From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <girar-builder@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=ham autolearn_force=no version=3.4.1
Date: Wed, 22 Apr 2026 19:28:25 +0000
From: "Girar awaiter (tulskijms)" <girar-builder@altlinux.org>
To: Maxim Tulskiy <tulskijms@altlinux.org>
Subject: [#416017] p11 EPERM openbao.git=2.5.3-alt1
Message-ID: <girar.task.416017.1.1@gyle.mskdc.altlinux.org>
Mail-Followup-To: Girar awaiter robot <girar-builder@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-girar-task-id: 416017
X-girar-task-owner: tulskijms
X-girar-task-repo: p11
X-girar-task-try: 1
X-girar-task-iter: 1
X-girar-task-status: EPERM
X-girar-task-URL: https://git.altlinux.org/tasks/416017/
X-girar-task-log: logs/events.1.1.log
X-girar-task-summary: [#416017] p11 EPERM openbao.git=2.5.3-alt1
User-Agent: Mutt/1.10.1 (2018-07-13)
Cc: sisyphus-incominger@lists.altlinux.org, girar-builder-p11@altlinux.org,
 girar-builder-p11@lists.altlinux.org
X-BeenThere: sisyphus-incominger@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Devel discussion list <devel@lists.altlinux.org>
List-Id: ALT Linux Girar Builder robot reports
 <sisyphus-incominger.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-incominger>, 
 <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-incominger>
List-Post: <mailto:sisyphus-incominger@lists.altlinux.org>
List-Help: <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-incominger>, 
 <mailto:sisyphus-incominger-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2026 19:28:28 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-incominger/girar.task.416017.1.1@gyle.mskdc.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-incominger/>

https://git.altlinux.org/tasks/416017/logs/events.1.1.log
https://packages.altlinux.org/tasks/416017

subtask  name     aarch64  i586  x86_64
   #100  openbao     5:54  3:59    3:52

2026-Apr-22 19:17:39 :: task #416017 for p11 started by tulskijms:
2026-Apr-22 19:17:39 :: message: Fixes: CVE-2026-39388, CVE-2026-40264, CVE-2026-5807, CVE-2026-3605, CVE-2026-39396, CVE-2026-39946
#100 build 2.5.3-alt1 from /people/tulskijms/packages/openbao.git fetched at 2026-Apr-22 19:12:34
2026-Apr-22 19:17:41 :: [aarch64] #100 openbao.git 2.5.3-alt1: build start
2026-Apr-22 19:17:41 :: [i586] #100 openbao.git 2.5.3-alt1: build start
2026-Apr-22 19:17:41 :: [x86_64] #100 openbao.git 2.5.3-alt1: build start
2026-Apr-22 19:21:33 :: [x86_64] #100 openbao.git 2.5.3-alt1: build OK
2026-Apr-22 19:21:40 :: [i586] #100 openbao.git 2.5.3-alt1: build OK
2026-Apr-22 19:23:35 :: [aarch64] #100 openbao.git 2.5.3-alt1: build OK
2026-Apr-22 19:23:48 :: 100: build check OK
2026-Apr-22 19:23:48 :: build check OK
2026-Apr-22 19:23:55 :: #100: openbao.git 2.5.3-alt1: version check OK
2026-Apr-22 19:23:55 :: build version check OK
2026-Apr-22 19:24:18 :: noarch check OK
2026-Apr-22 19:24:20 :: plan: src +1 -1 =20289, aarch64 +2 -2 =36282, i586 +2 -2 =34951, x86_64 +2 -2 =37251
#100 openbao 2.5.2-alt1 -> 2.5.3-alt1
 Wed Apr 22 2026 Maxim Tulskiy <tulskijms@altlinux> 2.5.3-alt1
 - Updated to new version 2.5.3.
 - Fixes:
   + CVE-2026-39388: prevent token renewal with different-but-valid certificate (auth/cert)
   + CVE-2026-40264: prevent cross-namespace token renewal, revocation by accessor (auth/token)
   + CVE-2026-5807: disallow unauthenticated cancellation of sys/generate-root/* (core)
   + CVE-2026-3605: forbid request path traversal using . and .. segments (core)
   + CVE-2026-39396: validate and restrict downloaded plugin binary size from OCI images (core/plugins).
   + CVE-2026-39946: correctly quote schema name in revoke statement (database/postgresql)
2026-Apr-22 19:24:20 :: openbao: fixes vulnerabilities: CVE-2026-39388 CVE-2026-40264 CVE-2026-5807 CVE-2026-3605 CVE-2026-39396 CVE-2026-39946
2026-Apr-22 19:25:07 :: patched apt indices
2026-Apr-22 19:25:17 :: created next repo
2026-Apr-22 19:25:27 :: duplicate provides check OK
2026-Apr-22 19:26:06 :: dependencies check OK
2026-Apr-22 19:26:43 :: [x86_64 i586 aarch64] ELF symbols check OK
2026-Apr-22 19:26:59 :: [i586] #100 openbao: install check OK
2026-Apr-22 19:26:59 :: [x86_64] #100 openbao: install check OK
2026-Apr-22 19:27:08 :: [aarch64] #100 openbao: install check OK
2026-Apr-22 19:27:12 :: [i586] #100 openbao-debuginfo: install check OK
2026-Apr-22 19:27:12 :: [x86_64] #100 openbao-debuginfo: install check OK
2026-Apr-22 19:27:27 :: [aarch64] #100 openbao-debuginfo: install check OK
2026-Apr-22 19:27:46 :: [x86_64-i586] generated apt indices
2026-Apr-22 19:27:46 :: [x86_64-i586] created next repo
2026-Apr-22 19:27:58 :: [x86_64-i586] dependencies check OK
2026-Apr-22 19:27:59 :: gears inheritance check OK
2026-Apr-22 19:28:00 :: srpm inheritance check OK
girar-check-perms: access to openbao DENIED for tulskijms: does not belong to maintainers list yet
check-subtask-perms: #100: openbao: needs approvals from members of @maint and @tester groups
2026-Apr-22 19:28:01 :: acl check FAILED
2026-Apr-22 19:28:13 :: created contents_index files
2026-Apr-22 19:28:22 :: created hash files: aarch64 i586 src x86_64
2026-Apr-22 19:28:25 :: task #416017 for p11 EPERM