Sync from SUSE:SLFO:Main expat revision d96d7bf97f99136c4d0e8240c46bed19

This commit is contained in:
Adrian Schröter 2024-11-12 15:40:09 +01:00
parent 67944ca65e
commit 56f2fae877
9 changed files with 449 additions and 671 deletions

BIN
expat-2.5.0.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmNYAlAACgkQliYqz/vT
rsYnzw/+Nn8rFvElM2th9ex3Yt6UkNtx/hZWITig7URH7wHtShHA957xMcJiby4R
/RoKbtcb3+RNeOtDMycT4wFy2p/tmuJ3mPL0ewFkKkfw1Uk489AbYukzSbg/YmNZ
3+r6DFAd+kJOpe+6m4Nhxg2iohVQoXjQPBK02njkuKN66thrFGxnQDfi62qAbIm+
7Ac+McmOypDuG1H+E2eeRIMwgGyU2yiCvqtleKfRaF596wdfbv/gIFcETKI7wMnV
ExAhZSVDgiojGqwhW7vZOvrwmuDsZOazVSMyasntJazCynWLZ5hAkRtpNvsvIR3i
cUd904PPjrr5VFQmDQxI4HieeloI5aipl7y4wR+g7WE1JjKs4ScVA8llIsLvZie/
fZh+Fz/TS4B8hJpnkRGXc7IpovXyFDb+C0WkBxy77OvdEu7QgXaIh1+AT10FkQsF
HbJT3vHk71D3D5JlUv9DPL8YZ3gFTQF7LwpvfJVDUiYe3hn+f4u4XAt6F3zVnXok
NEs8fflALfgtIC46nPbhcrxQdO/CyWGIWhisDwoB6FHloZc8EWuWidg7SOdApK1W
s2ycdH7XLEBXCriIpKWHS9ebkWyPQHe/Ezi2pv0ieZU1TVtV6nVv5YlH2QHBoZJK
VPlgb5u2zVp9y/bthnZPgRId53kdnZCXezKLQ+wc27Taojpnzws=
=UAN0
-----END PGP SIGNATURE-----

BIN
expat-2.6.4.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

16
expat-2.6.4.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmcsGa8ACgkQliYqz/vT
rsYJMA/+NxOVa+kCFEzhMHD9RCumwFj7lfmJDPM6rroLi9GqnKc8165Ub7e+o3bq
fdPCIFiZkYTGpliU3Q9zlMEBTZ1TtsaqVGgjabK9YKf8ZTK1MUR2z/B6gWLfjo8F
knhj0KonqeRxtcKPSYs9xP+/sNlGkEQjZgrfo2Z9oX8Q7eNGn/fAxmbjhBhvILwG
mKmwwc8PSi7RCNLgaoyikhcddohclApXU1Qid1g6FwnxQ5aKXSeoPgu1bGrDiz6k
/RkO+KR1Yfkcty97CwVV5+4EHTB1aa/fk3gHgprHD9qx+NLeKyD4+44AxseCMiSS
FXP8S5Z2qaopIS6tvuKXiyH1mTCJQugFsxk3GnQBlgkvj4rypr8MnUAALam13OMh
ziRndeMR2ieJ1ASJYfkjLeXVi4pz/pnRECAUAxly5z8Zx5N+IX9bOgjpwhd6QtOt
rVbq3wgLKmlEch8KcsL4RpGGkiK5gchsqXDM/g0cCu8vNC8+pDO3sNIQJDsmySYt
X3ewzOv+Vj3LCoeospnyLjNBOh5upgm1s6iq6bsxr29FU1MfaP1awm7jtYmr7ch9
wr24fPhXopp5emWnJP3O4GQj8Q1mcPFLmGy0wmVdnr8tzKzyHx9Q2WNhQUcYdnR1
0qmKBSttGXPK4o+/7Q5zALapx+jYlUcQ0dKxhAPuBPGYxPTm5h8=
=jbKR
-----END PGP SIGNATURE-----

View File

@ -1,319 +0,0 @@
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
From 1d50b80cf31de87750103656f6eb693746854aa8 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 4 Mar 2024 23:49:06 +0100
Subject: [PATCH 1/2] lib/xmlparse.c: Detect billion laughs attack with
isolated external parser
When parsing DTD content with code like ..
XML_Parser parser = XML_ParserCreate(NULL);
XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
enum XML_Status status = XML_Parse(ext_parser, doc, (int)strlen(doc), XML_TRUE);
.. there are 0 bytes accounted as direct input and all input from `doc` accounted
as indirect input. Now function accountingGetCurrentAmplification cannot calculate
the current amplification ratio as "(direct + indirect) / direct", and it did refuse
to divide by 0 as one would expect, but it returned 1.0 for this case to indicate
no amplification over direct input. As a result, billion laughs attacks from
DTD-only input were not detected with this isolated way of using an external parser.
The new approach is to assume direct input of length not 0 but 22 -- derived from
ghost input "<!ENTITY a SYSTEM 'b'>", the shortest possible way to include an external
DTD --, and do the usual "(direct + indirect) / direct" math with "direct := 22".
GitHub issue #839 has more details on this issue and its origin in ClusterFuzz
finding 66812.
---
expat/lib/xmlparse.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: expat-2.5.0/lib/xmlparse.c
===================================================================
--- expat-2.5.0.orig/lib/xmlparse.c
+++ expat-2.5.0/lib/xmlparse.c
@@ -7655,6 +7655,8 @@ copyString(const XML_Char *s, const XML_
static float
accountingGetCurrentAmplification(XML_Parser rootParser) {
+ // 1.........1.........12 => 22
+ const size_t lenOfShortestInclude = sizeof("<!ENTITY a SYSTEM 'b'>") - 1;
const XmlBigCount countBytesOutput
= rootParser->m_accounting.countBytesDirect
+ rootParser->m_accounting.countBytesIndirect;
@@ -7662,7 +7664,9 @@ accountingGetCurrentAmplification(XML_Pa
= rootParser->m_accounting.countBytesDirect
? (countBytesOutput
/ (float)(rootParser->m_accounting.countBytesDirect))
- : 1.0f;
+ : ((lenOfShortestInclude
+ + rootParser->m_accounting.countBytesIndirect)
+ / (float)lenOfShortestInclude);
assert(! rootParser->m_parentParser);
return amplificationFactor;
}
Index: expat-2.5.0/tests/runtests.c
===================================================================
--- expat-2.5.0.orig/tests/runtests.c
+++ expat-2.5.0/tests/runtests.c
@@ -12092,6 +12092,63 @@ START_TEST(test_helper_unsigned_char_to_
fail("unsignedCharToPrintable result mistaken");
}
END_TEST
+
+START_TEST(test_amplification_isolated_external_parser) {
+ // NOTE: Length 44 is precisely twice the length of "<!ENTITY a SYSTEM 'b'>"
+ // (22) that is used in function accountingGetCurrentAmplification in
+ // xmlparse.c.
+ // 1.........1.........1.........1.........1..4 => 44
+ const char doc[] = "<!ENTITY % p1 '123456789_123456789_1234567'>";
+ const int docLen = (int)sizeof(doc) - 1;
+ const float maximumToleratedAmplification = 2.0f;
+
+ struct TestCase {
+ int offsetOfThreshold;
+ enum XML_Status expectedStatus;
+ };
+
+ struct TestCase cases[] = {
+ {-2, XML_STATUS_ERROR}, {-1, XML_STATUS_ERROR}, {0, XML_STATUS_ERROR},
+ {+1, XML_STATUS_OK}, {+2, XML_STATUS_OK},
+ };
+
+ for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+ const int offsetOfThreshold = cases[i].offsetOfThreshold;
+ const enum XML_Status expectedStatus = cases[i].expectedStatus;
+ const unsigned long long activationThresholdBytes
+ = docLen + offsetOfThreshold;
+
+ // set_subtest("offsetOfThreshold=%d, expectedStatus=%d", offsetOfThreshold,
+ // expectedStatus);
+
+ XML_Parser parser = XML_ParserCreate(NULL);
+ assert_true(parser != NULL);
+
+ assert_true(XML_SetBillionLaughsAttackProtectionMaximumAmplification(
+ parser, maximumToleratedAmplification)
+ == XML_TRUE);
+ assert_true(XML_SetBillionLaughsAttackProtectionActivationThreshold(
+ parser, activationThresholdBytes)
+ == XML_TRUE);
+
+ XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL);
+ assert_true(ext_parser != NULL);
+
+ const enum XML_Status actualStatus
+ = _XML_Parse_SINGLE_BYTES(ext_parser, doc, docLen, XML_TRUE);
+
+ assert_true(actualStatus == expectedStatus);
+ if (actualStatus != XML_STATUS_OK) {
+ assert_true(XML_GetErrorCode(ext_parser)
+ == XML_ERROR_AMPLIFICATION_LIMIT_BREACH);
+ }
+
+ XML_ParserFree(ext_parser);
+ XML_ParserFree(parser);
+ }
+}
+END_TEST
+
#endif // defined(XML_DTD)
static Suite *
@@ -12485,6 +12542,8 @@ make_suite(void) {
tcase_add_test(tc_accounting, test_accounting_precision);
tcase_add_test(tc_accounting, test_billion_laughs_attack_protection_api);
tcase_add_test(tc_accounting, test_helper_unsigned_char_to_printable);
+ tcase_add_test__ifdef_xml_dtd(tc_accounting,
+ test_amplification_isolated_external_parser);
#endif
return s;

View File

@ -1,57 +0,0 @@
Index: expat-2.5.0/tests/minicheck.h
===================================================================
--- expat-2.5.0.orig/tests/minicheck.h
+++ expat-2.5.0/tests/minicheck.h
@@ -64,7 +64,13 @@ extern "C" {
} \
}
-#define fail(msg) _fail_unless(0, __FILE__, __LINE__, msg)
+#define fail(msg) _fail(__FILE__, __LINE__, msg)
+#define assert_true(cond) \
+ do { \
+ if (! (cond)) { \
+ _fail(__FILE__, __LINE__, "check failed: " #cond); \
+ } \
+ } while (0)
typedef void (*tcase_setup_function)(void);
typedef void (*tcase_teardown_function)(void);
@@ -104,6 +110,10 @@ void _check_set_test_info(char const *fu
*/
void _fail_unless(int condition, const char *file, int line, const char *msg);
+# if defined(__GNUC__)
+__attribute__((noreturn))
+# endif
+void _fail(const char *file, int line, const char *msg);
Suite *suite_create(const char *name);
TCase *tcase_create(const char *name);
void suite_add_tcase(Suite *suite, TCase *tc);
Index: expat-2.5.0/tests/minicheck.c
===================================================================
--- expat-2.5.0.orig/tests/minicheck.c
+++ expat-2.5.0/tests/minicheck.c
@@ -224,6 +224,22 @@ _fail_unless(int condition, const char *
longjmp(env, 1);
}
+void
+_fail(const char *file, int line, const char *msg) {
+ /* Always print the error message so it isn't lost. In this case,
+ we have a failure, so there's no reason to be quiet about what
+ it is.
+ */
+ _check_current_filename = file;
+ _check_current_lineno = line;
+ if (msg != NULL) {
+ const int has_newline = (msg[strlen(msg) - 1] == '\n');
+ fprintf(stderr, "ERROR: %s%s", msg, has_newline ? "" : "\n");
+ }
+ longjmp(env, 1);
+}
+
+
int
srunner_ntests_failed(SRunner *runner) {
assert(runner != NULL);

View File

@ -1,10 +1,176 @@
-------------------------------------------------------------------
Mon Mar 18 06:39:02 UTC 2024 - David Anes <david.anes@suse.com>
Thu Nov 7 11:39:56 UTC 2024 - pgajdos@suse.com
- Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion
attack when there is isolated use of external parsers.
* Added expat-CVE-2024-28757.patch
* Added expat-fix-minicheck.patch
- version update to 2.6.4
* Security fixes: [bsc#1232601]
#915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
#903 CMake: Add alias target "expat::expat"
#905 docs: Document use via CMake >=3.18 with FetchContent
and SOURCE_SUBDIR and its consequences
#902 tests: Reduce use of global parser instance
#904 tests: Resolve duplicate handler
#317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
#914 Fix signedness of format strings
#919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
-------------------------------------------------------------------
Thu Sep 26 08:29:45 UTC 2024 - pgajdos@suse.com
- updated keyring [https://build.suse.de/request/show/345282]
- modified sources
% expat.keyring
-------------------------------------------------------------------
Thu Sep 5 09:21:17 UTC 2024 - David Anes <david.anes@suse.com>
- Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
* Other changes:
- Autotools: Sync CMake templates with CMake 3.28
- Autotools: Always provide path to find(1) for portability
- Autotools: Ensure that the m4 directory always exists.
- Autotools: Simplify handling of SIZEOF_VOID_P
- Autotools: Support non-GNU sed
- Autotools|CMake: Fix main() to main(void)
- Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
- Autotools|CMake: Stop requiring dos2unix
- CMake: Fix check for symbols size_t and off_t
- docs|tests: Convert README to Markdown and update
- Windows: Drop support for Visual Studio <=15.0/2017
- Drop needless XML_DTD guards around is_param access
- Fix typo in a code comment
- Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
-------------------------------------------------------------------
Wed Mar 13 22:23:20 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 2.6.2:
* CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (boo#1221289)
* Reject direct parameter entity recursion and avoid the related
undefined behavior
-------------------------------------------------------------------
Fri Mar 1 16:45:35 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 2.6.1:
* Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0
* Make tests independent of CPU speed, and thus more robust
- drop libxml2-fix-xmlwf.1-handling.patch, upstream
-------------------------------------------------------------------
Tue Feb 20 12:21:17 UTC 2024 - David Anes <david.anes@suse.com>
- Fix handling of xmlwf.1 to avoid workarounds in specfile:
* Added libxml2-fix-xmlwf.1-handling.patch
- Call buildconf.sh to avoid (future) issues with expat_config.h.in
-------------------------------------------------------------------
Mon Feb 12 20:44:14 UTC 2024 - David Anes <david.anes@suse.com>
- Update keyring automatically from keyserver during OBS service run.
- Explicitly use --without-docbook (before it was implicit).
- Include missing files for documentation and examples.
- Add manpage for xmlwf, which is now available in the released tarball.
- Clean the spec file a bit.
- Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (boo#1219559)
-- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (boo#1219561)
-- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
-------------------------------------------------------------------
Sun Dec 11 20:35:38 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -1,245 +1,235 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hostname:
Version: Hockeypuck 2.2
mQINBFzUcE0BEACzkr4qR9zoM63YCJU/oQTJEtt7SR9Hcvntk351O5QQbNJS55Zah+XfiAl1
j45yrxP+ve3xU64Cl/GctZMLgkx8Qd3JECZCUkm72cvlBF1bJ0hkvcJRtTyuc9XXBBQBNoRS
1Tn4Gc/QE8L7669mS0FPPKpy4m7yY9SLtkauUTVkeKVz65Wo9jEB4cc4hJGzqeBndSmPbznO
PkATSadeLX7xNFG4nM20wCGZ1+UmY4j1NTBJnbxtxcPQ4/OiAKvAsfAzvZrlAMhJtFAfnooP
7VkIsbZyQqPeUznhGOK1nVpjl7DZ5c4geJa3OLfeDM5c1mSx3VsU8SkKbBqNeog5dV9yHAKF
Ba10M+VAylwlRg5i6TE/5JP4LneWoh/dZP6216MMelDcZeXn6JCgLWmjbCmuwDgA5S7y2cew
RU3hopGvCpTkgEg8XuXZgP8O1ZAOOqBWOt/mk71Bm6LdIe501f60aVcnODJDSb6tDwYTxkn5
vGPvu8biu2K+zdFqZskPTZo44qZDjLd7HpN5SigFMCCSk9LTWcwpa4eSFcezmfku+dB5T79Y
0W0qCKJKBtNLOj5atVk9j+BA0BNTmE8e95bTdPW3UbmXPhQQt8J+6UXsUC0brn3/9pXTXHvP
iQsYMKcMzOnbdXKvlMxF+dN3BT+uhEF5tyYgqSDaF07EnIJzdwARAQABtCRTZWJhc3RpYW4g
UGlwcGluZyA8c3BpbmdAZ2VudG9vLm9yZz6IXQQTEQIAHRYhBD1+lZ2J+s/uODcZIbALxmpA
GhYABQJc1HOXAAoJELALxmpAGhYAwxYAniPJOey52Zkpy2ULNZXpLnMfU4ccAKCRtqJckPvS
BE69v8XIF9imvxX09YkBZQQQAQoATxYhBCwTgjuCNzEPohMDSTDRMv8P9Q7rBQJc1cMyBYMB
4TOAKxpodHRwczovL3d3dy5nZW50b28ub3JnL2dsZXAvZ2xlcC0wMDc5Lmh0bWwACgkQMNEy
/w/1DusYEQf/YoER3M3OLkUT7DgWiZBakNs3ifv63fvBDVhwZcerobSxlqjFFQK6CC+vFumk
xV0hFIvS9yfCTLNYMcLa8C9TuWJSqOtTXLGoYDbD6tEOQbMnKJ+W/vypbf1VqVHlptwkPpNd
5R6acsEv4rNK1bbzDVWzrCvLBRsHHiyr8MFHVjJjPZFqQfc56K2CHNv7Yhk6h3DG/0LQl2Lb
pxxcYKkF+gw5AwJazBf/DwpomwyrMRRmiqcgJ0kDyDO9ktMd+7z81t12G6tiEFVoiyPCmYkU
0CjpArg0nMBWMzocrr3i7RNO5675VwefF5+i/hBykyaGiunmpJ5G16JaPAvs1eLOiYkBZQQQ
AQoATxYhBCwTgjuCNzEPohMDSTDRMv8P9Q7rBQJetvbPBYMB4TOAKxpodHRwczovL3d3dy5n
ZW50b28ub3JnL2dsZXAvZ2xlcC0wMDc5Lmh0bWwACgkQMNEy/w/1DuvGIAf/ZFdVDmJBa77p
Dgws9TDAg373Q4t4t26Dimp/GAejP9L85HRGE3cBwpp0U5N2uoEyBQmrQnoe+ggaEOcQXbv6
q2GIeA4LRpM7Yw/Umfbcd7KQhRstZiJXb2ectkSliDveAnrSfS4yB6pjnM64XTCZaKMCXOp1
4oiR6e8sL+p4QI9y8JFRvzMtgQCbmFW5JpSeOhLdnbjb6yqWZ8zQEx3lL/TdOzk9z4UsL2pi
dytcUMezYH3IzqJR+xTMMt3ELQWUtEIlagy4GvXkKMTOK3tqtd3nPKCBfALYEfhuuoHokTLk
obvAMXtiNJgWUCbeJPaW+bMZO3T07bVCYqwq7B3KZIkBZQQQAQoATxYhBCwTgjuCNzEPohMD
STDRMv8P9Q7rBQJgmXuwBYMB4TOAKxpodHRwczovL3d3dy5nZW50b28ub3JnL2dsZXAvZ2xl
cC0wMDc5Lmh0bWwACgkQMNEy/w/1Duvq9ggAwdatYPY0gb4LaDqUT8fSa9AOCWEqBb+XF3Di
GVaLsSAsMHM71MSdkxvXXVb5QVwnFPTRGC30LXs7HzEqzBqIi3Qvp53g4X/BcNYrHPMCvNhD
tKn9t27uncO+zcxlY90x6x58liyxQjS2SbolzwRYRthisNzxA45EgJcU2R3l1rgjcwt/X/W3
FuBt37YkEFFgK5Oj3RiH2PjNs2d2f1vft//1Cxig3/sLNIhvj/xVfyeHlAnor+Z/Q+vwxcXC
dnOR0tS4DCbP49dD2XNNdCpJuu1NswasS86cjjhruchg+22wwQFFiWLvsiXjfXD9qdMY6bCN
DyQF2dMheNU4IYQ5sYkBZQQQAQoATxYhBCwTgjuCNzEPohMDSTDRMv8P9Q7rBQJieq8xBYMB
4TOAKxpodHRwczovL3d3dy5nZW50b28ub3JnL2dsZXAvZ2xlcC0wMDc5Lmh0bWwACgkQMNEy
/w/1DutE+QgA5iKPPK5OHxyMFVBGl2EFd9HpWbEY7QS0rSWYu79z8uB4p6pFkN3BosUIEuEQ
W7NYLI5pwnRX07eqIvtGCeE22JeGCLH0AI5eyiJcXA6OrJRuLtLt/GM3Ob0lL8Zl1zVbXXv3
3d6kUVCiPctmYB1SnsJAHXHlhWq4PEr8WLsfG3jocvIwJeTF89Ft6evb6gyZSl0+wibWJYzD
L0hrTyBlcNBxjTh64CbJ4TgoXgoSjqjGinl9ac2Hipj721Wlxnzye2t3VsMwiQEw0H01W9Zy
Ma4fVzX5daFeX5olg9GJihniX9zayXxo7wGV3rcg3qZgIEFsbkIrNSew6CZkr0cZrYkCMwQT
AQgAHRYhBGPrBPqjDHbilS5u1lZZU7lTcnVsBQJeLf7nAAoJEFZZU7lTcnVsdKQQAJFajikh
3xSQ/n4/LRz2eAEiI4TePxmkDKxml1MpZpkxI1SryF0Dd67wPxiZ45z0YZ2GO/FcP2BVei5A
8etgQ0/aFt1WZ565ZgjtZf+entraAqU7EEy6MhNV53/uRBtFGfDHSmGrP/2HtPJzcvqmnPVt
yUBMKGDBOxCNB3ivPcDsu80f+Xd+junrwEi1p7pxlmCP0ZmJFj0U5Bf2QRkfVfXvL6QqEAOB
TUqCXTfmTmZ1TpenB8muWDgqok/3Qme8Y+0oTe3O+t+0IRxi2V1lDkB1Dd1QOfEXp3WV4Le1
b6O/rOgT5fW0XUEQJ9CN58zVEqPTw6aPW/qLA65UfbkiO/H54BnOeHSlFU9YPrEcCf2qooTH
qZyUEgEdB5A61NhravO78/uwgaHGiIKzopjLr8D5Le9YTD54DAlbP6X+0Jb93buVcvm2rm9c
KIbN6mwbH5gri7USDI0UAUySVYebB1UdFmOOYLovzDN7Us/sWJYksmWXpw70IZLmSVxEWR+I
urbzPgl+twksZv5EPOPhVa3plyRY+ARakisVmtdRWzBNwbd6RMG1urRiWXyD60r5XbiXN3sP
vTdvYkgFKWDQ8WS/+AyewznnU4ZU2eLFYRZi4TWugzaZVyAv7CRJi1UMOXSafqW/MlcWlM2G
qw4WhEHX70YKQRJwC2yGWF2P0T3fiQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
AheAFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAl6yxZwFCQO/iM8ACgkQH5sOkJrzcoU6ag//
TGp12gxPSfLEf+J4W5YlcFggkDhYBXdXzlgzgBOOz7LEZIFOJqWBXjlem/5tWhfHLPRv19Ve
cGfXQyaRm4tfu61DINECdaZBzHcFaAqdiV7pF+TtuDtZkYlkY4mLpo6H+dcHiQggJMB5bBGi
i+3b5feV4ioD8kPvSLIH4JbCfu9/PsW0MF3xV8dUhiqZoVj/qqEPi/ZvDtLSZKs5egEX3VBQ
CkrmUKOVO0i3ch+1pPr4hz0jEl6HfRZdCpvELGHDQtAP/9ckR/SvPUvQrXfra6bKLkGOWbBk
NIMmWSpzwfX7exl/mh8FASUyhJUM/S+9aBq+hSLBt+P6+WO4j1oR9pJITkr3X5g6ZEx7Zv/X
xkKQJcgII9T8OpLsICS8WTB6IkEb4/R2AzNOClEpys5fQYhCZFUhjDjMGXDOibEG9pnh9LoZ
KCRfezRb/B1zu39XD06Qpk9ysizXzjlEf92y7N1ppVbDUEqzWeoBXwyhF8nZgskqSPGgGOhL
eilDBNWPXZuFS4GJ4xf5KaoTXztvOZGamsNwfwTyZC/xJOKH7emPEP1Dw1W6kCMHfOUITJN4
okhZi//aLFgvvPUJs35gB1FQQDRgK6lHhHu18V4den5u/2/5qT4c2SIaUX1TvZZzer7Luts4
Op8T72liyB5zWZt0NUZ5p7OzVV+iw6kKIjiJAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYC
AwECHgECF4AWIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCYIszpgUJBZf22QAKCRAfmw6QmvNy
hTjFD/0XjMa2vEePxvJG5upokP5yzVQoMqAi1nryvXTiC8yzJWXD8/E9C+/K9AnHv1cvp3ko
jQmbqnP/1B2o/IYzJVJdLZR9F7yVmB2H6Z/C13X27u811DuEWEt4KYQSdNuTO9qZdtL2xS3W
TNiCx3Tu9N2sE5jXR+6JKZvU1+gCyM+GqWhFWIRphVUngoeTFcy1/2C9C5d7fg3IzcQ9Vxdi
nheYMLcPg4mumjMRMV7MqRZUCzPYkXulm5YBYDVATHfRWBmR+MP+0jrciVDkEYONKzeVRv9Q
VCoppJ5D26t/Cw6COJJAKDfsUngkWFOIIz7rvSdxe2KcVxWQU7COB2Pf7oeV1Yay7onSrYbl
6dTvQyBXBmCD77w1jl8DyrgwLJIwm7Hx7/T5StSO0W2B+rpZDpceNou7TUDok3ZagIbKhsiO
uLEofkV+Mg4KIBdvnn/QOqAeeu7OWIyyXUFWbTHYqDzucPoy98zUP+J73mm90B6/q9HFl7d2
eCOXucvyUUrw1Qh7K562Ye1v0q9dEyaDecM/4zeioTShzMfqtPUXtS+inUiEjis8YtnwTmIW
KZaDK4eGnO9IndXbkeox19z86tPepu/JvnAUXIhgzct4IIHGKo1RG55HIAIpMrRaNMG6JScW
OkzDU9slgOZFSbnTsSTHzrJlkxn6kagdTC2rvXKrI4kCVAQTAQgAPgIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgBYhBDF2732yNn8fyk8wax+bDpCa83KFBQJh0jLzBQkG/+umAAoJEB+b
DpCa83KFUF0P/21Q8qVcy20daWySstGa8cR8yUFQSOiYtn+DbAciBle+RHIvnBcmkdyRmRNN
tQhwg6c3wXr8X38/jsopH7c29v9kKvBoBTE495S85IKuacux/+PfL8itSZsF66EPEV9F94sA
GZ3E+VOUCPhmGQPUpCXtxExSJ35KmVHWF0dGR95LeXIvj8Z8Jg/h1wCVMfzFgF++B4tv4vn5
Iq6UNrRNCm6OPOAYslk7X3m2ozS7/e0sP/E6RioHCySoAS9GmOUEKCfHRPGEJ/CzUQxZO/WM
mUR61xqTrE6cxLEGQ9mUvGAty5slioZv9Zc2GyrNZpVW5KHVOpJGiZ/KdfbOWyO/YGo456DJ
t2Ie6vxad5wth6SKcVipyqjHaJP7vjHIr1e7nuFX0ayle5lyf9F1LXHPCmHoQ5Q6Z526hE1J
ED1PwxqVCMQdwUd4oRGSehKSJMrF34H6QTzbz6Y52le/rjxYAM5bLeOBS0akB9ICOyLASwAa
4F/soqBdc0MzpKfIiPDyZLgZsXgNUPzOvFSCBeFpmt3o+u+zNgE3cF+XBaoK4b28IgUrLeu2
CY28nocJ5f7UQHsVev5SJODZ0yhzxNnaJoHgEfri5JjDv6PxuRpNXGG0Vxt/ETN7w6gABRM5
3nNaS5WvVFei67oCQhxK58SPT5vYdJ48BjSVqYM9TQzC5cryiQJUBBMBCAA+FiEEMXbvfbI2
fx/KTzBrH5sOkJrzcoUFAlzUcE0CGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
CgkQH5sOkJrzcoVYFRAAqnEdpZvRw8o1MvgoahonEQQ0KoNK2Q6IQT1iAlFg43hsf2Q6Lj1N
8gaClrty5NKLiDxdFbIQzn2m/B+FJVftOlnCBLGIVe861FD7Mwg61bGbftl0irEgaXT2qASF
a9FMWzfJbP7EukwTWjf9cHZkzqlF6+tpcKBf3LviuAc2kU+cmirNEmG9JnKoODEprUTwFo5c
GQbx8BWWMoWkGqdOtLleThos38Gd0CxZXTLbEjOY7kAKJOFqHdTgjh2GPkWoUWo/2eWz4GBN
8nDPOBto/Te5ybujCS8srdpjluPY45IHiie2j5Xnb7rsrdxCdBkIiUkIIy1xv+sI5jfl5gSZ
HMnWpaTEcZP2Leje1R33reOrz/Jgv4zW7VG+cBUhq0SXMmT9Hpc7zulYUodZpUaKhFBypG9Q
hVQmBqK3xnVLokYU1ysD3IyKntWSUGiCsijnMtgqCLSzZHAjR7U5aDed+/GOoTviD9wSMkbZ
QXA97/USGLEI9k7vVZ5bpPwMG8C5JjpwusALA5ppoSustAFZ9xaQGe5tew6RYiJTabpjZI2l
C3xChS9jzxwfFW2ItVdSABuvV/vdSSsc01PN7Pgdkc/IXotozW7WG4/xP1bImrTrnDn/WI/I
NLZ0uF344WtlT10EEoQU9roZvoRenrAWqaQ4I6IffwBhCg+CYceO7y65Ag0EXNRwTQEQAOhM
wHA6FxDjdxLDnPYZZ/HRCB3j+Fn5s+c/qiK3J54G4yYP91871FjDeF7pDsmcQRgCz0k6GeZO
zFOkpCTGg6aMPkOiBo931OqckzhlACnLSCzR5b2bILTaUGnf4t41D6+tCFK2dfJBdQ0yYfB3
la8kg9a7vtnlaM9UO0Tr+o9NYOWysUAa5fxS9jSF2CzgeZ6k9Wa0bj90u8N9cfsGrMB7F6TV
PG4Tf7GbCvgMwaBfSQK74hXVWd0wjTW0VGIpxRfAYudJyB/2da5rOsMWh5hEe6dShwEQ1tJH
njuBIJI1UZSyVtFqMj8NysftD7+Vrd6N3Fp5umUzc6tViag+u6s8Q8TxCXMaSwoVtBV1HHbq
KiCzwd4XNwHfv/h0VrgM0SXrYVmHwUkLUNdOlAKWRZ7ExaTMx0oNaKwjr3FhV7W5utf6kQ9l
MfS8gV0dJM1nZp0Zkgi/ojuIecqBQXJwTp1YQo1QmJHM0sKTu6pOOlTxizaT4Ak0etQf9SLi
nltMeYEdCoFavWkWXIIP4YM94fuD5Ekc03b2iiCMKVONSr4dKaAPFEtV3uFIoS/VwG5QQ8mE
hZZH9ymOeUrm+YvljFSfp1TDp9dGiYNKCx52Zj7wChqswzVEVFTqGEZqsYtyuuDQM0JhX6TG
T75zmsqiJhBGl6nigGrdaRCnWvWv0n0dABEBAAGJAjsEGAEIACYCGwwWIQQxdu99sjZ/H8pP
MGsfmw6QmvNyhQUCYdIzCwUJBv/rvgAKCRAfmw6QmvNyhXK5D/jBMCAdoJVW9ai4tKgNac3s
xFjrtnLPo6lEzB4AXnltkC1VwULeDL+O3IueYCt7kyRr9vvogG/y/e8kpVIGvH8TcZd71EvU
kM7Df9X88I5bPrA78MpWAEQGE1RxsFLQVppzAOeiXVTXy/nwS/8LKP28W5FNFH0M9qYmvTje
S0YYwxr7DJU526B0JGiis4kXl81tYnd2H46cx1qjSMmWMV0dPWMbUG5gs3HtU4u5DpBgn7a+
klihpmtxebWNV2vO3TCqYJps+WbvDPHpUsHFpW+wYvE0VosB9jYKzhOS94aGz4Yl7fTZq/tF
4atBReoeESJi6RJWpvNmdSQPYrJu3BAGWnYTuniW9xhHhSYnCSrH3WfZSermU6XiAmKtZB5X
w4HyjuJgKjUDjzVDOvpTQVcnpkBXkOdw0dIZDk61cq81p/R6bmxEGsIkMHNpxRfA1PNwjypg
ioLF2Cyq5kB3IVc8KdpW4O3XaVSiMfvXlkvpQJmCPtxup8IqUmgL+ILTqLJaHOhpbb6bsikT
DekUC9DIV58xQ5HuHI0qaTrDyZsG8CK6f+OwxKbXJh5QDFarM5YrOIHaOaBSICQtCgCBH/Jp
388LOm8rTDqSHAQxp9ZjQafyLBaGHlHR2rvnztfV1LHS+9Pvven6J3Fj4r5hztJXuKUrOZ/B
sLw8c7DnOI0UiQI8BBgBCAAmAhsMFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAl6yxcUFCQO/
iPgACgkQH5sOkJrzcoW5Jg/9E2/nvRIKXQCR8t7BhzMr4qcI5rqAY/pA/SxuI6G3zqyJ14dk
2g6QN7khdesFaYbJjak2pTVyBiffm5UBz9NzD6Aai6MYUSJnKBE9432gaVYv5L1PaVlybwHF
bK3ayo+dI4gkN0gYlrA4l1BUX6SsDumawlTMWTB3/4fqKN5c4u+XL/ccT7z+BRQu12kYLmUj
3xXjh3LxH9xuwJ6qj0Kq9cNZMHCfO5YJV8dhxA00GvdNCIZfgmmGbZFjoDR1qzM53SykqcFC
9UXK0IzEv0p2zSRJ3UZwkbxP7CWm2xEWLv9glVQM5wTULcRhdARtgzeyq82fMS7DyEmshYKE
L4o/kAcRwaOy8Kyl5PSadpEQdEBwX3DutGAPt/V5Vumdx8vKl2JX44F1euiNCYeQEmNYd1F8
T2a8xSdQV1TUIoHugQ3QGex2+scR2SdOVdpey+VJLN7hxk5xUx957E7SQVf7tCVqq6BElUkv
kQAr48XRfj2+KFPEhmb140VLJ/ilBITQ9CyhCYkywar9SDh9xf4q/cfBdhBXn9nK+vOgS1mP
Tdjgd/RuR3n3n7RUKTnOBdx8744fgLNKfJ/MWxVQqufPUX73xxqNZDjXDKe8b5YgHMmgJj2R
DNqnBj/+uKhcVPoI7y2DQU+aeBLlqxypmU74H04EdD8ikbByrMV2lBFwIfyJAjwEGAEIACYC
GwwWIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCYIszjgUJBZf2wQAKCRAfmw6QmvNyhU1fD/9m
JGguTFO4J1nJAR2/n4DRV62L/IjaORhePqiiw5FOBNr5/9+ggj8yV7Il4MU9oWTM1DRcYMfH
OvsA2yS5hrHPyifWHpcTqkudnecPBT1JnVvMivzX+s4x1ol4EyOQRByBoYCFsEYaRscNrDIT
Mid4zWPy7rkVPDr1RB+cJb4lQzfRx6XG8bJuF8MymEd9S5GNxeHNigdnFP3v3QwhiqSabWHp
ul+k5VelSRqOlfVPNCoCABIfd5nEEwkzpndsmRRjx3Qidkh7Dwp/l/PQC/QM6RM+m/3LpXJ+
Xah3DqkZHq4EYhmq4QmLljzMoT9EUXxWhiB6r8Xfg9kXHLEw7fed5nB9lXo1UgnEiWiL9Fpc
/7Zfm3hmkO9p1CO4SJCO6zHYNpL463Z6USnN/tLFcJFAJJNpChXRHPF4g2YEy4gs8IDNmzjy
OMLDcnt9v6DNt23SVxdi5PrxlPvLTA09tjOQlR2jTCsfEW96F7AE3XKorvdm4GkU7jWFeIzv
3RlpZZIZxGgfHvJ0gEA1UGKhdV9qZh46y5i2MwGILp7DZgr1ew9ekotmoqkO6Gh6SxI1d3c+
IeS26+VNocVjQFjQvfoJ0CtR29AVCP5jYZtFeVIhwpLmoaIdfTKgo/QVOtzldK4dCxFNShiC
Yj3gDv5ZyAzx4QYWqCT7kmJ70fDzMgnipYkCPAQYAQgAJhYhBDF2732yNn8fyk8wax+bDpCa
83KFBQJc1HBNAhsMBQkB4TOAAAoJEB+bDpCa83KFDGMP/j/LjzcdTfiHWHc6E7EUM3qPWf8o
bSL7Ft4l77x0vUGf2G3pQcngTI1SIMTTLAKkXhd6qPqCVPmM6kHK6IzwFcnMRFoMyoH/bVnZ
kUs0NyU3DPg3OUc1Iunvcg27nHdZPLFRv8ey/qSyNiIEJu3hzyBIUO0ZDdOtUwkqnznrri+I
pToD7gWoYM0CC/Aero/OaC20c6dU1s4zwmAjqfzb0Nqiv3CDrrvF0p3g6fn7BAyHxnYbS7ZX
S8nPQEY0qp+yC0CR3jceXCwv9C1PhQiSfqiPBTL7CglOz02WSAxY7GInh3VitM2rruKcacpL
VfjiZmFH4SUCys/7c1Sn+pJTfiqO/2sV4vutxfu3Q0xDYmcf7DK9BN7bZ01m3szTX/+5Ief0
kpY+e5ZrfcRHUOAzA/dXeW8sErf+YvCU9Hyi/e5iWvbhaMg9HwMA37cEfhBmVwGBOS6nuFHn
7TFoZrCNnFWEpfUJY++TThhNaVKlz5n3PXERFCJlfZtXf097cJJRJniBoA2jdfQqSJAgXArb
ZPxRW0ohIfgj+lnvqNwB27trdnKKpxC6k6P1k0QZ1MP3tDRaz/k0WrVi4Sxps78/RzA7I9nA
R1ovVUx8Tw2I9ru64SyyyYuaA2M5nQs4kMzA3P3oeFO9t91by/d/O1lj9HtGYEn5xLzb40Oy
TfeDSyTpuQINBFzUck0BEADgwnBJBHWBnKwHhEJLYei4PMImRJSjoiYZi1EmiCT3u9+qEW/I
Oy+VJPyf2OyLM9RoLzMrCRmYi41eFZryWsenpzHQVP28KbMHP+mdJOTyvX9Lt8Ohxa/m+ZG0
vjhXLDBsRFmhEFDV14As8NcI1GivnpyNxTFDDWbmxDMw7zTSkjH8dqeB/Z/HTXWu0pdOrhXb
85iZMsOZDUzmbKwBQTAOX7zPtmi4zheP49VXHGn3fNgvUb6QuzSQNtAKS7C2qPlIMug/vYyX
RNM4dnC9aGYdjwXuEyNYLN131lqG6q98xxPRsbdnzDqTgPCZqk2dZq033Ad2zhNbhynycxXD
pxQsRn4PQfKBgpr+IdNEP4UevaOueaVLSwtvcvXcqMYtrzSYIcNu0tnbDDZRxhgKM+3TkpZc
107qowq6+SSPzWbg6hUY7vxKzDAgvYhn5Oin59sARfo0KkSAM1H8/ozYxdNGySqIQFewcjjL
DpQnI2x/ZAU8nk0hltEzj+KmkJdJJI3becentmrdODySLO0fidrCmzhiuk8HLodDQ9apY+54
fWwDDUws33yE4DtX5Y2/1nUvwDNpil6dRknAVGdc3OvIe+WAnsGR9SMSy4HruP/Yf+OZSCFt
OSloe4MtP+qdyfx0vDg/mLffZxE8r+zSeB5IAp0BSbwUhdbeWGd+UpWCCwARAQABiQRyBBgB
CAAmAhsCFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAl6yxcUFCQO/hvgCQMF0IAQZAQgAHRYh
BMuN5wqQz79sO/XMVpYmKs/7067GBQJc1HJNAAoJEJYmKs/7067G2s8QAIP/MH/Xzbuhz7uO
+6FFNS7kk00zQImC1Y0yYyeyy2UWsSD4HUdE05CoJCMSwHXpTNzDs/aackTsKivEINYPvTwb
EGPMPqv9MVD78T46iwSuA+Qg32CDLAjubby8Q55DXYS/q40CZaLzg7OQT8IH03ewxzrtpdLr
nXnYN1ktwBFokv5ZsxB5BhEJfbEHEqdoNk2STQv5p/Ikrc5C/hefHSKXV4cJRYoPkrdnr0ZH
yevB5iGuR9zMxmkLD+NyIqqVqxjWQNjLoEdY+xKnezHiIZvGb6nH55DosZY5/IHgLUJsLFcY
NfLFSVdAzF0py+A5nY0PJarlZptOi22tSsSXX5EKWHLTZUUcs1uBrmydVFMsT3ZC+8pHxLyK
Gn+f+89jdUCzidQ+545OYnNTzxTjGytG9Y/KEVDYUWAm9OSSLJjDpt4RDVF6yte8cHJfdC9Y
pazet2Z2GMtGa6g6dv7NhDF+JCEhnMraPaLHbWnABP47AJZ1cRvYfE2lyHBzfKWyWJ56BWH9
Sf7p6DwehqIAo0erPAcnBDcbrfrHaSnFLvW9UpIGAGvBMXZqAoZNNsXqq7OMHRt9rWZXOGke
GAINnwlQIT3ffKMounUS9xzLM0kZdf7BS7K5+5gcjJPh1b1yvBYApioBAXbnaTmqvdwr03FL
noGi5/0671t0iUGSqbF4CRAfmw6QmvNyhXnWD/4h3rEK6AkbcZ5EMiWdCphpje+vbjIBGj2o
XaJIKSWiXrvI+ueWfrFcdOfl4vq2CGMp/rjKTR26xkTk+JQws7mcXX6xHCODQreQEfOFQnpG
kQBxJ/Mlx3dqjKlEgHCUp9sDYS2UaYMM4b6D3WWohSbFK/KhC/qH+51cviBcCFoaXtCaGy6v
gFzhwUpXmmk3aMaPvJ/yWFa5qfP3IcSVd2mK6QPSUkRjqqUEnXk79Q3j2tmvh2Dl4+KOlt+2
aPvs4oITr3bhHHK4nvbwc/JAl744mxg8EE/dlkS+uHGlNfHzzQuud75dLxGeyjLCr/FGUUrA
g12D4Z4tDPtJHLwWOs9rIZWk3W16VpVSyzP+7bREuiNsCat0saGQm5T4TCBn7JiuHu5R/jG0
gHBjrEZ0EvQxUyRqmT2irnCQ8EY6icuVA6oJGjX+nt1HO7n/5XFFb32ZZueX575zg47VGgUY
18z5tURzHRS0/OkYjKlCau6JPqe4tmePSHTi51KfpnlzZ5f7L3vYVFlh4i30TQVX3qoZw8R4
qOTkashJCDOnB2Y4Ll8gww5ttfuC7Kc3H5P/QvcEQj6G5m895QlVyD7keyssKA2hycTp81OH
kNd9bxkkxFXw+ebVTii8R4Fu3uFLDD7nPPIJyES5rzHuQDGwZ+GdQs+a9lDQrBfNKGy0tGGI
sYkEcgQYAQgAJgIbAhYhBDF2732yNn8fyk8wax+bDpCa83KFBQJgizOSBQkFl/TBAkDBdCAE
GQEIAB0WIQTLjecKkM+/bDv1zFaWJirP+9OuxgUCXNRyTQAKCRCWJirP+9OuxtrPEACD/zB/
1827oc+7jvuhRTUu5JNNM0CJgtWNMmMnsstlFrEg+B1HRNOQqCQjEsB16Uzcw7P2mnJE7Cor
xCDWD708GxBjzD6r/TFQ+/E+OosErgPkIN9ggywI7m28vEOeQ12Ev6uNAmWi84OzkE/CB9N3
sMc67aXS65152DdZLcARaJL+WbMQeQYRCX2xBxKnaDZNkk0L+afyJK3OQv4Xnx0il1eHCUWK
D5K3Z69GR8nrweYhrkfczMZpCw/jciKqlasY1kDYy6BHWPsSp3sx4iGbxm+px+eQ6LGWOfyB
4C1CbCxXGDXyxUlXQMxdKcvgOZ2NDyWq5WabTottrUrEl1+RClhy02VFHLNbga5snVRTLE92
QvvKR8S8ihp/n/vPY3VAs4nUPueOTmJzU88U4xsrRvWPyhFQ2FFgJvTkkiyYw6beEQ1ResrX
vHByX3QvWKWs3rdmdhjLRmuoOnb+zYQxfiQhIZzK2j2ix21pwAT+OwCWdXEb2HxNpchwc3yl
slieegVh/Un+6eg8HoaiAKNHqzwHJwQ3G636x2kpxS71vVKSBgBrwTF2agKGTTbF6quzjB0b
fa1mVzhpHhgCDZ8JUCE933yjKLp1EvccyzNJGXX+wUuyufuYHIyT4dW9crwWAKYqAQF252k5
qr3cK9NxS56Bouf9Ou9bdIlBkqmxeAkQH5sOkJrzcoXLuA/9E35tq9kEQLfVk/XIPaNcK1cY
thOICf/LfZVcNvlGxIfMGfuEbQ+1eWcdVa/UW1Kff3VUOZaAjyRbpdrVbEUCyoFnnMEs/GbC
G5+gWGpgwD6jt7tESCCpQIssp3b8vf69SWNH8jKY4LXPkeSaxuhFWlUjaJXnvCMYWeHTPTke
BKHVMoAKYWKr7t6jgLDGoNO+B0l4vVGq2K8M0obd5Wn8HV1IgYu9yP5CX8KzYkSyg9Vc2djQ
4k9aKfCthVwwKJ+OH1MJFpEKYihmUweaGo9+32sHdT4ifyn6zS+K8HHZGlK6DeBlqrWkx7GP
wHZWtq6v2DxcobZieLoLmyDZlJFJHjbKZ9Bg/OqUaqCyuFzHoVC0UTRIgvblButt1agaMPz/
7+VdXZUKmXjZjopW6R7ScxK/q4uvKykY+r0eDTihLp6Nyb7m96Xv8HvlBe9Vzxm//PtosZUs
sQatJHMecKePEhkY0i/bqm4CAur7ESfWatgZhZC0MIG0jTCB6O7ueBVTKX80eXeyErYt+Wra
iH6wuBW8GCLuuMnAiaVkoknx75Oyqirr3Una2xoGGMcER2+QTWTxD/GuiPIOK6z1ktglCjIH
hK+bedsSrv6pnJtcdc42btv57ZmslyjiSIOwnCHQNfODjc9Ke4/FtVnsRmIhn/NXI8OdL5oH
vI4Hu/sWWdGJBHIEGAEIACYCGwIWIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCYdIzLgUJBv/p
4QJAwXQgBBkBCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAlzUck0ACgkQliYqz/vTrsba
zxAAg/8wf9fNu6HPu477oUU1LuSTTTNAiYLVjTJjJ7LLZRaxIPgdR0TTkKgkIxLAdelM3MOz
9ppyROwqK8Qg1g+9PBsQY8w+q/0xUPvxPjqLBK4D5CDfYIMsCO5tvLxDnkNdhL+rjQJlovOD
s5BPwgfTd7DHOu2l0uudedg3WS3AEWiS/lmzEHkGEQl9sQcSp2g2TZJNC/mn8iStzkL+F58d
IpdXhwlFig+St2evRkfJ68HmIa5H3MzGaQsP43IiqpWrGNZA2MugR1j7Eqd7MeIhm8Zvqcfn
kOixljn8geAtQmwsVxg18sVJV0DMXSnL4DmdjQ8lquVmm06Lba1KxJdfkQpYctNlRRyzW4Gu
bJ1UUyxPdkL7ykfEvIoaf5/7z2N1QLOJ1D7njk5ic1PPFOMbK0b1j8oRUNhRYCb05JIsmMOm
3hENUXrK17xwcl90L1ilrN63ZnYYy0ZrqDp2/s2EMX4kISGcyto9osdtacAE/jsAlnVxG9h8
TaXIcHN8pbJYnnoFYf1J/unoPB6GogCjR6s8BycENxut+sdpKcUu9b1SkgYAa8ExdmoChk02
xeqrs4wdG32tZlc4aR4YAg2fCVAhPd98oyi6dRL3HMszSRl1/sFLsrn7mByMk+HVvXK8FgCm
KgEBdudpOaq93CvTcUuegaLn/TrvW3SJQZKpsXgJEB+bDpCa83KFsXUP/2EnRVBTcGNoFUlM
pix9my9IMvGCoYcV3PlPPIucZqmyFH1ky+jKNRlTKW6lim+dsrHrKnFkQ/swv6dZnjkph0tK
xqpcc3yYIieUPoy9ypddxy5Q199yBBceGU/+UTYMWqVgOOELXeblTICoV+GTveQ9DkxpRf2U
9kJ8Vhb5hUA4mUC2Wez99ucljwQl72ayP7RoDIQ12GrrX5fFQi+1mnwqJPu8y2AUeCSC7Dzz
yfgZC9hJD8O8KeH03XCefoSfxAO4HH9Er1UN9TSFSzsIftK/G4cW8Xoqh7S/5tLaRk7/dCGc
tmEM06SbacwiZFgYP7xAkYgg55tGX8ULxVQI4KpjXP3RLaw5a3RUUm9Sg7+bQgU1jB0qxq2L
uXpPMWmapiX6uWx8PJrWJ21XNnHmcszwStyTWCYMaH1Zcdqy5bWe9oklIKVBus8k2Iu0Rk34
hmPgaB3TG/wyOraUnNZewccxFc9mls5o1v48lrm4ZERW9djwUIj/eCU5Z3fbubdk32R5E9Nv
MlcxcE+5SHKFJd0H2cVZPnhI5G90P/eQFAkmGhpGtpSQ9AmH9rP+K/GB1Jj4GM2u3IDwMgds
JhTGUfJh1UW6phBx6x5WMN/nrylFv7U7spggFfStlK3AmKy6zR3xlugmmmKc65XCTl/KG7wu
nG5VutE9BCxlviVKeE5eiQRyBBgBCAAmFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAlzUck0C
GwIFCQHhM4ACQAkQH5sOkJrzcoXBdCAEGQEIAB0WIQTLjecKkM+/bDv1zFaWJirP+9OuxgUC
XNRyTQAKCRCWJirP+9OuxtrPEACD/zB/1827oc+7jvuhRTUu5JNNM0CJgtWNMmMnsstlFrEg
+B1HRNOQqCQjEsB16Uzcw7P2mnJE7CorxCDWD708GxBjzD6r/TFQ+/E+OosErgPkIN9ggywI
7m28vEOeQ12Ev6uNAmWi84OzkE/CB9N3sMc67aXS65152DdZLcARaJL+WbMQeQYRCX2xBxKn
aDZNkk0L+afyJK3OQv4Xnx0il1eHCUWKD5K3Z69GR8nrweYhrkfczMZpCw/jciKqlasY1kDY
y6BHWPsSp3sx4iGbxm+px+eQ6LGWOfyB4C1CbCxXGDXyxUlXQMxdKcvgOZ2NDyWq5WabTott
rUrEl1+RClhy02VFHLNbga5snVRTLE92QvvKR8S8ihp/n/vPY3VAs4nUPueOTmJzU88U4xsr
RvWPyhFQ2FFgJvTkkiyYw6beEQ1ResrXvHByX3QvWKWs3rdmdhjLRmuoOnb+zYQxfiQhIZzK
2j2ix21pwAT+OwCWdXEb2HxNpchwc3ylslieegVh/Un+6eg8HoaiAKNHqzwHJwQ3G636x2kp
xS71vVKSBgBrwTF2agKGTTbF6quzjB0bfa1mVzhpHhgCDZ8JUCE933yjKLp1EvccyzNJGXX+
wUuyufuYHIyT4dW9crwWAKYqAQF252k5qr3cK9NxS56Bouf9Ou9bdIlBkqmxeKcnD/4+1HUg
5cKrfSTXZNsuOU7AnlybWpU7Jl8YdxfeuCCe+I5W3jTYqljpCRGWBAHtE3udB37JXKSn8yH7
0JzXQDWL9+G1wqk5iwkvtmKqAapzJFuZ9lYNlNGYDxI9foTq99f+OheFnT3nUm8IA9N0MwjG
CIJ5501HM+NO8WylVoy0Y+erxbyQGC2Ey7YjVZSuCTZo3BuYiSCP8Bmd9qHxCJmBGQgbtA/2
QBcLZ8o/z9w0U39Iwsei8oacZncVTIFnBDsU3E25M1eyQ8VdcAqLL7v3UFOi+20zBBs+g8jB
BdzXUVhp+RAsXldo8i/qtdD4/90UXT7FBXmImGtzOVmza23v7Dyq7P/ZueEAqhr7vtW97UQ7
+YkXDa4rHi4HrGJClrdxixEyCTPrD++SvwxAud3hAUKZF9hOb0fD9A7cn63EERVgaJGAi7p9
Oqqbqni8JOssQF6TeCUFP+X3nR4+iy8EX4scfN6LUB6/mnhoRVZ3GNEzPAZi9PGe8RqWJqUM
trBVUPVxcwAgfijPmmMIXIUyZk5ysTQeT3eJVd3R3yxORfaHSD5kuHnXWwsp/yYltsLI/hBt
Va8N7XZdzZ9JDT8fIWj5515DsfunTtksrObpRdiq4lxAoYqiboI+L1BCHwvaTy9ghXhhpgny
m0DJk2bmucRair96apTzdYoszd7iLA==
=DiYK
xsFNBFzUcE0BEACzkr4qR9zoM63YCJU/oQTJEtt7SR9Hcvntk351O5QQbNJS55Za
h+XfiAl1j45yrxP+ve3xU64Cl/GctZMLgkx8Qd3JECZCUkm72cvlBF1bJ0hkvcJR
tTyuc9XXBBQBNoRS1Tn4Gc/QE8L7669mS0FPPKpy4m7yY9SLtkauUTVkeKVz65Wo
9jEB4cc4hJGzqeBndSmPbznOPkATSadeLX7xNFG4nM20wCGZ1+UmY4j1NTBJnbxt
xcPQ4/OiAKvAsfAzvZrlAMhJtFAfnooP7VkIsbZyQqPeUznhGOK1nVpjl7DZ5c4g
eJa3OLfeDM5c1mSx3VsU8SkKbBqNeog5dV9yHAKFBa10M+VAylwlRg5i6TE/5JP4
LneWoh/dZP6216MMelDcZeXn6JCgLWmjbCmuwDgA5S7y2cewRU3hopGvCpTkgEg8
XuXZgP8O1ZAOOqBWOt/mk71Bm6LdIe501f60aVcnODJDSb6tDwYTxkn5vGPvu8bi
u2K+zdFqZskPTZo44qZDjLd7HpN5SigFMCCSk9LTWcwpa4eSFcezmfku+dB5T79Y
0W0qCKJKBtNLOj5atVk9j+BA0BNTmE8e95bTdPW3UbmXPhQQt8J+6UXsUC0brn3/
9pXTXHvPiQsYMKcMzOnbdXKvlMxF+dN3BT+uhEF5tyYgqSDaF07EnIJzdwARAQAB
zSRTZWJhc3RpYW4gUGlwcGluZyA8c3BpbmdAZ2VudG9vLm9yZz7CwZQEEwEIAD4C
GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQxdu99sjZ/H8pPMGsfmw6QmvNy
hQUCZZgh3wUJDIYYkgAKCRAfmw6QmvNyhfRcEACU3hFFTVRyZTB+/Phui6bFhhbH
oRVMZl7llwGdtmUR76moGAnOilKK3UG4Xn+yHk0Au0kMDciDzET1KL5pTk3FYaX5
SdhMK5P3CQIRvGVQGEyzm2riGMGBQwbMTN1cWSrW39lORPDanDKIzzu0mvAe9Ufs
M5Ecrz6xTIxMcMfBEaYH0snwMGFLowcDETk8DIM8qn6oOrH86S2+HP3LKeCM1DOI
uAILj438lTgaHKfOmtAMxqwXzVtknQN5upIBvfDtYXeLH/zSztt3XIcDYrBVCFd+
7wxvelu0C6e1yG3vQ6eQt4OAeSNBOXUAcIWsCti9uGL2//pE9gQs4s1ijJYFQuuE
er3sTTqg4JU5y9NkDo6p9roZt+uDFSyj3wgOinfxMipNLniJpjrvV+tmqGhYZY0R
WEP757A1M/xVaf89d9rp5pJ9QawNUIDfM8gH+m0FuX5YKlSvFak+uB9/Oeu+BKy+
wWyBiEM3fOjnFBpAGz1nKGQFYvUuRtqFAmlLUhN3EA2ixL6tMvlkWmHS0o0o+YGX
tANGcsS3KwWILlRarfhkHuc0s+gFiTKvfS/pTbiy6XbtYTtQ0n1HkLz32zwdnFig
/do+xYVyb9w1IZSc3HZAA2h8NlW2crMbzHr4FlSF5p/Zk5gVdfnhuKqWsE/nKAjg
/GwACVGzFbZiD2CqsMLBlAQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gBYhBDF2732yNn8fyk8wax+bDpCa83KFBQJjxyuuBQkI0+7hAAoJEB+bDpCa83KF
cesQAK0yPR7YSvy+uumbMJ02Be/7bu60yUk5O8nngpmebzQLEDAOyp1/HTcNk8VO
zyKsQfWOsCvupAvPpdlaTfXanJQa0kOBjos1B/hoc4lQg3UwpSxUbmAml8MZfWgs
QOexENXh3kGQBHTQS7fObCx8P96BLgOvCzq/wo7dUf4cugfg0RQSVI6yQNUIesRq
NSDHTRAKy6hWieW3itZRs/DCD9e/aesDAIGaFlxOWb5wl0mHHbYw2IhgK/RbSY7K
kt24SPEom7rc7dD/ToG2qNv/5uUujSQdjQu0WE+5JVVOaYsKWkWTcdKVURhhRJQt
FmBA+CQyC/gUmrPvjfWFk9LpbFi/5cFWaqWQpMjz0pQPyKcLRNNotYMaPWpxqIpt
0sBtVBZSVHv1emyMkYccxgP49lfHpzWIdILZwKJyJ6PPtojV3lrcXc53ILsOTGi7
iSSQDEmxwJ6hT0lzrJ0bGnTidO4pN6VqtpQUt3HsODtivodxfkGskuSMkPVunZLG
4OIsdco/mdKpEEc6g2+dQnYl2tYFZ8w/l0gEakLbkFVIvsYdzCJpR39OJgRWE+YD
aWWitak50L30tu5gXcIMw4+79s0gqUBBxYRo79bx31uV1fPcj+ajovLQD9o5lwfY
TdPIaNPmQh6oyz9CVzTovUgsHP8Ji0Yepma09p89Ov1NFPlawsGUBBMBCAA+AhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUF
AmHSMvMFCQb/66YACgkQH5sOkJrzcoVQXQ//bVDypVzLbR1pbJKy0ZrxxHzJQVBI
6Ji2f4NsByIGV75Eci+cFyaR3JGZE021CHCDpzfBevxffz+Oyikftzb2/2Qq8GgF
MTj3lLzkgq5py7H/498vyK1JmwXroQ8RX0X3iwAZncT5U5QI+GYZA9SkJe3ETFIn
fkqZUdYXR0ZH3kt5ci+PxnwmD+HXAJUx/MWAX74Hi2/i+fkirpQ2tE0Kbo484Biy
WTtfebajNLv97Sw/8TpGKgcLJKgBL0aY5QQoJ8dE8YQn8LNRDFk79YyZRHrXGpOs
TpzEsQZD2ZS8YC3LmyWKhm/1lzYbKs1mlVbkodU6kkaJn8p19s5bI79gajjnoMm3
Yh7q/Fp3nC2HpIpxWKnKqMdok/u+McivV7ue4VfRrKV7mXJ/0XUtcc8KYehDlDpn
nbqETUkQPU/DGpUIxB3BR3ihEZJ6EpIkysXfgfpBPNvPpjnaV7+uPFgAzlst44FL
RqQH0gI7IsBLABrgX+yioF1zQzOkp8iI8PJkuBmxeA1Q/M68VIIF4Wma3ej677M2
ATdwX5cFqgrhvbwiBSst67YJjbyehwnl/tRAexV6/lIk4NnTKHPE2domgeAR+uLk
mMO/o/G5Gk1cYbRXG38RM3vDqAAFEznec1pLla9UV6LrugJCHErnxI9Pm9h0njwG
NJWpgz1NDMLlyvLCwZQEEwEIAD4WIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCXNRw
TQIbAwUJAeEzgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAfmw6QmvNyhVgV
EACqcR2lm9HDyjUy+ChqGicRBDQqg0rZDohBPWICUWDjeGx/ZDouPU3yBoKWu3Lk
0ouIPF0VshDOfab8H4UlV+06WcIEsYhV7zrUUPszCDrVsZt+2XSKsSBpdPaoBIVr
0UxbN8ls/sS6TBNaN/1wdmTOqUXr62lwoF/cu+K4BzaRT5yaKs0SYb0mcqg4MSmt
RPAWjlwZBvHwFZYyhaQap060uV5OGizfwZ3QLFldMtsSM5juQAok4Wod1OCOHYY+
RahRaj/Z5bPgYE3ycM84G2j9N7nJu6MJLyyt2mOW49jjkgeKJ7aPledvuuyt3EJ0
GQiJSQgjLXG/6wjmN+XmBJkcydalpMRxk/Yt6N7VHfet46vP8mC/jNbtUb5wFSGr
RJcyZP0elzvO6VhSh1mlRoqEUHKkb1CFVCYGorfGdUuiRhTXKwPcjIqe1ZJQaIKy
KOcy2CoItLNkcCNHtTloN5378Y6hO+IP3BIyRtlBcD3v9RIYsQj2Tu9Vnluk/Awb
wLkmOnC6wAsDmmmhK6y0AVn3FpAZ7m17DpFiIlNpumNkjaULfEKFL2PPHB8VbYi1
V1IAG69X+91JKxzTU83s+B2Rz8hei2jNbtYbj/E/VsiatOucOf9Yj8g0tnS4Xfjh
a2VPXQQShBT2uhm+hF6esBappDgjoh9/AGEKD4Jhx47vLsJdBBMRAgAdFiEEPX6V
nYn6z+44NxkhsAvGakAaFgAFAlzUc5cACgkQsAvGakAaFgDDFgCeI8k57LnZmSnL
ZQs1lekucx9ThxwAoJG2olyQ+9IETr2/xcgX2Ka/FfT1zsFNBFzUck0BEADgwnBJ
BHWBnKwHhEJLYei4PMImRJSjoiYZi1EmiCT3u9+qEW/IOy+VJPyf2OyLM9RoLzMr
CRmYi41eFZryWsenpzHQVP28KbMHP+mdJOTyvX9Lt8Ohxa/m+ZG0vjhXLDBsRFmh
EFDV14As8NcI1GivnpyNxTFDDWbmxDMw7zTSkjH8dqeB/Z/HTXWu0pdOrhXb85iZ
MsOZDUzmbKwBQTAOX7zPtmi4zheP49VXHGn3fNgvUb6QuzSQNtAKS7C2qPlIMug/
vYyXRNM4dnC9aGYdjwXuEyNYLN131lqG6q98xxPRsbdnzDqTgPCZqk2dZq033Ad2
zhNbhynycxXDpxQsRn4PQfKBgpr+IdNEP4UevaOueaVLSwtvcvXcqMYtrzSYIcNu
0tnbDDZRxhgKM+3TkpZc107qowq6+SSPzWbg6hUY7vxKzDAgvYhn5Oin59sARfo0
KkSAM1H8/ozYxdNGySqIQFewcjjLDpQnI2x/ZAU8nk0hltEzj+KmkJdJJI3becen
tmrdODySLO0fidrCmzhiuk8HLodDQ9apY+54fWwDDUws33yE4DtX5Y2/1nUvwDNp
il6dRknAVGdc3OvIe+WAnsGR9SMSy4HruP/Yf+OZSCFtOSloe4MtP+qdyfx0vDg/
mLffZxE8r+zSeB5IAp0BSbwUhdbeWGd+UpWCCwARAQABwsOyBBgBCAAmAhsCFiEE
MXbvfbI2fx/KTzBrH5sOkJrzcoUFAmWYIgoFCQyGFr0CQMF0IAQZAQgAHRYhBMuN
5wqQz79sO/XMVpYmKs/7067GBQJc1HJNAAoJEJYmKs/7067G2s8QAIP/MH/Xzbuh
z7uO+6FFNS7kk00zQImC1Y0yYyeyy2UWsSD4HUdE05CoJCMSwHXpTNzDs/aackTs
KivEINYPvTwbEGPMPqv9MVD78T46iwSuA+Qg32CDLAjubby8Q55DXYS/q40CZaLz
g7OQT8IH03ewxzrtpdLrnXnYN1ktwBFokv5ZsxB5BhEJfbEHEqdoNk2STQv5p/Ik
rc5C/hefHSKXV4cJRYoPkrdnr0ZHyevB5iGuR9zMxmkLD+NyIqqVqxjWQNjLoEdY
+xKnezHiIZvGb6nH55DosZY5/IHgLUJsLFcYNfLFSVdAzF0py+A5nY0PJarlZptO
i22tSsSXX5EKWHLTZUUcs1uBrmydVFMsT3ZC+8pHxLyKGn+f+89jdUCzidQ+545O
YnNTzxTjGytG9Y/KEVDYUWAm9OSSLJjDpt4RDVF6yte8cHJfdC9Ypazet2Z2GMtG
a6g6dv7NhDF+JCEhnMraPaLHbWnABP47AJZ1cRvYfE2lyHBzfKWyWJ56BWH9Sf7p
6DwehqIAo0erPAcnBDcbrfrHaSnFLvW9UpIGAGvBMXZqAoZNNsXqq7OMHRt9rWZX
OGkeGAINnwlQIT3ffKMounUS9xzLM0kZdf7BS7K5+5gcjJPh1b1yvBYApioBAXbn
aTmqvdwr03FLnoGi5/0671t0iUGSqbF4CRAfmw6QmvNyhZ1ND/42zg+uIvWKjbpy
lkq7sIymXCQmfnEjKhX60UkduuCZntyx2jVCAsfIjQsID+8jDbZcKtPT2K3xqdBi
RvP/ckdACcy2wk5kjyPqP+IhOiY1VxlkvffhjEPQ0H5oUkRmK8hr04K8VTmBAKAh
vOKjU8/oO3Y+jMpHre//qG/SSndJWWSdYtFOQrcLBu1iE+Z+Ss30clXPLP7oltSZ
M+TbwBqeezO6Y9IDt8gx4gqamCRN4OyjM3q2VyoEPNGSzSRCUczOEaTm6kJ+BZ/t
qKpMX5yVVIzJOJctb7fGM34BAefiAdEHxu4ChZo9X4nm9kXzFTpUvrLd97B8BGRg
uZk3LlKnfRq1oG7ks9U8/rU8xvSCySEAP+1gQLWhO4JJft5ZJgQD8YaNSQA1dtHL
VYvxi4O5yQrlT0Ue6mRve1kW1+7D9mnPmt/5HOMEA+sC0IORQJAPlaDYX8p9U+tH
EoInW9r7bULqeDCZAqCEOIhyMxSmz2+d+LEE6FNTaGD7Chicqc46SD7RMPvMk87S
BX2zf1bkH/Z90N8imuerp2Tm0ldyohVS2fGWpRqbVwwEqSCpJdDEvC8xQ6MUEfoz
FeYnBbc5UFk34ZhcWxWcO0Jwc2psQYSJAwiH6GEFutK1z4+JEJq52SJnXWW3HXWe
MR1XtVtsbF6m6zeZNC7FXFTUYV1LeMLDsgQYAQgAJgIbAhYhBDF2732yNn8fyk8w
ax+bDpCa83KFBQJjxyuUBQkI0+zDAkDBdCAEGQEIAB0WIQTLjecKkM+/bDv1zFaW
JirP+9OuxgUCXNRyTQAKCRCWJirP+9OuxtrPEACD/zB/1827oc+7jvuhRTUu5JNN
M0CJgtWNMmMnsstlFrEg+B1HRNOQqCQjEsB16Uzcw7P2mnJE7CorxCDWD708GxBj
zD6r/TFQ+/E+OosErgPkIN9ggywI7m28vEOeQ12Ev6uNAmWi84OzkE/CB9N3sMc6
7aXS65152DdZLcARaJL+WbMQeQYRCX2xBxKnaDZNkk0L+afyJK3OQv4Xnx0il1eH
CUWKD5K3Z69GR8nrweYhrkfczMZpCw/jciKqlasY1kDYy6BHWPsSp3sx4iGbxm+p
x+eQ6LGWOfyB4C1CbCxXGDXyxUlXQMxdKcvgOZ2NDyWq5WabTottrUrEl1+RClhy
02VFHLNbga5snVRTLE92QvvKR8S8ihp/n/vPY3VAs4nUPueOTmJzU88U4xsrRvWP
yhFQ2FFgJvTkkiyYw6beEQ1ResrXvHByX3QvWKWs3rdmdhjLRmuoOnb+zYQxfiQh
IZzK2j2ix21pwAT+OwCWdXEb2HxNpchwc3ylslieegVh/Un+6eg8HoaiAKNHqzwH
JwQ3G636x2kpxS71vVKSBgBrwTF2agKGTTbF6quzjB0bfa1mVzhpHhgCDZ8JUCE9
33yjKLp1EvccyzNJGXX+wUuyufuYHIyT4dW9crwWAKYqAQF252k5qr3cK9NxS56B
ouf9Ou9bdIlBkqmxeAkQH5sOkJrzcoWCNg/+M45NZDXoiYrEBtAYuhK2uVTeSwMS
+ATc63UEeQf6MtlYizt/84D1Iz2PxpipwdP5QKCICKoOhTVrER/YB5+lCL7m3kqW
WDja8dPdUguRYhvLouV1hnNFw8oN2KzZhfvxaVEKlw3qmhlNwDHnPoyy+PQzdR1y
COyEGCq1pral/Ckan6mZSHe2XPgqqn7BOuihSzK24EsT+m9IThyC3zePVO7RtTBB
Cl9oWt+oZZt71EZtJE2ovE+orJpyRK6Ya/OY6NdSvONvbn9EBtZnMLXFVBPT8Tsd
tBI212LxoT03GCwRV8f2Jce7E46QokyoeSuYWjKsVKFiyMPw6YcJ6zdawRUWC27p
5xQ+8BysOfdJMLlDvUaSh7uyVtPy8EQmgQ0BEKjVsqXzPOAiI2K4pDirsP9ygJME
RvDjlAVUlX5igOpZRumJtscLg7H2F4ejWqSOdceMSxM3JSn1U3avhopVetZ2ZvZ5
z4sXQu3xJlJygtyv84/htedwdyiSpOHjfTgDubIleRJmqJWOyx2SS2zgo8qQwCjZ
bHfRmNoENOjihGbaIretcUjotLgKVQEbXQmXA+j3wOST3LNDEK8gwgYBL89MKbWi
zHLuRlYOmIlvjAYGrQFmILLbeT/tOR6qQL/nXPtTiYZkBF9Aj3nDDAfEtRGAnMmy
6HwbuCRNwcvTWSTCw7IEGAEIACYCGwIWIQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUC
YdIzLgUJBv/p4QJAwXQgBBkBCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAlzU
ck0ACgkQliYqz/vTrsbazxAAg/8wf9fNu6HPu477oUU1LuSTTTNAiYLVjTJjJ7LL
ZRaxIPgdR0TTkKgkIxLAdelM3MOz9ppyROwqK8Qg1g+9PBsQY8w+q/0xUPvxPjqL
BK4D5CDfYIMsCO5tvLxDnkNdhL+rjQJlovODs5BPwgfTd7DHOu2l0uudedg3WS3A
EWiS/lmzEHkGEQl9sQcSp2g2TZJNC/mn8iStzkL+F58dIpdXhwlFig+St2evRkfJ
68HmIa5H3MzGaQsP43IiqpWrGNZA2MugR1j7Eqd7MeIhm8ZvqcfnkOixljn8geAt
QmwsVxg18sVJV0DMXSnL4DmdjQ8lquVmm06Lba1KxJdfkQpYctNlRRyzW4GubJ1U
UyxPdkL7ykfEvIoaf5/7z2N1QLOJ1D7njk5ic1PPFOMbK0b1j8oRUNhRYCb05JIs
mMOm3hENUXrK17xwcl90L1ilrN63ZnYYy0ZrqDp2/s2EMX4kISGcyto9osdtacAE
/jsAlnVxG9h8TaXIcHN8pbJYnnoFYf1J/unoPB6GogCjR6s8BycENxut+sdpKcUu
9b1SkgYAa8ExdmoChk02xeqrs4wdG32tZlc4aR4YAg2fCVAhPd98oyi6dRL3HMsz
SRl1/sFLsrn7mByMk+HVvXK8FgCmKgEBdudpOaq93CvTcUuegaLn/TrvW3SJQZKp
sXgJEB+bDpCa83KFsXUP/2EnRVBTcGNoFUlMpix9my9IMvGCoYcV3PlPPIucZqmy
FH1ky+jKNRlTKW6lim+dsrHrKnFkQ/swv6dZnjkph0tKxqpcc3yYIieUPoy9ypdd
xy5Q199yBBceGU/+UTYMWqVgOOELXeblTICoV+GTveQ9DkxpRf2U9kJ8Vhb5hUA4
mUC2Wez99ucljwQl72ayP7RoDIQ12GrrX5fFQi+1mnwqJPu8y2AUeCSC7DzzyfgZ
C9hJD8O8KeH03XCefoSfxAO4HH9Er1UN9TSFSzsIftK/G4cW8Xoqh7S/5tLaRk7/
dCGctmEM06SbacwiZFgYP7xAkYgg55tGX8ULxVQI4KpjXP3RLaw5a3RUUm9Sg7+b
QgU1jB0qxq2LuXpPMWmapiX6uWx8PJrWJ21XNnHmcszwStyTWCYMaH1Zcdqy5bWe
9oklIKVBus8k2Iu0Rk34hmPgaB3TG/wyOraUnNZewccxFc9mls5o1v48lrm4ZERW
9djwUIj/eCU5Z3fbubdk32R5E9NvMlcxcE+5SHKFJd0H2cVZPnhI5G90P/eQFAkm
GhpGtpSQ9AmH9rP+K/GB1Jj4GM2u3IDwMgdsJhTGUfJh1UW6phBx6x5WMN/nrylF
v7U7spggFfStlK3AmKy6zR3xlugmmmKc65XCTl/KG7wunG5VutE9BCxlviVKeE5e
wsOyBBgBCAAmFiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAlzUck0CGwIFCQHhM4AC
QAkQH5sOkJrzcoXBdCAEGQEIAB0WIQTLjecKkM+/bDv1zFaWJirP+9OuxgUCXNRy
TQAKCRCWJirP+9OuxtrPEACD/zB/1827oc+7jvuhRTUu5JNNM0CJgtWNMmMnsstl
FrEg+B1HRNOQqCQjEsB16Uzcw7P2mnJE7CorxCDWD708GxBjzD6r/TFQ+/E+OosE
rgPkIN9ggywI7m28vEOeQ12Ev6uNAmWi84OzkE/CB9N3sMc67aXS65152DdZLcAR
aJL+WbMQeQYRCX2xBxKnaDZNkk0L+afyJK3OQv4Xnx0il1eHCUWKD5K3Z69GR8nr
weYhrkfczMZpCw/jciKqlasY1kDYy6BHWPsSp3sx4iGbxm+px+eQ6LGWOfyB4C1C
bCxXGDXyxUlXQMxdKcvgOZ2NDyWq5WabTottrUrEl1+RClhy02VFHLNbga5snVRT
LE92QvvKR8S8ihp/n/vPY3VAs4nUPueOTmJzU88U4xsrRvWPyhFQ2FFgJvTkkiyY
w6beEQ1ResrXvHByX3QvWKWs3rdmdhjLRmuoOnb+zYQxfiQhIZzK2j2ix21pwAT+
OwCWdXEb2HxNpchwc3ylslieegVh/Un+6eg8HoaiAKNHqzwHJwQ3G636x2kpxS71
vVKSBgBrwTF2agKGTTbF6quzjB0bfa1mVzhpHhgCDZ8JUCE933yjKLp1EvccyzNJ
GXX+wUuyufuYHIyT4dW9crwWAKYqAQF252k5qr3cK9NxS56Bouf9Ou9bdIlBkqmx
eKcnD/4+1HUg5cKrfSTXZNsuOU7AnlybWpU7Jl8YdxfeuCCe+I5W3jTYqljpCRGW
BAHtE3udB37JXKSn8yH70JzXQDWL9+G1wqk5iwkvtmKqAapzJFuZ9lYNlNGYDxI9
foTq99f+OheFnT3nUm8IA9N0MwjGCIJ5501HM+NO8WylVoy0Y+erxbyQGC2Ey7Yj
VZSuCTZo3BuYiSCP8Bmd9qHxCJmBGQgbtA/2QBcLZ8o/z9w0U39Iwsei8oacZncV
TIFnBDsU3E25M1eyQ8VdcAqLL7v3UFOi+20zBBs+g8jBBdzXUVhp+RAsXldo8i/q
tdD4/90UXT7FBXmImGtzOVmza23v7Dyq7P/ZueEAqhr7vtW97UQ7+YkXDa4rHi4H
rGJClrdxixEyCTPrD++SvwxAud3hAUKZF9hOb0fD9A7cn63EERVgaJGAi7p9Oqqb
qni8JOssQF6TeCUFP+X3nR4+iy8EX4scfN6LUB6/mnhoRVZ3GNEzPAZi9PGe8RqW
JqUMtrBVUPVxcwAgfijPmmMIXIUyZk5ysTQeT3eJVd3R3yxORfaHSD5kuHnXWwsp
/yYltsLI/hBtVa8N7XZdzZ9JDT8fIWj5515DsfunTtksrObpRdiq4lxAoYqiboI+
L1BCHwvaTy9ghXhhpgnym0DJk2bmucRair96apTzdYoszd7iLM7BTQRc1HBNARAA
6EzAcDoXEON3EsOc9hln8dEIHeP4Wfmz5z+qIrcnngbjJg/3XzvUWMN4XukOyZxB
GALPSToZ5k7MU6SkJMaDpow+Q6IGj3fU6pyTOGUAKctILNHlvZsgtNpQad/i3jUP
r60IUrZ18kF1DTJh8HeVrySD1ru+2eVoz1Q7ROv6j01g5bKxQBrl/FL2NIXYLOB5
nqT1ZrRuP3S7w31x+waswHsXpNU8bhN/sZsK+AzBoF9JArviFdVZ3TCNNbRUYinF
F8Bi50nIH/Z1rms6wxaHmER7p1KHARDW0keeO4EgkjVRlLJW0WoyPw3Kx+0Pv5Wt
3o3cWnm6ZTNzq1WJqD67qzxDxPEJcxpLChW0FXUcduoqILPB3hc3Ad+/+HRWuAzR
JethWYfBSQtQ106UApZFnsTFpMzHSg1orCOvcWFXtbm61/qRD2Ux9LyBXR0kzWdm
nRmSCL+iO4h5yoFBcnBOnVhCjVCYkczSwpO7qk46VPGLNpPgCTR61B/1IuKeW0x5
gR0KgVq9aRZcgg/hgz3h+4PkSRzTdvaKIIwpU41Kvh0poA8US1Xe4UihL9XAblBD
yYSFlkf3KY55Sub5i+WMVJ+nVMOn10aJg0oLHnZmPvAKGqzDNURUVOoYRmqxi3K6
4NAzQmFfpMZPvnOayqImEEaXqeKAat1pEKda9a/SfR0AEQEAAcLBfAQYAQgAJgIb
DBYhBDF2732yNn8fyk8wax+bDpCa83KFBQJlmCIKBQkMhhi9AAoJEB+bDpCa83KF
43IP/24REKNHAnMFoXt46XrhGq3buZguAkpT14D7jGK3lkQBM8CVO4htuqnR51hA
ujal4w6AAANaZJi6M5NQrv57T+EejsyOvZHBtOco60qsbu2Ph6apJDiVrQsaQngn
VGhEc8tDD5UM5LtceSJ1fBThEnPPbSdkZdV8IeZu807OipuFQLfpKHp040VzJQ0u
TfRysAGHq8ZWopEv0ozYDcIfdFT2t4tviSEqBNSUNa3SD2K1TlXquKHZ3ISQCkO3
Q44/eSzLBMKok0FKdViilWfUiWQQZsIoR94A0m14NCm7c/lGQK7yl++Ric52KT4V
uZ+Y0K197ruWaBPS7N18xHNH0/P7bhOSGu7PGW3fSbXif7xAfB9moICR50GLIbe9
/iC466eu2fpGB55dkd8oGDL/GGyCD9EmkNSSgZ4YNKt2fR6VFtJdzntZrK2ichrY
uyGXQ9UiJNtAUM60eF4CmJX99nfStc2VZXXNSy6D/fNkWbMgJz7uINL0jFICihXo
kwAiaO+y364WOSzk/NQPZcIZ/fnPZPKnWIReQfMdPAHr4pVS7fYv5AMFonR3fUSe
jroXeIyZB6Dgt/v13sOBQ61GFt0n75sX2wSlc8NvkXLG3xpwqPZ7Js8Tadc7HK3R
7ksCpRwz+rJHn6sEvVZSx6+S5EzTw7TNWqDeczsmR+YPYRvewsF8BBgBCAAmAhsM
FiEEMXbvfbI2fx/KTzBrH5sOkJrzcoUFAmPHK5AFCQjT7sMACgkQH5sOkJrzcoUX
Xg/9Hz4S2vwSa15mrrW3syDWt0aZ10loLNi3kL9ZJ4Q95Mj64JKR7qAkzfQ3Q7mw
ini/2tdDeMg8kg4yQ+eOCAYhySE3eiE0ThaFlUYXnCSNVSgOyT6YtAs6Fjx3rNxS
9+J5E3zbyBwO8TpWvkT2jr7lKU5XZp0L1RQuKN0DB3i1tg0cgJLbdFkLr72lQoDY
QTVMaiv3Iu/mdgAk4mCSnR9URFNxCbLYWUBLhH1KtCACbDhXXSfVnGUVc0b/jVTn
HsHm+D2c0tn9krZ9ONZ9J22aIZQQg80xxSz66kW0bWnzhdAge/3T0joeegZLyROE
TrBFbLW+Rcit0SX6G+mCg1J3FALIsEtB9nG9a5Tum+bML021wiTH+MVLH0GP1ckt
DZH/zNuR6CtxLsrw2vgLsRd1QGiB9LN96sKYBQHF4Ys79V54ASBVBTK77vxcW4dI
d2ZPxi0LU57jL3mJf6SQBVA1s0/HNaNc7rtueilYqcIkU6wpYtbtV5+G7MHv3RwX
mRdA1kYbc3EM/YfjEjK2bGCKRrK4cpjr8BIfxP/H6mioTtLZqVb5O3ui7kA11GS4
fWXurGLMWOVPmcVAUm/lZ86I5rX9p9V45Z1ViOkGIKGfq5QqZvxdDRpv+hftpOrW
eICB/FZB9FhkS3WS2EKHaqcWk5lKtpRgPcsVD4Zk1Tlmi6DCwXsEGAEIACYCGwwW
IQQxdu99sjZ/H8pPMGsfmw6QmvNyhQUCYdIzCwUJBv/rvgAKCRAfmw6QmvNyhXK5
D/jBMCAdoJVW9ai4tKgNac3sxFjrtnLPo6lEzB4AXnltkC1VwULeDL+O3IueYCt7
kyRr9vvogG/y/e8kpVIGvH8TcZd71EvUkM7Df9X88I5bPrA78MpWAEQGE1RxsFLQ
VppzAOeiXVTXy/nwS/8LKP28W5FNFH0M9qYmvTjeS0YYwxr7DJU526B0JGiis4kX
l81tYnd2H46cx1qjSMmWMV0dPWMbUG5gs3HtU4u5DpBgn7a+klihpmtxebWNV2vO
3TCqYJps+WbvDPHpUsHFpW+wYvE0VosB9jYKzhOS94aGz4Yl7fTZq/tF4atBReoe
ESJi6RJWpvNmdSQPYrJu3BAGWnYTuniW9xhHhSYnCSrH3WfZSermU6XiAmKtZB5X
w4HyjuJgKjUDjzVDOvpTQVcnpkBXkOdw0dIZDk61cq81p/R6bmxEGsIkMHNpxRfA
1PNwjypgioLF2Cyq5kB3IVc8KdpW4O3XaVSiMfvXlkvpQJmCPtxup8IqUmgL+ILT
qLJaHOhpbb6bsikTDekUC9DIV58xQ5HuHI0qaTrDyZsG8CK6f+OwxKbXJh5QDFar
M5YrOIHaOaBSICQtCgCBH/Jp388LOm8rTDqSHAQxp9ZjQafyLBaGHlHR2rvnztfV
1LHS+9Pvven6J3Fj4r5hztJXuKUrOZ/BsLw8c7DnOI0UwsF8BBgBCAAmFiEEMXbv
fbI2fx/KTzBrH5sOkJrzcoUFAlzUcE0CGwwFCQHhM4AACgkQH5sOkJrzcoUMYw/+
P8uPNx1N+IdYdzoTsRQzeo9Z/yhtIvsW3iXvvHS9QZ/YbelByeBMjVIgxNMsAqRe
F3qo+oJU+YzqQcrojPAVycxEWgzKgf9tWdmRSzQ3JTcM+Dc5RzUi6e9yDbucd1k8
sVG/x7L+pLI2IgQm7eHPIEhQ7RkN061TCSqfOeuuL4ilOgPuBahgzQIL8B6uj85o
LbRzp1TWzjPCYCOp/NvQ2qK/cIOuu8XSneDp+fsEDIfGdhtLtldLyc9ARjSqn7IL
QJHeNx5cLC/0LU+FCJJ+qI8FMvsKCU7PTZZIDFjsYieHdWK0zauu4pxpyktV+OJm
YUfhJQLKz/tzVKf6klN+Ko7/axXi+63F+7dDTENiZx/sMr0E3ttnTWbezNNf/7kh
5/SSlj57lmt9xEdQ4DMD91d5bywSt/5i8JT0fKL97mJa9uFoyD0fAwDftwR+EGZX
AYE5Lqe4UeftMWhmsI2cVYSl9Qlj75NOGE1pUqXPmfc9cREUImV9m1d/T3twklEm
eIGgDaN19CpIkCBcCttk/FFbSiEh+CP6We+o3AHbu2t2coqnELqTo/WTRBnUw/e0
NFrP+TRatWLhLGmzvz9HMDsj2cBHWi9VTHxPDYj2u7rhLLLJi5oDYzmdCziQzMDc
/eh4U7233VvL9387WWP0e0ZgSfnEvNvjQ7JN94NLJOk=
=2AOW
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,7 +1,8 @@
#
# spec file for package expat
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,9 +17,10 @@
#
%global unversion 2_5_0
%global unversion 2_6_4
%define sover 1
Name: expat
Version: 2.5.0
Version: 2.6.4
Release: 0
Summary: XML Parser Toolkit
License: MIT
@ -29,14 +31,9 @@ Source1: https://github.com/libexpat/libexpat/releases/download/R_%{unver
Source2: baselibs.conf
Source3: %{name}faq.html
# https://www.gentoo.org/inside-gentoo/developers/index.html#sping
# https://keys.gentoo.org/pks/lookup?op=get&search=0x1F9B0E909AF37285#/%{name}.keyring
Source4: %{name}.keyring
# PATCH FIX-UPSTREAM: bsc#1221289 (CVE-2024-28757)
# https://github.com/libexpat/libexpat/pull/842
Patch0: expat-CVE-2024-28757.patch
Patch1: expat-fix-minicheck.patch
BuildRequires: gcc-c++
BuildRequires: libtool
# https://github.com/libexpat/libexpat/issues/537#issuecomment-1003796884
Source4: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3176ef7db2367f1fca4f306b1f9b0e909af37285#/expat.keyring
BuildRequires: c++_compiler
BuildRequires: pkgconfig
%description
@ -44,11 +41,11 @@ Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).
%package -n libexpat1
%package -n libexpat%{sover}
Summary: XML Parser Toolkit
Group: System/Libraries
%description -n libexpat1
%description -n libexpat%{sover}
Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).
@ -57,7 +54,7 @@ parser might find in the XML document (like start tags).
Summary: Development files for expat, an XML parser toolkit
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libexpat1 = %{version}
Requires: libexpat%{sover} = %{version}
%description -n libexpat-devel
Expat is an XML parser library written in C. It is a stream-oriented
@ -69,17 +66,17 @@ in libexpat.
%prep
%autosetup -p1
cp %{SOURCE3} .
rm -f examples/*.dsp
%build
%configure \
--disable-silent-rules \
--docdir="%{_docdir}/%{name}" \
--disable-static
--disable-static \
--without-docbook
%if 0%{?do_profiling}
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}"
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}"
%make_build CFLAGS="%{optflags} %{cflags_profile_generate}" LDFLAGS="%{optflags} %{cflags_profile_generate}" check
%make_build clean
%make_build CFLAGS="%{optflags} %{cflags_profile_feedback}"
@ -87,30 +84,31 @@ rm -f examples/*.dsp
%make_build CFLAGS="%{optflags}"
%endif
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# Fix permissions error: spurious-executable-perm
chmod 0644 examples/elements.c
%check
%make_build check
%post -n libexpat1 -p /sbin/ldconfig
%postun -n libexpat1 -p /sbin/ldconfig
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%ldconfig_scriptlets -n libexpat%{sover}
%files
%license COPYING
%doc AUTHORS README.md expatfaq.html
%doc doc/reference.html doc/style.css
%doc examples/elements.c examples/outline.c examples/Makefile.am examples/Makefile.in
%doc doc/reference.html doc/*.css
%doc examples/*.c examples/Makefile.am examples/Makefile.in
%doc changelog
%{_bindir}/xmlwf
%{_mandir}/man1/xmlwf.1%{?ext_man}
%files -n libexpat1
%{_libdir}/libexpat.so.*
%license COPYING
%{_libdir}/libexpat.so.%{sover}
%{_libdir}/libexpat.so.%{sover}.*
%files -n libexpat-devel
%license COPYING
%{_includedir}/*
%{_libdir}/libexpat.so
%{_libdir}/pkgconfig/expat.pc