Hello community,
here is the log from the commit of package openvpn for openSUSE:Factory checked
in at 2017-10-05 12:02:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
and /work/SRC/openSUSE:Factory/.openvpn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvpn"
Thu Oct 5 12:02:06 2017 rev:77 rq:531163 version:2.4.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2017-06-20
09:41:10.277504005 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2017-10-05
12:05:47.721421506 +0200
@@ -1,0 +2,50 @@
+Fri Aug 11 13:43:39 UTC 2017 - sebix+novell....@sebix.at
+
+- Do not package empty /usr/lib64/tmpfiles.d
+
+-------------------------------------------------------------------
+Fri Jun 23 11:47:38 CEST 2017 - n...@suse.de
+
+- Update to 2.4.3 (bsc#1045489)
+ - Ignore auth-nocache for auth-user-pass if auth-token is pushed
+ - crypto: Enable SHA256 fingerprint checking in --verify-hash
+ - copyright: Update GPLv2 license texts
+ - auth-token with auth-nocache fix broke --disable-crypto builds
+ - OpenSSL: don't use direct access to the internal of X509
+ - OpenSSL: don't use direct access to the internal of EVP_PKEY
+ - OpenSSL: don't use direct access to the internal of RSA
+ - OpenSSL: don't use direct access to the internal of DSA
+ - OpenSSL: force meth->name as non-const when we free() it
+ - OpenSSL: don't use direct access to the internal of EVP_MD_CTX
+ - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
+ - OpenSSL: don't use direct access to the internal of HMAC_CTX
+ - Fix NCP behaviour on TLS reconnect.
+ - Remove erroneous limitation on max number of args for --plugin
+ - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
+ - Fix potential 1-byte overread in TCP option parsing.
+ - Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
+ - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
+ - refactor my_strupr
+ - Fix 2 memory leaks in proxy authentication routine
+ - Fix memory leak in add_option() for option 'connection'
+ - Ensure option array p[] is always NULL-terminated
+ - Fix a null-pointer dereference in establish_http_proxy_passthru()
+ - Prevent two kinds of stack buffer OOB reads and a crash for invalid
input data
+ - Fix an unaligned access on OpenBSD/sparc64
+ - Missing include for socket-flags TCP_NODELAY on OpenBSD
+ - Make openvpn-plugin.h self-contained again.
+ - Pass correct buffer size to GetModuleFileNameW()
+ - Log the negotiated (NCP) cipher
+ - Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
+ - Skip tls-crypt unit tests if required crypto mode not supported
+ - openssl: fix overflow check for long --tls-cipher option
+ - Add a DSA test key/cert pair to sample-keys
+ - Fix mbedtls fingerprint calculation
+ - mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
+ - mbedtls: require C-string compatible types for --x509-username-field
+ - Fix remote-triggerable memory leaks (CVE-2017-7521)
+ - Restrict --x509-alt-username extension types
+ - Fix potential double-free in --x509-alt-username (CVE-2017-7521)
+ - Fix gateway detection with OpenBSD routing domains
+
+-------------------------------------------------------------------
@@ -9 +59 @@
-- Update tp 2.4.2
+- Update to 2.4.2
Old:
----
openvpn-2.4.2.tar.xz
openvpn-2.4.2.tar.xz.asc
New:
----
openvpn-2.4.3.tar.xz
openvpn-2.4.3.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvpn.spec ++++++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.072949419 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.072949419 +0200
@@ -32,7 +32,7 @@
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
-Version: 2.4.2
+Version: 2.4.3
Release: 0
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@@ -273,7 +273,7 @@
%doc %{_mandir}/man8/openvpn.8.gz
%config(noreplace) %{_sysconfdir}/openvpn/
%if %{with_systemd}
-%dir %{_libdir}/tmpfiles.d
+%dir %{_tmpfilesdir}
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target
%{_tmpfilesdir}/%{name}.conf
++++++ openvpn-2.3.x-fixed-multiple-low-severity-issues.patch ++++++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.128941532 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.128941532 +0200
@@ -1,8 +1,8 @@
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
-index 09659aa..b35d884 100644
+index ff0f9a7..fb27b36 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
-@@ -119,7 +119,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer
work,
+@@ -118,7 +118,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer
work,
dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s", format_hex(BPTR(buf),
BLEN(buf), 80, &gc));
/* Buffer overflow check */
@@ -11,7 +11,7 @@
{
msg(D_CRYPT_ERRORS,
"ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d",
-@@ -238,7 +238,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
+@@ -237,7 +237,7 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work,
ASSERT(cipher_ctx_reset(ctx->cipher, iv_buf));
/* Buffer overflow check */
@@ -20,7 +20,7 @@
{
msg(D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d
bl=%d wc=%d wo=%d wl=%d cbs=%d",
buf->capacity,
-@@ -379,7 +379,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer
work,
+@@ -378,7 +378,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer
work,
const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
uint8_t *tag_ptr = NULL;
int tag_size = 0;
@@ -29,7 +29,7 @@
struct gc_arena gc;
gc_init(&gc);
-@@ -456,7 +456,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer
work,
+@@ -455,7 +455,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer
work,
dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf),
BLEN(buf), 0, &gc));
/* Buffer overflow check (should never fail) */
@@ -38,7 +38,7 @@
{
CRYPT_ERROR("potential buffer overflow");
}
-@@ -602,7 +602,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work,
+@@ -601,7 +601,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work,
}
/* Buffer overflow check (should never happen) */
@@ -48,10 +48,10 @@
CRYPT_ERROR("potential buffer overflow");
}
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
-index f8ddbc8..7706b02 100644
+index 60a2812..c191695 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
-@@ -53,6 +53,9 @@ typedef HMAC_CTX hmac_ctx_t;
+@@ -52,6 +52,9 @@ typedef HMAC_CTX hmac_ctx_t;
/** Maximum length of an IV */
#define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
@@ -62,10 +62,10 @@
#define OPENVPN_MODE_CBC EVP_CIPH_CBC_MODE
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
-index 66126ef..b8d4a8c 100644
+index 0652ef4..9fa3352 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
-@@ -3052,8 +3052,8 @@ init_context_buffers(const struct frame *frame)
+@@ -3067,8 +3067,8 @@ init_context_buffers(const struct frame *frame)
b->aux_buf = alloc_buf(BUF_SIZE(frame));
#ifdef ENABLE_CRYPTO
@@ -77,10 +77,10 @@
#ifdef USE_COMP
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
-index b0ed327..0ad0385 100644
+index 7a737ea..592bd97 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
-@@ -74,6 +74,9 @@ recv_line(socket_descriptor_t sd,
+@@ -73,6 +73,9 @@ recv_line(socket_descriptor_t sd,
struct buffer la;
int lastc = 0;
@@ -90,7 +90,7 @@
CLEAR(la);
if (lookahead)
{
-@@ -312,11 +315,11 @@ get_proxy_authenticate(socket_descriptor_t sd,
+@@ -311,11 +314,11 @@ get_proxy_authenticate(socket_descriptor_t sd,
struct gc_arena *gc,
volatile int *signal_received)
{
@@ -102,8 +102,8 @@
- if (!recv_line(sd, buf, sizeof(buf), timeout, true, NULL,
signal_received))
+ if (!recv_line(sd, buf, sizeof(buf) - 1, timeout, true, NULL,
signal_received))
{
+ free(*data);
*data = NULL;
- return HTTP_AUTH_NONE;
@@ -631,9 +634,9 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
volatile int *signal_received)
{
@@ -147,7 +147,7 @@
{
goto error;
}
-@@ -952,7 +958,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
+@@ -959,7 +965,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
}
/* receive reply from proxy */
@@ -158,10 +158,10 @@
goto error;
}
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
-index 7d3dd60..334c47e 100644
+index 4e7e3f9..93ea889 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
-@@ -1163,6 +1163,9 @@ socket_listen_accept(socket_descriptor_t sd,
+@@ -1162,6 +1162,9 @@ socket_listen_accept(socket_descriptor_t sd,
/* struct openvpn_sockaddr *remote = &act->dest; */
struct openvpn_sockaddr remote_verify = act->dest;
socket_descriptor_t new_sd = SOCKET_UNDEFINED;
@@ -171,7 +171,7 @@
CLEAR(*act);
socket_do_listen(sd, local, do_listen, true);
-@@ -1315,6 +1318,9 @@ openvpn_connect(socket_descriptor_t sd,
+@@ -1314,6 +1317,9 @@ openvpn_connect(socket_descriptor_t sd,
{
int status = 0;
@@ -182,10 +182,10 @@
protect_fd_nonlocal(sd, remote);
#endif
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
-index b50cac3..79632a8 100644
+index 92747ec..f8e02a4 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
-@@ -99,13 +99,16 @@ socks_username_password_auth(struct socks_proxy_info *p,
+@@ -98,13 +98,16 @@ socks_username_password_auth(struct socks_proxy_info *p,
socket_descriptor_t sd,
volatile int *signal_received)
{
@@ -204,7 +204,7 @@
creds.defined = 0;
if (!get_user_pass(&creds, p->authfile, UP_TYPE_SOCKS,
GET_USER_PASS_MANAGEMENT))
{
-@@ -194,7 +197,7 @@ socks_handshake(struct socks_proxy_info *p,
+@@ -193,7 +196,7 @@ socks_handshake(struct socks_proxy_info *p,
socket_descriptor_t sd,
volatile int *signal_received)
{
@@ -213,7 +213,7 @@
int len = 0;
const int timeout_sec = 5;
ssize_t size;
-@@ -206,6 +209,9 @@ socks_handshake(struct socks_proxy_info *p,
+@@ -205,6 +208,9 @@ socks_handshake(struct socks_proxy_info *p,
method_sel[2] = 0x02; /* METHODS = [2 (plain login)] */
}
@@ -223,7 +223,7 @@
size = send(sd, method_sel, sizeof(method_sel), MSG_NOSIGNAL);
if (size != sizeof(method_sel))
{
-@@ -313,9 +319,12 @@ recv_socks_reply(socket_descriptor_t sd,
+@@ -312,9 +318,12 @@ recv_socks_reply(socket_descriptor_t sd,
char atyp = '\0';
int alen = 0;
int len = 0;
@@ -237,7 +237,7 @@
if (addr != NULL)
{
addr->addr.in4.sin_family = AF_INET;
-@@ -396,7 +405,7 @@ recv_socks_reply(socket_descriptor_t sd,
+@@ -395,7 +404,7 @@ recv_socks_reply(socket_descriptor_t sd,
}
/* store char in buffer */
@@ -246,7 +246,7 @@
{
buf[len] = c;
}
-@@ -448,7 +457,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p,
+@@ -447,7 +456,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p,
const char *servname, /* openvpn server
port */
volatile int *signal_received)
{
++++++ openvpn-2.4.2.tar.xz -> openvpn-2.4.3.tar.xz ++++++
++++ 30259 lines of diff (skipped)
++++++ openvpn-fips140-2.3.2.patch ++++++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.612873367 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.612873367 +0200
@@ -1,25 +1,40 @@
+From a33c0d811ad976561e5cb5bfc8431c1a286e796b Mon Sep 17 00:00:00 2001
+From: Nirmoy Das <n...@suse.de>
+Date: Fri, 23 Jun 2017 11:00:08 +0200
+Subject: [PATCH] fips-140
+
+Signed-off-by: Nirmoy Das <n...@suse.de>
+---
+ src/openvpn/crypto.c | 2 +-
+ src/openvpn/crypto_backend.h | 3 ++-
+ src/openvpn/crypto_openssl.c | 6 +++++-
+ src/openvpn/ntlm.c | 2 +-
+ src/openvpn/options.c | 4 ++++
+ src/openvpn/ssl.c | 4 ++--
+ 6 files changed, 15 insertions(+), 6 deletions(-)
+
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
-index 4b54279..09659aa 100644
+index 5f482d0..ff0f9a7 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
-@@ -877,7 +877,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
+@@ -876,7 +876,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
if (kt->digest && kt->hmac_length > 0)
{
- ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
+ ctx->hmac = hmac_ctx_new();
- hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
+ hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest, 0);
msg(D_HANDSHAKE,
"%s: Using %d bit message hash '%s' for HMAC authentication",
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
-index 2c79baa..81848c9 100644
+index b7f519b..2911248 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
-@@ -557,10 +557,11 @@ void md_ctx_final(md_ctx_t *ctx, uint8_t *dst);
+@@ -604,10 +604,11 @@ void hmac_ctx_free(hmac_ctx_t *ctx);
* @param key The key to use for the HMAC
* @param key_len The key length to use
* @param kt Static message digest parameters
-+ * @param prf_use Intended use for PRF in TLS protocol
++ * @param prf_use Intended use for PRF in TLS protocol
*
*/
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length,
@@ -29,10 +44,10 @@
/*
* Free the given HMAC context.
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
-index 881a2d1..deb41c7 100644
+index a55e65c..79f5530 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
-@@ -891,13 +891,17 @@ md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
+@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx)
void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
@@ -41,31 +56,29 @@
{
ASSERT(NULL != kt && NULL != ctx);
- CLEAR(*ctx);
-
HMAC_CTX_init(ctx);
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is
not
-+ * to be used anywhere else */
++ * * to be used anywhere else */
+ if(kt == EVP_md5() && prf_use)
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
/* make sure we used a big enough key */
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
-index 0c43681..c3d5613 100644
+index 0b1163e..93283bc 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
-@@ -89,7 +89,7 @@ gen_hmac_md5(const char *data, int data_len, const char
*key, int key_len,char *
- hmac_ctx_t hmac_ctx;
- CLEAR(hmac_ctx);
-
-- hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt);
-+ hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt, 0);
- hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
- hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
- hmac_ctx_cleanup(&hmac_ctx);
+@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char
*key, int key_len,char *
+ const md_kt_t *md5_kt = md_kt_get("MD5");
+ hmac_ctx_t *hmac_ctx = hmac_ctx_new();
+
+- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
++ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
+ hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
+ hmac_ctx_final(hmac_ctx, (unsigned char *)result);
+ hmac_ctx_cleanup(hmac_ctx);
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
-index 9fef394..6b52dec 100644
+index fef5e90..33b6976 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -850,6 +850,10 @@ init_options(struct options *o, const bool init_gc)
@@ -80,17 +93,20 @@
o->ncp_enabled = true;
#else
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
-index 51c7b95..2f89df7 100644
+index 15cd94a..21f50f1 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
-@@ -1626,8 +1626,8 @@ tls1_P_hash(const md_kt_t *md_kt,
+@@ -1635,8 +1635,8 @@ tls1_P_hash(const md_kt_t *md_kt,
chunk = md_kt_size(md_kt);
A1_len = md_kt_size(md_kt);
-- hmac_ctx_init(&ctx, sec, sec_len, md_kt);
-- hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt);
-+ hmac_ctx_init(&ctx, sec, sec_len, md_kt, 1);
-+ hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt, 1);
-
- hmac_ctx_update(&ctx,seed,seed_len);
- hmac_ctx_final(&ctx, A1);
+- hmac_ctx_init(ctx, sec, sec_len, md_kt);
+- hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
++ hmac_ctx_init(ctx, sec, sec_len, md_kt, 1);
++ hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt, 1);
+
+ hmac_ctx_update(ctx,seed,seed_len);
+ hmac_ctx_final(ctx, A1);
+--
+2.13.1
+
++++++ openvpn.keyring ++++++
--- /var/tmp/diff_new_pack.WtTiAp/_old 2017-10-05 12:05:51.664866044 +0200
+++ /var/tmp/diff_new_pack.WtTiAp/_new 2017-10-05 12:05:51.664866044 +0200
@@ -1,41 +1,109 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
-mQENBFilZHYBCADGVuvyV9yg2GW7bslnPylaa9cxb3IXmb0qC7hUJueGnz0vLdit
-/fPPPfsI3/hgcQYK1Y8cP5p2Pq+CZL0TVQWBEu2naH2unwxtfNm1EJcWDsky9DzW
-CZQrcZ/v/coaV4UqMTVzGQaxQOzzeaP5nRgdX95dVKqXqsG8wKoIJmBuILAqkOPi
-4EG9NQt2Lbqaiszo3LdsqyeGYK2yc745xBX4UDgIN7XTrXcQDyUOb4dsJynbM+Z9
-8NMQxdA5q0s6BwWSA1xK/gKUCzfF7D1fwWuO2MoedHveB45rOMSFlfVUgr7fa1CR
-zCe7lccu0APfgXrTnNWwWMVoQMO8HIyk2iGnABEBAAG0JVNhbXVsaSBTZXBww6Ru
-ZW4gPHNhbXVsaUBvcGVudnBuLm5ldD6JATgEEwECACIFAlilZtwCGwMGCwkIBwMC
-BhUIAgkKCwQWAgMBAh4BAheAAAoJEClYTZ9AhkV46tEH/Aot7SnpcLHpEkkCX7Jm
-ERrWuqIwYJp7fQlbOPAVZG1+iC/3KlhYxHmH1/Dj6rP3LEEfWpCQSHSbBFkzPtZ6
-AGnEfaxovXjso/tgnAAjYnxy9R0+1t0g5T6anXzCAjl3+mOssjzWBICBDZaFW9Rd
-R47vCA92Fp9kAy3N+AMOv1HfTabaPo6p8HbaBSUQtgdOrfoBSXaFzaPSp8uwonQW
-xRvpG91XtDrEoQio13460025ww+sZe5mIH4c7xhKBEZPswO2xnFszcFp3u12Glbj
-eloAn8oxNycEuw11DfsHf2ctlbQCOLlJJxh2MND5SyL0SjCWMqO7v2c8UUUe4igS
-xeuIRgQQEQIABgUCWKVo6wAKCRDCnZftGY0ioxDUAJ45kbXxCH3hiUexMvlJzvgN
-mZmpyACg0UKbcmHUiFhnhyjtTTmAS5TjB8G0LFNhbXVsaSBTZXBww6RuZW4gPHNh
-bXVsaS5zZXBwYW5lbkBnbWFpbC5jb20+iQE4BBMBAgAiBQJYpWR2AhsDBgsJCAcD
-AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRApWE2fQIZFeLAeB/9lGhVfON8TR6o6+lbm
-GslU2xqV3PQ3hVuAlEttxpP4hCTKU0PwLLb7gtc0UF642qyB7ho2RtU+bg1tiq5z
-R93Ka92Aex4yJDI4viEJ04MTX2WLRv6ogGTRrytIqmYGbYHTFXlnMnQD7Tf+O4sv
-8tJj5gguB/zT8MXQGqU6zq9CF6b3XXdPSITkC7df/CU425HI4V5HvluC/4GrzFZI
-za4Hv/d8G1tXzHXDqoLIBdS44g6GRdXak3PfROKsuk7sG/MmtfbfUPnyBI+yaGQk
-jhlj3BRY0b1dg7T5SiZ6NoMXFH9zKEh7KnG8CaoqiNWDSp2sazy8kbZR5HUp2jOt
-yXmgiEYEEBECAAYFAlilaOsACgkQwp2X7RmNIqOStQCePGpvkvmpISX4fR+lGAlt
-VtWf3XgAmwQTECYXlq3NMdefzLxA5dnxstlEuQENBFilZHYBCADEe46V63aYL+VL
-nZbmBz78KA0fOb5qopFQsOp79FdCQevGXa6JtdibaOLhWUiaMNgkGXma0rSzv/yc
-kDX310JSSrNvbXtbn29MdmCZhWum3lT0bhHltF2w23ha913AEneUq1TAESZz74zJ
-wGtoej7f2H0e3qjOKtwIzItnHRQSHXFRZUh1IRbZAqXQKqRRWiYVLG3pgF1iC9gA
-jLcihK9P89G8jUmB8Ko+9Guw6JszKN+l5SVuK+ttrKCRi8hrkOIiazQUL4gu9PZs
-aGPxNdwnzKGHGZKT0WglXavZFMWHunb6I9/CrCK3ekyHWAvYF7IY95r4SH+CtKqj
-QoW8fOeVABEBAAGJAR8EGAECAAkFAlilZHYCGwwACgkQKVhNn0CGRXiO1QgAh3/I
-EELh+pTiII5IiolHXEKEmgJ6WUU4RzM26Pfv3yMQKqUKBeEvKc21ZWmMKzPWXOE8
-1np7DVXcp0ayiXrfGheGbXSpFP5WGlquYdYjVegBgRJ+v/r/QR+Oy2kbq0lsWuNz
-Eia08fEHr7PM7mct0d1rFVuSS1m+1YOZNN8e/eSox84HvboSq6xk+3IC1NGXXdUQ
-qObWceUyU0KmmBFMV86pUgI/YbA2uMxkFK8XGsOqMgTBdBWHTTcSOfmPsu/04zDl
-MuQ+GC2WcUHoTtxytA432TzOixF5wfunqTzXeZxAybQPkETmAFgHT0BmUVShwPQ0
-XuwT7RpGDZ6jBfphYQ==
-=FKLE
+mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67
+i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw
+3RGpMsfuldnk007uhx7Go5Ss6y7fPzwWxhvwuRhNdh8I+vswrsBMp08dQ36sIjnv
+5QQ1MekBiIiOnMwQBgUUSG7rsbGtrIlW0mlScO3fOAI2CtT2J4s3uGnktKsGSuoe
+s3qmRVrKceLygEJE9nB3vV7JhCfQWR97HCGrORcq6lBzi4dC0l9Mp28npQ/mcEtg
+B2oKA4Gs8qyhhhVLC6lBF38z9gfoLVqA+d9dY1l33atTyNfvA6swiA9hjklAzL3P
+zUqabmRzKalhVwhNKnua3Zw21OphLUk6vzZPZ6VB/Xddmenu0MCLx8mubKr+H+cj
+2YRgn9Np2NR7J6reSWD/WbG12DKa84rTrCw3bpUDR3PvB3IztRfDGlBonDaL1i62
+bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf
+tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT
+ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB
+tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu
+dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE
+FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax
+c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW
+lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP
+SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y
+2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo
+XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6
+SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt
+oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN
+/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc
+gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni
+FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK
+Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK
+CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV
+IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi
+b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j
+Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6
+Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53
+o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN
+dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv
+abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O
+qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b
++maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6
+7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG
+NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj
+/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145
+cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4
++kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w
+/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2
+e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII
+aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN
+qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI
+1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe
+tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji
+4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ
+HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq
+OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ
+98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG
+j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX
+QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E
+x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/
+iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD
+7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd
+90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG
+CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm
+fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m
+iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA
+CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5
+gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7
+EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc
+xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4
+xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv
+N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag
+CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG
+M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk
+oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS
+lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS
+iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65
+Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg
+Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ
+ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn
+Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom
+S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9
+llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i
+wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2
+8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB
+5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN
+jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI
+NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ
+BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic
+Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX
+qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW
+AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG
+Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX
+kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd
+idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc
+lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ
+KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS
+kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE
+36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM
++bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1
+P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4
+rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy
+RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D
+xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ
+cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL
+4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt
+LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS
+EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS
+QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd
+KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ
+QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E=
+=iBcj
-----END PGP PUBLIC KEY BLOCK-----
