android-tools: CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp

Debian Bug report logs - #688280
android-tools: CVE-2012-5564: android-tools-adb creates a file with a static file name in /tmp

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: android-tools-adb creates a file with a static file name in /tmp

Date: Fri, 21 Sep 2012 07:24:17 +0200

[Message part 1 (text/plain, inline)]

Package: android-tools-adb
Version: 4.1.1+git20120801-1
Severity: normal

Dear Maintainer,

thanks for packaging adb&fastboot.

However I noticed a file '/tmp/adb.log' is created by adb. This is
done in

    fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
    [ core/adb/adb.c:701 ]

In my opinion this is a dirty hack and not acceptable from a security
point of view, symlinks attacks and the like. At least, if two
different non-root users use adb, the second one is unable (EPERM) to
write that file, potentially missing information.

For the records, I am using a private wheezy backport of
android-tools. No changes were done to the sources.

Regards,
    Christoph

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4.10 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages android-tools-adb depends on:
ii  libc6   2.13-35
ii  zlib1g  1:1.2.7.dfsg-13

android-tools-adb recommends no packages.

android-tools-adb suggests no packages.

-- no debconf information

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Paul Wise <pabs@debian.org>

To: 688280@bugs.debian.org

Subject: Re: android-tools-adb creates a file with a static file name in /tmp

Date: Mon, 09 May 2016 13:36:00 +0800

[Message part 1 (text/plain, inline)]

Control: clone -1 -2
Control: reassign -2 adb 1:6.0.0+r26-1~stage1
Control: tags -2 + security

On Fri, 21 Sep 2012 07:24:17 +0200 Christoph Biedl wrote:

> Package: android-tools-adb
> Version: 4.1.1+git20120801-1

This issue is also present in the adb binary package built from the new
android-platform-system-core source package.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Fathi Boudra <fabo@debian.org>

Cc: 688280@bugs.debian.org, Paul Wise <pabs@debian.org>

Subject: Re: reassign 688280 to adb

Date: Wed, 21 Dec 2016 15:59:23 +0100

Hi

On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> reassign 688280 adb 
> thanks

Is this reassign correct? Paul Wise in
https://bugs.debian.org/688280#14 already did clone the bug to
reassign it for the android-platform-system-core source package.

So there should still be 

#688280 for src:android-tools
#823792 for src:android-platform-system-core

Regards,
Salvatore

Message #36 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Fathi Boudra <fabo@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 688280@bugs.debian.org, Paul Wise <pabs@debian.org>

Subject: Re: reassign 688280 to adb

Date: Wed, 21 Dec 2016 20:49:00 +0200

Hi,

On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi
>
> On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
>> reassign 688280 adb
>> thanks
>
> Is this reassign correct? Paul Wise in
> https://bugs.debian.org/688280#14 already did clone the bug to
> reassign it for the android-platform-system-core source package.
>
> So there should still be
>
> #688280 for src:android-tools
> #823792 for src:android-platform-system-core

You're right. Jessie src:android-tools is still affected.

> Regards,
> Salvatore

Cheers,
Fathi

Message #43 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Fathi Boudra <fabo@debian.org>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 688280@bugs.debian.org, Paul Wise <pabs@debian.org>

Subject: Re: reassign 688280 to adb

Date: Tue, 27 Dec 2016 12:48:34 +0100

On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> Hi,
> 
> On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Hi
> >
> > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> >> reassign 688280 adb
> >> thanks
> >
> > Is this reassign correct? Paul Wise in
> > https://bugs.debian.org/688280#14 already did clone the bug to
> > reassign it for the android-platform-system-core source package.
> >
> > So there should still be
> >
> > #688280 for src:android-tools
> > #823792 for src:android-platform-system-core
> 
> You're right. Jessie src:android-tools is still affected.

Which version fixed this for src:android-tools in unstable?

Cheers,
        Moritz

Message #48 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>, 688280@bugs.debian.org

Cc: Fathi Boudra <fabo@debian.org>, Paul Wise <pabs@debian.org>

Subject: Re: Bug#688280: reassign 688280 to adb

Date: Tue, 27 Dec 2016 14:03:53 +0100

Hi Moritz,

On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> > Hi,
> > 
> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > > Hi
> > >
> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> > >> reassign 688280 adb
> > >> thanks
> > >
> > > Is this reassign correct? Paul Wise in
> > > https://bugs.debian.org/688280#14 already did clone the bug to
> > > reassign it for the android-platform-system-core source package.
> > >
> > > So there should still be
> > >
> > > #688280 for src:android-tools
> > > #823792 for src:android-platform-system-core
> > 
> > You're right. Jessie src:android-tools is still affected.
> 
> Which version fixed this for src:android-tools in unstable?

Not yet for unstable for src:android-tools. I recently updated the
security-tracker information as:

- android-tools <unfixed> (bug #688280) <-- still unfixed
- android-platform-system-core 1:7.0.0+r1-1 (bug #823792)

src:android-tools as per current version in unstable still has:

system/core/adb/adb.c:    fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);

Regards,
Salvatore

Message #53 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Fathi Boudra <fabo@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Moritz Mühlenhoff <jmm@inutil.org>, 688280@bugs.debian.org, Paul Wise <pabs@debian.org>

Subject: Re: Bug#688280: reassign 688280 to adb

Date: Tue, 27 Dec 2016 19:33:45 +0200

Hi,

On Tue, Dec 27, 2016 at 3:03 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi Moritz,
>
> On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
>> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
>> > Hi,
>> >
>> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
>> > > Hi
>> > >
>> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
>> > >> reassign 688280 adb
>> > >> thanks
>> > >
>> > > Is this reassign correct? Paul Wise in
>> > > https://bugs.debian.org/688280#14 already did clone the bug to
>> > > reassign it for the android-platform-system-core source package.
>> > >
>> > > So there should still be
>> > >
>> > > #688280 for src:android-tools
>> > > #823792 for src:android-platform-system-core
>> >
>> > You're right. Jessie src:android-tools is still affected.
>>
>> Which version fixed this for src:android-tools in unstable?
>
> Not yet for unstable for src:android-tools. I recently updated the
> security-tracker information as:
>
> - android-tools <unfixed> (bug #688280) <-- still unfixed
> - android-platform-system-core 1:7.0.0+r1-1 (bug #823792)
>
> src:android-tools as per current version in unstable still has:
>
> system/core/adb/adb.c:    fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);

adb binary in unstable isn't built anymore from src:android-tools,
only from src:android-platform-system-core.

android-platform-system-core is using 7.x source code and doesn't
contain fd = unix_open("/tmp/adb.log" anymore:
https://android.googlesource.com/platform/system/core/+/android-7.0.0_r1/adb/adb.cpp

https://android.googlesource.com/platform/system/core/+/android-5.1.1_r38/adb/adb.c#990

I haven't seen any patch from Google (or anybody else) to fix the 5.x serie.
Is randomizing the path with mktemp is good enough or should I get rid
of the log file completely?
Note: even if the source code code contains the problem, it isn't used
because we don't build adb at all in android-tools.

>
> Regards,
> Salvatore

Cheers,
Fathi

Message #58 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Fathi Boudra <fabo@debian.org>, 688280@bugs.debian.org

Cc: Moritz Mühlenhoff <jmm@inutil.org>, Paul Wise <pabs@debian.org>

Subject: Re: Bug#688280: reassign 688280 to adb

Date: Tue, 27 Dec 2016 20:01:41 +0100

Hi Fathi!

On Tue, Dec 27, 2016 at 07:33:45PM +0200, Fathi Boudra wrote:
> Hi,
> 
> On Tue, Dec 27, 2016 at 3:03 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Hi Moritz,
> >
> > On Tue, Dec 27, 2016 at 12:48:34PM +0100, Moritz Mühlenhoff wrote:
> >> On Wed, Dec 21, 2016 at 08:49:00PM +0200, Fathi Boudra wrote:
> >> > Hi,
> >> >
> >> > On Wed, Dec 21, 2016 at 4:59 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:
> >> > > Hi
> >> > >
> >> > > On Wed, Dec 21, 2016 at 03:49:26PM +0200, Fathi Boudra wrote:
> >> > >> reassign 688280 adb
> >> > >> thanks
> >> > >
> >> > > Is this reassign correct? Paul Wise in
> >> > > https://bugs.debian.org/688280#14 already did clone the bug to
> >> > > reassign it for the android-platform-system-core source package.
> >> > >
> >> > > So there should still be
> >> > >
> >> > > #688280 for src:android-tools
> >> > > #823792 for src:android-platform-system-core
> >> >
> >> > You're right. Jessie src:android-tools is still affected.
> >>
> >> Which version fixed this for src:android-tools in unstable?
> >
> > Not yet for unstable for src:android-tools. I recently updated the
> > security-tracker information as:
> >
> > - android-tools <unfixed> (bug #688280) <-- still unfixed
> > - android-platform-system-core 1:7.0.0+r1-1 (bug #823792)
> >
> > src:android-tools as per current version in unstable still has:
> >
> > system/core/adb/adb.c:    fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
> 
> adb binary in unstable isn't built anymore from src:android-tools,
> only from src:android-platform-system-core.
> 
> android-platform-system-core is using 7.x source code and doesn't
> contain fd = unix_open("/tmp/adb.log" anymore:
> https://android.googlesource.com/platform/system/core/+/android-7.0.0_r1/adb/adb.cpp
> 
> https://android.googlesource.com/platform/system/core/+/android-5.1.1_r38/adb/adb.c#990
> 
> I haven't seen any patch from Google (or anybody else) to fix the 5.x serie.
> Is randomizing the path with mktemp is good enough or should I get rid
> of the log file completely?
> Note: even if the source code code contains the problem, it isn't used
> because we don't build adb at all in android-tools.

Thanks a lot for your comments. So it looks that even if we would be
affected source-wise, since android-tools/5.1.1.r38-1 the
binary-package android-tools-adb which contained /usr/bin/adb is not
built anymore. 

I have added a corresponding note to 

https://security-tracker.debian.org/tracker/CVE-2012-5564

so that it now reads:

 CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...)
        - android-tools <unfixed> (unimportant; bug #688280)
        NOTE: Since android-tools/5.1.1.r38-1 the android-tools-adb binary package
        NOTE: is not built anymore which used to contain /usr/bin/adb.
        NOTE: Package still affected source-wise.

I wouldn't invest much energy though in fixing the issue. The reason
is that due to the kernel hardening
(https://www.debian.org/releases/jessie/amd64/release-notes/ch-whats-new.en.html#security)
nullifies the symlink attacks, thus /tmp related bugs are marked in
meanwhile as severity "unimportant" in the security-tracker (as you
can see in the entry above).

It is really good that you and your team though have fixed the copy in
android-platform-system-core (bug #823792) via new upstream versions
which fixed that source-wise.

Hope this clarifies the back-and-forth on this issue.

Regards,
Salvatore

Message #65 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Paul Wise <pabs@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, Fathi Boudra <fabo@debian.org>, 688280@bugs.debian.org, 823792@bugs.debian.org

Cc: Moritz Mühlenhoff <jmm@inutil.org>

Subject: Re: Bug#688280: reassign 688280 to adb

Date: Fri, 30 Dec 2016 13:04:30 +0800

[Message part 1 (text/plain, inline)]

Control: reopen 823792
Control: found 823792 1:7.0.0+r1-1

On Tue, 2016-12-27 at 20:01 +0100, Salvatore Bonaccorso wrote:

> It is really good that you and your team though have fixed the copy in
> android-platform-system-core (bug #823792) via new upstream versions
> which fixed that source-wise.

I don't think this is actually fixed by the new upstream versions,
take a look at the GetLogFilePath function via codesearch:

https://sources.debian.net/src/android-platform-system-core/1:7.0.0%2Br1-2/adb/client/main.cpp/?hl=58#L37

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

[signature.asc (application/pgp-signature, inline)]

Message #70 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Hans-Christoph Steiner <hans@eds.org>

To: 823792@bugs.debian.org, 688280@bugs.debian.org

Subject: policy issue not security

Date: Wed, 1 Mar 2017 09:37:27 +0100

Yes, it still makes the log, but now at least with reasonable
permissions, so its not a security issue any more but a Debian policy issue:

$ ls -l /tmp/adb.1000.log
-rw-r----- 1 1000 1000 179 Mar  1 08:31 /tmp/adb.1000.log

I suppose that path should be changed to /var/log/adb/

Message #75 received at 688280@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

To: Hans-Christoph Steiner <hans@eds.org>, 688280@bugs.debian.org, 823792@bugs.debian.org

Subject: Re: Bug#688280: policy issue not security

Date: Wed, 01 Mar 2017 16:45:57 -0800

On Wed 2017-03-01 00:37:27 -0800, Hans-Christoph Steiner wrote:
> Yes, it still makes the log, but now at least with reasonable
> permissions, so its not a security issue any more but a Debian policy issue:
>
> $ ls -l /tmp/adb.1000.log
> -rw-r----- 1 1000 1000 179 Mar  1 08:31 /tmp/adb.1000.log

Why is this not a security issue?  there are symlink/race conditions
here, which some modern kernels should defend against, but not all
kernels do.  Please, let's get this fixed right.

> I suppose that path should be changed to /var/log/adb/

if the log is an ephemeral per-user log, it should be placed somewhere
like /run/user/$(id -u)/adb.log

               --dkg

Message #80 received at 688280-close@bugs.debian.org (full text, mbox, reply):

From: Hans-Christoph Steiner <hans@eds.org>

To: 688280-close@bugs.debian.org

Subject: Bug#688280: fixed in android-platform-system-core 1:7.0.0+r1-4

Date: Mon, 27 Mar 2017 21:00:13 +0000

Source: android-platform-system-core
Source-Version: 1:7.0.0+r1-4

We believe that the bug you reported is fixed in the latest version of
android-platform-system-core, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 688280@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hans-Christoph Steiner <hans@eds.org> (supplier of updated android-platform-system-core package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Mar 2017 13:47:44 +0100
Source: android-platform-system-core
Binary: android-liblog android-liblog-dev android-libcutils android-libcutils-dev adb android-libsparse android-libsparse-dev android-libutils android-libutils-dev android-libziparchive android-libziparchive-dev android-platform-system-core-headers android-libbacktrace android-libbacktrace-dev android-libadb android-libadb-dev android-libbase android-libbase-dev fastboot simg2img img2simg append2simg android-tools-adb android-tools-fastboot
Architecture: source amd64 all
Version: 1:7.0.0+r1-4
Distribution: unstable
Urgency: medium
Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
Changed-By: Hans-Christoph Steiner <hans@eds.org>
Description:
 adb        - Android Debug Bridge
 android-libadb - Library for Android Debug Bridge
 android-libadb-dev - Library for Android Debug Bridge - Development files
 android-libbacktrace - Android backtrace library
 android-libbacktrace-dev - Android backtrace library - Development files
 android-libbase - Android base library
 android-libbase-dev - Android base library - Development files
 android-libcutils - Android utils library for C
 android-libcutils-dev - Android utils library for C - Development files
 android-liblog - Android NDK logger interfaces
 android-liblog-dev - Android NDK logger interfaces - Development files
 android-libsparse - Library for sparse files
 android-libsparse-dev - Library for sparse files - Development files
 android-libutils - Android Utility Function Library
 android-libutils-dev - Android Utility Function Library - Development files
 android-libziparchive - Library for ZIP archives
 android-libziparchive-dev - Library for ZIP archives - Development files
 android-platform-system-core-headers - Shared headers in AOSP repository platform/system/core
 android-tools-adb - transitional package
 android-tools-fastboot - transitional package
 append2simg - Android sparse image tool
 fastboot   - Android fastboot tool
 img2simg   - Android sparse image creation tool
 simg2img   - Android sparse image conversion tool
Closes: 688280 823792 858177
Changes:
 android-platform-system-core (1:7.0.0+r1-4) unstable; urgency=medium
 .
   * transitional dummy packages for android-tools-adb / android-tools-fastboot
   * move adb log file to proper dir (Closes: #823792, #688280)
   * import upstream 7.0.0_r31 fixes for CVE-2016-3861 (Closes: #858177)
Checksums-Sha1:
 9ce2a71feb396562649096cc6cde3488f643b669 5104 android-platform-system-core_7.0.0+r1-4.dsc
 3395d91be9e1bf1686518b1481b8247f6f5bcda8 31876 android-platform-system-core_7.0.0+r1-4.debian.tar.xz
 f26e8a27da442dd8062a560ddfa68c45924c0ece 397836 adb-dbgsym_7.0.0+r1-4_amd64.deb
 40d658282649f740ff469d10ef9b6ab7de1df45b 71538 adb_7.0.0+r1-4_amd64.deb
 4e4348167f227eaeab5ecb0120c72f2d3bd10913 763150 android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
 d62fc636df7d3e3959a920312d37d94c4fd73d66 14996 android-libadb-dev_7.0.0+r1-4_amd64.deb
 52548f39de99b2c4d4be4c73b9941e9b76bd19b8 82414 android-libadb_7.0.0+r1-4_amd64.deb
 14e016cf1c969c3d9f2341aefbe80f3244612d38 244906 android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
 422db3c6b63e4c5be8fe2f9ee1585f627ed3439e 9732 android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
 d40ed0f370d53a07522f0c369d90feb3b2bb8c12 33498 android-libbacktrace_7.0.0+r1-4_amd64.deb
 8a9d2214bcf87d856316bcbe234be0be42353979 161310 android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
 2ec9443e85dd098f10f7b105f014cc48b0e93806 17220 android-libbase-dev_7.0.0+r1-4_amd64.deb
 d5147f63a91bf5eb50adad246b411d4b66964745 20438 android-libbase_7.0.0+r1-4_amd64.deb
 9e6e9e7df32049e6b6231bfe15e4adb649bff88d 56268 android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
 f6588122aaad3d6264b8419a73e9131f7121d12a 23062 android-libcutils-dev_7.0.0+r1-4_amd64.deb
 d01ce9e75a246ec31858be0b15b329bd5f43caf0 24290 android-libcutils_7.0.0+r1-4_amd64.deb
 71c073d6582977f8a31229f55c78e9c1e3db68b7 33506 android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
 2bf62e268285d66385783dd59b3f22fb1c29b488 19056 android-liblog-dev_7.0.0+r1-4_amd64.deb
 a3be6e5d9ed3b802730ee67369b0cfeb68f443ac 18016 android-liblog_7.0.0+r1-4_amd64.deb
 4784e927eff04c84669dd52d277fc22c6517d9a9 28922 android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
 fb42601d620a6a8d548ed84ff81754ab69a141c0 9250 android-libsparse-dev_7.0.0+r1-4_amd64.deb
 3f4958cb8076a41a9b1d96ff7a02414d81b2c873 18272 android-libsparse_7.0.0+r1-4_amd64.deb
 480eabee6b607d215f1035ed0f9d879bac6448bc 242736 android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
 3619f7641d844a54e6cdcdcfd22159b42b0438f4 52240 android-libutils-dev_7.0.0+r1-4_amd64.deb
 3f6c2d469f7b6af9825760c005bef2014468157c 50582 android-libutils_7.0.0+r1-4_amd64.deb
 f74091c6e6f535b00e25938c2f23d3cd3a15f85c 116826 android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
 75ac5c77ca34f945d88de0e1412b5b0f17de6a38 10768 android-libziparchive-dev_7.0.0+r1-4_amd64.deb
 4a3ec06256fbcfda248f6812cd9297898d687de2 21244 android-libziparchive_7.0.0+r1-4_amd64.deb
 7fc13e3d85d49f8353c2dd52c4573d00d4c5caca 32846 android-platform-system-core-headers_7.0.0+r1-4_all.deb
 835346dca2e573a8d49a034c8a696791fc90bcf2 16729 android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
 9f07f8304f1591c3b8c4989c08d7ba58de0eb948 6722 android-tools-adb_7.0.0+r1-4_all.deb
 9290fbd672790ce38997ef8ace2480c56b4a32be 6726 android-tools-fastboot_7.0.0+r1-4_all.deb
 1c008529d006981d5bc5590d731fae9cdcd3642b 6596 append2simg-dbgsym_7.0.0+r1-4_amd64.deb
 3096adae0a57f9282ca0d4e719223719599a1fcf 9766 append2simg_7.0.0+r1-4_amd64.deb
 115049599931b34dcc5b6163a4f18c5a8dd6bccb 300994 fastboot-dbgsym_7.0.0+r1-4_amd64.deb
 2c7ce81cc8235228b8e39236642e1d05c602a59c 48876 fastboot_7.0.0+r1-4_amd64.deb
 74687154d05331c0cdefabf994130b35a91b0e42 6178 img2simg-dbgsym_7.0.0+r1-4_amd64.deb
 2b4e6f60f8455237590194ff62b3d0ecddfa1a06 9610 img2simg_7.0.0+r1-4_amd64.deb
 78effe3cbf966f6febb255271066fa89a80e9cab 6278 simg2img-dbgsym_7.0.0+r1-4_amd64.deb
 793b486860bdbb087b734de36b236b129250d141 10668 simg2img_7.0.0+r1-4_amd64.deb
Checksums-Sha256:
 443ed83a2f207c90efb46e3f2303f11b1a9a3d1a7fe5171c88ad4a8b2f04e92d 5104 android-platform-system-core_7.0.0+r1-4.dsc
 14c16b79e05076e20d7c7987488f9a7627d57c3e42f3639db38666a84bae5fef 31876 android-platform-system-core_7.0.0+r1-4.debian.tar.xz
 6c3e90c7215dc99c49574f8f84ab89ab6b609bb7b3b439c6dcf3fb3ef51bfbd1 397836 adb-dbgsym_7.0.0+r1-4_amd64.deb
 6d58c4fd485d60a45b273eedb309911b8e54d24642a1e3fc80858cc51dcf8a6f 71538 adb_7.0.0+r1-4_amd64.deb
 1d70cc4b099b2a8b10cdcd79af3c80781cc88430ede92717139f53370be9a410 763150 android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
 da974218d6af56435a941f94ab324ccc8f5349da9e91a35f0dec46e854bd288b 14996 android-libadb-dev_7.0.0+r1-4_amd64.deb
 49ab279121da76753b69680642a65cac5ac065080c1d9f4c9985f6d070b68e90 82414 android-libadb_7.0.0+r1-4_amd64.deb
 836175b1374d39cc2e2c19ab0726d114a3db2c986fc0ed140c9a5a0bdf6e9b4a 244906 android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
 78a8d26e644696ec2630a758e2b37d33b7793650f2afb864b2789f8a27004930 9732 android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
 d3f4f5dc5b49385c7a86632fe5a6f47b2d6adbc19fb911eb9f5ab3580e48d3d4 33498 android-libbacktrace_7.0.0+r1-4_amd64.deb
 8a4115ce2d25898c01dc91aff6ed42a97456c06bc0427529acf554de5c84ef09 161310 android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
 a48dd4c753783d14fe324f61b937cef9c354da8872668298cf49144f73e4bfed 17220 android-libbase-dev_7.0.0+r1-4_amd64.deb
 1691b8b636f7170772bd42181a137b0de4a98032aec452cc70bfe1f08941f838 20438 android-libbase_7.0.0+r1-4_amd64.deb
 d0a237c6ed1a669a89edbb1fc8a48b6ebe02375d1920112d7cdf86a38aabd172 56268 android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
 57d9f5ada18f92a3129b4413a0ea46b150eef8a7d51095dbd51b9163c5436dc8 23062 android-libcutils-dev_7.0.0+r1-4_amd64.deb
 9037feced803a1e9997ede4c8d1a362303a7d75836ec4eeb4855af26ffa8873e 24290 android-libcutils_7.0.0+r1-4_amd64.deb
 cb066ed5daca545a476c2ecb1e10bf249d408304c96e7c720a3a8db2387e5bfd 33506 android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
 40ec70c9970d1388515e92394b8a24095dc9494b66e3fb2a635533c25b81ef17 19056 android-liblog-dev_7.0.0+r1-4_amd64.deb
 728b417d09aa85eb778a2e925b25d52925cfefa4e2805dc3c6a0031fb2646e3b 18016 android-liblog_7.0.0+r1-4_amd64.deb
 0ba06d2e1166a14fbad6129a506ee9a7473337d463131387e7cc4b339d278f58 28922 android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
 20cba47bc92baad1846d10e11d104332d07b756c91c77e819cfdb0121de4382c 9250 android-libsparse-dev_7.0.0+r1-4_amd64.deb
 54e999de0dd33ed48730d998ab8e707eb7e4446b9381353c249576a535780da9 18272 android-libsparse_7.0.0+r1-4_amd64.deb
 ff26f6f1f91efa72e8e0c446011e3551c3a0e611a7763c54609021c5ce942c11 242736 android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
 8198bd360d81993f118e1db57c8e8cabe9b007800942f5f3bf78aebaeef7a1dd 52240 android-libutils-dev_7.0.0+r1-4_amd64.deb
 6f13e62e41ac7e6c3ba8d4804ff6f929092075b9ce05dd7fbe386b64026b23ae 50582 android-libutils_7.0.0+r1-4_amd64.deb
 e6cb6d6b0a89930cd586fe702ae5293e114e87a0cfffcb863ea2828964c800e0 116826 android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
 b84f3b58acfa79ef62abd0481eb1ea85f24bb8876561c58f2a6224e8eace1600 10768 android-libziparchive-dev_7.0.0+r1-4_amd64.deb
 faad24c4f7c5c16f4fc53a5b2a6e63ff8dfcdaf2e0942855f37a595820ea3505 21244 android-libziparchive_7.0.0+r1-4_amd64.deb
 042c308f0e953151aece746ddcde3ec97afaddc296e583623e382022e8e4d492 32846 android-platform-system-core-headers_7.0.0+r1-4_all.deb
 d34d5a3c03a4d521cff6b70af349fc8395d02268687c6e419611817346601531 16729 android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
 3459ab5c6f0c53f5af04d14b0dc5dba40b153eed3790000b5f4ad6117c8d17c9 6722 android-tools-adb_7.0.0+r1-4_all.deb
 ab2f80d008ff818dd3e0bcb8602b090938ebb0571f78128955b4d7f163bba6d9 6726 android-tools-fastboot_7.0.0+r1-4_all.deb
 3a67a85c5ac70aa30b5e38edabd823f5b8b2344c79834ef520063f96b4b51141 6596 append2simg-dbgsym_7.0.0+r1-4_amd64.deb
 f2f9496274bf69d8de5352cc9596b807b0000b6f0d89a608ceb079158053304e 9766 append2simg_7.0.0+r1-4_amd64.deb
 7472cd59edf144284de6c85f0118888e478f9df286b1d0e3a1708ece79430569 300994 fastboot-dbgsym_7.0.0+r1-4_amd64.deb
 ac116448a699114e12e2dab54bce7129b3ce1242c6d67743246151d4ddfd795f 48876 fastboot_7.0.0+r1-4_amd64.deb
 7ca7f443e1a11fedf938b3e5695f7a33234625d70cbf19cd5f521e0bf48598e9 6178 img2simg-dbgsym_7.0.0+r1-4_amd64.deb
 3f7f33083866c770f61c2526e8e42b6e1c992eff7a3b7f462e4fcee7de3f38ff 9610 img2simg_7.0.0+r1-4_amd64.deb
 ba3d66342786f801b9a8479a55e1fff25fe0f874e1ecccab62ec666e3273642b 6278 simg2img-dbgsym_7.0.0+r1-4_amd64.deb
 86f65ca246db17b9c399e2d2d142a296d356b79d126c031b85d9811ce51488e2 10668 simg2img_7.0.0+r1-4_amd64.deb
Files:
 45df1bda153a64dd098d9ec234b5d722 5104 devel optional android-platform-system-core_7.0.0+r1-4.dsc
 95cf397cf64c867f3e55b8b8a52c3951 31876 devel optional android-platform-system-core_7.0.0+r1-4.debian.tar.xz
 7d4c54bb650558a3c02b8d90b17889f8 397836 debug extra adb-dbgsym_7.0.0+r1-4_amd64.deb
 3aa5a37eaaae8cbaba10ea9229ffa06a 71538 devel optional adb_7.0.0+r1-4_amd64.deb
 66417a6200dca64675a6e9600c27d1f2 763150 debug extra android-libadb-dbgsym_7.0.0+r1-4_amd64.deb
 b343ab0e7c78064044464d766c2a74a3 14996 libdevel optional android-libadb-dev_7.0.0+r1-4_amd64.deb
 4df2e4e3e88a2ba57c92d4767836fa74 82414 libs optional android-libadb_7.0.0+r1-4_amd64.deb
 0df5e04c34899a96116d9e563114ec9d 244906 debug extra android-libbacktrace-dbgsym_7.0.0+r1-4_amd64.deb
 75c173ba4472be02421192d030777e7e 9732 libdevel optional android-libbacktrace-dev_7.0.0+r1-4_amd64.deb
 de54d775a282336ec5d86acfa55ad304 33498 libs optional android-libbacktrace_7.0.0+r1-4_amd64.deb
 9a1f94fb71c2f84202e6524f0e426638 161310 debug extra android-libbase-dbgsym_7.0.0+r1-4_amd64.deb
 80d6973a39746cc80225c82f09ed02d7 17220 libdevel optional android-libbase-dev_7.0.0+r1-4_amd64.deb
 9d3a6155e11685568a039bd54a6fbdb7 20438 libs optional android-libbase_7.0.0+r1-4_amd64.deb
 e90e564febd971bd4a92621fe76ed8a9 56268 debug extra android-libcutils-dbgsym_7.0.0+r1-4_amd64.deb
 976bb1a65038118b9ee062799c5d67f5 23062 libdevel optional android-libcutils-dev_7.0.0+r1-4_amd64.deb
 7a25c59438cebcf4dead977af52bfbc5 24290 libs optional android-libcutils_7.0.0+r1-4_amd64.deb
 49ef52ff4189de3fdc324dedd038a5b1 33506 debug extra android-liblog-dbgsym_7.0.0+r1-4_amd64.deb
 84cb5d83bd21a18a7cd80e8b362a9b45 19056 libdevel optional android-liblog-dev_7.0.0+r1-4_amd64.deb
 c33bc16f93aad7cc4eb83922787f56b6 18016 libs optional android-liblog_7.0.0+r1-4_amd64.deb
 b5fb9ae93f02d4843d220989fec1ad45 28922 debug extra android-libsparse-dbgsym_7.0.0+r1-4_amd64.deb
 108cf88c5d78091a5fd09cd17d012e18 9250 libdevel optional android-libsparse-dev_7.0.0+r1-4_amd64.deb
 89cd1d81122ffc53c12e49b0ea70f1d8 18272 libs optional android-libsparse_7.0.0+r1-4_amd64.deb
 55e202fc731d578a0b8e9a2cfcb62f96 242736 debug extra android-libutils-dbgsym_7.0.0+r1-4_amd64.deb
 5e7860a14b9a8de1364e06b6f32012c9 52240 libdevel optional android-libutils-dev_7.0.0+r1-4_amd64.deb
 c38c77fbb22176e44c12353b9c87c4e7 50582 libs optional android-libutils_7.0.0+r1-4_amd64.deb
 7154ce7b732d20947936f5eda6a5d34e 116826 debug extra android-libziparchive-dbgsym_7.0.0+r1-4_amd64.deb
 227aa43f0fd1c7c7b49e974dc6535c75 10768 libdevel optional android-libziparchive-dev_7.0.0+r1-4_amd64.deb
 9c5c978f9c252929d7c8caa25a353e10 21244 libs optional android-libziparchive_7.0.0+r1-4_amd64.deb
 fbd96e7007303eae2559a9f22ecdfbbb 32846 libdevel optional android-platform-system-core-headers_7.0.0+r1-4_all.deb
 b8de9fd8fee9c219589caa7fba26c2a3 16729 devel optional android-platform-system-core_7.0.0+r1-4_amd64.buildinfo
 57a002a174e03bfbe2df23254de6cde4 6722 oldlibs extra android-tools-adb_7.0.0+r1-4_all.deb
 6819914667c76ff1ee3559d6cdaa901f 6726 oldlibs extra android-tools-fastboot_7.0.0+r1-4_all.deb
 429e81276978b6f80cc4941c2d6d4dda 6596 debug extra append2simg-dbgsym_7.0.0+r1-4_amd64.deb
 3f5b7e63c33d15aaa2d6b692b0089adb 9766 devel optional append2simg_7.0.0+r1-4_amd64.deb
 03945268d76307ac6b3179c649f37693 300994 debug extra fastboot-dbgsym_7.0.0+r1-4_amd64.deb
 84cbfd24bc9aa1300b25222fa41b5dee 48876 devel optional fastboot_7.0.0+r1-4_amd64.deb
 88327f14eb1041d8aed191a8e683d69d 6178 debug extra img2simg-dbgsym_7.0.0+r1-4_amd64.deb
 73bd405fc3f65e37ea723fd05aea86e2 9610 devel optional img2simg_7.0.0+r1-4_amd64.deb
 b6dd278625890354c08b92606685f2f0 6278 debug extra simg2img-dbgsym_7.0.0+r1-4_amd64.deb
 a308270621e73699952a80b6052d78bd 10668 devel optional simg2img_7.0.0+r1-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPG for Android - https://guardianproject.info/code/gnupg/

iQEcBAEBCAAGBQJY2Lr+AAoJED4XeBe6G5v69RIIAMO58UtnpUyiUmga6LhyKvk/
QL/5T7WDLTKws9GDNLhmh4j/J+3z3ROu+byEAQzQc3jaDeUxhyhLVA1i98VXsIJS
40ej430x+T3MGmAeqps+esW5L/n1hFtCrxKzp3I6tM28tFfFx1aDgbSQpGxBm0Hh
8M25V6iq/UQX4fSaqMSQ9mJ9xt6l/jwKnEUAJbWmhXNVzV0/VRuMgJT9xoTlcOfg
4AOObTsbDATVEpYg7whKkd0wzozAqQI2uOaOuawiWWYQGCFSFC3jY43ohNcKAF0i
kOLYaB1j8FJijTppPYBW6VZSOgpIYLQokGMiS353BN3GQdmZkCP+1mYP3ENQ2N0=
=99yw
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.