Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nginx for openSUSE:Factory checked in at 2026-04-08 17:13:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx (Old) and /work/SRC/openSUSE:Factory/.nginx.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx" Wed Apr 8 17:13:51 2026 rev:111 rq:1345030 version:1.29.8 Changes: -------- --- /work/SRC/openSUSE:Factory/nginx/nginx.changes 2026-03-31 15:23:01.262149509 +0200 +++ /work/SRC/openSUSE:Factory/.nginx.new.21863/nginx.changes 2026-04-08 17:14:16.908347438 +0200 @@ -1,0 +2,11 @@ +Tue Apr 7 14:28:15 UTC 2026 - Илья Индиго <[email protected]> + +- Updated to 1.29.8 + * https://nginx.org/en/CHANGES + * Added the "max_headers" directive. + * Added OpenSSL 4.0 compatibility. + * Added the "include" directive inside the "geo" block supports wildcards. + * Fixed in processing of HTTP 103 (Early Hints) responses from a proxied backend. + * Fixed the $request_port and $is_request_port variables were not available in subrequests. + +------------------------------------------------------------------- @@ -4 +15 @@ -- Enable support to build with aws-lc instead of openssl to ship +- Enabled support to build with aws-lc instead of openssl to ship Old: ---- nginx-1.29.7.tar.gz nginx-1.29.7.tar.gz.asc New: ---- nginx-1.29.8.tar.gz nginx-1.29.8.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nginx.spec ++++++ --- /var/tmp/diff_new_pack.2jQvd1/_old 2026-04-08 17:14:17.804384277 +0200 +++ /var/tmp/diff_new_pack.2jQvd1/_new 2026-04-08 17:14:17.808384442 +0200 @@ -24,14 +24,14 @@ %bcond_with awslc # Name: nginx -Version: 1.29.7 +Version: 1.29.8 Release: 0 Summary: A HTTP server and IMAP/POP3 proxy server License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy URL: https://github.com/nginx/nginx -Source0: https://github.com/nginx/nginx/releases/download/release-%{version}/%{name}-%{version}.tar.gz -Source1: https://github.com/nginx/nginx/releases/download/release-%{version}/%{name}-%{version}.tar.gz.asc +Source0: https://nginx.org/download/%{name}-%{version}.tar.gz +Source1: https://nginx.org/download/%{name}-%{version}.tar.gz.asc # https://nginx.org/en/pgp_keys.html Source2: %{name}.keyring Source3: %{name}.rpmlintrc ++++++ nginx-1.29.7.tar.gz -> nginx-1.29.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/CHANGES new/nginx-1.29.8/CHANGES --- old/nginx-1.29.7/CHANGES 2026-03-24 17:21:01.000000000 +0100 +++ new/nginx-1.29.8/CHANGES 2026-04-07 13:41:31.000000000 +0200 @@ -1,4 +1,21 @@ +Changes with nginx 1.29.8 07 Apr 2026 + + *) Feature: the "max_headers" directive. + Thanks to Maxim Dounin. + + *) Feature: OpenSSL 4.0 compatibility. + + *) Feature: now the "include" directive inside the "geo" block supports + wildcards. + + *) Bugfix: in processing of HTTP 103 (Early Hints) responses from a + proxied backend. + + *) Bugfix: the $request_port and $is_request_port variables were not + available in subrequests. + + Changes with nginx 1.29.7 24 Mar 2026 *) Security: a buffer overflow might occur while handling a COPY or MOVE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/CHANGES.ru new/nginx-1.29.8/CHANGES.ru --- old/nginx-1.29.7/CHANGES.ru 2026-03-24 17:21:00.000000000 +0100 +++ new/nginx-1.29.8/CHANGES.ru 2026-04-07 13:41:30.000000000 +0200 @@ -1,4 +1,21 @@ +Изменения в nginx 1.29.8 07.04.2026 + + *) Добавление: директива max_headers. + Спасибо Максиму Дунину. + + *) Добавление: совместимость с OpenSSL 4.0. + + *) Добавление: теперь директива include внутри блока geo поддерживает + маски. + + *) Исправление: в обработке ответов с кодом HTTP 103 (Early Hints) от + проксируемого бэкенда. + + *) Исправление: переменные $request_port и $is_request_port были + недоступны в подзапросах. + + Изменения в nginx 1.29.7 24.03.2026 *) Безопасность: при обработке COPY- или MOVE-запроса в location'е с diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/CONTRIBUTING.md new/nginx-1.29.8/CONTRIBUTING.md --- old/nginx-1.29.7/CONTRIBUTING.md 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/CONTRIBUTING.md 2026-04-07 13:37:12.000000000 +0200 @@ -68,9 +68,14 @@ code; examples include "Upstream:", "QUIC:", or "Core:"; see the commit history to get an idea of the prefixes used -- Reference issues in the the subject line; if the commit fixes an issue, -[name it](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) -accordingly +- If the commit fixes an open issue then you can use the "Closes:" tag/trailer +to reference it and have GitHub automatically close it once it's been merged. +E.g.: + + `Closes: https://github.com/nginx/nginx/issues/9999` + + That should go at the end of the commit message, separated by a blank line, + along with any other tags. ### Before Submitting diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/core/nginx.h new/nginx-1.29.8/src/core/nginx.h --- old/nginx-1.29.7/src/core/nginx.h 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/core/nginx.h 2026-04-07 13:37:12.000000000 +0200 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1029007 -#define NGINX_VERSION "1.29.7" +#define nginx_version 1029008 +#define NGINX_VERSION "1.29.8" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/core/ngx_times.c new/nginx-1.29.8/src/core/ngx_times.c --- old/nginx-1.29.7/src/core/ngx_times.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/core/ngx_times.c 2026-04-07 13:37:12.000000000 +0200 @@ -198,11 +198,7 @@ #if (NGX_HAVE_CLOCK_MONOTONIC) struct timespec ts; -#if defined(CLOCK_MONOTONIC_FAST) - clock_gettime(CLOCK_MONOTONIC_FAST, &ts); -#else clock_gettime(CLOCK_MONOTONIC, &ts); -#endif sec = ts.tv_sec; msec = ts.tv_nsec / 1000000; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/event/ngx_event_openssl.c new/nginx-1.29.8/src/event/ngx_event_openssl.c --- old/nginx-1.29.7/src/event/ngx_event_openssl.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/event/ngx_event_openssl.c 2026-04-07 13:37:12.000000000 +0200 @@ -948,6 +948,10 @@ char *err; X509 *x509; X509_NAME *name; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif + X509_NAME *sname; X509_STORE *store; STACK_OF(X509) *chain; STACK_OF(X509_NAME) *list; @@ -1003,8 +1007,8 @@ return NGX_ERROR; } - name = X509_get_subject_name(x509); - if (name == NULL) { + sname = X509_get_subject_name(x509); + if (sname == NULL) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_get_subject_name(\"%s\") failed", cert->data); sk_X509_NAME_pop_free(list, X509_NAME_free); @@ -1012,7 +1016,7 @@ return NGX_ERROR; } - name = X509_NAME_dup(name); + name = X509_NAME_dup(sname); if (name == NULL) { sk_X509_NAME_pop_free(list, X509_NAME_free); sk_X509_pop_free(chain, X509_free); @@ -1197,6 +1201,9 @@ char *subject, *issuer; int err, depth; X509 *cert; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif X509_NAME *sname, *iname; ngx_connection_t *c; ngx_ssl_conn_t *ssl_conn; @@ -6012,6 +6019,9 @@ { BIO *bio; X509 *cert; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif X509_NAME *name; s->len = 0; @@ -6066,6 +6076,9 @@ { BIO *bio; X509 *cert; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif X509_NAME *name; s->len = 0; @@ -6122,6 +6135,9 @@ char *p; size_t len; X509 *cert; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif X509_NAME *name; s->len = 0; @@ -6170,6 +6186,9 @@ char *p; size_t len; X509 *cert; +#if (OPENSSL_VERSION_NUMBER >= 0x40000000L) + const +#endif X509_NAME *name; s->len = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/event/ngx_event_openssl.h new/nginx-1.29.8/src/event/ngx_event_openssl.h --- old/nginx-1.29.7/src/event/ngx_event_openssl.h 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/event/ngx_event_openssl.h 2026-04-07 13:37:12.000000000 +0200 @@ -67,6 +67,11 @@ #endif +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) +#define ASN1_STRING_get0_data(x) (x)->data +#endif + + #if (OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined SSL_get_peer_certificate) #define SSL_get_peer_certificate(s) SSL_get1_peer_certificate(s) #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/event/ngx_event_openssl_stapling.c new/nginx-1.29.8/src/event/ngx_event_openssl_stapling.c --- old/nginx-1.29.7/src/event/ngx_event_openssl_stapling.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/event/ngx_event_openssl_stapling.c 2026-04-07 13:37:12.000000000 +0200 @@ -2667,9 +2667,10 @@ static ngx_int_t ngx_ssl_ocsp_create_key(ngx_ssl_ocsp_ctx_t *ctx) { - u_char *p; - X509_NAME *name; - ASN1_INTEGER *serial; + u_char *p; + ngx_int_t length; + ASN1_INTEGER *serial; + const X509_NAME *name; p = ngx_pnalloc(ctx->pool, 60); if (p == NULL) { @@ -2693,12 +2694,14 @@ p += 20; serial = X509_get_serialNumber(ctx->cert); - if (serial->length > 20) { + length = ASN1_STRING_length(serial); + + if (length > 20) { return NGX_ERROR; } - p = ngx_cpymem(p, serial->data, serial->length); - ngx_memzero(p, 20 - serial->length); + p = ngx_cpymem(p, ASN1_STRING_get0_data(serial), length); + ngx_memzero(p, 20 - length); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp key %xV", &ctx->key); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/modules/ngx_http_geo_module.c new/nginx-1.29.8/src/http/modules/ngx_http_geo_module.c --- old/nginx-1.29.7/src/http/modules/ngx_http_geo_module.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/modules/ngx_http_geo_module.c 2026-04-07 13:37:12.000000000 +0200 @@ -645,7 +645,12 @@ if (ngx_strcmp(value[0].data, "include") == 0) { - rv = ngx_http_geo_include(cf, ctx, &value[1]); + if (strpbrk((char *) value[1].data, "*?[") == NULL) { + rv = ngx_http_geo_include(cf, ctx, &value[1]); + + } else { + rv = ngx_conf_include(cf, dummy, conf); + } goto done; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/ngx_http_core_module.c new/nginx-1.29.8/src/http/ngx_http_core_module.c --- old/nginx-1.29.7/src/http/ngx_http_core_module.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/ngx_http_core_module.c 2026-04-07 13:37:12.000000000 +0200 @@ -252,6 +252,13 @@ offsetof(ngx_http_core_srv_conf_t, large_client_header_buffers), NULL }, + { ngx_string("max_headers"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_core_srv_conf_t, max_headers), + NULL }, + { ngx_string("ignore_invalid_headers"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ngx_conf_set_flag_slot, @@ -2446,6 +2453,8 @@ sr->method = NGX_HTTP_GET; sr->http_version = r->http_version; + sr->port = r->port; + sr->request_line = r->request_line; sr->uri = *uri; @@ -3511,6 +3520,7 @@ cscf->request_pool_size = NGX_CONF_UNSET_SIZE; cscf->client_header_timeout = NGX_CONF_UNSET_MSEC; cscf->client_header_buffer_size = NGX_CONF_UNSET_SIZE; + cscf->max_headers = NGX_CONF_UNSET_UINT; cscf->ignore_invalid_headers = NGX_CONF_UNSET; cscf->merge_slashes = NGX_CONF_UNSET; cscf->underscores_in_headers = NGX_CONF_UNSET; @@ -3552,6 +3562,8 @@ return NGX_CONF_ERROR; } + ngx_conf_merge_uint_value(conf->max_headers, prev->max_headers, 1000); + ngx_conf_merge_value(conf->ignore_invalid_headers, prev->ignore_invalid_headers, 1); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/ngx_http_core_module.h new/nginx-1.29.8/src/http/ngx_http_core_module.h --- old/nginx-1.29.7/src/http/ngx_http_core_module.h 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/ngx_http_core_module.h 2026-04-07 13:37:12.000000000 +0200 @@ -199,6 +199,8 @@ ngx_msec_t client_header_timeout; + ngx_uint_t max_headers; + ngx_flag_t ignore_invalid_headers; ngx_flag_t merge_slashes; ngx_flag_t underscores_in_headers; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/ngx_http_request.c new/nginx-1.29.8/src/http/ngx_http_request.c --- old/nginx-1.29.7/src/http/ngx_http_request.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/ngx_http_request.c 2026-04-07 13:37:12.000000000 +0200 @@ -1494,6 +1494,15 @@ /* a header line has been parsed successfully */ + if (r->headers_in.count++ >= cscf->max_headers) { + r->lingering_close = 1; + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent too many header lines"); + ngx_http_finalize_request(r, + NGX_HTTP_REQUEST_HEADER_TOO_LARGE); + break; + } + h = ngx_list_push(&r->headers_in.headers); if (h == NULL) { ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/ngx_http_request.h new/nginx-1.29.8/src/http/ngx_http_request.h --- old/nginx-1.29.7/src/http/ngx_http_request.h 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/ngx_http_request.h 2026-04-07 13:37:12.000000000 +0200 @@ -184,6 +184,7 @@ typedef struct { ngx_list_t headers; + ngx_uint_t count; ngx_table_elt_t *host; ngx_table_elt_t *connection; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/ngx_http_upstream.c new/nginx-1.29.8/src/http/ngx_http_upstream.c --- old/nginx-1.29.7/src/http/ngx_http_upstream.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/ngx_http_upstream.c 2026-04-07 13:37:12.000000000 +0200 @@ -2067,6 +2067,7 @@ return NGX_ERROR; } + u->early_hints_length = 0; u->keepalive = 0; u->upgrade = 0; u->error = 0; @@ -2550,6 +2551,8 @@ u->response_received = 1; +again: + rc = u->process_header(r); if (rc == NGX_AGAIN) { @@ -2570,11 +2573,7 @@ rc = ngx_http_upstream_process_early_hints(r, u); if (rc == NGX_OK) { - rc = u->process_header(r); - - if (rc == NGX_AGAIN) { - continue; - } + goto again; } } @@ -5654,7 +5653,7 @@ last = h->value.data + h->value.len; - if (*(last - 1) == '"') { + if (last > p && *(last - 1) == '"') { last--; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/v2/ngx_http_v2.c new/nginx-1.29.8/src/http/v2/ngx_http_v2.c --- old/nginx-1.29.7/src/http/v2/ngx_http_v2.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/v2/ngx_http_v2.c 2026-04-07 13:37:12.000000000 +0200 @@ -1823,6 +1823,15 @@ } } else { + cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); + + if (r->headers_in.count++ >= cscf->max_headers) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent too many header lines"); + ngx_http_finalize_request(r, NGX_HTTP_REQUEST_HEADER_TOO_LARGE); + goto error; + } + h = ngx_list_push(&r->headers_in.headers); if (h == NULL) { return ngx_http_v2_connection_error(h2c, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/http/v3/ngx_http_v3_request.c new/nginx-1.29.8/src/http/v3/ngx_http_v3_request.c --- old/nginx-1.29.7/src/http/v3/ngx_http_v3_request.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/http/v3/ngx_http_v3_request.c 2026-04-07 13:37:12.000000000 +0200 @@ -665,6 +665,15 @@ } } else { + cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); + + if (r->headers_in.count++ >= cscf->max_headers) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent too many header lines"); + ngx_http_finalize_request(r, NGX_HTTP_REQUEST_HEADER_TOO_LARGE); + return NGX_ERROR; + } + h = ngx_list_push(&r->headers_in.headers); if (h == NULL) { ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nginx-1.29.7/src/stream/ngx_stream_geo_module.c new/nginx-1.29.8/src/stream/ngx_stream_geo_module.c --- old/nginx-1.29.7/src/stream/ngx_stream_geo_module.c 2026-03-24 16:38:34.000000000 +0100 +++ new/nginx-1.29.8/src/stream/ngx_stream_geo_module.c 2026-04-07 13:37:12.000000000 +0200 @@ -605,7 +605,12 @@ if (ngx_strcmp(value[0].data, "include") == 0) { - rv = ngx_stream_geo_include(cf, ctx, &value[1]); + if (strpbrk((char *) value[1].data, "*?[") == NULL) { + rv = ngx_stream_geo_include(cf, ctx, &value[1]); + + } else { + rv = ngx_conf_include(cf, dummy, conf); + } goto done; } ++++++ nginx.keyring ++++++ --- /var/tmp/diff_new_pack.2jQvd1/_old 2026-04-08 17:14:18.436410262 +0200 +++ /var/tmp/diff_new_pack.2jQvd1/_new 2026-04-08 17:14:18.440410426 +0200 @@ -1,115 +1,66 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBGYXyiQBEAC4jm1y+ODV4+YDGj9vp2BgHB4FJeQdgrBiVX+Mb2qCrEqJgeKV -fVwKjkVYqnb76TTybdOKqCP5wdQrncKAKlXsMq6sdsiwPSrdRcjkeiE29WWrtbB4 -i+VObnoWklMblMxFQ1XQIkjs2wviidKjJw2VV3i4XnLSrHhWaWqviTLZCMQymoPs -F+Tfu1WX9OUfOquekZ5KjkyBxB4ep6+NPeuIkPnW0SiTUhU8tbi8v0aBZEHSZLqE -mq8KLROVuYSPvtU+NtaXAM09BHEVCfb409aDps9p6AFT+IN8yoOegGdEZjp6hJvS -HxbhuwqNEtg4dTEV515YUCgKabqU1QaqI/Y0+Pdkpep1KRFc9YUYttDkCw7Ybu2u -fwTGzwAbD+ThAIOdzmMDodzZaEMf+9fQG4bnO1PdNbXzyP7Kv9qzGa65+9oGCPOS -qTpISR8pvzoI8w/Z/vG71ob/nQ6Xm0L986ksErdGhu16ZI7lW2eDYqy2IoFfbeSz -HHxk484/pEibrlCRbP2Id+zULfxo1HGOGg+PAY9Q2uNzABsGDMnOhIvXHS+hP7oB -sO9A4Prqu6K6cMp3QI219tmmOUegJpmGGPzoNgxR7H30wNcjZPv4PWr/c0fP70Ny -ilgbdcEMDSHks30AmiuIvcUxo3A21p2nnpxsKAKYx42UJkyEK0HILMzcqwARAQAB -tCZSb21hbiBBcnV0eXVueWFuIDxyLmFydXR5dW55YW5AZjUuY29tPokCTgQTAQgA -OBYhBEM4eCXdsbuX7Da6XQB8jXwV2HNpBQJmF8pXAhsDBQsJCAcCBhUKCQgLAgQW -AgMBAh4BAheAAAoJEAB8jXwV2HNppvQP/AjzdPKkGRzJkb1ioto/IEP1YhA/Eayk -hvejJ0vyWVHXXH7FLW9fIZoApcsD1J8/7zIANm+62IfT3QNbL2R44IyhJB3AY22l -t0ToLxodfugegF3NPYYyFOSRUoPD4g2T/dMCPOBX4MNEAnAlCmxAMaJNmQUO76IY -GwELa3CH3Aqf7bthKy8P36G11hu7NgH6V9mVIRIpfnfpXFQIztj+vsWtswu4M5t7 -BNJwx4a2KTCVQpTdff5/0dO/5drQDxLbIg681WZk3Oe8Eu6nSc0Ud02NIkg1TQH/ -MryAp7o/ua3LRem+W/cktnT60p4uXPVZ3Rvg3zOmJSNJ+eIXY2+sDeZEPaROKldA -IbnBacTsZjdswIlrbzinY8ZVRosaFlvHg/ESTBRItALHWCRdzOR1Wv1qy/PQfEEL -qftDsCTQhssP1MHJWlejeqPlND3iT2vBDeOxqd6WhKuAc+L04iyBB6p867pwrgDF -ecg82DPehsAnO2XBAFuIE/SLewkYm0B9HK7/J4LZqPwTAksPf/dnbMAmHWoBDqsu -4U4U4SsJKsZ87R9ao8qO7IWCzHrXavHFmnbqweFfHToeKF/L4PB+tYoW3YmUOged -CglpJv13bNWmRwL7+x8b7BwpVwClxHBHteDX4RIN5iPH9h20J4jIpzRa1kNJsTu1 -v4ZkqLWJlkiiiQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmYdpjsA -CgkQpk/VsXrbOahISgf/U7ZO0yK0PsOcAFTB0TQBCNsAhxtJAEJoVoweuYiLk8jR -0OeDRCy0BC//qWDLFT7NKuP50SM2u0Csbg+n6b0bdy+vXbbGVzIAYzG09rPYe2Q5 -qwqyAx+MMzyICXul9lGNU2qN2qjUXMb0mCWUhxwMvzRUeS7shT1CBhGrnpoYkY56 -NhWj7iG1BbLwYVQzDZC/Rp6rvwJQgZo7+DjaMjryGAEI0ujpUp8ywrPaJpwIuXDI -D5BhcyUaEd3XOondHQNedlgERXHT4pN+oNMPWwN3+DeQYLS3FHiqyz05ZvoeWnao -A2/fWNA+BqIdjilp/TDDI4Ef7c9hp13weaZggYB3M4kBMwQQAQgAHRYhBFc7/Ws9 -j7xkEHmmq6v1vYJ72b9iBQJmHabkAAoJEKv1vYJ72b9iDgoIAP1QJjl4ynLAV9Bo -Ol4AAzxZ3x/2NEgLSnjLfhb/OduDxQlL9oPulWoLDG41xiZJkepEnQWmSsIYF6Xe -RsAB+eREU2uCxqCvBXpyIs5npXvVDV2/PQuVEop7HByx6Hjr9XK8hugihnEi1p+9 -Ecbu+89fi93m3C/5uIIil46cHByjRZ+5Yy1UFUB/wsYud1qMcYmvDaqEo5AqWNcM -gWUFhUfgGTtBbyvIWTeX0NHnrbzHP7lhmPfWsfOjAtO8PpM8Gz5RdNRq44DdRKdG -uWVby/kni868H+8/tHalDR0I9/Mmg2Uax0eggTVpECv/4+xBduqSB2iPwgRnSzhZ -6SVKJvKJAjMEEAEIAB0WIQT5TVS8DF1qZBfIzz/oLBEYr5TfbgUCZh5KVgAKCRDo -LBEYr5TfbitgD/wMamMFfFZnPS7JS1NWEMb5fbhHob1EkmedIpbpRDXUtj0ksehW -ZAEpmVF9btqS4B+B9tSK1VS2sy4XwEGodNVSGxdtF9W8+iAHAb6Hq1Z7ifWyb991 -Kt/pVk/8adxlU4G8h1fq0idhpnI8KvkAlPJR7+PoJOEN1+VdHS6tkE5LMTf6dF9F -iVxKQczOS1b/GmfL3kYfu6UvI07ZuaP+90mOt/TZTwkzsWjRY2vofCIPSDY94rLj -m6PmVFoU3PHLKW7yDz1YXkVE6SgQYGZ2bqB6OHJZnDXUTSHncHTbDVzZQekIs1lP -V6e5N8Xo/VOpv28feKAsBqQ8ML53djmGUL0azjEz1g2kgPmTuZdKzZ5kcUsULdQV -aRKcfyYD1oRpwwlw9GJAxliJHck1IdGGaCslrHtzkh3RMULlloAYitzD9jtKsrOj -R19s+JK/tIfFZZ5gR5qhzgOL8WgkSrIaq2o9R4sigBz1IxnXXC573RDA2F5FAeE/ -K6EmAO+BqVkImZcmP1JsLtr+OM+jihXIILACEJwhOKPtZth9zrLYkXWB1nCaDxHp -XEUpp6UPCQNgNX8NCghnJr5gis/SmYppgFlO9R9yZ7/LtP0tUX0CmhOeqGMnHt4R -F8n8D7EBwMWvWjlUbsDkMKX4JORgojguHJZciWQC1gVRwJ0iTH/ImtzDnbQhUm9t -YW4gQXJ1dHl1bnlhbiA8YXJ1dEBuZ2lueC5jb20+iQJOBBMBCAA4FiEEQzh4Jd2x -u5fsNrpdAHyNfBXYc2kFAmYXyiQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA -CgkQAHyNfBXYc2kRFw//VFuCnW3EwoLCWWgWCikgI9kbVDr0/Qiyf2Gb9sfOyzBN -q/+ZGjTs7EqTHbYUiCTgjy8t0SNKizoCXjSWLToTAXhOeTY3wDuHkdc3C2OPMPgm -HPGmdnfplmsZjj689sy0MTnlLmU/87texR/f3REAKtchVjo5AojuZxXJi+ryBvoz -KXi82M1JaYlIr15T+OiRtfZ3cgfTkb5CRa0YRV7QQ1zhOiF0AFKVVikFwRuquphT -y2cSLILLzOpwG/CjMJzO4VOASmGJmdicIfYSsZSzz37RrcfeYwR6quJ55Y9QF9IU -fg5AHWufpXaf6FbMsW1U1mOq0tMvwvdcO+u5I5SBj6IkqO4zavmW/i5zkxaq96wF -Qn6+oRkqHnNNn0hl/B4MWdEjDJsaDXfkQ3Snn4Bfl1JPT6cH2NDVYQn1siIOim/W -G5lhGLNB1TOAVLHblQ2xILadK0T33y6lfRUV3BOW01BDoF0ndyd7LjG5Di/cjfSo -1hvhTkW7QJGfzVV4IAAxEyHKlmgONfggZoplqukuPsq7eNNRPhvlZq632QXIqt6Y -xE43Nk0O41rX/tWtB7eNcPvfNOc+sGljnCSwpRWyx9xO7plELVD9KdtcyHrIgora -Flh7KsSbppSQ/iUKRNP+lfCQsMa1yrnQyxazss8OGlB7YpUJL4trQW35f/jXFD+J -ATMEEAEIAB0WIQRzOJcwae0/RD9NN9+mT9Wxets5qAUCZh2mQQAKCRCmT9Wxets5 -qPBjB/0SDkET7h/Vw2PJKxuYujsL+tn3SKXshgyCM2u00njJM9TqpZbZV681unKM -l8uHtj9b0Z4U0nHoNEC37wI5FJlxy1hLBw5f2fd/yi8LsD1KP2htjMUW+I2xjcdo -FusQsIF0s8SyW1DZ3vvN2WcZpKHwub1sY9ZFBfxRc6w+33N4dJwXVXP57kj3Ci8j -LDLfkaKyiuYgMtFYZiKKX0tfvaM5pXxLvLOzma9vwfjIMIllooZHDSI65jrbmMv0 -rfDKOX9Ws5Xi8n85jq6Oyq28QPLZUsmymCbhvBwq4FcdiyTl9sxCY4HLq0MzmJJ5 -DMhlFd2Ds3BopFTWCB2fvYyVoXRaiQEzBBABCAAdFiEEVzv9az2PvGQQeaarq/W9 -gnvZv2IFAmYdpugACgkQq/W9gnvZv2Jk4Qf+N0P/7FIHowlO01XmBB5KaztBmVb2 -Tj+jtYgPDHRf86O0kW40Rjx++zMlIRNWK4Ue5PKAi82Yue5uvZcVlpWpx/sMvL+N -C4Xds3Q3qnkxkoemoIMqUKGvePjBpyUWArBkBQ3FrvZtywnzyFWNrvOpeM+5HIuz -WBri/SHBHzQm1/Jl2r5pHcbUdSxB2o1v3f+SaS2vGxwigIf8v44pRfyeWgkoxYgN -+2zR0Ing6URZCYkAbwILsmmWGxJIuq+N9Xs1CQ1WZd5S78p/JBMDQ1prUDLCLFMc -AvlZpQ0HvzEbKGiIVNa1LEQRF4ZWjQOHaPJhg/D3r/Q7VaFlgsOqrwtQaYkCMwQQ -AQgAHRYhBPlNVLwMXWpkF8jPP+gsERivlN9uBQJmHkpZAAoJEOgsERivlN9u8fYQ -AK0s0CvQNTXrg/Oe92Ajj+CpFIGhEUgXsufpg3OF+4doXOoRrVcv6y/0dGC+u899 -Qiz5rzP8JkgT3Bvs/oFbQnESX7zob/GuBiRAnaanQQGjQsc8tXUcIgIB8vZI6Hxr -BZYyjXMrc1fAp1zy6F3YfVtjntp6Zt740zlcFSHPL6pKeNC8lCas7f7EPGm9ERlf -XvPOsMyKVDRTrtYVrQ17pgmWzMFl9eYzAV81X/cK7O9BmTvLb9HB9THl9QM6iKWd -UPNNhMseMA55i1y1trvv2rQSP2tm7xAijlffNu/LHyVjOJA+63rk9JqpQi2O/sI6 -naCZ5kLky3+OisbzJLtsIv3KWGF4jnpZJwPI97UbRAxrBCPd8BDXW06qQ0xfF9GA -sW46IDnf5uNV5Fj9T1IhZUUCU6XwwhcTENwcaJ2hubPzW19gvxieRpxdvnXhjUxR -UgqgFjtlpyBSABYr2REiaBTHkR1qVMa8tThpSyzfmfBNe9chBGQBdDMzTTUDf4dU -cw4UGGPXqrBEapleoZBszXLrZxQxCNmLGFBW3vcJDfRRTvg/OMCIwD72kfd8KY1t -SRRi5vQ3CvV8E0EEXshjxVk0fwS+5muM1thWZM4xCSgyH6Ka/5biMeUv1VNcKJne -J51xs9jfS/JltrT/ahWG4J9msJFtmYyrLh/nMxccXK75uQINBGYXyiQBEAC5tT5O -uysy75BcwAg8jIK+Cw6hNy+riOoCIzsMen8ps4tyDFLmRdpJmVOpmtvESaix2MHf -Hc/t9hOsQ8LmF3kDG/JisDXcB/v28EOiDpp5Ug/5UOFBnbu4DkxbakJF8KF/rQ9t -i29lt03saGCf2XbqzTLI6FvZ2TT8hDwAZF5aOtDEHV3ChBPn6gplnJADiZ9DioMZ -ji1HnL8Zu4IYHMNOgpxULi6TMhBH/MkHbyycOdt/EsQFamnLGeV8KR2fubYjrpbH -pLZzSRepQyvKIhHAFj6DUeDyEt2XAitxI8YI40IVO75Zu8ZZq0qYGML8Am+t6ZjJ -3ZR8/DWjxRUYeo+YVEe5f+oRl5GRNkLtGvTAD38Nb2/7SUYdSXA3y3Ocfo/bySwa -qggeFpDqK5eHXmrO4hvRqYoEyNyW4VQlGyvYq4s2cLeCF/S2w6dV8OFsksIoq8uq -R1/IQ8Bonsf7iAYpsMAZZOGKiJzr01W3GA4Ka3B/MmZP5CysUhFlFxMsDr3/TWfg -p3CHd5yGAnuWWWkjqVQzx0tcub3gyDsHCPuws8P2OKJ2lzNPqpp08MjYMMRZb4Y6 -9REXkKw7kXU8zM5+1IpW2U+z83NU86QR08PTpjATz05ltdGqF82Z+Ygl2nav8oqV -RqNd/k+WE60e1eJmgykjmz6nPbm0S2jt1C7QLQARAQABiQI2BBgBCAAgFiEEQzh4 -Jd2xu5fsNrpdAHyNfBXYc2kFAmYXyiQCGwwACgkQAHyNfBXYc2mTihAAqB+sv9lw -kRorE6iXwvvj2Dt2iIy7jc1AhZQOH/j7B4GHpV3Ej/ptdUwuzj/aX5EnEeDPZ2JU -sSKy2q0RpKGKdKOvgy5yVfd8xqujkawXv26QU53mgyfgQCZLhFFhq0MIAqnxPb8h -SCQeol18Wqs++LjeDMwkgMrHJeNhW2U2llqTS37YfRMOo0Vr022ZHlMlkyMz1sQH -+C2/nzmmtkI4+vlPeccoN+3239YzndW1+XM8S3dXNcsGTyLAbkCowfpuqQdIP0MY -lBwx/Xj9fxBNAuqGVCjrjGMg7mozMkeCDzrAoZiaD3Kud8zSs9VpAyAymrPQJSSS -96b+vr2mDKbV11QJeJZv/d02n4JMjK7Ai//3j/TqkJF4UoYH45g5hvGSrym1UKrf -n8TqHdtTFjcxAMXLbWICHdDk7/0ole8Bl8csiSHyKy/sGJ0b/7zcB88CS8OfsR3C -OanK13emeD6rHOp8wEWA1/PA1JoAC5suS/uIgPWa5ujLaViJ9pW6ohfzMqOtLABF -BB/FgD/qgPF+uTPPLQZw3XO8Q61kFq6x0RJGNgBEOpseounx+T6FCxZqrvjWm/WK -VQUiRBtJIvD7Z8UCP+NUzdj3hwLAXpXrPz0gkcbI+hdlTJHCC6i61Qf5OIWnhtw6 -kZv2zEcTtzlAYNEumy8KrJzICmPLS7BEC8w= -=ilJ3 +mQINBGKE4psBEADpHSM/IxFD1nXBmnODYXzcl2A+6b6m9m1m2Y4Dlr0ed+y5Lxne +QidE9I74A2KSm6+eHW2yh4i1ZwZbmwpmQqM+j5BMt7axoXOdKSyN+fYtUakzNbBN +EDRKT79q/zIzkgTJradHkCQkwF1W3go+qPXjR2ZEnLma9dZED9VNI6PmOpeYaASo +IkEfbKbwa/vPrvnDSSYY6Y02RXSRk5U1NvQgVUTJP9WGK7NlPUcTBDELLQv6fFPU +kjBOel6MecsQ+v8iq4RJF2cbVF0hNjbAiNldjLV74Xd7yWVRlCbdb2agyvQjMNrD +jHSvbEMiNB3R8yBHVW2Zldv8q0XjcwoDfdiZYFJe3lRUYmv6I2p+/DptD4r/3ILI +peGZtSeOdQEw+vvODL/Ehq03anTrzcpZ6sDLfLrYJhYcrltj0/LMUnLDAjciwRUq +XI46EfxwqsdLeqoZFQeO3LOFsh0kJKR2xOrUHIVy84NJ4Gmro6WmUkb1NfdjyHzF +z8Lfbo46NKoTcwFsFF0q74jVVIVNUyIS91DusiMqLCsP8jqDOz/kyP4bOJQ+aUXf +BANn4Ll1TFWsJ417moxz+Pi5sTaI0na8z2XB1N9WPsSml3FS75hJPJshN2T3VIea +zB7GFWqk33ynSDt+cAisG5nsK9fFdcH+t5wm59oobyFbFhKxwX6ROuxlZwARAQAB +tCRTZXJnZXkgS2FuZGF1cm92IDxwbHVrbmV0QG5naW54LmNvbT6JAk4EEwEKADgW +IQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoTimwIbAwULCQgHAwUVCgkICwUWAwIB +AAIeAQIXgAAKCRDIRk1UmvdcCqbOD/9Htgk3mWvUFmrApkWQTIDNmLACZ1Sw1PXj +Uqte8StYB0bYY+nmAXs7O5eC2h1ViParl7En1joEEMQQmH0qSnw4X1CM/hA8TAYW +mBPITTNWo/R52WoyWeWGFnFNIperQmuIZc+pXm0VEFVPiX/2DXbCIu+jaXySvlCN +LekmOD4VC7dJS8/ohoaXOR2T8ufS+1CsyPXomEb+COhqRZ3EVBa+k7pnElkFft3Y +a1fR0AgatZFQpy+ukePhK7s/M5RGhDJWHgSAZFkf+X2jVV4NRJ+XsY80gU5DD2ZX +QT6Je6Knxqk7FnWNSxkhReH6Ss5flZSoGDCmJ2AsPtGeUhus2fGqeN+waGKTZC35 +die2V4/cro1SWswSI6Y5GFDZT1olIUztPmSXU/A3oyizJI7XZybwUbpk5kK83VXm +el3U/7Qr/VErlDWFefZWeUvT1RILZ8IRoNj4dv158RnKHt9G508A5qz4hUPKoSeq +SiXhYwfkc31WPzIJ4ev+X5Ka2sG/CKbEMJ7qwc0Kadiu+ePPfqqbXjpTWRyrbcRM +hRNcLNUi1SLWMBClOQG+5GNG1dPPHkbj4dO1OZuaUMwQdu8R8NlsGoVWS40bmVv5 +pXstzYCl7k/UnC/Ytlq61GeAoq8ILa6jGj0EWqlhvi0ZNMN+fROhzrRlTzIr/+WE +Xf8EiVNFSbQlU2VyZ2V5IEthbmRhdXJvdiA8cy5rYW5kYXVyb3ZAZjUuY29tPokC +TgQTAQoAOBYhBNZ4bOMD2akCKZjcbMhGTVSa91wKBQJihO2zAhsDBQsJCAcDBRUK +CQgLBRYDAgEAAh4BAheAAAoJEMhGTVSa91wKgLQQANaf4UMndkWoefDQPkJ5qR4K +fuV0WRz59riZEApTkVpPXzl8Y1i8Rgt9pa1v1i12vPyIXKav1rJXQcuDEzqrhQ2G +yvuAE2U/t2mYaMUmwxWO2d8JA3slvBSgOkiYpbLooDizAdKMT5UQWGyw31Wm51iz +HjoztebsyXeXgq9VDjv3D8LUBr/OY3Hguj6HV+zRtC95qgXYadW2FiCtvBK6RTDb +iShTuseLSheGh9dZIUSnzaOiJpDA61ZDYtFZxSpe67vEzhSfHVsF+ZdCjoWhhVv+ ++2wR4E0VQQtOM9uX1PMlZ5Ymr02/gidsXCM0ZjYXx4cDDhnq+nKomN64VloXWY9t +PIi86XmzcSWlGUd+Ac6LyW7/f64bUWs4Ih0Idl0PF0sAr/6axKUsIs1nbn5MEtXk +ZPAjcDLqLb9IIQaXRurm/il8v+bLXVBOJq33YUuGRuz8pu4vPA5Q97zglqhlIgbu +prHMJ9hl5q39JwS3As2rK0o6Q9VVKr29rqSEfk4wEttvk0QMMU5zEvVl8MtqPj42 +qURqpHOadFbYMTwhUmRBUszRZPa5/pWqq0gWOtpyCWFVAsHFWQGJM1Eo6gGEyHZM +YgBp+d29p2p409r1+06U67GBnXvUy0RyIpkLQtU+lyOJ6vvrBmmsDs/gc69GnlSC +tZmCt0pLesJ7ZJzGdDkduQINBGKE4psBEADQr/enuDeVT11v6ejuYrg7aaZaGFUe +3i28bQ4pRUKNfxs7zVYDDHi2i2bhS5j2yQnbsQtGcgoenw6lapmdQRzr4vjQAz9o +kT6l4qpqvFFQM0wZTnigVDmmO9vTHR8Uk3iCKTd2ax3oko/xPWWYJautJ6ex8cOA +coHSDeOjuIWSxCKq0BDFp6LoxkM8nuyLAX2cbhI3LncaZhVveMeN+Fmcsv+WpkKs +yhX92umZuGwlraSyFy23FiRWSZPu9qVIxMMHvVrQJIgfhyWaHFzoF4M4qDoSKx92 +uWfUWgFwPOxOJ6/YcPsX4T8qTl9htmwPN0BibPTlcWaIFXtiU5bE1MivUPeACrI/ +gwUfCR3Mg+GYc13C6jzepREUhI7PLi3+A203PlMZd/aaSZkP6j+h4cwdapH5P4uF +7T1EQ0MSdx3neAvu5p0IM6JpriwxfT3HsG+Y952T6MIeXcjNRebsBrygJhJ0/vyr +wV5t8jL0yQty4CiE/QFnBs42l+rngi7K7Y1AZRBGK7JA09XaoLrfLmS+PrbYPsaJ +flkM8GzUB7BBCLozxDHPzmPkf/A1w3XHZnYuZmS+pvjWCIoKpLQHI99oSUGho/TR +gMRO4v7EAzluqCiepMl0xwFfHB115ND/mATazc4Pt6FxUsqffzfZrN01e1UVPrp5 +4x6YLO80JnOY6QARAQABiQI2BBgBCgAgFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoF +AmKE4psCGwwACgkQyEZNVJr3XAp9ghAAgCgErxQYn/Lh/mzsxYXPnisggcBpceks +mGw7knj1EGkXqq9CHn3EjCw8dB5N857UFlUr++DHwpFL5O36PRQo33RIUFbmBypG +8C/xX1jWGu3xcaqS3P1ncsSSl6ckdvy9pjMxThm/RkXO0eJCn7FcanwPJXEB3Pbb +mm0wLI2OXl/m7l5QAr7kErnPvGNzcbX6G35Q/MY8mumBWQ9H53R5ZPpi+OS40Wfn +pZNKdh/Acwa7+2RokPqoOcJfxVdBOUigXTzb45qZgqEsSR7bkZAy2E80A/sJKPqs +OGjp9cog3rBYyNBn5dasfR9KeBtluKnjUbzutXsQoKUSECY00YGrtneSXMku5hoE +Dguk68w/L63ZApYHO/JTgJAYvqPOErAVUegPIw2CT1/2qi5vpClBcKkNS7RXrssA +X+lElE0zbzX3bNG+lQuXby7jNUFYltkEiz6vTtc4HuHy8u40DHMswzkoDr0T8IE0 +7ZRAWXwV1nlA/dI337cHCsWMJyqem5wZZO13iqe07qaCg1uvBPeqDo81hOCn1us7 +l5SYRUTlt7KSFEHZ+Sx4bmVneAuRi5okaQdmrepy/ss/vVpRwWuQxsPkvT8boS7s +mqOVsZFcNOuUJPUyOz1dHUL6FMYpk1dw+9n41gO4fLBzJekFTB/fxL6SRbYFWWn7 +x0VGHDmuaYQ= +=HmVo -----END PGP PUBLIC KEY BLOCK-----
