https://git.altlinux.org/tasks/424354/logs/events.2.1.log https://packages.altlinux.org/tasks/424354
subtask name aarch64 i586 x86_64 #200 openbao 5:18 2:34 2:34 2026-Jul-06 15:09:09 :: task #424354 for sisyphus resumed by tulskijms: #100 removed #200 build 2.5.5-alt1 from /people/tulskijms/packages/openbao.git fetched at 2026-Jul-06 15:08:57 2026-Jul-06 15:09:11 :: [i586] #200 openbao.git 2.5.5-alt1: build start 2026-Jul-06 15:09:11 :: [aarch64] #200 openbao.git 2.5.5-alt1: build start 2026-Jul-06 15:09:11 :: [x86_64] #200 openbao.git 2.5.5-alt1: build start 2026-Jul-06 15:11:45 :: [x86_64] #200 openbao.git 2.5.5-alt1: build OK 2026-Jul-06 15:11:45 :: [i586] #200 openbao.git 2.5.5-alt1: build OK 2026-Jul-06 15:14:29 :: [aarch64] #200 openbao.git 2.5.5-alt1: build OK 2026-Jul-06 15:14:41 :: 200: build check OK 2026-Jul-06 15:14:42 :: build check OK 2026-Jul-06 15:14:50 :: #200: openbao.git 2.5.5-alt1: version check OK 2026-Jul-06 15:14:51 :: build version check OK 2026-Jul-06 15:15:16 :: noarch check OK 2026-Jul-06 15:15:18 :: plan: src +1 -1 =22398, aarch64 +2 -2 =39684, i586 +2 -2 =37226, x86_64 +2 -2 =40752 #200 openbao 2.5.4-alt1 -> 2.5.5-alt1 Mon Jul 06 2026 Maxim Tulskiy <tulskijms@altlinux> 2.5.5-alt1 - Updated to new version 2.5.5. - Fixes: + CVE-2026-55770: prevent LDAP injection via bind DN to group resolution (auth/ldap, secrets/ldap) + CVE-2026-55776: fix server crash from unlock of unlocked mutex for RSA keys created with derived=true (secrets/transit) + CVE-2026-55774: fix unauthorized cross-namespace lease revocation via leaked lease identifiers (core/leases) + CVE-2026-55775: fix namespace path canonicalization of "root" enabling unauthorized operations on the parent namespace (core/namespaces) - Require golang >= 1.26.4 to close Go stdlib CVEs found in the build toolchain. - Bumped vendored go-ntlmssp to 0.1.1 to fix CVE-2026-32952. - Bumped vendored jackc/pgx/v5 to 5.9.2 to fix CVE-2026-41889. 2026-Jul-06 15:15:18 :: openbao: fixes vulnerabilities: CVE-2026-55770 CVE-2026-55776 CVE-2026-55774 CVE-2026-55775 2026-Jul-06 15:15:18 :: openbao: mentions vulnerabilities: CVE-2026-32952 CVE-2026-41889 2026-Jul-06 15:16:09 :: patched apt indices 2026-Jul-06 15:16:19 :: created next repo 2026-Jul-06 15:16:32 :: duplicate provides check OK 2026-Jul-06 15:17:15 :: dependencies check OK 2026-Jul-06 15:17:56 :: [x86_64 i586 aarch64] ELF symbols check OK 2026-Jul-06 15:18:07 :: [i586] #200 openbao: install check OK 2026-Jul-06 15:18:08 :: [x86_64] #200 openbao: install check OK 2026-Jul-06 15:18:15 :: [i586] #200 openbao-debuginfo: install check OK 2026-Jul-06 15:18:16 :: [x86_64] #200 openbao-debuginfo: install check OK 2026-Jul-06 15:18:19 :: [aarch64] #200 openbao: install check OK 2026-Jul-06 15:18:36 :: [aarch64] #200 openbao-debuginfo: install check OK 2026-Jul-06 15:18:54 :: [x86_64-i586] generated apt indices 2026-Jul-06 15:18:54 :: [x86_64-i586] created next repo 2026-Jul-06 15:19:06 :: [x86_64-i586] dependencies check OK 2026-Jul-06 15:19:07 :: gears inheritance check OK 2026-Jul-06 15:19:07 :: srpm inheritance check OK girar-check-perms: access to openbao DENIED for tulskijms: does not belong to maintainers list yet check-subtask-perms: #200: openbao: Operation not permitted 2026-Jul-06 15:19:08 :: acl check FAILED 2026-Jul-06 15:19:20 :: created contents_index files 2026-Jul-06 15:19:29 :: created hash files: aarch64 i586 src x86_64 2026-Jul-06 15:19:33 :: task #424354 for sisyphus EPERM _______________________________________________ Sisyphus-incominger mailing list [email protected] https://lists.altlinux.org/mailman/listinfo/sisyphus-incominger
