diff --git a/.gitignore b/.gitignore
index ce77334..3550079 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 /dnssec-trigger-0.12.tar.gz
 /dnssec-trigger-0.13_20150714.tar.gz
 /dnssec-trigger-0.13.tar.gz
+/dnssec-trigger-0.15.tar.gz
diff --git a/dnssec-trigger-0.13-hints-update.patch b/dnssec-trigger-0.13-hints-update.patch
deleted file mode 100644
index 349105b..0000000
--- a/dnssec-trigger-0.13-hints-update.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From fab878a1eba7221c718b74b47ac74fc67066ee57 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Fri, 18 Aug 2017 12:04:14 +0200
-Subject: [PATCH 2/2] Update root servers IPs
-
----
- riggerd/probe.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/riggerd/probe.c b/riggerd/probe.c
-index a443d5f..262e618 100644
---- a/riggerd/probe.c
-+++ b/riggerd/probe.c
-@@ -176,7 +176,7 @@ get_random_auth_ip4(void)
- 		"192.203.230.10", /* e */
- 		"192.5.5.241", /* f */
- 		"192.112.36.4", /* g */
--		"128.63.2.53", /* h */
-+		"198.97.190.53", /* h */
- 		"192.36.148.17", /* i */
- 		"192.58.128.30", /* j */
- 		"193.0.14.129", /* k */
-@@ -193,17 +193,20 @@ get_random_auth_ip6(void)
- 	/* list of root servers */
- 	const char* choices[] = {
- 		"2001:503:ba3e::2:30", /* a */
-+		"2001:500:200::b", /* b */
- 		"2001:500:2::c", /* c */
- 		"2001:500:2d::d", /* d */
-+		"2001:500:a8::e", /* e */
- 		"2001:500:2f::f", /* f */
--		"2001:500:1::803f:235", /* h */
-+		"2001:500:12::d0d", /* g */
-+		"2001:500:1::53", /* h */
- 		"2001:7fe::53", /* i */
- 		"2001:503:c27::2:30", /* j */
- 		"2001:7fd::1", /* k */
--		"2001:500:3::42", /* l */
-+		"2001:500:9f::42", /* l */
- 		"2001:dc3::35" /* m */
- 	};
--	return choices[ ldns_get_random() % 10 ];
-+	return choices[ ldns_get_random() % 13 ];
- }
- 
- static const char* get_random_tcp80_ip4(struct cfg* cfg)
--- 
-2.9.5
-
diff --git a/dnssec-trigger-0.13-openssl-1.1.0-fixup.patch b/dnssec-trigger-0.13-openssl-1.1.0-fixup.patch
deleted file mode 100644
index d84ad7e..0000000
--- a/dnssec-trigger-0.13-openssl-1.1.0-fixup.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 2fcc4bce2043149074bcf09fcb8ee3a0c7bc2348 Mon Sep 17 00:00:00 2001
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Mon, 7 Nov 2016 20:59:11 +0000
-Subject: [PATCH 1/8] dnssec-trigger: openssl 1.1.0 fixup
-
-- SSL_OP_NO_SSLv2 / SSLv2 has been removed from openssl 1.1.0 and as
-  such it can't be tested (the way it is) if disabling it worked.
-
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- riggerd/cfg.c      | 2 ++
- riggerd/net_help.c | 2 ++
- riggerd/svr.c      | 2 ++
- 3 files changed, 6 insertions(+)
-
-diff --git a/riggerd/cfg.c b/riggerd/cfg.c
-index 03f4f73..08b2028 100644
---- a/riggerd/cfg.c
-+++ b/riggerd/cfg.c
-@@ -540,9 +540,11 @@ cfg_setup_ctx_client(struct cfg* cfg, char* err, size_t errlen)
- 	if(!ctx)
- 		return ctx_err_ret(ctx, err, errlen,
- 			"could not allocate SSL_CTX pointer");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000
- 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
- 		return ctx_err_ret(ctx, err, errlen, 
- 			"could not set SSL_OP_NO_SSLv2");
-+#endif
- 	if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
- 		!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
- 		|| !SSL_CTX_check_private_key(ctx))
-diff --git a/riggerd/net_help.c b/riggerd/net_help.c
-index 0f0d1d0..c469894 100644
---- a/riggerd/net_help.c
-+++ b/riggerd/net_help.c
-@@ -447,11 +447,13 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
- 		return NULL;
- 	}
- 	/* no SSLv2 because has defects */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000
- 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
- 		SSL_CTX_free(ctx);
- 		return NULL;
- 	}
-+#endif
- 	if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
- 		log_err("error for cert file: %s", pem);
- 		log_crypto_err("error in SSL_CTX use_certificate_file");
-diff --git a/riggerd/svr.c b/riggerd/svr.c
-index 272dc2e..e7e618f 100644
---- a/riggerd/svr.c
-+++ b/riggerd/svr.c
-@@ -162,10 +162,12 @@ static int setup_ssl_ctx(struct svr* s)
- 		return 0;
- 	}
- 	/* no SSLv2 because has defects */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000
- 	if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
- 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
- 		return 0;
- 	}
-+#endif
- 	s_cert = s->cfg->server_cert_file;
- 	s_key = s->cfg->server_key_file;
- 	verbose(VERB_ALGO, "setup SSL certificates");
--- 
-2.7.4
-
diff --git a/dnssec-trigger-0.13-remove-kr.com-probe.patch b/dnssec-trigger-0.13-remove-kr.com-probe.patch
deleted file mode 100644
index a3eec65..0000000
--- a/dnssec-trigger-0.13-remove-kr.com-probe.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 3ad04ca4b4080e314b9ea05c577e8bfe5e88804f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Fri, 18 Aug 2017 12:00:20 +0200
-Subject: [PATCH 1/2] Remove kr.com because of DNSSEC failures
-
----
- riggerd/probe.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/riggerd/probe.c b/riggerd/probe.c
-index dcd83dd..a443d5f 100644
---- a/riggerd/probe.c
-+++ b/riggerd/probe.c
-@@ -156,8 +156,8 @@ get_random_dest(void)
- static const char*
- get_random_nsec3_dest(void)
- {
--	const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.kr.com.", "_probe.uk.net." };
--	return choices[ ldns_get_random() % 4 ];
-+	const char* choices[] = { "_probe.us.com.", "_probe.uk.com.", "_probe.uk.net." };
-+	return choices[ ldns_get_random() % 3 ];
- }
- 
- /** the NSEC3 qtype to elicit it (a nodata answer) */
--- 
-2.9.5
-
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index c666f9b..953ff2e 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -4,8 +4,8 @@
 
 Summary: Tool for dynamic reconfiguration of validating resolver Unbound
 Name: dnssec-trigger
-Version: 0.13
-Release: 6%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
+Version: 0.15
+Release: 1%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
 
@@ -20,10 +20,6 @@ Source2: dnssec-trigger-default.conf
 Source3: dnssec-trigger-workstation.conf
 
 # Patches
-# https://github.com/oerdnj/dnssec-trigger/commit/2fcc4bce2043149074bcf09fcb8ee3a0c7bc2348
-Patch0:  dnssec-trigger-0.13-openssl-1.1.0-fixup.patch
-Patch1:  dnssec-trigger-0.13-remove-kr.com-probe.patch
-Patch2:  dnssec-trigger-0.13-hints-update.patch
 
 # to obsolete the version in which the panel was in main package
 Obsoletes: %{name} < 0.12-22
@@ -40,6 +36,9 @@ Requires: NetworkManager >= 0.9.9.0-40
 %endif
 %endif
 Requires: ldns >= 1.6.10, NetworkManager-glib, unbound
+# needed by /usr/sbin/dnssec-trigger-control-setup
+# otherwise it ends with error: /usr/sbin/dnssec-trigger-control-setup: line 180: openssl: command not found
+Requires: openssl
 BuildRequires: openssl-devel, ldns-devel, python3-devel
 BuildRequires: NetworkManager-devel
 
@@ -80,9 +79,6 @@ some user input is needed, the panel creates a dialog window.
 # don't use DNSSEC for forward zones for now
 sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
 
-%patch0 -p1 -b .openssl-110-fixup
-%patch1 -p1
-%patch2 -p1
 
 %build
 %configure  \
@@ -187,6 +183,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Mon Dec 11 2017 Tomas Hozza <thozza@redhat.com> - 0.15-1
+- Update to stable 0.15 upstream release
+
 * Fri Aug 18 2017 Petr Menšík <pemensik@redhat.com> - 0.13-6
 - Skip always failing kr.com, update root IPs (#1482939)
 
diff --git a/sources b/sources
index 9cb78de..c7b5358 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (dnssec-trigger-0.13.tar.gz) = 0d42625a71bfda8484fa67afa129bccb2002d28b96d5267a9862a1a4bf51e0e3b12f3205a79d5977449c43c25a1ab1c66cea8cc0e8fd95763a1fe5b3674f437c
+SHA512 (dnssec-trigger-0.15.tar.gz) = 5ce7d7fe9049f14afbb2075a764ae8f44e773801e6ebd7f4eb2bd4cfc07a338db7aa5b666ccad40da1f1528160bab9706cf8015b800f2e23c4b6e3639793a846