diff --git a/.gitignore b/.gitignore
index c3f287a..9beb257 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
-/qtbase-opensource-src-5.9.2.tar.xz
-/qtbase-opensource-src-5.9.3.tar.xz
+/qtbase-opensource-src-5.9.4.tar.xz
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 1b127d7..3693d02 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -54,8 +54,8 @@ BuildRequires: pkgconfig(libsystemd)
 
 Name:    qt5-qtbase
 Summary: Qt5 - QtBase components
-Version: 5.9.3
-Release: 2%{?dist}
+Version: 5.9.4
+Release: 1%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -116,7 +116,6 @@ Patch66: qtbase-mariadb.patch
 Patch67: https://bugreports.qt.io/secure/attachment/66353/xcberror_filter.patch
 
 ## upstream patches (5.9 branch)
-Patch100: qtbase-opensource-src-5.9.3-QTBUG-64742-out-of-bounds-in-qdnslookup_unix.patch
 
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -131,8 +130,6 @@ BuildRequires: cups-devel
 BuildRequires: desktop-file-utils
 BuildRequires: findutils
 BuildRequires: libjpeg-devel
-BuildRequires: libmng-devel
-BuildRequires: libtiff-devel
 BuildRequires: pkgconfig(alsa)
 # required for -accessibility
 BuildRequires: pkgconfig(atspi-2)
@@ -363,7 +360,6 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %endif
 %patch66 -p1 -b .mariadb
 %patch67 -p1 -b .xcberror_filter
-%patch100 -p1 -b .QTBUG-64742-out-of-bounds-in-qdnslookup_unix
 
 %if 0%{?inject_optflags}
 ## adjust $RPM_OPT_FLAGS
@@ -523,7 +519,7 @@ translationdir=%{_qt5_translationdir}
 
 Name: Qt5
 Description: Qt5 Configuration
-Version: 5.9.2
+Version: 5.9.4
 EOF
 
 # rpm macros
@@ -981,6 +977,9 @@ fi
 
 
 %changelog
+* Tue Jan 23 2018 Rex Dieter <rdieter@fedoraproject.org> - 5.9.4-1
+- 5.9.4
+
 * Thu Nov 30 2017 Than Ngo <than@redhat.com> - 5.9.3-2
 - bz#1518958, backport to fix out of bounds reads in qdnslookup_unix
 
diff --git a/qtbase-opensource-src-5.9.3-QTBUG-64742-out-of-bounds-in-qdnslookup_unix.patch b/qtbase-opensource-src-5.9.3-QTBUG-64742-out-of-bounds-in-qdnslookup_unix.patch
deleted file mode 100644
index 6a1ce13..0000000
--- a/qtbase-opensource-src-5.9.3-QTBUG-64742-out-of-bounds-in-qdnslookup_unix.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-diff -up qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp.orig qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp
---- qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp.orig	2017-11-16 06:15:28.000000000 +0100
-+++ qtbase-opensource-src-5.9.3/src/network/kernel/qdnslookup_unix.cpp	2017-11-30 09:22:47.525741040 +0100
-@@ -42,6 +42,7 @@
- #if QT_CONFIG(library)
- #include <qlibrary.h>
- #endif
-+#include <qvarlengtharray.h>
- #include <qscopedpointer.h>
- #include <qurl.h>
- #include <private/qnativesocketengine_p.h>
-@@ -58,6 +59,8 @@
- #  include <gnu/lib-names.h>
- #endif
- 
-+#include <cstring>
-+
- QT_BEGIN_NAMESPACE
- 
- #if QT_CONFIG(library)
-@@ -189,11 +192,25 @@ void QDnsLookupRunnable::query(const int
-     QScopedPointer<struct __res_state, QDnsLookupStateDeleter> state_ptr(&state);
- 
-     // Perform DNS query.
--    unsigned char response[PACKETSZ];
--    memset(response, 0, sizeof(response));
--    const int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, response, sizeof(response));
-+    QVarLengthArray<unsigned char, PACKETSZ> buffer(PACKETSZ);
-+    memset(buffer.data(), 0, buffer.size());
-+    int responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
-+    if (Q_UNLIKELY(responseLength > PACKETSZ)) {
-+        buffer.resize(responseLength);
-+        memset(buffer.data(), 0, buffer.size());
-+        responseLength = local_res_nquery(&state, requestName, C_IN, requestType, buffer.data(), buffer.size());
-+        if (Q_UNLIKELY(responseLength > buffer.size())) {
-+            // Ok, we give up.
-+            reply->error = QDnsLookup::ResolverError;
-+            reply->errorString.clear(); // We cannot be more specific, alas.
-+            return;
-+        }
-+    }
- 
--    // Check the response header.
-+    unsigned char *response = buffer.data();
-+    // Check the response header. Though res_nquery returns -1 as a
-+    // responseLength in case of error, we still can extract the
-+    // exact error code from the response.
-     HEADER *header = (HEADER*)response;
-     const int answerCount = ntohs(header->ancount);
-     switch (header->rcode) {
diff --git a/sources b/sources
index 8bb4ec0..c1d5505 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (qtbase-opensource-src-5.9.3.tar.xz) = 256ffb8760e94c0f87790ed35e210d0c9613e14314ff442dd763cc93fbd5caa6c11c95f5d44b12a7687fb93c9f857878132cf6d76e5933f647ca7beb54b18c7c
+SHA512 (qtbase-opensource-src-5.9.4.tar.xz) = 82be3af6cbe83458a17a5dc53b9f57e56d9c1dbc1bae11e36c5a44e11b1f4cf62ef609cb775f55bfad7be38fbfeffc9cf12dd557bf7c64cbd26634c024a394dd