diff --git a/.gitignore b/.gitignore
index 7dad230..909d0a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ conntrack-tools-0.9.14.tar.bz2
 /conntrack-tools-1.4.2.tar.bz2
 /conntrack-tools-1.4.3.tar.bz2
 /conntrack-tools-1.4.4.tar.bz2
+/conntrack-tools-1.4.5.tar.bz2
diff --git a/conntrack-tools.spec b/conntrack-tools.spec
index 9cdf534..2e462a5 100644
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@@ -1,6 +1,7 @@
+%undefine _hardened_build
 Name:           conntrack-tools
-Version:        1.4.4
-Release:        8%{?dist}
+Version:        1.4.5
+Release:        1%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 Group:          System Environment/Base
 License:        GPLv2
@@ -9,14 +10,11 @@ Source0:        http://netfilter.org/projects/%{name}/files/%{name}-%{version}.t
 Source1:        conntrackd.service
 Source2:        conntrackd.conf
 
-Patch1:		conntrack-tools-1.4.4-nat_tuple-leak.patch
-Patch2:		conntrack-tools-1.4.4-free-pktb-after-use.patch
-
 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.6
 BuildRequires:  libnetfilter_cttimeout-devel >= 1.0.0, libnetfilter_cthelper-devel >= 1.0.0
 BuildRequires:  libmnl-devel >= 1.0.3, libnetfilter_queue-devel >= 1.0.2
-BuildRequires:  libtirpc-devel
+BuildRequires:  libtirpc-devel systemd-devel
 BuildRequires:  pkgconfig bison flex
 Provides:       conntrack = 1.0-1
 Obsoletes:      conntrack < 1.0-1
@@ -46,20 +44,22 @@ show an event message (one line) per newly established connection.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 
 %build
-%configure CPPFLAGS=-I/usr/include/tirpc LIBS=-ltirpc  --disable-static
+%configure --disable-static --enable-systemd
+sed -i "s/DEFAULT_INCLUDES = -I./DEFAULT_INCLUDES = -I. -I\/usr\/include\/tirpc/" src/helpers/Makefile
+CFLAGS="${CFLAGS} -Wl,-z,lazy"
+CXXFLAGS="${CXXFLAGS} -Wl,-z,lazy"
+
 %make_build
 chmod 644 doc/sync/primary-backup.sh
 rm -f doc/sync/notrack/conntrackd.conf.orig doc/sync/alarm/conntrackd.conf.orig doc/helper/conntrackd.conf.orig
 
 %install
 %make_install
-find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
+find %{buildroot} -type f -name "*.la" -exec rm -f {} ';'
 mkdir -p %{buildroot}%{_sysconfdir}/conntrackd
-install -d 0755 %{buildroot}%{_unitdir}
+install -d -m 0755 %{buildroot}%{_unitdir}
 install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
 install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 
@@ -87,6 +87,17 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 
 
 %changelog
+* Fri Dec 14 2018 Paul Wouters <pwouters@redhat.com> - 1.4.5-1
+- Disable hardening to really fix rhbz#1413408
+- Upgraded to 1.4.5
+
+* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 1.4.4-9
+- Resolves: rhbz#1413408 ct_helper_ftp not working
+  (I've reduced the hardening to use -z,lazy)
+- Eanbled systemd support
+- fixup harmless but broken mkdir in spec file
+- Don't override CPPFLAGS and LIBS, instead fixup src/helpers/Makefile
+
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
diff --git a/sources b/sources
index 6070221..5cd02c2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (conntrack-tools-1.4.4.tar.bz2) = f53bd620bfd4e854e792416527a3090d883c5f00d1d8365e52ce3ba204218dc431490703985d3fdae44decbcddb24ed610bf81a6a99bd7ea01482f95f71df0f5
+SHA512 (conntrack-tools-1.4.5.tar.bz2) = 480fe2cc4420bc8477a2ba67b3d052bcb39c6b3ec000cff27fc12db70b42ec94fa3b5fe12ee35d439e88d9a631a33cd12ae470b69dde6d371d4e53af62a2eed1