import libreswan-4.5-1.el8

.gitignore

@@ -1,4 +1,4 @@
 SOURCES/ikev1_dsa.fax.bz2
 SOURCES/ikev1_psk.fax.bz2
 SOURCES/ikev2.fax.bz2
-SOURCES/libreswan-4.4.tar.gz
+SOURCES/libreswan-4.5.tar.gz

.libreswan.metadata

@@ -1,4 +1,4 @@
 b35cd50b8bc0a08b9c07713bf19c72d53bfe66bb SOURCES/ikev1_dsa.fax.bz2
 861d97bf488f9e296cad8c43ab72f111a5b1a848 SOURCES/ikev1_psk.fax.bz2
 fcaf77f3deae3d8e99cdb3b1f8abea63167a0633 SOURCES/ikev2.fax.bz2
-c75da86c032fe15979a13f4e779a9fe41386203a SOURCES/libreswan-4.4.tar.gz
+c0f636fbba5da51e9bb85ade1221d7c52ac31e07 SOURCES/libreswan-4.5.tar.gz

SOURCES/libreswan-4.4-ikev1-disable-diagnostics.patch

@@ -0,0 +1,20 @@
+Index: libreswan-4.4/programs/pluto/ikev1.c
+===================================================================
+--- libreswan-4.4.orig/programs/pluto/ikev1.c
++++ libreswan-4.4/programs/pluto/ikev1.c
+@@ -2102,7 +2102,6 @@ void process_packet_tail(struct msg_dige
+ 					diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
+ 								 &pd->payload, sizeof(pd->payload), &pd->pbs);
+ 					if (d != NULL) {
+-						llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ 						LOG_PACKET(RC_LOG_SERIOUS,
+ 							   "%smalformed payload in packet",
+ 							   excuse);
+@@ -2171,7 +2170,6 @@ void process_packet_tail(struct msg_dige
+ 						 &pd->payload, sizeof(pd->payload),
+ 						 &pd->pbs);
+ 			if (d != NULL) {
+-				llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ 				LOG_PACKET(RC_LOG_SERIOUS,
+ 					   "%smalformed payload in packet",
+ 					   excuse);

SPECS/libreswan.spec

@@ -36,7 +36,7 @@
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
 # version is generated in the release script
-Version: 4.4
+Version: 4.5
 Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
@@ -52,6 +52,7 @@ Patch1: libreswan-4.3-maintain-different-v1v2-split.patch
 Patch2: libreswan-3.32-1861360-nodefault-rsa-pss.patch
 Patch3: libreswan-4.1-maintain-obsolete-keywords.patch
 Patch6: libreswan-4.3-1934186-config.patch
+Patch7: libreswan-4.4-ikev1-disable-diagnostics.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -110,6 +111,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %patch2 -p1
 %patch3 -p1
 %patch6 -p1
+%patch7 -p1
 
 # linking to freebl is not needed
 sed -i "s/-lfreebl //" mk/config.mk
@@ -213,6 +215,10 @@ certutil -N -d sql:$tmpdir --empty-password
 %attr(0644,root,root) %doc %{_mandir}/*/*
 
 %changelog
+* Thu Jan 13 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
+- Resolves: rhbz#2017352 Rebase libreswan to 4.5
+- Resolves: rhbz#2036903 ikev1: disable diagnostics logging on receiving malformed packets
+
 * Wed May 26 2021 Daiki Ueno <dueno@redhat.com> - 4.4-1
 - Resolves: rhbz#1958968 Rebase libreswan to 4.4
 - Resolves: rhbz#1954423 Libreswan: TS_UNACCEPTABLE on multiple connections between the same peers