diff --git a/.cvsignore b/.cvsignore
index 26fabac..5894750 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -6,3 +6,4 @@ iptables-1.4.2.tar.bz2
 iptables-1.4.3.1.tar.bz2
 iptables-1.4.3.2.tar.bz2
 iptables-1.4.4.tar.bz2
+iptables-1.4.5.tar.bz2
diff --git a/iptables-1.4.1.1-cloexec.patch b/iptables-1.4.1.1-cloexec.patch
deleted file mode 100644
index 8ad90fa..0000000
--- a/iptables-1.4.1.1-cloexec.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-diff -up iptables-1.4.1.1/extensions/libipt_realm.c.cloexec iptables-1.4.1.1/extensions/libipt_realm.c
---- iptables-1.4.1.1/extensions/libipt_realm.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/extensions/libipt_realm.c	2008-07-22 16:46:21.000000000 +0200
-@@ -50,7 +50,7 @@ static void load_realms(void)
- 	int id;
- 	struct realmname *oldnm = NULL, *newnm = NULL;
- 
--	fil = fopen(rfnm, "r");
-+	fil = fopen(rfnm, "re");
- 	if (!fil) {
- 		rdberr = 1;
- 		return;
-@@ -256,7 +256,7 @@ static struct xtables_match realm_mt_reg
- 	.extra_opts	= realm_opts,
- };
- 
--void _init(void)
-+void __attribute((constructor)) nf_ext_init(void)
- {
- 	xtables_register_match(&realm_mt_reg);
- }
-diff -up iptables-1.4.1.1/ip6tables-restore.c.cloexec iptables-1.4.1.1/ip6tables-restore.c
---- iptables-1.4.1.1/ip6tables-restore.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/ip6tables-restore.c	2008-07-22 16:46:21.000000000 +0200
-@@ -172,7 +172,7 @@ int main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.1.1/ip6tables-save.c.cloexec iptables-1.4.1.1/ip6tables-save.c
---- iptables-1.4.1.1/ip6tables-save.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/ip6tables-save.c	2008-07-22 16:46:21.000000000 +0200
-@@ -40,7 +40,7 @@ static int for_each_table(int (*func)(co
- 	FILE *procfile = NULL;
- 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
- 
--	procfile = fopen("/proc/net/ip6_tables_names", "r");
-+	procfile = fopen("/proc/net/ip6_tables_names", "re");
- 	if (!procfile)
- 		exit_error(OTHER_PROBLEM,
- 			   "Unable to open /proc/net/ip6_tables_names: %s\n",
-diff -up iptables-1.4.1.1/iptables-restore.c.cloexec iptables-1.4.1.1/iptables-restore.c
---- iptables-1.4.1.1/iptables-restore.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/iptables-restore.c	2008-07-22 16:46:21.000000000 +0200
-@@ -176,7 +176,7 @@ main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.1.1/iptables-save.c.cloexec iptables-1.4.1.1/iptables-save.c
---- iptables-1.4.1.1/iptables-save.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/iptables-save.c	2008-07-22 16:46:21.000000000 +0200
-@@ -38,7 +38,7 @@ static int for_each_table(int (*func)(co
- 	FILE *procfile = NULL;
- 	char tablename[IPT_TABLE_MAXNAMELEN+1];
- 
--	procfile = fopen("/proc/net/ip_tables_names", "r");
-+	procfile = fopen("/proc/net/ip_tables_names", "re");
- 	if (!procfile)
- 		exit_error(OTHER_PROBLEM,
- 			   "Unable to open /proc/net/ip_tables_names: %s\n",
-diff -up iptables-1.4.1.1/iptables-xml.c.cloexec iptables-1.4.1.1/iptables-xml.c
---- iptables-1.4.1.1/iptables-xml.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/iptables-xml.c	2008-07-22 16:46:21.000000000 +0200
-@@ -664,7 +664,7 @@ main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.1.1/xtables.c.cloexec iptables-1.4.1.1/xtables.c
---- iptables-1.4.1.1/xtables.c.cloexec	2008-06-16 15:12:40.000000000 +0200
-+++ iptables-1.4.1.1/xtables.c	2008-07-22 16:47:23.000000000 +0200
-@@ -85,6 +85,11 @@ static char *get_modprobe(void)
- 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
- 	if (procfile < 0)
- 		return NULL;
-+ 	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
-+ 		fprintf(stderr, "Could not set close on exec: %s\n",
-+ 			strerror(errno));
-+ 		exit(1);
-+ 	}
- 
- 	ret = (char *) malloc(PROCFILE_BUFSIZ);
- 	if (ret) {
-@@ -498,6 +503,12 @@ static int compatible_revision(const cha
- 		exit(1);
- 	}
- 
-+ 	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
-+ 		fprintf(stderr, "Could not set close on exec: %s\n",
-+ 			strerror(errno));
-+ 		exit(1);
-+ 	}
-+
- 	load_xtables_ko(modprobe_program, 1);
- 
- 	strcpy(rev.name, name);
diff --git a/iptables-1.4.3.1-cloexec.patch b/iptables-1.4.3.1-cloexec.patch
deleted file mode 100644
index 47af3f7..0000000
--- a/iptables-1.4.3.1-cloexec.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-diff -up iptables-1.4.3.1/extensions/libipt_realm.c.cloexec iptables-1.4.3.1/extensions/libipt_realm.c
---- iptables-1.4.3.1/extensions/libipt_realm.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/extensions/libipt_realm.c	2009-03-30 14:23:11.000000000 +0200
-@@ -49,7 +49,7 @@ static void load_realms(void)
- 	int id;
- 	struct realmname *oldnm = NULL, *newnm = NULL;
- 
--	fil = fopen(rfnm, "r");
-+	fil = fopen(rfnm, "re");
- 	if (!fil) {
- 		rdberr = 1;
- 		return;
-@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg
- 	.extra_opts	= realm_opts,
- };
- 
--void _init(void)
-+void __attribute((constructor)) nf_ext_init(void)
- {
- 	xtables_register_match(&realm_mt_reg);
- }
-diff -up iptables-1.4.3.1/ip6tables-restore.c.cloexec iptables-1.4.3.1/ip6tables-restore.c
---- iptables-1.4.3.1/ip6tables-restore.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/ip6tables-restore.c	2009-03-30 14:23:11.000000000 +0200
-@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.3.1/ip6tables-save.c.cloexec iptables-1.4.3.1/ip6tables-save.c
---- iptables-1.4.3.1/ip6tables-save.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/ip6tables-save.c	2009-03-30 14:24:11.000000000 +0200
-@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
- 	FILE *procfile = NULL;
- 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
- 
--	procfile = fopen("/proc/net/ip6_tables_names", "r");
-+	procfile = fopen("/proc/net/ip6_tables_names", "re");
- 	if (!procfile)
- 		return ret;
- 
-diff -up iptables-1.4.3.1/iptables-restore.c.cloexec iptables-1.4.3.1/iptables-restore.c
---- iptables-1.4.3.1/iptables-restore.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/iptables-restore.c	2009-03-30 14:23:11.000000000 +0200
-@@ -175,7 +175,7 @@ main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.3.1/iptables-save.c.cloexec iptables-1.4.3.1/iptables-save.c
---- iptables-1.4.3.1/iptables-save.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/iptables-save.c	2009-03-30 14:24:33.000000000 +0200
-@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
- 	FILE *procfile = NULL;
- 	char tablename[IPT_TABLE_MAXNAMELEN+1];
- 
--	procfile = fopen("/proc/net/ip_tables_names", "r");
-+	procfile = fopen("/proc/net/ip_tables_names", "re");
- 	if (!procfile)
- 		return ret;
- 
-diff -up iptables-1.4.3.1/iptables-xml.c.cloexec iptables-1.4.3.1/iptables-xml.c
---- iptables-1.4.3.1/iptables-xml.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/iptables-xml.c	2009-03-30 14:23:11.000000000 +0200
-@@ -653,7 +653,7 @@ main(int argc, char *argv[])
- 	}
- 
- 	if (optind == argc - 1) {
--		in = fopen(argv[optind], "r");
-+		in = fopen(argv[optind], "re");
- 		if (!in) {
- 			fprintf(stderr, "Can't open %s: %s", argv[optind],
- 				strerror(errno));
-diff -up iptables-1.4.3.1/xtables.c.cloexec iptables-1.4.3.1/xtables.c
---- iptables-1.4.3.1/xtables.c.cloexec	2009-03-24 13:08:24.000000000 +0100
-+++ iptables-1.4.3.1/xtables.c	2009-03-30 14:25:51.000000000 +0200
-@@ -280,6 +280,11 @@ static char *get_modprobe(void)
- 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
- 	if (procfile < 0)
- 		return NULL;
-+ 	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
-+ 		fprintf(stderr, "Could not set close on exec: %s\n",
-+ 			strerror(errno));
-+ 		exit(1);
-+ 	}
- 
- 	ret = (char *) malloc(PROCFILE_BUFSIZ);
- 	if (ret) {
-@@ -672,6 +677,12 @@ static int compatible_revision(const cha
- 		exit(1);
- 	}
- 
-+	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
-+		fprintf(stderr, "Could not set close on exec: %s\n",
-+			strerror(errno));
-+		exit(1);
-+	}
-+
- 	xtables_load_ko(xtables_modprobe_program, true);
- 
- 	strcpy(rev.name, name);
diff --git a/iptables-1.4.5-cloexec.patch b/iptables-1.4.5-cloexec.patch
new file mode 100644
index 0000000..a8e0f81
--- /dev/null
+++ b/iptables-1.4.5-cloexec.patch
@@ -0,0 +1,158 @@
+diff -up iptables-1.4.5/extensions/libipt_realm.c.cloexec iptables-1.4.5/extensions/libipt_realm.c
+--- iptables-1.4.5/extensions/libipt_realm.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/extensions/libipt_realm.c	2009-09-17 10:52:00.000000000 +0200
+@@ -49,7 +49,7 @@ static void load_realms(void)
+ 	int id;
+ 	struct realmname *oldnm = NULL, *newnm = NULL;
+ 
+-	fil = fopen(rfnm, "r");
++	fil = fopen(rfnm, "re");
+ 	if (!fil) {
+ 		rdberr = 1;
+ 		return;
+@@ -248,7 +248,7 @@ static struct xtables_match realm_mt_reg
+ 	.extra_opts	= realm_opts,
+ };
+ 
+-void _init(void)
++void __attribute((constructor)) nf_ext_init(void)
+ {
+ 	xtables_register_match(&realm_mt_reg);
+ }
+diff -up iptables-1.4.5/extensions/libipt_set.h.cloexec iptables-1.4.5/extensions/libipt_set.h
+--- iptables-1.4.5/extensions/libipt_set.h.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/extensions/libipt_set.h	2009-09-17 11:02:07.000000000 +0200
+@@ -2,6 +2,7 @@
+ #define _LIBIPT_SET_H
+ 
+ #include <unistd.h>
++#include <fcntl.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <errno.h>
+@@ -48,6 +49,12 @@ static int get_version(unsigned *version
+ 		xtables_error(OTHER_PROBLEM,
+ 			   "Can't open socket to ipset.\n");
+ 
++	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
++		xtables_error(OTHER_PROBLEM,
++			      "Could not set close on exec: %s\n",
++			      strerror(errno));
++	}
++
+ 	req_version.op = IP_SET_OP_VERSION;
+ 	res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size);
+ 	if (res != 0)
+diff -up iptables-1.4.5/ip6tables-restore.c.cloexec iptables-1.4.5/ip6tables-restore.c
+--- iptables-1.4.5/ip6tables-restore.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/ip6tables-restore.c	2009-09-17 10:52:00.000000000 +0200
+@@ -169,7 +169,7 @@ int main(int argc, char *argv[])
+ 	}
+ 
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ 				strerror(errno));
+diff -up iptables-1.4.5/ip6tables-save.c.cloexec iptables-1.4.5/ip6tables-save.c
+--- iptables-1.4.5/ip6tables-save.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/ip6tables-save.c	2009-09-17 10:52:00.000000000 +0200
+@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(co
+ 	FILE *procfile = NULL;
+ 	char tablename[IP6T_TABLE_MAXNAMELEN+1];
+ 
+-	procfile = fopen("/proc/net/ip6_tables_names", "r");
++	procfile = fopen("/proc/net/ip6_tables_names", "re");
+ 	if (!procfile)
+ 		return ret;
+ 
+diff -up iptables-1.4.5/iptables-restore.c.cloexec iptables-1.4.5/iptables-restore.c
+--- iptables-1.4.5/iptables-restore.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/iptables-restore.c	2009-09-17 10:52:00.000000000 +0200
+@@ -175,7 +175,7 @@ main(int argc, char *argv[])
+ 	}
+ 
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s\n", argv[optind],
+ 				strerror(errno));
+diff -up iptables-1.4.5/iptables-save.c.cloexec iptables-1.4.5/iptables-save.c
+--- iptables-1.4.5/iptables-save.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/iptables-save.c	2009-09-17 10:52:00.000000000 +0200
+@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(co
+ 	FILE *procfile = NULL;
+ 	char tablename[IPT_TABLE_MAXNAMELEN+1];
+ 
+-	procfile = fopen("/proc/net/ip_tables_names", "r");
++	procfile = fopen("/proc/net/ip_tables_names", "re");
+ 	if (!procfile)
+ 		return ret;
+ 
+diff -up iptables-1.4.5/iptables-xml.c.cloexec iptables-1.4.5/iptables-xml.c
+--- iptables-1.4.5/iptables-xml.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/iptables-xml.c	2009-09-17 10:52:00.000000000 +0200
+@@ -653,7 +653,7 @@ main(int argc, char *argv[])
+ 	}
+ 
+ 	if (optind == argc - 1) {
+-		in = fopen(argv[optind], "r");
++		in = fopen(argv[optind], "re");
+ 		if (!in) {
+ 			fprintf(stderr, "Can't open %s: %s", argv[optind],
+ 				strerror(errno));
+diff -up iptables-1.4.5/libiptc/libiptc.c.cloexec iptables-1.4.5/libiptc/libiptc.c
+--- iptables-1.4.5/libiptc/libiptc.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/libiptc/libiptc.c	2009-09-17 11:02:16.000000000 +0200
+@@ -29,6 +29,8 @@
+  * 	- performance work: speedup initial ruleset parsing.
+  * 	- sponsored by ComX Networks A/S (http://www.comx.dk/)
+  */
++#include <unistd.h>
++#include <fcntl.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <xtables.h>
+@@ -1326,6 +1328,12 @@ TC_INIT(const char *tablename)
+ 	if (sockfd < 0)
+ 		return NULL;
+ 
++	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
++		fprintf(stderr, "Could not set close on exec: %s\n",
++			strerror(errno));
++		abort();
++	}
++
+ retry:
+ 	s = sizeof(info);
+ 
+diff -up iptables-1.4.5/xtables.c.cloexec iptables-1.4.5/xtables.c
+--- iptables-1.4.5/xtables.c.cloexec	2009-09-14 18:36:55.000000000 +0200
++++ iptables-1.4.5/xtables.c	2009-09-17 10:52:00.000000000 +0200
+@@ -292,6 +292,11 @@ static char *get_modprobe(void)
+ 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
+ 	if (procfile < 0)
+ 		return NULL;
++ 	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
++ 		fprintf(stderr, "Could not set close on exec: %s\n",
++ 			strerror(errno));
++ 		exit(1);
++ 	}
+ 
+ 	ret = (char *) malloc(PROCFILE_BUFSIZ);
+ 	if (ret) {
+@@ -684,6 +689,12 @@ static int compatible_revision(const cha
+ 		exit(1);
+ 	}
+ 
++	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
++		fprintf(stderr, "Could not set close on exec: %s\n",
++			strerror(errno));
++		exit(1);
++	}
++
+ 	xtables_load_ko(xtables_modprobe_program, true);
+ 
+ 	strcpy(rev.name, name);
diff --git a/iptables.spec b/iptables.spec
index 73a231f..db898e5 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,11 +1,11 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
-Version: 1.4.4
+Version: 1.4.5
 Release: 1%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
-Patch5: iptables-1.4.3.1-cloexec.patch
+Patch5: iptables-1.4.5-cloexec.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -122,6 +122,8 @@ fi
 /%{_lib}/xtables/libipt*
 /%{_lib}/xtables/libxt*
 %{_libdir}/libiptc.so.*
+%{_libdir}/libip4tc.so.*
+%{_libdir}/libip6tc.so.*
 %{_libdir}/libxtables.so.*
 
 %files ipv6
@@ -144,12 +146,31 @@ fi
 %{_includedir}/libipulog/*.h
 %{_libdir}/libipq.a
 %{_mandir}/man3/*
-%{_libdir}/libiptc.so
+%{_libdir}/libip*tc.so
 %{_libdir}/libxtables.so
 %{_libdir}/pkgconfig/libiptc.pc
 %{_libdir}/pkgconfig/xtables.pc
 
 %changelog
+* Thu Sep 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-1
+- new version 1.4.5 with support for all new features of 2.6.31
+  - libxt_NFQUEUE: add new v1 version with queue-balance option
+  - xt_conntrack: revision 2 for enlarged state_mask member
+  - libxt_helper: fix invalid passed option to check_inverse
+  - libiptc: split v4 and v6
+  - extensions: collapse registration structures
+  - iptables: allow for parse-less extensions
+  - iptables: allow for help-less extensions
+  - extensions: remove empty help and parse functions
+  - xtables: add multi-registration functions
+  - extensions: collapse data variables to use multi-reg calls
+  - xtables: warn of missing version identifier in extensions
+  - multi binary: allow subcommand via argv[1]
+  - iptables: accept multiple IP address specifications for -s, -d
+  - several build fixes
+  - several man page fixes
+- fixed two leaked file descriptors on sockets (rhbz#521397)
+
 * Mon Aug 24 2009 Thomas Woerner <twoerner@redhat.com> 1.4.4-1
 - new version 1.4.4 with support for all new features of 2.6.30
   - several man page fixes
diff --git a/sources b/sources
index 522ed63..ccb1440 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-08cd9196881657ea0615d926334cb7e9  iptables-1.4.4.tar.bz2
+44f13990132c20299c1994cd6f425140  iptables-1.4.5.tar.bz2