diff --git a/libreswan-4.15-ipsec_import.patch b/libreswan-4.15-ipsec_import.patch
new file mode 100644
index 0000000000000000000000000000000000000000..129fbfde23c6ebe6e6dd529296bd5da1cabc7b2e
--- /dev/null
+++ b/libreswan-4.15-ipsec_import.patch
@@ -0,0 +1,20 @@
+diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in
+index 40ff9f4138..41813b5258 100755
+--- a/programs/ipsec/ipsec.in
++++ b/programs/ipsec/ipsec.in
+@@ -758,7 +758,14 @@ ipsec_import() {
+ 	    exit 1
+ 	fi
+ 
+-	pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}"
++	# First try blanc password to avoid uselessly prompting interactively
++	pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}" -W '' 2>/dev/null
++	# check for SEC_ERROR_BAD_PASSWORD
++	if [ $? -eq 18 ]; then
++	    # Not the empty password
++	    pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}"
++	fi
++
+ 	# check and correct trust bits
+ 	set_nss_db_trusts
+ 	exit 0
diff --git a/libreswan-4.15.tar.gz b/libreswan-5.2.tar.gz
similarity index 33%
rename from libreswan-4.15.tar.gz
rename to libreswan-5.2.tar.gz
index 44d2dd052771e96586fb593cd77e1805302db0eb..f09f809de2584ef1a08606117211aea1ffc13d85 100644
Binary files a/libreswan-4.15.tar.gz and b/libreswan-5.2.tar.gz differ
diff --git a/libreswan.spec b/libreswan.spec
index 922ad09a8c1bcd5f02b7f84dcdccd9f8b87cf515..3b8ce3ac938e4b2576fe91a616eb7dd7402ca728 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -2,8 +2,8 @@
 %global unbound_version 1.6.6
 %global libreswan_config \\\
     SHELL_BINARY=/usr/bin/sh \\\
-    FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\
-    FINALMANDIR=%{_mandir} \\\
+    LIBEXECDIR=%{_libexecdir}/ipsec \\\
+    MANDIR=%{_mandir} \\\
     PREFIX=%{_prefix} \\\
     INITSYSTEM=systemd \\\
     NSS_REQ_AVA_COPY=false \\\
@@ -18,6 +18,7 @@
     USE_LINUX_AUDIT=true \\\
     USE_NM=true \\\
     USE_SECCOMP=true \\\
+    USE_NSS_IPSEC_PROFILE=true \\\
     USE_AUTHPAM=true \\\
     USE_NSS_KDF=true \\\
 %{nil}
@@ -25,7 +26,7 @@
 
 Name: libreswan
 Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support
-Version: 4.15
+Version: 5.2
 Release: 1
 License: GPL-2.0-only
 Url: https://libreswan.org/
@@ -35,6 +36,7 @@ Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 Source4: openeuler-libreswan-sysctl.conf
 
+Patch1:  libreswan-4.15-ipsec_import.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -100,8 +102,6 @@ sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:in
 
 sed -i "s/-pthread$/-DALLOW_MICROSOFT_BAD_PROPOSAL -pthread/" mk/config.mk
 
-sed -i '/config setup/a\\t# Specifies a directory forNSS database files\n\tnssdir=/etc/ipsec.d' configs/ipsec.conf.in
-
 sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in
 
 linux_variant=`sed -n -e 's/"//g' -e 's/^ID_LIKE=//p' -e 's/^ID=//p' /etc/os-release|tr '\n' ' ' && echo`
@@ -124,6 +124,8 @@ make \
 FS=$(pwd)
 rm -rf %{buildroot}/usr/share/doc/libreswan
 rm -rf %{buildroot}%{_libexecdir}/ipsec/*check
+rm -rf %{buildroot}%{_libexecdir}/ipsec/show
+rm -rf %{buildroot}%{_libexecdir}/ipsec/verify
 
 install -d -m 0755 %{buildroot}%{_rundir}/pluto
 install -d %{buildroot}%{_sbindir}
@@ -191,6 +193,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %attr(0644,root,root) %doc %{_mandir}/*/*
 
 %changelog
+* Mon Apr 21 2025 yaoxin <1024769339@qq.com> - 5.2-1
+- Update to 5.2
+
 * Tue Apr 30 2024 wangkai <13474090681@163.com> - 4.15-1
 - Update to 4.15 for fix CVE-2024-3652