CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries

  • Done
  • quality assurance status badge
Details
3 participants
  • Gábor Boskovits
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Leo Famulari
Severity
normal

Debbugs page

L
L
Leo Famulari wrote on 14 Jun 2018 12:22
(address . bug-guix@gnu.org)
20180614192211.GA21522@jasmine.lan
Recently a new side-channel key extraction technique was published as
CVE-2018-0495, and it affects a lot of the cryptographic libraries we
package:


An excerpt from that advisory:

------
We analyzed the source code of several open source cryptographic
libraries to see if they contain the vulnerable code pattern in the code
for ECDSA, DSA, or both. This list is accurate to the best of our
knowledge, but it is not exhaustive. Only the first group was affected
by this finding; the other three groups are not thought to be
vulnerable.

Contains vulnerable pattern: CryptLib (Both), LibreSSL (Both), Mozilla
NSS (Both), Botan (ECDSA), OpenSSL (ECDSA), WolfCrypt (ECDSA), Libgcrypt
(ECDSA), LibTomCrypt (ECDSA), LibSunEC (ECDSA), MatrixSSL (ECDSA),
BoringSSL (DSA)

Non-constant math, but different pattern: BouncyCastle, Crypto++, Golang
crypto/tls, C#/Mono, mbedTLS, Trezor Crypto, Nettle (DSA)

Constant time-math: Nettle (ECDSA), BearSSL, Libsecp256k1

Does not implement either: NaCl
------

Note that libtomcrypt is bundled in the Dropbear SSH implementation.

I'm going to test the libgcrypt update now.

I'd like for other Guix hackers to "claim" an affected package in this
thread, and then investigate and test the fixes. Please make new debbugs
tickets on guix-patches for each bug-fix patch you propose, and send the
links to those tickets here.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsiwGMACgkQJkb6MLrK
fwgrLBAA5ip/y3YmzlBCH4+BBgI1k/vC62as7GvuB7mLKe58wSP0SAz+ueRz3DEC
MrRWN64trNSv5Ei8mAvwFmyNHyEd0KF7vagwPFfZKu+iH2jmOObbJmgPNfO5KyuK
rJux+vYBo1u9tcfrkEcyeWvKcwtaVrPNpsc9kD7w9tA8X4sPh0jYq+FJ+izT/poY
Ed2I+TLbGH5LKz0OX/6evRzybgW0vhhhrxexP2nfSlmS9xG4UPlUbbZTtzP2N8AH
XJI+syV7v3/WWBrseUH39I1kOw0+f6n4fhZHCUHYQ2JKj+QCpebQGuUAcPcnbEIc
YkykTNr6Ne2mHjVJNJ4HYdZG3jO/73ltkCvThERsxnY38AaqHbAJ5QCQWNPyjkgS
MAbDMauqY3veCprUMl6qJhIrHss2MBGHKTwzUJjcqDGlsY1+B+pcvSFOfSKwLTqs
CpU498lJ/HxmTFTa+K1X/+yzK0B1PwSMk1fiYnfbQCdx9IlUr4n0yUa5FmW61E8O
gc85KY14GFnq/NoRBJt7RIGm4g6KD1yAn3kqkAd2lEMAY3Vc9dtK78S5qfE4NacI
nZ8wGEyF2MwdpbIxRqhXkOzHY7VfEk9ybUjceEw/217SQFamJpx1TpH0Sk49xcIG
CG5K2sz1xSSQETPL4YIlmute8mqbLgl6HYCo3AQeCeLsDoeP2oc=
=qwNO
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Jun 2018 12:50
(address . 31831@debbugs.gnu.org)
20180614195049.GB4039@jasmine.lan
I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!

I'll try OpenSSL next.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsixxkACgkQJkb6MLrK
fwieThAAzabMGGFp6vWiDopa26rnClaeMuWJXgas6ozEnUz406XTLvmQlMcO3rq0
TZSBe93u1T6e6PWFu6EhhoxD1HLjWgSddemTBvUTNbOD1X7NiOAsPoyfgwu23ZUx
+hn/HG6zlRvxnDy0V2AKQPUmLOb1143uyPdAFG58eBMa8UuIb7q4EYK4CqXNMZOP
w9I1ea5nbEcx+cpZ7G40v1BZ2kLe/T9NAfs9U5doyU0NTJz7bOGnGxwvlQKce9Vh
sblaQyb2cJc5zN2UCFfRUaPG2KGfpcLKXUNVM0RIbvEav456VyEK5VxaTa/NKDcn
K7Ef7JZzUOTU1OTQ0q3N3TVNS+ZiazbFQ5z8WfLkGORoUvqamlV2zT78mgra5LSF
j39dOVd5gOp4jwxp8YtePD3zghG9BH+SI0+CciC7Gsmd0tbPQSREjwBrbAyf4JKD
5Mfe6vtf2ugL5S28rgDbLj4R4xxJ24g9OFMSq59qeLJPAfv0T6Ig+hfCALf3F3v4
8oc+j/0dmK2RNOiFSx7yfVRhTSx26oxeL0X0oHdrozlLykfseKM01/uwwtllTv3M
9576u5kP22bkRS6/t8WR9DOg7DSPw8YudecBk94YLP+vW3WfD81q8b5y6q9IFIUF
v02N6cIIxk6aK2C0GLv3C7gpZU/dzx58a4u4H2Z2jqSZKHgrdNE=
=+auf
-----END PGP SIGNATURE-----


G
G
Gábor Boskovits wrote on 14 Jun 2018 12:53
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pjPFsmHKG8S72fqk2DJ9iw1GVNa+0eVUwOmVqxiUWi3bg@mail.gmail.com
2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:

Toggle quote (5 lines)
> I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!
>
> I'll try OpenSSL next.
>

I'll try libressl.
Attachment: file
L
L
Leo Famulari wrote on 14 Jun 2018 13:06
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180614200608.GA8617@jasmine.lan
Toggle quote (3 lines)
> 2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:
> > I'll try OpenSSL next.

They committed a fix but haven't released an update yet:


There is also an unrelated security advisory for a DoS bug from 2 days
ago:


I'll try grafting these patches.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsiyrAACgkQJkb6MLrK
fwiL6xAAhUiFkoZifXJnnhd8JWO0UJnD856DvXoIWeXsVfVY2IOJH28UQ/LznHsz
PrkUi2sJ0X/CsRBLd7GCjxc/lhVVRCBUfz1pQ4Pzg62lqvmaNnZtTLSn8c4kYOGP
Yl+/wP7PC4KBRupYecLPjElKFjNG02xbhILrUc7/hKNKNxMBkuezQniPgwjiC9jq
apKYFfRaJ+yHEmH6wl1TygowdUsZHFKR9UsJ+tc9B55m1AzA5R/QPBI+kIkTZDKv
Lk02msrIGKaheZcfON4PKhLJz8MMT944qA9E24PRiOlwSuOEnCKwkW9RV0hv1hBA
RKZTJEFvjInT+nSUV7ZjlM3hrrx14xGaMM8tsK6RCf6ULO30XCkjEnnGkn/pHhzM
b51LwSWFNVtJa/W5e343G8p/06GTNYWOFofaAxPOOyxi03s7GQLTr9/W+e/Klo0s
sc/f5CRmSUU9KYwUt6V1FB4Pr6u2yPXMrcfzKI8l1i0z3iNEwT0+JW+4BG7N/w2Q
yqX6jevzGpAMDwzHLXDC3gV/Z0hWBQUEu6noUEO2gNamt87GFMjwdSGOnOmouoM2
PE2l/7AXjAUI5hWIkeNg3+MaC15crjCGLMwhL2b+H7onJnNnLfOh5l1GMme8qd3r
aIjG08bZacT7UOtKwZpxTumoqEETtjXA2OBzcX7n+qH6utMpnUI=
=lK6a
-----END PGP SIGNATURE-----


G
G
Gábor Boskovits wrote on 14 Jun 2018 13:44
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pi8R0YTgc_UMJsC=+0A=NMWdr1cNTZUp0BuD6R_MPNf8g@mail.gmail.com
2018-06-14 21:53 GMT+02:00 Gábor Boskovits <boskovits@gmail.com>:

Toggle quote (9 lines)
> 2018-06-14 21:50 GMT+02:00 Leo Famulari <leo@famulari.name>:
>
>> I see that Efraim already updated libgcrypt. Awesome, thanks Efraim!
>>
>> I'll try OpenSSL next.
>>
>
> I'll try libressl.
>
Attachment: file
L
L
Leo Famulari wrote on 14 Jun 2018 13:45
Re: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(address . 31831@debbugs.gnu.org)
20180614204541.GA26976@jasmine.lan
On Thu, Jun 14, 2018 at 03:50:49PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)
> I'll try OpenSSL next.

I sent patches for both branches of OpenSSL:

version 1.0.2:


version 1.1.0:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsi0/EACgkQJkb6MLrK
fwieQQ/9F9/HwOc2YPtHUb5caJ9i3k0Cm5GWph6qtfOKqw+11flRZfyN7Afn1uu/
+xZHbIuA/NN/h/n+GX/u12U2TnCNQ3K7lIYiWHAXppstSQsbsWV1GcO/zpnRgZcq
EJt3NnI20vuR9jCT/bNfig3WAL5twtbkZIdDor1jz8lQfedNGDXBKzW8tY6qpeat
P0UPafr8l52Svsxl/zPFCi41mFhOVVYNFXzgsWWxEsdRgwcDRn7mZU3egQlT/l+U
FVmDx7qR1lMaECd1Oiy8CoY8IHFx0vq5rRcd7LVuHmkGq69Y/00oE/ktxAKbgBf/
j+uo9OrnAFK5mrL4XYNNA0yPlQjFltz67MJlWL5DiOc7ARnMPz4E+qcJKmOAkVw9
wj+gkSKFsnldlI4oNZMt+klNLQ5OJMG9ibALG9RYrZFSYIqg/FKrDxb7p1blE0cI
4iKY3k6Kh+C+1D8XTls3c8B5OjOt0Wtsix3/B7AE0DFHUTTulhN0DQX/RkT+dDfS
x1eyo7Tap4tr2FLnvS4mmhWaC61z7Jyd0g5/MHPk8MgS5uU3SXPEXktwj880jOEe
POXybGBdnOzHtptKSzVMS/B4ZqolJfpkIz7JNQ2FRGAdXl4XK4RcxBW3qGS8Jc0C
MS1No/DA20tpJA8XTMn65wl70iRPzMLI8c971jdYDNYc06pGkeY=
=L3hc
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 18 Jun 2018 09:35
(address . 31831@debbugs.gnu.org)
20180618163556.GA10371@jasmine.lan
On Thu, Jun 14, 2018 at 03:50:49PM -0400, Leo Famulari wrote:
Toggle quote (2 lines)
> I'll try OpenSSL next.

Patched pushed for both OpenSSL branches, closing bugs 31833 and 31834.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlsn32wACgkQJkb6MLrK
fwhcThAA2e5oy9Sy5FD+p/UFqXe09qD0q6El+lVN0ckWDF9dVwNsndTBIAAQJy4u
/ezp98z85jTeQwsjnVT/9cNLpeLbjJr0hPMXtX9i9fwzW2X8sv8nNKCzfg9a96os
rX72D6zpgtB4Gnr8htAmwuDAKyqlK34tBVbabw7A1gC1Bn3tu5xKP1o+VRwnCtDX
MA/BvDFhqSFvyKxMMY0JkD0aRKRL0yoS+PR8wicMtpCvKxphUWzsGY2gFPI6Jzbl
iWXSZyryQb9DwmLDi8HPYNRBB0x63gEVJVOhhNE2x5mWLKdDYN/V5Nui8abTtpTh
0s6bXkbGbXXNPNmCqjb4zpsx/voH4L4uz1Knl6p/AJ0QbiBUcrwMq9kVC4/Y35By
9RQd/yKSyDdzeAwxVsivYhF10eEUEF4UfpN7OZcUL61UVRcwyEAJwHbgsU1MWBow
apsKzth6uVO0RHH90gAzfbkbch3xLYaYvzXl5e8XD2mqMIVP/JJoNXnaMHok+35N
E2jAGxewz03ft4yj1ANKExJpfL2X/4XDhwiYTDfroeiN2NlUOVQlbJKYE1sjP8iW
6d4PBGL6JYdG3pNrWMk51VVUdB+NjlRqCIL7aI1H+Q9ILKuLZhwu5JHYBGiP23ai
vlau2e3zhJ8pik/THq7JV0x9yNnB3yR0pjkwGdlOBqimawcFtTU=
=00bL
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 27 Jun 2018 13:51
control message for bug #31831
(address . control@debbugs.gnu.org)
87sh58vtqd.fsf@gnu.org
tags 31831 security
L
L
Leo Famulari wrote on 15 Jul 2018 23:20
Re: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(address . 31831@debbugs.gnu.org)
20180716062034.GA3973@jasmine.lan
Fixed in Botan in Guix commit cfe255684cc4deb164d0eaaa2e1ed9804b5ff651.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltMOTIACgkQJkb6MLrK
fwjKtw/+Mv5TVaji6udJMOl8OOiQwIKjZcrtnPYoauL8EIGCpJbcz0DcVNwehgbG
wK8CrdvdgE3c2oVg+FiGJ8wZU5hXjpYyy6VgQzqD96S7VosHeSGuXIoV/87MHaB/
nHpJGTzDKALaARxRJbtRG/x4xxN2cvzPuXJKJegdQ+8LBuEPaagT48pNNwguGtGD
77SQBWJBAf9ZyEFv0MLavrsdrgRvuB8J3H8UVUJyuWyXd6Y2DVfBS8lBsezx9SL4
9DMRY+TDhQZZHfs1nOs0nNPIq9UXTbthGOSTqBmCVbHUKh+UD4FCnQI0O77MxiU1
/FzYxy70HJZyBWvJAe85GiN6ATsH4QaIp/qAO/Gd8JYzooKbYUukZtDHTlAxfGLn
a/NoKp13na1NNZ7qX63edeSB3e9gRaZkMCH/RVZN67EsdPqt4vlcOdGBmzO+Bpp3
slPnmpgjA+xxHtJ259wcfZkmMSRZUvX+ouK82QTTqfmpMWgjHvV2ITJXbbTOG0q+
9GZSOlo+L8dpwwpqHBnTkxMt3SAcCHvwVnoC2d8TIu+az16Q02H9rphAszX9j5dW
kHzUwMKK655Ugc3pYdFvSqvZmav1bsxsRhY94JNvlHq29MI3z7TD0xBM/n+28sWL
AjFAcj2HTdt+/fbeHXCuG2Z4JMUpzQpqYq7AE4N/44Mu1CW751g=
=AhNX
-----END PGP SIGNATURE-----


G
G
Gábor Boskovits wrote on 15 Jul 2018 23:53
Re: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
(name . Leo Famulari)(address . leo@famulari.name)(address . 31831@debbugs.gnu.org)
CAE4v=pi3GY239AEQYS4MmYgjBo-kHoA3+gx5TN009fcR_gmneQ@mail.gmail.com
Leo Famulari <leo@famulari.name> ezt írta (időpont: 2018. júl. 16., H 8:22):

Toggle quote (2 lines)
> Fixed in Botan in Guix commit cfe255684cc4deb164d0eaaa2e1ed9804b5ff651.
>
Are there any more packages needing attention?
Attachment: file
L
L
Leo Famulari wrote on 16 Jul 2018 10:14
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180716171430.GA20978@jasmine.lan
On Mon, Jul 16, 2018 at 08:53:56AM +0200, Gábor Boskovits wrote:
Toggle quote (2 lines)
> Are there any more packages needing attention?

libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
to the bundled copy in Dropbear. I can take a look at this today.

NSS was fixed in Guix commit 7c3bea7e6299e1026c7964c83986a6b6c220879a by
Marius. Thanks, Marius!

The advisory mentions similar but not indentical issues in these
packages:

There is a new release of Crypto++ available. I'm not sure if this
addresses whatever issue was mentioned in the original advisory.

mbedTLS's changelog doesn't mention anything related to key extraction
side channels.

I don't see any related commits in Go's crypto/tls Git repo.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltM0nYACgkQJkb6MLrK
fwhrbxAAnzWh9B+8lsvB/qL+N76f2srQRVKAf/XaddC/GG9pFM+6HhmdxZKsxOZ1
u/RqAsUbWRkCracIuujNJnjaYfR7CogDLhq87DJwAa5DkWTOe8xughPhU1Gk84rM
UmgKIsq260p1Guk209tiQO9RadVz89h7SoB0aycUO1JphQWkHW8QuXd619aJ8QjM
Psb4RFYB/wixV8pi7HMfI37/gVScy+gS5TvyClckQH/YIf5PrNp4yKE6sxhXQhTt
ynA98n4P+tzVcEd2dpe2daztgFOPA4m1ZPolKda9gzwcr5rlRB9WTCgMWjkhXHg5
30/UihWWCdAgSm1Fx3TVxBOxCWy1doILBNfke+tDaZZH63B6aVpVrLX50D5GJQ91
5cvnQO+cQRvCEMMaGoH2Zsvsc6Bdb3wt6YwCuTZZAJOmk/xEpi/X0hVTQ4shu78m
xN4KZW4KN4ZCpZcCvyqOUM3Kdk+fnGHdFaDNkR3yMPX0H3bPxI4j90+VziYI/Dal
NCgYfHAKZcplsnPw2WYLhPBa5qj+jhG0rvoWmtk224dbcTg8rKpGrxlUMAbO5FZq
KVKypvGqnWai4+6HCkvM7b49Puk/+5kAkClFmXRklLq16/XFjxlOggg63qfoEYpt
GLiHObiOAK+eGM/YCPHnj3kXZGVwl5pD48cNmZuxon/lp+ejsek=
=nik0
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 16 Jul 2018 10:39
(name . Gábor Boskovits)(address . boskovits@gmail.com)(address . 31831@debbugs.gnu.org)
20180716173929.GA24955@jasmine.lan
On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
Toggle quote (3 lines)
> libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
> to the bundled copy in Dropbear. I can take a look at this today.

Dropbear's bundled libtomcrypt includes a variety of whitespace and
comment changes that make it non-trivial to compare the actual
differences between the codebases.

I'm not going to work on adapting the upstream patch for Dropbear, but
of course others are welcome to do it :) Otherwise I assume the Dropbear
team will include the fixes whenever they make a new release.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltM2FEACgkQJkb6MLrK
fwhGjQ/+NKYomgpvn8e7q1b3LzFIDP3FcBc9512hNfFwEkY+i40IAD3bvB+W5+MI
kMTiFW2PX+7lILJnuPehwIrFTiy1FptAYNlhPbx/E/iEgrjOtj526L+acHYdNSoU
SU+abzLbkcxhes8FM5rMCDmB6YKy/bCaomo3sWKuwGtpSPqFlpbSpRVjWOkwi1Nl
bHMD/hOPsbmbILYbpfDVKzTuWS8jPeTb00QpJyWjnNZ2IkD+ORhiQ6KnntlzK8Gr
LIHJflM7YPq1y4DFHPdjAHYorVlO7Zl1Z04q2/bRBvE4ASuGbiQuAyxf29IBnW+E
HUuSauz/n5qs9C3+yIgBkvjphowoXeJ0zYouW6SxyzcyFBMpvoXO1Ehk8JjajCNx
g1o8kR45QUjsbZ7sA7RwfsKeTrBzSgzhmQy3A0Fc9zG/jYySL9o6RMmv8U5Pqz5K
a0bVqKIMBD99pEGO5bvKgLv1iFFGf6BQocF4rU2UXXTc0If3MLd3mRqPShjFGQju
3AvuapupFw8aLIfTzsmZcMdtT4PSK3lWybfISoE62E2pbyxYm5iyQwfeo68tM3lw
oNPb+TmtuELjeolmZHjiO2nQQfHihCjCkvCMuYUnh7GZsxjh4aR6bpBud34j9Ya7
NEBKnR/MCvCEdJdgcuWxzBH+vAZiMMmrrmTRrGktOr9uyHr32gc=
=ZdMv
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 25 Feb 2019 18:01
(address . 31831-done@debbugs.gnu.org)
20190226020108.GA25161@jasmine.lan
On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
Toggle quote (3 lines)
> There is a new release of Crypto++ available. I'm not sure if this
> addresses whatever issue was mentioned in the original advisory.

Crypto++ was updated to 8.0.0 in January 2019.


Toggle quote (3 lines)
> mbedTLS's changelog doesn't mention anything related to key extraction
> side channels.

mbedTLS has been updated several times since this bug was opened, and is
currently at 2.16.0.


Neither of those upstreams have mentioned CVE-2018-0495, as far as I can
tell. The original advisory said they do not use the vulnerable pattern,
but do use "non-constant math, but different pattern".

Overall, I don't think there is anything left for us to do as a distro
in response to CVE-2018-0495, so I am closing this bug.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlx0neQACgkQJkb6MLrK
fwjbVRAAxPBNbVo2JbxhwnagmAqBJstto7u/BbEB2FU0LPetyP96P5CCqXnXofqT
eK8xl9uzs+taIyt0p1C7g/mWw7bUEpUrug800EsHhEjLUOmFeSXiHPIvQWns5BvU
xRLP1kaL+9InnGaHkzIUubYt7ewmGQosXLjVX7pdVO0NaZJqXV0XdtcEPN9/Hz6w
KofSzM6P3VCjP7uXuiwv8VTLFCIhjgIYmmrFMJP9G3PLB3wTQlpmcYtHQy4Da42g
/6OuYjjGzLuF5QRt+Jmz77SQabZWbvCOmZsqRIZsz7LfkhfoJQMPdA10oOkjRvhk
e87Buz53Jknu5QPodoYpvCLn7HPVi30oa5T7QPyXHMqV7iNBPmyieoE6Agjz4RzE
gXua3WKWdebLPMSxjIAcYoUTs5RyxlVVckevvR8CukfIIIx6sBRrfJOR6hZR0/tY
n/r2oG//oVAbqkTgo7lER24VMTWqkBRs9zBHXZBTQ/1HOG8nf9sabFpVZj3niLTE
x9EcAJfY5oKG3yPxsogEf+QAAktfgJFdDFcxUkpgSXNpE0K6svJTKFTU2WKfnF94
vEoc1AsuYx7kUBtRWx0AijoqYHWtc7yMb/ouzwyM0B8Vxmd8TzetDb0wUUQjrlIK
/Z386DfT8X+fw/en9U8qbTxN/5hkl88w8vloB4cUyQLIndOT91U=
=bAaH
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 31831@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 31831
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch