commit nginx for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package nginx for openSUSE:Factory checked 
in at 2024-06-04 12:50:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nginx (Old)
 and      /work/SRC/openSUSE:Factory/.nginx.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nginx"

Tue Jun  4 12:50:42 2024 rev:90 rq:1177870 version:1.27.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/nginx/nginx.changes      2024-05-13 
01:19:21.563171865 +0200
+++ /work/SRC/openSUSE:Factory/.nginx.new.24587/nginx.changes   2024-06-04 
12:51:08.967866511 +0200
@@ -1,0 +2,12 @@
+Fri May 31 08:48:36 UTC 2024 - Илья Индиго <i...@ilya.top>
+
+- Updated to 1.27.0
+  * Changed nginx.keyring to Sergey Kandaurov’s PGP public key.
+  * https://nginx.org/en/CHANGES
+  * Added variables support in the "proxy_limit_rate", "fastcgi_limit_rate",
+    "scgi_limit_rate", and "uwsgi_limit_rate" directives.
+  * Fixed reduced memory consumption for long-lived requests if "gzip",
+    "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
+  * Fixed building with gcc 14 with --with-atomic option.
+
+-------------------------------------------------------------------

Old:
----
  nginx-1.25.5.tar.gz
  nginx-1.25.5.tar.gz.asc

New:
----
  nginx-1.27.0.tar.gz
  nginx-1.27.0.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nginx.spec ++++++
--- /var/tmp/diff_new_pack.yJ986f/_old  2024-06-04 12:51:10.031905123 +0200
+++ /var/tmp/diff_new_pack.yJ986f/_new  2024-06-04 12:51:10.031905123 +0200
@@ -23,7 +23,7 @@
 %bcond_with    ngx_google_perftools
 #
 Name:           nginx
-Version:        1.25.5
+Version:        1.27.0
 Release:        0
 Summary:        A HTTP server and IMAP/POP3 proxy server
 License:        BSD-2-Clause
@@ -31,7 +31,7 @@
 URL:            https://nginx.org
 Source0:        https://nginx.org/download/%{name}-%{version}.tar.gz
 Source1:        https://nginx.org/download/%{name}-%{version}.tar.gz.asc
-Source2:        https://nginx.org/keys/arut.key#/%{name}.keyring
+Source2:        https://nginx.org/keys/pluknet.key#/%{name}.keyring
 Source3:        %{name}.rpmlintrc
 Source4:        %{name}.logrotate
 Source5:        %{name}.service

++++++ nginx-1.25.5.tar.gz -> nginx-1.27.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/CHANGES new/nginx-1.27.0/CHANGES
--- old/nginx-1.25.5/CHANGES    2024-04-16 16:37:23.000000000 +0200
+++ new/nginx-1.27.0/CHANGES    2024-05-29 16:30:32.000000000 +0200
@@ -1,4 +1,27 @@
 
+Changes with nginx 1.27.0                                        29 May 2024
+
+    *) Security: when using HTTP/3, processing of a specially crafted QUIC
+       session might cause a worker process crash, worker process memory
+       disclosure on systems with MTU larger than 4096 bytes, or might have
+       potential other impact (CVE-2024-32760, CVE-2024-31079,
+       CVE-2024-35200, CVE-2024-34161).
+       Thanks to Nils Bars of CISPA.
+
+    *) Feature: variables support in the "proxy_limit_rate",
+       "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
+       directives.
+
+    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
+       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
+
+    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
+       option was used.
+       Thanks to Edgar Bonet.
+
+    *) Bugfixes in HTTP/3.
+
+
 Changes with nginx 1.25.5                                        16 Apr 2024
 
     *) Feature: virtual servers in the stream module.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/CHANGES.ru new/nginx-1.27.0/CHANGES.ru
--- old/nginx-1.25.5/CHANGES.ru 2024-04-16 16:37:23.000000000 +0200
+++ new/nginx-1.27.0/CHANGES.ru 2024-05-29 16:30:32.000000000 +0200
@@ -1,4 +1,27 @@
 
+Изменения в nginx 1.27.0                                          
29.05.2024
+
+    *) Безопасность: при использовании HTTP/3 
обработка специально созданной
+       QUIC-сессии могла приводить к падению 
рабочего процесса, отправке
+       клиенту содержимого памяти рабочего 
процесса на системах с MTU больше
+       4096 байт, а также потенциально могла 
иметь другие последствия
+       (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161).
+       Спасибо Nils Bars из CISPA.
+
+    *) Добавление: директивы proxy_limit_rate, 
fastcgi_limit_rate,
+       scgi_limit_rate и uwsgi_limit_rate поддерживают 
переменные.
+
+    *) Исправление: уменьшено потребление 
памяти для долгоживущих запросов,
+       если используются директивы gzip, gunzip, ssi, 
sub_filter или
+       grpc_pass.
+
+    *) Исправление: nginx не собирался gcc 14, если 
использовался параметр
+       --with-atomic.
+       Спасибо Edgar Bonet.
+
+    *) Исправления в HTTP/3.
+
+
 Изменения в nginx 1.25.5                                          
16.04.2024
 
     *) Добавление: виртуальные сервера в 
модуле stream.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/auto/lib/libatomic/conf 
new/nginx-1.27.0/auto/lib/libatomic/conf
--- old/nginx-1.25.5/auto/lib/libatomic/conf    2024-04-16 16:29:59.000000000 
+0200
+++ new/nginx-1.27.0/auto/lib/libatomic/conf    2024-05-28 15:22:30.000000000 
+0200
@@ -19,7 +19,7 @@
                       #include <atomic_ops.h>"
     ngx_feature_path=
     ngx_feature_libs="-latomic_ops"
-    ngx_feature_test="long  n = 0;
+    ngx_feature_test="AO_t  n = 0;
                       if (!AO_compare_and_swap(&n, 0, 1))
                           return 1;
                       if (AO_fetch_and_add(&n, 1) != 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/core/nginx.h 
new/nginx-1.27.0/src/core/nginx.h
--- old/nginx-1.25.5/src/core/nginx.h   2024-04-16 16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/core/nginx.h   2024-05-28 15:22:30.000000000 +0200
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1025005
-#define NGINX_VERSION      "1.25.5"
+#define nginx_version      1027000
+#define NGINX_VERSION      "1.27.0"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #ifdef NGX_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/core/ngx_output_chain.c 
new/nginx-1.27.0/src/core/ngx_output_chain.c
--- old/nginx-1.25.5/src/core/ngx_output_chain.c        2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/core/ngx_output_chain.c        2024-05-28 
15:22:30.000000000 +0200
@@ -117,7 +117,10 @@
 
                 ngx_debug_point();
 
-                ctx->in = ctx->in->next;
+                cl = ctx->in;
+                ctx->in = cl->next;
+
+                ngx_free_chain(ctx->pool, cl);
 
                 continue;
             }
@@ -203,7 +206,10 @@
             /* delete the completed buf from the ctx->in chain */
 
             if (ngx_buf_size(ctx->in->buf) == 0) {
-                ctx->in = ctx->in->next;
+                cl = ctx->in;
+                ctx->in = cl->next;
+
+                ngx_free_chain(ctx->pool, cl);
             }
 
             cl = ngx_alloc_chain_link(ctx->pool);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/event/ngx_event_openssl.c 
new/nginx-1.27.0/src/event/ngx_event_openssl.c
--- old/nginx-1.25.5/src/event/ngx_event_openssl.c      2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/event/ngx_event_openssl.c      2024-05-28 
15:22:30.000000000 +0200
@@ -764,13 +764,13 @@
 
         engine = ENGINE_by_id((char *) p);
 
+        *last++ = ':';
+
         if (engine == NULL) {
             *err = "ENGINE_by_id() failed";
             return NULL;
         }
 
-        *last++ = ':';
-
         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
 
         if (pkey == NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/event/quic/ngx_event_quic_frames.c 
new/nginx-1.27.0/src/event/quic/ngx_event_quic_frames.c
--- old/nginx-1.25.5/src/event/quic/ngx_event_quic_frames.c     2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/event/quic/ngx_event_quic_frames.c     2024-05-28 
15:22:30.000000000 +0200
@@ -648,6 +648,7 @@
     ngx_quic_free_chain(c, qb->chain);
 
     qb->chain = NULL;
+    qb->last_chain = NULL;
 }
 
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/event/quic/ngx_event_quic_ssl.c 
new/nginx-1.27.0/src/event/quic/ngx_event_quic_ssl.c
--- old/nginx-1.25.5/src/event/quic/ngx_event_quic_ssl.c        2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/event/quic/ngx_event_quic_ssl.c        2024-05-28 
15:22:30.000000000 +0200
@@ -326,6 +326,11 @@
     ngx_quic_crypto_frame_t  *f;
 
     qc = ngx_quic_get_connection(c);
+
+    if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
+        return NGX_OK;
+    }
+
     ctx = ngx_quic_get_send_ctx(qc, pkt->level);
     f = &frame->u.crypto;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/event/quic/ngx_event_quic_transport.c 
new/nginx-1.27.0/src/event/quic/ngx_event_quic_transport.c
--- old/nginx-1.25.5/src/event/quic/ngx_event_quic_transport.c  2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/event/quic/ngx_event_quic_transport.c  2024-05-28 
15:22:30.000000000 +0200
@@ -1750,6 +1750,14 @@
             return NGX_ERROR;
         }
 
+        if ((size_t) (end - p) < len) {
+            ngx_log_error(NGX_LOG_INFO, log, 0,
+                          "quic failed to parse"
+                          " transport param id:0x%xL, data length %uL too 
long",
+                          id, len);
+            return NGX_ERROR;
+        }
+
         rc = ngx_quic_parse_transport_param(p, p + len, id, tp);
 
         if (rc == NGX_ERROR) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_fastcgi_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_fastcgi_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_fastcgi_module.c 2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_fastcgi_module.c 2024-05-28 
15:22:30.000000000 +0200
@@ -375,7 +375,7 @@
 
     { ngx_string("fastcgi_limit_rate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-      ngx_conf_set_size_slot,
+      ngx_http_set_complex_value_size_slot,
       NGX_HTTP_LOC_CONF_OFFSET,
       offsetof(ngx_http_fastcgi_loc_conf_t, upstream.limit_rate),
       NULL },
@@ -2898,7 +2898,7 @@
 
     conf->upstream.send_lowat = NGX_CONF_UNSET_SIZE;
     conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
-    conf->upstream.limit_rate = NGX_CONF_UNSET_SIZE;
+    conf->upstream.limit_rate = NGX_CONF_UNSET_PTR;
 
     conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;
     conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE;
@@ -3015,8 +3015,8 @@
                               prev->upstream.buffer_size,
                               (size_t) ngx_pagesize);
 
-    ngx_conf_merge_size_value(conf->upstream.limit_rate,
-                              prev->upstream.limit_rate, 0);
+    ngx_conf_merge_ptr_value(conf->upstream.limit_rate,
+                              prev->upstream.limit_rate, NULL);
 
 
     ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/modules/ngx_http_grpc_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_grpc_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_grpc_module.c    2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_grpc_module.c    2024-05-28 
15:22:30.000000000 +0200
@@ -1231,7 +1231,7 @@
     ngx_buf_t              *b;
     ngx_int_t               rc;
     ngx_uint_t              next, last;
-    ngx_chain_t            *cl, *out, **ll;
+    ngx_chain_t            *cl, *out, *ln, **ll;
     ngx_http_upstream_t    *u;
     ngx_http_grpc_ctx_t    *ctx;
     ngx_http_grpc_frame_t  *f;
@@ -1459,7 +1459,10 @@
             last = 1;
         }
 
+        ln = in;
         in = in->next;
+
+        ngx_free_chain(r->pool, ln);
     }
 
     ctx->in = in;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_gunzip_filter_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_gunzip_filter_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_gunzip_filter_module.c   
2024-04-16 16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_gunzip_filter_module.c   
2024-05-28 15:22:30.000000000 +0200
@@ -333,6 +333,8 @@
 ngx_http_gunzip_filter_add_data(ngx_http_request_t *r,
     ngx_http_gunzip_ctx_t *ctx)
 {
+    ngx_chain_t  *cl;
+
     if (ctx->zstream.avail_in || ctx->flush != Z_NO_FLUSH || ctx->redo) {
         return NGX_OK;
     }
@@ -344,8 +346,11 @@
         return NGX_DECLINED;
     }
 
-    ctx->in_buf = ctx->in->buf;
-    ctx->in = ctx->in->next;
+    cl = ctx->in;
+    ctx->in_buf = cl->buf;
+    ctx->in = cl->next;
+
+    ngx_free_chain(r->pool, cl);
 
     ctx->zstream.next_in = ctx->in_buf->pos;
     ctx->zstream.avail_in = ctx->in_buf->last - ctx->in_buf->pos;
@@ -374,6 +379,7 @@
 ngx_http_gunzip_filter_get_buf(ngx_http_request_t *r,
     ngx_http_gunzip_ctx_t *ctx)
 {
+    ngx_chain_t             *cl;
     ngx_http_gunzip_conf_t  *conf;
 
     if (ctx->zstream.avail_out) {
@@ -383,8 +389,12 @@
     conf = ngx_http_get_module_loc_conf(r, ngx_http_gunzip_filter_module);
 
     if (ctx->free) {
-        ctx->out_buf = ctx->free->buf;
-        ctx->free = ctx->free->next;
+
+        cl = ctx->free;
+        ctx->out_buf = cl->buf;
+        ctx->free = cl->next;
+
+        ngx_free_chain(r->pool, cl);
 
         ctx->out_buf->flush = 0;
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_gzip_filter_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_gzip_filter_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_gzip_filter_module.c     
2024-04-16 16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_gzip_filter_module.c     
2024-05-28 15:22:30.000000000 +0200
@@ -985,10 +985,14 @@
 ngx_http_gzip_filter_free_copy_buf(ngx_http_request_t *r,
     ngx_http_gzip_ctx_t *ctx)
 {
-    ngx_chain_t  *cl;
+    ngx_chain_t  *cl, *ln;
 
-    for (cl = ctx->copied; cl; cl = cl->next) {
-        ngx_pfree(r->pool, cl->buf->start);
+    for (cl = ctx->copied; cl; /* void */) {
+        ln = cl;
+        cl = cl->next;
+
+        ngx_pfree(r->pool, ln->buf->start);
+        ngx_free_chain(r->pool, ln);
     }
 
     ctx->copied = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_proxy_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_proxy_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_proxy_module.c   2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_proxy_module.c   2024-05-28 
15:22:30.000000000 +0200
@@ -494,7 +494,7 @@
 
     { ngx_string("proxy_limit_rate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-      ngx_conf_set_size_slot,
+      ngx_http_set_complex_value_size_slot,
       NGX_HTTP_LOC_CONF_OFFSET,
       offsetof(ngx_http_proxy_loc_conf_t, upstream.limit_rate),
       NULL },
@@ -3371,7 +3371,7 @@
 
     conf->upstream.send_lowat = NGX_CONF_UNSET_SIZE;
     conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
-    conf->upstream.limit_rate = NGX_CONF_UNSET_SIZE;
+    conf->upstream.limit_rate = NGX_CONF_UNSET_PTR;
 
     conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;
     conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE;
@@ -3515,8 +3515,8 @@
                               prev->upstream.buffer_size,
                               (size_t) ngx_pagesize);
 
-    ngx_conf_merge_size_value(conf->upstream.limit_rate,
-                              prev->upstream.limit_rate, 0);
+    ngx_conf_merge_ptr_value(conf->upstream.limit_rate,
+                              prev->upstream.limit_rate, NULL);
 
     ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
                               8, ngx_pagesize);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/modules/ngx_http_scgi_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_scgi_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_scgi_module.c    2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_scgi_module.c    2024-05-28 
15:22:30.000000000 +0200
@@ -223,7 +223,7 @@
 
     { ngx_string("scgi_limit_rate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-      ngx_conf_set_size_slot,
+      ngx_http_set_complex_value_size_slot,
       NGX_HTTP_LOC_CONF_OFFSET,
       offsetof(ngx_http_scgi_loc_conf_t, upstream.limit_rate),
       NULL },
@@ -1301,7 +1301,7 @@
 
     conf->upstream.send_lowat = NGX_CONF_UNSET_SIZE;
     conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
-    conf->upstream.limit_rate = NGX_CONF_UNSET_SIZE;
+    conf->upstream.limit_rate = NGX_CONF_UNSET_PTR;
 
     conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;
     conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE;
@@ -1413,8 +1413,8 @@
                               prev->upstream.buffer_size,
                               (size_t) ngx_pagesize);
 
-    ngx_conf_merge_size_value(conf->upstream.limit_rate,
-                              prev->upstream.limit_rate, 0);
+    ngx_conf_merge_ptr_value(conf->upstream.limit_rate,
+                              prev->upstream.limit_rate, NULL);
 
 
     ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_ssi_filter_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_ssi_filter_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_ssi_filter_module.c      
2024-04-16 16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_ssi_filter_module.c      
2024-05-28 15:22:30.000000000 +0200
@@ -482,9 +482,13 @@
     while (ctx->in || ctx->buf) {
 
         if (ctx->buf == NULL) {
-            ctx->buf = ctx->in->buf;
-            ctx->in = ctx->in->next;
+
+            cl = ctx->in;
+            ctx->buf = cl->buf;
+            ctx->in = cl->next;
             ctx->pos = ctx->buf->pos;
+
+            ngx_free_chain(r->pool, cl);
         }
 
         if (ctx->state == ssi_start_state) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_sub_filter_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_sub_filter_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_sub_filter_module.c      
2024-04-16 16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_sub_filter_module.c      
2024-05-28 15:22:30.000000000 +0200
@@ -335,9 +335,13 @@
     while (ctx->in || ctx->buf) {
 
         if (ctx->buf == NULL) {
-            ctx->buf = ctx->in->buf;
-            ctx->in = ctx->in->next;
+
+            cl = ctx->in;
+            ctx->buf = cl->buf;
+            ctx->in = cl->next;
             ctx->pos = ctx->buf->pos;
+
+            ngx_free_chain(r->pool, cl);
         }
 
         if (ctx->buf->flush || ctx->buf->recycled) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/nginx-1.25.5/src/http/modules/ngx_http_uwsgi_module.c 
new/nginx-1.27.0/src/http/modules/ngx_http_uwsgi_module.c
--- old/nginx-1.25.5/src/http/modules/ngx_http_uwsgi_module.c   2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/modules/ngx_http_uwsgi_module.c   2024-05-28 
15:22:30.000000000 +0200
@@ -289,7 +289,7 @@
 
     { ngx_string("uwsgi_limit_rate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-      ngx_conf_set_size_slot,
+      ngx_http_set_complex_value_size_slot,
       NGX_HTTP_LOC_CONF_OFFSET,
       offsetof(ngx_http_uwsgi_loc_conf_t, upstream.limit_rate),
       NULL },
@@ -1532,7 +1532,7 @@
 
     conf->upstream.send_lowat = NGX_CONF_UNSET_SIZE;
     conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
-    conf->upstream.limit_rate = NGX_CONF_UNSET_SIZE;
+    conf->upstream.limit_rate = NGX_CONF_UNSET_PTR;
 
     conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;
     conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE;
@@ -1656,8 +1656,8 @@
                               prev->upstream.buffer_size,
                               (size_t) ngx_pagesize);
 
-    ngx_conf_merge_size_value(conf->upstream.limit_rate,
-                              prev->upstream.limit_rate, 0);
+    ngx_conf_merge_ptr_value(conf->upstream.limit_rate,
+                              prev->upstream.limit_rate, NULL);
 
 
     ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/ngx_http_upstream.c 
new/nginx-1.27.0/src/http/ngx_http_upstream.c
--- old/nginx-1.25.5/src/http/ngx_http_upstream.c       2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/ngx_http_upstream.c       2024-05-28 
15:22:30.000000000 +0200
@@ -3236,7 +3236,7 @@
     p->downstream = c;
     p->pool = r->pool;
     p->log = c->log;
-    p->limit_rate = u->conf->limit_rate;
+    p->limit_rate = ngx_http_complex_value_size(r, u->conf->limit_rate, 0);
     p->start_sec = ngx_time();
 
     p->cacheable = u->cacheable || u->store;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/ngx_http_upstream.h 
new/nginx-1.27.0/src/http/ngx_http_upstream.h
--- old/nginx-1.25.5/src/http/ngx_http_upstream.h       2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/ngx_http_upstream.h       2024-05-28 
15:22:30.000000000 +0200
@@ -156,7 +156,7 @@
 
     size_t                           send_lowat;
     size_t                           buffer_size;
-    size_t                           limit_rate;
+    ngx_http_complex_value_t        *limit_rate;
 
     size_t                           busy_buffers_size;
     size_t                           max_temp_file_size;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/v3/ngx_http_v3_parse.c 
new/nginx-1.27.0/src/http/v3/ngx_http_v3_parse.c
--- old/nginx-1.25.5/src/http/v3/ngx_http_v3_parse.c    2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/v3/ngx_http_v3_parse.c    2024-05-28 
15:22:30.000000000 +0200
@@ -810,6 +810,7 @@
 
             st->literal.length = st->pint.value;
             if (st->literal.length == 0) {
+                st->value.data = (u_char *) "";
                 goto done;
             }
 
@@ -932,6 +933,7 @@
 
             st->literal.length = st->pint.value;
             if (st->literal.length == 0) {
+                st->value.data = (u_char *) "";
                 goto done;
             }
 
@@ -1072,6 +1074,7 @@
 
             st->literal.length = st->pint.value;
             if (st->literal.length == 0) {
+                st->value.data = (u_char *) "";
                 goto done;
             }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/v3/ngx_http_v3_request.c 
new/nginx-1.27.0/src/http/v3/ngx_http_v3_request.c
--- old/nginx-1.25.5/src/http/v3/ngx_http_v3_request.c  2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/v3/ngx_http_v3_request.c  2024-05-28 
15:22:30.000000000 +0200
@@ -134,7 +134,17 @@
         }
     }
 
-    return ngx_http_v3_send_settings(c);
+    if (ngx_http_v3_send_settings(c) != NGX_OK) {
+        return NGX_ERROR;
+    }
+
+    if (h3scf->max_table_capacity > 0) {
+        if (ngx_http_v3_get_uni_stream(c, NGX_HTTP_V3_STREAM_DECODER) == NULL) 
{
+            return NGX_ERROR;
+        }
+    }
+
+    return NGX_OK;
 }
 
 
@@ -398,14 +408,12 @@
 void
 ngx_http_v3_reset_stream(ngx_connection_t *c)
 {
-    ngx_http_v3_session_t   *h3c;
-    ngx_http_v3_srv_conf_t  *h3scf;
-
-    h3scf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module);
+    ngx_http_v3_session_t  *h3c;
 
     h3c = ngx_http_v3_get_session(c);
 
-    if (h3scf->max_table_capacity > 0 && !c->read->eof && !h3c->hq
+    if (!c->read->eof && !h3c->hq
+        && h3c->known_streams[NGX_HTTP_V3_STREAM_SERVER_DECODER]
         && (c->quic->id & NGX_QUIC_STREAM_UNIDIRECTIONAL) == 0)
     {
         (void) ngx_http_v3_send_cancel_stream(c, c->quic->id);
@@ -1575,6 +1583,15 @@
                 /* rc == NGX_OK */
 
                 if (max != -1 && (uint64_t) (max - rb->received) < st->length) 
{
+
+                    if (r->headers_in.content_length_n != -1) {
+                        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                                      "client intended to send body data "
+                                      "larger than declared");
+
+                        return NGX_HTTP_BAD_REQUEST;
+                    }
+
                     ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                                   "client intended to send too large "
                                   "body: %O+%ui bytes",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/v3/ngx_http_v3_table.c 
new/nginx-1.27.0/src/http/v3/ngx_http_v3_table.c
--- old/nginx-1.25.5/src/http/v3/ngx_http_v3_table.c    2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/v3/ngx_http_v3_table.c    2024-05-28 
15:22:30.000000000 +0200
@@ -308,7 +308,7 @@
     prev_max = dt->capacity / 32;
 
     if (max > prev_max) {
-        elts = ngx_alloc(max * sizeof(void *), c->log);
+        elts = ngx_alloc((max + 1) * sizeof(void *), c->log);
         if (elts == NULL) {
             return NGX_ERROR;
         }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/v3/ngx_http_v3_uni.c 
new/nginx-1.27.0/src/http/v3/ngx_http_v3_uni.c
--- old/nginx-1.25.5/src/http/v3/ngx_http_v3_uni.c      2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/v3/ngx_http_v3_uni.c      2024-05-28 
15:22:30.000000000 +0200
@@ -20,8 +20,6 @@
 static void ngx_http_v3_uni_read_handler(ngx_event_t *rev);
 static void ngx_http_v3_uni_dummy_read_handler(ngx_event_t *wev);
 static void ngx_http_v3_uni_dummy_write_handler(ngx_event_t *wev);
-static ngx_connection_t *ngx_http_v3_get_uni_stream(ngx_connection_t *c,
-    ngx_uint_t type);
 
 
 void
@@ -307,7 +305,7 @@
 }
 
 
-static ngx_connection_t *
+ngx_connection_t *
 ngx_http_v3_get_uni_stream(ngx_connection_t *c, ngx_uint_t type)
 {
     u_char                     buf[NGX_HTTP_V3_VARLEN_INT_LEN];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/http/v3/ngx_http_v3_uni.h 
new/nginx-1.27.0/src/http/v3/ngx_http_v3_uni.h
--- old/nginx-1.25.5/src/http/v3/ngx_http_v3_uni.h      2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/http/v3/ngx_http_v3_uni.h      2024-05-28 
15:22:30.000000000 +0200
@@ -19,6 +19,8 @@
 
 ngx_int_t ngx_http_v3_cancel_stream(ngx_connection_t *c, ngx_uint_t stream_id);
 
+ngx_connection_t *ngx_http_v3_get_uni_stream(ngx_connection_t *c,
+    ngx_uint_t type);
 ngx_int_t ngx_http_v3_send_settings(ngx_connection_t *c);
 ngx_int_t ngx_http_v3_send_goaway(ngx_connection_t *c, uint64_t id);
 ngx_int_t ngx_http_v3_send_ack_section(ngx_connection_t *c,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/nginx-1.25.5/src/stream/ngx_stream_pass_module.c 
new/nginx-1.27.0/src/stream/ngx_stream_pass_module.c
--- old/nginx-1.25.5/src/stream/ngx_stream_pass_module.c        2024-04-16 
16:29:59.000000000 +0200
+++ new/nginx-1.27.0/src/stream/ngx_stream_pass_module.c        2024-05-28 
15:22:30.000000000 +0200
@@ -83,6 +83,11 @@
 
     c->log->action = "passing connection to port";
 
+    if (c->type == SOCK_DGRAM) {
+        ngx_log_error(NGX_LOG_ERR, c->log, 0, "cannot pass udp connection");
+        goto failed;
+    }
+
     if (c->buffer && c->buffer->pos != c->buffer->last) {
         ngx_log_error(NGX_LOG_ERR, c->log, 0,
                       "cannot pass connection with preread data");
@@ -217,6 +222,10 @@
 static ngx_int_t
 ngx_stream_pass_match(ngx_listening_t *ls, ngx_addr_t *addr)
 {
+    if (ls->type == SOCK_DGRAM) {
+        return NGX_DECLINED;
+    }
+
     if (!ls->wildcard) {
         return ngx_cmp_sockaddr(ls->sockaddr, ls->socklen,
                                 addr->sockaddr, addr->socklen, 1);

++++++ nginx.keyring ++++++
--- /var/tmp/diff_new_pack.yJ986f/_old  2024-06-04 12:51:10.355916880 +0200
+++ /var/tmp/diff_new_pack.yJ986f/_new  2024-06-04 12:51:10.359917026 +0200
@@ -1,115 +1,66 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBGYXyiQBEAC4jm1y+ODV4+YDGj9vp2BgHB4FJeQdgrBiVX+Mb2qCrEqJgeKV
-fVwKjkVYqnb76TTybdOKqCP5wdQrncKAKlXsMq6sdsiwPSrdRcjkeiE29WWrtbB4
-i+VObnoWklMblMxFQ1XQIkjs2wviidKjJw2VV3i4XnLSrHhWaWqviTLZCMQymoPs
-F+Tfu1WX9OUfOquekZ5KjkyBxB4ep6+NPeuIkPnW0SiTUhU8tbi8v0aBZEHSZLqE
-mq8KLROVuYSPvtU+NtaXAM09BHEVCfb409aDps9p6AFT+IN8yoOegGdEZjp6hJvS
-HxbhuwqNEtg4dTEV515YUCgKabqU1QaqI/Y0+Pdkpep1KRFc9YUYttDkCw7Ybu2u
-fwTGzwAbD+ThAIOdzmMDodzZaEMf+9fQG4bnO1PdNbXzyP7Kv9qzGa65+9oGCPOS
-qTpISR8pvzoI8w/Z/vG71ob/nQ6Xm0L986ksErdGhu16ZI7lW2eDYqy2IoFfbeSz
-HHxk484/pEibrlCRbP2Id+zULfxo1HGOGg+PAY9Q2uNzABsGDMnOhIvXHS+hP7oB
-sO9A4Prqu6K6cMp3QI219tmmOUegJpmGGPzoNgxR7H30wNcjZPv4PWr/c0fP70Ny
-ilgbdcEMDSHks30AmiuIvcUxo3A21p2nnpxsKAKYx42UJkyEK0HILMzcqwARAQAB
-tCZSb21hbiBBcnV0eXVueWFuIDxyLmFydXR5dW55YW5AZjUuY29tPokCTgQTAQgA
-OBYhBEM4eCXdsbuX7Da6XQB8jXwV2HNpBQJmF8pXAhsDBQsJCAcCBhUKCQgLAgQW
-AgMBAh4BAheAAAoJEAB8jXwV2HNppvQP/AjzdPKkGRzJkb1ioto/IEP1YhA/Eayk
-hvejJ0vyWVHXXH7FLW9fIZoApcsD1J8/7zIANm+62IfT3QNbL2R44IyhJB3AY22l
-t0ToLxodfugegF3NPYYyFOSRUoPD4g2T/dMCPOBX4MNEAnAlCmxAMaJNmQUO76IY
-GwELa3CH3Aqf7bthKy8P36G11hu7NgH6V9mVIRIpfnfpXFQIztj+vsWtswu4M5t7
-BNJwx4a2KTCVQpTdff5/0dO/5drQDxLbIg681WZk3Oe8Eu6nSc0Ud02NIkg1TQH/
-MryAp7o/ua3LRem+W/cktnT60p4uXPVZ3Rvg3zOmJSNJ+eIXY2+sDeZEPaROKldA
-IbnBacTsZjdswIlrbzinY8ZVRosaFlvHg/ESTBRItALHWCRdzOR1Wv1qy/PQfEEL
-qftDsCTQhssP1MHJWlejeqPlND3iT2vBDeOxqd6WhKuAc+L04iyBB6p867pwrgDF
-ecg82DPehsAnO2XBAFuIE/SLewkYm0B9HK7/J4LZqPwTAksPf/dnbMAmHWoBDqsu
-4U4U4SsJKsZ87R9ao8qO7IWCzHrXavHFmnbqweFfHToeKF/L4PB+tYoW3YmUOged
-CglpJv13bNWmRwL7+x8b7BwpVwClxHBHteDX4RIN5iPH9h20J4jIpzRa1kNJsTu1
-v4ZkqLWJlkiiiQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmYdpjsA
-CgkQpk/VsXrbOahISgf/U7ZO0yK0PsOcAFTB0TQBCNsAhxtJAEJoVoweuYiLk8jR
-0OeDRCy0BC//qWDLFT7NKuP50SM2u0Csbg+n6b0bdy+vXbbGVzIAYzG09rPYe2Q5
-qwqyAx+MMzyICXul9lGNU2qN2qjUXMb0mCWUhxwMvzRUeS7shT1CBhGrnpoYkY56
-NhWj7iG1BbLwYVQzDZC/Rp6rvwJQgZo7+DjaMjryGAEI0ujpUp8ywrPaJpwIuXDI
-D5BhcyUaEd3XOondHQNedlgERXHT4pN+oNMPWwN3+DeQYLS3FHiqyz05ZvoeWnao
-A2/fWNA+BqIdjilp/TDDI4Ef7c9hp13weaZggYB3M4kBMwQQAQgAHRYhBFc7/Ws9
-j7xkEHmmq6v1vYJ72b9iBQJmHabkAAoJEKv1vYJ72b9iDgoIAP1QJjl4ynLAV9Bo
-Ol4AAzxZ3x/2NEgLSnjLfhb/OduDxQlL9oPulWoLDG41xiZJkepEnQWmSsIYF6Xe
-RsAB+eREU2uCxqCvBXpyIs5npXvVDV2/PQuVEop7HByx6Hjr9XK8hugihnEi1p+9
-Ecbu+89fi93m3C/5uIIil46cHByjRZ+5Yy1UFUB/wsYud1qMcYmvDaqEo5AqWNcM
-gWUFhUfgGTtBbyvIWTeX0NHnrbzHP7lhmPfWsfOjAtO8PpM8Gz5RdNRq44DdRKdG
-uWVby/kni868H+8/tHalDR0I9/Mmg2Uax0eggTVpECv/4+xBduqSB2iPwgRnSzhZ
-6SVKJvKJAjMEEAEIAB0WIQT5TVS8DF1qZBfIzz/oLBEYr5TfbgUCZh5KVgAKCRDo
-LBEYr5TfbitgD/wMamMFfFZnPS7JS1NWEMb5fbhHob1EkmedIpbpRDXUtj0ksehW
-ZAEpmVF9btqS4B+B9tSK1VS2sy4XwEGodNVSGxdtF9W8+iAHAb6Hq1Z7ifWyb991
-Kt/pVk/8adxlU4G8h1fq0idhpnI8KvkAlPJR7+PoJOEN1+VdHS6tkE5LMTf6dF9F
-iVxKQczOS1b/GmfL3kYfu6UvI07ZuaP+90mOt/TZTwkzsWjRY2vofCIPSDY94rLj
-m6PmVFoU3PHLKW7yDz1YXkVE6SgQYGZ2bqB6OHJZnDXUTSHncHTbDVzZQekIs1lP
-V6e5N8Xo/VOpv28feKAsBqQ8ML53djmGUL0azjEz1g2kgPmTuZdKzZ5kcUsULdQV
-aRKcfyYD1oRpwwlw9GJAxliJHck1IdGGaCslrHtzkh3RMULlloAYitzD9jtKsrOj
-R19s+JK/tIfFZZ5gR5qhzgOL8WgkSrIaq2o9R4sigBz1IxnXXC573RDA2F5FAeE/
-K6EmAO+BqVkImZcmP1JsLtr+OM+jihXIILACEJwhOKPtZth9zrLYkXWB1nCaDxHp
-XEUpp6UPCQNgNX8NCghnJr5gis/SmYppgFlO9R9yZ7/LtP0tUX0CmhOeqGMnHt4R
-F8n8D7EBwMWvWjlUbsDkMKX4JORgojguHJZciWQC1gVRwJ0iTH/ImtzDnbQhUm9t
-YW4gQXJ1dHl1bnlhbiA8YXJ1dEBuZ2lueC5jb20+iQJOBBMBCAA4FiEEQzh4Jd2x
-u5fsNrpdAHyNfBXYc2kFAmYXyiQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
-CgkQAHyNfBXYc2kRFw//VFuCnW3EwoLCWWgWCikgI9kbVDr0/Qiyf2Gb9sfOyzBN
-q/+ZGjTs7EqTHbYUiCTgjy8t0SNKizoCXjSWLToTAXhOeTY3wDuHkdc3C2OPMPgm
-HPGmdnfplmsZjj689sy0MTnlLmU/87texR/f3REAKtchVjo5AojuZxXJi+ryBvoz
-KXi82M1JaYlIr15T+OiRtfZ3cgfTkb5CRa0YRV7QQ1zhOiF0AFKVVikFwRuquphT
-y2cSLILLzOpwG/CjMJzO4VOASmGJmdicIfYSsZSzz37RrcfeYwR6quJ55Y9QF9IU
-fg5AHWufpXaf6FbMsW1U1mOq0tMvwvdcO+u5I5SBj6IkqO4zavmW/i5zkxaq96wF
-Qn6+oRkqHnNNn0hl/B4MWdEjDJsaDXfkQ3Snn4Bfl1JPT6cH2NDVYQn1siIOim/W
-G5lhGLNB1TOAVLHblQ2xILadK0T33y6lfRUV3BOW01BDoF0ndyd7LjG5Di/cjfSo
-1hvhTkW7QJGfzVV4IAAxEyHKlmgONfggZoplqukuPsq7eNNRPhvlZq632QXIqt6Y
-xE43Nk0O41rX/tWtB7eNcPvfNOc+sGljnCSwpRWyx9xO7plELVD9KdtcyHrIgora
-Flh7KsSbppSQ/iUKRNP+lfCQsMa1yrnQyxazss8OGlB7YpUJL4trQW35f/jXFD+J
-ATMEEAEIAB0WIQRzOJcwae0/RD9NN9+mT9Wxets5qAUCZh2mQQAKCRCmT9Wxets5
-qPBjB/0SDkET7h/Vw2PJKxuYujsL+tn3SKXshgyCM2u00njJM9TqpZbZV681unKM
-l8uHtj9b0Z4U0nHoNEC37wI5FJlxy1hLBw5f2fd/yi8LsD1KP2htjMUW+I2xjcdo
-FusQsIF0s8SyW1DZ3vvN2WcZpKHwub1sY9ZFBfxRc6w+33N4dJwXVXP57kj3Ci8j
-LDLfkaKyiuYgMtFYZiKKX0tfvaM5pXxLvLOzma9vwfjIMIllooZHDSI65jrbmMv0
-rfDKOX9Ws5Xi8n85jq6Oyq28QPLZUsmymCbhvBwq4FcdiyTl9sxCY4HLq0MzmJJ5
-DMhlFd2Ds3BopFTWCB2fvYyVoXRaiQEzBBABCAAdFiEEVzv9az2PvGQQeaarq/W9
-gnvZv2IFAmYdpugACgkQq/W9gnvZv2Jk4Qf+N0P/7FIHowlO01XmBB5KaztBmVb2
-Tj+jtYgPDHRf86O0kW40Rjx++zMlIRNWK4Ue5PKAi82Yue5uvZcVlpWpx/sMvL+N
-C4Xds3Q3qnkxkoemoIMqUKGvePjBpyUWArBkBQ3FrvZtywnzyFWNrvOpeM+5HIuz
-WBri/SHBHzQm1/Jl2r5pHcbUdSxB2o1v3f+SaS2vGxwigIf8v44pRfyeWgkoxYgN
-+2zR0Ing6URZCYkAbwILsmmWGxJIuq+N9Xs1CQ1WZd5S78p/JBMDQ1prUDLCLFMc
-AvlZpQ0HvzEbKGiIVNa1LEQRF4ZWjQOHaPJhg/D3r/Q7VaFlgsOqrwtQaYkCMwQQ
-AQgAHRYhBPlNVLwMXWpkF8jPP+gsERivlN9uBQJmHkpZAAoJEOgsERivlN9u8fYQ
-AK0s0CvQNTXrg/Oe92Ajj+CpFIGhEUgXsufpg3OF+4doXOoRrVcv6y/0dGC+u899
-Qiz5rzP8JkgT3Bvs/oFbQnESX7zob/GuBiRAnaanQQGjQsc8tXUcIgIB8vZI6Hxr
-BZYyjXMrc1fAp1zy6F3YfVtjntp6Zt740zlcFSHPL6pKeNC8lCas7f7EPGm9ERlf
-XvPOsMyKVDRTrtYVrQ17pgmWzMFl9eYzAV81X/cK7O9BmTvLb9HB9THl9QM6iKWd
-UPNNhMseMA55i1y1trvv2rQSP2tm7xAijlffNu/LHyVjOJA+63rk9JqpQi2O/sI6
-naCZ5kLky3+OisbzJLtsIv3KWGF4jnpZJwPI97UbRAxrBCPd8BDXW06qQ0xfF9GA
-sW46IDnf5uNV5Fj9T1IhZUUCU6XwwhcTENwcaJ2hubPzW19gvxieRpxdvnXhjUxR
-UgqgFjtlpyBSABYr2REiaBTHkR1qVMa8tThpSyzfmfBNe9chBGQBdDMzTTUDf4dU
-cw4UGGPXqrBEapleoZBszXLrZxQxCNmLGFBW3vcJDfRRTvg/OMCIwD72kfd8KY1t
-SRRi5vQ3CvV8E0EEXshjxVk0fwS+5muM1thWZM4xCSgyH6Ka/5biMeUv1VNcKJne
-J51xs9jfS/JltrT/ahWG4J9msJFtmYyrLh/nMxccXK75uQINBGYXyiQBEAC5tT5O
-uysy75BcwAg8jIK+Cw6hNy+riOoCIzsMen8ps4tyDFLmRdpJmVOpmtvESaix2MHf
-Hc/t9hOsQ8LmF3kDG/JisDXcB/v28EOiDpp5Ug/5UOFBnbu4DkxbakJF8KF/rQ9t
-i29lt03saGCf2XbqzTLI6FvZ2TT8hDwAZF5aOtDEHV3ChBPn6gplnJADiZ9DioMZ
-ji1HnL8Zu4IYHMNOgpxULi6TMhBH/MkHbyycOdt/EsQFamnLGeV8KR2fubYjrpbH
-pLZzSRepQyvKIhHAFj6DUeDyEt2XAitxI8YI40IVO75Zu8ZZq0qYGML8Am+t6ZjJ
-3ZR8/DWjxRUYeo+YVEe5f+oRl5GRNkLtGvTAD38Nb2/7SUYdSXA3y3Ocfo/bySwa
-qggeFpDqK5eHXmrO4hvRqYoEyNyW4VQlGyvYq4s2cLeCF/S2w6dV8OFsksIoq8uq
-R1/IQ8Bonsf7iAYpsMAZZOGKiJzr01W3GA4Ka3B/MmZP5CysUhFlFxMsDr3/TWfg
-p3CHd5yGAnuWWWkjqVQzx0tcub3gyDsHCPuws8P2OKJ2lzNPqpp08MjYMMRZb4Y6
-9REXkKw7kXU8zM5+1IpW2U+z83NU86QR08PTpjATz05ltdGqF82Z+Ygl2nav8oqV
-RqNd/k+WE60e1eJmgykjmz6nPbm0S2jt1C7QLQARAQABiQI2BBgBCAAgFiEEQzh4
-Jd2xu5fsNrpdAHyNfBXYc2kFAmYXyiQCGwwACgkQAHyNfBXYc2mTihAAqB+sv9lw
-kRorE6iXwvvj2Dt2iIy7jc1AhZQOH/j7B4GHpV3Ej/ptdUwuzj/aX5EnEeDPZ2JU
-sSKy2q0RpKGKdKOvgy5yVfd8xqujkawXv26QU53mgyfgQCZLhFFhq0MIAqnxPb8h
-SCQeol18Wqs++LjeDMwkgMrHJeNhW2U2llqTS37YfRMOo0Vr022ZHlMlkyMz1sQH
-+C2/nzmmtkI4+vlPeccoN+3239YzndW1+XM8S3dXNcsGTyLAbkCowfpuqQdIP0MY
-lBwx/Xj9fxBNAuqGVCjrjGMg7mozMkeCDzrAoZiaD3Kud8zSs9VpAyAymrPQJSSS
-96b+vr2mDKbV11QJeJZv/d02n4JMjK7Ai//3j/TqkJF4UoYH45g5hvGSrym1UKrf
-n8TqHdtTFjcxAMXLbWICHdDk7/0ole8Bl8csiSHyKy/sGJ0b/7zcB88CS8OfsR3C
-OanK13emeD6rHOp8wEWA1/PA1JoAC5suS/uIgPWa5ujLaViJ9pW6ohfzMqOtLABF
-BB/FgD/qgPF+uTPPLQZw3XO8Q61kFq6x0RJGNgBEOpseounx+T6FCxZqrvjWm/WK
-VQUiRBtJIvD7Z8UCP+NUzdj3hwLAXpXrPz0gkcbI+hdlTJHCC6i61Qf5OIWnhtw6
-kZv2zEcTtzlAYNEumy8KrJzICmPLS7BEC8w=
-=ilJ3
+mQINBGKE4psBEADpHSM/IxFD1nXBmnODYXzcl2A+6b6m9m1m2Y4Dlr0ed+y5Lxne
+QidE9I74A2KSm6+eHW2yh4i1ZwZbmwpmQqM+j5BMt7axoXOdKSyN+fYtUakzNbBN
+EDRKT79q/zIzkgTJradHkCQkwF1W3go+qPXjR2ZEnLma9dZED9VNI6PmOpeYaASo
+IkEfbKbwa/vPrvnDSSYY6Y02RXSRk5U1NvQgVUTJP9WGK7NlPUcTBDELLQv6fFPU
+kjBOel6MecsQ+v8iq4RJF2cbVF0hNjbAiNldjLV74Xd7yWVRlCbdb2agyvQjMNrD
+jHSvbEMiNB3R8yBHVW2Zldv8q0XjcwoDfdiZYFJe3lRUYmv6I2p+/DptD4r/3ILI
+peGZtSeOdQEw+vvODL/Ehq03anTrzcpZ6sDLfLrYJhYcrltj0/LMUnLDAjciwRUq
+XI46EfxwqsdLeqoZFQeO3LOFsh0kJKR2xOrUHIVy84NJ4Gmro6WmUkb1NfdjyHzF
+z8Lfbo46NKoTcwFsFF0q74jVVIVNUyIS91DusiMqLCsP8jqDOz/kyP4bOJQ+aUXf
+BANn4Ll1TFWsJ417moxz+Pi5sTaI0na8z2XB1N9WPsSml3FS75hJPJshN2T3VIea
+zB7GFWqk33ynSDt+cAisG5nsK9fFdcH+t5wm59oobyFbFhKxwX6ROuxlZwARAQAB
+tCRTZXJnZXkgS2FuZGF1cm92IDxwbHVrbmV0QG5naW54LmNvbT6JAk4EEwEKADgW
+IQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoTimwIbAwULCQgHAwUVCgkICwUWAwIB
+AAIeAQIXgAAKCRDIRk1UmvdcCqbOD/9Htgk3mWvUFmrApkWQTIDNmLACZ1Sw1PXj
+Uqte8StYB0bYY+nmAXs7O5eC2h1ViParl7En1joEEMQQmH0qSnw4X1CM/hA8TAYW
+mBPITTNWo/R52WoyWeWGFnFNIperQmuIZc+pXm0VEFVPiX/2DXbCIu+jaXySvlCN
+LekmOD4VC7dJS8/ohoaXOR2T8ufS+1CsyPXomEb+COhqRZ3EVBa+k7pnElkFft3Y
+a1fR0AgatZFQpy+ukePhK7s/M5RGhDJWHgSAZFkf+X2jVV4NRJ+XsY80gU5DD2ZX
+QT6Je6Knxqk7FnWNSxkhReH6Ss5flZSoGDCmJ2AsPtGeUhus2fGqeN+waGKTZC35
+die2V4/cro1SWswSI6Y5GFDZT1olIUztPmSXU/A3oyizJI7XZybwUbpk5kK83VXm
+el3U/7Qr/VErlDWFefZWeUvT1RILZ8IRoNj4dv158RnKHt9G508A5qz4hUPKoSeq
+SiXhYwfkc31WPzIJ4ev+X5Ka2sG/CKbEMJ7qwc0Kadiu+ePPfqqbXjpTWRyrbcRM
+hRNcLNUi1SLWMBClOQG+5GNG1dPPHkbj4dO1OZuaUMwQdu8R8NlsGoVWS40bmVv5
+pXstzYCl7k/UnC/Ytlq61GeAoq8ILa6jGj0EWqlhvi0ZNMN+fROhzrRlTzIr/+WE
+Xf8EiVNFSbQlU2VyZ2V5IEthbmRhdXJvdiA8cy5rYW5kYXVyb3ZAZjUuY29tPokC
+TgQTAQoAOBYhBNZ4bOMD2akCKZjcbMhGTVSa91wKBQJihO2zAhsDBQsJCAcDBRUK
+CQgLBRYDAgEAAh4BAheAAAoJEMhGTVSa91wKgLQQANaf4UMndkWoefDQPkJ5qR4K
+fuV0WRz59riZEApTkVpPXzl8Y1i8Rgt9pa1v1i12vPyIXKav1rJXQcuDEzqrhQ2G
+yvuAE2U/t2mYaMUmwxWO2d8JA3slvBSgOkiYpbLooDizAdKMT5UQWGyw31Wm51iz
+HjoztebsyXeXgq9VDjv3D8LUBr/OY3Hguj6HV+zRtC95qgXYadW2FiCtvBK6RTDb
+iShTuseLSheGh9dZIUSnzaOiJpDA61ZDYtFZxSpe67vEzhSfHVsF+ZdCjoWhhVv+
++2wR4E0VQQtOM9uX1PMlZ5Ymr02/gidsXCM0ZjYXx4cDDhnq+nKomN64VloXWY9t
+PIi86XmzcSWlGUd+Ac6LyW7/f64bUWs4Ih0Idl0PF0sAr/6axKUsIs1nbn5MEtXk
+ZPAjcDLqLb9IIQaXRurm/il8v+bLXVBOJq33YUuGRuz8pu4vPA5Q97zglqhlIgbu
+prHMJ9hl5q39JwS3As2rK0o6Q9VVKr29rqSEfk4wEttvk0QMMU5zEvVl8MtqPj42
+qURqpHOadFbYMTwhUmRBUszRZPa5/pWqq0gWOtpyCWFVAsHFWQGJM1Eo6gGEyHZM
+YgBp+d29p2p409r1+06U67GBnXvUy0RyIpkLQtU+lyOJ6vvrBmmsDs/gc69GnlSC
+tZmCt0pLesJ7ZJzGdDkduQINBGKE4psBEADQr/enuDeVT11v6ejuYrg7aaZaGFUe
+3i28bQ4pRUKNfxs7zVYDDHi2i2bhS5j2yQnbsQtGcgoenw6lapmdQRzr4vjQAz9o
+kT6l4qpqvFFQM0wZTnigVDmmO9vTHR8Uk3iCKTd2ax3oko/xPWWYJautJ6ex8cOA
+coHSDeOjuIWSxCKq0BDFp6LoxkM8nuyLAX2cbhI3LncaZhVveMeN+Fmcsv+WpkKs
+yhX92umZuGwlraSyFy23FiRWSZPu9qVIxMMHvVrQJIgfhyWaHFzoF4M4qDoSKx92
+uWfUWgFwPOxOJ6/YcPsX4T8qTl9htmwPN0BibPTlcWaIFXtiU5bE1MivUPeACrI/
+gwUfCR3Mg+GYc13C6jzepREUhI7PLi3+A203PlMZd/aaSZkP6j+h4cwdapH5P4uF
+7T1EQ0MSdx3neAvu5p0IM6JpriwxfT3HsG+Y952T6MIeXcjNRebsBrygJhJ0/vyr
+wV5t8jL0yQty4CiE/QFnBs42l+rngi7K7Y1AZRBGK7JA09XaoLrfLmS+PrbYPsaJ
+flkM8GzUB7BBCLozxDHPzmPkf/A1w3XHZnYuZmS+pvjWCIoKpLQHI99oSUGho/TR
+gMRO4v7EAzluqCiepMl0xwFfHB115ND/mATazc4Pt6FxUsqffzfZrN01e1UVPrp5
+4x6YLO80JnOY6QARAQABiQI2BBgBCgAgFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoF
+AmKE4psCGwwACgkQyEZNVJr3XAp9ghAAgCgErxQYn/Lh/mzsxYXPnisggcBpceks
+mGw7knj1EGkXqq9CHn3EjCw8dB5N857UFlUr++DHwpFL5O36PRQo33RIUFbmBypG
+8C/xX1jWGu3xcaqS3P1ncsSSl6ckdvy9pjMxThm/RkXO0eJCn7FcanwPJXEB3Pbb
+mm0wLI2OXl/m7l5QAr7kErnPvGNzcbX6G35Q/MY8mumBWQ9H53R5ZPpi+OS40Wfn
+pZNKdh/Acwa7+2RokPqoOcJfxVdBOUigXTzb45qZgqEsSR7bkZAy2E80A/sJKPqs
+OGjp9cog3rBYyNBn5dasfR9KeBtluKnjUbzutXsQoKUSECY00YGrtneSXMku5hoE
+Dguk68w/L63ZApYHO/JTgJAYvqPOErAVUegPIw2CT1/2qi5vpClBcKkNS7RXrssA
+X+lElE0zbzX3bNG+lQuXby7jNUFYltkEiz6vTtc4HuHy8u40DHMswzkoDr0T8IE0
+7ZRAWXwV1nlA/dI337cHCsWMJyqem5wZZO13iqe07qaCg1uvBPeqDo81hOCn1us7
+l5SYRUTlt7KSFEHZ+Sx4bmVneAuRi5okaQdmrepy/ss/vVpRwWuQxsPkvT8boS7s
+mqOVsZFcNOuUJPUyOz1dHUL6FMYpk1dw+9n41gO4fLBzJekFTB/fxL6SRbYFWWn7
+x0VGHDmuaYQ=
+=HmVo
 -----END PGP PUBLIC KEY BLOCK-----