diff --git a/.gitignore b/.gitignore
index 842ab45..b0986fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,5 @@
 /sudo-1.9.14p3.tar.gz
 /sudo-1.9.15p4.tar.gz
 /sudo-1.9.15p5.tar.gz
+/sudo-1.9.17p1.tar.gz
+/sudo-1.9.17p2.tar.gz
diff --git a/sources b/sources
index a9b6cfd..54e59ea 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
+SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93
diff --git a/sudo.spec b/sudo.spec
index d363eb9..be44d00 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,9 +1,9 @@
 # comment out if no extra version
-%global extraver p5
+%global extraver p2
 
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.15
+Version: 1.9.17
 # remove -b 3 after rebase !!!
 # use "-p -e % {?extraver}" when beta
 # use "-e % {?extraver}"" when patch version
@@ -26,7 +26,7 @@ BuildRequires: bison
 BuildRequires: libtool
 BuildRequires: audit-libs-devel libcap-devel
 BuildRequires: libselinux-devel
-BuildRequires: sendmail
+BuildRequires: systemd-rpm-macros
 BuildRequires: gettext
 BuildRequires: zlib-devel
 
@@ -70,25 +70,18 @@ BuildRequires:  python3-devel
 %{name}-python-plugin allows using sudo plugins written in Python.
 
 %prep
-%setup -q -n %{name}-%{version}%{?extraver}
+%autosetup -p1 -n %{name}-%{version}%{?extraver}
 
 %build
 # Remove bundled copy of zlib
 rm -rf zlib/
 
-%ifarch s390 s390x sparc64
-F_PIE=-fPIE
-%else
-F_PIE=-fpie
-%endif
-
-export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
-
 %configure \
         --prefix=%{_prefix} \
         --sbindir=%{_sbindir} \
         --libdir=%{_libdir} \
         --docdir=%{_pkgdocdir} \
+        --enable-tmpfiles.d=%{_tmpfilesdir} \
         --enable-openssl \
         --disable-root-mailer \
         --disable-intercept \
@@ -102,6 +95,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-tty-tickets \
         --with-ldap \
         --with-selinux \
+        --with-sendmail=/usr/sbin/sendmail \
         --with-passprompt="[sudo] password for %p: " \
         --enable-python \
         --enable-zlib=system \
@@ -109,26 +103,28 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-sssd
 #       --without-kerb5 \
 #       --without-kerb4
-make
+%make_build
 
 %check
-make check
+%make_build check
 
 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
 
 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
-#add sudo to protected packages
-install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
-touch sudo.conf
-echo sudo > sudo.conf
-install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
-rm -f sudo.conf
+# Add sudo to protected packages. Old location for yum/dnf.
+mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/
+echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf
+# Add sudo to protected packages. New location for dnf5.
+mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/
+cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf <<EOF
+[main]
+protected_packages = sudo
+EOF
 
 chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
 
@@ -172,7 +168,6 @@ EOF
 
 
 %files -f sudo_all.lang
-%defattr(-,root,root)
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
@@ -180,6 +175,9 @@ EOF
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
+%dir /usr/share/dnf5
+%dir /usr/share/dnf5/libdnf.conf.d
+/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo