SLFO-pool/usbguard
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main usbguard revision 02ba009184886858c17c2d423e422769

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-06 14:18:13 +02:00
commit 9ab225bc2a
9 changed files with 1182 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
usbguard-1.1.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

15
usbguard-1.1.3.tar.gz.sum.asc Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
707dad2938923202697f636c2b4e0be80f192242039a2af3fc7ac35d03f78551 usbguard-1.1.3.tar.gz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE42iwrWP0zIT/S4Xa9XeK14XjWB8FAmZhyycACgkQ9XeK14Xj
WB+5uQf/aJcNck4JNAWtoIwbxYvZO+eQdir+73SF611d7ixkc9woPnsnPzKXgmsl
JZi0+bzcoJl96Eu/C7hANaRFgamJhlxiV8VgtPiaMi9OIa+4SbqHoHaIjFKovM0G
5QmJGAuZ92nalgy0nSg0dHCK3skEfGzVdr6yxtC494Di8otiCvqrZh8iPFAQLLpW
n0qtM1drOo25S8jb232sVRc1kMfI7D88gtK/kFkSWALwJBB1W/YwqYVao0z2pifR
g9WyqWHJHOE/v2+myQcuW4drYJC9G2/N12AH8duPmnUPaLljk2S9K3131UYoP9wi
Xg8AhQlYXdVvvWI//TyXafgv8p97GQ==
=LYjm
-----END PGP SIGNATURE-----

173
usbguard-daemon.conf Normal file
View File

@ -0,0 +1,173 @@
#
# Rule set file path.
#
# The USBGuard daemon will use this file to load the policy
# rule set from it and to write new rules received via the
# IPC interface.
#
# RuleFile=/path/to/rules.conf
#
RuleFile=/etc/usbguard/rules.conf
#
# Implicit policy target.
#
# How to treat devices that don't match any rule in the
# policy. One of:
#
# * allow - authorize the device
# * block - block the device
# * reject - remove the device
#
ImplicitPolicyTarget=block
#
# Present device policy.
#
# How to treat devices that are already connected when the
# daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentDevicePolicy=apply-policy
#
# Present controller policy.
#
# How to treat USB controllers that are already connected
# when the daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentControllerPolicy=keep
#
# Inserted device policy.
#
# How to treat USB devices that are already connected
# *after* the daemon starts. One of:
#
# * block - deauthorize every present device
# * reject - remove every present device
# * apply-policy - evaluate the ruleset for every present
# device
#
InsertedDevicePolicy=apply-policy
#
# Restore controller device state.
#
# The USBGuard daemon modifies some attributes of controller
# devices like the default authorization state of new child device
# instances. Using this setting, you can controll whether the
# daemon will try to restore the attribute values to the state
# before modificaton on shutdown.
#
# SECURITY CONSIDERATIONS: If set to true, the USB authorization
# policy could be bypassed by performing some sort of attack on the
# daemon (via a local exploit or via a USB device) to make it shutdown
# and restore to the operating-system default state (known to be permissive).
#
RestoreControllerDeviceState=false
#
# Device manager backend
#
# Which device manager backend implementation to use. One of:
#
# * uevent - Netlink based implementation which uses sysfs to scan for present
# devices and an uevent netlink socket for receiving USB device
# related events.
# * umockdev - umockdev based device manager capable of simulating devices based
# on umockdev-record files. Useful for testing.
#
DeviceManagerBackend=uevent
#!!! WARNING: It's good practice to set at least one of the !!!
#!!! two options bellow. If none of them are set, !!!
#!!! the daemon will accept IPC connections from !!!
#!!! anyone, thus allowing anyone to modify the !!!
#!!! rule set and (de)authorize USB devices. !!!
#
# Users allowed to use the IPC interface.
#
# A space delimited list of usernames that the daemon will
# accept IPC connections from.
#
# IPCAllowedUsers=username1 username2 ...
#
IPCAllowedUsers=root
#
# Groups allowed to use the IPC interface.
#
# A space delimited list of groupnames that the daemon will
# accept IPC connections from.
#
# IPCAllowedGroups=groupname1 groupname2 ...
#
IPCAllowedGroups=
#
# IPC access control definition files path.
#
# The files at this location will be interpreted by the daemon
# as access control definition files. The (base)name of a file
# should be in the form:
#
# [user][:<group>]
#
# and should contain lines in the form:
#
# <section>=[privilege] ...
#
# This way each file defines who is able to connect to the IPC
# bus and what privileges he has.
#
IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/
#
# Generate device specific rules including the "via-port"
# attribute.
#
# This option modifies the behavior of the allowDevice
# action. When instructed to generate a permanent rule,
# the action can generate a port specific rule. Because
# some systems have unstable port numbering, the generated
# rule might not match the device after rebooting the system.
#
# If set to false, the generated rule will still contain
# the "parent-hash" attribute which also defines an association
# to the parent device. See usbguard-rules.conf(5) for more
# details.
#
DeviceRulesWithPort=false
#
# USBGuard Audit events log backend
#
# One of:
#
# * FileAudit - Log audit events into a file specified by
# AuditFilePath setting (see below)
# * LinuxAudit - Log audit events using the Linux Audit
# subsystem (using audit_log_user_message)
#
AuditBackend=FileAudit
#
# USBGuard audit events log file path.
#
AuditFilePath=/var/log/usbguard/usbguard-audit.log

13
usbguard-pthread.patch Normal file
View File

@ -0,0 +1,13 @@
Index: usbguard-0.7.4/Makefile.am
===================================================================
--- usbguard-0.7.4.orig/Makefile.am
+++ usbguard-0.7.4/Makefile.am
@@ -357,6 +357,7 @@ usbguard_daemon_CPPFLAGS=\
@audit_CFLAGS@
usbguard_daemon_LDADD=\
+ -lpthread \
$(top_builddir)/libusbguard.la \
@ldap_LIBS@ \
@seccomp_LIBS@ \

2
usbguard-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
# usbguard ships zero length rules.conf by default
addFilter("zero-length /etc/usbguard/rules.conf")

355
usbguard.changes Normal file
View File

@ -0,0 +1,355 @@
-------------------------------------------------------------------
Thu Jun 6 18:02:42 UTC 2024 - Robert Frohl <rfrohl@suse.com>
- update to 1.1.3
* Fix typo in CLI --help message: "privilges" -> "privileges"
* Harden service file: Set OOMScoreAdjust to -1000
* Specify what happens when neither RuleFile nor RuleFolder is set
* The parent process should wait for the first child process to finish in forking mode(-f)
* dbus: check whether the client wanted interactive authentication
* Add missing .adoc files to the tarball
* Replace problematic terms with alternatives
* Fix CI by fixing calls to ldap-utils
* Describe comments in the manual page
* Store permanent rules even if RuleFile is not set but RuleFolder is.
* Fix build for GCC 13 + make GitHub Actions cover build with GCC 13
* Bump GitHub Actions off deprecated actions/checkout@v2
* Actions(deps): Bump actions/checkout from 3.5.2 to 4.1.1
* Add "--version" option to the usbguard CLI
* ruleset: detect integer overflow of the ID and bail out
* Enable RuleFolder by default
* Fix CI and RuleSet::assignID regressions
- Removed build_gcc13.patch, included upstream
-------------------------------------------------------------------
Tue Feb 20 15:58:57 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
-------------------------------------------------------------------
Tue Mar 28 08:25:34 UTC 2023 - Robert Frohl <rfrohl@suse.com>
- Fix build failure with gcc13, add build_gcc13.patch.
-------------------------------------------------------------------
Mon Sep 5 08:55:51 UTC 2022 - Robert Frohl <rfrohl@suse.com>
- update to 1.1.2
* Fixed
- Polkit: Always allow getParameter/listDevices/listRules in active sessions
- D-Bus: Send reply on auth failure
- Polkit: Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed
-------------------------------------------------------------------
Tue Apr 5 12:26:09 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- When running autoreconf, do it complete so that it does not trip
over different versions of libtool being used.
-------------------------------------------------------------------
Wed Mar 16 13:02:20 UTC 2022 - Robert Frohl <rfrohl@suse.com>
- update to 1.1.1
* Fixed/Changed
- Use authentication instead of authentification
- Restore support for access control filenames without a group
-------------------------------------------------------------------
Tue Mar 1 16:31:24 UTC 2022 - Robert Frohl <rfrohl@suse.com>
- Enable dbus support (bsc#1196621, jsc#PED-3824).
-------------------------------------------------------------------
Fri Feb 25 10:43:56 UTC 2022 - Robert Frohl <rfrohl@suse.com>
- Fix build for Leap and SLE by using newer gcc version
-------------------------------------------------------------------
Thu Feb 24 14:49:05 UTC 2022 - Robert Frohl <rfrohl@suse.com>
- update to 1.1.0
* Added
- Started building with C++17
- Tree-like list-devices output
- Added CAP_AUDIT_WRITE capability to service file
- Added support for lower OpenSSL versions prior to 1.1.0
- Added a new signal: DevicePolicyApplied
* Fixed/Changed
- Moved PIDFile from /var/run to /run
- Fixed linker isssues with disable-static
- Enhanced bash-completion script
- Make username/group checking consistent with useradd manual page definition (with addition of capital letters)
- Fixed multiple IPC related bugs
- Fixed race condition when accessing port/connect_type for USB devices
- Using bundled catch v2.13.8
- Using bundled PEGTL v3.2.5
- Fixed usbguard-rule-parser file opening
- CVE-2019-25058: Fix unauthorized access via D-Bus (boo#1196460)
- remove usbguard.service.in.patch applied upstream
-------------------------------------------------------------------
Thu Aug 5 15:26:54 UTC 2021 - Robert Frohl <rfrohl@suse.com>
- move usbguard.pid from /var/run to /run
added usbguard.service.in.patch
-------------------------------------------------------------------
Wed Jan 13 16:05:00 UTC 2021 - Robert Frohl <rfrohl@suse.com>
- update to 1.0.0
* Added openssl support
* Starting with libtool versioning
* Added interface for IPC permission query
* Introduced partial rule concept fo CLI
* Added WithConnectType for ldap rule
* Daemon does not apply the policy when "change" action event appears anymore
* IPCClientPrivate@disconnect is thread safe
* Enforced loading of files from .d/ direcory in alfabetical order
* Improved CLI behaviour to be consistent
* Clarified rule's label documentation
-------------------------------------------------------------------
Fri Oct 2 15:12:06 UTC 2020 - pgajdos@suse.com
- drop useless build dependency on aspell (aspell is going to be
removed from tumbleweed)
-------------------------------------------------------------------
Thu Jul 9 12:57:34 UTC 2020 - Robert Frohl <rfrohl@suse.com>
- disable system call filtering in systemd service file for Leap 15.X (boo#1173750)
* daemon wont start on Leap otherwise
-------------------------------------------------------------------
Tue Jun 16 11:40:03 UTC 2020 - Robert Frohl <rfrohl@suse.com>
- update to 0.7.8
+ Fixed segfaults with rules.d feature
- update to 0.7.7
+ Added readwritepath to service file
+ Added match-all keyword to rules language
+ Added rules.d feature: daemon can load multiple rule files from rules.d/
+ Included with-connect-type in dbus signal
+ Fixed sigwaitinfo handling
+ Fixed possible data corruption on stack with appendRule via dbus
+ Fixed ENOBUFS errno handling on netlink socket: daemon can survive and wait until socket is readable again
+ Dropped unused PIDFile from service file
+ Dropped deprecated dbus-glib dependency
-------------------------------------------------------------------
Thu Jan 30 18:26:34 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- update to 0.7.6
+ Added missing options in manpage usbguard-daemon(8)
+ Extended the functionality of allow/block/reject commands
The command can handle rule as a param and not only its ID e.g.
in case of allow, command will allow each device that matches
provided rule
+ Added debug info for malformed descriptors
+ Changed default backend to uevent
+ Fixed handling of add uevents during scanning
Now we are sure that the enumeration is completed before
processing any uevent we are trying to avoid a race where
the kernel is still enumerating the devices and send the
uevent while the parent is being authorised
+ Silenced 'bind' and 'unbind' uevents
- Remove PEGTL build dependency, the package already uses the
bundled version, and there is hardly any reason to unbundle
a template (header only) library.
- Remove Qt5 build dependencies, Qt applet is a separate package.
- Use pkgconfig(udev) instead of udev-devel to allow shortcut
via udev-mini.
-------------------------------------------------------------------
Mon Jul 22 09:54:57 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- update to 0.7.5
- Added daemon configuration option HidePII
- Added check to avoid conflict between ASAN and TSAN
- Added daemon configuration option for authorized_default
- Added devpath option to generate-policy
- Added # line comments to the rule grammar
- Added ImplicitPolicyTarget to get/set parameter methods
- Added option to filter rules by label when listing
- Added the label attribute to rule
- Added PropertyParameterChanged signal
- Added support for portX/connect_type attribute
- Added temporary option to append-rule
- Added versioning to DBus service
- Added optional LDAP support
- Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered
- Fixed KeyValueParser to validate keys only when known names are set
- Fixed uninitialized variables found by coverity
- Fixes and cleanups based on LGTM.com report
- Hardened systemd service
- Rename ListRules parameter 'query' to 'label'
- Skip empty lines in usbguard-rule-parser
- The proof-of-concept Qt applet was removed. It is going to be maintained
in a simplified form as a separate project.
Removed: usbguard-applet-qt_desktop_menu_categories.patch
Modified: usbguard-pthread.patch
- Updated usbguard.keyring to add new gpg key for upstream: 5A2EC3932A983910
-------------------------------------------------------------------
Mon Jul 22 09:50:04 UTC 2019 - Marcus Meissner <meissner@suse.com>
- link against libpthread to make it build (bsc#1141377)
- added usbguard-pthread.patch
-------------------------------------------------------------------
Wed May 22 13:38:28 UTC 2019 - Christophe Giboudeaux <christophe@krop.fr>
- Run spec-cleaner
- Add the missing systemd build requirement.
-------------------------------------------------------------------
Tue Jan 15 16:28:33 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- use upstream usbguard.service instead of hardcoded version (bsc#1120969)
-------------------------------------------------------------------
Wed Nov 7 17:38:38 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Fix RPM groups. Avoid pointless shelling out to /bin/rm.
-------------------------------------------------------------------
Tue Oct 9 09:48:44 UTC 2018 - Robert Frohl <rfrohl@suse.com>
- changed zsh completion location
- added rpmlint for zero size rules.conf
-------------------------------------------------------------------
Tue Oct 9 08:05:02 UTC 2018 - Robert Frohl <rfrohl@suse.com>
- added signature verification of tarball
- add usbguard-0.7.4.tar.gz.sig
- add usbguard.keyring
-------------------------------------------------------------------
Mon Oct 8 14:19:55 UTC 2018 - Robert Frohl <rfrohl@suse.com>
- update to 0.7.4
- Changed
Fixed conditional manual page generation & installation
- update to 0.7.3
- Changed
usbguard-daemon will now exit with an error if it fails to open a logging file or audit event file.
Modified the present device enumeration algorithm to be more reliable. Enumeration timeouts won't cause usbguard-daemon process to exit anymore.
- Added
umockdev based device manager capable of simulating devices based on umockdev-record files.
- update to 0.7.2
- Changed
Fixed memory leaks in usbguard::Hash class.
Fixed file descriptor leaks in usbguard::SysFSDevice class.
Skip audit backend logging when no backend was set.
- Added
Added zsh completion & other scripts to the distribution tarball.
- update to 0.7.1
- Added
CLI: usbguard watch command now includes an -e <path> option to run an executable for every received event. Event data are passed to the executable via environment variables.
usbguard-daemon: added "-K" option which can disable logging to console.
Added zsh autocompletion support.
usbguard-daemon: added "-f" option which enabled double-fork daemonization procedure.
Added AuditBackend usbguard-daemon configuration option for selecting audit log backend.
Linux Audit support via new LinuxAudit backend.
Added missing RuleCondition.hpp header file to the public API headers.
- Changed
Qt Applet: disabled session management
usbguard-daemon console logging output is enabled by default now. Previously, the -k option had to be passed to enable the output.
Replaced --enable-maintainer-mode configure option with --enable-full-test-suite option. When the new option is not used during the configure phase, only a basic set of test is run during the make check phase.
usbguard-daemon now opens configuration in read-only mode
Fixed UEventDeviceManager to work with Linux Kernel >= 4.13
Refactored audit logging to support different audit log backends
Made the configuration parser strict. Unknown directives and wrong syntax will cause an error.
- Added usbguard-applet-qt package to allow easier user interaction
- Added usbguard-applet-qt_desktop_menu_categories.patch to fix category
- Updated usbguard-daemon.conf to upstream version
- Removed obsolte patch usbguard-fixes.patch
- Added rules.conf, fixing bsc#1071076
-------------------------------------------------------------------
Wed Sep 6 10:48:23 UTC 2017 - meissner@suse.com
- updated to 0.7.0
- Added
Added InsertedDevicePolicy configuration option to control the policy method for inserted devices.
Added RestoreControllerDeviceState configuration option.
Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations.
Implemented an uevent based device manager backend.
Added setParameter, getParameter IPC (incl. D-Bus) methods.
Added set-parameter, get-parameter CLI subcommands.
Qt Applet: Added Spanish (es_AR) translation.
Create empty rules.conf file at install time (make install).
Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings.
If bash completion support is detected at configure time, install the bash completion script during make install.
Added new configuration setting: IPCAccessControlFiles.
IPC access is now configurable down to a section and privilege level per user and/or group.
Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files.
Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not.
- Removed
Removed UDev based device manager backend and UDev related dependencies.
Removed UDev development files/API dependecy
- Changed
Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices.
Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs).
Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads.
Extended test suite with use case tests.
Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks.
Fixed several memory leaks.
Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase.
- Updated to 0.6.2
Wait for disconnect in IPCClient dtor if needed
Qt Applet: Fixed loading of decision method and default decision settings
- Updated to 0.6.1
- Changed
Refactored logging subsystem
Fixed handling of IPC disconnect in the IPCClient class
Qt Applet: Fixed handling of main window minimization and maximization
Fixed building on architectures that don't provide required atomic operations.
The libatomic emulation library will be used in such cases.
Fixed several typos in the documentation
- Added
Implemented a simple internal logger
Access to the logger via public API
Improved logging coverage. Logging output can be enabled either via
CLI options or by setting the USBGUARD_DEBUG environment variable to 1.
Qt Applet: UI translation support.
Qt Applet: Czech (cs_CZ) translation
- Removed
Removed spdlog dependency
- .... ommitted changes from 0.5* series ..
-------------------------------------------------------------------
Tue Mar 1 12:08:51 UTC 2016 - meissner@suse.com
- split off a library package libusbguard0
-------------------------------------------------------------------
Sun Jan 31 09:40:56 UTC 2016 - meissner@suse.com
- a daemon and framework and tools to guard against bad usb
devices.

401
usbguard.keyring Normal file
View File

@ -0,0 +1,401 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFl1/A8BEACeJdXstYB0gOj2LdvIL/wwusjCc/TwEs295Hqgq8qhN78Z4LXS
HHO2r3VAQWMQN/0hmNb5MacrSjWMfv1wgTfAnRuEiV1UvgM9p5wEYYUc/Oy31vxb
ZVUmyLyiFOwnL6pPP9rK3Z/LXP1gZmKAV0GmHL1c8Va1ZvTDJk9cIx565k0cDvnb
RAI6mWnD1EXiwfh6ygkruOZ406kQ4CEQvKVM6mTd0eFuzU9C0SQUI5SZiXsuKY4D
8eB9W/exKP2+02cbu8qjyginJhRTQUzNrVH0MUkV4r+s0LIGxCN/GTp6riI8svlR
oSKt+7ISGbm5Srxy/KBsebkVGWpm9eiyQMYExOqmhfAwAdvw4r7BkAL/CCuX7f4u
dHoJIqSCaXyY8lXEvDq8eLEm0Ty2ntfB1bWT+kfd2bEzQcKQXFporGh9VWyuAPs4
G1nNvZjM1VgkLRrDyLYrTdt+MizAnjqc5ZzBEqLVfYHU1pfgYPuAtSIqkCh0JnVH
J1JLxGjTx2AideeW1CKC6gCoIL55+/JrK7dKR5P/j5s+Kk8pOrOkQkkLvMf//PrF
lqBj1CYKrGsqccg0SeCwFIr3nCofji1W+vyZRbAxWz0c/Rev1eJc2k9rUOh61a64
mXfZnUuh2pGP5gB1hHkmlvY2+S/CUs7HB8bV5NPme7b5JMwcYrRIrHSDxQARAQAB
tCNEYW5pZWwgS29wZcSNZWsgPGRuazE2MThAZ21haWwuY29tPokBMwQQAQgAHRYh
BB/mNI7eqCWiKXDlxI3TBA8SPMP0BQJbcLU5AAoJEI3TBA8SPMP0TUsIALHp7c6W
MznqWzWyHQiKGJxYH2iaKwoBXUQzurscocR7fRZaJTdXcrAjw+YiKwdLVyQEqZIn
eCujPIQIt1hxVro1Jq32kYIvPlQWSz8yykQVL/TExIDyVueLU1A6JnNBQLvP2XDV
sM8BJc8rtoWC/1wc2Vps6f8QS0oE0G/ocZ1uV0Gj0XEH8zJ+0m/K0uw9YnX5XgTY
qeiFgz4nUqRxfxfRY494eQS0OzBp7j2iiQMnmw4YMgU+DiURvYuTHVpBHVMlnhHr
jU5JpIiTw6VnJgeLKC9+aWabmaxdOS3Gq5D+fVarZXMYBttWB5kncvfMIBSVUwZy
WKlSo3MyrrLo8OCJATMEEAEIAB0WIQRswFHTwdmkr54mDFjT45SsdE4uuwUCW3ha
DQAKCRDT45SsdE4uu8fUB/0VZxBevmc4jetXxFh2+9cmtXOYLuhUjQa2/OwRmEO6
INVYzgkcm/BCNCQ8aYUEcyof/LJHH6nsVMLHs83STjAlkHUVjmJfMz8mm2szIuhH
UGWaTbE+cCdAA+dJA2qqhObL1Q9ZDkcIF2H+4Wc5RJFPqif7wN2TzivLdMuckO1p
fQV8TWBODc4K+GW3jwKmhL+/UZ8LNfERSPI6D14AQ+2qnkAB3zPEL0gRpzzmv2EU
ZZBxNvDMbK/EGaJfiJxI737QA8P0I9Igy905Zd8am9IxbPt/M2g1CrR5ateVxjTG
a5Mc18gW1RhCfXo21k1YvDZLIQR6m9vVcRHwz51Pq8GPiQEzBBABCAAdFiEE9n59
boAPJA6D68hn/2rJpkZN8JwFAlr5kDwACgkQ/2rJpkZN8Jyv7Qf/bXBBoU2i911p
vEDNx1p0GB3SRa+JUhXpzSJHkM7O4a1PmPRaEBiX5fy4pNwWeJ4V6s1dwK8GDUTm
C+FZZCj42OlbxaiZ+nYkKKmOUpP5S1oqPGjCwmJ03MYqoV2i7Ht7Dh9XCxyLQiKf
pynlKRpnUaUNyWKVdCQHkH1bIrKhVRhGqLpQ748OnOdCdTVfrzTEZA/NzFEMaFIe
tLOR75pWKvsxd/qu1P6IGHdaI2SF1Bry7EnZoUSXjfnmaYo/mblx15ZsRH3tzIbR
TWJUm88UJJMNiDN0dZ3V3fyyX/cbWP39HrdAJLcrl9yKj/hskp0J4POfECickdHv
C5YhwzEuO4kCVAQTAQoAPhYhBEMMGSiWAVfMRfob66oGEgUwrgRmBQJZdfwPAhsD
BQkJZgGABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEKoGEgUwrgRme8EP/jX8
4SGkTJHHyn9b+ay1fs8WM1GvCYt1PayGc1FaZmERzS2VMpmCMZyN/d3MFmxL+MZs
wXi0z8Y4r+pai2SIeSshDafLY7C6H3O5vbzQ9UxY/Id5LO/iZBokBbvFH+PS9EUK
7VLDZX96NZvKGbwDGDSGueKqVSbbzaxjM/+vgBKtKL/9h/uECsdqhE4MEF0IpMZb
+zz9aRsk3t1jLIVObI/zsW27yI19taEUHeVLGDCTVhHGa/Dc4iyXtAEn0EzMg0ID
XrAEg3z3L3wMkp6Rqd1GGVlHP10ASj7tro+7CJUYIiuHkgGPtUhNZZE9A1mv56UM
vWNE6lqrlDYYkeIfJT7u4inj3fLfNG74kwFuZ9sR0FLO1VoTQ5vY5OzW9qXltsiz
eljWSLCxXn8Ie93+5lZPDynzWNoLo4OjvE8jS1cjrN+rLAxE9yrSRR0pEfErGwZk
J4EAe812BG5/Kj4EvYCUTiWlRlh6gI7hTFannlciPSnenCzejNNfeFVEgP2Ig8Hw
5D26yoSi5+Ffs1P02uyWtO2cF/BKQF8TJ8ZI52kNgulEdAE6AZc+UQei7D515VNi
tbZ4XCJfo7T4AnSjXulwa++LVDJhU9QHxzz5h0lv7B+Lfe2Sz51qhCqfG1CNkxdg
yr6fy8FHeFCFeW2OgBcKuFbZ4oo/O0PX7uYXLCuouQINBFl1/A8BEAC33oSJW+/m
6iDZ7UJTCGkihCUU0FNqvP20v4o7fraH5u6zaJJ8kDYOXW4C+2PcJJpaSOV+prmZ
zm00g4Qh0k1YpR4vUH+g9AfFvtj5znA/wnb1MyA/8yVkzTcfR/+kLFyUWMfn0E7O
skp1kMY63roiL+9YKhOP9a75+E85RX6trkrbJ8oatGs+oxbXCzcmfTGSkn2CQN8f
SVpA1UjNgn+fy/Uc5LTPfLZCPzzXtmLg5jnhQCQy2OG+EqFWRxanPhfS3J61/q2i
uXNLaqaMDS9pgM9Sv9YK1/S1uxv5BfOpde3AA+oeFs3V6AZHPPaKafPute7s488O
xDMlPeLs+293W2KBC9SuAKT4t8TiJNsn5plj53bZVozKJEGCOw3lwg753F+15J8U
jQl8PGAs9z7h9Ub1cfbHMTT6ogiLNRjoexCa5yRGWeR0KnETXQRyyuQBG8SjbmJE
9AVaYXvYq1ypohkwYDM3v/2GaXuaSrC3JypaUmCcFwv9LlfspSzDJHB3v/wsEkUx
ehSuM/Q5dgPuRxBQIDW91cdyHulXoCsGcbmnihaZgEKIZ4O17G1sNpdnUKKkVO/2
BMgzqnEMNY7p2Y3lZaz6wzp+owuWlStn68umyLhUMnwzdJMCcfe1jRlfwnxHa1YX
QmjWfMX5kNencyiuWOOLVX2MFYuG9wlxdwARAQABiQI8BBgBCgAmFiEEQwwZKJYB
V8xF+hvrqgYSBTCuBGYFAll1/A8CGwwFCQlmAYAACgkQqgYSBTCuBGb8Ag//RiMs
Tt1IB3BDUHzT82MbJtUrPVrhl4jZmrcUl/r4G/XTU5S2JCoNzYsDmuvtHftuewzu
gAwiXvRDZHivKZowXEd4yNcxLEqIWD4Rrbiw/mvoMSTLDnPt4rOBFzbZ30FNg2l8
Njm3kcpnBtTHAb+0ZfiH4DZPn0XOvY9qOLLZhqvM62hM3uiQHjSmgr2i2KOADka/
Zj/jZV4N0aBEYyD+234bOn/AjGae7QZFMTDA8AediDy4fFw/tBDFQPKsvxME8KF7
huQSvWD6xyFrNUfOVpofsWzMglyD/Cht6TZMrnrbaerSNHoNC3byiMgfRWBknxOK
iZXp542tz2SGjf6Gq2prxYmMTpCNAifDamOO5HfQDv9DmHu2eIoDoUTeB1Ywu0Ns
liviMlIU86s47RclPX2jp7gURR+vdTzP5PKNCMFCt2/odlnZmbHgG/h7sFvStUMa
upbNmJDs6D7b6Z4EfPtDl4K3KnNAkfHpWRRoDxO6qpt77Gc4uoHyZWRDKxZKU8NO
JIFfC4wyxKV9Nz6an7r+NtUAANB355cxS51fXSP6ceNWpcSXpqmI79PYRhAVQmKh
ZdrIU6qtFM4BTqsPUL3gHTMMakf1oEshx0dDbiQutlAD9HvG1MOd9WFD6s1MLG6U
LmhEkzyMPxMr78Qz6fSV6kQkC6sLpQbC2gv0x4S5Ag0EWXX8pAEQAN49KL6jWwod
Z8QfYWXKdu6nj61WghQYHrmFURI0LagyJF2wI8YDODaTo7+ERB4rJD5SKilk3KoG
OwvrP4AsYK+Y1p5G2f3LgAjSsZhU+RgmxO6TdqQr5ySNChXw7n0jC1qFiT1O30dw
BLrg6KvhJEdxRCxmnwKYd6O0cwffuh3oto/u/E+ByhHE6cRwK9+srrfryH1qWVIf
HgnM0Ii9/SLPmiqsOfEn+gpNrpSgJtj4ll0M1GO8qWuEWGyuH7eIctmrJuCzjIrv
rCETKBbfi76fQawIdHyGQGjLznV9d5iKiaYQJlPRz+8Q+01QidxRlOsIHLM7kj/H
VJTQZhfxpQfRhmno28GIioVSFtaaFjANqp/IW+vQDxQzIBfoWmCRdzJe/uqZEmNF
fZYX3e61BmAgMVorXDASrZrQLyN6ZdYXhxoz3JzUu72CThoC6Am91Ash4NDEazFh
C6Uw7QRb+s4un22ric8EFF6ytsx0RjsdQhlpgiQPAUMK7ixZrzSzOkxgCPhPDy8R
/g2//n8m/DsEZy8guHXCloo2KiSR8gaO/axBrZpildUQXmYBU0l41Ajk+TuHEE4i
MyXEES2sJWul49syx6yNyJE8d1ERQ77W/dxVEwAI+f7NzUSzn53/fuL8wmZVagAw
9y+knXp77UX21CAwB3J7wYJdbay4fiWrABEBAAGJBHIEGAEKACYWIQRDDBkolgFX
zEX6G+uqBhIFMK4EZgUCWXX8pAIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoA
HRYhBHfj2KJVtdXB+owmGzKid+oJFNJMBQJZdfykAAoJEDKid+oJFNJMpw8P/1V0
zcPg8slsNQIska0qF6bTj8oN1iBlua8LZGvNM3/8x9hgx9u/uVN2vFmRBTUqd18t
d7Gk3uTOMxHz77F0F21N545CUSYFpMHVfrNtMXihPgICfV9ZYj/ktqlceRZJ60gr
Q8Ccnywy4S03EaumLqta4AeQRbHBj6dsH5MNekNxilGv1h+N2kRnlidIBRZ5fDGb
EkkkBfxMjlCfhb/ICP05SJFfVoUWKv6mwtaP0JRYiCrh1nHXyGwhh9GigmTls5Qa
UMhRWf6iVO5QyS8BBsL7XxU2hTtInsE8KWYVwrB96CjQ/E+twZoyC90onPAPN1fj
53I+5R/q90O5icqUO0j4rx2FWMDg70COwLFsrA9ATPxll9vdlxbufxsyBrSHp9cw
ZCmOsUJ3IsV5GWuCqqfVX5TQpkV489PrVTqIha2QpT2gWnCrjKNlTUQojzkopzRr
kzd66jGcIZcIqDfXIPAVgVwGGAh9JM7CuVCQH3wIijZK4/URLNC0e3SrizTi86Wu
Ie+rKpZ9l9rZYuj2HbNm7vuk8E+xM/Wa6fJuGYB0tvKw7UE7XjO6rPgNNzTiIh3k
KvBZvm5bSuH29DaG+KusPBT9jrdnbVYLNfqZUYFFwGxYNBATeFdZzokx3+6aWO9M
PeahDgcJVlx/7HvhQ33q6KrNHfS8H33MHKjYK08+X1sP/3TIv0qvY1nLlN7yZn9G
kP/GGu9ALt0nrM2ZBMfTNl3+WF5DK8MqOYiIDqXtPBdptHZ/xJ6bvTPqSdIsCnA9
7HrsIamzO0BETfBtivlmttE7TEXpW8u1mKBEOvAJhHWFL1YhLUD+/rXtljhj2KPR
vdfszpa22mr4gJk1BY3D/ekxoiFXTWRYCH0nB9mRDCxMAui6GTo6nxgNpJDLtVUd
z1jovzD6qBrC+hk9/fOzzzoZZ19vw8zuloQVJAFsORzd1umvjuVEt1Bp9Gh1nnzf
leqIpaqc5G7UnTfB/PywjvliGF0ndL3IxIXlnupdpTtiLh/3ojrEzYMhM+ABbq1m
uYr7k89m5Fw8Row8bKA56hfpA7Tk4Ifez+tKPEoV0s4Wo+1/0Q6G+7Yqt8+AfpZS
4oOgOD5RRUCMfTUoggeQSpfbZTvrJwJhtoh+Ak2GC7B4+R7nO+ch7YQMff+IMfz6
ewwAXxQFEhHhkrHh31n/hML5pfmQXRkMjE+dIOjNyqDTVc0i6LMNK3SvAlIKL9rE
mjYqgEwdvOk9lzOpUmUTOLLt9/TKmBGoZxjEzhvjf/+HgN+7bxZe3U4//GwspXRj
IQ0fmTeCI+EMd/Kue9mRs59MtmcNktYJMpuRqnGJ+j8eDx8TJ9XgJvAzfiZbPPCC
J720zNZpR7qAQssadU5EI9sguQINBFl1/OoBEACw7RGXKp1p48ffX27kzGvszhoX
9MQ7SX0J10g57JQK49Oyj1bMjoYi64Z2sXMyydAAG82bWO8dXlBAfCla6eyd5C47
Fj+34sJTievShLkGP0CHp4TGQMbzMJGy3FcglgQfnYnidqdzeK0ksR8xWrtbdcsv
Uf4nH3HV+MJKluepFFDG9Ms92U9sgyd18Dj2y0ovGRlADC74MqdzTX4AAwKhQ+G2
2WE8sPGv45yruogLX1zFcgayCGkEXyDvpitQtoS8xRGAGWoE6bjLCuaT5wF6jNw4
PKfkgroAyy3jLQ+jp3tfBkL0UccVwWKfq1L9PXQ4mpFdxANa2isPddjgH4NxLa6V
asVQ2/l15tE5m8KscER5sR30uHkRE46tg8fnndl24amlSuSpmT1mGFVL7gpOKNcr
DT2agmgp/shJnnPzSZFMy2AtsDd7kKrCQAZhEGdkNpDphq0xwy4G6M+FEgBUoph1
Og8pa4moAHp6mRKJ+cxy4FlVgFuYBO/711qttzDfGGv2jUnt75sZ7yz6NhUiDaKj
CEK6h8oc78cl2QJPa0DMHlXj6l9ZpSwctMGKtgavZR2YB12bBnbXUadxrsSbNTh/
na3fWTfq8vD3/QVCWxYwFSLLzUIkN2c4j6z3U3fF6IvDOb3DEvOoJ0ns2b8xaT8P
MeZ+i5rUb5eP3gGrRwARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCu
BGYFAll1/OoCGwwFCQHhM4AACgkQqgYSBTCuBGbfMQ//TC43IuFukPZO7gj/azjg
pbecrqx+JEhW1oITNihKw0EzM9+Zd8ko0pYOLYkuNGiarEKeJ2GcOLMxuU9n+kmI
hMeMPXRH3YrbZFhWshU8uywz1UuDex7VwXM4WA6+9xxaO3AJMB/PWqI6b8IagfAj
SxZnsxOPg+hWYj56uah3OTJcRdKSzExOLJIQkL0LOyjMNHI+MwqRNe59Dc5k0d9j
kQzuW8lS862ryiiJZldl5Uh+T05m2FI9IN6BoXWFsO/KCmgV2L5s4EwUwK/gcREN
OGB42gL9sMhaQ66e+JG0LDOsMcQuhHHPJLCdaXCen2rbfe7kPjYPSWWY5p9tnrcB
MboBxKNKUy4yegabZZ4DWfuVhOhVPxy0e7IQyH6hEsyOEePL9MOtd4PNWLKrZb3D
TGVrpOogD6Mf15nHypWEpkoOVrKj1VUo2dE5iEHcL5iiyJYKMJPwiumxDcpzCt07
4RNYokL+cxsR9zhC23/GiJWheklBEQ7zh3QibkT1SYHiXrGed5i+SDhRfj3BTUa+
hgdoNiA0UrUJxhLUDjlvGJHHPWe+wVHJ8uIHS3cvAKRMtUbPXfRJ4X3GKGXuI4kr
+d+jB4Wh3dYgFW7Lr9qNNwqvNeOdvQWzAXzqNmaxNI8hF8+tVeitely/J5rORgly
JkYzFB8/M3WsHmxbo/BamOy5Ag0EWXYCxgEQAKhRUO8R1Q51jVdROVI7xKuni1r+
JiTI7GEZCTPazUVERT2R+BzHwQe50XLJc7WmelZFFZ5YOugrBFvoUXfhW4iZRETU
KwiGTG4H+HaGLO4HQ8cM3S3Ke9oV4U35ye85IpampOFwz796mFFBawPoQ1dT8kyQ
awYVB9O9JyagfznmNj+k2OJnFXsNSRFSKrWvNEPGAoydl1HdJoxXflfn4xJyp8v7
ycsil3r1gxcxDMZ7+UsXPaj+LVyYDJDGk9WIIcPQH6UE8xVlqsEIzy/KF/Ub9Wms
vf1ndOtn8C/6HMwCNQzgqGMBj8yUPnU+P3hdur8Rr4S+CvzfTrJXlH+edkx7XMkh
iIskkjsOijKO2ARxSlYgQxY8HWUfioZfhSJ8TLomgXi411qeTBFk8NKXAVHKTFG5
rx5xUm4TV+nMKVymR3byY6sEvRTLespSWmWAOWlTMjyCJp2vV9WJGxByeD/tORBU
vhbzBFIaPSjXZSTcgH6cUCRH6Gm2Yd6iLVULZT6EZdXeCJZ7mQPZBRqPs1KHtGg6
d3SgTsNnPxAwNL/j9FpxsWMLGFBTlzezmLrJyYvbyyCJb21gF15j90dusj964xYn
TsyFtHpLpzruJcR01Sw6cbcAXpp5FyREQARdygBMVDcLyD92RWP6KmSh+Xcm1Hya
Q3NMy+tfrllf1r3RABEBAAGJBHIEGAEKACYWIQRDDBkolgFXzEX6G+uqBhIFMK4E
ZgUCWXYCxgIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoAHRYhBLY1Pa6RV7Av
OLSEC8s4YHUVN5xpBQJZdgLGAAoJEMs4YHUVN5xpUL4P/3lm1YUPUitdMKNTVQaF
ZN41nIzXYTv/yRRygl7yVabkcZYJ3CrjdTM/TfQADORn0q3NpzdFsYe801x49UrA
+yIwB/IogFncvREfuW5KVFLaj+EHyMoGzNCyuEcM379VYAuXE/ghSe/1sfeLluug
ikxhduih07mcPn/H8U4VFIDRyxDeWS+ZbobWrcEH6No4knqRi4yInsgVUkNMml0i
UBA8UM7ieN+ioFRCZZ9ul01jOKUjZRzIKcQvcLE8001TrMoAqeS39O/kEfxL6qgE
YPjZtvQv5RAb83DmjT+A3BJmlS3mN4UiYD3+Wk9VTafyTjKJed48BaKws81Jampu
OdPorwoxjkdi7owTg3k9BzkZMwLtIBZ0KOzFAN8c1vuDk1CfHQQKz4g4DdA9HNCt
HiKlSd/CI2Mmy8hVkzAOnrVMZ1VePNdIUcd+YpUQR0uKeaTFRM+mOAnLFd2mnsPm
eaFefRkCho2G2TDApYEAhIDi6v0vg+KCl/oodA/T4xAzNuz+xWs+WUv06UBvWPKR
9ZZFy5wzaPch2h6xm+bCuvM66nj1EN0pe5umUFZrp5QLyD1PiN2LRfyMtzXftgSw
GciFf20iq2MqKEvqzykdEzaS7OreEtQLIGhrAzWZ3v2MAQFVTaPqlunkHju4K4y2
Oq+EH55xajEOUsGeNRb4ykf0C/8P/1wwKoe7+4q8841E2Mb0RyNyrGMA5YLJa9Qt
3anzBcsSu7qTYySmhpPVTCqeqZ1bJoS/ujqezCHwvtKXbkysRWWyMgUj5dVRs1IY
k9SUfQRI/HHq9r4mUgr4kRDdhvU4RWD63ri1ZsuD0xlp1zDCrRxVkm9y6UQf/9kT
N7Q4AsT4qNsMENEejbupvL1rVmybgXzDcabzTNcwiAMxaLjoALLZXhkXC1Bdq5kt
NLI2r5++tpYrOS3CvIc95C1Q3ETux5Xuh6FwpGJdXRFcha1FBMvvNKMW7Ky/l87Q
LB1JMO6lFpfnry6El2ZMK/k3LyvWGTYu9hn7M4sVwxGHo/frN5Xo/+iVTwhjHbGv
+8gSO8Vqh65UBLoddleCP47j2DpdD0lceQDevV3ltxRA8fJ8Y4yyGHf62MB7MlCY
HYYWeMhwBHPkDZjUj2KeXl3zxvaLBdzbGXN8bwG1vneBYDSwBNGhIOGq8tKWKpKz
jVSNeDfY+IZ0Va/ZWejpZkpggyulQHoDiC6uG61qnjs2edepmtS6KQd5KGexpH+U
FMdZFcBv+6Ca5Z9Z169ajhfRu+md8QTxppo3f4lBbX4hTCbF1uNmnJtU61kylULB
IgDGw8IVIupvhnZ/8zo6Us8f7g78aUAKf/s5SKr5mse6MpnGp3Rhi2lJgcg9QjAm
zkmejY8quQINBFmIR1EBEADGA90QPbf4XqyZgHEfIsQzIPavZftqoUMhR4K19OGN
Wf1q/lgKDRmwQ2fiGJCgd1LUAKQa6JVtgVabg1LxBC7KqssytU9tgKr3PgxxCXoZ
03yZaDt10stZJfi8996e/5oLvnh561O2w0OegMARxY1wdKVa8f2RKEYRM1WhhzaZ
a3R8cdJF4cb0ANg3/jfeVtWBx5Qq5XtNZDVh2ZdGD69y4HOLuvZHOQJLUdPCksUO
PxFuvSdJYTkVTgkYhQL8WYo1EXW3clsykJeVTKAtrA1MCtkDt/pkLixcl2uPF2ov
Dj5wxKd1CCM0Kr69WJHBhFuWrcWZjvsJhQaZ634b1kyY/+nYeLRL23wnEw5FQExu
rWIgasW6LGPBT4OJKPy5DNuBE8SZm7WNrjNqkQMysQWch/Hs52M741TAAyAeoYQP
78XmbfidtCKo8DIM7UQk1OD4N12hrg3bTcZ0F8oKn0aGn8rQXxwSZA8b4JPYYChz
OZLxUrwo5sM+byD7gDgeVWNtXE104FLd8UY0wgnMuj0MF+Eahsc+1MSVv0D1TKkY
JassBGIymW0pWj1BD5ijrDC9J13EiCpT6H/JQVtKLCE8U9V87EM/lezV6gliyIG5
JiduulRsVK4ceNvUxIwr/nI22bi2Z38nFvYQdv1jFFrK5TYqwdIWvHq5k39YgKxf
AQARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCuBGYFAlmIR1ECGyAF
CQHhM4AACgkQqgYSBTCuBGZurA//W5GNhnOszMaGG4VyYwK8IuN0wixwqkVQ6dIL
Vr9dfc4yYRpE2t2ZFh0yparw/6fmHuuVnGwd9mzKLXQ6lR0n3lEKZkZW7PRpKC/5
NVZLD4vf39RAIgp2phLeoMdkPiU94STbi5kZbHmgv/pnypwz+JiGD2lZohsJZE24
mUgN/XV3hDbAP8TGLCjIykZ/atY6bBY04Z9rH/6DdYUzP32zpDvBfUEZx8MYlns/
MhGORYcZhrKV2fqUurYGjFI0lsn+LVQZ1/X2RMWZRjAI243jljsT5bv93u3hUiom
R0LDOViTt/zS5hH30pa0sb2v7wNQLz6ZcFGzyNzJtF6AB4nWsnWAwShvj+sgvfLY
JR8Sfp9LBXSePN5zRQrnayd9CO+5Fh41tYUnAYie6ZKe2QZgv+h0u3bli5kk5B6s
LvoTCpVa34igHTvmJUgyVdIsnslTAg9SXi6qucyriWLYBH+foEor44STadC9FpmZ
aqHox2/dBNZT2F29t/2O4ku54DDMQaKeWeYf+Ybvyf1Y7zdRZAY1Nf0I9Gb+aLZX
i5n0VZ30fEP9OBSVG4IBYTqQDhLypOC6Rsy8uy5BsVPPY7VJ4goFqLmQfGOiemFr
bdsIzEX9aBY3XzMdWBOuW638i/vCvdECZrd9rLMzjRqhdNRCfoompurrdXyDGb65
EaBreyU=
=o65v
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFtbHQkBEACznLPSFWuYAwNMD3bnNwYPNIgUy4KcMICi12E1Pq08D8gu2t7L
2v4uKnNdlRjZrkU5vJwGm7mhmGTKQpNKuz9YahD21yztannVMjWdKmJd4JIRXvGA
6LJjtibWmIjQh9EgkRdTVVZM0y4H+uzEfCEcVedGqY56C6RYqfZMwV7+RXEIrZ95
eO28lZvFUdX3D60tlK8k4jJf/KfD0U4igXdnEATwxDgf7pZ/+Fouov8abhwu1xSm
SsCJS/dCdwV5rP9OgDeI/XZJt3zvm5sA27NoimPKhYymwQI0I0j+vGn00zRBF3KC
dwqL0nxY7c+yx/LM0Da0IKyWaL20lHNprAz8RUTcgYW1zkQt9O6xTYs9wYBlKrXw
rx47C16ErZLQEdy79O1/lZOK9ZhfREGpp9mA1nEuJ6txyy7OOvpaYJpYC6GPLrjY
oyoghaAcG/an/tonEBcyZzc98RuZpfqxfjGV1kCJiaBKxZ9aSbHga/U+G3KRAqxW
GuPDpm77byDJ3k0es6emFOkml68UgfQWsUwrSD9uowhyG1eQ0OE7e7Xz+z5bbVCt
1M00EhWXI+/ZOsNpeRF+DoNSGC1/KA1rNdyfqWbKnteIOBdjubxn3aYhjgYXc8L4
rBoP/GxxwgtAYC+ZHNDYKys/A+7i4DwqRO71WAIvKjQkigEVtrCM05DOnQARAQAB
tB9EYW5pZWwgS29wZWNlayA8ZG5rQGN5M2Uuc3BhY2U+iQJUBBMBCgA+FiEE/Zs/
nc67VTeo+vUhOwwQlRBxIDQFAltbHQkCGwMFCQWjmoAFCwkIBwMFFQoJCAsFFgID
AQACHgECF4AACgkQOwwQlRBxIDThGw//Z9U5SlS4t+RR3Jj/01xM1iTWDIqlsnEV
yhRgoHj75I3Gzcd5tK2KXJLTeUHhShki3dK0EDIfDvCTg45sfYFAvIEKWmNBzd1D
V4o9iICAeS24bNrDiu64X6oEq7jGttQVmem6RR4ugu4+LqIo5k4vJ30zTzKpzOUP
GR7IHjz+aqAqLng55r5SUYrR5xTp5N1xTrigpXAZZlkIJHCungPda/4C810eSghc
v9/oKdXQtg6WJnXOv36zC1WbUDOK4MfJr911cTCmaMfvnjeqToRENO8dM2HEJ7kd
7WUdWfG1rMonO7Rmy4mSkWghR8Hr1eA5qlMP3uaAmSykxqVtWgIoBu2qDGCNCNT+
Cl65JyAvvtr+D1/Yyz3svc0WanBlFYJakk2KXYjZq0kYOpjkmkQgWs9o6oqpftkG
brCWm3IojslLL6Vg+PHV3PNK0yiKP+gnvebpC8nVnB7iNM6tXnbt6jpfmn/y1Niy
X5+KfsVPA2wJkkQTgDJDKtmlPkNTsltuqFQnndXMDPzYejQ7DsUZ6Fyms4WSxDZm
pC/PlVSuB2N+66l005pQcLqnDotOPC+swDFlEy/RYPL4Pf1f47qyC5HttkGZnmWm
7Y9PMtixssC7RvQmZgU1dgJVR7LclODc1jR7213kFHVY8GiELEMm3swBzGpfK1OR
NFPcsQdxZLy5Ag0EW1sedwEQAL6PdiOFH6Z5mHiS71PMIdmKDcaPMWJOSS2fDBz+
ELyjDuJ10HMFBlFXg/ifgveBQ/7svNksCownwgfnNcJr121SI2FgMKuzpiz0yK0v
3Ajh68fDBEgt+NMj39n7kPTtcBON20DOBRNxX33Co2jQRYReVWq5efuPcHhqjiSl
P8yMm83q0f0iQXEQ/X1lo2m8kvorx0qqzdUNBI+Y/OmVhv2sbm3fct3Qb7aEAE6b
BFYzegZHz5/PWh1qhfhHKDS8JUZsBB2XzXHuPp5DxUiylRbiqKtehFObcgs2O2sc
cTAkNWHfmBxeIDtk28AMwbgdjKEoYXo9c/IUHDIeK+JC8jUPGklF0XQJCdXOzZTV
9fjpzOT+CKFiNT4l19jUKlB1YbaYzz7b7pVLNvVdPCpVzR+w+uRn6Q7FbqsSwtGH
4i/HXyc56qjs25NckVIGhNTO2wWDuk+EgPkWlqcQ6g0h3AE9o/ZUCjkT0xoknTQu
CXrTVn+bJ8xzkSetHGCarOBgD8EiSCZGcHLv6kUiTcQdkhs4Kf4eNYVWYXT+jg9I
WYAuboygmykhqYsry+yYV/4rEo73zP394kjasoTkySsJDqHxK1MEEMZQYr8EY9dQ
dVOe1/vBQ9HqfYPIS/r4OUsWudSsSyTu34FvS/oZoW+Xd0aQtlIfR5saI2MS8+/d
ApyvABEBAAGJBHIEGAEKACYWIQT9mz+dzrtVN6j69SE7DBCVEHEgNAUCW1sedwIb
AgUJBaOagAJACRA7DBCVEHEgNMF0IAQZAQoAHRYhBH1Jkhi2O0+m9VCk/J0YRMh9
dTNPBQJbWx53AAoJEJ0YRMh9dTNPVWkP/itlsIF/uHBZvrVLWm2NHutkILloAmZ0
ZY4zNnmrbjGI/h8L0+/54MRzTTGdigcNwjCFiS73IZQLThebFpOEVh/J11iSKZok
pxc/uFg7oQ4dFtccCwcndR2Q+XJJVOUBWyGz31lgpdP4OG9vte9Uz51rxyDU9G/1
PK35IUiObUqT+d6GJ9cWW+6V2rE7OFDk+fvUyLIiS+Bj5ED9YPpZykgAUuUYKtdA
kdgN016U7pbbRmQn31t9JqZ73GMcdAmafGascboyss3AA6w5FlF7Tmu2H4rCv7ZG
hetnWzcpQE8GQ1g10zHTeSF6HDRpKJmnjTP/PAdvabjNZBjOsUYIQTCKeueYXhNk
20gtCooXKstZzta6jYnjSeV2LSucPa6yWK2C/0N/Ly+eWY9tj3cjG8n/kojzUCrl
BHS8YqulQkgkMa6suGBjWWltUtuZorF5cBpVtXZ+Dxtb0o8FboKsHPRO8hSOHO/X
Kx1p92PGFpVt6clS3nAXRptypeJVQIn4/HuzK4cEuXyzX5bH6liuq2pFL4r5EITv
Gul6xEgPTs3/7Okvis1rFPVg6vtV7D6IFFavSaAPHaYsLoIsfq4gXgB2XCYz+Ipp
Qa6djNIO4FVF5WHnf1HBzy2dDhZD9BcAlwE0mDFhmwM6j/nnKy1oj3R9rvs/DmsZ
fXP2a6SYNqZur90P/A/5RMZuE3KFB2qP9qWZkxa3k9c7ghXw/v9DpoDJoYXHHAnI
nC1j3asr9CiWGylrrz8u9c8m/4A60JT14HJJNHRUtwVVaQ8SZ0RsqfMpuFaxRwOb
iP/qBIsvnkZh9HxxYzrWtVrMH35fr+cvcB63TL0+rpf9vG+CYA3d0URhx9nMOaH+
Lu0xmHWqlIdpeHTQ961+dt6YO+pacTzPW+p/Q0lJu+hj6YOC5uJBmR/MQl/4PceA
Ar+w3TYOqjX58v53GwBiTH7KJSUtMkGUseZ81sBN4n5h5Xdu9Rf5pZSgBEuTb1UL
+a6+ziddUAK8tryLueA2sOkj4z7J77GmVlxZe7GZQyHbxi61GYW1AakSJG2oa4Tk
E8vF9buCXFCHZh6nwjmwmgxkRZnuclL1eIdh3Gc3eb8NxGdwNQfo+CYLHTkgGD3e
LEzAzp68NsssQ7kNep1u43mA4oEWFpJNqt3aO/FaQDBqX9ND/A2ZRaYlap/vNu/c
oDSjEI7O9i4s/iwA3tzt1ZgLY8Jsq2mwVZTzvBCv18OKotS2W167cdbzilY3AT4t
AfxJUeAFhKJPiUm9Z1RCWJlniRswFWYbqyYlCQ4naLf9xf1NVNisD7RkHVegXhUR
qpR2oH82GLuz1E2o+0HgKGUyTppj/evK89k4kgKYqVlJgtKzubhRYvS0LnsruQIN
BFtbHwwBEADa8ODzCqYVzVAtquftwxWkmH3IC/fDNcpZ4Ypgg0GDPWQ9t0iQfPum
icz+M2Gvo0cgTgr0ycgtENPd2UuMJAmWAet/585jIq+z3MgSTDBqowiDpZWNaCYC
zGrVBw01uXA0rW6dOwmXbTKGFr8D+kFp2I9GDE94t85MvzlwUFIR4Cd7l/pvrN19
poPVPagUPxLvVcesZzKA3rl3arm35MaEnBMdlpkS9BcXGVnMa8UZYxFEILi94GQk
UnnqCTqluqszj4YmlYNGE7aOg5tfM59Bze+n/siHHTnUVJ6CxADrjlUeILpfqDWf
53Wr4RtJZ3YZMXBIxlLO/yawu6eAPGb8eLpWpUiMWfBdiOlKtdNR1mKSMJoVCAe7
Yx+zq9Q2TURgJeFaEvVjP5wOt34U4i/ML+RXkFRAc91GzWNVwBrIuzGQm4jFvLoN
WeokFmjCQzET7Hdzw8cIN6VYREPoWDnDIsMwTRzSMxzELJLCxS5MhghC/3LbPiiR
+GEFeWGBUWk2rN0IrW5BGsceAUqVnjTNp3u98X9cdfK7Bq/L8nBW4Es2FIu1Kamv
WZtn67S1kMr4NnpoKBW0TJH79ouFbet3VHThK9vHAVlZigR898JBmdUdB8TA7QFk
pJY6Al2X1tQgYy6RNT09t5rQxLKqbdsrJFohDsWBqf/MCjYJEk5eGQARAQABiQI8
BBgBCgAmFiEE/Zs/nc67VTeo+vUhOwwQlRBxIDQFAltbHwwCGwwFCQWjmoAACgkQ
OwwQlRBxIDQZoQ//SoHil3Nq70cmhcpt44P2aUhCeM4CS/db7SYo9VcTPJUPhFhp
8G/wQP0eHqFpMIvmxWsvOPVfvpe82n3cVvWvoK2GyxyC+15QP1lsWv6em9/aTr4I
KIoB46ftfH8u9RK9NXQ+cxdEaOb6dowAL/fpSigdtSkcyMOiBSz9WbKSbdV5We6U
7rKW9hsDUonOEgHS9SR5URlMcFOX7v/8QGN9AWMMPvJFSZDbqYHl4zltEAZ4XFBT
Q7+KfQgNO4Nn0cujin6Z68O+PbH+67FY7OWXZqk3DWldf66Rp8s4/O2gK2YFThm5
w825E3M++2RlAzzjDY9L1/yyr/iIJIECQflF4xHjoEb96YJdRdKjcbskj5e2kGy5
jYZTI4fYE1DXX76XxN0E8vsh87h1kQ4KVWBeCRfv3JF5UP4cV6q4bD9yJK6WMW7k
/Q8jnJFL9MqmwBjmaRDAOO585rHiUFhgXuhvN2wJ8+wU1Cx4K8eloDmMXFiv8ctY
OqAC+2tZ+GggoS7eJDcge5+xP/d4Iz+Uu7T60BKdDw4G/zqF1XiPGmYHR+agIpXu
AachKfEWAPEPiWXuaMrY5zTpyKGZ+QAAMeDJFWm9HXgzD3Pem5kKtTMO+2knPnLA
7kMfJtuhM54zCxHumHjLftpgmrvXs4kbxwvYPa0bLB9WgkuCRw9jmp0EZrW5Ag0E
W1sfRwEQALmkzvzdLdpFV68H+4nGVKPmn2iaXcjVWP81UyzyMSn08/DnrwG4xWKw
xoy+tLRZhxujb5i0IydixSPmT4kiS9r3agEfMweJuaHl3CfdxAKxQ510apOWCy0k
YWPA9/DsRb53WNj6BBIaWWIB12izy+SPR9wrbj6hgfQnLeeDB7jblALk5puAQ7al
xDyZldFG1GCx/ikZKB2cItantBWwmeb87yO4oCzW13E/ZCOShJULUwLk3R4WCGcY
1RKxdFmlV2cH7UwVc3WIGrnyhuxppC3SUFcNmpsGZuwBQrw/v2YdwyzTOlVdPdpi
ZWxU/gk82UL2kVkU7FJk6jmvzsAIEi/zQ3DDqFAvsrdTdS7BJ8hlXfDpvpb6SgRT
Vnete9RrSelLrNN+1Yvy4aEHZ3g9Z5mnD3wHXp5dO3ogdTU23VhAY9o0nmN4tJVP
dQ1ZLt2dCUlVMfZ9PGNN5F/kFCcQliL0Ia03/rq+VY0Im83ZvaR6i77KzJTzl1or
jJAkI0FUMEtmTeAlWNqzvXdXFiQbc9dyKc1XGVMM/IL8+HQmd9em5mm2+Nx9OgVU
nn2AE+PYsbZtsSuxbskfGeLWzstIHqxFdgG7RY1zqV+l+wUE1RoATCbSbRmgPmtz
/pkZ/o7DH/QUmtuf8FY6MW1t1tB6ZmrCwPIZUdRevC8lUUY0EzrvABEBAAGJBHIE
GAEKACYWIQT9mz+dzrtVN6j69SE7DBCVEHEgNAUCW1sfRwIbAgUJBaOagAJACRA7
DBCVEHEgNMF0IAQZAQoAHRYhBEE31LmT37rzrAFDqG26LlYIYovEBQJbWx9HAAoJ
EG26LlYIYovEgqkP+wbcaqhQdhGENOSxdDuTL3Hppe88Ot+eQ+WJAU1ggMDgibgj
qawruHhsR/Ca/q6Z5r3MVzz9jHspb32rixbgjCrR2Cvxf674OBLcFgd0fCIMljMi
AWxBUDewnqzErXROXCduNv8YD7XybTn+Mjb7aHsOe4Hql1zJvrLW2FpD6+B7S3cN
fgY6oe5Y7AHlJo1KY9uQV6bGkWUnNzCo0dbV5Hd11xe4g5a9xei0YS9OVS3WazEH
8dpRyMumBlBuQMA7vyeE/tuUj9zbm3JMNynw3z6K+4E1wUd9iee1gj72EQ+6PejE
EdJh1usgEYxpZbtY7+WikXXC5VTOj7XyqvtAfvPHBNU2gxKii63OyXof6NnqSVps
X+0Jz7+JDNuwBSyWozvz/fNqjbwEhPgUL4bHJZNZG0SqmCe5DNgAQpZrRaLQSECC
z53pN3ZqkE2/HU0GnnNiusAmxj0tdT2DyvpXv7a0f/GFYVhsGrSYh98v3UArVZdD
b2K8WTIi6ZWUq3uPQcoU+tuToVoHOhQF2YZZM7zaxiFicI+js/1S/HpYD4bx3faC
/i96hOQLmzz+D6F/FGaTa2ziB+ci2dVzG12DyZLsY8ue/ZOmw+rSsqTjHZsE1luQ
VALV1HqjF8+AQ0iac0v5EiZKXRMf+ZKI1eHUcD4Fy2L1tbIU+6s8jLM1klk/2m4Q
AJ0yG0Ib8MVh5PusOmdI8WMjYol7V9CtRdgPVcMxB77pKLW17yG1RUhtbIUBN2Em
6Tx/VfnP/E31hFTbfHroidhIhJvKRhNa6t68er8Ccb6d9w8LaF/pMMJH01OcueLr
5sA9jB9QnhgTWX1js11zoWzYCpULxsKEfoSWs4+Hrp/gTJY3rbfm9tdqafZKM/Lb
Wf55FdneSKTh4YPA9X7a7t3/9oV8ZpW5goqm1wG+YzKOvGepRCb+1+2T3H8lfXDa
OUFfSubmodBl5WIFR+mfD5zOrgHMZfDKpplqy7VSVv7x8UC0N/gx3VFNxG4sM26R
uhDV7WVkruduYK7f8qekfxVLxFu5il+LOM7lmbJpjKT9koUKwa+gPMLp0IhyDRj2
aeJ+3brAfvEykhUf/gnWK7YcI9Ae8Zpxch1VeZeLGLhqK0MXfETWa472DI5ZepsN
NOPGItDAp8YjUFVw7jGnTV3ZhiQLTfPF66/6S3IKr2qVAPDanA+uQG0hRe4jNW3G
OXNqRAULL9+uXAsMerJSBcnYG/uNW2kiu9tyP1EqMFL4O6w5SIwFq0uJJa0HDzgL
DeG5ejCFq3R/nTvxavM/s/m/19PCjyOVjnJhqJPXwR14ORyPSB2S6sawDzF83yHm
C7FRZCiCTFu+h1kw2/QtmwCk4DDP4f0GWyt8773sMUJnuQINBFzWvMUBEADOiZ6i
Helhhq0tQvPif6JFUgSJnYHhke3KnNo5KPaOV2Oeibo/QDloM/xI/8wacNVu5mRS
zN2S0OjDjLjOJSMtRsKasCQctIw3wsbPgN+FDV/ZGC06qq3KqbDKaANDu15ySYqV
HLLiz1lCd1RsnJASK2mgJzJpQiKSv1AVV6ZaxgLEW1ihO68RlhNsTYNwsaAo9gH6
bqWbigroDbQlNyacv0DJbv3eLjmzoVdbevAUZhYdcSdhXYZM+3P9sH7EGP85s9Iu
jAp8HEd65ati6FXEqMRHjXNCYDUDiiWKEpa6GUfUqtEHroH8obbKIOeny7o5Yy4h
q9PT6cmNNC7LkGp845X2nRAfkk3rHA8xmvRQZGoU7/YLVu41HIxhx9GwHBDjX8j2
XcJfG+hltzaI6kFaf8gD5l5CWYwgHtPiVbMqWNpjMjw3xeGLpwvG9RjeAEn5zWSn
ujU9zR+rwgcXBWMuJDUZle34jmcpcch73+4wdBVnHslmzV8SqdR4Tr8SKZ1+g4il
9qp2RuhSS8uBRNSOpCsxhLDA/UhdAVCKZcEtl9/STgMA4jGVvQflxfkdN1WBZn+O
+2v+25Uibm7tbgdHsPXhPJWySnhhA8/vObE2wiRBXka/lM/b+f6+tCwW1HFQ4Gnv
92FSatz5fxOPC1pbBLjwO4ix2wkepO9Yg9sAUQARAQABiQRyBBgBCgAmFiEE/Zs/
nc67VTeo+vUhOwwQlRBxIDQFAlzWvMUCGwIFCQWjmoACQAkQOwwQlRBxIDTBdCAE
GQEKAB0WIQTvPx7ywdIHf0vXS8HwtYGA1c1xaAUCXNa8xQAKCRDwtYGA1c1xaK5T
EAC46ADzS2gIq6BSniMmrI3p+UorgYM8RNPU1lBXNdFFEDgIL1c9AWHE+lNWac+Y
R55HQn/rJNzL+kK6Oicjj+Hpby//3j2ZW5uqMHdhZJenYanr6kC0lOYiplzIieWC
Eg6493aCGFyNg/v3skqxTVq9lTq3me2Xi1u4rzPhD8lGqCjA9jS+9+bxAL6uBWAl
D5/kFC/3j440VObTmniL7falozEs3oNw9f1GpOUvBhrzlZlN1z/axAElHzsMk1Wx
bPyskHShwrgO7A83GJG9VrVmmcwsq0TMWHoPsquQjVZSUfu7tjedOixy7WA5cd0z
s6dxDtoKU0kccVvKZ48/CERaap670gX7aIhevWPAK/F26DFqgypi5ucITGbXx+Zy
ZtdpU5nVCi8FDqIQ1FEWabMGeJnnk8va4k/D+vwu8LmzF9Oyw2B0JcAg3Fsg6xJJ
w1p5uEUXsIIBOpKCj3FARZuHMEUrf1Ler4zNDhG0UKH9rQarNcKSpnat/znhD9kx
wUAYLOlhsnlCfJZ/F8NKPRPNl7zG5KJ0wwJ27C5jMLj34LZmP0vbhrWCyVqqVEHm
X3e7WamCC1SDUJl4h2aWkFcA8NAV4fXmY2d6qlp01F5kY07hF25jjOuHLyOMYjhM
UrpWNhCY43k+bjRT4aCciOBwW+i40caZemmT5l9+D1+ikyX8D/0bIEybbWcZTI+Q
2IwrV7IVaq7bj/x7GtaUtgwpOoBKb4judjwBjb2wIihVSPWYrYLpvesnUVKlYH7O
E3DeUnHA7YfRk8wjaeSHDEGVs58vieZFK4q0O//oISmNa/mPY+SlXlnJhr9+uqqf
kR9EOe6uypGLRxYJqxlUdWy+W9SoibdOhnt4Py089RAq6rlu4aQmv6xQrpPPGVTX
Pl/WW3bkPKMjyf8jfyBp4oytm4MGkZ/KPquR118AExVs1aaWWUP7HvHJgMyUT+hE
CIeCuh8SRUflr4IAsV71Bz2ozPJFWGLNnY8HJ/5i4N0uYwTDZb+akgyPsI/W9djt
i9S888XKXtRl3WLijtZeqfCA/oXDc63of+1kvVi6XeFH5mHzqqS/E1QnIoVSl0aa
SNbssiNKhe+z0gBg9GYlxM1DeDry8/85mZSO4EjbJOXoUfT5g7Xx9yc2hJgAhhWp
cL8pZnKzymgyKhPNcJLfq5UM7mkS3eUOnliymC1I1286KWOqOr9IK95FZUs/BPA+
9yb2XaawWA4h1wVGzsLJzYq0mLKHBeObArngh6zB/bQUFLdVyYQRGhOs3KI7215S
uVC4u2yAeg1vTybGJfHC8LmCxg3Q2E2XfagVKMgAPjVqz6hLsB1KhgNnVgYTMcA5
rqrKK++KxSUFYbVL9PEOdmlfRKSLUbkCDQRc1rz6ARAArZx1R1FPAS4DZN5a00tJ
sSkBk4br5PLAdWImgqGgUEFLUxaxmb6qrbI2turiOsFJPSDKf91uOKKBY/jGXJNu
pMhrUPmRlBnl2rJmtmkhby+XWSy5kxj7sWd1797ywWu7Gqs+LxGdhR1A4+Y5j8JF
PBBh9KvJaDc/oy2iG5GU1hF3LE1paU2sYsVfknzXQGl1f2AouFXE02WTqFjRa4b4
IID31gnR0jMjtzkSUMCzJctRbw3OS7C+TI0TqT+9XvEksXTfYXPzH1XIugZQYo/E
T2Pr7+5OQrX9WHHSdEyYxz0KRHNCwJlNOZ7wOsde7ttpimSh99ilq2k8RMtSFYAF
pdT1VB3MaYln4jkTQjGh/uFM8lo6czv3tDT9/ZCvWx8MpkIHaSeGgs5DPceCF4O1
WxRKt/9mCnKQ+Yz+VLWu6LVNK3U1g7g8tTqGzN0IIN0QUC3n7KIrVTFus/nZcvjY
uDE6e1zo6US+2K0jyAiBT7y96Ermwq1E6a0NuaHW4UCYsKWbNl+7uwb0pt0OwmwZ
VpyDciSda4RZs5K3FAWvnQJv21mazMMNQgp5wcxLix618p8MNvgKhBeWegyEE3yO
1qCivl9w4SLzmLMOOgmZ/jPFqAv7DMEDIqzERZd4MKYNMbePHxSvpvx+iyH9DQRL
GiK3XR4ruxIG+XG0HxASZXcAEQEAAYkCPAQYAQoAJhYhBP2bP53Ou1U3qPr1ITsM
EJUQcSA0BQJc1rz6AhsMBQkFo5qAAAoJEDsMEJUQcSA0zvUP/15CJT/4cmgQMDCK
c6tmoHL741foExbP6si2fMCam6tnxjUV1UX0XNVQALWfaAkTMmiKeeE6HitxDMY/
+vxns1G1VmikiTBgbCHQoHRJi9oIjiEhbpHI1YVXj8y63z42F9o3+ACoKUffKoL3
ZVwqUQ4SKmnPuflne1hsI2m+oCvF42z01NHQNzlZBLTFl8Xpl0h0bLUZr3+Z/KfR
f0tfGibt8XJPA2nnncxKGfJ2jbJfN4/oy05v0Qj8ZZWRLX9B6vr7JS8EAt7Usb+Q
qLLGfa4kRg8hFwBdtCSntKdx+e4UMc5osDn0PFWPTN96/BEHNupNaFE1j6/GPvb1
BIZalZRDh3Nm8ZxXxsrTASqsFvAhp9+FETgN5nAVICjjlIRiFb4Vcmb1am9CRvw/
aP9t4c17R9ddG+Qokx1mJtRc3RMLeCvXZLsEVb2FExHFZ4tguS4NtdxNpYD6cgdP
tuFImcwFGSpX3mmNVcGxHPEgAddnEuuK+/MmJjUQNSsdYiQnEbxzsnLeRQkRdH6E
X2GXMFYzBzlqNBp1loCeqULwOm2ezG2J3PuuiS6BanlunDEq6vHxb5m7MZxkDxvL
JHE3lfTDwUd4itUnXxG5ovt34you6P7dDbUVX/cSHv/WUAqeJ1HMnN05wpNv+ONg
DTeK7f91P77r+K8H8E6nN/mwat2PuQINBFzWvRUBEADPio6SKXpyc17d3GTIhRTU
c2sopueEsxiCjBxk/Ookdb2le2vfWZVrCMpeZc+dykea4MGpJY/G89ttCtn42iYT
xF/EyWIdZnv1krxcQ4S+vXJJqyHR1olcG9lM0WB58QdXP2CmlYo8A7h6UJjQbK9H
aIm7qLjb3IXVedjF9rAWTWLDOJC59hO7bcvYqLStLe9DwtR01Nd3AWGrqN3SuhFR
o4u03QM3EKBLjRSWvUF2a+xlCbysNqCNL3wC38AfvSal42E43rucvUfChtwEB9iO
WWpLCb7lQqACPhREjqG59DOq4scsIX3K5OWT+VU8DqTx7+2hDiqeOj36clGiap7h
D4xh4W/9oJm4ngVezUOSfXy2cmugEEFh9aiAQtA0b6D3uw31Ygr+RMtc8EauUddM
sTw4E1xitzCp8Yogm6TCZtYldpd9kPmY5bmiMQks4dnHEAcKuZMcNQaEFpfNtWyk
av2yTpePD9iDk4JgullY3oH1+b8Ae32XtA0ceVjvLgxHTCAIZYbaX5dNy6J1Kij1
HsdGqPaCnCfADJjS+7TurGDy1a6cgsmtJUJZy+9dhVd0S0/g3Fk3OxVGOpA5OupY
QvaZMOzBSbsZEzVxYc2gUVv699ltuUusXuHd/nrJ5Q7USE5r5i4JtoIxlDgCTY+x
ZMSoaRYj8pta2axtHzkf4wARAQABiQRyBBgBCgAmFiEE/Zs/nc67VTeo+vUhOwwQ
lRBxIDQFAlzWvRUCGwIFCQWjmoACQAkQOwwQlRBxIDTBdCAEGQEKAB0WIQS2DzvX
FsCStXFsRh5aLsOTKpg5EAUCXNa9FQAKCRBaLsOTKpg5EDNzD/9+NG/+sxhtEsvf
ZmGYPNPTPC8adKRoq/QmQlsW/5rZmZTawT7lEzrvAhclUIKyOBJuOwHXsXNPpWQF
kxaoabss7qZ35cJvtg9GMWRIEKEmUh9e9Fdbo+heANwkpbwy/Oqrc8Mcnk6mYWJb
iegtMi3j0N7HITr8sLVxpuRLfABQo7OlrKT9aXoAfiUI3Rt+C4ZrW5EfI/IUriuO
hZQlqg3DZ3UTmYaaw4rHZov2JkiU4IyknRzw3YQmdDBiUaaONwYAqCG5RPAIOgnQ
57Bic6kvc0KnScp/ZzbS4x1GkeaJlMOXi+8hfmqt7tYx2UWfNTsQMP1k3716yCC8
2Fuq9/OgBYP+Yed2P61wsp9w2r7/HCCN74LDkVCfNLw6Gm8EbLnIa/J3Y2feCuUn
hHQHRXInBFHoV47RCHoAyz7uGDncojv2ZaVmAggEmNfkMxlJ5hy1/kKC2A1t2tl/
nFiMy3xkKVMwQviGjjzpY51zh22sfecVptZ5nFG3KNa5/lhlgh0KmAP2oFgyGJQ5
2C2+UZxLRexZAt2eEWb/AV7PQbyD7w2rDXEXxbTGWCrQmQkA7M/rcAVUuKvjoLd8
Xc5uagtkyL7GgCCwB0GIb1GBrfZdg/3fmiwohudh+SBkHsAX/dxyY+n6C5PMjeyo
TB3kJntJbaaUDjL6iyFmS5TnxHXQMAXED/9w+Hs8SZU2KyZ8IXN/mLQ0PUz0TccT
Uzv8iwHP28xyX1bHTWlynpkC0qvpn1X7/ZwBAOgW+l4zyuUqtd4RKSaIMYmGcj5X
AsrcRLDoRNF5BMz/77BONHE7K3JOWb7jE3vFWPojr/LH71jF7jb3DB4Ee5bicDkr
mzwjo+gqWHlUGCgwkXv5fdpRgE/sun41EX0SByHj6lOA8uYvqiHVnyvRQFVT84bb
PrJmy04xmnQaRbZf94xm+9vquGyN47ggKuzbxUIG0+34z2INWjlm/YO/YdDu3h8R
ltvyWl5R/EnGwJClYOGlrMLsYlvKaeAhVwxAkPAJ+bxwP+u2KJdKdCSvkjOnwKu/
GPxs4QpiM2k5smwmEo+7DFnkLnNWOhHuZjFyvLQLomE21dTfIrS6zdNTHLGzGT/C
xBb9h+Q0RxaPSziPXqZCYxL3dPfOXQ3Ca36m1mm6MWxpCjsKmaCPrNzr4+/poAm+
YNCHkxhUlvx8+8b8B8z8nkcsd6/c7VX1pWYaEHHojdlWm1G7xQ1CuwquEY/S3dNj
i/t+dsWAf2i/n6grh4zE0g3kf2wZ/tAhEPbS/o0hs0GtxGsUM1R3wKVe1l3iUjv6
tHuo2JdJZxZkmvJlToU8tLe5bDYKU4/CmRLaKcTsTFN7Av/7ZyNKEvoE41GWsQng
zLjzm043cuZrbQ==
=+Xxw
-----END PGP PUBLIC KEY BLOCK-----

197
usbguard.spec Normal file
View File

@ -0,0 +1,197 @@
#
# spec file for package usbguard
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global _hardened_build 1
%define lname libusbguard1
Name: usbguard
Version: 1.1.3
Release: 0
Summary: A tool for implementing USB device usage policy
## Not installed
# src/ThirdParty/Catch: Boost Software License - Version 1.0
License: GPL-2.0-or-later
Group: System/Daemons
URL: https://usbguard.github.io
Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz
Source1: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz.sum.asc
Source2: usbguard.keyring
Source3: usbguard-daemon.conf
Source4: usbguard-rpmlintrc
Patch0: usbguard-pthread.patch
BuildRequires: asciidoc
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bash-completion-devel
BuildRequires: dbus-1-glib-devel
%if 0%{?suse_version} == 1500
BuildRequires: gcc10-c++
%else
BuildRequires: gcc-c++
%endif
BuildRequires: libcap-ng-devel
BuildRequires: libqb-devel
BuildRequires: libseccomp-devel
BuildRequires: libsodium-devel
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: polkit-devel
#BuildRequires: spdlog-static
BuildRequires: protobuf-devel
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(udev)
%{?systemd_requires}
%description
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.
%package -n %{lname}
Summary: Library for implementing USB device usage policy
Group: System/Libraries
Obsoletes: libusbguard0 < %{version}
%description -n %{lname}
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Requires: %{name} = %{version}
Requires: libstdc++-devel
Requires: pkgconfig
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package tools
Summary: USBGuard Tools
Group: System/Management
Requires: %{name} = %{version}-%{release}
%description tools
The %{name}-tools package contains optional tools from the USBGuard
software framework.
%prep
%autosetup -p1 -n usbguard-%{version}
%build
%if 0%{?suse_version} == 1500
export CXX=g++-10
# gcc10 has no gcc10-PIE yet, enforce manually (see boo#1195628 for progress)
export CPPFLAGS='-fPIE'
export LDFLAGS='-pie'
%endif
mkdir -p ./m4
autoreconf -fiv
%configure \
--disable-silent-rules \
--with-bundled-catch \
--with-bundled-pegtl \
--enable-systemd \
--with-dbus \
--disable-static
make %{?_smp_mflags}
%check
# while we specify --with-bundled-catch, it is not there :(
# make check
%install
%make_install INSTALL="install -p"
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard
# Install configuration
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
install -p -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
# zsh completion, currently needs manual intervention
mkdir -p %{buildroot}%{_datadir}/zsh/site-functions/
install -p -m 644 scripts/usbguard-zsh-completion %{buildroot}%{_datadir}/zsh/site-functions/_usbguard
# turn off system call filtering in Leap 15.X, as it interferes with daemon start up (boo#1173750)
%if 0%{?suse_version} == 1500 && 0%{?is_opensuse}
sed -i '/^SystemCallFilter=@system-service/d' %{buildroot}%{_unitdir}/usbguard.service
%endif
# Cleanup
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
%preun
%service_del_preun usbguard.service usbguard-dbus.service
%post
%service_add_post usbguard.service usbguard-dbus.service
%postun
%service_del_postun usbguard.service usbguard-dbus.service
%pre
%service_add_pre usbguard.service usbguard-dbus.service
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%files
%doc README.adoc CHANGELOG.md
%license LICENSE
%{_sbindir}/usbguard-daemon
%dir %{_localstatedir}/log/usbguard
%dir %{_sysconfdir}/usbguard
%{_sbindir}/rcusbguard
%{_sbindir}/usbguard-dbus
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
%{_unitdir}/usbguard.service
%{_unitdir}/usbguard-dbus.service
%{_mandir}/man8/usbguard-daemon.8%{?ext_man}
%{_mandir}/man8/usbguard-dbus.8%{?ext_man}
%{_mandir}/man5/usbguard-daemon.conf.5%{?ext_man}
%{_mandir}/man5/usbguard-rules.conf.5%{?ext_man}
%{_datadir}/bash-completion/completions/usbguard
%dir %{_datadir}/zsh
%dir %{_datadir}/zsh/site-functions
%{_datadir}/zsh/site-functions/_usbguard
%{_datadir}/dbus-1/system-services/org.usbguard1.service
%{_datadir}/dbus-1/system.d/org.usbguard1.conf
%{_datadir}/polkit-1/actions/org.usbguard1.policy
%files -n %{lname}
%license LICENSE
%{_libdir}/*.so.*
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files tools
%{_bindir}/usbguard
%{_bindir}/usbguard-rule-parser
%{_mandir}/man1/usbguard.1%{?ext_man}
%changelog