CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries

DoneSubmitted by Leo Famulari.
Details
3 participants
  • Gábor Boskovits
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Severity
normal
L
L
Leo Famulari wrote on 14 Jun 2018 21:22
(address . bug-guix@gnu.org)
20180614192211.GA21522@jasmine.lan
Recently a new side-channel key extraction technique was published asCVE-2018-0495, and it affects a lot of the cryptographic libraries wepackage:
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/?style=Cyber+Security
An excerpt from that advisory:
------We analyzed the source code of several open source cryptographiclibraries to see if they contain the vulnerable code pattern in the codefor ECDSA, DSA, or both. This list is accurate to the best of ourknowledge, but it is not exhaustive. Only the first group was affectedby this finding; the other three groups are not thought to bevulnerable.
Contains vulnerable pattern: CryptLib (Both), LibreSSL (Both), MozillaNSS (Both), Botan (ECDSA), OpenSSL (ECDSA), WolfCrypt (ECDSA), Libgcrypt(ECDSA), LibTomCrypt (ECDSA), LibSunEC (ECDSA), MatrixSSL (ECDSA),BoringSSL (DSA)
Non-constant math, but different pattern: BouncyCastle, Crypto++, Golangcrypto/tls, C#/Mono, mbedTLS, Trezor Crypto, Nettle (DSA)
Constant time-math: Nettle (ECDSA), BearSSL, Libsecp256k1
Does not implement either: NaCl------
Note that libtomcrypt is bundled in the Dropbear SSH implementation.
I'm going to test the libgcrypt update now.
I'd like for other Guix hackers to "claim" an affected package in thisthread, and then investigate and test the fixes. Please make new debbugstickets on guix-patches for each bug-fix patch you propose, and send thelinks to those tickets here.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsiwGMACgkQJkb6MLrKfwgrLBAA5ip/y3YmzlBCH4+BBgI1k/vC62as7GvuB7mLKe58wSP0SAz+ueRz3DECMrRWN64trNSv5Ei8mAvwFmyNHyEd0KF7vagwPFfZKu+iH2jmOObbJmgPNfO5KyuKrJux+vYBo1u9tcfrkEcyeWvKcwtaVrPNpsc9kD7w9tA8X4sPh0jYq+FJ+izT/poYEd2I+TLbGH5LKz0OX/6evRzybgW0vhhhrxexP2nfSlmS9xG4UPlUbbZTtzP2N8AHXJI+syV7v3/WWBrseUH39I1kOw0+f6n4fhZHCUHYQ2JKj+QCpebQGuUAcPcnbEIcYkykTNr6Ne2mHjVJNJ4HYdZG3jO/73ltkCvThERsxnY38AaqHbAJ5QCQWNPyjkgSMAbDMauqY3veCprUMl6qJhIrHss2MBGHKTwzUJjcqDGlsY1+B+pcvSFOfSKwLTqsCpU498lJ/HxmTFTa+K1X/+yzK0B1PwSMk1fiYnfbQCdx9IlUr4n0yUa5FmW61E8Ogc85KY14GFnq/NoRBJt7RIGm4g6KD1yAn3kqkAd2lEMAY3Vc9dtK78S5qfE4NacInZ8wGEyF2MwdpbIxRqhXkOzHY7VfEk9ybUjceEw/217SQFamJpx1TpH0Sk49xcIGCG5K2sz1xSSQETPL4YIlmute8mqbLgl6HYCo3AQeCeLsDoeP2oc==qwNO-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 14 Jun 2018 21:50
(address . 31831@debbugs.gnu.org)
20180614195049.GB4039@jasmine.lan
I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!
I'll try OpenSSL next.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsixxkACgkQJkb6MLrKfwieThAAzabMGGFp6vWiDopa26rnClaeMuWJXgas6ozEnUz406XTLvmQlMcO3rq0TZSBe93u1T6e6PWFu6EhhoxD1HLjWgSddemTBvUTNbOD1X7NiOAsPoyfgwu23ZUx+hn/HG6zlRvxnDy0V2AKQPUmLOb1143uyPdAFG58eBMa8UuIb7q4EYK4CqXNMZOPw9I1ea5nbEcx+cpZ7G40v1BZ2kLe/T9NAfs9U5doyU0NTJz7bOGnGxwvlQKce9VhsblaQyb2cJc5zN2UCFfRUaPG2KGfpcLKXUNVM0RIbvEav456VyEK5VxaTa/NKDcnK7Ef7JZzUOTU1OTQ0q3N3TVNS+ZiazbFQ5z8WfLkGORoUvqamlV2zT78mgra5LSFj39dOVd5gOp4jwxp8YtePD3zghG9BH+SI0+CciC7Gsmd0tbPQSREjwBrbAyf4JKD5Mfe6vtf2ugL5S28rgDbLj4R4xxJ24g9OFMSq59qeLJPAfv0T6Ig+hfCALf3F3v48oc+j/0dmK2RNOiFSx7yfVRhTSx26oxeL0X0oHdrozlLykfseKM01/uwwtllTv3M9576u5kP22bkRS6/t8WR9DOg7DSPw8YudecBk94YLP+vW3WfD81q8b5y6q9IFIUFv02N6cIIxk6aK2C0GLv3C7gpZU/dzx58a4u4H2Z2jqSZKHgrdNE==+auf-----END PGP SIGNATURE-----

G
G
Gábor Boskovits wrote on 14 Jun 2018 21:53
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pjPFsmHKG8S72fqk2DJ9iw1GVNa+0eVUwOmVqxiUWi3bg@mail.gmail.com
2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:
Toggle quote (5 lines)> I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!>> I'll try OpenSSL next.>
I'll try libressl.
Attachment: file
L
L
Leo Famulari wrote on 14 Jun 2018 22:06
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180614200608.GA8617@jasmine.lan
Toggle quote (3 lines)> 2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:> > I'll try OpenSSL next.
They committed a fix but haven't released an update yet:
https://github.com/openssl/openssl/commit/a3e9d5aa980f238805970f420adf5e903d35bf09
There is also an unrelated security advisory for a DoS bug from 2 daysago:
https://www.openssl.org/news/secadv/20180612.txt
I'll try grafting these patches.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsiyrAACgkQJkb6MLrKfwiL6xAAhUiFkoZifXJnnhd8JWO0UJnD856DvXoIWeXsVfVY2IOJH28UQ/LznHszPrkUi2sJ0X/CsRBLd7GCjxc/lhVVRCBUfz1pQ4Pzg62lqvmaNnZtTLSn8c4kYOGPYl+/wP7PC4KBRupYecLPjElKFjNG02xbhILrUc7/hKNKNxMBkuezQniPgwjiC9jqapKYFfRaJ+yHEmH6wl1TygowdUsZHFKR9UsJ+tc9B55m1AzA5R/QPBI+kIkTZDKvLk02msrIGKaheZcfON4PKhLJz8MMT944qA9E24PRiOlwSuOEnCKwkW9RV0hv1hBARKZTJEFvjInT+nSUV7ZjlM3hrrx14xGaMM8tsK6RCf6ULO30XCkjEnnGkn/pHhzMb51LwSWFNVtJa/W5e343G8p/06GTNYWOFofaAxPOOyxi03s7GQLTr9/W+e/Klo0ssc/f5CRmSUU9KYwUt6V1FB4Pr6u2yPXMrcfzKI8l1i0z3iNEwT0+JW+4BG7N/w2QyqX6jevzGpAMDwzHLXDC3gV/Z0hWBQUEu6noUEO2gNamt87GFMjwdSGOnOmouoM2PE2l/7AXjAUI5hWIkeNg3+MaC15crjCGLMwhL2b+H7onJnNnLfOh5l1GMme8qd3raIjG08bZacT7UOtKwZpxTumoqEETtjXA2OBzcX7n+qH6utMpnUI==lK6a-----END PGP SIGNATURE-----

G
G
Gábor Boskovits wrote on 14 Jun 2018 22:44
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pi8R0YTgc_UMJsC=+0A=NMWdr1cNTZUp0BuD6R_MPNf8g@mail.gmail.com
2018-06-14 21:53 GMT+02:00 Gábor Boskovits <boskovits@gmail.com>:
Toggle quote (9 lines)> 2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:>>> I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!>>>> I'll try OpenSSL next.>>>> I'll try libressl.>
Attachment: file
L
L
Leo Famulari wrote on 14 Jun 2018 22:45
Re: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(address . 31831@debbugs.gnu.org)
20180614204541.GA26976@jasmine.lan
On Thu, Jun 14, 2018 at 03:50:49PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)> I'll try OpenSSL next.
I sent patches for both branches of OpenSSL:
version 1.0.2:
https://bugs.gnu.org/31834
version 1.1.0:
https://bugs.gnu.org/31833
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsi0/EACgkQJkb6MLrKfwieQQ/9F9/HwOc2YPtHUb5caJ9i3k0Cm5GWph6qtfOKqw+11flRZfyN7Afn1uu/+xZHbIuA/NN/h/n+GX/u12U2TnCNQ3K7lIYiWHAXppstSQsbsWV1GcO/zpnRgZcqEJt3NnI20vuR9jCT/bNfig3WAL5twtbkZIdDor1jz8lQfedNGDXBKzW8tY6qpeatP0UPafr8l52Svsxl/zPFCi41mFhOVVYNFXzgsWWxEsdRgwcDRn7mZU3egQlT/l+UFVmDx7qR1lMaECd1Oiy8CoY8IHFx0vq5rRcd7LVuHmkGq69Y/00oE/ktxAKbgBf/j+uo9OrnAFK5mrL4XYNNA0yPlQjFltz67MJlWL5DiOc7ARnMPz4E+qcJKmOAkVw9wj+gkSKFsnldlI4oNZMt+klNLQ5OJMG9ibALG9RYrZFSYIqg/FKrDxb7p1blE0cI4iKY3k6Kh+C+1D8XTls3c8B5OjOt0Wtsix3/B7AE0DFHUTTulhN0DQX/RkT+dDfSx1eyo7Tap4tr2FLnvS4mmhWaC61z7Jyd0g5/MHPk8MgS5uU3SXPEXktwj880jOEePOXybGBdnOzHtptKSzVMS/B4ZqolJfpkIz7JNQ2FRGAdXl4XK4RcxBW3qGS8Jc0CMS1No/DA20tpJA8XTMn65wl70iRPzMLI8c971jdYDNYc06pGkeY==L3hc-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 18 Jun 2018 18:35
(address . 31831@debbugs.gnu.org)
20180618163556.GA10371@jasmine.lan
On Thu, Jun 14, 2018 at 03:50:49PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)> I'll try OpenSSL next.
Patched pushed for both OpenSSL branches, closing bugs 31833 and 31834.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsn32wACgkQJkb6MLrKfwhcThAA2e5oy9Sy5FD+p/UFqXe09qD0q6El+lVN0ckWDF9dVwNsndTBIAAQJy4u/ezp98z85jTeQwsjnVT/9cNLpeLbjJr0hPMXtX9i9fwzW2X8sv8nNKCzfg9a96osrX72D6zpgtB4Gnr8htAmwuDAKyqlK34tBVbabw7A1gC1Bn3tu5xKP1o+VRwnCtDXMA/BvDFhqSFvyKxMMY0JkD0aRKRL0yoS+PR8wicMtpCvKxphUWzsGY2gFPI6JzbliWXSZyryQb9DwmLDi8HPYNRBB0x63gEVJVOhhNE2x5mWLKdDYN/V5Nui8abTtpTh0s6bXkbGbXXNPNmCqjb4zpsx/voH4L4uz1Knl6p/AJ0QbiBUcrwMq9kVC4/Y35By9RQd/yKSyDdzeAwxVsivYhF10eEUEF4UfpN7OZcUL61UVRcwyEAJwHbgsU1MWBowapsKzth6uVO0RHH90gAzfbkbch3xLYaYvzXl5e8XD2mqMIVP/JJoNXnaMHok+35NE2jAGxewz03ft4yj1ANKExJpfL2X/4XDhwiYTDfroeiN2NlUOVQlbJKYE1sjP8iW6d4PBGL6JYdG3pNrWMk51VVUdB+NjlRqCIL7aI1H+Q9ILKuLZhwu5JHYBGiP23aivlau2e3zhJ8pik/THq7JV0x9yNnB3yR0pjkwGdlOBqimawcFtTU==00bL-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 27 Jun 2018 22:51
control message for bug #31831
(address . control@debbugs.gnu.org)
87sh58vtqd.fsf@gnu.org
tags 31831 security
L
L
Leo Famulari wrote on 16 Jul 2018 08:20
Re: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(address . 31831@debbugs.gnu.org)
20180716062034.GA3973@jasmine.lan
Fixed in Botan in Guix commit cfe255684cc4deb164d0eaaa2e1ed9804b5ff651.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltMOTIACgkQJkb6MLrKfwjKtw/+Mv5TVaji6udJMOl8OOiQwIKjZcrtnPYoauL8EIGCpJbcz0DcVNwehgbGwK8CrdvdgE3c2oVg+FiGJ8wZU5hXjpYyy6VgQzqD96S7VosHeSGuXIoV/87MHaB/nHpJGTzDKALaARxRJbtRG/x4xxN2cvzPuXJKJegdQ+8LBuEPaagT48pNNwguGtGD77SQBWJBAf9ZyEFv0MLavrsdrgRvuB8J3H8UVUJyuWyXd6Y2DVfBS8lBsezx9SL49DMRY+TDhQZZHfs1nOs0nNPIq9UXTbthGOSTqBmCVbHUKh+UD4FCnQI0O77MxiU1/FzYxy70HJZyBWvJAe85GiN6ATsH4QaIp/qAO/Gd8JYzooKbYUukZtDHTlAxfGLna/NoKp13na1NNZ7qX63edeSB3e9gRaZkMCH/RVZN67EsdPqt4vlcOdGBmzO+Bpp3slPnmpgjA+xxHtJ259wcfZkmMSRZUvX+ouK82QTTqfmpMWgjHvV2ITJXbbTOG0q+9GZSOlo+L8dpwwpqHBnTkxMt3SAcCHvwVnoC2d8TIu+az16Q02H9rphAszX9j5dWkHzUwMKK655Ugc3pYdFvSqvZmav1bsxsRhY94JNvlHq29MI3z7TD0xBM/n+28sWLAjFAcj2HTdt+/fbeHXCuG2Z4JMUpzQpqYq7AE4N/44Mu1CW751g==AhNX-----END PGP SIGNATURE-----

G
G
Gábor Boskovits wrote on 16 Jul 2018 08:53
Re: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pi3GY239AEQYS4MmYgjBo-kHoA3+gx5TN009fcR_gmneQ@mail.gmail.com
Leo Famulari <leo@famulari.name> ezt írta (idÅ‘pont: 2018. júl. 16., H 8:22):
Toggle quote (2 lines)> Fixed in Botan in Guix commit cfe255684cc4deb164d0eaaa2e1ed9804b5ff651.>
Are there any more packages needing attention?
Attachment: file
L
L
Leo Famulari wrote on 16 Jul 2018 19:14
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180716171430.GA20978@jasmine.lan
On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote:
Toggle quote (2 lines)> Are there any more packages needing attention?
libtomcrypt version 1.18.2 includes a fix; we would need to adapt thisto the bundled copy in Dropbear. I can take a look at this today.
NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a byMarius. Thanks, Marius!
The advisory mentions similar but not indentical issues in thesepackages:
There is a new release of Crypto++ available. I'm not sure if thisaddresses whatever issue was mentioned in the original advisory.
mbedTLS's changelog doesn't mention anything related to key extractionside channels.
I don't see any related commits in Go's crypto/tls Git repo.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltM0nYACgkQJkb6MLrKfwhrbxAAnzWh9B+8lsvB/qL+N76f2srQRVKAf/XaddC/GG9pFM+6HhmdxZKsxOZ1u/RqAsUbWRkCracIuujNJnjaYfR7CogDLhq87DJwAa5DkWTOe8xughPhU1Gk84rMUmgKIsq260p1Guk209tiQO9RadVz89h7SoB0aycUO1JphQWkHW8QuXd619aJ8QjMPsb4RFYB/wixV8pi7HMfI37/gVScy+gS5TvyClckQH/YIf5PrNp4yKE6sxhXQhTtynA98n4P+tzVcEd2dpe2daztgFOPA4m1ZPolKda9gzwcr5rlRB9WTCgMWjkhXHg530/UihWWCdAgSm1Fx3TVxBOxCWy1doILBNfke+tDaZZH63B6aVpVrLX50D5GJQ915cvnQO+cQRvCEMMaGoH2Zsvsc6Bdb3wt6YwCuTZZAJOmk/xEpi/X0hVTQ4shu78mxN4KZW4KN4ZCpZcCvyqOUM3Kdk+fnGHdFaDNkR3yMPX0H3bPxI4j90+VziYI/DalNCgYfHAKZcplsnPw2WYLhPBa5qj+jhG0rvoWmtk224dbcTg8rKpGrxlUMAbO5FZqKVKypvGqnWai4+6HCkvM7b49Puk/+5kAkClFmXRklLq16/XFjxlOggg63qfoEYptGLiHObiOAK+eGM/YCPHnj3kXZGVwl5pD48cNmZuxon/lp+ejsek==nik0-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 16 Jul 2018 19:39
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180716173929.GA24955@jasmine.lan
On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
Toggle quote (3 lines)> libtomcrypt version 1.18.2 includes a fix; we would need to adapt this> to the bundled copy in Dropbear. I can take a look at this today.
Dropbear's bundled libtomcrypt includes a variety of whitespace andcomment changes that make it non-trivial to compare the actualdifferences between the codebases.
I'm not going to work on adapting the upstream patch for Dropbear, butof course others are welcome to do it :) Otherwise I assume the Dropbearteam will include the fixes whenever they make a new release.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltM2FEACgkQJkb6MLrKfwhGjQ/+NKYomgpvn8e7q1b3LzFIDP3FcBc9512hNfFwEkY+i40IAD3bvB+W5+MIkMTiFW2PX+7lILJnuPehwIrFTiy1FptAYNlhPbx/E/iEgrjOtj526L+acHYdNSoUSU+abzLbkcxhes8FM5rMCDmB6YKy/bCaomo3sWKuwGtpSPqFlpbSpRVjWOkwi1NlbHMD/hOPsbmbILYbpfDVKzTuWS8jPeTb00QpJyWjnNZ2IkD+ORhiQ6KnntlzK8GrLIHJflM7YPq1y4DFHPdjAHYorVlO7Zl1Z04q2/bRBvE4ASuGbiQuAyxf29IBnW+EHUuSauz/n5qs9C3+yIgBkvjphowoXeJ0zYouW6SxyzcyFBMpvoXO1Ehk8JjajCNxg1o8kR45QUjsbZ7sA7RwfsKeTrBzSgzhmQy3A0Fc9zG/jYySL9o6RMmv8U5Pqz5Ka0bVqKIMBD99pEGO5bvKgLv1iFFGf6BQocF4rU2UXXTc0If3MLd3mRqPShjFGQju3AvuapupFw8aLIfTzsmZcMdtT4PSK3lWybfISoE62E2pbyxYm5iyQwfeo68tM3lwoNPb+TmtuELjeolmZHjiO2nQQfHihCjCkvCMuYUnh7GZsxjh4aR6bpBud34j9Ya7NEBKnR/MCvCEdJdgcuWxzBH+vAZiMMmrrmTRrGktOr9uyHr32gc==ZdMv-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 26 Feb 2019 03:01
(address . 31831-done@debbugs.gnu.org)
20190226020108.GA25161@jasmine.lan
On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
Toggle quote (3 lines)> There is a new release of Crypto++ available. I'm not sure if this> addresses whatever issue was mentioned in the original advisory.
Crypto++ was updated to 8.0.0 in January 2019.
https://www.cryptopp.com/release800.html
Toggle quote (3 lines)> mbedTLS's changelog doesn't mention anything related to key extraction> side channels.
mbedTLS has been updated several times since this bug was opened, and iscurrently at 2.16.0.
https://github.com/ARMmbed/mbedtls/blob/fb1972db23da39bd11d4f9c9ea6266eee665605b/ChangeLog
Neither of those upstreams have mentioned CVE-2018-0495, as far as I cantell. The original advisory said they do not use the vulnerable pattern,but do use "non-constant math, but different pattern".
Overall, I don't think there is anything left for us to do as a distroin response to CVE-2018-0495, so I am closing this bug.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlx0neQACgkQJkb6MLrKfwjbVRAAxPBNbVo2JbxhwnagmAqBJstto7u/BbEB2FU0LPetyP96P5CCqXnXofqTeK8xl9uzs+taIyt0p1C7g/mWw7bUEpUrug800EsHhEjLUOmFeSXiHPIvQWns5BvUxRLP1kaL+9InnGaHkzIUubYt7ewmGQosXLjVX7pdVO0NaZJqXV0XdtcEPN9/Hz6wKofSzM6P3VCjP7uXuiwv8VTLFCIhjgIYmmrFMJP9G3PLB3wTQlpmcYtHQy4Da42g/6OuYjjGzLuF5QRt+Jmz77SQabZWbvCOmZsqRIZsz7LfkhfoJQMPdA10oOkjRvhke87Buz53Jknu5QPodoYpvCLn7HPVi30oa5T7QPyXHMqV7iNBPmyieoE6Agjz4RzEgXua3WKWdebLPMSxjIAcYoUTs5RyxlVVckevvR8CukfIIIx6sBRrfJOR6hZR0/tYn/r2oG//oVAbqkTgo7lER24VMTWqkBRs9zBHXZBTQ/1HOG8nf9sabFpVZj3niLTEx9EcAJfY5oKG3yPxsogEf+QAAktfgJFdDFcxUkpgSXNpE0K6svJTKFTU2WKfnF94vEoc1AsuYx7kUBtRWx0AijoqYHWtc7yMb/ouzwyM0B8Vxmd8TzetDb0wUUQjrlIK/Z386DfT8X+fw/en9U8qbTxN/5hkl88w8vloB4cUyQLIndOT91U==bAaH-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 31831@debbugs.gnu.org