diff --git a/fix_h_expect_policy_free.patch b/fix_h_expect_policy_free.patch
new file mode 100644
index 0000000..21c8715
--- /dev/null
+++ b/fix_h_expect_policy_free.patch
@@ -0,0 +1,21 @@
+From: Chris Horler <cshorler@googlemail.com>
+Date: 2014-12-08 11:54:20 CET
+References: https://bugzilla.netfilter.org/show_bug.cgi?id=990
+
+Dereferencing h after freeing leads to undefined behavior.
+
+--- libnetfilter_cthelper-1.0.0.orig/src/libnetfilter_cthelper.c	2012-06-05 17:59:28.810356258 +0100
++++ libnetfilter_cthelper-1.0.0/src/libnetfilter_cthelper.c	2014-12-07 19:52:55.769975500 +0000
+@@ -113,11 +113,11 @@
+ {
+ 	int i;
+ 
+-	free(h);
+ 	for (i=0; i<NF_CT_HELPER_CLASS_MAX; i++) {
+ 		if (h->expect_policy[i])
+ 			free(h->expect_policy[i]);
+ 	}
++	free(h);
+ }
+ EXPORT_SYMBOL(nfct_helper_free);
+ 
diff --git a/libnetfilter_cthelper.changes b/libnetfilter_cthelper.changes
index 79519e8..3df83b2 100644
--- a/libnetfilter_cthelper.changes
+++ b/libnetfilter_cthelper.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Mon Dec  8 17:27:32 UTC 2014 - jengelh@inai.de
+
+- Remove version from subinclude directory; it tends to break
+  recompiles of third software after a library update.
+
+-------------------------------------------------------------------
+Sun Dec  7 19:58:44 UTC 2014 - cshorler@googlemail.com
+
+- Add fix_h_expect_policy_free.patch to fix crash due to following
+  a just-freed pointer [bnc#908875]
+
 -------------------------------------------------------------------
 Tue Sep 23 15:43:40 UTC 2014 - jengelh@inai.de
 
diff --git a/libnetfilter_cthelper.spec b/libnetfilter_cthelper.spec
index 45267da..73800fc 100644
--- a/libnetfilter_cthelper.spec
+++ b/libnetfilter_cthelper.spec
@@ -31,6 +31,7 @@ Source:         http://netfilter.org/projects/libnetfilter_cthelper/files/%name-
 Source2:        http://netfilter.org/projects/libnetfilter_cthelper/files/%name-%version.tar.bz2.sig
 Source3:        baselibs.conf
 Source4:        %name.keyring
+Patch1:         fix_h_expect_policy_free.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #BuildRequires:  autoconf
 #BuildRequires:  automake >= 1.6
@@ -61,12 +62,13 @@ Netfilter userspace helper infrastructure.
 
 %prep
 %setup -q
+%patch -P 1 -p1
 
 %build
 if [ ! -e configure ]; then
 	autoreconf -fi;
 fi;
-%configure --disable-static --includedir=%_includedir/%name-%version
+%configure --disable-static --includedir="%_includedir/%name"
 make %{?_smp_mflags}
 
 %install
@@ -83,7 +85,7 @@ rm -f "%buildroot/%_libdir"/*.la;
 
 %files devel
 %defattr(-,root,root)
-%_includedir/%name-%version
+%_includedir/%name/
 %_libdir/libnetfilter_cthelper.so
 %_libdir/pkgconfig/libnetfilter_cthelper.pc