Mock Version: 4.1 Mock Version: 4.1 Mock Version: 4.1 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec'], chrootPath='/var/lib/mock/dist-ocs23-base-build-332154-36221/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'nspawn_args=[]unshare_net=FalseprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: x86_64 Building for target x86_64 Wrote: /builddir/build/SRPMS/krb5-1.21.2-8.ocs23.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec'], chrootPath='/var/lib/mock/dist-ocs23-base-build-332154-36221/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'nspawn_args=[]unshare_net=FalseprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: x86_64 Building for target x86_64 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QlIHtB + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf krb5-1.21.2 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/krb5-1.21.2.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd krb5-1.21.2 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + /usr/bin/git commit -q --allow-empty -a --author 'rpm-build ' -m 'krb5-1.21.2 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/downstream-ksu-pam-integration.patch + /usr/bin/git am --reject -q .git/rebase-apply/patch:25: trailing whitespace. dnl .git/rebase-apply/patch:322: trailing whitespace. * .git/rebase-apply/patch:717: trailing whitespace. * Checking patch src/aclocal.m4... .git/rebase-apply/patch:88: new blank line at EOF. + Hunk #1 succeeded at 1458 (offset -219 lines). Checking patch src/clients/ksu/Makefile.in... Checking patch src/clients/ksu/main.c... Checking patch src/clients/ksu/pam.c... Checking patch src/clients/ksu/pam.h... Checking patch src/configure.ac... Hunk #1 succeeded at 1399 (offset 10 lines). Applied patch src/aclocal.m4 cleanly. Applied patch src/clients/ksu/Makefile.in cleanly. Applied patch src/clients/ksu/main.c cleanly. Applied patch src/clients/ksu/pam.c cleanly. Applied patch src/clients/ksu/pam.h cleanly. Applied patch src/configure.ac cleanly. warning: 4 lines add whitespace errors. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/downstream-SELinux-integration.patch + /usr/bin/git am --reject -q Checking patch src/aclocal.m4... Checking patch src/build-tools/krb5-config.in... Hunk #1 succeeded at 40 (offset -1 lines). Hunk #2 succeeded at 254 (offset -1 lines). Checking patch src/config/pre.in... Checking patch src/configure.ac... Hunk #1 succeeded at 1401 (offset -1 lines). Checking patch src/include/k5-int.h... Checking patch src/include/k5-label.h... Checking patch src/include/krb5/krb5.hin... Checking patch src/kadmin/dbutil/dump.c... Checking patch src/kdc/main.c... Hunk #1 succeeded at 844 (offset -4 lines). Checking patch src/kprop/kpropd.c... Checking patch src/lib/kadm5/logger.c... Hunk #1 succeeded at 310 (offset 1 line). Hunk #2 succeeded at 777 (offset 1 line). Checking patch src/lib/kdb/kdb_log.c... Checking patch src/lib/krb5/ccache/cc_dir.c... Checking patch src/lib/krb5/keytab/kt_file.c... Checking patch src/lib/krb5/os/trace.c... Hunk #1 succeeded at 460 (offset 1 line). Checking patch src/plugins/kdb/db2/adb_openclose.c... Checking patch src/plugins/kdb/db2/kdb_db2.c... Checking patch src/plugins/kdb/db2/libdb2/btree/bt_open.c... Checking patch src/plugins/kdb/db2/libdb2/hash/hash.c... Checking patch src/plugins/kdb/db2/libdb2/recno/rec_open.c... Checking patch src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c... Checking patch src/util/profile/prof_file.c... Checking patch src/util/support/Makefile.in... Checking patch src/util/support/selinux.c... Applied patch src/aclocal.m4 cleanly. Applied patch src/build-tools/krb5-config.in cleanly. Applied patch src/config/pre.in cleanly. Applied patch src/configure.ac cleanly. Applied patch src/include/k5-int.h cleanly. Applied patch src/include/k5-label.h cleanly. Applied patch src/include/krb5/krb5.hin cleanly. Applied patch src/kadmin/dbutil/dump.c cleanly. Applied patch src/kdc/main.c cleanly. Applied patch src/kprop/kpropd.c cleanly. Applied patch src/lib/kadm5/logger.c cleanly. Applied patch src/lib/kdb/kdb_log.c cleanly. Applied patch src/lib/krb5/ccache/cc_dir.c cleanly. Applied patch src/lib/krb5/keytab/kt_file.c cleanly. Applied patch src/lib/krb5/os/trace.c cleanly. Applied patch src/plugins/kdb/db2/adb_openclose.c cleanly. Applied patch src/plugins/kdb/db2/kdb_db2.c cleanly. Applied patch src/plugins/kdb/db2/libdb2/btree/bt_open.c cleanly. Applied patch src/plugins/kdb/db2/libdb2/hash/hash.c cleanly. Applied patch src/plugins/kdb/db2/libdb2/recno/rec_open.c cleanly. Applied patch src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c cleanly. Applied patch src/util/profile/prof_file.c cleanly. Applied patch src/util/support/Makefile.in cleanly. Applied patch src/util/support/selinux.c cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/downstream-netlib-and-dns.patch + /usr/bin/git am --reject -q Checking patch src/aclocal.m4... Hunk #1 succeeded at 702 (offset -16 lines). Applied patch src/aclocal.m4 cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/downstream-fix-debuginfo-with-y.tab.c.patch + /usr/bin/git am --reject -q .git/rebase-apply/patch:17: trailing whitespace. $(YACC.y) $< Checking patch src/kadmin/cli/Makefile.in... Checking patch src/plugins/kdb/ldap/ldap_util/Makefile.in... Applied patch src/kadmin/cli/Makefile.in cleanly. Applied patch src/plugins/kdb/ldap/ldap_util/Makefile.in cleanly. warning: 1 line adds whitespace errors. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/Fix-CVE-2024-26458-and-26461-two-unlikely-memory-leaks.patch + /usr/bin/git am --reject -q Checking patch src/lib/gssapi/krb5/k5sealv3.c... Checking patch src/lib/rpc/pmap_rmt.c... Applied patch src/lib/gssapi/krb5/k5sealv3.c cleanly. Applied patch src/lib/rpc/pmap_rmt.c cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/Fix-CVE-2024-26462-leak-in-KDC-NDR-encoding.patch + /usr/bin/git am --reject -q Checking patch src/kdc/ndr.c... Applied patch src/kdc/ndr.c cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/Fix-CVE-2024-37370-and-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch + /usr/bin/git am --reject -q Checking patch src/lib/gssapi/krb5/k5sealv3.c... Checking patch src/lib/gssapi/krb5/k5sealv3iov.c... Checking patch src/lib/gssapi/krb5/k5unsealiov.c... Hunk #2 succeeded at 266 (offset 18 lines). Hunk #3 succeeded at 353 (offset 18 lines). Hunk #4 succeeded at 383 (offset 18 lines). Hunk #5 succeeded at 398 (offset 18 lines). Checking patch src/tests/gssapi/t_invalid.c... Hunk #2 succeeded at 120 (offset 12 lines). Hunk #3 succeeded at 146 (offset 12 lines). Hunk #4 succeeded at 163 (offset 12 lines). Hunk #5 succeeded at 185 (offset 12 lines). Hunk #6 succeeded at 215 (offset 12 lines). Hunk #7 succeeded at 226 (offset 12 lines). Hunk #8 succeeded at 269 (offset 12 lines). Hunk #9 succeeded at 546 (offset 12 lines). Hunk #10 succeeded at 581 (offset 12 lines). Applied patch src/lib/gssapi/krb5/k5sealv3.c cleanly. Applied patch src/lib/gssapi/krb5/k5sealv3iov.c cleanly. Applied patch src/lib/gssapi/krb5/k5unsealiov.c cleanly. Applied patch src/tests/gssapi/t_invalid.c cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/Fix-CVE-2025-24528-prevent-overflow-when-calculating-ulog-block-size.patch + /usr/bin/git am --reject -q Checking patch src/lib/kdb/kdb_log.c... Applied patch src/lib/kdb/kdb_log.c cleanly. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/Fix-CVE-2025-3576-Do-not-issue-session-keys-with-deprecated-enctypes.patch + /usr/bin/git am --reject -q Checking patch doc/admin/conf_files/krb5_conf.rst... error: while searching for: The libdefaults section may contain any of the following relations: **allow_weak_crypto** If this flag is set to false, then weak encryption types (as noted in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered error: patch failed: doc/admin/conf_files/krb5_conf.rst:95 Checking patch doc/admin/enctypes.rst... error: while searching for: The KDC chooses the session key enctype by taking the intersection of its **permitted_enctypes** list, the list of long-term keys for the most recent kvno of the service, and the client's requested list of enctypes. Starting in krb5-1.11, it is possible to set a string attribute on a service principal to control what session key enctypes the KDC may issue for service tickets for that principal. See :ref:`set_string` in :ref:`kadmin(1)` for details. Choosing enctypes for a service error: patch failed: doc/admin/enctypes.rst:48 error: while searching for: acceptable risk for your environment and the weak enctypes are required for backward compatibility. **permitted_enctypes** controls the set of enctypes that a service will permit for session keys and for ticket and authenticator encryption. The KDC error: patch failed: doc/admin/enctypes.rst:87 Checking patch src/include/k5-int.h... error: while searching for: * matches the variable name. Keep these alphabetized. */ #define KRB5_CONF_ACL_FILE "acl_file" #define KRB5_CONF_ADMIN_SERVER "admin_server" #define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" #define KRB5_CONF_AUTH_TO_LOCAL "auth_to_local" #define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names" error: patch failed: src/include/k5-int.h:181 error: while searching for: struct _kdb_log_context *kdblog_context; krb5_boolean allow_weak_crypto; krb5_boolean ignore_acceptor_hostname; krb5_boolean enforce_ok_as_delegate; enum dns_canonhost dns_canonicalize_hostname; error: patch failed: src/include/k5-int.h:1241 Checking patch src/kdc/kdc_util.c... error: while searching for: if (!krb5_is_permitted_enctype(context, ktype[i])) continue; if (dbentry_supports_enctype(context, server, ktype[i])) return ktype[i]; } error: patch failed: src/kdc/kdc_util.c:1108 Checking patch src/lib/krb5/krb/get_in_tkt.c... error: while searching for: (*prompter)(context, data, 0, banner, 0, 0); } /* Display a warning via the prompter if des3-cbc-sha1 was used for either the * reply key or the session key. */ static void warn_des3(krb5_context context, krb5_init_creds_context ctx, krb5_enctype as_key_enctype) { const char *banner; if (as_key_enctype != ENCTYPE_DES3_CBC_SHA1 && ctx->cred.keyblock.enctype != ENCTYPE_DES3_CBC_SHA1) return; if (ctx->prompter == NULL) return; banner = _("Warning: encryption type des3-cbc-sha1 used for " "authentication is weak and will be disabled"); /* PROMPTER_INVOCATION */ (*ctx->prompter)(context, ctx->prompter_data, NULL, banner, 0, NULL); } error: patch failed: src/lib/krb5/krb/get_in_tkt.c:1582 error: while searching for: ctx->complete = TRUE; warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data, ctx->in_tkt_service, ctx->reply); warn_des3(context, ctx, encrypting_key.enctype); cleanup: krb5_free_pa_data(context, kdc_padata); error: patch failed: src/lib/krb5/krb/get_in_tkt.c:1848 Checking patch src/lib/krb5/krb/init_ctx.c... error: while searching for: goto cleanup; ctx->allow_weak_crypto = tmp; retval = get_boolean(ctx, KRB5_CONF_IGNORE_ACCEPTOR_HOSTNAME, 0, &tmp); if (retval) goto cleanup; error: patch failed: src/lib/krb5/krb/init_ctx.c:220 Checking patch src/tests/gssapi/t_enctypes.py... error: while searching for: # These tests make assumptions about the default enctype lists, so set # them explicitly rather than relying on the library defaults. supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, 'realms': {'$realm': {'supported_enctypes': supp}}} realm = K5Realm(krb5_conf=conf) shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) error: patch failed: src/tests/gssapi/t_enctypes.py:10 Checking patch src/tests/t_etype_info.py... error: while searching for: from k5test import * supported_enctypes = 'aes128-cts rc4-hmac' conf = {'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) realm.run([kadminl, 'addprinc', '-pw', 'pw', '+requires_preauth', error: patch failed: src/tests/t_etype_info.py:1 Checking patch src/tests/t_sesskeynego.py... error: while searching for: 'default_tkt_enctypes': 'aes128-cts', 'default_tgs_enctypes': 'rc4-hmac,aes128-cts'}} conf4 = {'libdefaults': {'permitted_enctypes': 'aes256-cts'}} # Test with client request and session_enctypes preferring aes128, but # aes256 long-term key. realm = K5Realm(krb5_conf=conf1, create_host=False, get_creds=False) error: patch failed: src/tests/t_sesskeynego.py:25 error: while searching for: 'aes128-cts,aes256-cts']) test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96') # 3b: Negotiate rc4-hmac session key when principal only has aes256 long-term. realm.run([kadminl, 'setstr', 'server', 'session_enctypes', 'rc4-hmac,aes128-cts,aes256-cts']) test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96') realm.stop() # 4: Check that permitted_enctypes is a default for session key enctypes. error: patch failed: src/tests/t_sesskeynego.py:54 error: while searching for: expected_trace=('etypes requested in TGS request: aes256-cts',)) realm.stop() success('sesskeynego') error: patch failed: src/tests/t_sesskeynego.py:67 Checking patch src/util/k5test.py... error: while searching for: # No special settings; exercises AES256. ('default', None, None, None), # Exercise the arcfour enctype. ('arcfour', None, {'libdefaults': {'permitted_enctypes': 'rc4'}}, {'realms': {'$realm': { 'supported_enctypes': 'arcfour-hmac:normal', 'master_key_type': 'arcfour-hmac'}}}), error: patch failed: src/util/k5test.py:1338 Applying patch doc/admin/conf_files/krb5_conf.rst with 1 reject... Rejected hunk #1. Applying patch doc/admin/enctypes.rst with 2 rejects... Rejected hunk #1. Rejected hunk #2. Applying patch src/include/k5-int.h with 2 rejects... Rejected hunk #1. Rejected hunk #2. Applying patch src/kdc/kdc_util.c with 1 reject... Rejected hunk #1. Applying patch src/lib/krb5/krb/get_in_tkt.c with 2 rejects... Rejected hunk #1. Rejected hunk #2. Applying patch src/lib/krb5/krb/init_ctx.c with 1 reject... Rejected hunk #1. Applying patch src/tests/gssapi/t_enctypes.py with 1 reject... Rejected hunk #1. Applying patch src/tests/t_etype_info.py with 1 reject... Rejected hunk #1. Applying patch src/tests/t_sesskeynego.py with 3 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Applying patch src/util/k5test.py with 1 reject... Rejected hunk #1. Patch failed at 0001 Don't issue session keys with deprecated enctypes When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". hint: Use 'git am --show-current-patch=diff' to see the failed patch RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.QlIHtB (%prep) Bad exit status from /var/tmp/rpm-tmp.QlIHtB (%prep) Child return code was: 1 EXCEPTION: [Error('Command failed: \n # bash --login -c /usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec\n', 1)] Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/mockbuild/trace_decorator.py", line 93, in trace result = func(*args, **kw) ^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/site-packages/mockbuild/util.py", line 597, in do_with_status raise exception.Error("Command failed: \n # %s\n%s" % (command, output), child.returncode) mockbuild.exception.Error: Command failed: # bash --login -c /usr/bin/rpmbuild -bb --noclean --target x86_64 --nodeps /builddir/build/SPECS/krb5.spec