diff --git a/.gitignore b/.gitignore
index 4aa0b81..e7db9cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@
 /sudo-1.8.29.tar.gz
 /sudo-1.9.0b1.tar.gz
 /sudo-1.9.0b4.tar.gz
+/sudo-1.9.1.tar.gz
diff --git a/sources b/sources
index e6aeaa0..35fc51b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.0b4.tar.gz) = 8f9da58ebb53d751746e8b271d9089a98cbbeb6e82691c3905c5ac11255bc70c7f467c0097d8dab2980fd94ffb8c438d03326f1bc98f0b580ec6e5b06227f559
+SHA512 (sudo-1.9.1.tar.gz) = 7994c7d8f020188eda51787bb5f6fe7668518cc89b711e7840470db7e5bac1219490ffccc73854fecb14ceb3ffaf0fc605f3438c87b83f27921ea3626365105c
diff --git a/sudo-1.9-RLIMIT_CORE.patch b/sudo-1.9-RLIMIT_CORE.patch
deleted file mode 100644
index 28027c4..0000000
--- a/sudo-1.9-RLIMIT_CORE.patch
+++ /dev/null
@@ -1,149 +0,0 @@
- changeset 12288:1064b906ca68
-
-Ignore a failure to restore the RLIMIT_CORE resource limit.
-Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
-if we set the limit to zero, even for root.  This is not a problem
-outside the container.
-author 	Todd C. Miller <Todd.Miller@sudo.ws>
-date 	Sat, 14 Mar 2020 11:13:55 -0600
-parents 	72ca06a294b4
-children 	40629e6fd692
-files 	src/limits.c
-diffstat 	1 files changed, 61 insertions(+), 10 deletions(-) [+]
-line wrap: on
- line diff
-
---- a/src/limits.c	Thu Mar 12 17:39:56 2020 -0600
-+++ b/src/limits.c	Sat Mar 14 11:13:55 2020 -0600
-@@ -114,13 +114,21 @@
-
-     if (getrlimit(RLIMIT_CORE, &corelimit) == -1)
- 	sudo_warn("getrlimit(RLIMIT_CORE)");
-+    sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_CORE [%lld, %lld] -> [0, 0]",
-+	(long long)corelimit.rlim_cur, (long long)corelimit.rlim_max);
-     if (setrlimit(RLIMIT_CORE, &rl) == -1)
- 	sudo_warn("setrlimit(RLIMIT_CORE)");
- #ifdef __linux__
-     /* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */
--    if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1)
-+    if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) {
-+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+	    "prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)");
- 	dumpflag = 0;
--    (void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
-+    }
-+    if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) {
-+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+	    "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag);
-+    }
- #endif /* __linux__ */
-     coredump_disabled = true;
-
-@@ -136,10 +144,20 @@
-     debug_decl(restore_coredump, SUDO_DEBUG_UTIL);
-
-     if (coredump_disabled) {
--	if (setrlimit(RLIMIT_CORE, &corelimit) == -1)
--	    sudo_warn("setrlimit(RLIMIT_CORE)");
-+	/*
-+	 * Linux containers don't allow RLIMIT_CORE to be set back to
-+	 * RLIM_INFINITY if we set the limit to zero, even for root.
-+	 */
-+	if (setrlimit(RLIMIT_CORE, &corelimit) == -1) {
-+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+		"setrlimit(RLIMIT_CORE, [%lld, %lld])",
-+		(long long)corelimit.rlim_cur, (long long)corelimit.rlim_max);
-+	}
- #ifdef __linux__
--	(void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0);
-+	if (prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0) == -1) {
-+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+		"prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag);
-+	}
- #endif /* __linux__ */
-     }
-     debug_return;
-@@ -162,8 +180,14 @@
-
-     if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0)
- 	sudo_warn("getrlimit(RLIMIT_NPROC)");
-+    sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_NPROC [%lld, %lld] -> [inf, inf]",
-+	(long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max);
-     if (setrlimit(RLIMIT_NPROC, &rl) == -1) {
- 	rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max;
-+	sudo_debug_printf(SUDO_DEBUG_INFO,
-+	    "RLIMIT_NPROC [%lld, %lld] -> [%lld, %lld]",
-+	    (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max,
-+	    (long long)rl.rlim_cur, (long long)rl.rlim_max);
- 	if (setrlimit(RLIMIT_NPROC, &rl) != 0)
- 	    sudo_warn("setrlimit(RLIMIT_NPROC)");
-     }
-@@ -180,8 +204,11 @@
- #ifdef __linux__
-     debug_decl(restore_nproc, SUDO_DEBUG_UTIL);
-
--    if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0)
--	sudo_warn("setrlimit(RLIMIT_NPROC)");
-+    if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) {
-+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+	    "setrlimit(RLIMIT_NPROC, [%lld, %lld])",
-+	    (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max);
-+    }
-
-     debug_return;
- #endif /* __linux__ */
-@@ -203,6 +230,11 @@
- 	struct saved_limit *lim = &saved_limits[idx];
- 	if (getrlimit(lim->resource, &lim->oldlimit) == -1)
- 	    continue;
-+	sudo_debug_printf(SUDO_DEBUG_INFO,
-+	    "getrlimit(lim->name) -> [%lld, %lld]",
-+	    (long long)lim->oldlimit.rlim_cur,
-+	    (long long)lim->oldlimit.rlim_max);
-+
- 	lim->saved = true;
- 	if (lim->newlimit.rlim_cur != RLIM_INFINITY) {
- 	    /* Don't reduce the soft resource limit. */
-@@ -217,13 +249,28 @@
- 		lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
- 	}
- 	if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) {
--	    if (lim->fallback != NULL)
--		rc = setrlimit(lim->resource, lim->fallback);
-+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+		"setrlimit(%s, [%lld, %lld])", lim->name,
-+		(long long)lim->newlimit.rlim_cur,
-+		(long long)lim->newlimit.rlim_max);
-+	    if (lim->fallback != NULL) {
-+		if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) {
-+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+			"setrlimit(%s, [%lld, %lld])", lim->name,
-+			(long long)lim->fallback->rlim_cur,
-+			(long long)lim->fallback->rlim_max);
-+		}
-+	    }
- 	    if (rc == -1) {
- 		/* Try setting new rlim_cur to old rlim_max. */
- 		lim->newlimit.rlim_cur = lim->oldlimit.rlim_max;
- 		lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
--		rc = setrlimit(lim->resource, &lim->newlimit);
-+		if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) {
-+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+			"setrlimit(%s, [%lld, %lld])", lim->name,
-+			(long long)lim->newlimit.rlim_cur,
-+			(long long)lim->newlimit.rlim_max);
-+		}
- 	    }
- 	    if (rc == -1)
- 		sudo_warn("setrlimit(%s)", lim->name);
-@@ -254,6 +301,10 @@
- 		if (rc != -1 || errno != EINVAL)
- 		    break;
-
-+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
-+		    "setrlimit(%s, [%lld, %lld])", lim->name,
-+		    (long long)rl.rlim_cur, (long long)rl.rlim_max);
-+
- 		/*
- 		 * Soft limit could be lower than current resource usage.
- 		 * This can be an issue on NetBSD with RLIMIT_STACK and ASLR.
diff --git a/sudo.rpmlintrc b/sudo.rpmlintrc
new file mode 100644
index 0000000..d7c57d7
--- /dev/null
+++ b/sudo.rpmlintrc
@@ -0,0 +1,16 @@
+# Sudo allows restricted root access for specified users. In other words,
+# it is a special package, which requires special permissions on on some
+# of the installed files.
+addFilter("missing-call-to-setgroups-before-setuid (/usr/bin/sudo|/usr/bin/sudoreplay|/usr/sbin/sudo_logsrvd|/usr/sbin/sudo_sendlog|/usr/libexec/sudo/sudoers.so|)$")
+
+addFilter("non-readable (/etc/sudo.conf|/etc/sudo_logsrvd.conf|/etc/sudoers|/usr/bin/sudoreplay) .*$")
+
+addFilter("non-standard-dir-perm (/etc/sudoers.d|/var/db/sudo|/var/db/sudo/lectured) .*$")
+
+addFilter("setuid-binary /usr/bin/sudo .*$")
+
+addFilter("non-standard-executable-perm (/usr/bin/sudo|/usr/bin/sudoreplay) .*$")
+
+addFilter("wrong-file-end-of-line-encoding /usr/share/doc/sudo/schema.ActiveDirectory$")
+
+addFilter("non-standard-dir-in-var db$")
diff --git a/sudo.spec b/sudo.spec
index bac08cd..af5f14d 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,13 +1,10 @@
-%global patchlevel b4
-%global upstream_version %{version}%{patchlevel}
-
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.0
-Release: 0.1.%{patchlevel}%{?dist}
+Version: 1.9.1
+Release: 1%{?dist}
 License: ISC
 URL: http://www.courtesan.com/sudo/
-Source0: https://www.sudo.ws/dist/beta/%{name}-%{upstream_version}.tar.gz
+Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
 Source1: sudoers
 Requires: pam
 Recommends: vim-minimal
@@ -27,8 +24,6 @@ BuildRequires: zlib-devel
 
 # don't strip
 Patch1: sudo-1.6.7p5-strip.patch
-# https://www.sudo.ws/repos/sudo/rev/1064b906ca68
-Patch2: sudo-1.9-RLIMIT_CORE.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -50,10 +45,9 @@ The %{name}-devel package contains header files developing sudo
 plugins that use %{name}.
 
 %prep
-%setup -q -n %{name}-%{upstream_version}
+%setup -q
 
 %patch1 -p1 -b .strip
-%patch2 -p1 -b .orig
 
 %build
 # Remove bundled copy of zlib
@@ -152,13 +146,15 @@ EOF
 
 
 %files -f sudo_all.lang
+%defattr(-,root,root)
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
 %config(noreplace) /etc/pam.d/sudo-i
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
-%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
-%attr(0644,root,root) /etc/sudo.conf
+%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
+%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
+%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo
@@ -205,6 +201,12 @@ EOF
 %{_mandir}/man8/sudo_plugin.8*
 
 %changelog
+* Wed Jul 08 2020 Attila Lakatos <alakatos@redhat.com> - 1.9.1-1
+- rebase to 1.9.1
+Resolves: rhbz#1848788
+- fix rpmlint errors
+Resolves: rhbz#1817139
+
 * Wed Mar 25 2020 Attila Lakatos <alakatos@redhat.com> - 1.9.0-0.1.b4
 - update to latest development version 1.9.0b4
 Resolves: rhbz#1816593