diff --git a/.gitignore b/.gitignore
index 3d050b5..b0986fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,9 @@
 /sudo-1.9.8p2.tar.gz
 /sudo-1.9.11p3.tar.gz
 /sudo-1.9.12p2.tar.gz
+/sudo-1.9.13p2.tar.gz
+/sudo-1.9.14p3.tar.gz
+/sudo-1.9.15p4.tar.gz
+/sudo-1.9.15p5.tar.gz
+/sudo-1.9.17p1.tar.gz
+/sudo-1.9.17p2.tar.gz
diff --git a/sources b/sources
index f68ca42..54e59ea 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.12p2.tar.gz) = 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45
+SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93
diff --git a/sudo-1.6.7p5-strip.patch b/sudo-1.6.7p5-strip.patch
deleted file mode 100644
index f690659..0000000
--- a/sudo-1.6.7p5-strip.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- sudo-1.6.7p5/scripts/install-sh.strip	2005-07-21 14:28:25.000000000 +0200
-+++ sudo-1.6.7p5/scripts/install-sh	2005-07-21 14:29:18.000000000 +0200
-@@ -138,7 +138,7 @@
- 	fi
- 	;;
-     X-s)
--	STRIPIT=true
-+	#STRIPIT=true
- 	;;
-     X--)
- 	shift
diff --git a/sudo.spec b/sudo.spec
index f0f1e53..be44d00 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -3,7 +3,7 @@
 
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.12
+Version: 1.9.17
 # remove -b 3 after rebase !!!
 # use "-p -e % {?extraver}" when beta
 # use "-e % {?extraver}"" when patch version
@@ -26,7 +26,7 @@ BuildRequires: bison
 BuildRequires: libtool
 BuildRequires: audit-libs-devel libcap-devel
 BuildRequires: libselinux-devel
-BuildRequires: sendmail
+BuildRequires: systemd-rpm-macros
 BuildRequires: gettext
 BuildRequires: zlib-devel
 
@@ -70,25 +70,18 @@ BuildRequires:  python3-devel
 %{name}-python-plugin allows using sudo plugins written in Python.
 
 %prep
-%setup -q -n %{name}-%{version}%{?extraver}
+%autosetup -p1 -n %{name}-%{version}%{?extraver}
 
 %build
 # Remove bundled copy of zlib
 rm -rf zlib/
 
-%ifarch s390 s390x sparc64
-F_PIE=-fPIE
-%else
-F_PIE=-fpie
-%endif
-
-export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
-
 %configure \
         --prefix=%{_prefix} \
         --sbindir=%{_sbindir} \
         --libdir=%{_libdir} \
         --docdir=%{_pkgdocdir} \
+        --enable-tmpfiles.d=%{_tmpfilesdir} \
         --enable-openssl \
         --disable-root-mailer \
         --disable-intercept \
@@ -102,6 +95,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-tty-tickets \
         --with-ldap \
         --with-selinux \
+        --with-sendmail=/usr/sbin/sendmail \
         --with-passprompt="[sudo] password for %p: " \
         --enable-python \
         --enable-zlib=system \
@@ -109,26 +103,28 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --with-sssd
 #       --without-kerb5 \
 #       --without-kerb4
-make
+%make_build
 
 %check
-make check
+%make_build check
 
 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
 
 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
-#add sudo to protected packages
-install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
-touch sudo.conf
-echo sudo > sudo.conf
-install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
-rm -f sudo.conf
+# Add sudo to protected packages. Old location for yum/dnf.
+mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/
+echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf
+# Add sudo to protected packages. New location for dnf5.
+mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/
+cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf <<EOF
+[main]
+protected_packages = sudo
+EOF
 
 chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
 
@@ -172,7 +168,6 @@ EOF
 
 
 %files -f sudo_all.lang
-%defattr(-,root,root)
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
@@ -180,6 +175,9 @@ EOF
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
+%dir /usr/share/dnf5
+%dir /usr/share/dnf5/libdnf.conf.d
+/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo