diff --git a/bin/yunomdns b/bin/yunomdns
index 661c7c71f..1bdcf88ca 100755
--- a/bin/yunomdns
+++ b/bin/yunomdns
@@ -24,7 +24,9 @@ def get_network_local_interfaces() -> Dict[str, Dict[str, List[str]]]:
             "ipv4": [
                 ip.ip
                 for ip in adapter.ips
-                if ip.is_IPv4 and ip_address(ip.ip).is_private
+                if ip.is_IPv4
+                and ip_address(ip.ip).is_private
+                and not ip_address(ip.ip).is_link_local
             ],
             "ipv6": [
                 ip.ip[0]
diff --git a/conf/dnsmasq/dnsmasq.conf.tpl b/conf/dnsmasq/dnsmasq.conf.tpl
new file mode 100644
index 000000000..eece530dc
--- /dev/null
+++ b/conf/dnsmasq/dnsmasq.conf.tpl
@@ -0,0 +1,10 @@
+domain-needed
+expand-hosts
+localise-queries
+
+{% set interfaces = wireless_interfaces.strip().split(' ') %}
+{% for interface in interfaces %}
+interface={{ interface }}
+{% endfor %}
+resolv-file=/etc/resolv.dnsmasq.conf
+cache-size=256
diff --git a/conf/dnsmasq/domain.tpl b/conf/dnsmasq/domain.tpl
index c4bb56d1d..50b946176 100644
--- a/conf/dnsmasq/domain.tpl
+++ b/conf/dnsmasq/domain.tpl
@@ -1,5 +1,8 @@
-host-record={{ domain }},{{ ipv4 }}
-host-record=xmpp-upload.{{ domain }},{{ ipv4 }}
+{% set interfaces_list = interfaces.split(' ') %}
+{% for interface in interfaces_list %}
+interface-name={{ domain }},{{ interface }}
+interface-name=xmpp-upload.{{ domain }},{{ interface }}
+{% endfor %}
 {% if ipv6 %}
 host-record={{ domain }},{{ ipv6 }}
 host-record=xmpp-upload.{{ domain }},{{ ipv6 }}
diff --git a/conf/dnsmasq/plain/dnsmasq.conf b/conf/dnsmasq/plain/dnsmasq.conf
deleted file mode 100644
index 12a14048a..000000000
--- a/conf/dnsmasq/plain/dnsmasq.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-domain-needed
-expand-hosts
-
-listen-address=127.0.0.1
-resolv-file=/etc/resolv.dnsmasq.conf
-cache-size=256
diff --git a/debian/changelog b/debian/changelog
index 0e05adc3e..b90838102 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,41 @@ yunohost (11.0.0~alpha) unstable; urgency=low
 
  -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Feb 2021 00:02:38 +0100
 
+yunohost (4.3.4.1) stable; urgency=low
+
+  - [fix] regenconf: Force permission on /etc/resolv.dnsmasq.conf to fix an issue on some setup with umask=027 (5881938c)
+  - [fix] regenconf: Typo in custom mdns alias regen conf (b3df36dd)
+  - [fix] regenconf: Try to fix the return line bug in dnsmasq conf ([#1385](https://github.com/YunoHost/yunohost/pull/1385))
+
+  Thanks to all contributors <3 ! (ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 21:15:29 +0100
+
+yunohost (4.3.4) stable; urgency=low
+
+  - [fix] apps: Allow tilde in username/organization for repo URLs ([#1382](https://github.com/YunoHost/yunohost/pull/1382))
+  - [fix] misc: /etc/yunohost permissions broken on some setups (6488b4f6)
+  - [fix] mdns: Don't add yunohost.local in config if it's already among the yunohost domains (c4962834)
+  - [enh] dnsmasq: Tweak conf for better support of some stuff like the hotspot app ([#1383](https://github.com/YunoHost/yunohost/pull/1383))
+
+  Thanks to all contributors <3 ! (ljf, tituspijean)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 00:53:16 +0100
+
+yunohost (4.3.3) stable; urgency=low
+
+  - [fix] log: fix dump_script_log_extract_for_debugging displaying wrong log snippet during failed upgrade ([#1376](https://github.com/YunoHost/yunohost/pull/1376))
+  - [fix] certificate: fix stupid certificate/diagnosis issue with subdomains of ynh domains (7c569d16)
+  - [fix] diagnosis: Read DNS Blacklist answer and compare it against list of non-BL codes ([#1375](https://github.com/YunoHost/yunohost/pull/1375))
+  - [enh] helpers: Update n to 8.0.0 ([#1372](https://github.com/YunoHost/yunohost/pull/1372))
+  - [fix] helpers: Make ynh_add_fpm_config more robust to some edge cases (51d5dca0)
+  - [fix] backup: conf_ynh_settings backup/restore hook, /etc/yunohost/domains may not exist (38f5352f)
+  - [i18n] Translations updated for Basque, Chinese (Simplified), Indonesian, Italian, Ukrainian
+
+  Thanks to all contributors <3 ! (dagangtie, ericgaspar, Félix Piédallu, Flavio Cristoforetti, liimee, punkrockgirl, Romain Thouvenin, Tommi, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 14 Nov 2021 22:55:16 +0100
+
 yunohost (4.3.2.2) stable; urgency=low
 
   - [fix] nginx: Try to fix again the webadmin cache hell (74e2a51e)
diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index d73a899da..e2924bd6d 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -170,6 +170,9 @@ do_post_regen() {
     chown admin:root /home/yunohost.backup
     chown admin:root /home/yunohost.backup/archives
 
+    # NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs
+    chmod 755 /etc/yunohost
+
     # Certs
     # We do this with find because there could be a lot of them...
     chown -R root:ssl-cert /etc/yunohost/certs
diff --git a/hooks/conf_regen/37-mdns b/hooks/conf_regen/37-mdns
index ff674c391..246b5b469 100755
--- a/hooks/conf_regen/37-mdns
+++ b/hooks/conf_regen/37-mdns
@@ -4,14 +4,18 @@ set -e
 
 _generate_config() {
     echo "domains:"
-    echo "    - yunohost.local"
+    # Add yunohost.local (only if yunohost.local ain't already in ynh_domains)
+    if ! echo "$YNH_DOMAINS"  | tr ' ' '\n' | grep -q --line-regexp 'yunohost.local'
+    then
+        echo "    - yunohost.local"
+    fi
     for domain in $YNH_DOMAINS; do
         # Only keep .local domains (don't keep
         [[ "$domain" =~ [^.]+\.[^.]+\.local$ ]] && echo "Subdomain $domain cannot be handled by Bonjour/Zeroconf/mDNS" >&2
         [[ "$domain" =~ ^[^.]+\.local$ ]] || continue
         echo "    - $domain"
     done
-    if [[ -e /etc/yunohot/mdns.aliases ]]
+    if [[ -e /etc/yunohost/mdns.aliases ]]
     then
         for localalias in $(cat /etc/yunohost/mdns.aliases | grep -v "^ *$")
         do
diff --git a/hooks/conf_regen/43-dnsmasq b/hooks/conf_regen/43-dnsmasq
index 406762ecb..31f14a701 100755
--- a/hooks/conf_regen/43-dnsmasq
+++ b/hooks/conf_regen/43-dnsmasq
@@ -14,9 +14,8 @@ do_pre_regen() {
     etcdefault_dir="${pending_dir}/etc/default"
     mkdir -p "$etcdefault_dir"
 
-    # add general conf files
+    # add default conf files
     cp plain/etcdefault ${pending_dir}/etc/default/dnsmasq
-    cp plain/dnsmasq.conf ${pending_dir}/etc/dnsmasq.conf
 
     # add resolver file
     cat plain/resolv.dnsmasq.conf | grep "^nameserver" | shuf >${pending_dir}/etc/resolv.dnsmasq.conf
@@ -26,11 +25,22 @@ do_pre_regen() {
     ynh_validate_ip4 "$ipv4" || ipv4='127.0.0.1'
     ipv6=$(curl -s -6 https://ip6.yunohost.org 2>/dev/null || true)
     ynh_validate_ip6 "$ipv6" || ipv6=''
+    interfaces="$(ip -j addr show | jq -r '[.[].ifname]|join(" ")')"
+    wireless_interfaces="lo"
+    for dev in $(ls /sys/class/net); do
+        if [ -d "/sys/class/net/$dev/wireless" ]; then
+            wireless_interfaces+=" $dev"
+        fi
+    done
 
-    export ipv4
-    export ipv6
+    # General configuration
+    export wireless_interfaces
+    ynh_render_template "dnsmasq.conf.tpl" "${pending_dir}/etc/dnsmasq.conf"
 
     # add domain conf files
+    export interfaces
+    export ipv4
+    export ipv6
     for domain in $YNH_DOMAINS; do
         [[ ! $domain =~ \.local$ ]] || continue
         export domain
@@ -51,6 +61,9 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
+    # Force permission (to cover some edge cases where root's umask is like 027 and then dnsmasq cant read this file)
+    chown 644 /etc/resolv.dnsmasq.conf
+
     # Fuck it, those domain/search entries from dhclient are usually annoying
     # lying shit from the ISP trying to MiTM
     if grep -q -E "^ *(domain|search)" /run/resolvconf/resolv.conf; then
diff --git a/locales/gl.json b/locales/gl.json
index 14351b388..79fd24330 100644
--- a/locales/gl.json
+++ b/locales/gl.json
@@ -671,4 +671,4 @@
     "ldap_attribute_already_exists": "Xa existe o atributo LDAP '{attribute}' con valor '{value}'",
     "log_domain_config_set": "Actualizar configuración para o dominio '{}'",
     "domain_unknown": "Dominio '{domain}' descoñecido"
-}
\ No newline at end of file
+}
diff --git a/src/app.py b/src/app.py
index 352407baa..27cf7caec 100644
--- a/src/app.py
+++ b/src/app.py
@@ -78,7 +78,7 @@ re_app_instance_name = re.compile(
 )
 
 APP_REPO_URL = re.compile(
-    r"^https://[a-zA-Z0-9-_.]+/[a-zA-Z0-9-_./]+/[a-zA-Z0-9-_.]+_ynh(/?(-/)?tree/[a-zA-Z0-9-_.]+)?(\.git)?/?$"
+    r"^https://[a-zA-Z0-9-_.]+/[a-zA-Z0-9-_./~]+/[a-zA-Z0-9-_.]+_ynh(/?(-/)?tree/[a-zA-Z0-9-_.]+)?(\.git)?/?$"
 )
 
 APP_FILES_TO_COPY = [
diff --git a/src/tests/test_appurl.py b/src/tests/test_appurl.py
index 7b4c6e2e3..00bfe5c58 100644
--- a/src/tests/test_appurl.py
+++ b/src/tests/test_appurl.py
@@ -70,6 +70,7 @@ def test_repo_url_definition():
     )
     assert _is_app_repo_url("https://github.com/YunoHost-Apps/foobar_ynh/tree/1.23.4")
     assert _is_app_repo_url("git@github.com:YunoHost-Apps/foobar_ynh.git")
+    assert _is_app_repo_url("https://git.super.host/~max/foobar_ynh")
 
     assert not _is_app_repo_url("github.com/YunoHost-Apps/foobar_ynh")
     assert not _is_app_repo_url("http://github.com/YunoHost-Apps/foobar_ynh")