All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Peter Jones <pjones@redhat.com>,
	Dave Young <dyoung@redhat.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Juerg Haefliger <juerg.haefliger@hpe.com>
Subject: [PATCH 4.4 087/112] PKCS#7: Dont require SpcSpOpusInfo in Authenticode pkcs7 signatures
Date: Wed, 26 Oct 2016 14:23:10 +0200	[thread overview]
Message-ID: <20161026122308.463909756@linuxfoundation.org> (raw)
In-Reply-To: <20161026122304.797016625@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Peter Jones <pjones@redhat.com>

commit 7ee7014d0eb6bcac679c0bd5fe9ce65bc4325648 upstream.

Dave Young reported:
> Hi,
>
> I saw the warning "Missing required AuthAttr" when testing kexec,
> known issue?  Idea about how to fix it?
>
> The kernel is latest linus tree plus sevral patches from Toshi to
> cleanup io resource structure.
>
> in function pkcs7_sig_note_set_of_authattrs():
>         if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
>             !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
>             (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
>                 pr_warn("Missing required AuthAttr\n");
>                 return -EBADMSG;
>         }
>
> The third condition below is true:
> (ctx->msg->data_type == OID_msIndirectData &&
>              !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))
>
> I signed the kernel with redhat test key like below:
> pesign -c 'Red Hat Test Certificate' -i arch/x86/boot/bzImage -o /boot/vmlinuz-4.4.0-rc8+ -s --force

And right he is!  The Authenticode specification is a paragon amongst
technical documents, and has this pearl of wisdom to offer:

---------------------------------
Authenticode-Specific SignerInfo UnauthenticatedAttributes Structures

  The following Authenticode-specific data structures are present in
  SignerInfo authenticated attributes.

  SpcSpOpusInfo
  SpcSpOpusInfo is identified by SPC_SP_OPUS_INFO_OBJID
  (1.3.6.1.4.1.311.2.1.12) and is defined as follows:
  SpcSpOpusInfo ::= SEQUENCE {
    programName  [0] EXPLICIT SpcString OPTIONAL,
    moreInfo     [1] EXPLICIT SpcLink OPTIONAL,
  } --#public--

  SpcSpOpusInfo has two fields:
    programName
      This field contains the program description:
      If publisher chooses not to specify a description, the SpcString
      structure contains a zero-length program name.
      If the publisher chooses to specify a
      description, the SpcString structure contains a Unicode string.
    moreInfo
      This field is set to an SPCLink structure that contains a URL for
      a Web site with more information about the signer. The URL is an
      ASCII string.
---------------------------------

Which is to say that this is an optional *unauthenticated* field which
may be present in the Authenticated Attribute list.  This is not how
pkcs7 is supposed to work, so when David implemented this, he didn't
appreciate the subtlety the original spec author was working with, and
missed the part of the sublime prose that says this Authenticated
Attribute is an Unauthenticated Attribute.  As a result, the code in
question simply takes as given that the Authenticated Attributes should
be authenticated.

But this one should not, individually.  Because it says it's not
authenticated.

It still has to hash right so the TBS digest is correct.  So it is both
authenticated and unauthenticated, all at once.  Truly, a wonder of
technical accomplishment.

Additionally, pesign's implementation has always attempted to be
compatible with the signatures emitted from contemporary versions of
Microsoft's signtool.exe.  During the initial implementation, Microsoft
signatures always produced the same values for SpcSpOpusInfo -
{U"Microsoft Windows", "http://www.microsoft.com"} - without regard to
who the signer was.

Sometime between Windows 8 and Windows 8.1 they stopped including the
field in their signatures altogether, and as such pesign stopped
producing them in commits c0c4da6 and d79cb0c, sometime around June of
2012.  The theory here is that anything that breaks with
pesign signatures would also be breaking with signtool.exe sigs as well,
and that'll be a more noticed problem for firmwares parsing it, so it'll
get fixed.  The fact that we've done exactly this bug in Linux code is
first class, grade A irony.

So anyway, we should not be checking this field for presence or any
particular value: if the field exists, it should be at the right place,
but aside from that, as long as the hash matches the field is good.

Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Juerg Haefliger <juerg.haefliger@hpe.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/asymmetric_keys/pkcs7_parser.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -547,9 +547,7 @@ int pkcs7_sig_note_set_of_authattrs(void
 	struct pkcs7_signed_info *sinfo = ctx->sinfo;
 
 	if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
-	    !test_bit(sinfo_has_message_digest, &sinfo->aa_set) ||
-	    (ctx->msg->data_type == OID_msIndirectData &&
-	     !test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))) {
+	    !test_bit(sinfo_has_message_digest, &sinfo->aa_set)) {
 		pr_warn("Missing required AuthAttr\n");
 		return -EBADMSG;
 	}

  parent reply	other threads:[~2016-10-26 12:49 UTC|newest]

Thread overview: 117+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20161026123149uscas1p2bf9b016357fba0e08911a1cb37ee68de@uscas1p2.samsung.com>
2016-10-26 12:21 ` [PATCH 4.4 000/112] 4.4.28-stable review Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 001/112] gpio: mpc8xxx: Correct irq handler function Greg Kroah-Hartman
2016-10-26 12:21     ` Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 002/112] mei: me: add kaby point device ids Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 003/112] regulator: tps65910: Work around silicon erratum SWCZ010 Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 004/112] clk: imx6: initialize GPU clocks Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 005/112] PM / devfreq: event: remove duplicate devfreq_event_get_drvdata() Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 006/112] rtlwifi: Fix missing country code for Great Britain Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 008/112] mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 009/112] PCI: Mark Atheros AR9580 to avoid bus reset Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 010/112] platform: dont return 0 from platform_get_irq[_byname]() on error Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 011/112] cpufreq: intel_pstate: Fix unsafe HWP MSR access Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 012/112] parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 013/112] parisc: Fix kernel memory layout regarding position of __gp Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 014/112] parisc: Increase initial kernel mapping size Greg Kroah-Hartman
2016-10-26 12:21   ` [PATCH 4.4 015/112] pstore/ramoops: fixup driver removal Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 017/112] pstore/ram: Use memcpy_toio instead of memcpy Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 018/112] pstore/ram: Use memcpy_fromio() to save old buffer Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 019/112] perf intel-pt: Fix snapshot overlap detection decoder errors Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 020/112] perf intel-pt: Fix estimated timestamps for cycle-accurate mode Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 021/112] perf intel-pt: Fix MTC timestamp calculation for large MTC periods Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 022/112] dm: mark request_queue dead before destroying the DM device Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 023/112] dm: return correct error code in dm_resume()s retry loop Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 024/112] dm mpath: check if paths request_queue is dying in activate_path() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 025/112] dm crypt: fix crash on exit Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 026/112] powerpc/vdso64: Use double word compare on pointers Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 027/112] powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 028/112] powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 029/112] powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 030/112] powerpc/64: Fix incorrect return value from __copy_tofrom_user Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 031/112] powerpc/pseries: Fix stack corruption in htpe code Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 032/112] ubi: Deal with interrupted erasures in WL Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 033/112] zfcp: fix fc_host port_type with NPIV Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 034/112] zfcp: fix ELS/GS request&response length for hardware data router Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 035/112] zfcp: close window with unblocked rport during rport gone Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 036/112] zfcp: retain trace level for SCSI and HBA FSF response records Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 037/112] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 038/112] zfcp: trace on request for open and close of WKA port Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 039/112] zfcp: restore tracing of handle for port and LUN with HBA records Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 040/112] zfcp: fix D_ID field with actual value on tracing SAN responses Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 041/112] zfcp: fix payload trace length for SAN request&response Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 042/112] zfcp: trace full payload of all SAN records (req,resp,iels) Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 043/112] scsi: zfcp: spin_lock_irqsave() is not nestable Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 044/112] fbdev/efifb: Fix 16 color palette entry calculation Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 045/112] ovl: Fix info leak in ovl_lookup_temp() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 046/112] ovl: copy_up_xattr(): use strnlen Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 047/112] [media] mb86a20s: fix the locking logic Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 048/112] [media] mb86a20s: fix demod settings Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 049/112] [media] cx231xx: dont return error on success Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 050/112] [media] cx231xx: fix GPIOs for Pixelview SBTVD hybrid Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 051/112] ALSA: hda - Fix a failure of micmute led when having multi adcs Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 052/112] MIPS: Fix -mabi=64 build of vdso.lds Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 053/112] MIPS: ptrace: Fix regs_return_value for kernel context Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 054/112] lib: move strtobool() to kstrtobool() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 055/112] lib: update single-char callers of strtobool() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 056/112] lib: add "on"/"off" support to kstrtobool Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 057/112] Input: i8042 - skip selftest on ASUS laptops Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 058/112] Input: elantech - force needed quirks on Fujitsu H760 Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 059/112] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 060/112] sunrpc: fix write space race causing stalls Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 061/112] NFSv4: Dont report revoked delegations as valid in nfs_have_delegation() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 062/112] NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 063/112] NFSv4: Open state recovery must account for file permission changes Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 064/112] NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 065/112] scsi: Fix use-after-free Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 066/112] metag: Only define atomic_dec_if_positive conditionally Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 067/112] mm: filemap: dont plant shadow entries without radix tree node Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 068/112] ipc/sem.c: fix complex_count vs. simple op race Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 069/112] lightnvm: ensure that nvm_dev_ops can be used without CONFIG_NVM Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 070/112] arc: dont leak bits of kernel stack into coredump Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 071/112] fs/super.c: fix race between freeze_super() and thaw_super() Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 072/112] cifs: Limit the overall credit acquired Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 073/112] fs/cifs: keep guid when assigning fid to fileinfo Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 074/112] Clarify locking of cifs file and tcon structures and make more granular Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 075/112] Display number of credits available Greg Kroah-Hartman
2016-10-26 12:22   ` [PATCH 4.4 076/112] Set previous session id correctly on SMB3 reconnect Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 077/112] SMB3: GUIDs should be constructed as random but valid uuids Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 078/112] Do not send SMB3 SET_INFO request if nothing is changing Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 079/112] Cleanup missing frees on some ioctls Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 080/112] Fix regression which breaks DFS mounting Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 081/112] blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 082/112] x86/e820: Dont merge consecutive E820_PRAM ranges Greg Kroah-Hartman
2016-10-26 12:23     ` Greg Kroah-Hartman
2016-10-26 12:23     ` Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 084/112] irqchip/gicv3: Handle loop timeout proper Greg Kroah-Hartman
2016-10-26 12:23     ` Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 085/112] sd: Fix rw_max for devices that report an optimal xfer size Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 086/112] hpsa: correct skipping masked peripherals Greg Kroah-Hartman
2016-10-26 12:23   ` Greg Kroah-Hartman [this message]
2016-10-26 12:23   ` [PATCH 4.4 088/112] bnx2x: Prevent false warning for lack of FC NPIV Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 089/112] net/mlx4_core: Allow resetting VF admin mac to zero Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 090/112] acpi, nfit: check for the correct event code in notifications Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 091/112] mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 092/112] mm: filemap: fix mapping->nrpages double accounting in fuse Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 093/112] Using BUG_ON() as an assert() is _never_ acceptable Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 094/112] s390/mm: fix gmap tlb flush issues Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 095/112] irqchip/gic-v3-its: Fix entry size mask for GITS_BASER Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 096/112] isofs: Do not return EACCES for unknown filesystems Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 097/112] memstick: rtsx_usb_ms: Runtime resume the device when polling for cards Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 098/112] memstick: rtsx_usb_ms: Manage runtime PM when accessing the device Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 099/112] arm64: percpu: rewrite ll/sc loops in assembly Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 100/112] arm64: kernel: Init MDCR_EL2 even in the absence of a PMU Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 101/112] ceph: fix error handling in ceph_read_iter Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 102/112] powerpc/mm: Prevent unlikely crash in copro_calculate_slb() Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 103/112] mmc: core: Annotate cmd_hdr as __le32 Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 104/112] mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 105/112] mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 106/112] ext4: do not advertise encryption support when disabled Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 107/112] jbd2: fix incorrect unlock on j_list_lock Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 108/112] ubifs: Fix xattr_names length in exit paths Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 109/112] ubifs: Abort readdir upon error Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 110/112] target: Re-add missing SCF_ACK_KREF assignment in v4.1.y Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 111/112] target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE Greg Kroah-Hartman
2016-10-26 12:23   ` [PATCH 4.4 112/112] target: Dont override EXTENDED_COPY xcopy_pt_cmd SCSI status code Greg Kroah-Hartman
2016-10-26 18:45   ` [PATCH 4.4 000/112] 4.4.28-stable review Shuah Khan
2016-10-26 21:48   ` Guenter Roeck
     [not found]   ` <58119ecd.0434c20a.46746.18c5@mx.google.com>
     [not found]     ` <m27f8tg1hm.fsf@baylibre.com>
2016-10-27 17:24       ` Mark Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161026122308.463909756@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=dyoung@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=juerg.haefliger@hpe.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pjones@redhat.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.