diff --git a/net-libs/libnetfilter_conntrack/Manifest b/net-libs/libnetfilter_conntrack/Manifest
index 4cdb373..b0f443c 100644
--- a/net-libs/libnetfilter_conntrack/Manifest
+++ b/net-libs/libnetfilter_conntrack/Manifest
@@ -1 +1,2 @@
-DIST libnetfilter_conntrack-1.0.6.tar.bz2 422998 SHA256 efcc08021284e75f4d96d3581c5155a11f08fd63316b1938cbcb269c87f37feb SHA512 05b3b63928d46ed114048848c48094a762c6a7acc93fcdbe9473e82cc67851ef1a0d33b68b8fd388271b76b519c4d2ac93fd802043fa9a9da46cda5b262a1fc7 WHIRLPOOL 07a20e76d0b80407d9605f8f1ebe858899385101808dda0b7ea22bd36f7fcd93a9fac961fe12a6643d36e656a83b52b503050e6f466b35e1f82898acbc242779
+DIST libnetfilter_conntrack-1.0.9.tar.bz2 373177 BLAKE2B 701393338a0bf852b97d80a1e4ab078dea741f7181246b3dafcbe8cff287b5b9fae72c1c50867ea71baab83fa842471b2c7054fb4702bf35900a352078de8f3a SHA512 e8b03425aaba3b72e6034c215656c34176d0550c08e0455aaeb1365d9141505d0c4feaa8978c8ccf2b7af9db6c9e874ceb866347e533b41cb03a189884f4004c
+DIST libnetfilter_conntrack-1.0.9.tar.bz2.sig 566 BLAKE2B 0f80f00858093ed5e9aac190fbb1ac5ac1dde60e6767b65adda49ed79fb7fb6cc7caea51793d8930a927d9b7a75d263851dd5741d6d408a8b56d3ea5b73da20e SHA512 83ed38f68bd38cf70d9c245a7f17373751ff9099ceff3066812b282b7426edf2eee79da8f5aea896b119327059008ff4a531b3dfdcd79d49944bea4079e67e1f
diff --git a/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-configure-clang16.patch b/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-configure-clang16.patch
new file mode 100644
index 0000000..7bb4a34
--- /dev/null
+++ b/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-configure-clang16.patch
@@ -0,0 +1,16 @@
+https://bugzilla.netfilter.org/show_bug.cgi?id=1654
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,9 +55,9 @@ int main()
+      struct in6_addr addr6;
+      char buf[128];
+      if (inet_ntop(AF_INET6, &addr6, buf, 128) == 0 && errno == EAFNOSUPPORT)
+-        exit(1);
++        return 1;
+      else
+-        exit(0);
++        return 0;
+   }
+   ]])],[ AC_MSG_RESULT(yes)
+        AC_DEFINE_UNQUOTED(HAVE_INET_NTOP_IPV6, 1, [Define to 1 if inet_ntop supports IPv6.])
+
diff --git a/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-musl.patch b/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-musl.patch
new file mode 100644
index 0000000..e1ce87d
--- /dev/null
+++ b/net-libs/libnetfilter_conntrack/files/libnetfilter_conntrack-1.0.9-musl.patch
@@ -0,0 +1,46 @@
+https://git.netfilter.org/libnetfilter_conntrack/patch/?id=21ee35dde73aec5eba35290587d479218c6dd824
+
+From: Robert Marko <robimarko@gmail.com>
+Date: Thu, 24 Feb 2022 15:01:11 +0100
+Subject: conntrack: fix build with kernel 5.15 and musl
+
+Currently, with kernel 5.15 headers and musl building is failing with
+redefinition errors due to a conflict between the kernel and musl headers.
+
+Musl is able to suppres the conflicting kernel header definitions if they
+are included after the standard libc ones, however since ICMP definitions
+were moved into a separate internal header to avoid duplication this has
+stopped working and is breaking the builds.
+
+It seems that the issue is that <netinet/in.h> which contains the UAPI
+suppression defines is included in the internal.h header and not in the
+proto.h which actually includes the kernel ICMP headers and thus UAPI
+supression defines are not present.
+
+Solve this by moving the <netinet/in.h> include before the ICMP kernel
+includes in the proto.h
+
+Fixes: bc1cb4b11403 ("conntrack: Move icmp request>reply type mapping to common file")
+Signed-off-by: Robert Marko <robimarko@gmail.com>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+--- a/include/internal/internal.h
++++ b/include/internal/internal.h
+@@ -14,7 +14,6 @@
+ #include <arpa/inet.h>
+ #include <time.h>
+ #include <errno.h>
+-#include <netinet/in.h>
+ 
+ #include <libnfnetlink/libnfnetlink.h>
+ #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+--- a/include/internal/proto.h
++++ b/include/internal/proto.h
+@@ -2,6 +2,7 @@
+ #define _NFCT_PROTO_H_
+ 
+ #include <stdint.h>
++#include <netinet/in.h>
+ #include <linux/icmp.h>
+ #include <linux/icmpv6.h>
+ 
+cgit v1.2.3
diff --git a/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.6.ebuild b/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.6.ebuild
deleted file mode 100644
index 5ebd17b..0000000
--- a/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.6.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit autotools linux-info
-
-DESCRIPTION="programming interface (API) to the in-kernel connection tracking state table"
-HOMEPAGE="http://www.netfilter.org/projects/libnetfilter_conntrack/"
-SRC_URI="http://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS=*
-IUSE="static-libs"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnfnetlink-1.0.0
-"
-DEPEND="
-	${RDEPEND}
-	virtual/pkgconfig
-"
-
-DOCS=( README )
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-
-	check_extra_config
-}
diff --git a/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.9-r1.ebuild b/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.9-r1.ebuild
new file mode 100644
index 0000000..502334a
--- /dev/null
+++ b/net-libs/libnetfilter_conntrack/libnetfilter_conntrack-1.0.9-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info verify-sig
+
+DESCRIPTION="Programming interface (API) to the in-kernel connection tracking state table"
+HOMEPAGE="https://www.netfilter.org/projects/libnetfilter_conntrack/"
+SRC_URI="https://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2
+	verify-sig? ( https://www.netfilter.org/projects/${PN}/files/${P}.tar.bz2.sig )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="*"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/netfilter.org.asc
+
+RDEPEND=">=net-libs/libmnl-1.0.3
+	>=net-libs/libnfnetlink-1.0.0"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-netfilter )"
+
+DOCS=( README )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-musl.patch
+	"${FILESDIR}"/${PN}-1.0.9-configure-clang16.patch
+)
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	if kernel_is lt 2 6 18 ; then
+		die "${PN} requires at least 2.6.18 kernel version"
+	fi
+
+	# netfilter core team has changed some option names with kernel 2.6.20
+	if kernel_is lt 2 6 20 ; then
+		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
+	else
+		CONFIG_CHECK="~NF_CT_NETLINK"
+	fi
+
+	check_extra_config
+}
+
+src_prepare() {
+	default
+
+	# autoreconf only for clang 16 configure patch
+	eautoreconf
+}
+
+src_install() {
+	default
+
+	find "${ED}" -name '*.la' -delete || die
+}
diff --git a/net-libs/libnetfilter_conntrack/metadata.xml b/net-libs/libnetfilter_conntrack/metadata.xml
index e5e6134..442b1af 100644
--- a/net-libs/libnetfilter_conntrack/metadata.xml
+++ b/net-libs/libnetfilter_conntrack/metadata.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <maintainer type="project">
 	<email>netmon@gentoo.org</email>