From f44901464ccb6d710fd65f6cefb5ec5ecefadecd Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 28 2023 11:06:00 +0000
Subject: import libreswan-4.9-1.el9


---

diff --git a/.gitignore b/.gitignore
index fbde36f..222eb50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 SOURCES/ikev1_dsa.fax.bz2
 SOURCES/ikev1_psk.fax.bz2
 SOURCES/ikev2.fax.bz2
-SOURCES/libreswan-4.6.tar.gz
+SOURCES/libreswan-4.9.tar.gz
diff --git a/.libreswan.metadata b/.libreswan.metadata
index 88e1d8e..e5c173b 100644
--- a/.libreswan.metadata
+++ b/.libreswan.metadata
@@ -1,4 +1,4 @@
 b35cd50b8bc0a08b9c07713bf19c72d53bfe66bb SOURCES/ikev1_dsa.fax.bz2
 861d97bf488f9e296cad8c43ab72f111a5b1a848 SOURCES/ikev1_psk.fax.bz2
 fcaf77f3deae3d8e99cdb3b1f8abea63167a0633 SOURCES/ikev2.fax.bz2
-8df902f58f9341d45b4b529b73126bf654764934 SOURCES/libreswan-4.6.tar.gz
+12b7351ca7e6ba1ac787239e67027a4d82f02f10 SOURCES/libreswan-4.9.tar.gz
diff --git a/SOURCES/libreswan-4.6-ikev1-policy-defaults-to-drop.patch b/SOURCES/libreswan-4.6-ikev1-policy-defaults-to-drop.patch
index ebcb2e0..40073d5 100644
--- a/SOURCES/libreswan-4.6-ikev1-policy-defaults-to-drop.patch
+++ b/SOURCES/libreswan-4.6-ikev1-policy-defaults-to-drop.patch
@@ -58,23 +58,6 @@ index 5b5aba723f..68fbccf442 100644
  
  #ifdef HAVE_LABELED_IPSEC
  	SOPT(KBF_SECCTX, SECCTX);
-diff --git a/programs/pluto/server.c b/programs/pluto/server.c
-index 665f0ed8b9..448dbca076 100644
---- a/programs/pluto/server.c
-+++ b/programs/pluto/server.c
-@@ -188,12 +188,7 @@ bool pluto_listen_tcp = false;
- enum ddos_mode pluto_ddos_mode = DDOS_AUTO; /* default to auto-detect */
- 
- enum global_ikev1_policy pluto_ikev1_pol =
--#ifdef USE_IKEv1
--	 GLOBAL_IKEv1_ACCEPT;
--#else
--	/* there is no IKEv1 code compiled in to send a REJECT */
- 	GLOBAL_IKEv1_DROP;
--#endif
- 
- #ifdef HAVE_SECCOMP
- enum seccomp_mode pluto_seccomp_mode = SECCOMP_DISABLED;
 -- 
 2.34.1
 
diff --git a/SOURCES/libreswan-4.6-openssl3.patch b/SOURCES/libreswan-4.6-openssl3.patch
deleted file mode 100644
index a5e0f9d..0000000
--- a/SOURCES/libreswan-4.6-openssl3.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0212bc6a7c0ac3aa5d8da82bf22132993d339ffc Mon Sep 17 00:00:00 2001
-From: Paul Wouters <paul.wouters@aiven.io>
-Date: Thu, 13 Jan 2022 15:31:50 -0500
-Subject: [PATCH] building: fix fedora rawhide build
-
-Avoid clashing openssl/nss headers
-
-Patch based on work by Daiki Ueno <dueno@redhat.com>
-
-Resolves: https://github.com/libreswan/libreswan/pull/611
----
- programs/pluto/ikev2_ipseckey.h      | 4 ++--
- programs/pluto/ikev2_ipseckey_dnsr.c | 4 +++-
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
-index 243e5b1776..5ef3f966ec 100644
---- a/programs/pluto/ikev2_ipseckey.h
-+++ b/programs/pluto/ikev2_ipseckey.h
-@@ -1,5 +1,3 @@
--#include "state.h"
--
- #ifndef _IKEV2_IPSECKEY_H
- #define _IKEV2_IPSECKEY_H
- 
-@@ -11,6 +9,8 @@
- 
- #define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
- 
-+struct ike_sa;
-+
- typedef enum {
- 	DNS_OK = STF_OK,
- 	DNS_FATAL = STF_FATAL,
-diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
-index b07ed72f2b..09767bf65d 100644
---- a/programs/pluto/ikev2_ipseckey_dnsr.c
-+++ b/programs/pluto/ikev2_ipseckey_dnsr.c
-@@ -32,7 +32,9 @@
- #include "dnssec.h"    /* includes unbound.h */
- #include "ikev2_ipseckey.h" /* for dns_status */
- #include "ikev2_ipseckey_dnsr.h"
--#include "secrets.h"
-+
-+/* Do not include secrets.h as it will cause conflicts via NSS/OPENSSL headers */
-+extern const struct pubkey_type pubkey_type_rsa;
- 
- struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */
- 
--- 
-2.31.1
-
diff --git a/SPECS/libreswan.spec b/SPECS/libreswan.spec
index 7c641e6..7544d02 100644
--- a/SPECS/libreswan.spec
+++ b/SPECS/libreswan.spec
@@ -30,8 +30,8 @@
 Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
-Version: 4.6
-Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}
+Version: 4.9
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@@ -40,8 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
-Patch0: libreswan-4.6-openssl3.patch
-Patch1: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
+Patch: libreswan-4.6-ikev1-policy-defaults-to-drop.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -95,10 +94,9 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 
 %prep
 %setup -q -n libreswan-%{version}%{?prever}
-%patch0 -p1 -b .openssl3
-%patch1 -p1 -b .ikev1-drop
 # enable crypto-policies support
 sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" configs/ipsec.conf.in
+%autopatch -p1
 
 %build
 make %{?_smp_mflags} \
@@ -198,6 +196,10 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 
 %changelog
+* Wed Jan  4 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1
+- Update to 4.9. Resolves: rhbz#2128669
+- Switch to using %%autopatch as in Fedora
+
 * Wed Feb  2 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3
 - Drop IKEv1 packets by default, based on the Debian patch
   by Daniel Kahn Gillmor (rhbz#2039877)