diff --git a/0006-Resolve-multiple-definition-of-swanctl_dir.patch b/0006-Resolve-multiple-definition-of-swanctl_dir.patch
deleted file mode 100644
index 52773ac..0000000
--- a/0006-Resolve-multiple-definition-of-swanctl_dir.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur strongswan-5.8.2.orig/src/swanctl/swanctl.h strongswan-5.8.2/src/swanctl/swanctl.h
---- strongswan-5.8.2.orig/src/swanctl/swanctl.h	2018-12-14 16:48:24.000000000 +0100
-+++ strongswan-5.8.2/src/swanctl/swanctl.h	2020-03-26 07:54:21.876224209 +0100
-@@ -30,7 +30,7 @@
- /**
-  * Base directory for credentials and config
-  */
--char *swanctl_dir;
-+extern char *swanctl_dir;
- 
- /**
-  * Configuration file for connections, etc.
diff --git a/strongswan-5.8.2.tar.bz2 b/strongswan-5.8.2.tar.bz2
deleted file mode 100644
index 42edc4e..0000000
--- a/strongswan-5.8.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:86900ddbe7337c923dadf2c8339ae8ed2b9158e3691745884d08ae534677430e
-size 4533402
diff --git a/strongswan-5.8.2.tar.bz2.sig b/strongswan-5.8.2.tar.bz2.sig
deleted file mode 100644
index f025402..0000000
--- a/strongswan-5.8.2.tar.bz2.sig
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQGcBAABAgAGBQJd+MscAAoJEN9CwXCzTbp3f6ML/0y5DGj7CytdIWcT7ODbZ5Dt
-S8MS2BHxUJ4cgzB8InCK4wNQFpyzRhR2goPly1B8RVNSVSfdyvqfSC/A++esZe3m
-wwjsjzjWYVaNnkj1lrl/8azOiDkD/uA/NaaUcASp6hoJIJQALYW5HfPjL/S/hC+v
-iVio5Fy9c/9HGJEeeZxqRMp/gTNjvh05hbP9ukLADk6klphwaNFg5o0YNgf1NJFE
-CBo/rGJNVfvEUUlJMLiBlFCBaPMOIjoIXODpjootRioDpnF6IonfcoIGiR6TuRQC
-zR3u3Zhgpe4tJfkKCpCCSPGwMCcwreMAUwzRf/U/HDUSPZX+c4sBOIl8eedwVA77
-DjNlktwmPta8x4YOh6NB3ghAwwztEkPvvaAIcwH0gh1DkjIicFr2VkoXIS5jqaVN
-bK2YvTQ7StZa35VaEYnlu5JzIchPlqhXND6sWLWJolnwrNWskZyojVYioyIv3KJJ
-tXphbN0HHCfLPs5vX8/X97IAa06tsnEOZEZg5Sk3Jw==
-=VHUc
------END PGP SIGNATURE-----
diff --git a/strongswan-5.8.4.tar.bz2 b/strongswan-5.8.4.tar.bz2
new file mode 100644
index 0000000..8cc45ed
--- /dev/null
+++ b/strongswan-5.8.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2d9a57e33813b62d58cba07531c4d5a35c6b823dfe9b8ff7c623b6571f02553c
+size 4546240
diff --git a/strongswan-5.8.4.tar.bz2.sig b/strongswan-5.8.4.tar.bz2.sig
new file mode 100644
index 0000000..190bf14
--- /dev/null
+++ b/strongswan-5.8.4.tar.bz2.sig
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQGcBAABAgAGBQJegIHmAAoJEN9CwXCzTbp3onEL/iwMScWYL6KgjQCJp2acqFZf
+R+aVc18W/Pb4z6Qc8YghcVPlXG1L9cyfHTCHV3jNPXAX3qB+EMSG+DVfY7INdOfg
+3It6rVLwMLMYiPmmsMUoZpOfM4Fpw5rM6fjWPI3KogUpjF814TN1JJNIXC0e5jA0
+AxzLczzhhNbG+YnSdSDd/XhjG816QDYAv1WdoFvgP65QSVBKmQPzZz+ons6Ivjl5
+Il3Tly5IJnOeDfe/K0bsnNBXomjIWnQDtlwG4wfAFJV6YwTtJEvwMErQg9W9iVHY
+tndOdn/C8CfPXVnaBAbnkX3Vk9MWhLP+pFMF56Xojga8gPkqTD15zLubVlx8Gzal
+dW3s7qi0bmca10JwzOpuDePhzziemcqpsexdlhOuffaz+GZ2wHfupeixVXuFoV+F
+b3/htxfibnU8IqQl0YCdYh4vwKYwr6cz07TphmQBhrsLy8SjVr/EngPreDVDCgJ4
+tip0FJvV6yU7RTyNHqJOvKfwz9AEbo1ZRsfEEi6Qxw==
+=Xj8F
+-----END PGP SIGNATURE-----
diff --git a/strongswan.changes b/strongswan.changes
index 29d5708..dcaf20a 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Fri May  1 09:39:42 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 5.8.4:
+  * In IKEv1 Quick Mode make sure that a proposal exists before
+    determining lifetimes (fixes a crash due to a null-pointer
+    dereference in 5.8.3).
+  * OpenSSL currently doesn't support squeezing bytes out of a
+    SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
+    Unfortunately, EVP_DigestFinalXOF() completely resets the
+    context and later calls not simply fail, they cause a
+    null-pointer dereference in libcrypto. c5c1898d73 fixes the
+    crash at the cost of repeating initializing the whole state and
+    allocating too much data for subsequent calls (hopefully, once
+    the OpenSSL issue 7894 is resolved we can implement this more
+    efficiently).
+  * On 32-bit platforms, reading arbitrary 32-bit integers from
+    config files (e.g. for charon.spi_min/max) has been fixed.
+  * charon-nm now allows using fixed source ports.
+- Changes from version 5.8.3:
+  * Updates for the NM plugin (and backend, which has to be updated
+    to be compatible):
+    + EAP-TLS authentication (#2097)
+    + Certificate source (file, agent, smartcard) is selectable
+      independently
+    + Add support to configure local and remote identities (#2581)
+    + Support configuring a custom server port (#625)
+    + Show hint regarding password storage policy
+    + Replaced the term "gateway" with "server"
+    + Fixes build issues due to use of deprecated GLib
+      macros/functions
+    + Updated Glade file to GTK 3.2
+  * The NM backend now supports reauthentication and redirection.
+  * Previously used reqids are now reallocated, which works around
+    an issue on FreeBSD where the kernel doesn't allow the daemon
+    to use reqids > 16383 (#2315).
+  * On Linux, throw type routes are installed in table 220 for
+    passthrough policies. The kernel will then fall back on routes
+    in routing tables with lower priorities for matching traffic.
+    This way, they require less information (e.g. no interface or
+    source IP) and can be installed earlier and are not affected by
+    updates.
+  * For IKEv1, the lifetimes of the actually selected transform are
+    returned to the initiator, which is an issue if the peer uses
+    different lifetimes for different transforms (#3329). We now
+    also return the correct transform and proposal IDs (proposal ID
+    was always 0, transform ID 1). IKE_SAs are now not
+    re-established anymore (e.g. after several retransmits) if a
+    deletion has been queued (#3335).
+  * Added support for Ed448 keys and certificates via openssl
+    plugin and pki tool.
+  * Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
+  * The use of algorithm IDs from the private use range can now be
+    enabled globally, to use them even if no strongSwan vendor ID
+    was exchanged (05e373aeb0).
+  * Fixed a compiler issue that may have caused invalid keyUsage
+    extensions in certificates (#3249).
+  * A lot of spelling fixes.
+  * Fixed several reported issues.
+- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
+  upstream.
+
 -------------------------------------------------------------------
 Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
 
diff --git a/strongswan.spec b/strongswan.spec
index a215c4b..c3b0995 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -17,7 +17,7 @@
 
 
 Name:           strongswan
-Version:        5.8.2
+Version:        5.8.4
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
@@ -80,7 +80,6 @@ Patch2:         %{name}_ipsec_service.patch
 Patch3:         %{name}_fipscheck.patch
 %endif
 Patch5:         0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
-Patch6:         0006-Resolve-multiple-definition-of-swanctl_dir.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison
 BuildRequires:  curl-devel
@@ -257,7 +256,6 @@ and the load testing plugin for IKEv2 daemon.
 %patch3 -p1
 %endif
 %patch5 -p1
-%patch6 -p1
 sed -e 's|@libexecdir@|%_libexecdir|g'    \
      < %{_sourcedir}/strongswan.init.in \
      > strongswan.init