diff --git a/SOURCES/0001-data_reg-Add-a-missing-break-in-nftnl_data_reg_snpri.patch b/SOURCES/0001-data_reg-Add-a-missing-break-in-nftnl_data_reg_snpri.patch
new file mode 100644
index 0000000..ad2e01f
--- /dev/null
+++ b/SOURCES/0001-data_reg-Add-a-missing-break-in-nftnl_data_reg_snpri.patch
@@ -0,0 +1,47 @@
+From 0809d0fbaabbeafd5034aaf829e1b84d10cb64e1 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:25 +0200
+Subject: [PATCH] data_reg: Add a missing break in nftnl_data_reg_snprintf
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit 4177002b26f02
+
+commit 4177002b26f025891cc509b54dc76bcf98f1c35f
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:20 2017 +0100
+
+    data_reg: Add a missing break in nftnl_data_reg_snprintf
+
+    The code works fine as-is, but if reg_type == DATA_VALUE &&
+    output_format == NFTNL_OUTPUT_XML, we fall through to DATA_CHAIN case
+    and therefore pointlessly check output_format again.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/expr/data_reg.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
+index a246952..7023202 100644
+--- a/src/expr/data_reg.c
++++ b/src/expr/data_reg.c
+@@ -207,6 +207,7 @@ int nftnl_data_reg_snprintf(char *buf, size_t size,
+ 		default:
+ 			break;
+ 		}
++		break;
+ 	case DATA_VERDICT:
+ 	case DATA_CHAIN:
+ 		switch(output_format) {
+@@ -220,6 +221,7 @@ int nftnl_data_reg_snprintf(char *buf, size_t size,
+ 		default:
+ 			break;
+ 		}
++		break;
+ 	default:
+ 		break;
+ 	}
+-- 
+1.8.3.1
+
diff --git a/SOURCES/0002-gen-Remove-a-pointless-call-to-mnl_nlmsg_get_payload.patch b/SOURCES/0002-gen-Remove-a-pointless-call-to-mnl_nlmsg_get_payload.patch
new file mode 100644
index 0000000..975fd02
--- /dev/null
+++ b/SOURCES/0002-gen-Remove-a-pointless-call-to-mnl_nlmsg_get_payload.patch
@@ -0,0 +1,43 @@
+From c837a18ced48cac1ac221e8213a6851c6636476e Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:25 +0200
+Subject: [PATCH] gen: Remove a pointless call to mnl_nlmsg_get_payload()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit fd9ab5c922cd8
+
+commit fd9ab5c922cd8d15e8f0251c70bcd9532158e9b0
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:21 2017 +0100
+
+    gen: Remove a pointless call to mnl_nlmsg_get_payload()
+
+    It is a common idiom in all *_nlmsg_parse() functions, but
+    nftnl_gen_nlmsg_parse() doesn't make use of the data pointer and the
+    compiler probably can't eliminate it since there could be a side-effect.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/gen.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/gen.c b/src/gen.c
+index 58b3a96..eafb015 100644
+--- a/src/gen.c
++++ b/src/gen.c
+@@ -143,9 +143,9 @@ static int nftnl_gen_parse_attr_cb(const struct nlattr *attr, void *data)
+ int nftnl_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_gen *gen)
+ {
+ 	struct nlattr *tb[NFTA_GEN_MAX + 1] = {};
+-	struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
+ 
+-	if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_gen_parse_attr_cb, tb) < 0)
++	if (mnl_attr_parse(nlh, sizeof(struct nfgenmsg),
++			   nftnl_gen_parse_attr_cb, tb) < 0)
+ 		return -1;
+ 
+ 	if (tb[NFTA_GEN_ID]) {
+-- 
+1.8.3.1
+
diff --git a/SOURCES/0003-object-Avoid-returning-garbage-in-nftnl_obj_do_parse.patch b/SOURCES/0003-object-Avoid-returning-garbage-in-nftnl_obj_do_parse.patch
new file mode 100644
index 0000000..d45ae54
--- /dev/null
+++ b/SOURCES/0003-object-Avoid-returning-garbage-in-nftnl_obj_do_parse.patch
@@ -0,0 +1,40 @@
+From 307bdafb53adb68f78816dec22e45dd18960ec33 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:25 +0200
+Subject: [PATCH] object: Avoid returning garbage in nftnl_obj_do_parse()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit 8f228f6842494
+
+commit 8f228f6842494ea7f83ff9aaa19ec32681628c9f
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:22 2017 +0100
+
+    object: Avoid returning garbage in nftnl_obj_do_parse()
+
+    It may happen that 'perr' variable does not get initialized, so making
+    parameter 'err' point to it in any case is error-prone. Avoid this by
+    initializing 'perr' upon declaration.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/object.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/object.c b/src/object.c
+index 9a4ee71..da3423b 100644
+--- a/src/object.c
++++ b/src/object.c
+@@ -358,7 +358,7 @@ static int nftnl_obj_do_parse(struct nftnl_obj *obj, enum nftnl_parse_type type,
+ 			      const void *data, struct nftnl_parse_err *err,
+ 			      enum nftnl_parse_input input)
+ {
+-	struct nftnl_parse_err perr;
++	struct nftnl_parse_err perr = {};
+ 	int ret;
+ 
+ 	switch (type) {
+-- 
+1.8.3.1
+
diff --git a/SOURCES/0004-ruleset-Avoid-reading-garbage-in-nftnl_ruleset_cb.patch b/SOURCES/0004-ruleset-Avoid-reading-garbage-in-nftnl_ruleset_cb.patch
new file mode 100644
index 0000000..f9815ba
--- /dev/null
+++ b/SOURCES/0004-ruleset-Avoid-reading-garbage-in-nftnl_ruleset_cb.patch
@@ -0,0 +1,49 @@
+From 3620cf73a4e58e08891d3188a6a4c06a16546fe0 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:25 +0200
+Subject: [PATCH] ruleset: Avoid reading garbage in nftnl_ruleset_cb()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit dbaf6ea8f6a1a
+
+commit dbaf6ea8f6a1a1e7f1d5abc2e4e2fef891c471b7
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:23 2017 +0100
+
+    ruleset: Avoid reading garbage in nftnl_ruleset_cb()
+
+    If nftnl_ruleset_json_parse() is called with arg == NULL, ctx.data is
+    left uninitialized and will later be used in nftnl_ruleset_cb(). Avoid
+    this by using a C99-style initializer for 'ctx' which sets all omitted
+    fields to zero.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/ruleset.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/ruleset.c b/src/ruleset.c
+index 3de9b87..cf86ca6 100644
+--- a/src/ruleset.c
++++ b/src/ruleset.c
+@@ -519,11 +519,11 @@ static int nftnl_ruleset_json_parse(const void *json,
+ 	json_error_t error;
+ 	int i, len;
+ 	const char *key;
+-	struct nftnl_parse_ctx ctx;
+-
+-	ctx.cb = cb;
+-	ctx.format = type;
+-	ctx.flags = 0;
++	struct nftnl_parse_ctx ctx = {
++		.cb = cb,
++		.format = type,
++		.flags = 0,
++	};
+ 
+ 	ctx.set_list = nftnl_set_list_alloc();
+ 	if (ctx.set_list == NULL)
+-- 
+1.8.3.1
+
diff --git a/SOURCES/0005-set_elem-Don-t-return-garbage-in-nftnl_set_elems_par.patch b/SOURCES/0005-set_elem-Don-t-return-garbage-in-nftnl_set_elems_par.patch
new file mode 100644
index 0000000..738363e
--- /dev/null
+++ b/SOURCES/0005-set_elem-Don-t-return-garbage-in-nftnl_set_elems_par.patch
@@ -0,0 +1,40 @@
+From 3ac27a998613799b4e0245443c27af6f718d245d Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:25 +0200
+Subject: [PATCH] set_elem: Don't return garbage in nftnl_set_elems_parse()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit 8bcf10b504c69
+
+commit 8bcf10b504c692deb3c98d395f42d34141f21e59
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:24 2017 +0100
+
+    set_elem: Don't return garbage in nftnl_set_elems_parse()
+
+    This might happen if netlink message is malformed (no nested attributes
+    are present), so treat this as an error and return -1 instead of
+    garbage to caller.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/set_elem.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/set_elem.c b/src/set_elem.c
+index e45dbc6..71c279a 100644
+--- a/src/set_elem.c
++++ b/src/set_elem.c
+@@ -490,7 +490,7 @@ nftnl_set_elem_list_parse_attr_cb(const struct nlattr *attr, void *data)
+ static int nftnl_set_elems_parse(struct nftnl_set *s, const struct nlattr *nest)
+ {
+ 	struct nlattr *attr;
+-	int ret;
++	int ret = -1;
+ 
+ 	mnl_attr_for_each_nested(attr, nest) {
+ 		if (mnl_attr_get_type(attr) != NFTA_LIST_ELEM)
+-- 
+1.8.3.1
+
diff --git a/SOURCES/0006-trace-Check-return-value-of-mnl_attr_parse_nested.patch b/SOURCES/0006-trace-Check-return-value-of-mnl_attr_parse_nested.patch
new file mode 100644
index 0000000..aff7621
--- /dev/null
+++ b/SOURCES/0006-trace-Check-return-value-of-mnl_attr_parse_nested.patch
@@ -0,0 +1,40 @@
+From 947195e8e7adf0120222f5e15d0a2d2ed2895031 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Mon, 22 Jul 2019 17:34:26 +0200
+Subject: [PATCH] trace: Check return value of mnl_attr_parse_nested()
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
+Upstream Status: libnftnl commit 57f85977ed72e
+
+commit 57f85977ed72ee3d623bbc2391d503f8a7e72c5d
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Thu Dec 14 20:40:25 2017 +0100
+
+    trace: Check return value of mnl_attr_parse_nested()
+
+    This is done everywhere else as well, so certainly not a bad thing here
+    either.
+
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ src/trace.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/trace.c b/src/trace.c
+index bd05d3c..b016e72 100644
+--- a/src/trace.c
++++ b/src/trace.c
+@@ -301,7 +301,8 @@ static int nftnl_trace_parse_verdict(const struct nlattr *attr,
+ {
+ 	struct nlattr *tb[NFTA_VERDICT_MAX+1];
+ 
+-	mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb);
++	if (mnl_attr_parse_nested(attr, nftnl_trace_parse_verdict_cb, tb) < 0)
++		return -1;
+ 
+ 	if (!tb[NFTA_VERDICT_CODE])
+ 		abi_breakage();
+-- 
+1.8.3.1
+
diff --git a/SPECS/libnftnl.spec b/SPECS/libnftnl.spec
index 9883a5a..6320d3e 100644
--- a/SPECS/libnftnl.spec
+++ b/SPECS/libnftnl.spec
@@ -1,5 +1,5 @@
 %define rpmversion 1.0.8
-%define specrelease 1%{?dist}
+%define specrelease 3%{?dist}
 
 Name:           libnftnl
 Version:        %{rpmversion}
@@ -14,6 +14,12 @@ BuildRequires:  libtool
 BuildRequires:  libmnl-devel
 #BuildRequires:  mxml-devel
 BuildRequires:  jansson-devel
+Patch0:             0001-data_reg-Add-a-missing-break-in-nftnl_data_reg_snpri.patch
+Patch1:             0002-gen-Remove-a-pointless-call-to-mnl_nlmsg_get_payload.patch
+Patch2:             0003-object-Avoid-returning-garbage-in-nftnl_obj_do_parse.patch
+Patch3:             0004-ruleset-Avoid-reading-garbage-in-nftnl_ruleset_cb.patch
+Patch4:             0005-set_elem-Don-t-return-garbage-in-nftnl_set_elems_par.patch
+Patch5:             0006-trace-Check-return-value-of-mnl_attr_parse_nested.patch
 
 %description
 A library for low-level interaction with nftables Netlink's API over libmnl.
@@ -60,6 +66,17 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 %{_includedir}/libnftnl
 
 %changelog
+* Thu Aug 22 2019 Phil Sutter <psutter@redhat.com> [1.0.8-3.el7]
+- Rebuild for build system fixes (Phil Sutter) [1510538]
+
+* Mon Jul 22 2019 Phil Sutter <psutter@redhat.com> [1.0.8-2.el7]
+- trace: Check return value of mnl_attr_parse_nested() (Phil Sutter) [1510538]
+- set_elem: Don't return garbage in nftnl_set_elems_parse() (Phil Sutter) [1510538]
+- ruleset: Avoid reading garbage in nftnl_ruleset_cb() (Phil Sutter) [1510538]
+- object: Avoid returning garbage in nftnl_obj_do_parse() (Phil Sutter) [1510538]
+- gen: Remove a pointless call to mnl_nlmsg_get_payload() (Phil Sutter) [1510538]
+- data_reg: Add a missing break in nftnl_data_reg_snprintf (Phil Sutter) [1510538]
+
 * Fri Oct 13 2017 Phil Sutter <psutter@redhat.com> [1.0.8-1.el7]
 - Rebase onto upstream version 1.0.8 (Phil Sutter) [1472260]