Mock Version: 4.1 Mock Version: 4.1 Mock Version: 4.1 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec'], chrootPath='/var/lib/mock/dist-ocs23-base-build-325784-34885/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'nspawn_args=[]unshare_net=TrueprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: x86_64 Building for target x86_64 Wrote: /builddir/build/SRPMS/grafana-10.2.6-15.ocs23.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec'], chrootPath='/var/lib/mock/dist-ocs23-base-build-325784-34885/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'nspawn_args=[]unshare_net=TrueprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: x86_64 Building for target x86_64 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.p9lRlF + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/grafana-10.2.6.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd grafana-10.2.6 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + cd /builddir/build/BUILD + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/grafana-vendor-10.2.6-15.tar.xz + STATUS=0 + '[' 0 -ne 0 ']' + cd grafana-10.2.6 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + rm -r plugins-bundled + cd /builddir/build/BUILD + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/grafana-webpack-10.2.6-15.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd grafana-10.2.6 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . Patch #1 (0001-v10.3.x-Alerting-Fix-incorrect-permission-on-POST-ex.patch): + echo 'Patch #1 (0001-v10.3.x-Alerting-Fix-incorrect-permission-on-POST-ex.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/ngalert/api/authorization.go Hunk #1 succeeded at 75 (offset -18 lines). Patch #2 (0001-CVE-2024-11741-victorops-url.patch): + echo 'Patch #2 (0001-CVE-2024-11741-victorops-url.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/ngalert/api/tooling/definitions/contact_points.go Hunk #1 succeeded at 222 (offset -1 lines). patching file pkg/services/ngalert/notifier/channels_config/available_channels.go Patch #3 (0001-Sanitize-paths-before-evaluating-access-to-route.patch): + echo 'Patch #3 (0001-Sanitize-paths-before-evaluating-access-to-route.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/api/pluginproxy/ds_proxy.go patching file pkg/api/pluginproxy/ds_proxy_test.go Hunk #1 succeeded at 195 (offset -35 lines). Patch #4 (CVE-2024-10452-0001-User-Check-SignedInUser-OrgID-in-RevokeInvite-95476.patch): + echo 'Patch #4 (CVE-2024-10452-0001-User-Check-SignedInUser-OrgID-in-RevokeInvite-95476.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/api/org_invite.go Patch #5 (CVE-2025-1088-0001-Dashboards-Prevent-title-longer-than-5-000-character.patch): + echo 'Patch #5 (CVE-2025-1088-0001-Dashboards-Prevent-title-longer-than-5-000-character.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/dashboards/errors.go patching file pkg/services/dashboards/service/dashboard_service.go Patch #6 (CVE-2025-3580-0001-Chore-delete-user-check-10.4.19-105795.patch): + echo 'Patch #6 (CVE-2025-3580-0001-Chore-delete-user-check-10.4.19-105795.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/org/orgimpl/store.go patching file pkg/services/org/orgimpl/store_test.go Patch #7 (CVE-2025-3415-0001-declare-dingding-url-as-secret.patch): + echo 'Patch #7 (CVE-2025-3415-0001-declare-dingding-url-as-secret.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/ngalert/notifier/alertmanager.go patching file pkg/services/ngalert/notifier/channels_config/available_channels.go patching file pkg/services/ngalert/notifier/receivers.go Patch #8 (CVE-2025-3415-0002-fix-integration-test.patch): + echo 'Patch #8 (CVE-2025-3415-0002-fix-integration-test.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/tests/api/alerting/api_notification_channel_test.go Patch #3001 (0001-update-grafana-cli-script-with-distro-specific-paths.patch): + echo 'Patch #3001 (0001-update-grafana-cli-script-with-distro-specific-paths.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file packaging/wrappers/grafana-cli Patch #3002 (0002-add-manpages.patch): + echo 'Patch #3002 (0002-add-manpages.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file docs/man/man1/grafana-cli.1 patching file docs/man/man1/grafana-server.1 Patch #3003 (0003-update-default-configuration.patch): + echo 'Patch #3003 (0003-update-default-configuration.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file conf/defaults.ini patching file conf/sample.ini Patch #3004 (0004-remove-unused-backend-dependencies.patch): + echo 'Patch #3004 (0004-remove-unused-backend-dependencies.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file go.mod patching file go.sum patching file pkg/extensions/main.go Patch #3005 (0005-remove-unused-frontend-crypto.patch): + echo 'Patch #3005 (0005-remove-unused-frontend-crypto.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file package.json patching file yarn.lock Patch #3006 (0006-skip-marketplace-plugin-install-test.patch): + echo 'Patch #3006 (0006-skip-marketplace-plugin-install-test.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/tests/api/plugins/api_plugins_test.go Patch #3007 (0007-redact-weak-ciphers.patch): + echo 'Patch #3007 (0007-redact-weak-ciphers.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/api/http_server.go + echo 'Patch #3008 (0008-replace-faulty-slices-sort.patch):' Patch #3008 (0008-replace-faulty-slices-sort.patch): + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/sqlstore/migrator/dialect.go Patch #3009 (0009-update-wrappers-and-systemd-with-distro-paths.patch): + echo 'Patch #3009 (0009-update-wrappers-and-systemd-with-distro-paths.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file packaging/rpm/systemd/grafana-server.service patching file packaging/wrappers/grafana patching file packaging/wrappers/grafana-server Patch #3010 (0010-remove-bcrypt-references.patch): + echo 'Patch #3010 (0010-remove-bcrypt-references.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file pkg/services/extsvcauth/oauthserver/oasimpl/service.go Patch #3011 (0011-fix-dompurify-CVE.patch): + echo 'Patch #3011 (0011-fix-dompurify-CVE.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file package.json Hunk #1 succeeded at 435 (offset 3 lines). patching file packages/grafana-data/package.json patching file yarn.lock Hunk #2 succeeded at 14437 (offset -41 lines). Patch #3012 (0012-fix-jwt-CVE.patch): + echo 'Patch #3012 (0012-fix-jwt-CVE.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file go.mod Hunk #1 succeeded at 163 (offset -1 lines). patching file go.sum Patch #3013 (0013-fix-CVE-2025-4123.patch): + echo 'Patch #3013 (0013-fix-CVE-2025-4123.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file conf/defaults.ini patching file conf/sample.ini Patch #3014 (0014-Disable-angularjs-by-default.patch): + echo 'Patch #3014 (0014-Disable-angularjs-by-default.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file conf/defaults.ini patching file conf/sample.ini Patch #3501 (1001-vendor-patch-removed-backend-crypto.patch): + echo 'Patch #3501 (1001-vendor-patch-removed-backend-crypto.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go patching file vendor/github.com/prometheus/exporter-toolkit/web/handler.go patching file vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go Hunk #2 succeeded at 218 (offset -39 lines). Hunk #3 succeeded at 311 (offset -39 lines). patching file vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go patching file vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go patching file vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go patching file vendor/github.com/ProtonMail/go-crypto/openpgp/read.go patching file vendor/github.com/google/s2a-go/internal/record/internal/aeadcrypter/chachapoly.go patching file vendor/github.com/google/s2a-go/internal/record/internal/halfconn/halfconn.go patching file vendor/github.com/google/s2a-go/internal/record/internal/halfconn/expander.go patching file vendor/github.com/Masterminds/sprig/v3/crypto.go patching file vendor/github.com/microsoft/go-mssqldb/integratedauth/ntlm/ntlm.go patching file vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go patching file vendor/github.com/Azure/go-autorest/autorest/adal/persist.go patching file vendor/github.com/Azure/go-ntlmssp/nlmp.go patching file vendor/github.com/ory/fosite/hash_bcrypt.go patching file vendor/filippo.io/age/internal/stream/stream.go patching file vendor/filippo.io/age/primitives.go patching file vendor/filippo.io/age/scrypt.go patching file vendor/filippo.io/age/x25519.go patching file vendor/gopkg.in/square/go-jose.v2/asymmetric.go patching file vendor/gopkg.in/square/go-jose.v2/jwk.go patching file vendor/gopkg.in/square/go-jose.v2/signing.go patching file vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope.go patching file vendor/k8s.io/apiserver/pkg/storage/value/encrypt/aes/aes_extended_nonce.go patching file vendor/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope.go patching file vendor/k8s.io/apiserver/pkg/storage/value/encrypt/secretbox/secretbox.go patching file vendor/k8s.io/apiserver/pkg/server/config.go Patch #3502 (1002-vendor-Redacted-Url-in-logs.patch): + echo 'Patch #3502 (1002-vendor-Redacted-Url-in-logs.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/hashicorp/go-retryablehttp/client.go Patch #3503 (1003-vendor-grafana-plugin-sdk-go-Remove-repo-info-from-binary.patch): + echo 'Patch #3503 (1003-vendor-grafana-plugin-sdk-go-Remove-repo-info-from-binary.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/grafana/grafana-plugin-sdk-go/build/common.go patching file vendor/github.com/grafana/grafana-plugin-sdk-go/build/info.go Patch #3504 (1004-Upgrade-grafana-plugin-sdk-go-to-v0.250.0-170.patch): + echo 'Patch #3504 (1004-Upgrade-grafana-plugin-sdk-go-to-v0.250.0-170.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/grafana/grafana-aws-sdk/pkg/awsds/utils.go Patch #3505 (1005-Update-victorops-to-support-loading-url-from-secrets.patch): + echo 'Patch #3505 (1005-Update-victorops-to-support-loading-url-from-secrets.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/grafana/alerting/notify/receivers.go Hunk #1 succeeded at 491 (offset 96 lines). patching file vendor/github.com/grafana/alerting/receivers/victorops/config.go Patch #3506 (0001-http2-close-connections-when-receiving-too-many-head.patch): + echo 'Patch #3506 (0001-http2-close-connections-when-receiving-too-many-head.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/golang.org/x/net/http2/frame.go Hunk #1 succeeded at 1565 (offset 1 line). Hunk #2 succeeded at 1578 (offset 1 line). Patch #3507 (0001-html-use-strings.EqualFold-instead-of-lowering-ourse.patch): + echo 'Patch #3507 (0001-html-use-strings.EqualFold-instead-of-lowering-ourse.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/golang.org/x/net/html/doctype.go patching file vendor/golang.org/x/net/html/foreign.go patching file vendor/golang.org/x/net/html/parse.go Hunk #1 succeeded at 1031 (offset -4 lines). Hunk #2 succeeded at 1459 (offset -4 lines). Patch #3508 (0001-proxy-http-httpproxy-do-not-mismatch-IPv6-zone-ids-a.patch): + echo 'Patch #3508 (0001-proxy-http-httpproxy-do-not-mismatch-IPv6-zone-ids-a.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/golang.org/x/net/http/httpproxy/proxy.go Hunk #2 succeeded at 181 (offset 3 lines). Hunk #3 succeeded at 366 (offset 3 lines). patching file vendor/golang.org/x/net/proxy/per_host.go Patch #3509 (1006-html-properly-handle-trailing-solidus-in-unquoted-at.patch): + echo 'Patch #3509 (1006-html-properly-handle-trailing-solidus-in-unquoted-at.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/golang.org/x/net/html/token.go Patch #3510 (0001-glog-Don-t-try-to-create-rotate-a-given-syncBuffer-t.patch): + echo 'Patch #3510 (0001-glog-Don-t-try-to-create-rotate-a-given-syncBuffer-t.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/golang/glog/glog_file.go Hunk #1 succeeded at 247 (offset -1 lines). Hunk #2 succeeded at 255 (offset -1 lines). Hunk #3 succeeded at 281 (offset -1 lines). Patch #3511 (0002-glog-introduce-createInDir-function-as-in-internal-v.patch): + echo 'Patch #3511 (0002-glog-introduce-createInDir-function-as-in-internal-v.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/golang/glog/glog_file.go Hunk #1 succeeded at 118 (offset 2 lines). Hunk #2 succeeded at 296 (offset -1 lines). Patch #3512 (0003-glog-have-createInDir-fail-if-the-file-already-exist.patch): + echo 'Patch #3512 (0003-glog-have-createInDir-fail-if-the-file-already-exist.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file vendor/github.com/golang/glog/glog_file.go Hunk #1 succeeded at 145 (offset 2 lines). Patch #3513 (0012-fix-brace-expansion-CVE.patch): + echo 'Patch #3513 (0012-fix-brace-expansion-CVE.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file package.json patching file yarn.lock Patch #3514 (0013-fix-axios-CVE.patch): + echo 'Patch #3514 (0013-fix-axios-CVE.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file package.json patching file yarn.lock Patch #3515 (0014-fix-prismjs-CVE.patch): + echo 'Patch #3515 (0014-fix-prismjs-CVE.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 patching file package.json patching file packages/grafana-ui/package.json patching file yarn.lock Patch #3516 (CVE-2025-58754-fix-axios-1.12.0.patch): + echo 'Patch #3516 (CVE-2025-58754-fix-axios-1.12.0.patch):' + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 can't find file to patch at input line 15 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |From f9f67ca2dc6fdc6b148472ff54b31e51eef87a35 Mon Sep 17 00:00:00 2001 |From: yugozhang |Date: Wed, 17 Sep 2025 21:01:09 +0800 |Subject: [PATCH] fix(axios): bump to 1.12.0 to address CVE-2025-58754 | |--- | grafana-10.2.6/package.json | 2 +- | grafana-10.2.6/yarn.lock | 146 ++++++++++++++++++++++++++++++++++-- | 2 files changed, 142 insertions(+), 6 deletions(-) | |diff --git a/grafana-10.2.6/package.json b/grafana-10.2.6/package.json |index d1080ec..0e2a3ce 100644 |--- a/grafana-10.2.6/package.json |+++ b/grafana-10.2.6/package.json -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 28 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/grafana-10.2.6/yarn.lock b/grafana-10.2.6/yarn.lock |index 7ebcf1d..1c55817 100644 |--- a/grafana-10.2.6/yarn.lock |+++ b/grafana-10.2.6/yarn.lock -------------------------- No file to patch. Skipping patch. 14 out of 14 hunks ignored RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.p9lRlF (%prep) Bad exit status from /var/tmp/rpm-tmp.p9lRlF (%prep) Child return code was: 1 EXCEPTION: [Error('Command failed: \n # bash --login -c /usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec\n', 1)] Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/mockbuild/trace_decorator.py", line 93, in trace result = func(*args, **kw) ^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/mockbuild/util.py", line 597, in do_with_status raise exception.Error("Command failed: \n # %s\n%s" % (command, output), child.returncode) mockbuild.exception.Error: Command failed: # bash --login -c /usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/grafana.spec