import UBI socat-1.7.4.1-6.el9_6.1

SOURCES/socat-1.7.4.1-CVE-2024-54661.patch

@@ -0,0 +1,22 @@
+http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
+
+--- socat-1.8.0.1/readline.sh	2019-04-04 10:59:55.000000000 +0200
++++ socat-1.8.0.2/readline.sh	2024-12-06 11:44:17.376502570 +0100
+@@ -22,9 +22,15 @@
+ else
+     HISTOPT=
+ fi
+-mkdir -p /tmp/$USER || exit 1
+ #
+ #
+ 
+-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
++if test -w .; then
++    STDERR=./socat-readline.${1##*/}.log
++    rm -f $STDERR
++else
++    STDERR=/dev/null
++fi
++
++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+ 

SPECS/socat.spec

@@ -3,7 +3,7 @@
 Summary: Bidirectional data relay between two data channels ('netcat++')
 Name: socat
 Version: 1.7.4.1
-Release: 6%{?dist}
+Release: 6%{?dist}.1
 License: GPLv2
 Url:  http://www.dest-unreach.org/socat/
 Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz
@@ -12,6 +12,7 @@ Patch1: socat-1.7.3.3-warn.patch
 # https://issues.redhat.com/browse/RHEL-32438
 # Based on: https://repo.or.cz/socat.git/commit/1477334905be18c08bd6dc77be5a62e36b573de4
 Patch2: socat-1.7.4.1-ipv6-peername-segfault.patch
+Patch3: socat-1.7.4.1-CVE-2024-54661.patch
 
 BuildRequires: make
 BuildRequires:  gcc
@@ -32,8 +33,7 @@ line editor (readline), a program, or a combination of two of these.
 %setup -q
 iconv -f iso8859-1 -t utf-8 CHANGES > CHANGES.utf8
 mv CHANGES.utf8 CHANGES
-%patch1 -p1
-%patch2 -p1
+%autopatch -p1
 
 %build
 %configure  \
@@ -77,6 +77,11 @@ export OD_C=/usr/bin/od
 %doc %{_mandir}/man1/*
 
 %changelog
+* Wed Jun 04 2025 Martin Osvald <mosvald@redhat.com> - 1.7.4.1-6.1
+- add fix for CVE-2024-54661
+  Resolves: RHEL-70096
+- switch to autopatch, remove unused patches
+
 * Mon Apr 15 2024 Martin Osvald <mosvald@redhat.com> - 1.7.4.1-6
 - Fix IPv6 peername segfault (RHEL-32438)