diff --git a/.gitignore b/.gitignore
index 63bf0e7..e45d36e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,5 @@ x86_64
 /dnssec-tools-2.0.tar.gz
 /dnssec-tools-2.1.tar.gz
 /dnssec-tools-2.2.tar.gz
+/dnssec-tools-2.2.1.tar.gz
+/dnssec-tools-2.2.3.tar.gz
diff --git a/7287c6b96422e499560fb10b95c1a481ea82656d.patch b/7287c6b96422e499560fb10b95c1a481ea82656d.patch
new file mode 100644
index 0000000..266de8f
--- /dev/null
+++ b/7287c6b96422e499560fb10b95c1a481ea82656d.patch
@@ -0,0 +1,51 @@
+From 7287c6b96422e499560fb10b95c1a481ea82656d Mon Sep 17 00:00:00 2001
+From: Conrad Kostecki <conrad@kostecki.com>
+Date: Sun, 21 Apr 2019 12:55:15 +0200
+Subject: [PATCH] Update makefile to respect users LDFLAGS
+
+Signed-off-by: Conrad Kostecki <conrad@kostecki.com>
+---
+ dnssec-tools/validator/libsres/Makefile.in     | 2 +-
+ dnssec-tools/validator/libval/Makefile.in      | 2 +-
+ dnssec-tools/validator/libval_shim/Makefile.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dnssec-tools/validator/libsres/Makefile.in b/dnssec-tools/validator/libsres/Makefile.in
+index e20f6d788..0ef21cf80 100644
+--- a/dnssec-tools/validator/libsres/Makefile.in
++++ b/dnssec-tools/validator/libsres/Makefile.in
+@@ -63,7 +63,7 @@ clean:
+ 	$(RM) -rf $(LT_DIR)
+ 
+ $(LIBRES): $(LOBJ)
+-	$(LIBTOOLLD) -o $@ $(LOBJ) 
++	$(LIBTOOLLD) -o $@ $(LOBJ) $(LDFLAGS)
+ 
+ install:
+ 	$(MKPATH) $(DESTDIR)$(libdir)
+diff --git a/dnssec-tools/validator/libval/Makefile.in b/dnssec-tools/validator/libval/Makefile.in
+index 0d6f35f99..6b361756c 100644
+--- a/dnssec-tools/validator/libval/Makefile.in
++++ b/dnssec-tools/validator/libval/Makefile.in
+@@ -65,7 +65,7 @@ clean:
+ 	$(RM) -rf $(LT_DIR)
+ 
+ $(LIBVAL): $(LOBJ)
+-	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES)
++	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LDFLAGS)
+ 
+ install:
+ 	$(MKPATH) $(DESTDIR)$(libdir)
+diff --git a/dnssec-tools/validator/libval_shim/Makefile.in b/dnssec-tools/validator/libval_shim/Makefile.in
+index 8b7c8e550..303943cc3 100644
+--- a/dnssec-tools/validator/libval_shim/Makefile.in
++++ b/dnssec-tools/validator/libval_shim/Makefile.in
+@@ -21,7 +21,7 @@ clean:
+ 	$(RM) -rf $(LT_DIR)
+ 
+ $(LIBVAL_SHIM): $(LOBJ)
+-	$(LIBTOOLLD) -o $@ $(LOBJ) $(EXTRA_LIBS)
++	$(LIBTOOLLD) -o $@ $(LOBJ) $(EXTRA_LIBS) $(LDFLAGS)
+ 
+ install:
+ 	$(MKPATH) $(DESTDIR)$(libdir)
diff --git a/dnssec-tools-2.2.3-add_ifdedf_to_engine.patch b/dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
new file mode 100644
index 0000000..5c6820e
--- /dev/null
+++ b/dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
@@ -0,0 +1,38 @@
+diff -r -u dnssec-tools-2.2.3.orig/validator/libval/val_context.c dnssec-tools-2.2.3/validator/libval/val_context.c
+--- dnssec-tools-2.2.3.orig/validator/libval/val_context.c	2024-11-05 11:39:33.696730353 +0100
++++ dnssec-tools-2.2.3/validator/libval/val_context.c	2024-11-05 11:44:01.428711438 +0100
+@@ -17,9 +17,10 @@
+ 
+ #include <openssl/conf.h>
+ #include <openssl/evp.h>
++#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
++#endif /* !defined(OPENSSL_NO_ENGINE) */
+ #include <openssl/err.h>
+-
+ #include "val_support.h"
+ #include "val_policy.h"
+ #include "val_cache.h"
+@@ -853,7 +854,9 @@
+     /* Whole bunch of openssl cleanup routines */
+     CONF_modules_unload(1); 
+     EVP_cleanup(); 
++#ifndef OPENSSL_NO_ENGINE
+     ENGINE_cleanup(); 
++#endif
+     CRYPTO_cleanup_all_ex_data(); 
+     ERR_remove_state(0); 
+     ERR_free_strings(); 
+diff -r -u dnssec-tools-2.2.3.orig/validator/libval/val_crypto.c dnssec-tools-2.2.3/validator/libval/val_crypto.c
+--- dnssec-tools-2.2.3.orig/validator/libval/val_crypto.c	2024-11-05 11:39:33.695730345 +0100
++++ dnssec-tools-2.2.3/validator/libval/val_crypto.c	2024-11-05 11:40:17.569919704 +0100
+@@ -22,7 +22,9 @@
+ #include <crypto/sha2.h>
+ #endif
+ #include <openssl/dsa.h>
++#ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
++#endif /* !defined(OPENSSL_NO_ENGINE) */
+ #include <openssl/md5.h>
+ #include <openssl/rsa.h>
+ #include <openssl/err.h>
diff --git a/dnssec-tools-2.2.3-link-libval-threads-with-libs.patch b/dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
new file mode 100644
index 0000000..f160b6b
--- /dev/null
+++ b/dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
@@ -0,0 +1,17 @@
+diff -up dnssec-tools-2.2.3/validator/libval/Makefile.in.link-with-libs dnssec-tools-2.2.3/validator/libval/Makefile.in
+--- dnssec-tools-2.2.3/validator/libval/Makefile.in.link-with-libs	2019-12-19 16:36:05.522457192 -0500
++++ dnssec-tools-2.2.3/validator/libval/Makefile.in	2019-12-19 16:36:11.967342451 -0500
+@@ -1,3 +1,4 @@
++LIBS=@LIBS@
+ 
+ INCL= ../include
+ LIB= ../libsres
+@@ -65,7 +66,7 @@ clean:
+ 	$(RM) -rf $(LT_DIR)
+ 
+ $(LIBVAL): $(LOBJ)
+-	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LDFLAGS)
++	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LIBS) $(LDFLAGS)
+ 
+ install:
+ 	$(MKPATH) $(DESTDIR)$(libdir)
diff --git a/dnssec-tools-dnsval.conf b/dnssec-tools-dnsval.conf
index 7a61654..724ac23 100644
--- a/dnssec-tools-dnsval.conf
+++ b/dnssec-tools-dnsval.conf
@@ -1,10 +1,61 @@
-: trust-anchor
-	.	DS "19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
+##################################
+# Includes 
+##################################
+
+# TRUSTMAN-ACTION bind-include /var/opt/named/named.conf
+
+##################################
+# Global Options 
+##################################
+
+global-options
+    trust-oob-answers yes
+    edns0-size 1492
+    env-policy disable
+    app-policy disable
 ;
 
-: zone-security-expectation
-        . validate
+##################################
+# Default policies 
+##################################
+
+:	trust-anchor 
+                .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+                .  DS  20326  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
 ;
+
+: zone-security-expectation 
+                . validate
+;
+
 : provably-insecure-status
-        . trusted
+                . trusted
+;
+   
+: clock-skew
+                . 0
+;
+
+##################################
+# MTA Policies
+##################################
+    
+mta provably-insecure-status
+                . trusted
+;
+   
+mta clock-skew
+                . -1
+;
+  
+##################################
+# Web Browser Policies 
+##################################
+
+browser provably-insecure-status
+                . trusted
+;
+
+browser clock-skew
+                . 0
 ;
diff --git a/dnssec-tools-new-2017-key.patch b/dnssec-tools-new-2017-key.patch
new file mode 100644
index 0000000..ef27692
--- /dev/null
+++ b/dnssec-tools-new-2017-key.patch
@@ -0,0 +1,12 @@
+diff --git a/dnssec-tools/validator/etc/dnsval.conf b/dnssec-tools/validator/etc/dnsval.conf
+index 07288fe..34bbe6d 100644
+--- a/dnssec-tools/validator/etc/dnsval.conf
++++ b/dnssec-tools/validator/etc/dnsval.conf
+@@ -21,6 +21,7 @@ global-options
+ 
+ :	trust-anchor 
+                 .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
++                .  DS  19036  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+ ;
+ 
+ : zone-security-expectation 
diff --git a/dnssec-tools-new-openssl-APIs.patch b/dnssec-tools-new-openssl-APIs.patch
new file mode 100644
index 0000000..37baf01
--- /dev/null
+++ b/dnssec-tools-new-openssl-APIs.patch
@@ -0,0 +1,464 @@
+diff --git a/dnssec-tools/validator/doc/dt-danechk.1 b/dnssec-tools/validator/doc/dt-danechk.1
+index 0d7f5c0a..afe6df47 100644
+--- a/dnssec-tools/validator/doc/dt-danechk.1
++++ b/dnssec-tools/validator/doc/dt-danechk.1
+@@ -1,4 +1,4 @@
+-.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
++.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+ .\"
+ .\" Standard preamble:
+ .\" ========================================================================
+@@ -38,26 +38,31 @@
+ .    ds PI \(*p
+ .    ds L" ``
+ .    ds R" ''
++.    ds C`
++.    ds C'
+ 'br\}
+ .\"
+ .\" Escape single quotes in literal strings from groff's Unicode transform.
+ .ie \n(.g .ds Aq \(aq
+ .el       .ds Aq '
+ .\"
+-.\" If the F register is turned on, we'll generate index entries on stderr for
++.\" If the F register is >0, we'll generate index entries on stderr for
+ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+ .\" entries marked with X<> in POD.  Of course, you'll have to process the
+ .\" output yourself in some meaningful fashion.
+-.ie \nF \{\
+-.    de IX
+-.    tm Index:\\$1\t\\n%\t"\\$2"
++.\"
++.\" Avoid warning from groff about undefined register 'F'.
++.de IX
+ ..
+-.    nr % 0
+-.    rr F
+-.\}
+-.el \{\
++.if !\nF .nr F 0
++.if \nF>0 \{\
+ .    de IX
++.    tm Index:\\$1\t\\n%\t"\\$2"
+ ..
++.    if !\nF==2 \{\
++.        nr % 0
++.        nr F 2
++.    \}
+ .\}
+ .\"
+ .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+@@ -124,7 +129,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DT-DANECHK 1"
+-.TH DT-DANECHK 1 "2013-03-07" "perl v5.12.4" "User Commands"
++.TH DT-DANECHK 1 "2016-12-16" "perl v5.26.2" "User Commands"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+@@ -139,8 +144,8 @@ dt\-danechk \- validate TLSA records against SSL certificates.
+ .SH "DESCRIPTION"
+ .IX Header "DESCRIPTION"
+ \&\fBdt-danechk\fR is a diagnostic tool that can be used to test the validity
+-of an \s-1SSL/TLS\s0 certificate against the \s-1TLSA\s0 record published in the \s-1DNS\s0.
+-For more information on \s-1TLSA\s0 and \s-1DANE\s0 see \s-1RFC\s0 6698.
++of an \s-1SSL/TLS\s0 certificate against the \s-1TLSA\s0 record published in the \s-1DNS.\s0
++For more information on \s-1TLSA\s0 and \s-1DANE\s0 see \s-1RFC 6698.\s0
+ .SH "OPTIONS"
+ .IX Header "OPTIONS"
+ .IP "\-h, \-\-help" 4
+@@ -204,7 +209,7 @@ Display the version and exit.
+ \&\fBlibval\fR
+ .SH "COPYRIGHT"
+ .IX Header "COPYRIGHT"
+-Copyright 2005\-2013 \s-1SPARTA\s0, Inc.  All rights reserved.
++Copyright 2005\-2013 \s-1SPARTA,\s0 Inc.  All rights reserved.
+ See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
+ .SH "AUTHORS"
+ .IX Header "AUTHORS"
+diff --git a/dnssec-tools/validator/doc/val_getdaneinfo.3 b/dnssec-tools/validator/doc/val_getdaneinfo.3
+index 12f3be6d..148b5a5c 100644
+--- a/dnssec-tools/validator/doc/val_getdaneinfo.3
++++ b/dnssec-tools/validator/doc/val_getdaneinfo.3
+@@ -1,4 +1,4 @@
+-.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
++.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+ .\"
+ .\" Standard preamble:
+ .\" ========================================================================
+@@ -38,26 +38,31 @@
+ .    ds PI \(*p
+ .    ds L" ``
+ .    ds R" ''
++.    ds C`
++.    ds C'
+ 'br\}
+ .\"
+ .\" Escape single quotes in literal strings from groff's Unicode transform.
+ .ie \n(.g .ds Aq \(aq
+ .el       .ds Aq '
+ .\"
+-.\" If the F register is turned on, we'll generate index entries on stderr for
++.\" If the F register is >0, we'll generate index entries on stderr for
+ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+ .\" entries marked with X<> in POD.  Of course, you'll have to process the
+ .\" output yourself in some meaningful fashion.
+-.ie \nF \{\
+-.    de IX
+-.    tm Index:\\$1\t\\n%\t"\\$2"
++.\"
++.\" Avoid warning from groff about undefined register 'F'.
++.de IX
+ ..
+-.    nr % 0
+-.    rr F
+-.\}
+-.el \{\
++.if !\nF .nr F 0
++.if \nF>0 \{\
+ .    de IX
++.    tm Index:\\$1\t\\n%\t"\\$2"
+ ..
++.    if !\nF==2 \{\
++.        nr % 0
++.        nr F 2
++.    \}
+ .\}
+ .\"
+ .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+@@ -124,7 +129,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "val_getdaneinfo 3"
+-.TH val_getdaneinfo 3 "2013-03-08" "perl v5.12.4" "Programmer's Manual"
++.TH val_getdaneinfo 3 "2016-12-16" "perl v5.26.2" "Programmer's Manual"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+@@ -231,9 +236,9 @@ form below:
+ .Ve
+ .PP
+ The \fIttl\fR field is the time-to-live associated with the \s-1TLSA\s0 record. An
+-application must not cache (and use) this \s-1TLSA\s0 record beyond its \s-1TTL\s0.
++application must not cache (and use) this \s-1TLSA\s0 record beyond its \s-1TTL.\s0
+ The \fIusage\fR, \fIselector\fR and \fItype\fR fields correspond to the first
+-three fields of the \s-1TLSA\s0 \s-1RDATA\s0 as described in rfc6698. The \s-1TLSA\s0
++three fields of the \s-1TLSA RDATA\s0 as described in rfc6698. The \s-1TLSA\s0
+ certificate association data is returned in the \fIdata\fR field and has
+ a length of \fIdatalen\fR bytes. There can be more than one \s-1TLSA\s0 record
+ associated with a given name, and the \fInext\fR field points to the next
+@@ -250,7 +255,7 @@ This function automatically iterates over all elements in \fIdres\fR and
+ compares the certificate association data against the \s-1SSL/TLS\s0
+ certificates associated with the \s-1SSL\s0 connection \fIcon\fR. The \s-1DANE\s0
+ protocol enables certain use cases that allows new trust anchors to be
+-introduced via \s-1DNSSEC\s0. The value of \fIdo_pathval\fR indicates whether
++introduced via \s-1DNSSEC.\s0 The value of \fIdo_pathval\fR indicates whether
+ the application must proceed with X509 path validation for this
+ connection in accordance with the usage that was encoded in the \s-1TLSA\s0
+ record.
+@@ -267,7 +272,7 @@ validation policy).
+ \&\fI\fIval_getdaneinfo()\fI\fR and \fI\fIval_dane_submit()\fI\fR return \fB\s-1VAL_DANE_NOERROR\s0\fR
+ on success, and \fB\s-1VAL_DANE_MALFORMED_TLSA\s0\fR or \fB\s-1VAL_DANE_INTERNAL_ERROR\s0\fR
+ for error conditions. A value of \fB\s-1VAL_DANE_NOTVALIDATED\s0\fR is returned if
+-the \s-1TLSA\s0 record cannot be validated via \s-1DNSSEC\s0. A value of
++the \s-1TLSA\s0 record cannot be validated via \s-1DNSSEC. A\s0 value of
+ \&\fB\s-1VAL_DANE_IGNORE_TLSA\s0\fR is returned if the \s-1TLSA\s0 record for the given name
+ is provably absent.
+ .PP
+@@ -285,7 +290,7 @@ The \fI\fIp_dane_error()\fI\fR function can be used to convert the DANE-related
+ error codes to an error string value.
+ .SH "COPYRIGHT"
+ .IX Header "COPYRIGHT"
+-Copyright 2004\-2013 \s-1SPARTA\s0, Inc.  All rights reserved.
++Copyright 2004\-2013 \s-1SPARTA,\s0 Inc.  All rights reserved.
+ See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
+ .SH "AUTHORS"
+ .IX Header "AUTHORS"
+@@ -294,7 +299,7 @@ Suresh Krishnaswamy
+ .IX Header "SEE ALSO"
+ \&\fI\fIlibval\fI\|(3)\fR
+ .PP
+-\&\s-1RFC\s0 6698 (\s-1DANE\s0)
++\&\s-1RFC 6698\s0 (\s-1DANE\s0)
+ .PP
+ draft-hayatnagarkar-dnsext-validator-api
+ .PP
+diff --git a/dnssec-tools/validator/etc/dnsval.conf b/dnssec-tools/validator/etc/dnsval.conf
+index 07288fe3..34bbe6d6 100644
+--- a/dnssec-tools/validator/etc/dnsval.conf
++++ b/dnssec-tools/validator/etc/dnsval.conf
+@@ -21,6 +21,7 @@ global-options
+ 
+ :	trust-anchor 
+                 .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
++                .  DS  19036  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+ ;
+ 
+ : zone-security-expectation 
+diff --git a/dnssec-tools/validator/include/validator/validator-compat.h b/dnssec-tools/validator/include/validator/validator-compat.h
+index c6ebf23f..300ef11e 100644
+--- a/dnssec-tools/validator/include/validator/validator-compat.h
++++ b/dnssec-tools/validator/include/validator/validator-compat.h
+@@ -818,14 +818,6 @@ typedef enum __ns_flag {
+         ns_f_max
+ } ns_flag;
+ 
+-/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
+-#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
+-#define NS_ALG_DH               2       /* Diffie Hellman KEY */
+-#define NS_ALG_DSA              3       /* DSA KEY */
+-#define NS_ALG_DSS              NS_ALG_DSA
+-#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
+-#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
+-
+ /* Protocol values  */
+ /* value 0 is reserved */
+ #define NS_KEY_PROT_TLS         1
+@@ -1050,5 +1042,26 @@ struct addrinfo {
+ #endif
+ 
+ 
++/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
++#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
++#define NS_ALG_DH               2       /* Diffie Hellman KEY */
++#define NS_ALG_DSA              3       /* DSA KEY */
++#define NS_ALG_DSS              NS_ALG_DSA
++#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
++#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
++#define	ns_t_zxfr 256
++
++#define NS_MD5RSA_MIN_BITS       512    /* Size of a mod or exp in bits */
++#define NS_MD5RSA_MAX_BITS      2552
++        /* Total of binary mod and exp */
++#define NS_MD5RSA_MAX_BYTES     ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
++        /* Max length of text sig block */
++#define NS_MD5RSA_MAX_BASE64    (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
++#define NS_MD5RSA_MIN_SIZE      ((NS_MD5RSA_MIN_BITS+7)/8)
++#define NS_MD5RSA_MAX_SIZE      ((NS_MD5RSA_MAX_BITS+7)/8)
++
++#include "openssl/hmac.h"
++#include "openssl/ossl_typ.h"
++
+ #endif /* _VALIDATOR_COMPAT_H */
+ 
+diff --git a/dnssec-tools/validator/libsres/ns_print.c b/dnssec-tools/validator/libsres/ns_print.c
+index 98f1f9c3..edcbbbc3 100644
+--- a/dnssec-tools/validator/libsres/ns_print.c
++++ b/dnssec-tools/validator/libsres/ns_print.c
+@@ -712,6 +712,10 @@ ns_sprintrrf_data(const u_char * msg, size_t msglen,
+ nxtbitmaps:
+ #endif /* LIBVAL_NSEC3 */
+ 
++#if !defined(NS_NXT_BIT_ISSET)
++#define	NS_NXT_BITS 8
++#define	NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
++#endif
+             /** Type bit map.  */
+             while (edata - rdata > 0) {
+                 b = *rdata;
+diff --git a/dnssec-tools/validator/libsres/res_tsig.c b/dnssec-tools/validator/libsres/res_tsig.c
+index bc010302..03f73c49 100644
+--- a/dnssec-tools/validator/libsres/res_tsig.c
++++ b/dnssec-tools/validator/libsres/res_tsig.c
+@@ -16,6 +16,7 @@
+  */
+ #include "validator-internal.h"
+ 
++#include <openssl/ossl_typ.h>
+ #include <openssl/hmac.h>
+ 
+ #include "res_tsig.h"
+@@ -237,7 +238,7 @@ res_tsig_sign(u_char * query,
+     u_char *hp;
+     HEADER *header;
+     struct timeval now;
+-    HMAC_CTX ctx;
++    HMAC_CTX *ctx;
+     const EVP_MD *md;
+     u_char hash[MAX_DIGEST_LENGTH];
+     unsigned int len;
+@@ -274,8 +275,8 @@ res_tsig_sign(u_char * query,
+                return SR_TS_FAIL;
+         } 
+ 
+-        HMAC_CTX_init(&ctx);
+-        HMAC_Init_ex(&ctx, ns->ns_tsig->key, ns->ns_tsig->keylen,
++        ctx = HMAC_CTX_new();
++        HMAC_Init_ex(ctx, ns->ns_tsig->key, ns->ns_tsig->keylen,
+                 md, NULL);
+ 
+         /* Create a TSIG RR and add it to the additional section */
+@@ -289,7 +290,7 @@ res_tsig_sign(u_char * query,
+         p = cp;
+         memcpy(cp, query, query_length * sizeof(u_char));
+         cp += query_length;
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+         /* Bump up the additional section count */
+         header = (HEADER *) p;
+@@ -300,7 +301,7 @@ res_tsig_sign(u_char * query,
+         p = cp;
+         memcpy(cp, ns->ns_tsig->name_n, wire_name_length(ns->ns_tsig->name_n));
+         cp += wire_name_length(ns->ns_tsig->name_n);
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+         /* don't digest type */
+         RES_PUT16(ns_t_tsig, cp);
+@@ -308,7 +309,7 @@ res_tsig_sign(u_char * query,
+         p = cp;
+         RES_PUT16(ns_t_any, cp);
+         RES_PUT32(0, cp);
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+         /* don't digest rdatalen */
+         RES_PUT16(ns->ns_tsig->rdatalen, cp);
+@@ -316,13 +317,13 @@ res_tsig_sign(u_char * query,
+         p = cp;
+         memcpy(cp, ns->ns_tsig->alg_n, wire_name_length(ns->ns_tsig->alg_n));
+         cp += wire_name_length(ns->ns_tsig->alg_n);
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+         gettimeofday(&now, NULL);
+         p = cp;
+         RES_PUT48((u_int64_t)now.tv_sec, cp);
+         RES_PUT16(ns->ns_tsig->fudge, cp);
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+         /* don't digest the mac_size */
+         RES_PUT16(ns->ns_tsig->mac_size, cp);
+@@ -337,9 +338,9 @@ res_tsig_sign(u_char * query,
+         p = cp;
+         RES_PUT16(0, cp);
+         RES_PUT16(0, cp);
+-        HMAC_Update(&ctx, p, cp-p); 
++        HMAC_Update(ctx, p, cp-p); 
+ 
+-        HMAC_Final(&ctx, hash, &len);
++        HMAC_Final(ctx, hash, &len);
+ 
+         if (len != ns->ns_tsig->mac_size) {
+             FREE(*signed_query);
+@@ -348,7 +349,7 @@ res_tsig_sign(u_char * query,
+         }
+         memcpy(hp, hash, len);
+ 
+-        HMAC_CTX_cleanup(&ctx);
++        HMAC_CTX_free(ctx);
+         return SR_TS_OK;
+ 
+     } else
+diff --git a/dnssec-tools/validator/libval/val_crypto.c b/dnssec-tools/validator/libval/val_crypto.c
+index 46d1ce5d..b3ccdcd4 100644
+--- a/dnssec-tools/validator/libval/val_crypto.c
++++ b/dnssec-tools/validator/libval/val_crypto.c
+@@ -22,6 +22,7 @@
+ #include <crypto/sha2.h>
+ #endif
+ #include <openssl/dsa.h>
++#include <openssl/engine.h>
+ #include <openssl/md5.h>
+ #include <openssl/rsa.h>
+ #include <openssl/err.h>
+@@ -77,10 +78,8 @@ dsasha1_parse_public_key(const u_char *buf, size_t buflen, DSA * dsa)
+     bn_y = BN_bin2bn(buf + index, 64 + (T * 8), NULL);
+     index += (64 + (T * 8));
+ 
+-    dsa->p = bn_p;
+-    dsa->q = bn_q;
+-    dsa->g = bn_g;
+-    dsa->pub_key = bn_y;
++    DSA_set0_pqg(dsa, bn_p, bn_q, bn_g);
++    DSA_set0_key(dsa, bn_y, NULL);
+ 
+     return VAL_NO_ERROR;        /* success */
+ }
+@@ -214,8 +213,7 @@ rsamd5_parse_public_key(const u_char *buf, size_t buflen, RSA * rsa)
+      */
+     bn_mod = BN_bin2bn(buf + index, buflen - index, NULL);
+ 
+-    rsa->e = bn_exp;
+-    rsa->n = bn_mod;
++    RSA_set0_key(rsa, bn_mod, bn_exp, NULL);
+ 
+     return VAL_NO_ERROR;        /* success */
+ }
+@@ -246,7 +244,7 @@ rsamd5_keytag(const u_char *pubkey, size_t pubkey_len)
+         return VAL_BAD_ARGUMENT;
+     }
+ 
+-    modulus = rsa->n;
++    RSA_get0_key(rsa, (const BIGNUM **) &modulus, NULL, NULL);
+     modulus_len = BN_num_bytes(modulus);
+     modulus_bin =
+         (u_char *) MALLOC(modulus_len * sizeof(u_char));
+@@ -361,8 +359,7 @@ rsa_parse_public_key(const u_char *buf, size_t buflen, RSA * rsa)
+      */
+     bn_mod = BN_bin2bn(buf + index, buflen - index, NULL);
+ 
+-    rsa->e = bn_exp;
+-    rsa->n = bn_mod;
++    RSA_set0_key(rsa, bn_mod, bn_exp, NULL);
+ 
+     return VAL_NO_ERROR;        /* success */
+ }
+@@ -460,11 +457,10 @@ ecdsa_sigverify(val_context_t * ctx,
+     EC_KEY   *eckey = NULL;
+     BIGNUM *bn_x = NULL;
+     BIGNUM *bn_y = NULL;
+-    ECDSA_SIG ecdsa_sig;
++    ECDSA_SIG *ecdsa_sig;
+     size_t   hashlen = 0;
+ 
+-    ecdsa_sig.r = NULL;
+-    ecdsa_sig.s = NULL;
++    ecdsa_sig = ECDSA_SIG_new();
+     memset(sha_hash, 0, sizeof(sha_hash));
+ 
+     val_log(ctx, LOG_DEBUG,
+@@ -523,10 +519,10 @@ ecdsa_sigverify(val_context_t * ctx,
+         goto err;
+     }
+ 
+-    ecdsa_sig.r = BN_bin2bn(rrsig->signature, hashlen, NULL); 
+-    ecdsa_sig.s = BN_bin2bn(&rrsig->signature[hashlen], hashlen, NULL); 
++    ECDSA_SIG_set0(ecdsa_sig, BN_bin2bn(rrsig->signature, hashlen, NULL),
++                   BN_bin2bn(&rrsig->signature[hashlen], hashlen, NULL));
+ 
+-    if (ECDSA_do_verify(sha_hash, hashlen, &ecdsa_sig, eckey) == 1) {
++    if (ECDSA_do_verify(sha_hash, hashlen, ecdsa_sig, eckey) == 1) {
+         val_log(ctx, LOG_INFO, "ecdsa_sigverify(): returned SUCCESS");
+         *sig_status = VAL_AC_RRSIG_VERIFIED;
+     } else {
+@@ -536,10 +532,8 @@ ecdsa_sigverify(val_context_t * ctx,
+ 
+     /* Free all structures allocated */
+ err:
+-    if (ecdsa_sig.r)
+-        BN_free(ecdsa_sig.r);
+-    if (ecdsa_sig.s)
+-        BN_free(ecdsa_sig.s);
++    if (ecdsa_sig)
++        ECDSA_SIG_free(ecdsa_sig);
+     if (bn_x)
+         BN_free(bn_x);
+     if (bn_y)
+diff --git a/dnssec-tools/validator/libval/val_dane.c b/dnssec-tools/validator/libval/val_dane.c
+index 32ffdc7a..16b0a0b2 100644
+--- a/dnssec-tools/validator/libval/val_dane.c
++++ b/dnssec-tools/validator/libval/val_dane.c
+@@ -875,7 +875,8 @@ val_X509_peer_cert_verify_cb(X509_STORE_CTX *x509ctx, void *arg)
+     if (x509ctx == NULL || ssl_dane_data == NULL)
+         return 0;
+ 
+-    cert = x509ctx->cert;
++    
++    cert = X509_STORE_CTX_get_current_cert(x509ctx);
+     context = ssl_dane_data->context;
+ 
+     /* 
diff --git a/dnssec-tools.spec b/dnssec-tools.spec
index b4ac585..92889ca 100644
--- a/dnssec-tools.spec
+++ b/dnssec-tools.spec
@@ -1,32 +1,43 @@
+# OpenSSL ENGINE support deprecated in Fedora 41 onwards
+# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
+%if 0%{?fedora} > 40
+%global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE
+%endif
+
+
 Summary: A suite of tools for managing dnssec aware DNS usage
 Name: dnssec-tools
-Version: 2.2
-Release: 4%{?dist}
-License: BSD
-Group: System Environment/Base
+Version: 2.2.3
+Release: 30%{?dist}
+# Automatically converted from old format: BSD - review is highly recommended.
+License: LicenseRef-Callaway-BSD
 URL: http://www.dnssec-tools.org/
-Source0: https://www.dnssec-tools.org/download/%{name}-%{version}.tar.gz
+#Source0: https://www.dnssec-tools.org/download/%%{name}-%%{version}.tar.gz
+Source0: https://www.hardakers.net/software/%{name}-%{version}.tar.gz
 Source1: dnssec-tools-dnsval.conf
 Source2: libval-config
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 # Require note: the auto-detection for perl-Net-DNS-SEC will not work since
 # the tools do run time tests for their existence.  But most of the tools
 # are much more useful with the modules in place, so we hand require them.
-Requires: perl(Net::DNS), perl(Net::DNS::SEC), dnssec-tools-perlmods, bind, perl(Getopt::GUI::Long)
-Requires:  perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Requires: dnssec-tools-perlmods, bind, perl(Getopt::GUI::Long)
 Requires: perl(GraphViz)
+BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: perl-devel
 BuildRequires: perl-generators
 BuildRequires: perl(Test) perl(ExtUtils::MakeMaker)
+BuildRequires: make
 # Makes the code installation linux filesystem friendly
 Patch5: dnssec-tools-linux-conf-paths-1.13.patch
-Patch6: dnssec-tools-zonefile-fast-new-bind-1.13.patch
-Patch12: dnssec-tools-zonefile-fast-nsec3-1.20.patch
 Patch13: dnssec-tools-2.0-autoconf-for-aarch64.patch
-Patch14: dnssec-tools-zonefile-fast-misc.patch
-Patch15: dnssec-tools-zonefile-fast-nsec3-fixes.patch
-Patch16: dnssec-tools-zonefile-fast-tlsa-fixes.patch
+Patch17: dnssec-tools-new-2017-key.patch
+Patch18: dnssec-tools-new-openssl-APIs.patch
+# Update Makefile to respect users LDFLAGS
+# https://github.com/DNSSEC-Tools/DNSSEC-Tools/commit/7287c6b96422e499560fb10b95c1a481ea82656d
+Patch19: 7287c6b96422e499560fb10b95c1a481ea82656d.patch
+# link libval-threads with libs
+Patch20: dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
+Patch21: dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
 
 %description
 
@@ -35,9 +46,8 @@ patches, applications, wrappers, extensions, and plugins that will
 help ease the deployment of DNSSEC-related technologies.
 
 %package perlmods
-Group: System Environment/Libraries
 Summary: Perl modules supporting DNSSEC (needed by the dnssec-tools)
-Requires: perl(Net::DNS), perl(Net::DNS::SEC)
+Requires: perl(Getopt::GUI::Long)
 
 %description perlmods
 
@@ -46,7 +56,6 @@ required by the DNSSEC tools themselves as well as modules that are
 useful for other developers.
 
 %package libs
-Group: System Environment/Libraries
 Summary: C-based libraries for dnssec aware tools
 Requires: openssl
 
@@ -54,7 +63,6 @@ Requires: openssl
 C-based libraries useful for developing dnssec aware tools.
 
 %package libs-devel
-Group: Development/Libraries
 Summary: C-based development libraries for dnssec aware tools
 Requires: dnssec-tools-libs = %{version}-%{release}
 
@@ -64,13 +72,18 @@ C-based libraries useful for developing dnssec aware tools.
 %prep
 %setup -q
 
-%patch5 -p0 
-#%patch6 -p2
-#%patch12 -p2
-#%patch13 -p2
-#%patch14 -p2
-#%patch15 -p2
-#%patch16 -p2
+%patch -P5 -p0 
+#%%patch6 -p2
+#%%patch12 -p2
+#%%patch13 -p2
+#%%patch14 -p2
+#%%patch15 -p2
+#%%patch16 -p2
+#%%patch17 -p2
+#%%patch18 -p2
+%patch -P19 -p2
+%patch -P20 -p1 -b .link-with-libs
+%patch -P21 -p1
 
 %build
 %configure --with-validator-testcases-file=%{_datadir}/dnssec-tools/validator-testcases --with-perl-build-args="INSTALLDIRS=vendor OPTIMIZE='$RPM_OPT_FLAGS'" --sysconfdir=/etc --with-root-hints=/etc/dnssec-tools/root.hints --with-resolv-conf=/etc/dnssec-tools/resolv.conf --disable-static --with-nsec3 --with-ipv6 --with-dlv --disable-bind-checks
@@ -79,7 +92,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' validator/libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' validator/libtool
 # makefile dependencies are broken; we can't use smp_mflags:
-#make %{?_smp_mflags} CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+#make %%{?_smp_mflags} CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
 make CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
 
 %install
@@ -104,16 +117,10 @@ mv ${RPM_BUILD_ROOT}/%{_bindir}/libval-config ${RPM_BUILD_ROOT}/%{_bindir}/libva
 # Add a new wrapper script that calls the right file at run time
 install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 
-%post libs -p /sbin/ldconfig
-
-%postun libs -p /sbin/ldconfig
-
-%clean
-rm -rf %{buildroot}
+%ldconfig_scriptlets libs
 
 %files
-%defattr(-,root,root,-)
-%doc README INSTALL COPYING
+%doc README.md INSTALL COPYING
 
 %dir %{_sysconfdir}/dnssec-tools/
 %config(noreplace) %{_sysconfdir}/dnssec-tools/dnssec-tools.conf
@@ -130,7 +137,7 @@ rm -rf %{buildroot}
 %{_bindir}/maketestzone
 %{_bindir}/mapper
 %{_bindir}/zonesigner
-# this doesn't use %{_datadir} because patch6 above uses this exact path
+# this doesn't use %%{_datadir} because patch6 above uses this exact path
 /usr/share/dnssec-tools
 #/usr/share/dnssec-tools/donuts
 #/usr/share/dnssec-tools/donuts/rules
@@ -157,7 +164,7 @@ rm -rf %{buildroot}
 %{_bindir}/dt-libval_check_conf
 %{_bindir}/dt-validate
 # configure above 
-#%{_datadir}/dnssec-tools/validator-testcases
+#%%{_datadir}/dnssec-tools/validator-testcases
 %{_bindir}/dt-getaddr
 %{_bindir}/dt-gethost
 %{_bindir}/dt-getname
@@ -259,8 +266,6 @@ rm -rf %{buildroot}
 %{_mandir}/man3/Net::DNS::SEC::Tools::realmmgr.3pm.gz
 
 %files perlmods
-%defattr(-,root,root)
-
 # perl-Net-DNS-SEC is noarch and cannot own this directory:
 %dir %{perl_vendorarch}/Net/DNS/SEC
 
@@ -286,7 +291,6 @@ rm -rf %{buildroot}
 %{_mandir}/man3/Net::DNS::SEC::Validator.3pm.gz
 %{_mandir}/man3/Net::addrinfo.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::Donuts::Rule.3pm.gz
-%{_mandir}/man3/Net::DNS::ZoneFile::Fast.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::rolllog.3pm.gz
 
 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor.3pm.gz
@@ -299,15 +303,16 @@ rm -rf %{buildroot}
 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor::Mf.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor::Secspider.3pm.gz
 
+# obsolete module still in upstream source:
+%{_mandir}/man3/Net::DNS::ZoneFile::Fast.3pm.gz
+
 %files libs
-%defattr(-,root,root)
 %{_libdir}/*.so.*
 %config(noreplace) %{_sysconfdir}/dnssec-tools
-#%config(noreplace) %{_sysconfdir}/dnssec-tools/dnsval.conf
-#%config(noreplace) %{_sysconfdir}/dnssec-tools/root.hints
+#%%config(noreplace) %%{_sysconfdir}/dnssec-tools/dnsval.conf
+#%%config(noreplace) %%{_sysconfdir}/dnssec-tools/root.hints
 
 %files libs-devel
-%defattr(-,root,root)
 %{_includedir}/validator
 %{_libdir}/*.so
 
@@ -341,7 +346,7 @@ rm -rf %{buildroot}
 %{_mandir}/man3/val_isvalidated.3.gz
 %{_mandir}/man3/val_res_query.3.gz
 %{_mandir}/man3/val_res_search.3.gz
-#%{_mandir}/man3/val_addrinfo.3.gz
+#%%{_mandir}/man3/val_addrinfo.3.gz
 %{_mandir}/man3/val_add_valpolicy.3.gz
 %{_mandir}/man3/val_context_setqflags.3.gz
 %{_mandir}/man3/val_does_not_exist.3.gz
@@ -367,6 +372,122 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Mon Jul 07 2025 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-29
+- Perl 5.42 rebuild
+
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Tue Nov 05 2024 Michal Josef Špaček <mspacek@redhat.com> - 2.2.3-27
+- Build without OpenSSL ENGINE support on Fedora 41 onwards
+
+* Wed Aug 28 2024 Miroslav Suchý <msuchy@redhat.com> - 2.2.3-26
+- convert license to SPDX
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Mon Jun 10 2024 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-24
+- Perl 5.40 rebuild
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-20
+- Perl 5.38 rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Dec 19 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-18
+- Add BR perl-generators to automatically generates run-time dependencies
+  for installed Perl files
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-16
+- Perl 5.36 rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.2.3-14
+- Rebuilt with OpenSSL 3.0.0
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-12
+- Perl 5.34 rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Sep 25 2020 Petr Pisar <ppisar@redhat.com> - 2.2.3-10
+- Build-require perl-macros for Perl RPM macros
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-8
+- Perl 5.32 rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Dec 19 2019 Tom Callaway <spot@fedoraproject.org> - 2.2.3-6
+- fix libval-threads to link with dependent libs
+- use LDFLAGS
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-4
+- Perl 5.30 rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Oct 4 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.3-2
+- update default dnsval.conf
+
+* Wed Aug 29 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.3-1
+- match upstream version
+
+* Wed Aug 29 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.1-2
+- add Mail::Send
+
+* Mon Jul 30 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.1-1
+- fix build issues
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.2-9
+- Perl 5.28 rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.2-5
+- Perl 5.26 rebuild
+
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 
diff --git a/sources b/sources
index ec03a48..9a6d52d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ceb39b4d2376bfc4aa22f73846c11789  dnssec-tools-2.2.tar.gz
+SHA512 (dnssec-tools-2.2.3.tar.gz) = b83d3dfc999560937f7bb5558caf45449ad0501818b2b7cbbdc03008a365cd1d37aae6dff49b7c6785f737d1a01f20d3bf35bb7c86e9f9fca7eff5f5b35b8834