diff --git a/SOURCES/ldns-1.6.16-dsa.patch b/SOURCES/ldns-1.6.16-dsa.patch
new file mode 100644
index 0000000..318a69d
--- /dev/null
+++ b/SOURCES/ldns-1.6.16-dsa.patch
@@ -0,0 +1,28 @@
+diff -up ldns-1.6.16/keys.c.dsa ldns-1.6.16/keys.c
+--- ldns-1.6.16/keys.c.dsa	2012-08-31 14:03:18.000000000 +0200
++++ ldns-1.6.16/keys.c	2014-03-18 17:48:57.474128661 +0100
+@@ -1314,7 +1314,6 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ 	/* See RFC2536 */
+ 	*size = (uint16_t)BN_num_bytes(k->p);
+ 	T = (*size - 64) / 8;
+-	memcpy(data, &T, 1);
+ 
+ 	if (T > 8) {
+ 		fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
+@@ -1323,12 +1322,13 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ 	}
+ 
+ 	/* size = 64 + (T * 8); */
++	memset(data, 0, 21 + *size * 3);
+ 	data[0] = (unsigned char)T;
+ 	BN_bn2bin(k->q, data + 1 ); 		/* 20 octects */
+ 	BN_bn2bin(k->p, data + 21 ); 		/* offset octects */
+-	BN_bn2bin(k->g, data + 21 + *size); 	/* offset octets */
+-	BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
+-	*size = 21 + (*size * 3);
++	BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
++	BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
++	*size = 21 + *size * 3;
+ 	return true;
+ }
+ 
diff --git a/SPECS/ldns.spec b/SPECS/ldns.spec
index 406de5a..b4e2ba6 100644
--- a/SPECS/ldns.spec
+++ b/SPECS/ldns.spec
@@ -8,13 +8,14 @@
 Summary: Low-level DNS(SEC) library with API
 Name: ldns
 Version: 1.6.16
-Release: 7%{?dist}
+Release: 10%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/%{name}/
 Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
 Patch0: %{name}-1.6.16-uninitialized-value-compiler-warnings.patch
 Patch1: %{name}-1.6.16-multilib.patch
 Patch2: %{name}-1.6.16-manpage-fixes-bundle.patch
+Patch3: %{name}-1.6.16-dsa.patch
 Group: System Environment/Libraries
 BuildRequires: perl, libpcap-devel, openssl-devel, gcc-c++, doxygen,
 # for snapshots only
@@ -34,6 +35,7 @@ packets.
 Summary: Development package that includes the ldns header files
 Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
 
 %description devel
 The devel package contains the ldns library and the include files
@@ -62,30 +64,49 @@ This package contains documentation for the ldns library
 %patch0 -p2
 %patch1 -p1
 %patch2 -p1 -b .manpage
+%patch3 -p1
 # To built svn snapshots
 # rm config.guess config.sub ltmain.sh
 # aclocal
 # libtoolize -c --install
 # autoreconf --install
 
+# fixup .pc file
+sed -i "s/@includedir@/@includedir@\/ldns/" packaging/libldns.pc.in
+
 %build
 # as long as ECC is banned we cannot enable GOST or ECDSA
-%configure --disable-rpath --disable-static --disable-gost --disable-ecdsa \
- --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
+%configure \
+    --disable-rpath \
+    --disable-static \
+    --disable-gost \
+    --enable-ecdsa \
+    --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+    --with-ca-path=/etc/pki/tls/certs/ \
 %if %{with_python}
- --with-pyldns \
+    --with-pyldns \
 %endif
-  --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
-
-(cd drill ; %configure --disable-rpath --disable-static --disable-gost \
-   --disable-ecdsa \
-   --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
-   --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+    --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+
+(cd drill ;
+%configure \
+    --disable-rpath \
+    --disable-static \
+    --disable-gost \
+    --enable-ecdsa \
+    --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+    --with-ca-path=/etc/pki/tls/certs/ \
+    --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
 )
-(cd examples ; %configure --disable-rpath --disable-static --disable-gost \
-   --disable-ecdsa \
-   --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
-   --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+(cd examples ;
+%configure \
+    --disable-rpath \
+    --disable-static \
+    --disable-gost \
+    --enable-ecdsa \
+    --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+    --with-ca-path=/etc/pki/tls/certs/ \
+    --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
 )
 
 make %{?_smp_mflags} 
@@ -99,6 +120,9 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install 
 make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc
 
+# install pkg-config file
+install -D -m 644 packaging/libldns.pc %{buildroot}%{_libdir}/pkgconfig/ldns.pc
+
 # don't package xml files
 rm doc/*.xml
 # don't package building script for install-doc in doc section
@@ -127,6 +151,7 @@ rm -rf %{buildroot}
 %files devel
 %defattr(-,root,root,-)
 %{_libdir}/libldns*so
+%{_libdir}/pkgconfig/ldns.pc
 %{_bindir}/ldns-config
 %dir %{_includedir}/ldns
 %{_includedir}/ldns/*.h
@@ -146,6 +171,15 @@ rm -rf %{buildroot}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Wed May 18 2016 Pavel Šimerda <psimerda@redhat.com> - 1.6.16-10
+- Resolves: #1077799 - ldns could produce bad DSA sign
+
+* Tue May 17 2016 Tomas Hozza <thozza@redhat.com> - 1.6.16-9
+- Fix and install the .pc (pkg-config) file (#1096925)
+
+* Thu May 12 2016 Tomas Hozza <thozza@redhat.com> - 1.6.16-8
+- Enabled ECDSA support (#1265605)
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.6.16-7
 - Mass rebuild 2014-01-24