groonga-httpd: Privilege escalation due to insecure use of logrotate (CVE-2019-11675)

Debian Bug report logs - #928304
groonga-httpd: Privilege escalation due to insecure use of logrotate (CVE-2019-11675)

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Wolfgang Hotwagner <sec@feedyourhead.at>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Wed, 01 May 2019 17:29:58 +0200

Package: groonga-httpd
Version: 6.1.5-1
Severity: critical
Tags: security
Justification: root security hole

Dear Maintainer,

The path of the logdirectory of groonga-httpd can be manipulated by user
groonga:

ls -l /var/log/groonga
total 8
-rw-r--r-- 1 root    root    1296 Apr 25 18:44 groonga.log
drwxr-xr-x 2 groonga groonga 4096 Apr 25 18:55 httpd

The files in /var/log/groonga/httpd/*.log are once a day rotated by
logrotate as user root with the following config:

/var/log/groonga/httpd/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 640 groonga groonga
    sharedscripts
    postrotate
        . /etc/default/groonga-httpd
        if [ x"$ENABLE" = x"yes" ]; then
            /usr/bin/curl --silent --output /dev/null \
                "http://127.0.0.1:10041/d/log_reopen"
        fi
    endscript
}


Due to logrotate is prone to a race-condition(see the link to my
blog below) it is possible for user "groonga" to replace the
directory /var/log/groonga/httpd with a symbolik link to any
directory(for example /etc/bash_completion.d). logrotate will place
files AS ROOT into /etc/bash_completition.d and set the owner and
group to "groonga.groonga". An attacker could simply place a
reverse-shell into this file. As soon as root logs in, a reverse
shell will be executed then.

You can find an exploit for this bug at my blog:
https://tech.feedyourhead.at/content/abusing-a-race-condition-in-logrotate-to-elevate-privileges

(This exploit won't work well with lvm or docker but works reliable
if the filesystem is directly on the disk)

Mitigation:

You could mitigate the problem by changing the owner and group of
/var/log/groonga to root, or by using the "su option" inside the
logrotate-configfile. 


-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages groonga-httpd depends on:
ii  curl                   7.52.1-5+deb9u9
ii  groonga-server-common  6.1.5-1
ii  init-system-helpers    1.48
ii  libc6                  2.24-11+deb9u4
ii  libgroonga0            6.1.5-1
ii  libpcre3               2:8.39-3
ii  libssl1.1              1.1.0j-1~deb9u1
ii  lsb-base               9.20161125
ii  zlib1g                 1:1.2.8.dfsg-5

groonga-httpd recommends no packages.

groonga-httpd suggests no packages.

-- no debconf information

Message #10 received at 928304@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Wolfgang Hotwagner <sec@feedyourhead.at>, 928304@bugs.debian.org

Subject: Re: Bug#928304: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Thu, 2 May 2019 08:02:04 +0200

Control: retitle -1 groonga-httpd: Privilege escalation due to insecure use of logrotate (CVE-2019-11675)

On Wed, May 01, 2019 at 05:29:58PM +0200, Wolfgang Hotwagner wrote:
> Package: groonga-httpd
> Version: 6.1.5-1
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> Dear Maintainer,
> 
> The path of the logdirectory of groonga-httpd can be manipulated by user
> groonga:
[...]

MITRE has now assigned CVE-2019-11675 for this issue.

Regards,
Salvatore

Message #17 received at 928304@bugs.debian.org (full text, mbox, reply):

From: Kentaro Hayashi <hayashi@clear-code.com>

To: 928304@bugs.debian.org

Cc: henrich@debian.or.jp

Subject: Re: Bug#928304: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Tue, 7 May 2019 23:15:58 +0900

[Message part 1 (text/plain, inline)]

Hi, 

I maintain Groonga package as a DM, so I want to fix #928304.
But I've never uploaded package to stable before, so I need help
 to do it in a good manner.

I've attached debdiff against current version.
Is it ok to upload stretch-security?

[debdiff-6.1.5-1_6.1.5-2.patch (text/x-diff, attachment)]

Message #22 received at 928304@bugs.debian.org (full text, mbox, reply):

From: Hideki Yamane <henrich@iijmio-mail.jp>

To: Kentaro Hayashi <hayashi@clear-code.com>, Salvatore Bonaccorso <carnil@debian.org>

Cc: 928304@bugs.debian.org, henrich@debian.org

Subject: Re: Bug#928304: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Wed, 8 May 2019 12:03:49 +0900

Hi Salvatore,

 Can you follow his question? I guess debian revision should be
 6.1.5-1+deb9u1, but others are okay.


On Tue, 7 May 2019 23:15:58 +0900
Kentaro Hayashi <hayashi@clear-code.com> wrote:
> I maintain Groonga package as a DM, so I want to fix #928304.
> But I've never uploaded package to stable before, so I need help
>  to do it in a good manner.
> 
> I've attached debdiff against current version.
> Is it ok to upload stretch-security?



diff -Nru groonga-6.1.5/debian/changelog groonga-6.1.5/debian/changelog
--- groonga-6.1.5/debian/changelog	2017-01-23 19:14:09.000000000 +0900
+++ groonga-6.1.5/debian/changelog	2019-05-07 22:33:11.000000000 +0900
@@ -1,3 +1,13 @@
+groonga (6.1.5-2) stretch-security; urgency=medium
+
+  * debian/groonga-httpd.logrotate
+    debian/groonga-server-gqtp.logrotate
+    - Mitigate privilege escalation by changing the owner and group of logs
+      with "su" option. Reported by Wolfgang Hotwagner.
+      (Closes: #928304) (CVE-2019-11675)
+
+ -- Kentaro Hayashi <hayashi@clear-code.com>  Tue, 07 May 2019 22:33:11 +0900
+
 groonga (6.1.5-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru groonga-6.1.5/debian/groonga-httpd.logrotate groonga-6.1.5/debian/groonga-httpd.logrotate
--- groonga-6.1.5/debian/groonga-httpd.logrotate	2016-12-10 15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-httpd.logrotate	2019-05-07 22:33:11.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/httpd/*.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-httpd
diff -Nru groonga-6.1.5/debian/groonga-server-gqtp.logrotate groonga-6.1.5/debian/groonga-server-gqtp.logrotate
--- groonga-6.1.5/debian/groonga-server-gqtp.logrotate	2016-12-10 15:18:50.000000000 +0900
+++ groonga-6.1.5/debian/groonga-server-gqtp.logrotate	2019-05-07 22:33:11.000000000 +0900
@@ -1,11 +1,11 @@
 /var/log/groonga/*-gqtp.log {
+    su groonga groonga
     daily
     missingok
     rotate 30
     compress
     delaycompress
     notifempty
-    create 640 groonga groonga
     sharedscripts
     postrotate
         . /etc/default/groonga-server-gqtp

Message #27 received at 928304@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Hideki Yamane <henrich@iijmio-mail.jp>, 928304@bugs.debian.org

Cc: Kentaro Hayashi <hayashi@clear-code.com>, henrich@debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#928304: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Wed, 8 May 2019 20:32:53 +0200

Hi, 

[please always include team@security.d.o as so any team member can
reply]

On Wed, May 08, 2019 at 12:03:49PM +0900, Hideki Yamane wrote:
> Hi Salvatore,
> 
>  Can you follow his question? I guess debian revision should be
>  6.1.5-1+deb9u1, but others are okay.

I think updating groonga via a future point release is enough for this
issue, can you go ahead for this route? (change the target
distribution to stretch instead of stretch-security for that).

In particular though I think the issue should be fixed in unstable and
buster, but I notice that testing has 9.0.0-1 and 9.0.1-1 did not
migrate. So either the release team will accept to unblock 9.0.1-1 or
buster would need a targeted fix as well via testing-proposed-updates,
cf. https://release.debian.org/buster/freeze_policy.html .

Regards,
Salvatore

Message #32 received at 928304@bugs.debian.org (full text, mbox, reply):

From: Kentaro Hayashi <hayashi@clear-code.com>

To: 928304@bugs.debian.org

Cc: henrich@debian.org, team@security.debian.org

Subject: Re: Bug#928304: groonga-httpd: Privilege escalation due to insecure use of logrotate

Date: Thu, 9 May 2019 23:27:26 +0900

Hi,

On Wed, 8 May 2019 20:32:53 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi, 
> 
> [please always include team@security.d.o as so any team member can
> reply]
> 

I've got it, thanks.

> On Wed, May 08, 2019 at 12:03:49PM +0900, Hideki Yamane wrote:
> > Hi Salvatore,
> > 
> >  Can you follow his question? I guess debian revision should be
> >  6.1.5-1+deb9u1, but others are okay.
> 
> I think updating groonga via a future point release is enough for this
> issue, can you go ahead for this route? (change the target
> distribution to stretch instead of stretch-security for that).
> 

Ok, I've uploaded.

> In particular though I think the issue should be fixed in unstable and
> buster, but I notice that testing has 9.0.0-1 and 9.0.1-1 did not
> migrate. So either the release team will accept to unblock 9.0.1-1 or
> buster would need a targeted fix as well via testing-proposed-updates,
> cf. https://release.debian.org/buster/freeze_policy.html .

I've filed as a unblock bug.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928715

Regards,

Message #37 received at 928304-close@bugs.debian.org (full text, mbox, reply):

From: Kentaro Hayashi <hayashi@clear-code.com>

To: 928304-close@bugs.debian.org

Subject: Bug#928304: fixed in groonga 9.0.1-2

Date: Thu, 09 May 2019 15:03:51 +0000

Source: groonga
Source-Version: 9.0.1-2

We believe that the bug you reported is fixed in the latest version of
groonga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 928304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kentaro Hayashi <hayashi@clear-code.com> (supplier of updated groonga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 May 2019 23:34:20 +0900
Source: groonga
Architecture: source
Version: 9.0.1-2
Distribution: unstable
Urgency: medium
Maintainer: Groonga Project <packages@groonga.org>
Changed-By: Kentaro Hayashi <hayashi@clear-code.com>
Closes: 928304
Changes:
 groonga (9.0.1-2) unstable; urgency=medium
 .
   * debian/groonga-httpd.logrotate
     debian/groonga-server-gqtp.logrotate
     - Mitigate privilege escalation by changing the owner and group of logs
       with "su" option. Reported by Wolfgang Hotwagner.
       (Closes: #928304) (CVE-2019-11675)
Checksums-Sha1:
 6acabf158bc5dd42250301af49ce40cec4a46d27 3181 groonga_9.0.1-2.dsc
 bbe6b760cbe320d8293eb43c60335d2708fb011a 15455806 groonga_9.0.1.orig.tar.gz
 da5b9be23639e2c096ff3ab5a7d97cece72f0682 195 groonga_9.0.1.orig.tar.gz.asc
 54623d6b77e6f1964777a821105ac5c42054c6ca 96860 groonga_9.0.1-2.debian.tar.xz
 1d0bdc47bff112cde2a8ee69aa66cce8d13d27d2 6970 groonga_9.0.1-2_source.buildinfo
Checksums-Sha256:
 f668c9ba182f77940edaed399bfc087862aa4172ba606453d66e2688bbf7878d 3181 groonga_9.0.1-2.dsc
 f850336390bdea293829ce017fb13eb1c9d9a23691f4a684ab9128e084e5edd4 15455806 groonga_9.0.1.orig.tar.gz
 d15d2318f58ce3368cccd860ecf875ab4e5fd69a7b7355c993c96cfb30bda602 195 groonga_9.0.1.orig.tar.gz.asc
 69520a343d1226e10972359ec7ab8adac57f63e51f8d6adbe521ea3f4f6f341d 96860 groonga_9.0.1-2.debian.tar.xz
 98cd5b3d1556cc65c8ae4a4fbff9cd88f86d0f2137754552dc77541786a5fa39 6970 groonga_9.0.1-2_source.buildinfo
Files:
 7b2034accf8a62e8bab46495e8483acf 3181 database optional groonga_9.0.1-2.dsc
 b362e2371162dda1b2f660c1b6a8552c 15455806 database optional groonga_9.0.1.orig.tar.gz
 47d1e2879f80e1740c7ab167af55fc64 195 database optional groonga_9.0.1.orig.tar.gz.asc
 3559c853f7dc3ed9c7f5e6d649de2078 96860 database optional groonga_9.0.1-2.debian.tar.xz
 d150fa3e972554b8a48b0ab04ab5a9d7 6970 database optional groonga_9.0.1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAlzUOvQACgkQ9/t1xWbt
IOMxHQ/+Jvkxwf0KOyU7ln2pZPjH0LKRn8xW9wb7BcsoXFxGl/3WsMZ4Yfo1CKD0
a0Awst9oXzfU+DqbUbXBFGrITbD9BdYLqwDa8au80sljCDghRWvGzlkfC/LxiKOw
U+KnRlAx7AHPGl/wukjO1MjOYelsM7i6He8Rrc1NGdEBqiL4mNiQ7zYvIrUUNgp8
9PV/hcx1yP90JAlJUtr0d7HcmkqcLpRrVPybRcQO2DEbMY3AWfgCuCkot5bTcNaM
egADLKU4iz6/aolvFl1JHctDEsjvNGFs0gb51E6rQORIaP/+C9E5afvHcvhchcSD
hVl3F5gVfREwLp44T74XyvoIepgFuPTiI2pXMtI6/hmPF8aoPcOEoKhksqvMJQe1
dBZ1J4uegjd2MlfB0BqZ447qIghH9pJLuWs89WvcpcFtO+foo+tDZejLXiTGzmoJ
ibklS31IVA5shpRZyxvrxexqyWstyMJ188PRlnbncMlsWZrwduWHEC1qCEks3jB9
E2MYBTS3OhzPlB49DaMp2S6Wz7++UM4pHMcBFL6c657204zfLlHXcSy6SZgyTSjn
CsuNdq1YEWUvcAc2JJ70E9m3E9KCnkOvgiLcFswlEIBGu/+IEBMJMfZGJZBKeUTi
9n599ul1FT+LiNi3gZ9pjPlliFjSVoPaAhS/K/SNZDMZc9aSVds=
=xnrI
-----END PGP SIGNATURE-----

Message #42 received at 928304-close@bugs.debian.org (full text, mbox, reply):

From: Kentaro Hayashi <hayashi@clear-code.com>

To: 928304-close@bugs.debian.org

Subject: Bug#928304: fixed in groonga 9.0.0-1+deb10u1

Date: Sat, 11 May 2019 13:03:28 +0000

Source: groonga
Source-Version: 9.0.0-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
groonga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 928304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kentaro Hayashi <hayashi@clear-code.com> (supplier of updated groonga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 May 2019 22:44:57 +0900
Source: groonga
Architecture: source
Version: 9.0.0-1+deb10u1
Distribution: testing-proposed-updates
Urgency: medium
Maintainer: Groonga Project <packages@groonga.org>
Changed-By: Kentaro Hayashi <hayashi@clear-code.com>
Closes: 928304
Changes:
 groonga (9.0.0-1+deb10u1) testing-proposed-updates; urgency=medium
 .
   * debian/groonga-httpd.logrotate
     debian/groonga-server-gqtp.logrotate
     - Mitigate privilege escalation by changing the owner and group of logs
       with "su" option. Reported by Wolfgang Hotwagner.
       (Closes: #928304) (CVE-2019-11675)
Checksums-Sha1:
 7ff32a98f7d32d65e355aa07b3ae1240af4a8851 3213 groonga_9.0.0-1+deb10u1.dsc
 7afc5c52e231ba3c0259ab79a6b0828c91ca3078 15420743 groonga_9.0.0.orig.tar.gz
 eaacb001998b1f7cb3448bd14124d66328163488 195 groonga_9.0.0.orig.tar.gz.asc
 e51163bcca0c6ab2074566a8b65de4929578ea3f 96880 groonga_9.0.0-1+deb10u1.debian.tar.xz
 2c67c00669696243e20af4f1383e9e3e422d484a 7002 groonga_9.0.0-1+deb10u1_source.buildinfo
Checksums-Sha256:
 6fb0f51a21654db4670313ad00aac6c01b76ee9df7202483e3b79c65cb50a6f3 3213 groonga_9.0.0-1+deb10u1.dsc
 5b762b52053eeab4e3e320014359bb5bdc18d9b0c3d42ad825051872434e50ea 15420743 groonga_9.0.0.orig.tar.gz
 223f6f2d171fde6fb5de09501cc19bf1ede1b14dc5720e4a8ee0b04011ae0196 195 groonga_9.0.0.orig.tar.gz.asc
 648919a36807fb2079e6535484277b94e06f04a3f101f6865cb38fc3e6489c8b 96880 groonga_9.0.0-1+deb10u1.debian.tar.xz
 e7b8f997b87c6e84afd3c5b8c2a09422b0198c202b34d30d90a5cad3811c40ac 7002 groonga_9.0.0-1+deb10u1_source.buildinfo
Files:
 16cbe0b124225509f7095f7e0b10cd92 3213 database optional groonga_9.0.0-1+deb10u1.dsc
 8d13bcdcb0e318aef5df5630d94993bc 15420743 database optional groonga_9.0.0.orig.tar.gz
 45084f9ae5a9b3f1fcdf45ecd441300a 195 database optional groonga_9.0.0.orig.tar.gz.asc
 32b819b0a75ef1674ecf0584585cb67f 96880 database optional groonga_9.0.0-1+deb10u1.debian.tar.xz
 c7824c8045c21c1c63e794a79c773385 7002 database optional groonga_9.0.0-1+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAlzUL3gACgkQ9/t1xWbt
IOMdiQ//fJSsjkOpacBzcIrX/i/k951qeJFX9GjAZj2YvrRKXTEoZZI7R1hEwyPR
AYZeRo636EYLjkfQ8+vxoN8pUQHzrWohPMGztoGc2kLDBf9GEFOYXMdkNhq6wqlh
b/Yoy6ei8xvIos/kU8jfmRqmYUZyvzOtP8qfaWB+HYHoxoycAs2spQQgQnTn45iN
aC/t+msXmBWVWVT7pcL41ez3ONpJF6VuCShXiBaJ/F5kymJAjBSJLSD2XYVP5Tic
PMX1eQ/8ERVXlZy4GRe/ATsudSPh/Fp9xJEVN9r4vi20hJ2sO3ekwNjKjG4VlezY
AiN/FbNwk7s1MMrburXvxAgYgXpHeZEYvMRscvnLAiP7wTkx8zVuexBzQvked6yS
/bWMGxfptzbPhTQoDyfSK0FjJQWyY0Zfjud3vD7yVWgTEZzRr4sqXAMDwOKNPs5g
IEzMUczpAchMK6dY62bs9XKx4nlsfaBiFaMKoWQOXXUq8VptacTMSM1E5sAloa8o
e6sweWiD4ZEnEMitRW51fjQKfMVjDhaJwonla9zW9LPSDSVgf57A2zWUW7aI/16h
gnT5KTEKERZR76fAy7HIpU7Q4qB+i8YDYyIFKxASfK/n/jZkNwsYy9Dp53L+jBYE
n99ECHIqpHZAxGnAdxMNCtOCxcZZQQUZ8le/t9a62xEtftgaz9I=
=0KZz
-----END PGP SIGNATURE-----

Message #47 received at 928304-close@bugs.debian.org (full text, mbox, reply):

From: Kentaro Hayashi <hayashi@clear-code.com>

To: 928304-close@bugs.debian.org

Subject: Bug#928304: fixed in groonga 6.1.5-1+deb9u1

Date: Mon, 13 May 2019 21:17:46 +0000

Source: groonga
Source-Version: 6.1.5-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
groonga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 928304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kentaro Hayashi <hayashi@clear-code.com> (supplier of updated groonga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 May 2019 22:33:11 +0900
Source: groonga
Architecture: source
Version: 6.1.5-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Groonga Project <packages@groonga.org>
Changed-By: Kentaro Hayashi <hayashi@clear-code.com>
Closes: 928304
Changes:
 groonga (6.1.5-1+deb9u1) stretch; urgency=medium
 .
   * debian/groonga-httpd.logrotate
     debian/groonga-server-gqtp.logrotate
     - Mitigate privilege escalation by changing the owner and group of logs
       with "su" option. Reported by Wolfgang Hotwagner.
       (Closes: #928304) (CVE-2019-11675)
Checksums-Sha1:
 8642ffd596164c39234a80dcf7f40d4fed9550b2 3096 groonga_6.1.5-1+deb9u1.dsc
 d160fb76fcfe99d270c957a898b20efdf9356968 14197733 groonga_6.1.5.orig.tar.gz
 1515d87e19fa8d23e5861ebe306e64935c39a224 195 groonga_6.1.5.orig.tar.gz.asc
 2e05db4782db0e966122ed29b2ac04d79d0158f2 95616 groonga_6.1.5-1+deb9u1.debian.tar.xz
 725ffe75677315927382d6bda62dbdd69988ba42 6998 groonga_6.1.5-1+deb9u1_source.buildinfo
Checksums-Sha256:
 f4752b8e0606b3c5de5aef9dafe882434976cbb147c50147b82a78e57c192907 3096 groonga_6.1.5-1+deb9u1.dsc
 bd404dca8860b4bb7af72d77020c95b32926f8976fecfe3ae2b9f8792e26105e 14197733 groonga_6.1.5.orig.tar.gz
 117a37fbb4a0d6aa050030b68a653989a2902809ae6b747924e7d35b28cab12c 195 groonga_6.1.5.orig.tar.gz.asc
 f8d6ca18f697c68686a5af81257d7d5d9491798a24b139adab0e0dd83dfd4e72 95616 groonga_6.1.5-1+deb9u1.debian.tar.xz
 2b33f96ba5ab986280ae228f367e75112d3a790a23d265931c57a6944c47ae09 6998 groonga_6.1.5-1+deb9u1_source.buildinfo
Files:
 5cc21365c9a1ea46b44ccbc1f32dcf67 3096 database optional groonga_6.1.5-1+deb9u1.dsc
 2563f0b631c41e212d89309a7ff71d31 14197733 database optional groonga_6.1.5.orig.tar.gz
 2c2c48cf003f70ba68234389eecd65f9 195 database optional groonga_6.1.5.orig.tar.gz.asc
 d7310e2e8ed2806bff0460e3e819bec0 95616 database optional groonga_6.1.5-1+deb9u1.debian.tar.xz
 70221a38ae10396c60f290f6ca03e285 6998 database optional groonga_6.1.5-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcZ6y2T2+nE0h+6Bk9/t1xWbtIOMFAlzUJ1YACgkQ9/t1xWbt
IOM+YRAAhr5YdOwe8oxe6Dzt5AZq7p0k+lLRXGe6ya/O1M9R1/MIRJ+qe3yoLVV1
sqIp+Mch65xN5ISRuem7bwpX6XpuVwhsJ8ZRsOAeWvR9Vi+5MGc3r9SU+fvdTFrr
V8SYuR8l9Mjf31d47naVx0hQNjeZ0pCMCjr/lNRHtxMVrfg6+CKhFXkks3mNpKV1
crLPm5+LO66iG2A6aGZIAsjQCeoZee0WWFKMW/wBLGfD49j91z0nD5Vjc03o451o
Pg/BL/aDcD6LCC5ITI+wo4lLglSopHe+uc6LwY8WIOFCgfnZrAJZi1DZoh7Yrv2c
XYNaUqpLfK+wQXiLEjR/VB1V6MOgAVcW8Bkz21y1bEHjkxqvlxiwnd7HV7rQjVqB
bRgiLYwldy9C6cw472h6PFiVJVFt/S53l9xXLPXbaX0l+HIkuW+YShzDXDKdgRl6
v1syHYNtI/nFC+bKnaluAGz9ZJ2eOb/S6yGTzg2Re0eVehYCydBruc6A1LvySCju
cUYpSlCdcL70aN75MzSKC8CtTa9PfkbwZ2nkgC2iVZa1gJTtal/lWkJjNNo8sAJ/
7Z4VbUhJoso9KY0SwNBcdAkupopAN468mge2c7UHZy3T8hGtPeuu4n4VspplIgFM
FyTN0QfIKfrHfH/4+C2qBpXNwl/13CGkSFLuiJk6bgWdRSVuWtw=
=6guE
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.