++                    break;
+ 		}
+ 	    }
+ 	}
+diff --git a/common/dispatch.c b/common/dispatch.c
+index d7fe200..8a24499 100644
+--- a/common/dispatch.c
++++ b/common/dispatch.c
+@@ -118,7 +118,6 @@ dispatch(void)
+ 		 * signal. It will return ISC_R_RELOAD in that
+ 		 * case. That is a normal behavior.
+ 		 */
+-
+ 		if (status == ISC_R_RELOAD) {
+ 			/*
+ 			 * dhcp_set_control_state() will do the job.
+@@ -129,6 +128,16 @@ dispatch(void)
+ 			if (status == ISC_R_SUCCESS)
+ 				status = ISC_R_RELOAD;
+ 		}
++
++                
++                if (status == ISC_R_TIMESHIFTED){
++                  status = dhcp_set_control_state(server_time_changed,
++                                                  server_time_changed);
++                  status = ISC_R_RELOAD;
++                  log_info ("System time has been changed. Unable to use existing leases. Restarting");
++                  // do nothing, restart context
++                };
++
+ 	} while (status == ISC_R_RELOAD);
+ 
+ 	log_fatal ("Dispatch routine failed: %s -- exiting",
+diff --git a/includes/dhcpd.h b/includes/dhcpd.h
+index 635c510..ec6c227 100644
+--- a/includes/dhcpd.h
++++ b/includes/dhcpd.h
+@@ -524,7 +524,8 @@ typedef enum {
+ 	server_running = 1,
+ 	server_shutdown = 2,
+ 	server_hibernate = 3,
+-	server_awaken = 4
++	server_awaken = 4,
++        server_time_changed = 5
+ } control_object_state_t;
+ 
+ typedef struct {
+diff --git a/server/dhcpd.c b/server/dhcpd.c
+index 530a923..4aef16b 100644
+--- a/server/dhcpd.c
++++ b/server/dhcpd.c
+@@ -1767,6 +1767,12 @@ isc_result_t dhcp_set_control_state (control_object_state_t oldstate,
+ {
+ 	struct timeval tv;
+ 
++        if (newstate == server_time_changed){
++          log_error ("System time has been changed. Leases information unreliable!");
++          return ISC_R_SUCCESS;
++        }
++
++                
+ 	if (newstate != server_shutdown)
+ 		return DHCP_R_INVALIDARG;
+ 	/* Re-entry. */
+-- 
+2.14.5
+
diff --git a/SOURCES/dhcp-replay_file_limit.patch b/SOURCES/dhcp-replay_file_limit.patch
index e58ccdf..3859e78 100644
--- a/SOURCES/dhcp-replay_file_limit.patch
+++ b/SOURCES/dhcp-replay_file_limit.patch
@@ -1,5 +1,5 @@
 diff --git a/server/confpars.c b/server/confpars.c
-index d79489b..c20d618 100644
+index d79489b..2b1e393 100644
 --- a/server/confpars.c
 +++ b/server/confpars.c
 @@ -134,6 +134,11 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
@@ -7,39 +7,38 @@ index d79489b..c20d618 100644
  	cfile = (struct parse *)0;
  #if defined (TRACING)
 +	// No need to dmalloc huge memory region if we're not going to re-play
-+	if (!trace_playback()){
++	if (!trace_record()){
 +		status = new_parse(&cfile, file, NULL, 0, filename, 0);
 +		goto noreplay;
 +	};
  	flen = lseek (file, (off_t)0, SEEK_END);
  	if (flen < 0) {
  	      boom:
-@@ -174,6 +179,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+@@ -165,7 +170,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
+ 	if (result != ulen)
+ 		log_fatal ("%s: short read of %d bytes instead of %d.",
+ 			   filename, ulen, result);
+-	close (file);
+       memfile:
+ 	/* If we're recording, write out the filename and file contents. */
+ 	if (trace_record ())
+@@ -174,6 +178,9 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
  #else
  	status = new_parse(&cfile, file, NULL, 0, filename, 0);
  #endif
 +      noreplay:
++	if (!trace_playback())
++		close (file);
  	if (status != ISC_R_SUCCESS || cfile == NULL)
  		return status;
  
-diff --git a/server/confpars.c b/server/confpars.c
-index 3aecd05..5be4ab1 100644
---- a/server/confpars.c
-+++ b/server/confpars.c
-@@ -176,6 +176,7 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
- 	if (trace_record ())
- 		trace_write_packet (ttype, ulen + tflen + 1, dbuf, MDL);
- 	status = new_parse(&cfile, -1, fbuf, ulen, filename, 0); /* XXX */
-+	dfree(dbuf, MDL);
- #else
- 	status = new_parse(&cfile, file, NULL, 0, filename, 0);
- #endif
-@@ -188,9 +189,6 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
- 	else
+@@ -183,7 +190,8 @@ isc_result_t read_conf_file (const char *filename, struct group *group,
  		status = conf_file_subparse (cfile, group, group_type);
  	end_parse (&cfile);
--#if defined (TRACING)
+ #if defined (TRACING)
 -	dfree (dbuf, MDL);
--#endif
++	if (trace_record())
++	    dfree (dbuf, MDL);
+ #endif
  	return status;
  }
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 9c226a5..0ab63e9 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  34%{?dist}
+Release:  40%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -81,6 +81,8 @@ Patch44:  dhcp-replay_file_limit.patch
 Patch45:  dhcp-4.2.5-expiry_before_renewal_v2.patch
 Patch46:  dhcp-dhclient_ipv6_prefix.patch
 Patch47:  dhcp-isc_heap_delete.patch
+Patch48:  dhcp-bind-9.11.patch
+Patch49:  dhcp-detect-system-time-jumps.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -90,7 +92,7 @@ BuildRequires: openldap-devel
 BuildRequires: krb5-devel
 BuildRequires: libcap-ng-devel
 # https://fedorahosted.org/fpc/ticket/502#comment:3
-BuildRequires: bind-export-devel
+BuildRequires: bind-export-devel >= 9.11.11
 BuildRequires: systemd systemd-devel
 # dhcp-sd_notify.patch
 BuildRequires: pkgconfig(libsystemd)
@@ -351,6 +353,11 @@ rm bind/bind.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=1704672
 %patch47 -p1 -b .heap-delete
 
+## https://bugzilla.redhat.com/show_bug.cgi?id=1762796
+%patch48 -p1 -b .isc-types
+
+%patch49 -p1 -b .time-change
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -687,8 +694,23 @@ done
 %endif
 
 %changelog
-* Tue Nov 05 2019 CentOS Sources <bugs@centos.org> - 4.3.6-34.el8.centos
-- Apply debranding changes
+* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-40
+- Rebuild with bind-9.11.13 again
+
+* Tue Nov 26 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-39
+- Resolves: #1757475 - Close replay files properly
+
+* Mon Nov 25 2019 Petr Menšík <pemensik@redhat.com> - 12:4.3.6-38
+- Rebuild with bind-9.11.13
+
+* Wed Nov 20 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
+- Resolves: #1729211 - detect system time changes with monotonic timer
+
+* Tue Nov 19 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-36
+- Resolves: #1757475 - fix FD leak in nonreplay mode
+
+* Tue Oct 22 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-35
+- Rebuild with bind-9.11
 
 * Mon May 13 2019 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-34
 - Resolves: #1704672 - Fix crash caused by bind rebase