Control: tags -1 moreinfo
On 2021-06-19 18:13:16 +0200, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: security@debian.org
>
> Please unblock package apache2
>
> [ Reason ]
> In the past we had some problems to follow CVE fixes for Apache2. For
> Buster, we had to import the whole http2 module from 2.4.46 into 2.4.38
> because it was impossible to apply the upstream fix due to module
> changes. This isolated import was really risky but we didn't found a
> better way.
>
> Now the story restarts with CVE-2021-31618. The upstream fix is simple
> but refers to other changes. In particular the whole SSL stack changed.
> Even for Bullseye, there are too many differences between 2.4.46 and
> 2.4.48 to apply this fix.
>
> Apache2 is RFH for years, but has too many reverse dependencies to be
> removed from Bullseye (even if there are some alternatives).
>
> Our current apache2 policy keeps a lot of (maybe unimportant) CVE
> opened.
>
> So we decided to follow upstream changes for Bullseye. So this is the
> last version which fixes 6 CVEs (one grave)/
>
> [ Impact ]
> Multiple security issues.
>
> [ Tests ]
> Tests passed (autopkgtest)
>
> [ Risks ]
> Patch isn't trivial, but it looks like upstream provides version fully
> tested.
>
> [ Checklist ]
> [X] all changes are documented in the d/changelog
> [X] I reviewed all changes and I approve them
> [X] attach debdiff against the package in testing
>
> [ Other info ]
> The dedbiff contains only debian/* changes. I found not interessant to
> provide the real debdiff which is really big.
>
> Cheers,
> Yadd
>
> unblock apache2/2.4.48-2
> diff --git a/debian/apache2-data.lintian-overrides b/debian/apache2-data.lintian-overrides
> index 902735d7..fa617892 100644
> --- a/debian/apache2-data.lintian-overrides
> +++ b/debian/apache2-data.lintian-overrides
> @@ -1 +1,5 @@
> debian-changelog-file-is-a-symlink
> +package-contains-documentation-outside-usr-share-doc usr/share/apache2/default-site/index.html
> +package-contains-documentation-outside-usr-share-doc usr/share/apache2/error/include/bottom.html
> +package-contains-documentation-outside-usr-share-doc usr/share/apache2/error/include/spacer.html
> +package-contains-documentation-outside-usr-share-doc usr/share/apache2/error/include/top.html
> diff --git a/debian/apache2.logrotate b/debian/apache2.logrotate
> index 37c5f22e..9d2356da 100644
> --- a/debian/apache2.logrotate
> +++ b/debian/apache2.logrotate
> @@ -1,20 +1,20 @@
> /var/log/apache2/*.log {
> - daily
> - missingok
> - rotate 14
> - compress
> - delaycompress
> - notifempty
> - create 640 root adm
> - sharedscripts
> - postrotate
> - if invoke-rc.d apache2 status > /dev/null 2>&1; then \
> - invoke-rc.d apache2 reload > /dev/null 2>&1; \
> - fi;
> - endscript
> - prerotate
> - if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
> - run-parts /etc/logrotate.d/httpd-prerotate; \
> - fi; \
> - endscript
> + daily
> + missingok
> + rotate 14
> + compress
> + delaycompress
> + notifempty
> + create 640 root adm
> + sharedscripts
> + prerotate
> + if [ -d /etc/logrotate.d/httpd-prerotate ]; then
> + run-parts /etc/logrotate.d/httpd-prerotate
> + fi
> + endscript
> + postrotate
> + if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
> + invoke-rc.d apache2 reload
> + fi
> + endscript
> }
> diff --git a/debian/changelog b/debian/changelog
> index fa775057..fef71d5b 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,4 +1,40 @@
> -apache2 (2.4.46-6) unstable; urgency=medium
> +apache2 (2.4.48-2) unstable; urgency=medium
> +
> + * Back to unstable: Apache2 will follow upstream changes for Bullseye
> +
> + [ Christian Ehrhardt ]
> + * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
> +
> + -- Yadd <yadd@debian.org> Sat, 19 Jun 2021 17:50:29 +0200
> +
> +apache2 (2.4.48-1) experimental; urgency=medium
> +
> + [ Daniel Lewart ]
> + * Update apache2.logrotate (Closes: #979813)
> +
> + [ Andreas Hasenack ]
> + * Avoid test suite failure (Closes: #985012)
> +
> + [ Yadd ]
> + * Update lintian overrides
> + * Re-export upstream signing key without extra signatures.
> +
> + [ Ondřej Surý ]
> + * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
> + CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
> + CVE-2021-30641, CVE-2021-31618)
> +
> + -- Ondřej Surý <ondrej@debian.org> Tue, 08 Jun 2021 08:29:35 +0200
> +
> +apache2 (2.4.47-1) experimental; urgency=medium
> +
> + * Update upstream keys file
> + * New upstream version 2.4.47
> + * Refresh patches
> +
> + -- Yadd <yadd@debian.org> Thu, 29 Apr 2021 08:03:33 +0200
> +
> +apache2 (2.4.48-1) experimental; urgency=medium
I suppose this should be 2.4.46-6 (unstable) instead. Could you please
fix that?
Cheers
>
> * Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452,
> CVE-2021-26690, CVE-2021-26691, CVE-2021-30641)
> @@ -76,7 +112,7 @@ apache2 (2.4.43-1) unstable; urgency=medium
> * Fix logrotate script for multi-instance (Closes: #914606)
>
> [ Xavier Guimard ]
> - * New upstream version 2.4.43
> + * New upstream version 2.4.43 (Closes: CVE-2020-1927, CVE-2020-1934)
> * Refresh patches
>
> -- Xavier Guimard <yadd@debian.org> Tue, 31 Mar 2020 08:02:12 +0200
> @@ -119,7 +155,8 @@ apache2 (2.4.41-2) unstable; urgency=medium
>
> apache2 (2.4.41-1) unstable; urgency=medium
>
> - * New upstream version 2.4.41
> + * New upstream version 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10081,
> + CVE-2019-10082, CVE-2019-10092, CVE-2019-10098)
> * Update lintian overrides
> * Remove README in usr/share/apache2
> * Move httxt2dbm manpage in section 8
> @@ -139,7 +176,8 @@ apache2 (2.4.39-1) unstable; urgency=medium
> * Do not install /usr/share/apache2/build/config.nice (Closes: #929510)
>
> [ Xavier Guimard ]
> - * New upstream version 2.4.39
> + * New upstream version 2.4.39 (Closes: CVE-2019-0196, CVE-2019-0197,
> + CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)
> * Refresh patches
> * Remove patches now included in upstream
> * Replace duplicate doc files by links using jdupes
> @@ -228,7 +266,8 @@ apache2 (2.4.38-1) unstable; urgency=medium
> LogFormat directives.
>
> [ Xavier Guimard ]
> - * New upstream version 2.4.38 (Closes: #920220, #920302, #920303)
> + * New upstream version 2.4.38 (Closes: #920220, #920302, #920303,
> + CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)
> * Refresh patches
> * Remove setenvifexpr.diff patch now included in upstream
> * Replace libapache2-mod-proxy-uwsgi.{post*,prerm} by a maintscript
> diff --git a/debian/control b/debian/control
> index 11d92ea8..ac671287 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -3,7 +3,7 @@ Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
> Uploaders: Stefan Fritsch <sf@debian.org>,
> Arno Töll <arno@debian.org>,
> Ondřej Surý <ondrej@debian.org>,
> - Xavier Guimard <yadd@debian.org>
> + Yadd <yadd@debian.org>
> Section: httpd
> Priority: optional
> Build-Depends: debhelper-compat (= 13),
> diff --git a/debian/patches/CVE-2020-13950.patch b/debian/patches/CVE-2020-13950.patch
> deleted file mode 100644
> index cf0ef992..00000000
> --- a/debian/patches/CVE-2020-13950.patch
> +++ /dev/null
> @@ -1,28 +0,0 @@
> -Description: The proxy connection may be NULL during prefetch, don't try to dereference it!
> - Still origin->keepalive will be set according to p_conn->close by the caller
> - (proxy_http_handler).
> -Author: Apache authors
> -Origin: upstream, https://svn.apache.org/r1678771
> -Bug: <url in upstream bugtracker>
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/modules/proxy/mod_proxy_http.c
> -+++ b/modules/proxy/mod_proxy_http.c
> -@@ -577,7 +577,6 @@
> - apr_off_t bytes;
> - int force10, rv;
> - apr_read_type_e block;
> -- conn_rec *origin = p_conn->connection;
> -
> - if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
> - if (req->expecting_100) {
> -@@ -637,7 +636,6 @@
> - "chunked body with Content-Length (C-L ignored)",
> - c->client_ip, c->remote_host ? c->remote_host: "");
> - req->old_cl_val = NULL;
> -- origin->keepalive = AP_CONN_CLOSE;
> - p_conn->close = 1;
> - }
> -
> diff --git a/debian/patches/CVE-2020-35452.patch b/debian/patches/CVE-2020-35452.patch
> deleted file mode 100644
> index 52042108..00000000
> --- a/debian/patches/CVE-2020-35452.patch
> +++ /dev/null
> @@ -1,27 +0,0 @@
> -Description: <short summary of the patch>
> -Author: Apache authors
> -Origin: upstream, https://github.com/apache/httpd/commit/3b6431e
> -Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/modules/aaa/mod_auth_digest.c
> -+++ b/modules/aaa/mod_auth_digest.c
> -@@ -1422,9 +1422,14 @@
> - time_rec nonce_time;
> - char tmp, hash[NONCE_HASH_LEN+1];
> -
> -- if (strlen(resp->nonce) != NONCE_LEN) {
> -+ /* Since the time part of the nonce is a base64 encoding of an
> -+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
> -+ */
> -+ if (strlen(resp->nonce) != NONCE_LEN
> -+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
> - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
> -- "invalid nonce %s received - length is not %d",
> -+ "invalid nonce '%s' received - length is not %d "
> -+ "or time encoding is incorrect",
> - resp->nonce, NONCE_LEN);
> - note_digest_auth_failure(r, conf, resp, 1);
> - return HTTP_UNAUTHORIZED;
> diff --git a/debian/patches/CVE-2021-26690.patch b/debian/patches/CVE-2021-26690.patch
> deleted file mode 100644
> index 5ceec1fd..00000000
> --- a/debian/patches/CVE-2021-26690.patch
> +++ /dev/null
> @@ -1,20 +0,0 @@
> -Description: <short summary of the patch>
> -Author: Apache authors
> -Origin: upstream, https://github.com/apache/httpd/commit/67bd9bfe
> -Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/modules/session/mod_session.c
> -+++ b/modules/session/mod_session.c
> -@@ -405,8 +405,8 @@
> - char *plast = NULL;
> - const char *psep = "=";
> - char *key = apr_strtok(pair, psep, &plast);
> -- char *val = apr_strtok(NULL, psep, &plast);
> - if (key && *key) {
> -+ char *val = apr_strtok(NULL, sep, &plast);
> - if (!val || !*val) {
> - apr_table_unset(z->entries, key);
> - }
> diff --git a/debian/patches/CVE-2021-26691.patch b/debian/patches/CVE-2021-26691.patch
> deleted file mode 100644
> index 2d786b16..00000000
> --- a/debian/patches/CVE-2021-26691.patch
> +++ /dev/null
> @@ -1,18 +0,0 @@
> -Description: mod_session: account for the '&' in identity_concat().
> -Author: Apache authors
> -Origin: upstream, https://github.com/apache/httpd/commit/7e09dd71
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/modules/session/mod_session.c
> -+++ b/modules/session/mod_session.c
> -@@ -318,7 +318,7 @@
> - static int identity_count(void *v, const char *key, const char *val)
> - {
> - int *count = v;
> -- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
> -+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
> - return 1;
> - }
> -
> diff --git a/debian/patches/CVE-2021-30641.patch b/debian/patches/CVE-2021-30641.patch
> deleted file mode 100644
> index 7486e1b3..00000000
> --- a/debian/patches/CVE-2021-30641.patch
> +++ /dev/null
> @@ -1,50 +0,0 @@
> -Description: legacy default slash-matching behavior w/ 'MergeSlashes OFF'
> -Author: Apache authors
> -Origin: upstream, https://github.com/apache/httpd/commit/eb986059
> -Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/server/request.c
> -+++ b/server/request.c
> -@@ -1419,7 +1419,20 @@
> -
> - cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
> - cached = (cache->cached != NULL);
> -- entry_uri = r->uri;
> -+
> -+ /*
> -+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
> -+ * have not been merged. But for Location walks we always go with merged
> -+ * slashes no matter what merge_slashes is set to.
> -+ */
> -+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
> -+ entry_uri = r->uri;
> -+ }
> -+ else {
> -+ char *uri = apr_pstrdup(r->pool, r->uri);
> -+ ap_no2slash(uri);
> -+ entry_uri = uri;
> -+ }
> -
> - /* If we have an cache->cached location that matches r->uri,
> - * and the vhost's list of locations hasn't changed, we can skip
> -@@ -1486,7 +1499,7 @@
> - pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
> - }
> -
> -- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
> -+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
> - continue;
> - }
> -
> -@@ -1496,7 +1509,7 @@
> - apr_table_setn(r->subprocess_env,
> - ((const char **)entry_core->refs->elts)[i],
> - apr_pstrndup(r->pool,
> -- entry_uri + pmatch[i].rm_so,
> -+ r->uri + pmatch[i].rm_so,
> - pmatch[i].rm_eo - pmatch[i].rm_so));
> - }
> - }
> diff --git a/debian/patches/CVE-2021-31618.patch b/debian/patches/CVE-2021-31618.patch
> deleted file mode 100644
> index 12d59c8b..00000000
> --- a/debian/patches/CVE-2021-31618.patch
> +++ /dev/null
> @@ -1,20 +0,0 @@
> -Description: fix NULL pointer dereference on specially crafted HTTP/2 request
> -Author: Upstream
> -Origin: upstream, http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
> -Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
> -Bug-Debian: https://bugs.debian.org/989562
> -Forwarded: not-needed
> -Reviewed-By: Yadd <yadd@debian.org>
> -Last-Update: 2021-06-10
> -
> ---- a/modules/http2/h2_stream.c
> -+++ b/modules/http2/h2_stream.c
> -@@ -638,7 +638,7 @@
> -
> - static void set_error_response(h2_stream *stream, int http_status)
> - {
> -- if (!h2_stream_is_ready(stream)) {
> -+ if (!h2_stream_is_ready(stream) && stream->rtmp) {
> - conn_rec *c = stream->session->c;
> - apr_bucket *b;
> - h2_headers *response;
> diff --git a/debian/patches/build_suexec-custom.patch b/debian/patches/build_suexec-custom.patch
> index e03d54be..f3c773a1 100644
> --- a/debian/patches/build_suexec-custom.patch
> +++ b/debian/patches/build_suexec-custom.patch
> @@ -4,7 +4,7 @@ Author: Stefan Fritsch <sf@debian.org>
> Last-Update: 2012-02-25
> --- a/Makefile.in
> +++ b/Makefile.in
> -@@ -272,23 +272,26 @@
> +@@ -292,23 +292,26 @@
> install-suexec: install-suexec-$(INSTALL_SUEXEC)
>
> install-suexec-binary:
> diff --git a/debian/patches/fhs_compliance.patch b/debian/patches/fhs_compliance.patch
> index be673f96..056d31a6 100644
> --- a/debian/patches/fhs_compliance.patch
> +++ b/debian/patches/fhs_compliance.patch
> @@ -4,7 +4,7 @@ Author: Adam Conrad <adconrad@0c3.net>
> Last-Update: 2012-02-25
> --- a/configure
> +++ b/configure
> -@@ -40130,17 +40130,17 @@
> +@@ -40439,17 +40439,17 @@
>
>
> cat >>confdefs.h <<_ACEOF
> @@ -27,7 +27,7 @@ Last-Update: 2012-02-25
>
> --- a/configure.in
> +++ b/configure.in
> -@@ -873,11 +873,11 @@
> +@@ -874,11 +874,11 @@
> echo $MODLIST | $AWK -f $srcdir/build/build-modules-c.awk > modules.c
>
> APR_EXPAND_VAR(ap_prefix, $prefix)
> diff --git a/debian/patches/series b/debian/patches/series
> index 8596c419..bb7458ed 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -5,15 +5,9 @@ customize_apxs.patch
> build_suexec-custom.patch
> reproducible_builds.diff
> #mod_proxy_ajp-add-secret-parameter.diff
> -buffer-http-request-bodies-for-tlsv13.diff
> -tlsv13-add-logno.diff
> +#buffer-http-request-bodies-for-tlsv13.diff
> +#tlsv13-add-logno.diff
>
> # This patch is applied manually
> #suexec-custom.patch
> spelling-errors.diff
> -CVE-2021-31618.patch
> -CVE-2021-30641.patch
> -CVE-2021-26691.patch
> -CVE-2021-26690.patch
> -CVE-2020-35452.patch
> -CVE-2020-13950.patch
> diff --git a/debian/patches/spelling-errors.diff b/debian/patches/spelling-errors.diff
> index 7fe3d085..f7b6e98a 100644
> --- a/debian/patches/spelling-errors.diff
> +++ b/debian/patches/spelling-errors.diff
> @@ -5,7 +5,7 @@ Last-Update: 2020-11-13
>
> --- a/modules/http2/h2_config.c
> +++ b/modules/http2/h2_config.c
> -@@ -721,7 +721,7 @@
> +@@ -730,7 +730,7 @@
> else if (!strcasecmp("BEFORE", sdependency)) {
> dependency = H2_DEPENDANT_BEFORE;
> if (sweight) {
> diff --git a/debian/perl-framework/t/apache/expr_string.t b/debian/perl-framework/t/apache/expr_string.t
> index a9115eee..66b09030 100644
> --- a/debian/perl-framework/t/apache/expr_string.t
> +++ b/debian/perl-framework/t/apache/expr_string.t
> @@ -7,6 +7,8 @@ use Apache::TestUtil qw(t_write_file t_start_error_log_watch t_finish_error_log_
>
> use File::Spec;
>
> +use Time::HiRes qw(usleep);
> +
> # test ap_expr
>
> Apache::TestRequest::user_agent(keep_alive => 1);
> @@ -62,6 +64,8 @@ foreach my $t (@test_cases) {
> 'SomeHeader' => 'SomeValue',
> 'User-Agent' => 'SomeAgent',
> 'Referer' => 'SomeReferer');
> + ### Sleep here, attempt to avoid intermittent failures. (LP: #1890302)
> + usleep(250000);
> my @loglines = t_finish_error_log_watch();
>
> my @evalerrors = grep {/(?:internal evaluation error|flex scanner jammed)/i
> diff --git a/debian/tests/check-http2 b/debian/tests/check-http2
> new file mode 100644
> index 00000000..6bc91251
> --- /dev/null
> +++ b/debian/tests/check-http2
> @@ -0,0 +1,41 @@
> +#!/bin/sh
> +set -uxe
> +
> +# http2 is rather new, check that it at least generally works
> +# Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> +
> +a2enmod http2
> +a2enmod ssl
> +a2ensite default-ssl
> +# Enable globally
> +echo "Protocols h2c h2 http/1.1" >> /etc/apache2/apache2.conf
> +service apache2 restart
> +
> +# Use curl here. wget doesn't work on Debian, even with --no-check-certificate
> +# wget on Debian gives me:
> +# GnuTLS: A TLS warning alert has been received.
> +# Unable to establish SSL connection.
> +# Presumably this is due to the self-signed certificate, but I'm not sure how
> +# to skip the warning with wget. curl will do for now.
> +echo "Hello, world!" > /var/www/html/hello.txt
> +
> +testapache () {
> + cmd="${1}"
> + result=$(${cmd})
> +
> + if [ "$result" != "Hello, world!" ]; then
> + echo "Unexpected result: ${result}" >&2
> + exit 1
> + else
> + echo OK
> + fi
> +}
> +
> +# https shall not affect http
> +testapache "curl -s -k http://localhost/hello.txt";
> +# https shall not affect https
> +testapache "curl -s -k https://localhost/hello.txt";
> +#plain http2
> +testapache "nghttp --no-verify-peer https://localhost/hello.txt";
> +#http2 upgrade
> +testapache "nghttp -u --no-verify-peer http://localhost/hello.txt";
> diff --git a/debian/tests/control b/debian/tests/control
> index be79f603..37ae2ca6 100644
> --- a/debian/tests/control
> +++ b/debian/tests/control
> @@ -23,6 +23,10 @@ Tests: ssl-passphrase
> Restrictions: needs-root allow-stderr breaks-testbed
> Depends: apache2, curl, expect, ssl-cert
>
> +Tests: check-http2
> +Restrictions: needs-root allow-stderr breaks-testbed
> +Depends: apache2, curl, ssl-cert, nghttp2-client
> +
> Tests: chroot
> Features: no-build-needed
> Restrictions: needs-root allow-stderr breaks-testbed
> diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
> index f7b8c0c7..593ba096 100644
> --- a/debian/upstream/signing-key.asc
> +++ b/debian/upstream/signing-key.asc
> @@ -5201,3 +5201,61 @@ R9i/x4rPeMllVGUhnWedlmJP50XTUVKG9RIjDjkXY8n6fWvqlItM7+sG53c82Q6z
> 2Zvzzqpnur6uMCSE2aZ8
> =FKwf
> -----END PGP PUBLIC KEY BLOCK-----
> +
> +pub rsa4096 2021-04-21 [SC]
> + C55A B7B9 139E B226 3CD1 AABC 19B0 33D1 760C 227B
> +uid [ ultime ] Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> +sub rsa4096 2021-04-21 [E]
> +
> +-----BEGIN PGP PUBLIC KEY BLOCK-----
> +
> +mQINBGCAei8BEADKUPoj6I2OjdZ44486xLrZoApbXP3hOadau8DgXXPO84b0dnCS
> +NqvV3aDSXULtSdh+48pVdv0yBtqCeo6pWNBR/aURxxh3vDJNyQVzhDZsdePITwmV
> +qkpICUXeuTpyow3ir1+05p0DU6F33TynhZsyHltKmu+GqvxYYrzud+bw9zTN0Z45
> +Br/cKF/YE2uVEjq/x440qtSQmFhM7eSQvTv9lo9QgMO+eQXK0Dt4bsfyAZ1q2HAt
> +XGup0iwQpoxS1ofdkSxpvCBWklAiNXH0+qHGdVTJlqCp70xpsC2DXhbckCeLi2w7
> +GGa3jCNuf6P5uxW+tPlyFm5aFBSDd/3gAsU8G/a3ng3+78peKjatpmTkBJmXpA1E
> +cDWFZNKLlS5eE1c2LG+Hgu0yZrvArsJ8dvjbAuYn7uCWLll/Pjy26L9mKwLlJdcl
> +TX2rgx7a+yi2nfJwtj0rWWqX95HudUcWRxBVtpCjg6NKzv97dm3wOUOm15xcp0r0
> +QAzNtjllOjr3RwTgE4B3j4GFXof92HKS8H+B1/z9ZBbz399fs/wS9o/sDyMVevNP
> +88IGihaxPkfTw0UKZz5cR6X1BWlcH3404bVB/LHcq7+c1NUqvRfIlwwwsKGjMCWf
> +vv3cDVUvb3mMhvQs0rBEyb71bbKCe3qb10CvOJAmocp1c+YHo5vpQYeMJQARAQAB
> +tDJDaHJpc3RvcGhlIEpBSUxMRVQgPGNocmlzdG9waGUuamFpbGxldEB3YW5hZG9v
> +LmZyPokCTgQTAQoAOBYhBMVat7kTnrImPNGqvBmwM9F2DCJ7BQJggHovAhsDBQsJ
> +CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEBmwM9F2DCJ7E4MP/iVC7ZglH2sLi5wv
> +YZaXqMib7dau1NmGUocaz57U6lR2WpfhTIiHELtFnmb8eVuJGzzmYaDwaIN/knOw
> +vudUGrMI5TjAmgAdj3BswXoJQNGhKhLwtf3yzvabFbp6oPfxq+PgXRMWnDojQ0cC
> ++VdfavJt4dOq1TrcH20B1GhJUiNxdkwAlVu3hcpdJ4pgIPVxxeozLAU3hLjMXxeo
> +j9eVmzTaM/fd0ykbIkMUHfPEdqnmbTPwk2lIMFwcoa7iUdcYIDDWbHvnvVZ+4Uae
> +pX6st8QHDva+etW/illgYRGMVsCL6FEtYRe+nTJLdvT81QoovVeoeyKtZNzCdNJb
> +WUfqoCoLDQza8ibRpHLleRIQS4zn/TtXpvVwMG5wjZCnEBypmBzriKSt9QrcvVKu
> +ROjR9Bizzwj1QUL3fMFoVWLLCt5TkGszZWvfmcjsq4gZhcgCrRp59BpuBa8Khvnf
> +l5OgVqttmM6PQcFwJTHKUc5Ltzh0xTXwYl6uSEGSn1DoDlmUSnK3R+x0u61FfiHh
> +KvkO/PIdTeA05ihkMRqMtDbPwsghmdXV2wlkcApdr4wXHsuYffvxN1daoUDQXDix
> +GgPFRG4eYORYY2hlAo7a4ahUzeCJJQGfrF/E3YojXsIgVIbp+UjlH4kkR9J6F/wl
> +NVgU2JF03YSZ9zyq4lSrP6lji2ehuQINBGCAei8BEACvQQIc89CwDOiKAeJCL9WW
> +U4O3XX1LwQCzz6W519PrFnQy3194ddT7L0E4gEB9cNBczxSpvMHUiYkynMLZ7i6a
> +X4BIVDzOyrN/5S6ZkOddpu9/zGJtupzN68SIpJrIry1zeXVm8Ex3VzfikVFDsxQg
> +OkTu4b0YWts4hJbJMa3cTh+pLQQ+vHqKe4z6L3hVfdL2LZ8W9xmDvCBh3Ysz/mZF
> +2dI47XdGGgGY/t50MpFJYrPy0JMfyeHdXHwF90pY/MwWr8QeHjlX589P1MMc/5UB
> +c1ScFfy40gUryUnRQudN12KEQZDMb4G/8Bz6t4mm8nOspDwwbdHjeZhyrWYZpEd/
> +ZV6iywoZ7IBzrdaWzgVs5+DhvJZVudpKlqVip37E9pUYKgMJ2A/asD85HV+yODiF
> +uub9t7quSWgKKkP75BfBzKCp0T0y+wRnKWUdnlEg2wK0QJxOjkhKw3uC84tr2dlx
> +CHWF0TLKjkUBqnDT3uSY8DMwZxqEyAEQWzBeP7MFsAy2yZChSHrSKN4ZMx57KYxj
> +1lsxqFYZo9h9bpar5L77JMkgUtqh+reZYAhMSpk33rgRH5dPpfvn3nkCKgngsxtf
> +gD9fPpVQgANTEj6rdvtOIFn1Z1U4B4GonaFTGPr771+6ZolLmpylbJp5kviiAz3f
> +CMJ1cVWhIvr/5G88X4jEMQARAQABiQI2BBgBCgAgFiEExVq3uROesiY80aq8GbAz
> +0XYMInsFAmCAei8CGwwACgkQGbAz0XYMInsbqA/9HFdq+s1Tk6rluxM3hjnx1HQ8
> +R9TStbZqBPrKllOPVNnBpjAShoBKCJ9XbSgzaGVlsDMOXe0wZMjW6TF18igVcA+T
> +wMTMcgy8Sq8vL7tv5JRtnhZzpM27Db3floWJMCmQtK7aGBC7MpyiHImRvieuDO9P
> +mwhx9mVDx6+VHb8PCnECg9TMQVEtP9Y0E8qgNy1R+axLShwgO1y/g+u3gPJwGr31
> +xiR3icaoMuvb+PEFOZk5L1Dh8rIExqbMH5yH9MeJXiGC2w1QX8KH194UbWRtS3zq
> +6FrZJ0ZVgoYCvn42icBVt51Nrgl1sqHINBH8ysgK6WvZlw9x22g0tErx3AwGNkrl
> +lPZ4ctQOxMQ541nN3IJoywxGfsOst2M4je+wNj6USNmAkg1WaezjqyQScw/oIKYj
> +o18dtGUf6Q3MMHe4O550+upz9bJ0eksCYvC0X2jTNuGdfZo9ZDNh3dxBkoNNbHK5
> +hc3m7qU68pdYPzqDkmDFIHyXSYXbmB1wTrrZZL1LQ6jE4a3mRT2v61CRglMUuQK7
> +yrZTrPOyuBsZSC//PxK93RgH1xfYR8G8dJPlv0pqF6jD1OjBb6nyU8slRsYfataR
> +ekJ4VhpVUYgDv8+EzGS9SkgY/DpiyLvPtuhqLXos4ABSwQOEYfG3RhGy7h2B404e
> +Ot6BQHeyFl0mtrYT1mI=
> +=L7j3
> +-----END PGP PUBLIC KEY BLOCK-----
--
Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature