Bug#651844: marked as done (libarchive: fix for CVE-2011-1777 and CVE-2011-1778)

Wed, 14 Dec 2011 09:36:18 -0800 

Your message dated Wed, 14 Dec 2011 17:32:48 +0000
with message-id <[email protected]>
and subject line Bug#651844: fixed in libarchive 2.8.5-5
has caused the Debian Bug report #651844,
regarding libarchive: fix for CVE-2011-1777 and CVE-2011-1778
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
651844: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libarchive
Version: 2.8.5-3
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu precise ubuntu-patch



*** /tmp/tmp_Ru6Y6
In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: arbitrary code execution via iso9660 overflows
    - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_iso9660.c.
    - CVE-2011-1777
  * SECURITY UPDATE: arbitrary code execution via tar overflows
    - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory
      conditions in libarchive/archive_read_support_format_tar.c
    - CVE-2011-1778


Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 
'oneiric-proposed'), (500, 'oneiric')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-14-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru libarchive-2.8.5/debian/changelog libarchive-2.8.5/debian/changelog
diff -Nru libarchive-2.8.5/debian/patches/CVE-2011-1777.patch libarchive-2.8.5/debian/patches/CVE-2011-1777.patch
--- libarchive-2.8.5/debian/patches/CVE-2011-1777.patch	1969-12-31 19:00:00.000000000 -0500
+++ libarchive-2.8.5/debian/patches/CVE-2011-1777.patch	2011-12-09 10:37:29.000000000 -0500
@@ -0,0 +1,108 @@
+Description: fix arbitrary code execution via iso9660 overflows
+Origin: backport, http://code.google.com/p/libarchive/source/detail?r=3158
+
+Index: libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c
+===================================================================
+--- libarchive-2.8.5.orig/libarchive/archive_read_support_format_iso9660.c	2011-12-09 10:36:34.547552016 -0500
++++ libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c	2011-12-09 10:37:08.643552304 -0500
+@@ -417,12 +417,12 @@
+ static inline void cache_add_entry(struct iso9660 *iso9660,
+ 		    struct file_info *file);
+ static inline struct file_info *cache_get_entry(struct iso9660 *iso9660);
+-static void	heap_add_entry(struct heap_queue *heap,
++static int	heap_add_entry(struct archive_read *a, struct heap_queue *heap,
+ 		    struct file_info *file, uint64_t key);
+ static struct file_info *heap_get_entry(struct heap_queue *heap);
+ 
+-#define add_entry(iso9660, file)	\
+-	heap_add_entry(&((iso9660)->pending_files), file, file->offset)
++#define add_entry(arch, iso9660, file)	\
++	heap_add_entry(arch, &((iso9660)->pending_files), file, file->offset)
+ #define next_entry(iso9660)		\
+ 	heap_get_entry(&((iso9660)->pending_files))
+ 
+@@ -1010,15 +1010,19 @@
+ 				con->next = NULL;
+ 				*multi->contents.last = con;
+ 				multi->contents.last = &(con->next);
+-				if (multi == child)
+-					add_entry(iso9660, child);
+-				else {
++					if (multi == child) {
++						if (add_entry(a, iso9660, child)
++						    != ARCHIVE_OK)
++							return (ARCHIVE_FATAL);
++					} else {
+ 					multi->size += child->size;
+ 					if (!child->multi_extent)
+ 						multi = NULL;
+ 				}
+ 			} else
+-				add_entry(iso9660, child);
++					if (add_entry(a, iso9660, child)
++					    != ARCHIVE_OK)
++						return (ARCHIVE_FATAL);
+ 		}
+ 	}
+ 
+@@ -1118,7 +1122,8 @@
+ 			iso9660->seenJoliet = seenJoliet;
+ 		}
+ 		/* Store the root directory in the pending list. */
+-		add_entry(iso9660, file);
++		if (add_entry(a, iso9660, file) != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 		if (iso9660->seenRockridge) {
+ 			a->archive.archive_format =
+ 			    ARCHIVE_FORMAT_ISO9660_ROCKRIDGE;
+@@ -2745,8 +2750,8 @@
+ 	return (file);
+ }
+ 
+-static void
+-heap_add_entry(struct heap_queue *heap, struct file_info *file, uint64_t key)
++static int
++heap_add_entry(struct archive_read *a, struct heap_queue *heap, struct file_info *file, uint64_t key)
+ {
+ 	uint64_t file_key, parent_key;
+ 	int hole, parent;
+@@ -2759,12 +2764,18 @@
+ 		if (heap->allocated < 1024)
+ 			new_size = 1024;
+ 		/* Overflow might keep us from growing the list. */
+-		if (new_size <= heap->allocated)
+-			__archive_errx(1, "Out of memory");
++		if (new_size <= heap->allocated) {
++			archive_set_error(&a->archive,
++			    ENOMEM, "Out of memory");
++			return (ARCHIVE_FATAL);
++		}
+ 		new_pending_files = (struct file_info **)
+ 		    malloc(new_size * sizeof(new_pending_files[0]));
+-		if (new_pending_files == NULL)
+-			__archive_errx(1, "Out of memory");
++		if (new_pending_files == NULL) {
++			archive_set_error(&a->archive,
++			    ENOMEM, "Out of memory");
++			return (ARCHIVE_FATAL);
++		}
+ 		memcpy(new_pending_files, heap->files,
+ 		    heap->allocated * sizeof(new_pending_files[0]));
+ 		if (heap->files != NULL)
+@@ -2784,13 +2795,15 @@
+ 		parent_key = heap->files[parent]->key;
+ 		if (file_key >= parent_key) {
+ 			heap->files[hole] = file;
+-			return;
++			return (ARCHIVE_OK);
+ 		}
+ 		// Move parent into hole <==> move hole up tree.
+ 		heap->files[hole] = heap->files[parent];
+ 		hole = parent;
+ 	}
+ 	heap->files[0] = file;
++
++	return (ARCHIVE_OK);
+ }
+ 
+ static struct file_info *
diff -Nru libarchive-2.8.5/debian/patches/CVE-2011-1778.patch libarchive-2.8.5/debian/patches/CVE-2011-1778.patch
--- libarchive-2.8.5/debian/patches/CVE-2011-1778.patch	1969-12-31 19:00:00.000000000 -0500
+++ libarchive-2.8.5/debian/patches/CVE-2011-1778.patch	2011-12-09 09:59:48.000000000 -0500
@@ -0,0 +1,217 @@
+Description: fix arbitrary code execution via tar overflows
+Origin: backport, http://code.google.com/p/libarchive/source/detail?r=3160
+
+Index: libarchive-2.8.5/libarchive/archive_read_support_format_tar.c
+===================================================================
+--- libarchive-2.8.5.orig/libarchive/archive_read_support_format_tar.c	2011-12-09 09:51:39.695529263 -0500
++++ libarchive-2.8.5/libarchive/archive_read_support_format_tar.c	2011-12-09 09:51:55.023529391 -0500
+@@ -175,14 +175,15 @@
+ static ssize_t	UTF8_mbrtowc(wchar_t *pwc, const char *s, size_t n);
+ static int	archive_block_is_null(const unsigned char *p);
+ static char	*base64_decode(const char *, size_t, size_t *);
+-static void	 gnu_add_sparse_entry(struct tar *,
++static int	gnu_add_sparse_entry(struct archive_read *, struct tar *,
+ 		    off_t offset, off_t remaining);
+ static void	gnu_clear_sparse_list(struct tar *);
+ static int	gnu_sparse_old_read(struct archive_read *, struct tar *,
+ 		    const struct archive_entry_header_gnutar *header);
+-static void	gnu_sparse_old_parse(struct tar *,
++static int	gnu_sparse_old_parse(struct archive_read *, struct tar *,
+ 		    const struct gnu_sparse *sparse, int length);
+-static int	gnu_sparse_01_parse(struct tar *, const char *);
++static int	gnu_sparse_01_parse(struct archive_read *, struct tar *,
++		    const char *);
+ static ssize_t	gnu_sparse_10_read(struct archive_read *, struct tar *);
+ static int	header_Solaris_ACL(struct archive_read *,  struct tar *,
+ 		    struct archive_entry *, const void *);
+@@ -212,8 +213,8 @@
+ static int	archive_read_format_tar_read_header(struct archive_read *,
+ 		    struct archive_entry *);
+ static int	checksum(struct archive_read *, const void *);
+-static int 	pax_attribute(struct tar *, struct archive_entry *,
+-		    char *key, char *value);
++static int 	pax_attribute(struct archive_read *, struct tar *,
++		    struct archive_entry *, char *key, char *value);
+ static int 	pax_header(struct archive_read *, struct tar *,
+ 		    struct archive_entry *, char *attr);
+ static void	pax_time(const char *, int64_t *sec, long *nanos);
+@@ -419,7 +420,9 @@
+ 	 * a single block.
+ 	 */
+ 	if (tar->sparse_list == NULL)
+-		gnu_add_sparse_entry(tar, 0, tar->entry_bytes_remaining);
++		if (gnu_add_sparse_entry(a, tar, 0, tar->entry_bytes_remaining)
++		    != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 
+ 	if (r == ARCHIVE_OK) {
+ 		/*
+@@ -1269,7 +1272,7 @@
+ 		value = p + 1;
+ 
+ 		/* Identify this attribute and set it in the entry. */
+-		err2 = pax_attribute(tar, entry, key, value);
++		err2 = pax_attribute(a, tar, entry, key, value);
+ 		err = err_combine(err, err2);
+ 
+ 		/* Skip to next line */
+@@ -1395,8 +1398,8 @@
+  * any of them look useful.
+  */
+ static int
+-pax_attribute(struct tar *tar, struct archive_entry *entry,
+-    char *key, char *value)
++pax_attribute(struct archive_read *a, struct tar *tar,
++	struct archive_entry *entry, char *key, char *value)
+ {
+ 	int64_t s;
+ 	long n;
+@@ -1414,8 +1417,10 @@
+ 		if (strcmp(key, "GNU.sparse.offset") == 0) {
+ 			tar->sparse_offset = tar_atol10(value, strlen(value));
+ 			if (tar->sparse_numbytes != -1) {
+-				gnu_add_sparse_entry(tar,
+-				    tar->sparse_offset, tar->sparse_numbytes);
++				if (gnu_add_sparse_entry(a, tar,
++				    tar->sparse_offset, tar->sparse_numbytes)
++				    != ARCHIVE_OK)
++					return(ARCHIVE_FATAL);
+ 				tar->sparse_offset = -1;
+ 				tar->sparse_numbytes = -1;
+ 			}
+@@ -1423,8 +1428,10 @@
+ 		if (strcmp(key, "GNU.sparse.numbytes") == 0) {
+ 			tar->sparse_numbytes = tar_atol10(value, strlen(value));
+ 			if (tar->sparse_numbytes != -1) {
+-				gnu_add_sparse_entry(tar,
+-				    tar->sparse_offset, tar->sparse_numbytes);
++				if (gnu_add_sparse_entry(a, tar,
++				    tar->sparse_offset, tar->sparse_numbytes)
++				    != ARCHIVE_OK)
++					return (ARCHIVE_FATAL);
+ 				tar->sparse_offset = -1;
+ 				tar->sparse_numbytes = -1;
+ 			}
+@@ -1438,7 +1445,7 @@
+ 		if (strcmp(key, "GNU.sparse.map") == 0) {
+ 			tar->sparse_gnu_major = 0;
+ 			tar->sparse_gnu_minor = 1;
+-			if (gnu_sparse_01_parse(tar, value) != ARCHIVE_OK)
++			if (gnu_sparse_01_parse(a, tar, value) != ARCHIVE_OK)
+ 				return (ARCHIVE_WARN);
+ 		}
+ 
+@@ -1716,7 +1723,8 @@
+ 	}
+ 
+ 	if (header->sparse[0].offset[0] != 0) {
+-		gnu_sparse_old_read(a, tar, header);
++		if (gnu_sparse_old_read(a, tar, header) != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 	} else {
+ 		if (header->isextended[0] != 0) {
+ 			/* XXX WTF? XXX */
+@@ -1726,14 +1734,17 @@
+ 	return (0);
+ }
+ 
+-static void
+-gnu_add_sparse_entry(struct tar *tar, off_t offset, off_t remaining)
++static int
++gnu_add_sparse_entry(struct archive_read *a, struct tar *tar, off_t offset,
++	off_t remaining)
+ {
+ 	struct sparse_block *p;
+ 
+ 	p = (struct sparse_block *)malloc(sizeof(*p));
+-	if (p == NULL)
+-		__archive_errx(1, "Out of memory");
++	if (p == NULL) {
++		archive_set_error(&a->archive, ENOMEM, "Out of memory");
++		return (ARCHIVE_FATAL);
++	}
+ 	memset(p, 0, sizeof(*p));
+ 	if (tar->sparse_last != NULL)
+ 		tar->sparse_last->next = p;
+@@ -1742,6 +1753,7 @@
+ 	tar->sparse_last = p;
+ 	p->offset = offset;
+ 	p->remaining = remaining;
++	return (ARCHIVE_OK);
+ }
+ 
+ static void
+@@ -1782,7 +1794,8 @@
+ 	};
+ 	const struct extended *ext;
+ 
+-	gnu_sparse_old_parse(tar, header->sparse, 4);
++	if (gnu_sparse_old_parse(a, tar, header->sparse, 4) != ARCHIVE_OK)
++		return (ARCHIVE_FATAL);
+ 	if (header->isextended[0] == 0)
+ 		return (ARCHIVE_OK);
+ 
+@@ -1798,24 +1811,28 @@
+ 		}
+ 		__archive_read_consume(a, 512);
+ 		ext = (const struct extended *)data;
+-		gnu_sparse_old_parse(tar, ext->sparse, 21);
++		if (gnu_sparse_old_parse(a, tar, ext->sparse, 21) != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 	} while (ext->isextended[0] != 0);
+ 	if (tar->sparse_list != NULL)
+ 		tar->entry_offset = tar->sparse_list->offset;
+ 	return (ARCHIVE_OK);
+ }
+ 
+-static void
+-gnu_sparse_old_parse(struct tar *tar,
++static int
++gnu_sparse_old_parse(struct archive_read *a, struct tar *tar,
+     const struct gnu_sparse *sparse, int length)
+ {
+ 	while (length > 0 && sparse->offset[0] != 0) {
+-		gnu_add_sparse_entry(tar,
++		if (gnu_add_sparse_entry(a, tar,
+ 		    tar_atol(sparse->offset, sizeof(sparse->offset)),
+-		    tar_atol(sparse->numbytes, sizeof(sparse->numbytes)));
++		    tar_atol(sparse->numbytes, sizeof(sparse->numbytes)))
++		    != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 		sparse++;
+ 		length--;
+ 	}
++	return (ARCHIVE_OK);
+ }
+ 
+ /*
+@@ -1845,7 +1862,7 @@
+  */
+ 
+ static int
+-gnu_sparse_01_parse(struct tar *tar, const char *p)
++gnu_sparse_01_parse(struct archive_read *a, struct tar *tar, const char *p)
+ {
+ 	const char *e;
+ 	off_t offset = -1, size = -1;
+@@ -1865,7 +1882,9 @@
+ 			size = tar_atol10(p, e - p);
+ 			if (size < 0)
+ 				return (ARCHIVE_WARN);
+-			gnu_add_sparse_entry(tar, offset, size);
++			if (gnu_add_sparse_entry(a, tar, offset, size)
++			    != ARCHIVE_OK)
++				return (ARCHIVE_FATAL);
+ 			offset = -1;
+ 		}
+ 		if (*e == '\0')
+@@ -1969,7 +1988,8 @@
+ 		if (size < 0)
+ 			return (ARCHIVE_FATAL);
+ 		/* Add a new sparse entry. */
+-		gnu_add_sparse_entry(tar, offset, size);
++		if (gnu_add_sparse_entry(a, tar, offset, size) != ARCHIVE_OK)
++			return (ARCHIVE_FATAL);
+ 	}
+ 	/* Skip rest of block... */
+ 	bytes_read = tar->entry_bytes_remaining - remaining;
diff -Nru libarchive-2.8.5/debian/patches/series libarchive-2.8.5/debian/patches/series
--- libarchive-2.8.5/debian/patches/series	2011-09-17 17:28:15.000000000 -0400
+++ libarchive-2.8.5/debian/patches/series	2011-12-09 10:36:27.000000000 -0500
@@ -7,3 +7,5 @@
 0007-Patch-from-upstream-rev-2888.patch
 0008-Patch-from-upstream-rev-2940.patch
 autoreconf.patch
+CVE-2011-1777.patch
+CVE-2011-1778.patch

--- End Message ---
--- Begin Message --- 
Source: libarchive
Source-Version: 2.8.5-5

We believe that the bug you reported is fixed in the latest version of
libarchive, which is due to be installed in the Debian FTP archive:

bsdcpio_2.8.5-5_amd64.deb
  to main/liba/libarchive/bsdcpio_2.8.5-5_amd64.deb
bsdtar_2.8.5-5_amd64.deb
  to main/liba/libarchive/bsdtar_2.8.5-5_amd64.deb
libarchive-dev_2.8.5-5_amd64.deb
  to main/liba/libarchive/libarchive-dev_2.8.5-5_amd64.deb
libarchive1_2.8.5-5_amd64.deb
  to main/liba/libarchive/libarchive1_2.8.5-5_amd64.deb
libarchive_2.8.5-5.debian.tar.gz
  to main/liba/libarchive/libarchive_2.8.5-5.debian.tar.gz
libarchive_2.8.5-5.dsc
  to main/liba/libarchive/libarchive_2.8.5-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andres Mejia <[email protected]> (supplier of updated libarchive package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 Dec 2011 12:18:31 -0500
Source: libarchive
Binary: libarchive-dev libarchive1 bsdtar bsdcpio
Architecture: source amd64
Version: 2.8.5-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Libarchive Maintainers <[email protected]>
Changed-By: Andres Mejia <[email protected]>
Description: 
 bsdcpio    - Implementation of the 'cpio' program from FreeBSD
 bsdtar     - Implementation of the 'tar' program from FreeBSD
 libarchive-dev - Multi-format archive and compression library (development 
files)
 libarchive1 - Multi-format archive and compression library (shared library)
Closes: 651844 651995
Changes: 
 libarchive (2.8.5-5) unstable; urgency=medium
 .
   * Backport fixes for fix for CVE-2011-1777 and CVE-2011-1778.
     (Closes: #651844)
   * Fix build failure for GNU/Hurd. (Closes: #651995)
   * Regenerate autoreconf patch.
Checksums-Sha1: 
 cf92a102e67d7cf1a2dd8e2ac41b3de20ec46bfd 2223 libarchive_2.8.5-5.dsc
 5045f02a88fbfb5dd223b4f5fd3927f0bca1cfad 168722 
libarchive_2.8.5-5.debian.tar.gz
 75a5204a3c1b6baac779d2ead7cc52269dd5694a 234786 
libarchive-dev_2.8.5-5_amd64.deb
 474357e7a24ff106a2b51d41974c010e2fcad483 121958 libarchive1_2.8.5-5_amd64.deb
 9f26ac77a170aca6b7a5c27efc2e36ebb41daedc 152868 bsdtar_2.8.5-5_amd64.deb
 21bbd1f800f26aca0ca4636d85206f5e606715cb 130520 bsdcpio_2.8.5-5_amd64.deb
Checksums-Sha256: 
 567fc79e219712cf20fd05db2cbce70067592ac6a78a54ec48ba7558e46f5e0e 2223 
libarchive_2.8.5-5.dsc
 187b956945f0256406cd90b68d3139c5307c6fd87eeff67fbbee911f59864aea 168722 
libarchive_2.8.5-5.debian.tar.gz
 d1870b227313414a80f1c87de418d781a014bfe8a9cf5cdfb3640968c3c11b7d 234786 
libarchive-dev_2.8.5-5_amd64.deb
 55dd15d6e2d5f8287f480e6ebc500f297b561ed16f66aa605a858d768b1faf2d 121958 
libarchive1_2.8.5-5_amd64.deb
 9df93dbb93ab1b62b8d77fd4b1ec2e8ad3c449e25e3b553c58f8fb40fe7f9445 152868 
bsdtar_2.8.5-5_amd64.deb
 1f5aa7568529d0dcff13b32fa9f2bd492a83254a9fb41d75509fd61b4c3e53ee 130520 
bsdcpio_2.8.5-5_amd64.deb
Files: 
 3345e7fb68ad082d1125103122541fc7 2223 libs optional libarchive_2.8.5-5.dsc
 18e82cd58314c77cbebab8a29aa1dfa6 168722 libs optional 
libarchive_2.8.5-5.debian.tar.gz
 452e17c29c60516e349ece67edbb64c3 234786 libdevel optional 
libarchive-dev_2.8.5-5_amd64.deb
 50d891f5dc5b613a46d6483860e54728 121958 libs optional 
libarchive1_2.8.5-5_amd64.deb
 502974bfb3e6e15eb054ef4138ed9be9 152868 utils optional bsdtar_2.8.5-5_amd64.deb
 cb27b545f4cc913fa24d24a8d7da0e98 130520 utils optional 
bsdcpio_2.8.5-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJO6NuUAAoJED+5x4pTyFTftJkQAIi1gX9OX4gR8YnYzSLos6Gd
Chm2SG4eSo5U5grYskiZDR3l+qxUHz6NDTgQG2u4UqZtTesEr46Y2j8TP6PPbNtQ
t/zOUr0Zg1B0p8k6pHdSyjLcEkMchLKtquEeXnPFahl10R7FgurcXrjT5v4GAF7M
koqSjpqWPLtDTZyc9qgn+6HkQr0YEdiVbR0RAjr8fX0VQ8lkb7+1YrGPFjRhJd6m
TQ5NauehC7hAOoVOIAnO4FpFOQzWXMPALQ2HLaWNH0clAMoLIMANJrsWYrGc/ozY
LrHApqAl+5LgNwsNNTLoHnkMuQpy60YlJlDLayy+QS12iYozpmcAlAQCMfdCqCgm
6fFs9Yuoa/BdPxKzVvg0OLidvJMxW9IpHfAERn+NqI4xR/sBHoqwG/M3q8I7i1Tn
b8GHeQbrRQuOQijhfoNwJVEjPnQDPsd1pUQe7i6yypIWz7C4H17491Sn47T3WEok
4JieKv7n7jPUbqAMGgmT0ketAyIt0ZFhJutVNui/ZMCeTHxikJuSYpvhQ6FNItCC
RoicapEqN6K3EQG1adylnnHvL6rGYn1K/wcXngrDGxLGRbHMz+NyMAfe3OIinmiN
cxqOa7wcihauB9Zt/872GqxiBzsV6eDH9ARkaXS/gh/s1VeoypJfSXmucooq2YU0
+GcZn1Kf8HG9I7+DB6mA
=GVEm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to