Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-3 for openSUSE:Factory checked in at 2023-06-01 17:18:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-3 (Old) and /work/SRC/openSUSE:Factory/.openssl-3.new.2531 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-3" Thu Jun 1 17:18:42 2023 rev:11 rq:1089933 version:3.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-3/openssl-3.changes 2023-03-12 16:22:18.796254105 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-3.new.2531/openssl-3.changes 2023-06-01 17:18:47.285899926 +0200 @@ -1,0 +2,134 @@ +Tue May 30 15:14:51 UTC 2023 - Otto Hollmann <[email protected]> + +- Update to 3.1.1: + * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate + (CVE-2023-2650, bsc#1211430) + * Multiple algorithm implementation fixes for ARM BE platforms. + * Added a -pedantic option to fipsinstall that adjusts the various settings + to ensure strict FIPS compliance rather than backwards compatibility. + * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which + happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can + trigger a crash of an application using AES-XTS decryption if the memory + just after the buffer being decrypted is not mapped. Thanks to Anton + Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714) + * Add FIPS provider configuration option to disallow the use of truncated + digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The + option '-no_drbg_truncated_digests' can optionally be supplied + to 'openssl fipsinstall'. + * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that + it does not enable policy checking. Thanks to David Benjamin for + discovering this issue. (CVE-2023-0466, bsc#1209873) + * Fixed an issue where invalid certificate policies in leaf certificates are + silently ignored by OpenSSL and other certificate policy checks are + skipped for that certificate. A malicious CA could use this to + deliberately assert invalid certificate policies in order to circumvent + policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) + * Limited the number of nodes created in a policy tree to mitigate against + CVE-2023-0464. The default limit is set to 1000 nodes, which should be + sufficient for most installations. If required, the limit can be adjusted + by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a + desired maximum number of nodes or zero to allow unlimited growth. + (CVE-2023-0464, bsc#1209624) + * Update openssl.keyring with key + A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz) + * Rebased patches: + - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + - openssl-Add_support_for_Windows_CA_certificate_store.patch + * Removed patches: + - openssl-CVE-2023-0464.patch + - openssl-Fix-OBJ_nid2obj-regression.patch + - openssl-CVE-2023-0465.patch + - openssl-CVE-2023-0466.patch + +------------------------------------------------------------------- +Mon May 29 07:31:07 UTC 2023 - Pedro Monreal <[email protected]> + +- FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116] + +------------------------------------------------------------------- +Mon May 15 09:00:04 UTC 2023 - Otto Hollmann <[email protected]> + +- Add support for Windows CA certificate store [bsc#1209430] + https://github.com/openssl/openssl/pull/18070 + * Add openssl-Add_support_for_Windows_CA_certificate_store.patch + +------------------------------------------------------------------- +Wed Mar 29 12:11:10 UTC 2023 - Otto Hollmann <[email protected]> + +- Security Fix: [CVE-2023-0465, bsc#1209878] + * Invalid certificate policies in leaf certificates are silently ignored + * Add openssl-CVE-2023-0465.patch +- Security Fix: [CVE-2023-0466, bsc#1209873] + * Certificate policy check not enabled + * Add openssl-CVE-2023-0466.patch + +------------------------------------------------------------------- +Tue Mar 28 12:19:06 UTC 2023 - Pedro Monreal <[email protected]> + +- Fix regression in the OBJ_nid2obj() function: [bsc#1209430] + * Upstream https://github.com/openssl/openssl/issues/20555 + * Add openssl-Fix-OBJ_nid2obj-regression.patch + +------------------------------------------------------------------- +Mon Mar 27 14:44:32 UTC 2023 - Otto Hollmann <[email protected]> + +- Fix compiler error "initializer element is not constant" on s390 + * Add openssl-z16-s390x.patch + +------------------------------------------------------------------- +Fri Mar 24 13:55:25 UTC 2023 - Otto Hollmann <[email protected]> + +- Security Fix: [CVE-2023-0464, bsc#1209624] + * Excessive Resource Usage Verifying X.509 Policy Constraints + * Add openssl-CVE-2023-0464.patch + +------------------------------------------------------------------- +Wed Mar 15 14:55:29 UTC 2023 - Otto Hollmann <[email protected]> + +- Pass over with spec-cleaner + +------------------------------------------------------------------- +Tue Mar 14 13:34:13 UTC 2023 - Otto Hollmann <[email protected]> + +- Update to 3.1.0: + * Add FIPS provider configuration option to enforce the Extended Master + Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can + optionally be supplied to 'openssl fipsinstall'. + * The FIPS provider includes a few non-approved algorithms for backward + compatibility purposes and the "fips=yes" property query must be used for + all algorithm fetches to ensure FIPS compliance. The algorithms that are + included but not approved are Triple DES ECB, Triple DES CBC and EdDSA. + * Added support for KMAC in KBKDF. + * RNDR and RNDRRS support in provider functions to provide random number + generation for Arm CPUs (aarch64). + * s_client and s_server apps now explicitly say when the TLS version does not + include the renegotiation mechanism. This avoids confusion between that + scenario versus when the TLS version includes secure renegotiation but the + peer lacks support for it. + * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. + * The various OBJ_* functions have been made thread safe. + * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA + capable processors. + * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats, + OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, + OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now + marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining + OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in + favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding + type-specific function definitions for these functions regardless of + whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may + start receiving deprecation warnings for these functions regardless of + whether they are using them. It is recommended that users transition to the + new macro, DEFINE_LHASH_OF_EX. + * When generating safe-prime DH parameters set the recommended private key + length equivalent to minimum key lengths as in RFC 7919. + * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the + maximum size that is smaller or equal to the digest length to comply with + FIPS 186-4 section 5. This is implemented by a new option + OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the + rsa_pss_saltlen parameter, which is now the default. Signature verification + is not affected by this change and continues to work as before. + * Update openssl.keyring with key + 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell) + +------------------------------------------------------------------- Old: ---- openssl-3.0.8.tar.gz openssl-3.0.8.tar.gz.asc New: ---- openssl-3.1.1.tar.gz openssl-3.1.1.tar.gz.asc openssl-Add_support_for_Windows_CA_certificate_store.patch openssl-z16-s390x.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-3.spec ++++++ --- /var/tmp/diff_new_pack.zeYJCU/_old 2023-06-01 17:18:48.145905024 +0200 +++ /var/tmp/diff_new_pack.zeYJCU/_new 2023-06-01 17:18:48.149905048 +0200 @@ -22,7 +22,7 @@ %define man_suffix 3ssl Name: openssl-3 # Don't forget to update the version in the "openssl" meta-package! -Version: 3.0.8 +Version: 3.1.1 Release: 0 Summary: Secure Sockets and Transport Layer Security License: Apache-2.0 @@ -46,6 +46,10 @@ # Add crypto-policies support Patch7: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch +# PATCH-FIX-OPENSUSE: Fix compiler error "initializer element is not constant" on s390 +Patch9: openssl-z16-s390x.patch +# PATCH-FIX-UPSTREAM: bsc#1209430 Upgrade OpenSSL from 3.0.8 to 3.1.0 in TW +Patch10: openssl-Add_support_for_Windows_CA_certificate_store.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) @@ -54,14 +58,14 @@ Conflicts: ssl Provides: ssl Provides: openssl(cli) -%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 -Requires: crypto-policies -%endif # Needed for clean upgrade path, boo#1070003 Obsoletes: openssl-1_0_0 # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: openssl-1_1_0 %{?suse_build_hwcaps_libs} +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 +Requires: crypto-policies +%endif %description OpenSSL is a software library to be used in applications that need to @@ -71,16 +75,21 @@ %package -n libopenssl3 Summary: Secure Sockets and Transport Layer Security -License: Apache-2.0 +BuildRequires: fipscheck +Recommends: ca-certificates-mozilla +Conflicts: %{name} < %{version}-%{release} +# Needed for clean upgrade from former openssl-1_1_0, boo#1081335 +Obsoletes: libopenssl1_1_0 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 Requires: crypto-policies %endif -Recommends: ca-certificates-mozilla -# install libopenssl and libopenssl-hmac close together (bsc#1090765) -Suggests: libopenssl3-hmac = %{version}-%{release} +# Merge back the hmac files bsc#1185116 +Provides: libopenssl3-hmac = %{version}-%{release} +Obsoletes: libopenssl3-hmac < %{version}-%{release} # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 -Obsoletes: libopenssl1_1_0 -Conflicts: %{name} < %{version}-%{release} +Obsoletes: libopenssl1_1_0-hmac +# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499 +Obsoletes: libopenssl-1_0_0-hmac %description -n libopenssl3 OpenSSL is a software library to be used in applications that need to @@ -90,13 +99,12 @@ %package -n libopenssl-3-devel Summary: Development files for OpenSSL -License: Apache-2.0 Requires: libopenssl3 = %{version} Requires: pkgconfig(zlib) Recommends: %{name} = %{version} -Conflicts: libressl-devel # Conflicting names with libopenssl-1_1-devel Conflicts: libopenssl-1_1-devel +Conflicts: libressl-devel # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: libopenssl-1_1_0-devel # Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499 @@ -108,7 +116,6 @@ %package doc Summary: Additional Package Documentation -License: Apache-2.0 Conflicts: openssl-doc Provides: openssl-doc = %{version} Obsoletes: openssl-doc < %{version} @@ -118,20 +125,6 @@ This package contains optional documentation provided in addition to this package's base documentation. -%package -n libopenssl3-hmac -Summary: HMAC files for FIPS 140-3 integrity checking of the openssl shared libraries -License: BSD-3-Clause -Requires: libopenssl3 = %{version}-%{release} -BuildRequires: fipscheck -# Needed for clean upgrade from former openssl-1_1_0, boo#1081335 -Obsoletes: libopenssl1_1_0-hmac -# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499 -Obsoletes: libopenssl-1_0_0-hmac - -%description -n libopenssl3-hmac -The FIPS compliant operation of the openssl shared libraries is NOT -possible without the HMAC hashes contained in this package! - %prep %autosetup -p1 -n %{_rname}-%{version} @@ -179,7 +172,7 @@ %check # Relax the crypto-policies requirements for the regression tests # Revert patch8 before running tests -patch -p1 -R < %{P:8} +patch -p1 -R < %{PATCH8} export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export MALLOC_CHECK_=3 @@ -212,8 +205,8 @@ cp %{buildroot}%{ssletcdir}/openssl.cnf %{buildroot}%{ssletcdir}/openssl-orig.cnf # Create openssl ca-certificates dir required by nodejs regression tests [bsc#1207484] -mkdir -p %{buildroot}/var/lib/ca-certificates/openssl -install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl +mkdir -p %{buildroot}%{_localstatedir}/lib/ca-certificates/openssl +install -d -m 555 %{buildroot}%{_localstatedir}/lib/ca-certificates/openssl # Remove the fipsmodule.cnf because FIPS module is loaded automatically rm -f %{buildroot}%{ssletcdir}/fipsmodule.cnf @@ -263,8 +256,6 @@ %dir %{_libdir}/ossl-modules %{_libdir}/ossl-modules/fips.so %{_libdir}/ossl-modules/legacy.so - -%files -n libopenssl3-hmac %{_libdir}/.libssl.so.%{sover}.hmac %{_libdir}/.libcrypto.so.%{sover}.hmac @@ -291,8 +282,8 @@ %attr(700,root,root) %{ssletcdir}/private %dir %{_datadir}/ssl %{_datadir}/ssl/misc -%dir /var/lib/ca-certificates/ -%dir /var/lib/ca-certificates/openssl +%dir %{_localstatedir}/lib/ca-certificates/ +%dir %{_localstatedir}/lib/ca-certificates/openssl %{_bindir}/%{_rname} %{_bindir}/c_rehash %{_mandir}/man1/* ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.zeYJCU/_old 2023-06-01 17:18:48.217905451 +0200 +++ /var/tmp/diff_new_pack.zeYJCU/_new 2023-06-01 17:18:48.221905475 +0200 @@ -1,7 +1,7 @@ libopenssl3 obsoletes "libopenssl1_1_0-<targettype>" -libopenssl3-hmac - requires "libopenssl3-<targettype> = <version>-%release" + provides "libopenssl3-hmac-<targettype> = <version>-%release" + obsoletes "libopenssl3-hmac-<targettype> < <version>-%release" libopenssl-3-devel provides "libopenssl-devel-<targettype> = <version>" conflicts "otherproviders(libopenssl-devel-<targettype>)" ++++++ openssl-3.0.8.tar.gz -> openssl-3.1.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/openssl-3/openssl-3.0.8.tar.gz /work/SRC/openSUSE:Factory/.openssl-3.new.2531/openssl-3.1.1.tar.gz differ: char 13, line 1 ++++++ openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch ++++++ --- /var/tmp/diff_new_pack.zeYJCU/_old 2023-06-01 17:18:48.265905736 +0200 +++ /var/tmp/diff_new_pack.zeYJCU/_new 2023-06-01 17:18:48.269905759 +0200 @@ -97,7 +97,7 @@ "High" encryption cipher suites. This currently means those with key lengths --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -210,6 +210,11 @@ extern "C" { +@@ -213,6 +213,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -111,7 +111,7 @@ # define SSL_SENT_SHUTDOWN 1 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c +@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -165,7 +165,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1452,15 +1499,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -193,7 +193,7 @@ /* * To reduce the work to do we only want to process the compiled -@@ -1482,7 +1539,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -202,7 +202,7 @@ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1548,8 +1605,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -212,7 +212,7 @@ } /* -@@ -1593,9 +1649,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -223,7 +223,7 @@ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1628,8 +1683,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1633,8 +1688,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -233,7 +233,7 @@ } /* -@@ -1637,10 +1691,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1642,10 +1696,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -249,7 +249,7 @@ /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1692,6 +1749,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1697,6 +1754,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ *cipher_list = cipherstack; return cipherstack; @@ -266,7 +266,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx +@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), &(ctx->cipher_list_by_id), @@ -275,7 +275,7 @@ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3285,7 +3285,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li +@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -298,9 +298,9 @@ return 1; --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -5428,3 +5428,4 @@ EVP_PKEY_CTX_get0_provider - OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: - OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: - OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP -+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +@@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup + EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION: + BN_are_coprime 5564 3_1_0 EXIST::FUNCTION: + OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP ++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: ++++++ openssl-Add_support_for_Windows_CA_certificate_store.patch ++++++ ++++ 744 lines (skipped) ++++++ openssl-z16-s390x.patch ++++++ iIndex: openssl-3.1.0/crypto/s390xcap.c =================================================================== --- openssl-3.1.0.orig/crypto/s390xcap.c +++ openssl-3.1.0/crypto/s390xcap.c @@ -674,7 +674,105 @@ static int parse_env(struct OPENSSL_s390 * z16 (2022) - z/Architecture POP * Implements MSA and MSA1-9 (same as z15). */ +#if defined(__GNUC__) && __GNUC__<13 && (defined(__s390__) || defined(__s390x__)) + static const struct OPENSSL_s390xcap_st z16 = { + /*.stfle = */{S390X_CAPBIT(S390X_MSA) + | S390X_CAPBIT(S390X_STCKF) + | S390X_CAPBIT(S390X_MSA5), + S390X_CAPBIT(S390X_MSA3) + | S390X_CAPBIT(S390X_MSA4), + S390X_CAPBIT(S390X_VX) + | S390X_CAPBIT(S390X_VXD) + | S390X_CAPBIT(S390X_VXE) + | S390X_CAPBIT(S390X_MSA8) + | S390X_CAPBIT(S390X_MSA9), + 0ULL}, + /*.kimd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + S390X_CAPBIT(S390X_GHASH)}, + /*.klmd = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_1) + | S390X_CAPBIT(S390X_SHA_256) + | S390X_CAPBIT(S390X_SHA_512) + | S390X_CAPBIT(S390X_SHA3_224) + | S390X_CAPBIT(S390X_SHA3_256) + | S390X_CAPBIT(S390X_SHA3_384) + | S390X_CAPBIT(S390X_SHA3_512) + | S390X_CAPBIT(S390X_SHAKE_128) + | S390X_CAPBIT(S390X_SHAKE_256), + 0ULL}, + /*.km = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256) + | S390X_CAPBIT(S390X_XTS_AES_128) + | S390X_CAPBIT(S390X_XTS_AES_256), + 0ULL}, + /*.kmc = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmac = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmo = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.kmf = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.prno = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_SHA_512_DRNG), + S390X_CAPBIT(S390X_TRNG)}, + /*.kma = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_AES_128) + | S390X_CAPBIT(S390X_AES_192) + | S390X_CAPBIT(S390X_AES_256), + 0ULL}, + /*.pcc = */{S390X_CAPBIT(S390X_QUERY), + S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519) + | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)}, + /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) + | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) + | S390X_CAPBIT(S390X_ECDSA_SIGN_P521) + | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519) + | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448) + | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) + | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448), + 0ULL}, + }; +#else static const struct OPENSSL_s390xcap_st z16 = z15; +#endif char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; int rc, off, i, n; ++++++ openssl.keyring ++++++ --- /var/tmp/diff_new_pack.zeYJCU/_old 2023-06-01 17:18:48.325906091 +0200 +++ /var/tmp/diff_new_pack.zeYJCU/_new 2023-06-01 17:18:48.329906115 +0200 @@ -1,95 +1,118 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C -Comment: Richard Levitte <[email protected]> -Comment: Richard Levitte <[email protected]> -Comment: Richard Levitte <[email protected]> +Comment: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C +Comment: Tomáš Mráz <[email protected]> +Comment: Tomáš Mráz <[email protected]> +Comment: Tomáš Mráz <[email protected]> -xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx -5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl -G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr -94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B -iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD -F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW -Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ -DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH -3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+ -y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L -732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB -zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd -AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8 -PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q -CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt -hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845 -+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5 -cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA -dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b -6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7 -zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66 -M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1 -DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ -N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb -jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB -AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu -jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX -jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY -TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd -x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv -nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue -W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r -d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy -nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp -G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6 -JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI -uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX -lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v -cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ -AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj -h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh -4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd -ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1 -C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6 -MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA -nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4 -+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY -k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9 -fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W -3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF -IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD -AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp -5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y -dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl -vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO -e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04 -QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5 -1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6 -u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8 -La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0 -S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA -zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35 -wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw -azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj -U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV -9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk -HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM -el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1 -nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt -c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ -Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+ -sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh -ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz -5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB -AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr -2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M -oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn -a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5 -WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp -zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7 -9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3 -WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA -WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/ -pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7 -Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV -/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY= -=1H60 +xsFNBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr +55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH +F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi +UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag +pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K +/Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv +MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8 +laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB +HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3 +zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06 +YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB +zRtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz7CwZQEEwEIAD4WIQSiH6t0sAiK +o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe +AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy +U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE +KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W +nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh +1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I +m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj +kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD +IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M +8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6 +z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41 +xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM +MriPFc0fVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PsLBlAQTAQgAPhYh +BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk +8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO +UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv +FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW +FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q +UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy +Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS +2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW +kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm +T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI +yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I +8tmXB4BcoHFB9N0AzSFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz7C +wZQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL +CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh +KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo +2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ ++J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4 +yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M +cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A +ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly +Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y +q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt +Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj +hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI +w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZc7BTQRg8UyoARAApiWRrHjdEu9Fp2yd7K93 +VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27 +1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp +djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50 +IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK +bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn +gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w +NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh +D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H +a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB +HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc +nAaLOI/nw1ydegw8F+s1ALEAEQEAAcLDsgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv +Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy +Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+ +otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5 +SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358 +cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0 +8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ +vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV +yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A +HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg +K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs +aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh +uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE +cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk +RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F +9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/ +JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g +muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN +86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr +HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S +DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE +ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro +uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY +YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl +JKbGoqC+wchHmOLOwU0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u +aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq +oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7 +FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM +ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL +vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+ +i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb +PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum +ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE +N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH +eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs +LQ1kotFTABEBAAHCwXwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM +JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh +QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB +uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS +nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u +sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD +NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C +nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE +FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ +qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX +Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc +zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2 +TIdjvGbJ/k4qxw== +=fnGl -----END PGP PUBLIC KEY BLOCK-----
