diff --git a/avahi-0.9-CVE-2024-52615.patch b/avahi-0.9-CVE-2024-52615.patch
deleted file mode 100644
index 3a36c57..0000000
--- a/avahi-0.9-CVE-2024-52615.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Wed, 27 Nov 2024 18:07:32 +0100
-Subject: [PATCH] core/wide-area: fix for CVE-2024-52615
-
----
- avahi-core/wide-area.c | 128 ++++++++++++++++++++++-------------------
- 1 file changed, 69 insertions(+), 59 deletions(-)
-
-diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
-index 00a15056e..06df7afc6 100644
---- a/avahi-core/wide-area.c
-+++ b/avahi-core/wide-area.c
-@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup {
- 
-     AvahiAddress dns_server_used;
- 
-+    int fd;
-+    AvahiWatch *watch;
-+    AvahiProtocol proto;
-+
-     AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups);
-     AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key);
- };
-@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup {
- struct AvahiWideAreaLookupEngine {
-     AvahiServer *server;
- 
--    int fd_ipv4, fd_ipv6;
--    AvahiWatch *watch_ipv4, *watch_ipv6;
--
-     /* Cache */
-     AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache);
-     AvahiHashmap *cache_by_key;
-@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i
-     return l;
- }
- 
-+static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata);
-+
- static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) {
-+    AvahiWideAreaLookupEngine *e;
-     AvahiAddress *a;
-+    AvahiServer *s;
-+    AvahiWatch *w;
-+    int r;
- 
-     assert(l);
-     assert(p);
- 
--    if (l->engine->n_dns_servers <= 0)
-+    e = l->engine;
-+    assert(e);
-+
-+    s = e->server;
-+    assert(s);
-+
-+    if (e->n_dns_servers <= 0)
-         return -1;
- 
--    assert(l->engine->current_dns_server < l->engine->n_dns_servers);
-+    assert(e->current_dns_server < e->n_dns_servers);
- 
--    a = &l->engine->dns_servers[l->engine->current_dns_server];
-+    a = &e->dns_servers[e->current_dns_server];
-     l->dns_server_used = *a;
- 
--    if (a->proto == AVAHI_PROTO_INET) {
-+    if (l->fd >= 0) {
-+        /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */
-+        s->poll_api->watch_free(l->watch);
-+        l->watch = NULL;
- 
--        if (l->engine->fd_ipv4 < 0)
--            return -1;
-+        close(l->fd);
-+        l->fd = -EBADF;
-+    }
- 
--        return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT);
-+    assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6);
- 
--    } else {
--        assert(a->proto == AVAHI_PROTO_INET6);
-+    if (a->proto == AVAHI_PROTO_INET)
-+        r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
-+    else
-+        r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
- 
--        if (l->engine->fd_ipv6 < 0)
--            return -1;
-+    if (r < 0) {
-+        avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup");
-+        return -1;
-+    }
- 
--        return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
-+    w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l);
-+    if (!w) {
-+        close(r);
-+        avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup");
-+        return -1;
-     }
-+
-+    l->fd = r;
-+    l->watch = w;
-+    l->proto = a->proto;
-+
-+    return a->proto == AVAHI_PROTO_INET ?
-+                avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT):
-+                avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT);
- }
- 
- static void next_dns_server(AvahiWideAreaLookupEngine *e) {
-@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new(
-     l->dead = 0;
-     l->key = avahi_key_ref(key);
-     l->cname_key = avahi_key_new_cname(l->key);
-+    l->fd = -EBADF;
-+    l->watch = NULL;
-+    l->proto = AVAHI_PROTO_UNSPEC;
-     l->callback = callback;
-     l->userdata = userdata;
- 
-@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) {
-     if (l->cname_key)
-         avahi_key_unref(l->cname_key);
- 
-+    if (l->watch)
-+            l->engine->server->poll_api->watch_free(l->watch);
-+
-+    if (l->fd >= 0)
-+        close(l->fd);
-+
-     avahi_free(l);
- }
- 
-@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) {
- }
- 
- static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) {
--    AvahiWideAreaLookupEngine *e = userdata;
-+    AvahiWideAreaLookup *l = userdata;
-+    AvahiWideAreaLookupEngine *e = l->engine;
-     AvahiDnsPacket *p = NULL;
- 
--    if (fd == e->fd_ipv4)
--        p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL);
-+    assert(l);
-+    assert(e);
-+    assert(l->fd == fd);
-+
-+    if (l->proto == AVAHI_PROTO_INET)
-+        p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL);
-     else {
--        assert(fd == e->fd_ipv6);
--        p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL);
-+        assert(l->proto == AVAHI_PROTO_INET6);
-+
-+        p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL);
-     }
- 
-     if (p) {
-@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) {
-     e->server = s;
-     e->cleanup_dead = 0;
- 
--    /* Create sockets */
--    e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1;
--    e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1;
--
--    if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) {
--        avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno));
--
--        if (e->fd_ipv6 >= 0)
--            close(e->fd_ipv6);
--
--        if (e->fd_ipv4 >= 0)
--            close(e->fd_ipv4);
--
--        avahi_free(e);
--        return NULL;
--    }
--
--    /* Create watches */
--
--    e->watch_ipv4 = e->watch_ipv6 = NULL;
--
--    if (e->fd_ipv4 >= 0)
--        e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e);
--    if (e->fd_ipv6 >= 0)
--        e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e);
--
-     e->n_dns_servers = e->current_dns_server = 0;
- 
-     /* Initialize cache */
-@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) {
-     avahi_hashmap_free(e->lookups_by_id);
-     avahi_hashmap_free(e->lookups_by_key);
- 
--    if (e->watch_ipv4)
--        e->server->poll_api->watch_free(e->watch_ipv4);
--
--    if (e->watch_ipv6)
--        e->server->poll_api->watch_free(e->watch_ipv6);
--
--    if (e->fd_ipv6 >= 0)
--        close(e->fd_ipv6);
--
--    if (e->fd_ipv4 >= 0)
--        close(e->fd_ipv4);
--
-     avahi_free(e);
- }
- 
-@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres
- 
-     if (a) {
-         for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--)
--            if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0))
-+            if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6)
-                 e->dns_servers[e->n_dns_servers++] = *a;
-     } else {
-         assert(n == 0);
diff --git a/avahi-0.9-address-data-size.patch b/avahi-0.9-address-data-size.patch
deleted file mode 100644
index 70a64d5..0000000
--- a/avahi-0.9-address-data-size.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 358e5a3b0122b418614e2ac0fc71f6aad1de06f8 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Mon, 23 Jun 2025 16:27:40 +0200
-Subject: [PATCH] Make data member as big as IPv6 address
-
-Unfortunately, recent FORTIFY_SOURCE hardening for inet_pton() can't
-deal with our type independent "data[1]" union member trick.
-
-Fixes #699
----
- avahi-common/address.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/avahi-common/address.h b/avahi-common/address.h
-index a14104fad..013fa975e 100644
---- a/avahi-common/address.h
-+++ b/avahi-common/address.h
-@@ -71,9 +71,9 @@ typedef struct AvahiAddress {
-     AvahiProtocol proto; /**< Address family */
- 
-     union {
--        AvahiIPv6Address ipv6;  /**< Address when IPv6 */
--        AvahiIPv4Address ipv4;  /**< Address when IPv4 */
--        uint8_t data[1];        /**< Type-independent data field */
-+        AvahiIPv6Address ipv6;                   /**< Address when IPv6 */
-+        AvahiIPv4Address ipv4;                   /**< Address when IPv4 */
-+        uint8_t data[sizeof(AvahiIPv6Address)];  /**< Type-independent data field */
-     } data;
- } AvahiAddress;
- 
diff --git a/avahi.spec b/avahi.spec
index 8d2b1d2..2a3f7af 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -60,7 +60,7 @@
 
 Name:             avahi
 Version:          0.9%{?rc:~%{rc}}
-Release:          7%{?dist}
+Release:          2%{?dist}
 Summary:          Local network service discovery
 License:          LGPL-2.1-or-later AND LGPL-2.0-or-later AND BSD-2-Clause-Views AND MIT
 URL:              http://avahi.org
@@ -69,6 +69,7 @@ Requires:         expat
 Requires:         libdaemon >= 0.11
 # For /usr/bin/dbus-send
 Requires(post):   dbus
+Requires(pre):    shadow-utils
 Requires(pre):    coreutils
 Requires:         %{name}-libs%{?_isa} = %{version}-%{release}
 BuildRequires:    automake
@@ -126,7 +127,6 @@ BuildRequires:    mono-devel
 BuildRequires:    monodoc-devel
 %endif
 BuildRequires:    systemd
-BuildRequires:    systemd-devel
 BuildRequires:    gcc
 BuildRequires:    gcc-c++
 BuildRequires:    gettext-devel
@@ -138,10 +138,6 @@ Source0:          https://github.com/avahi/avahi/releases/download/v%{version_no
 %endif
 
 ## upstream patches
-# https://github.com/avahi/avahi/pull/662
-Patch1: avahi-0.9-CVE-2024-52615.patch
-# https://github.com/avahi/avahi/pull/707
-Patch2: avahi-0.9-address-data-size.patch
 
 ## downstream patches
 Patch100: avahi-0.6.30-mono-libdir.patch
@@ -401,6 +397,7 @@ libraries.
 
 %package autoipd
 Summary:          Link-local IPv4 address automatic configuration daemon (IPv4LL)
+Requires(pre):    shadow-utils
 Requires:         %{name}-libs%{?_isa} = %{version}-%{release}
 
 %description autoipd
@@ -447,14 +444,6 @@ Requires:         %{name}-libs%{?_isa} = %{version}-%{release}
 
 rm -fv docs/INSTALL
 
-# Create two sysusers.d config files
-cat >avahi.sysusers.conf <<EOF
-u avahi 70 'Avahi mDNS/DNS-SD Stack' %{_localstatedir}/run/avahi-daemon -
-EOF
-cat >avahi-autoipd.sysusers.conf <<EOF
-u avahi-autoipd 170 'Avahi IPv4LL Stack' %{_localstatedir}/lib/avahi-autoipd -
-EOF
-
 
 %build
 ## why autogen?
@@ -566,9 +555,6 @@ rm -fv %{buildroot}%{_sysconfdir}/rc.d/init.d/avahi-dnsconfd
 
 %find_lang %{name}
 
-install -m0644 -D avahi.sysusers.conf %{buildroot}%{_sysusersdir}/avahi.conf
-install -m0644 -D avahi-autoipd.sysusers.conf %{buildroot}%{_sysusersdir}/avahi-autoipd.conf
-
 
 %check
 %if %{with check}
@@ -584,6 +570,17 @@ install -m0644 -D avahi-autoipd.sysusers.conf %{buildroot}%{_sysusersdir}/avahi-
 %endif
 
 
+%pre
+getent group avahi >/dev/null || groupadd -f -g 70 -r avahi
+if ! getent passwd avahi > /dev/null ; then
+  if ! getent passwd 70 > /dev/null ; then
+    useradd -r -l -u 70 -g avahi -d %{_localstatedir}/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi
+  else
+    useradd -r -l -g avahi -d %{_localstatedir}/run/avahi-daemon -s /sbin/nologin -c "Avahi mDNS/DNS-SD Stack" avahi
+  fi
+fi
+exit 0
+
 %post
 %{?ldconfig}
 /usr/bin/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig >/dev/null 2>&1 || :
@@ -599,6 +596,17 @@ fi
 %{?ldconfig}
 %systemd_postun_with_restart avahi-daemon.socket avahi-daemon.service
 
+%pre autoipd
+getent group avahi-autoipd >/dev/null || groupadd -f -g 170 -r avahi-autoipd
+if ! getent passwd avahi-autoipd > /dev/null ; then
+  if ! getent passwd 170 > /dev/null; then
+    useradd -r -u 170 -l -g avahi-autoipd -d %{_localstatedir}/lib/avahi-autoipd -s /sbin/nologin -c "Avahi IPv4LL Stack" avahi-autoipd
+  else
+    useradd -r -l -g avahi-autoipd -d %{_localstatedir}/lib/avahi-autoipd -s /sbin/nologin -c "Avahi IPv4LL Stack" avahi-autoipd
+  fi
+fi
+exit 0
+
 %post dnsconfd
 %systemd_post avahi-dnsconfd.service
 
@@ -646,14 +654,12 @@ fi
 %{_datadir}/dbus-1/interfaces/*.xml
 %{_datadir}/dbus-1/system-services/org.freedesktop.Avahi.service
 %{_libdir}/libavahi-core.so.*
-%{_sysusersdir}/avahi.conf
 
 %files autoipd
 %{_sbindir}/avahi-autoipd
 %config(noreplace) %{_sysconfdir}/avahi/avahi-autoipd.action
 %attr(1770,avahi-autoipd,avahi-autoipd) %dir %{_localstatedir}/lib/avahi-autoipd/
 %{_mandir}/man8/avahi-autoipd.*
-%{_sysusersdir}/avahi-autoipd.conf
 
 %files dnsconfd
 %config(noreplace) %{_sysconfdir}/avahi/avahi-dnsconfd.action
@@ -849,23 +855,6 @@ fi
 
 
 %changelog
-* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 0.9~rc2-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
-
-* Tue Aug 05 2025 Petr Menšík <pemensik@redhat.com> - 0.9~rc2-6
-- Fix port randomization for wide area queries (CVE-2024-52615)
-- Add systemd-devel dependency
-- Fix test crashing because FORTIFY_SOURCE protection
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.9~rc2-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Mon Apr 14 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.9~rc2-4
-- Also create sysusers.d config file for the avahi-autoipd user
-
-* Thu Jan 23 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.9~rc2-3
-- Add sysusers.d config file to allow rpm to create users/groups automatically
-
 * Thu Jan 16 2025 Michal Sekletar <msekleta@redhat.com> - 0.9~rc2-2
 - Fix previous changelog entry