Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712

Resolves: rhbz#2215955 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-08-09 16:54:28 +09:00 · 2023-08-09 16:54:28 +09:00 · 94b3603667
commit 94b3603667
parent b46bfe6447
3 changed files with 8 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ SOURCES/libreswan-4.9.tar.gz
 /ikev1_psk.fax.bz2
 /ikev2.fax.bz2
 /libreswan-4.9.tar.gz
+/libreswan-4.12.tar.gz
--- a/libreswan.spec
+++ b/libreswan.spec
@ -36,8 +36,8 @@
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
 # version is generated in the release script
-Version: 4.9
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Version: 4.12
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/

@ -52,7 +52,6 @@ Patch1: libreswan-4.3-maintain-different-v1v2-split.patch
 Patch2: libreswan-3.32-1861360-nodefault-rsa-pss.patch
 Patch3: libreswan-4.1-maintain-obsolete-keywords.patch
 Patch6: libreswan-4.3-1934186-config.patch
-Patch7: libreswan-4.9-cve-2023-30570.patch

 BuildRequires: audit-libs-devel
 BuildRequires: bison
@ -111,7 +110,6 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %patch2 -p1
 %patch3 -p1
 %patch6 -p1
-%patch7 -p1

 # linking to freebl is not needed
 sed -i "s/-lfreebl //" mk/config.mk
@ -215,6 +213,10 @@ certutil -N -d sql:$tmpdir --empty-password
 %attr(0644,root,root) %doc %{_mandir}/*/*

 %changelog
+* Wed Aug  9 2023 Daiki Ueno <dueno@redhat.com> - 4.12-1
+- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
+- Resolves: rhbz#2215955
+
 * Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-2
 - Fix CVE-2023-30570 Malicious IKEv1 Aggressive Mode packets can crash libreswan
 - Resolves: rhbz#2187179
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.9.tar.gz) = 4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5
+SHA512 (libreswan-4.12.tar.gz) = 3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0