4 changed files with 32 additions and 25 deletions
--- a/CVE-2022-23094.patch
+++ b/CVE-2022-23094.patch
@ -0,0 +1,26 @@
+diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
+index 9f4847874d..f7413f3594 100644
+--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
+@@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md)
+ 					diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
+ 								 &pd->payload, sizeof(pd->payload), &pd->pbs);
+ 					if (d != NULL) {
+-						llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+						llog_diag(RC_LOG,
+							st != NULL ? st->st_logger : md->md_logger,
+							&d, "%s", "");
+ 						LOG_PACKET(RC_LOG_SERIOUS,
+ 							   "%smalformed payload in packet",
+ 							   excuse);
+@@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md)
+ 						 &pd->payload, sizeof(pd->payload),
+ 						 &pd->pbs);
+ 			if (d != NULL) {
+-				llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+				llog_diag(RC_LOG,
+					st != NULL ? st->st_logger : md->md_logger,
+					&d, "%s", "");
+ 				LOG_PACKET(RC_LOG_SERIOUS,
+ 					   "%smalformed payload in packet",
+ 					   excuse);
--- a/libreswan-4.15.tar.gz
+++ b/libreswan-4.15.tar.gz
--- a/libreswan-4.5.tar.gz
+++ b/libreswan-4.5.tar.gz
--- a/libreswan.spec
+++ b/libreswan.spec
@ -1,4 +1,4 @@
-%global nss_version 3.52
+%global nss_version 3.44.0-8
 %global unbound_version 1.6.6
 %global libreswan_config \\\
    SHELL_BINARY=/usr/bin/sh \\\
@ -25,15 +25,17 @@

 Name: libreswan
 Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support
-Version: 4.15
-Release: 1
-License: GPL-2.0-only
+Version: 4.5
+Release: 2
+License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz
 Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 Source4: openeuler-libreswan-sysctl.conf
+#https://libreswan.org/security/CVE-2022-23094/
+Patch0:  CVE-2022-23094.patch


 BuildRequires: audit-libs-devel
@ -104,9 +106,6 @@ sed -i '/config setup/a\\t# Specifies a directory forNSS database files\n\tnssdi

 sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in

-linux_variant=`sed -n -e 's/"//g' -e 's/^ID_LIKE=//p' -e 's/^ID=//p' /etc/os-release|tr '\n' ' ' && echo`
-sed -i "s/filter fedora/filter fedora $linux_variant/" mk/defaults/linux.mk
-
 %build
 make %{?_smp_mflags} \
    OPTIMIZE_CFLAGS="%{optflags}" \
@ -191,24 +190,6 @@ certutil -N -d sql:$tmpdir --empty-password
 %attr(0644,root,root) %doc %{_mandir}/*/*

 %changelog
-* Tue Apr 30 2024 wangkai <13474090681@163.com> - 4.15-1
- Update to 4.15 for fix CVE-2024-3652
-
-* Tue Mar 12 2024 yaoxin <yao_xin001@hoperun.com> - 4.14-1
- Upgrade to 4.14 for fix CVE-2024-2357
-
-* Sat Aug 12 2023 Funda Wang <fundawang@yeah.net> - 4.12-1
- Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712
-
-* Wed Jun 14 2023 yangbo <yangbo1@xfusion.com> - 4.11-2
- Fix '\n' of the linux_variant
-
-* Tue May 30 2023 wangkai <13474090681@163.com> - 4.11-1
- Update to 4.11 for fix CVE-2023-30570
-
-* Tue Mar 07 2023 yaoxin <yaoxin30@h-partners.com> - 4.5-3
- Fix CVE-2023-23009
-
 * Tue Jun 28 2022 yaoxin <yaoxin30@h-partners.com> - 4.5-2
 - Fix CVE-2022-23094