diff --git a/0001-fix-libselinux-deprecated.patch b/0001-fix-libselinux-deprecated.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6c66ccc2650ff8449a0b24888db78f40131814e5
--- /dev/null
+++ b/0001-fix-libselinux-deprecated.patch
@@ -0,0 +1,86 @@
+From 54b0f3bf7c87ccd8e9f7c74872371d571f0c118c Mon Sep 17 00:00:00 2001
+From: si-gui <245140120@qq.com>
+Date: Tue, 15 Sep 2020 19:57:58 +0800
+Subject: [PATCH] fix libselinux deprecated
+
+Signed-off-by: si-gui <245140120@qq.com>
+---
+ contrib/labeled-ipsec/getpeercon_server.c | 4 ++--
+ programs/pluto/security_selinux.c         | 7 ++-----
+ programs/pluto/security_selinux.h         | 2 +-
+ 3 files changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/contrib/labeled-ipsec/getpeercon_server.c b/contrib/labeled-ipsec/getpeercon_server.c
+index 57a24d0..aa2e2b4 100644
+--- a/contrib/labeled-ipsec/getpeercon_server.c
++++ b/contrib/labeled-ipsec/getpeercon_server.c
+@@ -64,7 +64,7 @@ int main(int argc, char *argv[])
+ 		srv_sock_path = argv[1];
+ 
+ 	{
+-		security_context_t ctx;
++		char *ctx;
+ 		int rc = getcon(&ctx);
+ 
+ 		fprintf(stderr, "-> running as %s\n",
+@@ -136,7 +136,7 @@ int main(int argc, char *argv[])
+ 		struct sockaddr_in6 *const cli_sock_6addr = (struct sockaddr_in6 *)&cli_sock_saddr;
+ 		socklen_t cli_sock_addr_len;
+ 		char cli_sock_addr_str[INET6_ADDRSTRLEN + 1];
+-		security_context_t ctx;
++		char *ctx;
+ 		char *ctx_str;
+ 
+ 		//fflush(stdout);
+diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
+index ac5028e..c09a2d0 100644
+--- a/programs/pluto/security_selinux.c
++++ b/programs/pluto/security_selinux.c
+@@ -27,13 +27,13 @@ void init_avc(void)
+ 		DBG_log("selinux support is enabled.");
+ 	}
+ 
+-	if (avc_init("libreswan", NULL, NULL, NULL, NULL) == 0)
++	if (avc_open(NULL, 0) == 0)
+ 		selinux_ready = 1;
+ 	else
+ 		DBG_log("selinux: could not initialize avc.");
+ }
+ 
+-int within_range(security_context_t sl, security_context_t range)
++int within_range(char *sl, char *range)
+ {
+ 	int rtn = 1;
+ 	security_id_t slsid;
+@@ -61,7 +61,6 @@ int within_range(security_context_t sl, security_context_t range)
+ 	if (rtn != 0) {
+ 		DBG_log("within_range: Unable to retrieve sid for range context (%s)",
+ 			range);
+-		sidput(slsid);
+ 		return 0;
+ 	}
+ 
+@@ -74,8 +73,6 @@ int within_range(security_context_t sl, security_context_t range)
+ 	if (rtn != 0) {
+ 		DBG_log("within_range: The sl (%s) is not within range of (%s)", sl,
+ 			range);
+-		sidput(slsid);
+-		sidput(rangesid);
+ 		return 0;
+ 	}
+ 	DBG_log("within_range: The sl (%s) is within range of (%s)", sl,
+diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
+index cccd60f..7c07bd8 100644
+--- a/programs/pluto/security_selinux.h
++++ b/programs/pluto/security_selinux.h
+@@ -20,6 +20,6 @@
+ #include <selinux/context.h>
+ 
+ void init_avc(void);
+-int within_range(security_context_t sl, security_context_t range);
++int within_range(char *sl, char *range);
+ 
+ #endif /* _SECURITY_SELINUX_H */
+-- 
+2.23.0
+
diff --git a/0002-fix-pluto-abort.patch b/0002-fix-pluto-abort.patch
new file mode 100644
index 0000000000000000000000000000000000000000..053b19b55ade6f9bdb9549a04cfdf6a4d0ddc861
--- /dev/null
+++ b/0002-fix-pluto-abort.patch
@@ -0,0 +1,31 @@
+From 4c08ae4152c6dbd9ecc7126c2e32468dcf1a6589 Mon Sep 17 00:00:00 2001
+From: si-gui <245140120@qq.com>
+Date: Tue, 15 Sep 2020 20:19:26 +0800
+Subject: [PATCH] fix libselinux deprecated
+
+Signed-off-by: si-gui <245140120@qq.com>
+---
+ programs/pluto/ike_alg_encrypt_nss_gcm_ops.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c b/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c
+index 4352645..4143186 100644
+--- a/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c
++++ b/programs/pluto/ike_alg_encrypt_nss_gcm_ops.c
+@@ -17,6 +17,13 @@
+ 
+ #include <libreswan.h>
+ 
++/*
++ *Special advise from Bob Relyea - needs to go before any nss include
++ *
++ */
++
++#define NSS_PKCS11_2_0_COMPAT 1
++
+ #include "lswlog.h"
+ #include "lswnss.h"
+ #include "prmem.h"
+-- 
+2.23.0
+
diff --git a/libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch b/libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch
deleted file mode 100644
index af3f280e1d50d3ec57144819047614e14d40219e..0000000000000000000000000000000000000000
--- a/libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-diff --git a/programs/pluto/security_selinux.c b/programs/pluto/security_selinux.c
-index ac5028e..2073a4a 100644
---- a/programs/pluto/security_selinux.c
-+++ b/programs/pluto/security_selinux.c
-@@ -18,6 +18,8 @@
- 
- static int selinux_ready = 0;
- 
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
- void init_avc(void)
- {
- 	if (!is_selinux_enabled()) {
-@@ -82,3 +84,4 @@ int within_range(security_context_t sl, security_context_t range)
- 		range);
- 	return 1;
- }
-+#pragma GCC diagnostic pop
-diff --git a/programs/pluto/security_selinux.h b/programs/pluto/security_selinux.h
-index cccd60f..61279eb 100644
---- a/programs/pluto/security_selinux.h
-+++ b/programs/pluto/security_selinux.h
-@@ -20,6 +20,9 @@
- #include <selinux/context.h>
- 
- void init_avc(void);
-+#pragma GCC diagnostic push
-+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
- int within_range(security_context_t sl, security_context_t range);
-+#pragma GCC diagnostic pop
- 
- #endif /* _SECURITY_SELINUX_H */
diff --git a/libreswan.spec b/libreswan.spec
index a9a04ef55f07c4ca618ef1c253c7eeb4ffc7ef1a..64a8f6d939a716f6517639970e23372257e29a8d 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -20,17 +20,18 @@
 
 Name:             libreswan
 Version:          3.25
-Release:          7
+Release:          10
 Summary:          A free implementation of IPsec & IKE for Linux
 License:          GPLv2
-Url:              https://libreswan.org/
-Source0:          https://download.libreswan.org/%{name}-%{version}.tar.gz
+Url:              https://github.com/libreswan/libreswan
+Source0:          https://github.com/libreswan/libreswan/archive/v%{version}.tar.gz
 Source1:          openeuler-libreswan-sysctl.conf
 Source2:          openeuler-libreswan-tmpfiles.conf
 
 Patch0001:        libreswan-3.25-relax-delete.patch
 Patch0002:        libreswan-3.25-unbound-hook.patch
-Patch0003:        libreswan-3.25-workaround-deprecation-warnings-introduced-in-libselinux-update.patch
+Patch0003:        0001-fix-libselinux-deprecated.patch
+Patch0004:        0002-fix-pluto-abort.patch
 
 BuildRequires:    gcc pkgconfig hostname bison flex systemd-devel nss-devel >= 3.16.1
 BuildRequires:    nspr-devel pam-devel libevent-devel unbound-devel >= 1.6.0-6 ldns-devel
@@ -131,6 +132,15 @@ export NSS_DISABLE_HW_GCM=1
 %doc %{_mandir}/*/*
 
 %changelog
+* Tue Sep 15 2020 Guoshuai Sun <sunguoshuai@huawei.com> - 3.25-10
+- Fix pluto abort
+
+* Tue Sep 15 2020 Guoshuai Sun <sunguoshuai@huawei.com> - 3.25-9
+- Fix libselinux deprecated instead of ignore the Werror
+
+* Mon Sep 14 2020 Ge Wang <wangge20@huawei.com> - 3.25-8
+- Modify Source0 Url
+
 * Tue Aug 04 2020 zhangjiapeng <zhangjiapeng9@huawei.com> - 3.25-7
 - Workaround deprecation warnings introduced in update libselinux >= 3.1
 
diff --git a/libreswan-3.25.tar.gz b/v3.25.tar.gz
similarity index 100%
rename from libreswan-3.25.tar.gz
rename to v3.25.tar.gz