Your message dated Sun, 23 Mar 2025 17:00:12 +0000 with message-id <E1twOgG-00BBQM-CK@fasolo.debian.org> and subject line Bug#1100641: fixed in linux 6.12.20-1 has caused the Debian Bug report #1100641, regarding Kerberized NFSv4-servers unable to accept: aes256-cts-hmac-sha384-192 or aes128-cts-hmac-sha256-128 encryption. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1100641: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100641 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Kerberized NFSv4-servers unable to accept: aes256-cts-hmac-sha384-192 or aes128-cts-hmac-sha256-128 encryption.
- From: Jostein Fossheim <jfossheim@skyfritt.net>
- Date: Sun, 16 Mar 2025 14:53:14 +0100
- Message-id: <[🔎] a550ec35-21a6-41e2-a257-64c17a42d46e@skyfritt.net>
Package: nfs-kernel-server Version: 1:2.6.2-4+deb12u1 Other relevant packages: gssproxy (0.9.1-1+b1), we have tested both with rpc.svcgssd and gssproxy with seemingly similar results. I am struggling in our lab to understand why my kerberized nfs-servers running debian is not able to handle aes256-cts-hmac-sha384-192 / aes128-cts-hmac-sha256-128 encryption. We configured a freeIPA-enrolled Debian server, and configure our shares in a similar way as on our Red Hat (RockyLinux) servers, and all clients got access denied, while trying to mount the relevant shares. After some investigation we saw the following we saw the following message in the logs: | ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - Encryption type aes256-cts-hmac-sha384-192 not permitted The default keytabs provided via freeipa enrollment are the following (we add the nfs-service-keytab manually) | | klist -e -k /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96) 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192) 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)|| 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96) 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)| So we tried to remove the "nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192)"-keytab and tested again, then we saw aes128-sha2 erros in the logs, only after we removed the "nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)" as well our clients where able to mount their shares. So the following server-keytabs are ok: | klist -e -k /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96) 1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96) 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96) 1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)| Having all the standard keytabs seems to be unproblematic on the client side. We have tried to install gssproxy as well on our servers, but the same access denied messages are occurring but the log-messages are more dubious when we use the encryption-/hashing-schemas in question. We have experimented quite a bit, and cannot understand why Debian nfs-servies should not be able to accept aes256-cts-hmac-sha384-192 and aes128-cts-hmac-sha256-128 tickets which our Red Hat / Rocky Servers are. Setting things like: permitted_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 default_tkt_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 default_tgs_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 Seems to have no effect. -- Best Regards, Jostein Fossheim
--- End Message ---
--- Begin Message ---
- To: 1100641-close@bugs.debian.org
- Subject: Bug#1100641: fixed in linux 6.12.20-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 23 Mar 2025 17:00:12 +0000
- Message-id: <E1twOgG-00BBQM-CK@fasolo.debian.org>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>
Source: linux Source-Version: 6.12.20-1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1100641@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Mar 2025 14:34:08 +0100 Source: linux Architecture: source Version: 6.12.20-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1091696 1100641 1100694 Changes: linux (6.12.20-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.20 - mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq - mm: fix kernel BUG when userfaultfd_move encounters swapcache - userfaultfd: fix PTE unmapping stack-allocated PTE copies - fbdev: hyperv_fb: iounmap() the correct memory when removing a device - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. - ice: do not configure destination override for switchdev - ice: fix memory leak in aRFS after reset - ice: Fix switchdev slow-path in LAG - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around - netfilter: nf_tables: make destruction work queue pernet - sched: address a potential NULL pointer dereference in the GRED scheduler. - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms - wifi: mac80211: don't queue sdata::work for a non-running sdata - wifi: cfg80211: cancel wiphy_work before freeing wiphy - Bluetooth: hci_event: Fix enabling passive scanning - Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context" - net/mlx5: Fill out devlink dev info only for PFs - [arm64,armhf] net: dsa: mv88e6xxx: Verify after ATU Load ops - net: mctp i3c: Copy headers if cloned - net: mctp i2c: Copy headers if cloned - netpoll: hold rcu read lock in __netpoll_send_skb() - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed - fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs - fbdev: hyperv_fb: Simplify hvfb_putmem - fbdev: hyperv_fb: Allow graceful removal of framebuffer - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() - net/mlx5: handle errors in mlx5_chains_create_table() - eth: bnxt: fix truesize for mb-xdp-pass case - eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() - eth: bnxt: do not use BNXT_VNIC_NTUPLE unconditionally in queue restart logic - eth: bnxt: do not update checksum in bnxt_xdp_build_skb() - eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx} - eth: bnxt: use page pool for head frags - bnxt_en: refactor tpa_info alloc/free into helpers - bnxt_en: handle tpa_info in queue API implementation - eth: bnxt: fix memory leak in queue reset - net: switchdev: Convert blocking notification chain to a raw one - net: mctp: unshare packets when reassembling - bonding: fix incorrect MAC address setting to receive NS messages - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() - ipvs: prevent integer overflow in do_ip_vs_get_ctl() - net_sched: Prevent creation of classes with TC_H_ROOT - netfilter: nft_exthdr: fix offset with ipv4_find_option() - gre: Fix IPv6 link-local address generation. - net: openvswitch: remove misbehaving actions length check - Revert "openvswitch: switch to per-action label counting in conntrack" - net/mlx5: HWS, Rightsize bwc matcher priority - net/mlx5: Fix incorrect IRQ pool usage when releasing IRQs - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch - net/mlx5: Bridge, fix the crash caused by LAG state check - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices - nvme-fc: go straight to connecting state when initializing - nvme-fc: do not ignore connectivity loss during connecting - hrtimers: Mark is_migration_base() with __always_inline - powercap: call put_device() on an error path in powercap_register_control_type() - btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop - futex: Pass in task to futex_queue() - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() - [x86] platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() - drm/amd/display: Fix out-of-bound accesses - scsi: core: Use GFP_NOIO to avoid circular locking dependency - scsi: ufs: core: Fix error return with query response - scsi: qla1280: Fix kernel oops when debug level > 2 - ACPI: resource: IRQ override for Eluktronics MECH-17 - smb: client: fix noisy when tree connecting to DFS interlink targets - sched_ext: selftests/dsp_local_on: Fix sporadic failures - [amd64] HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell - [amd64] HID: intel-ish-hid: Send clock sync message immediately after reset - HID: ignore non-functional sensor in HP 5MP Camera - HID: hid-steam: Fix issues with disabling both gamepad mode and lizard mode - usb: phy: generic: Use proper helper for property detection - [amd64] HID: intel-ish-hid: ipc: Add Panther Lake PCI device IDs - HID: topre: Fix n-key rollover on Realforce R3S TKL boards - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support - HID: apple: fix up the F6 key on the Omoton KB066 keyboard - btrfs: fix two misuses of folio_shift() - objtool: Ignore dangling jump table entries - sched: Clarify wake_up_q()'s write to task->wake_q.next - [x86] platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e - [x86] platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles - [x86] platform/x86: int3472: Use correct type for "polarity", call it gpio_flags - [x86] platform/x86: int3472: Call "reset" GPIO "enable" for INT347E - [s390x] cio: Fix CHPID "configure" attribute caching - thermal/cpufreq_cooling: Remove structure member documentation - [arm64] amu: Delay allocating cpumask for AMU FIE support - Xen/swiotlb: mark xen_swiotlb_fixup() __init - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd - [amd64] ASoC: Intel: sof_sdw: Add lookup of quirk using PCI subsystem ID - [amd64] ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S14 - [amd64] ASoC: Intel: soc-acpi-intel-mtl-match: declare adr as ull - ASoC: simple-card-utils.c: add missing dlc->of_node - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 - [amd64] ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module - PCI: pci_ids: add INTEL_HDA_PTL_H - ALSA: hda: intel-dsp-config: Add PTL-H support - [amd64] ASoC: SOF: Intel: pci-ptl: Add support for PTL-H - ALSA: hda: hda-intel: add Panther Lake-H support - [amd64] ASoC: SOF: amd: Add post_fw_run_delay ACP quirk - [amd64] ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors - io-wq: backoff when retrying worker creation - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers - nvmet-rdma: recheck queue state is LIVE in state lock in recv done - apple-nvme: Release power domains when probe fails - cifs: Treat unhandled directory name surrogate reparse points as mount directory nodes - sctp: Fix undefined behavior in left shift operation - nvme: only allow entering LIVE from CONNECTING state - phy: ti: gmii-sel: Do not use syscon helper to build regmap - fuse: don't truncate cached, mutated symlink - ASoC: dapm-graph: set fill colour of turned on nodes - [amd64] ASoC: SOF: Intel: don't check number of sdw links when set dmic_fixup - drm/vkms: Round fixp2int conversion in lerp_u16 - [x86] perf/x86/intel: Use better start period for frequency mode - [x86] of: Don't use DTB for SMP setup if ACPI is enabled - [x86] irq: Define trace events conditionally - [x86] perf/x86/rapl: Add support for Intel Arrow Lake U - mptcp: safety check before fallback - drm/nouveau: Do not override forced connector status - net: Handle napi_schedule() calls from non-interrupt - block: fix 'kmem_cache of name 'bio-108' already exists' - vhost: return task creation error instead of NULL - cifs: Validate content of WSL reparse point buffers - cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from parse_reparse_point() - Input: goodix-berlin - fix vddio regulator references - Input: ads7846 - fix gpiod allocation - Input: iqs7222 - preserve system status register - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers - Input: xpad - add multiple supported devices - Input: xpad - add support for ZOTAC Gaming Zone - Input: xpad - add support for TECNO Pocket Go - Input: xpad - rename QH controller to Legion Go S - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ - Input: i8042 - add required quirks for missing old boardnames - Input: i8042 - swap old quirk combination with new quirk for several devices - Input: i8042 - swap old quirk combination with new quirk for more devices - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 - USB: serial: option: add Telit Cinterion FE990B compositions - USB: serial: option: fix Telit Cinterion FE990A name - USB: serial: option: match on interface class for Telit FN990B - [x86] microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes - spi: microchip-core: prevent RX overflows when transmit size > FIFO size - [amd64] drm/i915/cdclk: Do cdclk post plane programming later - drm/panic: use `div_ceil` to clean Clippy warning - drm/panic: fix overindented list items in documentation - drm/atomic: Filter out redundant DPMS calls - drm/dp_mst: Fix locking when skipping CSN before topology probing - drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags - drm/amd/amdkfd: Evict all queues even HWS remove queue failed - drm/amdgpu/display: Allow DCC for video formats on GFX12 - drm/amd/display: Disable unneeded hpd interrupts during dm_init - drm/amd/display: fix default brightness - drm/amd/display: fix missing .is_two_pixels_per_container - drm/amd/display: Restore correct backlight brightness after a GPU reset - drm/amd/display: Assign normalized_pix_clk when color depth = 14 - drm/amd/display: Fix slab-use-after-free on hdcp_work - ksmbd: fix use-after-free in ksmbd_free_work_struct - ksmbd: prevent connection release during oplock break notification - clk: samsung: update PLL locktime for PLL142XX used on FSD platform - clk: samsung: gs101: fix synchronous external abort in samsung_clk_save() - [amd64] ASoC: Intel: sof_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks() - [amd64] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model - netmem: prevent TX of unreadable skbs - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature - [arm64] mm: Populate vmemmap at the page level if not section aligned - Fix mmu notifiers for range-based invalidates - qlcnic: fix memory leak issues in qlcnic_sriov_common.c - smb: client: fix regression with guest option - net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration errata - net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart errata - sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl() - ASoC: ops: Consistently treat platform_max as control value - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() - [amd64] ASoC: cs42l43: Fix maximum ADC Volume - [amd64] ASoC: rt722-sdca: add missing readable registers - drm/xe: cancel pending job timer before freeing scheduler - drm/xe: Release guc ids before cancelling work - drm/xe/userptr: Fix an incorrect assert - drm/xe/pm: Temporarily disable D3Cold on BMG - nvme: move error logging from nvme_end_req() to __nvme_end_req() - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() - [amd64] drm/i915: Increase I915_PARAM_MMAP_GTT_VERSION version to indicate support for partial mmaps - scripts: generate_rust_analyzer: add missing macros deps - scripts: generate_rust_analyzer: add missing include_dirs - scripts: generate_rust_analyzer: add uapi crate - block: change blk_mq_add_to_batch() third argument type to bool - cifs: Fix integer overflow while processing acregmax mount option - cifs: Fix integer overflow while processing acdirmax mount option - cifs: Fix integer overflow while processing actimeo mount option - cifs: Fix integer overflow while processing closetimeo mount option - [x86] vmware: Parse MP tables for SEV-SNP enabled guests under VMware hypervisors - i2c: ali1535: Fix an error handling path in ali1535_probe() - i2c: ali15x3: Fix an error handling path in ali15x3_probe() - i2c: sis630: Fix an error handling path in sis630_probe() - mm/hugetlb: wait for hugetlb folios to be freed - smb3: add support for IAKerb - smb: client: Fix match_session bug preventing session reuse - sched_ext: selftests/dsp_local_on: Fix selftest on UP systems - tools/sched_ext: Add helper to check task migration state - Bluetooth: L2CAP: Fix corrupted list in hci_chan_del - nvme-fc: rely on state transitions to handle connectivity loss - HID: apple: disable Fn key handling on the Omoton KB066 . [ Madhu Adav M J ] * drivers/nvme/target: Enable NVME_TARGET_PASSTHRU * drivers/nvme/target: Enable NVME_TARGET_LOOP and NVME_TARGET_FCLOOP as modules . [ Salvatore Bonaccorso ] * net/sunrpc: Enable RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 (Closes: #1100641) * [x86] drivers/pinctrl/intel: Enable PINCTRL_INTEL_PLATFORM as module (Closes: #1100694) * ata: libata-core: Add ATA_QUIRK_NO_LPM_ON_ATI for certain Samsung SSDs (Closes: #1091696) Checksums-Sha1: 17f2bb174c572b293af30b2ec85049c6d386f766 206735 linux_6.12.20-1.dsc 2e084b2d79d26fd46015b3f8209a3e369abf5cf5 150989160 linux_6.12.20.orig.tar.xz c58e6a31ff350cfc30b00439a8b87d3873767b18 1608268 linux_6.12.20-1.debian.tar.xz 77768d208f79c92b38304d2f809c85d5408fba92 6644 linux_6.12.20-1_source.buildinfo Checksums-Sha256: 77732e325185535d706cbfa09532d0eaa9d39fad364644d900b6189f3afcfa13 206735 linux_6.12.20-1.dsc 4d828e1efb30675ac8bf08d58c004b8b9257585b2e3bac998b52b2f68e852ce9 150989160 linux_6.12.20.orig.tar.xz 1852dbdf1ea369efaf1105c5483361381905973205b4dac69e2bb8f3f43e62a7 1608268 linux_6.12.20-1.debian.tar.xz 99e6f913efe7ba595585d1a512593ec58e0999863a6104ce19fa2b4c1a3b7f2e 6644 linux_6.12.20-1_source.buildinfo Files: 84c2f25badba363e3cc97cf3d135b1e1 206735 kernel optional linux_6.12.20-1.dsc a3e6969148fb6b45124339ea2910f6e7 150989160 kernel optional linux_6.12.20.orig.tar.xz a23f039377a523665200654d3fcf42b8 1608268 kernel optional linux_6.12.20-1.debian.tar.xz da0b1f0c7480829c677de1d0a6739a61 6644 kernel optional linux_6.12.20-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfgDndfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E5hwP/3km17QODZ+atApRC55NdsvaYXvaHLe0 W7FgrJRS/orDnQAhge1QGDlbKXPRV3vzRojEzQVFO+sslrWPUrH9xynusPHvMaWf XEbCZnwbxDvxt1Ihv6O2sQnhEXXrElJHXxncrRg9WElxxBpCWw9E6eSOt1OYtyB1 fKw66FAhloLoMdLvBL+Q2XdGp79ZauygG++a5Lq/wbH6EQxM9mch6Rh6fvDH9kUf C21dkf1qGTW2wk1mUm6FJWbLwkwrh4MKYI0dw4/K0d8D7Le1Gi95OHNsjy6PUlfs wSsMUMhgfyIR9pS2lHxTNuCB3epAs2xZ5RR4a5lIqzB/rktmsubAK4cJSII2GQIP skkT7VpI/ywBP0WHhOZm8DticPzXZX7E6JInkGUwzC+S8X0L5+waD6bZCaUilAXY zlnIRq8XlRv6UBnRhNk/0b/sDG232uAI5elskR3aCle5HH3IsgvPKTJrT9XyPgFJ tg46iBpiTKlitCXtMZEx2zkXP4WzqYG1AepFXTyIDtuh0LJpIyonnGriaDJ8kqMQ oGB8/tVubTOMjt0xHDH/JjzWUZDT2g3IWfekbixeefVRfqAt6kgVWBdGjAVkvRR2 adD53pH0jU90zixv1pjumqfoYnPxaPvH1q+KJHRipJQO34ThvLBUpTQiZZBpcCdG 73AgryE3gPYC =DoB0 -----END PGP SIGNATURE-----Attachment: pgpH7M633GoD2.pgp
Description: PGP signature
--- End Message ---