From 94b36036679d244cb1c7469c7a7e3e63c626c695 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 9 Aug 2023 16:54:28 +0900
Subject: [PATCH] Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711,
 CVE-2023-38712

Resolves: rhbz#2215955
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 .gitignore     |  1 +
 libreswan.spec | 10 ++++++----
 sources        |  2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7524706..91dc92d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ SOURCES/libreswan-4.9.tar.gz
 /ikev1_psk.fax.bz2
 /ikev2.fax.bz2
 /libreswan-4.9.tar.gz
+/libreswan-4.12.tar.gz
diff --git a/libreswan.spec b/libreswan.spec
index 8ed2bda..5b06f54 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -36,8 +36,8 @@
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
 # version is generated in the release script
-Version: 4.9
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Version: 4.12
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 
@@ -52,7 +52,6 @@ Patch1: libreswan-4.3-maintain-different-v1v2-split.patch
 Patch2: libreswan-3.32-1861360-nodefault-rsa-pss.patch
 Patch3: libreswan-4.1-maintain-obsolete-keywords.patch
 Patch6: libreswan-4.3-1934186-config.patch
-Patch7: libreswan-4.9-cve-2023-30570.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -111,7 +110,6 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %patch2 -p1
 %patch3 -p1
 %patch6 -p1
-%patch7 -p1
 
 # linking to freebl is not needed
 sed -i "s/-lfreebl //" mk/config.mk
@@ -215,6 +213,10 @@ certutil -N -d sql:$tmpdir --empty-password
 %attr(0644,root,root) %doc %{_mandir}/*/*
 
 %changelog
+* Wed Aug  9 2023 Daiki Ueno <dueno@redhat.com> - 4.12-1
+- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
+- Resolves: rhbz#2215955
+
 * Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-2
 - Fix CVE-2023-30570 Malicious IKEv1 Aggressive Mode packets can crash libreswan
 - Resolves: rhbz#2187179
diff --git a/sources b/sources
index bca7d52..182ee16 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.9.tar.gz) = 4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5
+SHA512 (libreswan-4.12.tar.gz) = 3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0