diff --git a/dns/dnsmasq-devel/Makefile b/dns/dnsmasq-devel/Makefile
index c0762595e608..3aac68108c56 100644
--- a/dns/dnsmasq-devel/Makefile
+++ b/dns/dnsmasq-devel/Makefile
@@ -1,149 +1,149 @@
 # Created by: Steven Honson
 
 PORTNAME=	dnsmasq
-DISTVERSION=	2.87test8
+DISTVERSION=	2.87test9
 # Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps:
-PORTREVISION=	1
+PORTREVISION=	0
 PORTEPOCH=	4 # attn - different between -devel and dnsmasq ports!
 CATEGORIES=	dns
 #MASTER_SITES=	https://www.thekelleys.org.uk/dnsmasq/release-candidates/ \
 #		LOCAL/mandree/
 MASTER_SITES=	https://www.thekelleys.org.uk/dnsmasq/test-releases/ \
 		LOCAL/mandree/
 PKGNAMESUFFIX=	-devel
 
 MAINTAINER=	mandree@FreeBSD.org
 COMMENT=	Lightweight DNS forwarder, DHCP, and TFTP server
 
 #IGNORE=		please use dns/dnsmasq, which is newer # re-enable after 2.87 release
 DEPRECATED=	Short-lived test branch, to be removed after v2.87 release
 
 LICENSE=	GPLv2
 
 USES=		cpe shebangfix tar:xz
 CPE_VENDOR=	thekelleys
 
 SHEBANG_FILES=	contrib/dnslist/dnslist.pl \
 		contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
 
 MAKE_ARGS=	CC="${CC}" \
 		CFLAGS="${CFLAGS}" \
 		COPTS="${CFLAGS}" \
 		LIBS="${LDFLAGS}" \
 		PREFIX="${PREFIX}" \
 		RPM_OPT_FLAGS="${CPPFLAGS}"
 CFLAGS+=	-Wall -Wno-unused-function -Wno-unused-parameter \
 		-Wno-unused-value -Wno-unused-variable
 CPPFLAGS+=	-I${LOCALBASE}/include
 
 CONFLICTS_INSTALL=	dnsmasq-2*
 PATCH_STRIP=		-p1
 SUB_FILES=		pkg-message
 
 PORTDOCS=	CHANGELOG CHANGELOG.archive FAQ doc.html setup.html
 
 OPTIONS_DEFINE=		DBUS DNSSEC DOCS IPSET IPV6 LUA
 OPTIONS_DEFAULT=	DNSSEC IPSET
 OPTIONS_RADIO=		INTL
 OPTIONS_RADIO_INTL=	IDN NLS
 OPTIONS_EXCLUDE+=	EXAMPLES
 
 DNSSEC_DESC=	Enable DNSSEC caching and validation (needs nettle)
 IDN_DESC=	IDN: Int'l Domain Names WITHOUT full NLS
 INTL_DESC=	Internationalization Support Level
 IPSET_DESC=	Dynamic firewall management of resolved names (needs PF)
 LUA_DESC=	Support lease-change scripts written in Lua
 NLS_DESC=	IDN+NLS: Int'l Domain Names & National Language support
 
 IPSET_CFLAGS_OFF=	-DNO_IPSET
 IPV6_CFLAGS_OFF=	-DNO_IPV6
 
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MNLS}
 USES+=		gettext gmake iconv pkgconfig
 CFLAGS+=	-DHAVE_LIBIDN2
 LIB_DEPENDS+=	libidn2.so:dns/libidn2
 PLIST_SUB+=	NLS=""
 ALL_TARGET=	all-i18n
 _intllibs=	-lidn2 -lintl
 .else
 _intllibs=
 PLIST_SUB+=	NLS="@comment "
 .if ${PORT_OPTIONS:MIDN}
 USES+=		iconv
 CFLAGS+=	-DHAVE_LIBIDN2
 LIB_DEPENDS+=	libidn2.so:dns/libidn2
 _intllibs+=	-lidn2
 .endif
 .endif
 
 .if ${PORT_OPTIONS:MDBUS}
 LIB_DEPENDS+=	libdbus-1.so:devel/dbus
 USES+=		pkgconfig
 CPPFLAGS+=	`pkg-config --cflags dbus-1`
 CFLAGS+=	-DHAVE_DBUS
 LDFLAGS+=	`pkg-config --libs dbus-1`
 .endif
 
 .if ${PORT_OPTIONS:MLUA}
 CPPFLAGS+=	-I${LUA_INCDIR}
 CFLAGS+=	-DHAVE_LUASCRIPT
 LDFLAGS+=	-L${LUA_LIBDIR} -llua-${LUA_VER}
 USES+=		lua pkgconfig
 .endif
 
 .if ${PORT_OPTIONS:MDNSSEC}
 CFLAGS+=	-DHAVE_DNSSEC -I${LOCALBASE}/include
 USES+=		pkgconfig
 LIB_DEPENDS+=	libgmp.so:math/gmp \
 		libnettle.so:security/nettle
 .endif
 
 USE_RC_SUBR=	dnsmasq
 
 .include <bsd.port.pre.mk>
 
 LDFLAGS+=	-L${LOCALBASE}/lib ${_intllibs} ${ICONV_LIB}
 
 post-patch:
 	${REINPLACE_CMD} -e '/^lua_/s/lua5\.2/lua-${LUA_VER}/' ${WRKSRC}/Makefile
 
 pre-configure: pretty-print-config
 .if ${PORT_OPTIONS:MIDN}
 .if empty(PORT_OPTIONS:MNLS)
 	@if ${READELF} -d ${LOCALBASE}/lib/libidn2.so \
 		| ${EGREP} -q '\<NEEDED\>.*\[libintl\.so' ; \
 	then ${ECHO} ; ${ECHO} 'WARNING: dns/libidn2 was compiled with NLS support!' ; \
 	${ECHO} 'Recompile libidn2 WITHOUT_NLS to get rid of NLS dependencies.' ; ${ECHO} ; \
 	fi
 .else
 	@${ECHO} 'WARNING: IDN and NLS enabled, building IDN WITH NLS.'
 .endif
 .endif
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/src/dnsmasq ${STAGEDIR}${PREFIX}/sbin
 	${INSTALL_DATA} ${WRKSRC}/dnsmasq.conf.example ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample
 	${REINPLACE_CMD} -i '' 's}%%PREFIX%%}${PREFIX}}' ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample
 	${INSTALL_MAN} ${WRKSRC}/man/${PORTNAME}.8 ${STAGEDIR}${PREFIX}/man/man8
 	${MKDIR} ${STAGEDIR}${DATADIR}
 	${INSTALL_DATA} ${WRKSRC}/trust-anchors.conf ${STAGEDIR}${DATADIR}/
 .if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}
 .endif
 .if ${PORT_OPTIONS:MNLS}
 .for i in de es fi fr id it no pl pt_BR ro
 	${MKDIR} ${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES
 	${INSTALL_DATA} ${WRKSRC}/src/${i}.mo \
 		${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES/${PORTNAME}.mo
 .endfor
 .endif
 	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq ${STAGEDIR}${EXAMPLESDIR}/dnslist
 	${INSTALL_SCRIPT} ${WRKSRC}/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq/
 	${INSTALL_SCRIPT} ${WRKSRC}/contrib/dnslist/dnslist.pl ${STAGEDIR}${EXAMPLESDIR}/dnslist/
 	${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dhcp.css ${STAGEDIR}${EXAMPLESDIR}/dnslist/
 	${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dnslist.tt2 ${STAGEDIR}${EXAMPLESDIR}/dnslist/
 
 .include <bsd.port.post.mk>
diff --git a/dns/dnsmasq-devel/distinfo b/dns/dnsmasq-devel/distinfo
index f2db25c3ecba..5b531933cfc6 100644
--- a/dns/dnsmasq-devel/distinfo
+++ b/dns/dnsmasq-devel/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1644432655
-SHA256 (dnsmasq-2.87test8.tar.xz) = cb7245f4726d5692dd27d8c5f8ece8b88c9995fc0d649fd76d2870f80b852369
-SIZE (dnsmasq-2.87test8.tar.xz) = 558724
+TIMESTAMP = 1660330300
+SHA256 (dnsmasq-2.87test9.tar.xz) = 325d2b953e06273cd7e0ed921b464203a4a26fae7a1afedd9b26528d25951fdf
+SIZE (dnsmasq-2.87test9.tar.xz) = 560708
diff --git a/dns/dnsmasq-devel/files/patch-CVE-2022-0934 b/dns/dnsmasq-devel/files/patch-CVE-2022-0934
deleted file mode 100644
index c063e15b2e34..000000000000
--- a/dns/dnsmasq-devel/files/patch-CVE-2022-0934
+++ /dev/null
@@ -1,175 +0,0 @@
-From dcc62a514092c8afeab4e502db9e65f03c2e1d47 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Tue, 22 Feb 2022 00:45:01 +0100
-Subject: [PATCH] Change message type by dedicated function
-
-Long-term pointer to beginning of message does not work well. I case
-outpacket is reallocated in any new_opt6() section, original outmsgtypep
-pointer becomes invalid. Instead of using that pointer use dedicated
-function, which will change just the first byte of the message.
-
-This makes sure correct beginning of packet is always used.
----
- src/dnsmasq.h   |  1 +
- src/outpacket.c | 11 +++++++++++
- src/rfc3315.c   | 29 ++++++++++++++---------------
- 3 files changed, 26 insertions(+), 15 deletions(-)
-
-diff --git a/src/dnsmasq.h b/src/dnsmasq.h
-index 51a1aa6..c1c75c1 100644
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -1736,6 +1736,7 @@ void put_opt6_long(unsigned int val);
- void put_opt6_short(unsigned int val);
- void put_opt6_char(unsigned int val);
- void put_opt6_string(char *s);
-+void put_msgtype6(unsigned int val);
- #endif
- 
- /* radv.c */
-diff --git a/src/outpacket.c b/src/outpacket.c
-index abb3a3a..f322811 100644
---- a/src/outpacket.c
-+++ b/src/outpacket.c
-@@ -115,4 +115,15 @@ void put_opt6_string(char *s)
-   put_opt6(s, strlen(s));
- }
- 
-+void put_msgtype6(unsigned int val)
-+{
-+  if (outpacket_counter == 0)
-+    put_opt6_char(val);
-+  else
-+    {
-+      unsigned char *p = daemon->outpacket.iov_base;
-+      *p = val;
-+    }
-+}
-+
- #endif
-diff --git a/src/rfc3315.c b/src/rfc3315.c
-index cee8382..baeb51e 100644
---- a/src/rfc3315.c
-+++ b/src/rfc3315.c
-@@ -110,7 +110,6 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
-   void *end = inbuff + sz;
-   void *opts = inbuff + 34;
-   int msg_type = *((unsigned char *)inbuff);
--  unsigned char *outmsgtypep;
-   void *opt;
-   struct dhcp_vendor *vendor;
- 
-@@ -192,9 +191,9 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
-     return 0;
-   
-   /* copy header stuff into reply message and set type to reply */
--  if (!(outmsgtypep = put_opt6(inbuff, 34)))
-+  if (!put_opt6(inbuff, 34))
-     return 0;
--  *outmsgtypep = DHCP6RELAYREPL;
-+  put_msgtype6(DHCP6RELAYREPL);
- 
-   /* look for relay options and set tags if found. */
-   for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next)
-@@ -267,7 +266,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-   struct dhcp_netid *tagif;
-   struct dhcp_config *config = NULL;
-   struct dhcp_netid known_id, iface_id, v6_id;
--  unsigned char *outmsgtypep;
-+  unsigned char *xid;
-   struct dhcp_vendor *vendor;
-   struct dhcp_context *context_tmp;
-   struct dhcp_mac *mac_opt;
-@@ -297,10 +296,10 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-   state->tags = &v6_id;
- 
-   /* copy over transaction-id, and save pointer to message type */
--  if (!(outmsgtypep = put_opt6(inbuff, 4)))
-+  if (!(xid = put_opt6(inbuff, 4)))
-     return 0;
-   start_opts = save_counter(-1);
--  state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
-+  state->xid = xid[3] | xid[2] << 8 | xid[1] << 16;
-    
-   /* We're going to be linking tags from all context we use. 
-      mark them as unused so we don't link one twice and break the list */
-@@ -347,7 +346,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-       (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
-     
-     {  
--      *outmsgtypep = DHCP6REPLY;
-+      put_msgtype6(DHCP6REPLY);
-       o1 = new_opt6(OPTION6_STATUS_CODE);
-       put_opt6_short(DHCP6USEMULTI);
-       put_opt6_string("Use multicast");
-@@ -619,11 +618,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	struct dhcp_netid *solicit_tags;
- 	struct dhcp_context *c;
- 	
--	*outmsgtypep = DHCP6ADVERTISE;
-+	put_msgtype6(DHCP6ADVERTISE);
- 	
- 	if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
- 	  {
--	    *outmsgtypep = DHCP6REPLY;
-+	    put_msgtype6(DHCP6REPLY);
- 	    state->lease_allocate = 1;
- 	    o = new_opt6(OPTION6_RAPID_COMMIT);
- 	    end_opt6(o);
-@@ -809,7 +808,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int start = save_counter(-1);
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	state->lease_allocate = 1;
- 
- 	log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
-@@ -924,7 +923,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int address_assigned = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
- 
-@@ -1057,7 +1056,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	int good_addr = 0;
- 
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
- 	
-@@ -1121,7 +1120,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
- 	log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
- 	if (ignore)
- 	  return 0;
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	tagif = add_options(state, 1);
- 	break;
-       }
-@@ -1130,7 +1129,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6RELEASE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 
- 	log6_quiet(state, "DHCPRELEASE", NULL, NULL);
- 
-@@ -1195,7 +1194,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
-     case DHCP6DECLINE:
-       {
- 	/* set reply message type */
--	*outmsgtypep = DHCP6REPLY;
-+	put_msgtype6(DHCP6REPLY);
- 	
- 	log6_quiet(state, "DHCPDECLINE", NULL, NULL);
- 
--- 
-2.34.1
-