diff --git a/network/conntrack-tools/conntrack-tools-1.2.1-upstream-fixes.patch b/network/conntrack-tools/conntrack-tools-1.2.1-upstream-fixes.patch
new file mode 100644
index 000000000..e9fc56f7a
--- /dev/null
+++ b/network/conntrack-tools/conntrack-tools-1.2.1-upstream-fixes.patch
@@ -0,0 +1,169 @@
+# --- SDE-COPYRIGHT-NOTE-BEGIN ---
+# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
+#
+# Filename: package/.../conntrack-tools/conntrack-tools-1.2.1-upstream-fixes.patch
+# Copyright (C) 2012 The OpenSDE Project
+#
+# More information can be found in the files COPYING and README.
+#
+# This patch file is dual-licensed. It is available under the license the
+# patched project is licensed under, as long as it is an OpenSource license
+# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
+# of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+# --- SDE-COPYRIGHT-NOTE-END ---
+
+From fcd6f78d277113628205789c8aba9ab1f5152fc4 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 28 May 2012 12:28:40 +0200
+Subject: [PATCH] conntrackd: simplify TCP connection handling logic
+
+Before this patch, we called accept() to likely return EAGAIN.
+This is not required as select() will tell us that we're ready
+to accept. Therefore, that early accept() invocation complicates
+the whole handling just to get the connection accepted a bit
+before.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/tcp.c |   29 ++---------------------------
+ 1 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/tcp.c b/src/tcp.c
+index c551c54..f6b05ef 100644
+--- a/src/tcp.c
++++ b/src/tcp.c
+@@ -27,7 +27,7 @@
+ 
+ struct tcp_sock *tcp_server_create(struct tcp_conf *c)
+ {
+-	int yes = 1, ret;
++	int yes = 1;
+ 	struct tcp_sock *m;
+ 	socklen_t socklen = sizeof(int);
+ 
+@@ -109,30 +109,7 @@ struct tcp_sock *tcp_server_create(struct tcp_conf *c)
+ 		return NULL;
+ 	}
+ 
+-	/* now we accept new connections ... */
+-	ret = accept(m->fd, NULL, NULL);
+-	if (ret == -1) {
+-		if (errno != EAGAIN) {
+-			/* unexpected error, give up. */
+-			close(m->fd);
+-			free(m);
+-			m = NULL;
+-		} else {
+-			/* still in progress ... we'll do it in tcp_recv() */
+-			m->state = TCP_SERVER_ACCEPTING;
+-		}
+-	} else {
+-		/* very unlikely at this stage. */
+-		if (fcntl(ret, F_SETFL, O_NONBLOCK) == -1) {
+-			/* unexpected error, give up. */
+-			close(m->fd);
+-			free(m);
+-			return NULL;
+-		}
+-		m->client_fd = ret;
+-		m->state = TCP_SERVER_CONNECTED;
+-		register_fd(m->client_fd, STATE(fds));
+-	}
++	m->state = TCP_SERVER_ACCEPTING;
+ 
+ 	return m;
+ }
+@@ -367,7 +344,6 @@ ssize_t tcp_recv(struct tcp_sock *m, void *data, int size)
+ 			close(m->client_fd);
+ 			m->client_fd = -1;
+ 			m->state = TCP_SERVER_ACCEPTING;
+-			tcp_accept(m);
+ 		} else if (errno != EAGAIN) {
+ 			m->stats.error++;
+ 		}
+@@ -377,7 +353,6 @@ ssize_t tcp_recv(struct tcp_sock *m, void *data, int size)
+ 		close(m->client_fd);
+ 		m->client_fd = -1;
+ 		m->state = TCP_SERVER_ACCEPTING;
+-		tcp_accept(m);
+ 	}
+ 
+ 	if (ret >= 0) {
+-- 
+1.7.2.5
+
+From d44489648c1a56d543a84bbebe455227bb25cf34 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Mon, 28 May 2012 14:06:48 +0200
+Subject: [PATCH] conntrackd: fix compilation in src/parse.c
+
+Making all in src
+make[1]: Entering directory `/home/oden/RPM/BUILD/conntrack-tools-1.2.0/src'
+  CC     parse.o
+parse.c: In function 'msg2ct':
+parse.c:258:34: error: 'NULL' undeclared (first use in this function)
+parse.c:258:34: note: each undeclared identifier is reported only once for
+each function it appears in
+parse.c: In function 'msg2exp':
+parse.c:438:16: error: 'NULL' undeclared (first use in this function)
+
+Reported-by: Oden Eriksson <oeriksson@mandriva.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/parse.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/src/parse.c b/src/parse.c
+index 732bc44..1b83f81 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -19,6 +19,7 @@
+ 
+ #include "network.h"
+ 
++#include <stdlib.h>
+ #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+ 
+ #ifndef ssizeof
+-- 
+1.7.2.5
+
+From c88266b35ba130e804422ce2fe0da6704d620bd6 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sat, 16 Jun 2012 17:42:28 +0200
+Subject: [PATCH] doc: fix documentation on ExpectationSync and H.323 helper
+
+The H.323 helper is actually composed of three helpers:
+
+ras
+q.931
+h.245
+
+We have to specify those in the configuration file since h.323 is
+not any known helper itself.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ doc/manual/conntrack-tools.tmpl |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl
+index dbf836d..47e6f84 100644
+--- a/doc/manual/conntrack-tools.tmpl
++++ b/doc/manual/conntrack-tools.tmpl
+@@ -689,7 +689,9 @@ Sync {
+                ExpectationSync {
+                        ftp
+                        sip
+-                       h323
++                       ras    # for H.323
++                       q.931  # for H.323
++                       h.245  # for H.323
+                }
+        }
+ }</programlisting>
+-- 
+1.7.2.5
+