Mock Version: 6.0 Mock Version: 6.0 Mock Version: 6.0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'], chrootPath='/var/lib/mock/dist-an23-build-523625-77074/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'unshare_net=TrueprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock']) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False warning: Macro expanded in comment on line 17: %{version}.tar.gz warning: Macro expanded in comment on line 19: %{version}.tar.gz warning: %patchN is deprecated (1 usages found), use %patch N (or %patch -P N) Building target platforms: aarch64 Building for target aarch64 setting SOURCE_DATE_EPOCH=1775001600 Wrote: /builddir/build/SRPMS/moby-28.3.3-3.an23.src.rpm RPM build warnings: Macro expanded in comment on line 17: %{version}.tar.gz Macro expanded in comment on line 19: %{version}.tar.gz %patchN is deprecated (1 usages found), use %patch N (or %patch -P N) Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'], chrootPath='/var/lib/mock/dist-an23-build-523625-77074/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=982gid=135user='mockbuild'unshare_net=TrueprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock']) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False warning: Macro expanded in comment on line 17: %{version}.tar.gz warning: Macro expanded in comment on line 19: %{version}.tar.gz warning: %patchN is deprecated (1 usages found), use %patch N (or %patch -P N) Building target platforms: aarch64 Building for target aarch64 setting SOURCE_DATE_EPOCH=1775001600 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QOFuae + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf cli-28.3.3 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/cli-28.3.3.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd cli-28.3.3 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + cd /builddir/build/BUILD + rm -rf moby-28.3.3 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/moby-28.3.3.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd moby-28.3.3 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + cd /builddir/build/BUILD + rm -rf tini-0.19.0 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/tini-0.19.0.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd tini-0.19.0 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + echo 'Patch #0 (0001-fix-CVE-2026-33997.patch):' Patch #0 (0001-fix-CVE-2026-33997.patch): + /usr/bin/patch --no-backup-if-mismatch -f -p1 --fuzz=0 can't find file to patch at input line 36 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |From a4c717de7807a764b26f2da55011f41b9bb1201e Mon Sep 17 00:00:00 2001 |From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= |Date: Thu, 19 Mar 2026 19:18:23 +0100 |Subject: [PATCH] plugin: Fix off-by-one in privilege validation |MIME-Version: 1.0 |Content-Type: text/plain; charset=UTF-8 |Content-Transfer-Encoding: 8bit | |Fix an off-by-one error in isEqual() where the comparison loop started |at index 1 instead of 0, causing the first privilege (after sorting |alphabetically by name) to never be validated. | |This allowed a malicious plugin to request different values for |whichever privilege sorts first — most notably "allow-all-devices", |which grants unrestricted rwm access to all host devices. | |The bug also meant that plugins requesting exactly one privilege had |zero iterations of the comparison loop, bypassing validation entirely. | |Also fix an existing test case ("diff-order-but-same-value") that only |passed due to the off-by-one bug, and add test cases for single-element |and first-sorted-element mismatches. | |Signed-off-by: Paweł Gronowski |(cherry picked from commit 99a095ecf04e8849318f2811bb3f687905eab09b) |Signed-off-by: Paweł Gronowski |--- | plugin/manager.go | 50 ++++++++++++++++++++++++------------------ | plugin/manager_test.go | 44 +++++++++++++++++++++++++++++++++---- | 2 files changed, 69 insertions(+), 25 deletions(-) | |diff --git a/plugin/manager.go b/plugin/manager.go |index 0a07339..8bc1608 100644 |--- a/plugin/manager.go |+++ b/plugin/manager.go -------------------------- No file to patch. Skipping patch. 2 out of 2 hunks ignored can't find file to patch at input line 118 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/plugin/manager_test.go b/plugin/manager_test.go |index 4efe76b..7740231 100644 |--- a/plugin/manager_test.go |+++ b/plugin/manager_test.go -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored RPM build warnings: RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.QOFuae (%prep) Macro expanded in comment on line 17: %{version}.tar.gz Macro expanded in comment on line 19: %{version}.tar.gz %patchN is deprecated (1 usages found), use %patch N (or %patch -P N) Bad exit status from /var/tmp/rpm-tmp.QOFuae (%prep) Child return code was: 1 EXCEPTION: [Error("Command failed: \n # bash --login -c '/usr/bin/rpmbuild -bb --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'\n", 1)] Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/mockbuild/trace_decorator.py", line 93, in trace result = func(*args, **kw) File "/usr/lib/python3.6/site-packages/mockbuild/util.py", line 610, in do_with_status raise exception.Error("Command failed: \n # %s\n%s" % (cmd_pretty(command, env), output), child.returncode) mockbuild.exception.Error: Command failed: # bash --login -c '/usr/bin/rpmbuild -bb --noclean --target aarch64 --nodeps /builddir/build/SPECS/moby.spec'