Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712

Resolves: rhbz#2215956 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-08-09 16:41:06 +09:00 · 2023-08-09 16:41:06 +09:00 · ee24f10452
commit ee24f10452
parent 90f8b5ec87
3 changed files with 8 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -42,3 +42,4 @@
 /libreswan-4.5.tar.gz
 /libreswan-4.6.tar.gz
 /libreswan-4.9.tar.gz
+/libreswan-4.12.tar.gz
--- a/libreswan.spec
+++ b/libreswan.spec
@ -30,8 +30,8 @@
 Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
-Version: 4.9
-Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist}
+Version: 4.12
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -41,8 +41,6 @@ Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
 Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
-Patch: libreswan-4.9-cve-2023-23009.patch
-Patch: libreswan-4.9-cve-2023-30570.patch

 BuildRequires: audit-libs-devel
 BuildRequires: bison
@ -198,6 +196,10 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*

 %changelog
+* Wed Aug  9 2023 Daiki Ueno <dueno@redhat.com> - 4.12-1
+- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
+- Resolves: rhbz#2215956
+
 * Fri May 05 2023 Sahana Prasad <sahana@redhat.com> - 4.9-5
 - Just bumping up the version to include bugs for CVE-2023-2295. There is no
  code fix for it. Fix for it is including the code fix for CVE-2023-30570.
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.9.tar.gz) = 4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5
+SHA512 (libreswan-4.12.tar.gz) = 3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0