From 9ab225bc2abe01830ff964fa99f18aed82919c461f9f45f5e28d6d6f302fd7ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 6 Aug 2024 14:18:13 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main usbguard revision 02ba009184886858c17c2d423e422769 --- .gitattributes | 23 ++ usbguard-1.1.3.tar.gz | 3 + usbguard-1.1.3.tar.gz.sum.asc | 15 ++ usbguard-daemon.conf | 173 +++++++++++++++ usbguard-pthread.patch | 13 ++ usbguard-rpmlintrc | 2 + usbguard.changes | 355 ++++++++++++++++++++++++++++++ usbguard.keyring | 401 ++++++++++++++++++++++++++++++++++ usbguard.spec | 197 +++++++++++++++++ 9 files changed, 1182 insertions(+) create mode 100644 .gitattributes create mode 100644 usbguard-1.1.3.tar.gz create mode 100644 usbguard-1.1.3.tar.gz.sum.asc create mode 100644 usbguard-daemon.conf create mode 100644 usbguard-pthread.patch create mode 100644 usbguard-rpmlintrc create mode 100644 usbguard.changes create mode 100644 usbguard.keyring create mode 100644 usbguard.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/usbguard-1.1.3.tar.gz b/usbguard-1.1.3.tar.gz new file mode 100644 index 0000000..5db5667 --- /dev/null +++ b/usbguard-1.1.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:707dad2938923202697f636c2b4e0be80f192242039a2af3fc7ac35d03f78551 +size 1667784 diff --git a/usbguard-1.1.3.tar.gz.sum.asc b/usbguard-1.1.3.tar.gz.sum.asc new file mode 100644 index 0000000..5584d45 --- /dev/null +++ b/usbguard-1.1.3.tar.gz.sum.asc @@ -0,0 +1,15 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +707dad2938923202697f636c2b4e0be80f192242039a2af3fc7ac35d03f78551 usbguard-1.1.3.tar.gz +-----BEGIN PGP SIGNATURE----- + +iQEzBAEBCAAdFiEE42iwrWP0zIT/S4Xa9XeK14XjWB8FAmZhyycACgkQ9XeK14Xj +WB+5uQf/aJcNck4JNAWtoIwbxYvZO+eQdir+73SF611d7ixkc9woPnsnPzKXgmsl +JZi0+bzcoJl96Eu/C7hANaRFgamJhlxiV8VgtPiaMi9OIa+4SbqHoHaIjFKovM0G +5QmJGAuZ92nalgy0nSg0dHCK3skEfGzVdr6yxtC494Di8otiCvqrZh8iPFAQLLpW +n0qtM1drOo25S8jb232sVRc1kMfI7D88gtK/kFkSWALwJBB1W/YwqYVao0z2pifR +g9WyqWHJHOE/v2+myQcuW4drYJC9G2/N12AH8duPmnUPaLljk2S9K3131UYoP9wi +Xg8AhQlYXdVvvWI//TyXafgv8p97GQ== +=LYjm +-----END PGP SIGNATURE----- diff --git a/usbguard-daemon.conf b/usbguard-daemon.conf new file mode 100644 index 0000000..bb56871 --- /dev/null +++ b/usbguard-daemon.conf @@ -0,0 +1,173 @@ +# +# Rule set file path. +# +# The USBGuard daemon will use this file to load the policy +# rule set from it and to write new rules received via the +# IPC interface. +# +# RuleFile=/path/to/rules.conf +# +RuleFile=/etc/usbguard/rules.conf + +# +# Implicit policy target. +# +# How to treat devices that don't match any rule in the +# policy. One of: +# +# * allow - authorize the device +# * block - block the device +# * reject - remove the device +# +ImplicitPolicyTarget=block + +# +# Present device policy. +# +# How to treat devices that are already connected when the +# daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentDevicePolicy=apply-policy + +# +# Present controller policy. +# +# How to treat USB controllers that are already connected +# when the daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentControllerPolicy=keep + +# +# Inserted device policy. +# +# How to treat USB devices that are already connected +# *after* the daemon starts. One of: +# +# * block - deauthorize every present device +# * reject - remove every present device +# * apply-policy - evaluate the ruleset for every present +# device +# +InsertedDevicePolicy=apply-policy + +# +# Restore controller device state. +# +# The USBGuard daemon modifies some attributes of controller +# devices like the default authorization state of new child device +# instances. Using this setting, you can controll whether the +# daemon will try to restore the attribute values to the state +# before modificaton on shutdown. +# +# SECURITY CONSIDERATIONS: If set to true, the USB authorization +# policy could be bypassed by performing some sort of attack on the +# daemon (via a local exploit or via a USB device) to make it shutdown +# and restore to the operating-system default state (known to be permissive). +# +RestoreControllerDeviceState=false + +# +# Device manager backend +# +# Which device manager backend implementation to use. One of: +# +# * uevent - Netlink based implementation which uses sysfs to scan for present +# devices and an uevent netlink socket for receiving USB device +# related events. +# * umockdev - umockdev based device manager capable of simulating devices based +# on umockdev-record files. Useful for testing. +# +DeviceManagerBackend=uevent + +#!!! WARNING: It's good practice to set at least one of the !!! +#!!! two options bellow. If none of them are set, !!! +#!!! the daemon will accept IPC connections from !!! +#!!! anyone, thus allowing anyone to modify the !!! +#!!! rule set and (de)authorize USB devices. !!! + +# +# Users allowed to use the IPC interface. +# +# A space delimited list of usernames that the daemon will +# accept IPC connections from. +# +# IPCAllowedUsers=username1 username2 ... +# +IPCAllowedUsers=root + +# +# Groups allowed to use the IPC interface. +# +# A space delimited list of groupnames that the daemon will +# accept IPC connections from. +# +# IPCAllowedGroups=groupname1 groupname2 ... +# +IPCAllowedGroups= + +# +# IPC access control definition files path. +# +# The files at this location will be interpreted by the daemon +# as access control definition files. The (base)name of a file +# should be in the form: +# +# [user][:] +# +# and should contain lines in the form: +# +#
=[privilege] ... +# +# This way each file defines who is able to connect to the IPC +# bus and what privileges he has. +# +IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/ + +# +# Generate device specific rules including the "via-port" +# attribute. +# +# This option modifies the behavior of the allowDevice +# action. When instructed to generate a permanent rule, +# the action can generate a port specific rule. Because +# some systems have unstable port numbering, the generated +# rule might not match the device after rebooting the system. +# +# If set to false, the generated rule will still contain +# the "parent-hash" attribute which also defines an association +# to the parent device. See usbguard-rules.conf(5) for more +# details. +# +DeviceRulesWithPort=false + +# +# USBGuard Audit events log backend +# +# One of: +# +# * FileAudit - Log audit events into a file specified by +# AuditFilePath setting (see below) +# * LinuxAudit - Log audit events using the Linux Audit +# subsystem (using audit_log_user_message) +# +AuditBackend=FileAudit + +# +# USBGuard audit events log file path. +# +AuditFilePath=/var/log/usbguard/usbguard-audit.log + diff --git a/usbguard-pthread.patch b/usbguard-pthread.patch new file mode 100644 index 0000000..ef2ea85 --- /dev/null +++ b/usbguard-pthread.patch @@ -0,0 +1,13 @@ +Index: usbguard-0.7.4/Makefile.am +=================================================================== +--- usbguard-0.7.4.orig/Makefile.am ++++ usbguard-0.7.4/Makefile.am +@@ -357,6 +357,7 @@ usbguard_daemon_CPPFLAGS=\ + @audit_CFLAGS@ + + usbguard_daemon_LDADD=\ ++ -lpthread \ + $(top_builddir)/libusbguard.la \ + @ldap_LIBS@ \ + @seccomp_LIBS@ \ + diff --git a/usbguard-rpmlintrc b/usbguard-rpmlintrc new file mode 100644 index 0000000..294bb9e --- /dev/null +++ b/usbguard-rpmlintrc @@ -0,0 +1,2 @@ +# usbguard ships zero length rules.conf by default +addFilter("zero-length /etc/usbguard/rules.conf") diff --git a/usbguard.changes b/usbguard.changes new file mode 100644 index 0000000..a59656d --- /dev/null +++ b/usbguard.changes @@ -0,0 +1,355 @@ +------------------------------------------------------------------- +Thu Jun 6 18:02:42 UTC 2024 - Robert Frohl + +- update to 1.1.3 + * Fix typo in CLI --help message: "privilges" -> "privileges" + * Harden service file: Set OOMScoreAdjust to -1000 + * Specify what happens when neither RuleFile nor RuleFolder is set + * The parent process should wait for the first child process to finish in forking mode(-f) + * dbus: check whether the client wanted interactive authentication + * Add missing .adoc files to the tarball + * Replace problematic terms with alternatives + * Fix CI by fixing calls to ldap-utils + * Describe comments in the manual page + * Store permanent rules even if RuleFile is not set but RuleFolder is. + * Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 + * Bump GitHub Actions off deprecated actions/checkout@v2 + * Actions(deps): Bump actions/checkout from 3.5.2 to 4.1.1 + * Add "--version" option to the usbguard CLI + * ruleset: detect integer overflow of the ID and bail out + * Enable RuleFolder by default + * Fix CI and RuleSet::assignID regressions +- Removed build_gcc13.patch, included upstream + +------------------------------------------------------------------- +Tue Feb 20 15:58:57 UTC 2024 - Dominique Leuenberger + +- Use %autosetup macro. Allows to eliminate the usage of deprecated + %patchN + +------------------------------------------------------------------- +Tue Mar 28 08:25:34 UTC 2023 - Robert Frohl + +- Fix build failure with gcc13, add build_gcc13.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:55:51 UTC 2022 - Robert Frohl + +- update to 1.1.2 + * Fixed + - Polkit: Always allow getParameter/listDevices/listRules in active sessions + - D-Bus: Send reply on auth failure + - Polkit: Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed + +------------------------------------------------------------------- +Tue Apr 5 12:26:09 UTC 2022 - Dominique Leuenberger + +- When running autoreconf, do it complete so that it does not trip + over different versions of libtool being used. + +------------------------------------------------------------------- +Wed Mar 16 13:02:20 UTC 2022 - Robert Frohl + +- update to 1.1.1 + * Fixed/Changed + - Use authentication instead of authentification + - Restore support for access control filenames without a group + +------------------------------------------------------------------- +Tue Mar 1 16:31:24 UTC 2022 - Robert Frohl + +- Enable dbus support (bsc#1196621, jsc#PED-3824). + +------------------------------------------------------------------- +Fri Feb 25 10:43:56 UTC 2022 - Robert Frohl + +- Fix build for Leap and SLE by using newer gcc version + +------------------------------------------------------------------- +Thu Feb 24 14:49:05 UTC 2022 - Robert Frohl + +- update to 1.1.0 + * Added + - Started building with C++17 + - Tree-like list-devices output + - Added CAP_AUDIT_WRITE capability to service file + - Added support for lower OpenSSL versions prior to 1.1.0 + - Added a new signal: DevicePolicyApplied + * Fixed/Changed + - Moved PIDFile from /var/run to /run + - Fixed linker isssues with disable-static + - Enhanced bash-completion script + - Make username/group checking consistent with useradd manual page definition (with addition of capital letters) + - Fixed multiple IPC related bugs + - Fixed race condition when accessing port/connect_type for USB devices + - Using bundled catch v2.13.8 + - Using bundled PEGTL v3.2.5 + - Fixed usbguard-rule-parser file opening + - CVE-2019-25058: Fix unauthorized access via D-Bus (boo#1196460) +- remove usbguard.service.in.patch applied upstream + +------------------------------------------------------------------- +Thu Aug 5 15:26:54 UTC 2021 - Robert Frohl + +- move usbguard.pid from /var/run to /run + added usbguard.service.in.patch + +------------------------------------------------------------------- +Wed Jan 13 16:05:00 UTC 2021 - Robert Frohl + +- update to 1.0.0 + * Added openssl support + * Starting with libtool versioning + * Added interface for IPC permission query + * Introduced partial rule concept fo CLI + * Added WithConnectType for ldap rule + * Daemon does not apply the policy when "change" action event appears anymore + * IPCClientPrivate@disconnect is thread safe + * Enforced loading of files from .d/ direcory in alfabetical order + * Improved CLI behaviour to be consistent + * Clarified rule's label documentation + +------------------------------------------------------------------- +Fri Oct 2 15:12:06 UTC 2020 - pgajdos@suse.com + +- drop useless build dependency on aspell (aspell is going to be + removed from tumbleweed) + +------------------------------------------------------------------- +Thu Jul 9 12:57:34 UTC 2020 - Robert Frohl + +- disable system call filtering in systemd service file for Leap 15.X (boo#1173750) + * daemon wont start on Leap otherwise + +------------------------------------------------------------------- +Tue Jun 16 11:40:03 UTC 2020 - Robert Frohl + +- update to 0.7.8 + + Fixed segfaults with rules.d feature +- update to 0.7.7 + + Added readwritepath to service file + + Added match-all keyword to rules language + + Added rules.d feature: daemon can load multiple rule files from rules.d/ + + Included with-connect-type in dbus signal + + Fixed sigwaitinfo handling + + Fixed possible data corruption on stack with appendRule via dbus + + Fixed ENOBUFS errno handling on netlink socket: daemon can survive and wait until socket is readable again + + Dropped unused PIDFile from service file + + Dropped deprecated dbus-glib dependency + +------------------------------------------------------------------- +Thu Jan 30 18:26:34 UTC 2020 - Stefan BrĂ¼ns + +- update to 0.7.6 + + Added missing options in manpage usbguard-daemon(8) + + Extended the functionality of allow/block/reject commands + The command can handle rule as a param and not only its ID e.g. + in case of allow, command will allow each device that matches + provided rule + + Added debug info for malformed descriptors + + Changed default backend to uevent + + Fixed handling of add uevents during scanning + Now we are sure that the enumeration is completed before + processing any uevent we are trying to avoid a race where + the kernel is still enumerating the devices and send the + uevent while the parent is being authorised + + Silenced 'bind' and 'unbind' uevents +- Remove PEGTL build dependency, the package already uses the + bundled version, and there is hardly any reason to unbundle + a template (header only) library. +- Remove Qt5 build dependencies, Qt applet is a separate package. +- Use pkgconfig(udev) instead of udev-devel to allow shortcut + via udev-mini. + +------------------------------------------------------------------- +Mon Jul 22 09:54:57 UTC 2019 - Robert Frohl + +- update to 0.7.5 + - Added daemon configuration option HidePII + - Added check to avoid conflict between ASAN and TSAN + - Added daemon configuration option for authorized_default + - Added devpath option to generate-policy + - Added # line comments to the rule grammar + - Added ImplicitPolicyTarget to get/set parameter methods + - Added option to filter rules by label when listing + - Added the label attribute to rule + - Added PropertyParameterChanged signal + - Added support for portX/connect_type attribute + - Added temporary option to append-rule + - Added versioning to DBus service + - Added optional LDAP support + - Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered + - Fixed KeyValueParser to validate keys only when known names are set + - Fixed uninitialized variables found by coverity + - Fixes and cleanups based on LGTM.com report + - Hardened systemd service + - Rename ListRules parameter 'query' to 'label' + - Skip empty lines in usbguard-rule-parser + - The proof-of-concept Qt applet was removed. It is going to be maintained + in a simplified form as a separate project. + Removed: usbguard-applet-qt_desktop_menu_categories.patch + Modified: usbguard-pthread.patch +- Updated usbguard.keyring to add new gpg key for upstream: 5A2EC3932A983910 + +------------------------------------------------------------------- +Mon Jul 22 09:50:04 UTC 2019 - Marcus Meissner + +- link against libpthread to make it build (bsc#1141377) +- added usbguard-pthread.patch + +------------------------------------------------------------------- +Wed May 22 13:38:28 UTC 2019 - Christophe Giboudeaux + +- Run spec-cleaner +- Add the missing systemd build requirement. + +------------------------------------------------------------------- +Tue Jan 15 16:28:33 UTC 2019 - Robert Frohl + +- use upstream usbguard.service instead of hardcoded version (bsc#1120969) + +------------------------------------------------------------------- +Wed Nov 7 17:38:38 UTC 2018 - Jan Engelhardt + +- Fix RPM groups. Avoid pointless shelling out to /bin/rm. + +------------------------------------------------------------------- +Tue Oct 9 09:48:44 UTC 2018 - Robert Frohl + +- changed zsh completion location +- added rpmlint for zero size rules.conf + +------------------------------------------------------------------- +Tue Oct 9 08:05:02 UTC 2018 - Robert Frohl + +- added signature verification of tarball + - add usbguard-0.7.4.tar.gz.sig + - add usbguard.keyring + +------------------------------------------------------------------- +Mon Oct 8 14:19:55 UTC 2018 - Robert Frohl + +- update to 0.7.4 + - Changed + Fixed conditional manual page generation & installation + +- update to 0.7.3 + - Changed + usbguard-daemon will now exit with an error if it fails to open a logging file or audit event file. + Modified the present device enumeration algorithm to be more reliable. Enumeration timeouts won't cause usbguard-daemon process to exit anymore. + + - Added + umockdev based device manager capable of simulating devices based on umockdev-record files. + +- update to 0.7.2 + - Changed + Fixed memory leaks in usbguard::Hash class. + Fixed file descriptor leaks in usbguard::SysFSDevice class. + Skip audit backend logging when no backend was set. + + - Added + Added zsh completion & other scripts to the distribution tarball. + +- update to 0.7.1 + - Added + CLI: usbguard watch command now includes an -e option to run an executable for every received event. Event data are passed to the executable via environment variables. + usbguard-daemon: added "-K" option which can disable logging to console. + Added zsh autocompletion support. + usbguard-daemon: added "-f" option which enabled double-fork daemonization procedure. + Added AuditBackend usbguard-daemon configuration option for selecting audit log backend. + Linux Audit support via new LinuxAudit backend. + Added missing RuleCondition.hpp header file to the public API headers. + + - Changed + Qt Applet: disabled session management + usbguard-daemon console logging output is enabled by default now. Previously, the -k option had to be passed to enable the output. + Replaced --enable-maintainer-mode configure option with --enable-full-test-suite option. When the new option is not used during the configure phase, only a basic set of test is run during the make check phase. + usbguard-daemon now opens configuration in read-only mode + Fixed UEventDeviceManager to work with Linux Kernel >= 4.13 + Refactored audit logging to support different audit log backends + Made the configuration parser strict. Unknown directives and wrong syntax will cause an error. + + +- Added usbguard-applet-qt package to allow easier user interaction +- Added usbguard-applet-qt_desktop_menu_categories.patch to fix category +- Updated usbguard-daemon.conf to upstream version +- Removed obsolte patch usbguard-fixes.patch +- Added rules.conf, fixing bsc#1071076 + +------------------------------------------------------------------- +Wed Sep 6 10:48:23 UTC 2017 - meissner@suse.com + +- updated to 0.7.0 + - Added + Added InsertedDevicePolicy configuration option to control the policy method for inserted devices. + Added RestoreControllerDeviceState configuration option. + Added DeviceManagerBackend configuration option. This option can be used to select from several device manager backend implementations. + Implemented an uevent based device manager backend. + Added setParameter, getParameter IPC (incl. D-Bus) methods. + Added set-parameter, get-parameter CLI subcommands. + Qt Applet: Added Spanish (es_AR) translation. + Create empty rules.conf file at install time (make install). + Support for numeric UID/GID values in IPCAllowedUsers and IPCAllowedGroups settings. + If bash completion support is detected at configure time, install the bash completion script during make install. + Added new configuration setting: IPCAccessControlFiles. + IPC access is now configurable down to a section and privilege level per user and/or group. + Added add-user, remove-user usbuard CLI subcommands for creating, removing IPC access control files. + Added AuditFilePath configuration option for setting the location of the USBGuard audit events log file path. If set, the usbguard-daemon will log policy and device related actions and whether they succeeded or not. + + - Removed + + Removed UDev based device manager backend and UDev related dependencies. + Removed UDev development files/API dependecy + + - Changed + + Reset Linux root hub bcdDevice value before updating device hash. This is a backwards incompatible change because it changes how the device hash is computed for Linux root hub devices. + Refactored low-level USB device handling into SysFSDevice class which represents a device in the /sys filesystem (sysfs). + Removed usage of readdir_r because it's obsolete. Replaced with readdir with the assumption that its usage is thread-safe if the directory handle passed to it is not shared between threads. + Extended test suite with use case tests. + Install the usbguard-daemon configuration and policy file with strict file permissions to prevent policy leaks. + Fixed several memory leaks. + Don't pre-resolve user and group names in IPCAllowedUsers and IPCAllowedGroups settings. Instead, resolve the name during the IPC authentication phase. + +- Updated to 0.6.2 + + Wait for disconnect in IPCClient dtor if needed + Qt Applet: Fixed loading of decision method and default decision settings + +- Updated to 0.6.1 + + - Changed + + Refactored logging subsystem + Fixed handling of IPC disconnect in the IPCClient class + Qt Applet: Fixed handling of main window minimization and maximization + Fixed building on architectures that don't provide required atomic operations. + The libatomic emulation library will be used in such cases. + Fixed several typos in the documentation + + - Added + + Implemented a simple internal logger + Access to the logger via public API + Improved logging coverage. Logging output can be enabled either via + CLI options or by setting the USBGUARD_DEBUG environment variable to 1. + Qt Applet: UI translation support. + Qt Applet: Czech (cs_CZ) translation + + - Removed + + Removed spdlog dependency + +- .... ommitted changes from 0.5* series .. + +------------------------------------------------------------------- +Tue Mar 1 12:08:51 UTC 2016 - meissner@suse.com + +- split off a library package libusbguard0 + +------------------------------------------------------------------- +Sun Jan 31 09:40:56 UTC 2016 - meissner@suse.com + +- a daemon and framework and tools to guard against bad usb + devices. + diff --git a/usbguard.keyring b/usbguard.keyring new file mode 100644 index 0000000..2cc2959 --- /dev/null +++ b/usbguard.keyring @@ -0,0 +1,401 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFl1/A8BEACeJdXstYB0gOj2LdvIL/wwusjCc/TwEs295Hqgq8qhN78Z4LXS +HHO2r3VAQWMQN/0hmNb5MacrSjWMfv1wgTfAnRuEiV1UvgM9p5wEYYUc/Oy31vxb +ZVUmyLyiFOwnL6pPP9rK3Z/LXP1gZmKAV0GmHL1c8Va1ZvTDJk9cIx565k0cDvnb +RAI6mWnD1EXiwfh6ygkruOZ406kQ4CEQvKVM6mTd0eFuzU9C0SQUI5SZiXsuKY4D +8eB9W/exKP2+02cbu8qjyginJhRTQUzNrVH0MUkV4r+s0LIGxCN/GTp6riI8svlR +oSKt+7ISGbm5Srxy/KBsebkVGWpm9eiyQMYExOqmhfAwAdvw4r7BkAL/CCuX7f4u +dHoJIqSCaXyY8lXEvDq8eLEm0Ty2ntfB1bWT+kfd2bEzQcKQXFporGh9VWyuAPs4 +G1nNvZjM1VgkLRrDyLYrTdt+MizAnjqc5ZzBEqLVfYHU1pfgYPuAtSIqkCh0JnVH +J1JLxGjTx2AideeW1CKC6gCoIL55+/JrK7dKR5P/j5s+Kk8pOrOkQkkLvMf//PrF +lqBj1CYKrGsqccg0SeCwFIr3nCofji1W+vyZRbAxWz0c/Rev1eJc2k9rUOh61a64 +mXfZnUuh2pGP5gB1hHkmlvY2+S/CUs7HB8bV5NPme7b5JMwcYrRIrHSDxQARAQAB +tCNEYW5pZWwgS29wZcSNZWsgPGRuazE2MThAZ21haWwuY29tPokBMwQQAQgAHRYh +BB/mNI7eqCWiKXDlxI3TBA8SPMP0BQJbcLU5AAoJEI3TBA8SPMP0TUsIALHp7c6W +MznqWzWyHQiKGJxYH2iaKwoBXUQzurscocR7fRZaJTdXcrAjw+YiKwdLVyQEqZIn +eCujPIQIt1hxVro1Jq32kYIvPlQWSz8yykQVL/TExIDyVueLU1A6JnNBQLvP2XDV +sM8BJc8rtoWC/1wc2Vps6f8QS0oE0G/ocZ1uV0Gj0XEH8zJ+0m/K0uw9YnX5XgTY +qeiFgz4nUqRxfxfRY494eQS0OzBp7j2iiQMnmw4YMgU+DiURvYuTHVpBHVMlnhHr +jU5JpIiTw6VnJgeLKC9+aWabmaxdOS3Gq5D+fVarZXMYBttWB5kncvfMIBSVUwZy +WKlSo3MyrrLo8OCJATMEEAEIAB0WIQRswFHTwdmkr54mDFjT45SsdE4uuwUCW3ha +DQAKCRDT45SsdE4uu8fUB/0VZxBevmc4jetXxFh2+9cmtXOYLuhUjQa2/OwRmEO6 +INVYzgkcm/BCNCQ8aYUEcyof/LJHH6nsVMLHs83STjAlkHUVjmJfMz8mm2szIuhH +UGWaTbE+cCdAA+dJA2qqhObL1Q9ZDkcIF2H+4Wc5RJFPqif7wN2TzivLdMuckO1p +fQV8TWBODc4K+GW3jwKmhL+/UZ8LNfERSPI6D14AQ+2qnkAB3zPEL0gRpzzmv2EU +ZZBxNvDMbK/EGaJfiJxI737QA8P0I9Igy905Zd8am9IxbPt/M2g1CrR5ateVxjTG +a5Mc18gW1RhCfXo21k1YvDZLIQR6m9vVcRHwz51Pq8GPiQEzBBABCAAdFiEE9n59 +boAPJA6D68hn/2rJpkZN8JwFAlr5kDwACgkQ/2rJpkZN8Jyv7Qf/bXBBoU2i911p +vEDNx1p0GB3SRa+JUhXpzSJHkM7O4a1PmPRaEBiX5fy4pNwWeJ4V6s1dwK8GDUTm +C+FZZCj42OlbxaiZ+nYkKKmOUpP5S1oqPGjCwmJ03MYqoV2i7Ht7Dh9XCxyLQiKf +pynlKRpnUaUNyWKVdCQHkH1bIrKhVRhGqLpQ748OnOdCdTVfrzTEZA/NzFEMaFIe +tLOR75pWKvsxd/qu1P6IGHdaI2SF1Bry7EnZoUSXjfnmaYo/mblx15ZsRH3tzIbR +TWJUm88UJJMNiDN0dZ3V3fyyX/cbWP39HrdAJLcrl9yKj/hskp0J4POfECickdHv +C5YhwzEuO4kCVAQTAQoAPhYhBEMMGSiWAVfMRfob66oGEgUwrgRmBQJZdfwPAhsD +BQkJZgGABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEKoGEgUwrgRme8EP/jX8 +4SGkTJHHyn9b+ay1fs8WM1GvCYt1PayGc1FaZmERzS2VMpmCMZyN/d3MFmxL+MZs +wXi0z8Y4r+pai2SIeSshDafLY7C6H3O5vbzQ9UxY/Id5LO/iZBokBbvFH+PS9EUK +7VLDZX96NZvKGbwDGDSGueKqVSbbzaxjM/+vgBKtKL/9h/uECsdqhE4MEF0IpMZb ++zz9aRsk3t1jLIVObI/zsW27yI19taEUHeVLGDCTVhHGa/Dc4iyXtAEn0EzMg0ID +XrAEg3z3L3wMkp6Rqd1GGVlHP10ASj7tro+7CJUYIiuHkgGPtUhNZZE9A1mv56UM +vWNE6lqrlDYYkeIfJT7u4inj3fLfNG74kwFuZ9sR0FLO1VoTQ5vY5OzW9qXltsiz +eljWSLCxXn8Ie93+5lZPDynzWNoLo4OjvE8jS1cjrN+rLAxE9yrSRR0pEfErGwZk +J4EAe812BG5/Kj4EvYCUTiWlRlh6gI7hTFannlciPSnenCzejNNfeFVEgP2Ig8Hw +5D26yoSi5+Ffs1P02uyWtO2cF/BKQF8TJ8ZI52kNgulEdAE6AZc+UQei7D515VNi +tbZ4XCJfo7T4AnSjXulwa++LVDJhU9QHxzz5h0lv7B+Lfe2Sz51qhCqfG1CNkxdg +yr6fy8FHeFCFeW2OgBcKuFbZ4oo/O0PX7uYXLCuouQINBFl1/A8BEAC33oSJW+/m +6iDZ7UJTCGkihCUU0FNqvP20v4o7fraH5u6zaJJ8kDYOXW4C+2PcJJpaSOV+prmZ +zm00g4Qh0k1YpR4vUH+g9AfFvtj5znA/wnb1MyA/8yVkzTcfR/+kLFyUWMfn0E7O +skp1kMY63roiL+9YKhOP9a75+E85RX6trkrbJ8oatGs+oxbXCzcmfTGSkn2CQN8f +SVpA1UjNgn+fy/Uc5LTPfLZCPzzXtmLg5jnhQCQy2OG+EqFWRxanPhfS3J61/q2i +uXNLaqaMDS9pgM9Sv9YK1/S1uxv5BfOpde3AA+oeFs3V6AZHPPaKafPute7s488O +xDMlPeLs+293W2KBC9SuAKT4t8TiJNsn5plj53bZVozKJEGCOw3lwg753F+15J8U +jQl8PGAs9z7h9Ub1cfbHMTT6ogiLNRjoexCa5yRGWeR0KnETXQRyyuQBG8SjbmJE +9AVaYXvYq1ypohkwYDM3v/2GaXuaSrC3JypaUmCcFwv9LlfspSzDJHB3v/wsEkUx +ehSuM/Q5dgPuRxBQIDW91cdyHulXoCsGcbmnihaZgEKIZ4O17G1sNpdnUKKkVO/2 +BMgzqnEMNY7p2Y3lZaz6wzp+owuWlStn68umyLhUMnwzdJMCcfe1jRlfwnxHa1YX +QmjWfMX5kNencyiuWOOLVX2MFYuG9wlxdwARAQABiQI8BBgBCgAmFiEEQwwZKJYB +V8xF+hvrqgYSBTCuBGYFAll1/A8CGwwFCQlmAYAACgkQqgYSBTCuBGb8Ag//RiMs +Tt1IB3BDUHzT82MbJtUrPVrhl4jZmrcUl/r4G/XTU5S2JCoNzYsDmuvtHftuewzu +gAwiXvRDZHivKZowXEd4yNcxLEqIWD4Rrbiw/mvoMSTLDnPt4rOBFzbZ30FNg2l8 +Njm3kcpnBtTHAb+0ZfiH4DZPn0XOvY9qOLLZhqvM62hM3uiQHjSmgr2i2KOADka/ +Zj/jZV4N0aBEYyD+234bOn/AjGae7QZFMTDA8AediDy4fFw/tBDFQPKsvxME8KF7 +huQSvWD6xyFrNUfOVpofsWzMglyD/Cht6TZMrnrbaerSNHoNC3byiMgfRWBknxOK +iZXp542tz2SGjf6Gq2prxYmMTpCNAifDamOO5HfQDv9DmHu2eIoDoUTeB1Ywu0Ns +liviMlIU86s47RclPX2jp7gURR+vdTzP5PKNCMFCt2/odlnZmbHgG/h7sFvStUMa +upbNmJDs6D7b6Z4EfPtDl4K3KnNAkfHpWRRoDxO6qpt77Gc4uoHyZWRDKxZKU8NO +JIFfC4wyxKV9Nz6an7r+NtUAANB355cxS51fXSP6ceNWpcSXpqmI79PYRhAVQmKh +ZdrIU6qtFM4BTqsPUL3gHTMMakf1oEshx0dDbiQutlAD9HvG1MOd9WFD6s1MLG6U +LmhEkzyMPxMr78Qz6fSV6kQkC6sLpQbC2gv0x4S5Ag0EWXX8pAEQAN49KL6jWwod +Z8QfYWXKdu6nj61WghQYHrmFURI0LagyJF2wI8YDODaTo7+ERB4rJD5SKilk3KoG +OwvrP4AsYK+Y1p5G2f3LgAjSsZhU+RgmxO6TdqQr5ySNChXw7n0jC1qFiT1O30dw +BLrg6KvhJEdxRCxmnwKYd6O0cwffuh3oto/u/E+ByhHE6cRwK9+srrfryH1qWVIf +HgnM0Ii9/SLPmiqsOfEn+gpNrpSgJtj4ll0M1GO8qWuEWGyuH7eIctmrJuCzjIrv +rCETKBbfi76fQawIdHyGQGjLznV9d5iKiaYQJlPRz+8Q+01QidxRlOsIHLM7kj/H +VJTQZhfxpQfRhmno28GIioVSFtaaFjANqp/IW+vQDxQzIBfoWmCRdzJe/uqZEmNF +fZYX3e61BmAgMVorXDASrZrQLyN6ZdYXhxoz3JzUu72CThoC6Am91Ash4NDEazFh +C6Uw7QRb+s4un22ric8EFF6ytsx0RjsdQhlpgiQPAUMK7ixZrzSzOkxgCPhPDy8R +/g2//n8m/DsEZy8guHXCloo2KiSR8gaO/axBrZpildUQXmYBU0l41Ajk+TuHEE4i +MyXEES2sJWul49syx6yNyJE8d1ERQ77W/dxVEwAI+f7NzUSzn53/fuL8wmZVagAw +9y+knXp77UX21CAwB3J7wYJdbay4fiWrABEBAAGJBHIEGAEKACYWIQRDDBkolgFX +zEX6G+uqBhIFMK4EZgUCWXX8pAIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoA +HRYhBHfj2KJVtdXB+owmGzKid+oJFNJMBQJZdfykAAoJEDKid+oJFNJMpw8P/1V0 +zcPg8slsNQIska0qF6bTj8oN1iBlua8LZGvNM3/8x9hgx9u/uVN2vFmRBTUqd18t +d7Gk3uTOMxHz77F0F21N545CUSYFpMHVfrNtMXihPgICfV9ZYj/ktqlceRZJ60gr +Q8Ccnywy4S03EaumLqta4AeQRbHBj6dsH5MNekNxilGv1h+N2kRnlidIBRZ5fDGb +EkkkBfxMjlCfhb/ICP05SJFfVoUWKv6mwtaP0JRYiCrh1nHXyGwhh9GigmTls5Qa +UMhRWf6iVO5QyS8BBsL7XxU2hTtInsE8KWYVwrB96CjQ/E+twZoyC90onPAPN1fj +53I+5R/q90O5icqUO0j4rx2FWMDg70COwLFsrA9ATPxll9vdlxbufxsyBrSHp9cw +ZCmOsUJ3IsV5GWuCqqfVX5TQpkV489PrVTqIha2QpT2gWnCrjKNlTUQojzkopzRr +kzd66jGcIZcIqDfXIPAVgVwGGAh9JM7CuVCQH3wIijZK4/URLNC0e3SrizTi86Wu +Ie+rKpZ9l9rZYuj2HbNm7vuk8E+xM/Wa6fJuGYB0tvKw7UE7XjO6rPgNNzTiIh3k +KvBZvm5bSuH29DaG+KusPBT9jrdnbVYLNfqZUYFFwGxYNBATeFdZzokx3+6aWO9M +PeahDgcJVlx/7HvhQ33q6KrNHfS8H33MHKjYK08+X1sP/3TIv0qvY1nLlN7yZn9G +kP/GGu9ALt0nrM2ZBMfTNl3+WF5DK8MqOYiIDqXtPBdptHZ/xJ6bvTPqSdIsCnA9 +7HrsIamzO0BETfBtivlmttE7TEXpW8u1mKBEOvAJhHWFL1YhLUD+/rXtljhj2KPR +vdfszpa22mr4gJk1BY3D/ekxoiFXTWRYCH0nB9mRDCxMAui6GTo6nxgNpJDLtVUd +z1jovzD6qBrC+hk9/fOzzzoZZ19vw8zuloQVJAFsORzd1umvjuVEt1Bp9Gh1nnzf +leqIpaqc5G7UnTfB/PywjvliGF0ndL3IxIXlnupdpTtiLh/3ojrEzYMhM+ABbq1m +uYr7k89m5Fw8Row8bKA56hfpA7Tk4Ifez+tKPEoV0s4Wo+1/0Q6G+7Yqt8+AfpZS +4oOgOD5RRUCMfTUoggeQSpfbZTvrJwJhtoh+Ak2GC7B4+R7nO+ch7YQMff+IMfz6 +ewwAXxQFEhHhkrHh31n/hML5pfmQXRkMjE+dIOjNyqDTVc0i6LMNK3SvAlIKL9rE +mjYqgEwdvOk9lzOpUmUTOLLt9/TKmBGoZxjEzhvjf/+HgN+7bxZe3U4//GwspXRj +IQ0fmTeCI+EMd/Kue9mRs59MtmcNktYJMpuRqnGJ+j8eDx8TJ9XgJvAzfiZbPPCC +J720zNZpR7qAQssadU5EI9sguQINBFl1/OoBEACw7RGXKp1p48ffX27kzGvszhoX +9MQ7SX0J10g57JQK49Oyj1bMjoYi64Z2sXMyydAAG82bWO8dXlBAfCla6eyd5C47 +Fj+34sJTievShLkGP0CHp4TGQMbzMJGy3FcglgQfnYnidqdzeK0ksR8xWrtbdcsv +Uf4nH3HV+MJKluepFFDG9Ms92U9sgyd18Dj2y0ovGRlADC74MqdzTX4AAwKhQ+G2 +2WE8sPGv45yruogLX1zFcgayCGkEXyDvpitQtoS8xRGAGWoE6bjLCuaT5wF6jNw4 +PKfkgroAyy3jLQ+jp3tfBkL0UccVwWKfq1L9PXQ4mpFdxANa2isPddjgH4NxLa6V +asVQ2/l15tE5m8KscER5sR30uHkRE46tg8fnndl24amlSuSpmT1mGFVL7gpOKNcr +DT2agmgp/shJnnPzSZFMy2AtsDd7kKrCQAZhEGdkNpDphq0xwy4G6M+FEgBUoph1 +Og8pa4moAHp6mRKJ+cxy4FlVgFuYBO/711qttzDfGGv2jUnt75sZ7yz6NhUiDaKj +CEK6h8oc78cl2QJPa0DMHlXj6l9ZpSwctMGKtgavZR2YB12bBnbXUadxrsSbNTh/ +na3fWTfq8vD3/QVCWxYwFSLLzUIkN2c4j6z3U3fF6IvDOb3DEvOoJ0ns2b8xaT8P +MeZ+i5rUb5eP3gGrRwARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCu +BGYFAll1/OoCGwwFCQHhM4AACgkQqgYSBTCuBGbfMQ//TC43IuFukPZO7gj/azjg +pbecrqx+JEhW1oITNihKw0EzM9+Zd8ko0pYOLYkuNGiarEKeJ2GcOLMxuU9n+kmI +hMeMPXRH3YrbZFhWshU8uywz1UuDex7VwXM4WA6+9xxaO3AJMB/PWqI6b8IagfAj +SxZnsxOPg+hWYj56uah3OTJcRdKSzExOLJIQkL0LOyjMNHI+MwqRNe59Dc5k0d9j +kQzuW8lS862ryiiJZldl5Uh+T05m2FI9IN6BoXWFsO/KCmgV2L5s4EwUwK/gcREN +OGB42gL9sMhaQ66e+JG0LDOsMcQuhHHPJLCdaXCen2rbfe7kPjYPSWWY5p9tnrcB +MboBxKNKUy4yegabZZ4DWfuVhOhVPxy0e7IQyH6hEsyOEePL9MOtd4PNWLKrZb3D +TGVrpOogD6Mf15nHypWEpkoOVrKj1VUo2dE5iEHcL5iiyJYKMJPwiumxDcpzCt07 +4RNYokL+cxsR9zhC23/GiJWheklBEQ7zh3QibkT1SYHiXrGed5i+SDhRfj3BTUa+ +hgdoNiA0UrUJxhLUDjlvGJHHPWe+wVHJ8uIHS3cvAKRMtUbPXfRJ4X3GKGXuI4kr ++d+jB4Wh3dYgFW7Lr9qNNwqvNeOdvQWzAXzqNmaxNI8hF8+tVeitely/J5rORgly +JkYzFB8/M3WsHmxbo/BamOy5Ag0EWXYCxgEQAKhRUO8R1Q51jVdROVI7xKuni1r+ +JiTI7GEZCTPazUVERT2R+BzHwQe50XLJc7WmelZFFZ5YOugrBFvoUXfhW4iZRETU +KwiGTG4H+HaGLO4HQ8cM3S3Ke9oV4U35ye85IpampOFwz796mFFBawPoQ1dT8kyQ +awYVB9O9JyagfznmNj+k2OJnFXsNSRFSKrWvNEPGAoydl1HdJoxXflfn4xJyp8v7 +ycsil3r1gxcxDMZ7+UsXPaj+LVyYDJDGk9WIIcPQH6UE8xVlqsEIzy/KF/Ub9Wms +vf1ndOtn8C/6HMwCNQzgqGMBj8yUPnU+P3hdur8Rr4S+CvzfTrJXlH+edkx7XMkh +iIskkjsOijKO2ARxSlYgQxY8HWUfioZfhSJ8TLomgXi411qeTBFk8NKXAVHKTFG5 +rx5xUm4TV+nMKVymR3byY6sEvRTLespSWmWAOWlTMjyCJp2vV9WJGxByeD/tORBU +vhbzBFIaPSjXZSTcgH6cUCRH6Gm2Yd6iLVULZT6EZdXeCJZ7mQPZBRqPs1KHtGg6 +d3SgTsNnPxAwNL/j9FpxsWMLGFBTlzezmLrJyYvbyyCJb21gF15j90dusj964xYn +TsyFtHpLpzruJcR01Sw6cbcAXpp5FyREQARdygBMVDcLyD92RWP6KmSh+Xcm1Hya +Q3NMy+tfrllf1r3RABEBAAGJBHIEGAEKACYWIQRDDBkolgFXzEX6G+uqBhIFMK4E +ZgUCWXYCxgIbAgUJAeEzgAJACRCqBhIFMK4EZsF0IAQZAQoAHRYhBLY1Pa6RV7Av +OLSEC8s4YHUVN5xpBQJZdgLGAAoJEMs4YHUVN5xpUL4P/3lm1YUPUitdMKNTVQaF +ZN41nIzXYTv/yRRygl7yVabkcZYJ3CrjdTM/TfQADORn0q3NpzdFsYe801x49UrA ++yIwB/IogFncvREfuW5KVFLaj+EHyMoGzNCyuEcM379VYAuXE/ghSe/1sfeLluug +ikxhduih07mcPn/H8U4VFIDRyxDeWS+ZbobWrcEH6No4knqRi4yInsgVUkNMml0i +UBA8UM7ieN+ioFRCZZ9ul01jOKUjZRzIKcQvcLE8001TrMoAqeS39O/kEfxL6qgE +YPjZtvQv5RAb83DmjT+A3BJmlS3mN4UiYD3+Wk9VTafyTjKJed48BaKws81Jampu +OdPorwoxjkdi7owTg3k9BzkZMwLtIBZ0KOzFAN8c1vuDk1CfHQQKz4g4DdA9HNCt +HiKlSd/CI2Mmy8hVkzAOnrVMZ1VePNdIUcd+YpUQR0uKeaTFRM+mOAnLFd2mnsPm +eaFefRkCho2G2TDApYEAhIDi6v0vg+KCl/oodA/T4xAzNuz+xWs+WUv06UBvWPKR +9ZZFy5wzaPch2h6xm+bCuvM66nj1EN0pe5umUFZrp5QLyD1PiN2LRfyMtzXftgSw +GciFf20iq2MqKEvqzykdEzaS7OreEtQLIGhrAzWZ3v2MAQFVTaPqlunkHju4K4y2 +Oq+EH55xajEOUsGeNRb4ykf0C/8P/1wwKoe7+4q8841E2Mb0RyNyrGMA5YLJa9Qt +3anzBcsSu7qTYySmhpPVTCqeqZ1bJoS/ujqezCHwvtKXbkysRWWyMgUj5dVRs1IY +k9SUfQRI/HHq9r4mUgr4kRDdhvU4RWD63ri1ZsuD0xlp1zDCrRxVkm9y6UQf/9kT +N7Q4AsT4qNsMENEejbupvL1rVmybgXzDcabzTNcwiAMxaLjoALLZXhkXC1Bdq5kt +NLI2r5++tpYrOS3CvIc95C1Q3ETux5Xuh6FwpGJdXRFcha1FBMvvNKMW7Ky/l87Q +LB1JMO6lFpfnry6El2ZMK/k3LyvWGTYu9hn7M4sVwxGHo/frN5Xo/+iVTwhjHbGv ++8gSO8Vqh65UBLoddleCP47j2DpdD0lceQDevV3ltxRA8fJ8Y4yyGHf62MB7MlCY +HYYWeMhwBHPkDZjUj2KeXl3zxvaLBdzbGXN8bwG1vneBYDSwBNGhIOGq8tKWKpKz +jVSNeDfY+IZ0Va/ZWejpZkpggyulQHoDiC6uG61qnjs2edepmtS6KQd5KGexpH+U +FMdZFcBv+6Ca5Z9Z169ajhfRu+md8QTxppo3f4lBbX4hTCbF1uNmnJtU61kylULB +IgDGw8IVIupvhnZ/8zo6Us8f7g78aUAKf/s5SKr5mse6MpnGp3Rhi2lJgcg9QjAm +zkmejY8quQINBFmIR1EBEADGA90QPbf4XqyZgHEfIsQzIPavZftqoUMhR4K19OGN +Wf1q/lgKDRmwQ2fiGJCgd1LUAKQa6JVtgVabg1LxBC7KqssytU9tgKr3PgxxCXoZ +03yZaDt10stZJfi8996e/5oLvnh561O2w0OegMARxY1wdKVa8f2RKEYRM1WhhzaZ +a3R8cdJF4cb0ANg3/jfeVtWBx5Qq5XtNZDVh2ZdGD69y4HOLuvZHOQJLUdPCksUO +PxFuvSdJYTkVTgkYhQL8WYo1EXW3clsykJeVTKAtrA1MCtkDt/pkLixcl2uPF2ov +Dj5wxKd1CCM0Kr69WJHBhFuWrcWZjvsJhQaZ634b1kyY/+nYeLRL23wnEw5FQExu +rWIgasW6LGPBT4OJKPy5DNuBE8SZm7WNrjNqkQMysQWch/Hs52M741TAAyAeoYQP +78XmbfidtCKo8DIM7UQk1OD4N12hrg3bTcZ0F8oKn0aGn8rQXxwSZA8b4JPYYChz +OZLxUrwo5sM+byD7gDgeVWNtXE104FLd8UY0wgnMuj0MF+Eahsc+1MSVv0D1TKkY +JassBGIymW0pWj1BD5ijrDC9J13EiCpT6H/JQVtKLCE8U9V87EM/lezV6gliyIG5 +JiduulRsVK4ceNvUxIwr/nI22bi2Z38nFvYQdv1jFFrK5TYqwdIWvHq5k39YgKxf +AQARAQABiQI8BBgBCgAmFiEEQwwZKJYBV8xF+hvrqgYSBTCuBGYFAlmIR1ECGyAF +CQHhM4AACgkQqgYSBTCuBGZurA//W5GNhnOszMaGG4VyYwK8IuN0wixwqkVQ6dIL +Vr9dfc4yYRpE2t2ZFh0yparw/6fmHuuVnGwd9mzKLXQ6lR0n3lEKZkZW7PRpKC/5 +NVZLD4vf39RAIgp2phLeoMdkPiU94STbi5kZbHmgv/pnypwz+JiGD2lZohsJZE24 +mUgN/XV3hDbAP8TGLCjIykZ/atY6bBY04Z9rH/6DdYUzP32zpDvBfUEZx8MYlns/ +MhGORYcZhrKV2fqUurYGjFI0lsn+LVQZ1/X2RMWZRjAI243jljsT5bv93u3hUiom +R0LDOViTt/zS5hH30pa0sb2v7wNQLz6ZcFGzyNzJtF6AB4nWsnWAwShvj+sgvfLY +JR8Sfp9LBXSePN5zRQrnayd9CO+5Fh41tYUnAYie6ZKe2QZgv+h0u3bli5kk5B6s +LvoTCpVa34igHTvmJUgyVdIsnslTAg9SXi6qucyriWLYBH+foEor44STadC9FpmZ +aqHox2/dBNZT2F29t/2O4ku54DDMQaKeWeYf+Ybvyf1Y7zdRZAY1Nf0I9Gb+aLZX +i5n0VZ30fEP9OBSVG4IBYTqQDhLypOC6Rsy8uy5BsVPPY7VJ4goFqLmQfGOiemFr +bdsIzEX9aBY3XzMdWBOuW638i/vCvdECZrd9rLMzjRqhdNRCfoompurrdXyDGb65 +EaBreyU= +=o65v +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFtbHQkBEACznLPSFWuYAwNMD3bnNwYPNIgUy4KcMICi12E1Pq08D8gu2t7L +2v4uKnNdlRjZrkU5vJwGm7mhmGTKQpNKuz9YahD21yztannVMjWdKmJd4JIRXvGA +6LJjtibWmIjQh9EgkRdTVVZM0y4H+uzEfCEcVedGqY56C6RYqfZMwV7+RXEIrZ95 +eO28lZvFUdX3D60tlK8k4jJf/KfD0U4igXdnEATwxDgf7pZ/+Fouov8abhwu1xSm +SsCJS/dCdwV5rP9OgDeI/XZJt3zvm5sA27NoimPKhYymwQI0I0j+vGn00zRBF3KC +dwqL0nxY7c+yx/LM0Da0IKyWaL20lHNprAz8RUTcgYW1zkQt9O6xTYs9wYBlKrXw +rx47C16ErZLQEdy79O1/lZOK9ZhfREGpp9mA1nEuJ6txyy7OOvpaYJpYC6GPLrjY +oyoghaAcG/an/tonEBcyZzc98RuZpfqxfjGV1kCJiaBKxZ9aSbHga/U+G3KRAqxW +GuPDpm77byDJ3k0es6emFOkml68UgfQWsUwrSD9uowhyG1eQ0OE7e7Xz+z5bbVCt +1M00EhWXI+/ZOsNpeRF+DoNSGC1/KA1rNdyfqWbKnteIOBdjubxn3aYhjgYXc8L4 +rBoP/GxxwgtAYC+ZHNDYKys/A+7i4DwqRO71WAIvKjQkigEVtrCM05DOnQARAQAB +tB9EYW5pZWwgS29wZWNlayA8ZG5rQGN5M2Uuc3BhY2U+iQJUBBMBCgA+FiEE/Zs/ +nc67VTeo+vUhOwwQlRBxIDQFAltbHQkCGwMFCQWjmoAFCwkIBwMFFQoJCAsFFgID +AQACHgECF4AACgkQOwwQlRBxIDThGw//Z9U5SlS4t+RR3Jj/01xM1iTWDIqlsnEV +yhRgoHj75I3Gzcd5tK2KXJLTeUHhShki3dK0EDIfDvCTg45sfYFAvIEKWmNBzd1D +V4o9iICAeS24bNrDiu64X6oEq7jGttQVmem6RR4ugu4+LqIo5k4vJ30zTzKpzOUP +GR7IHjz+aqAqLng55r5SUYrR5xTp5N1xTrigpXAZZlkIJHCungPda/4C810eSghc +v9/oKdXQtg6WJnXOv36zC1WbUDOK4MfJr911cTCmaMfvnjeqToRENO8dM2HEJ7kd +7WUdWfG1rMonO7Rmy4mSkWghR8Hr1eA5qlMP3uaAmSykxqVtWgIoBu2qDGCNCNT+ +Cl65JyAvvtr+D1/Yyz3svc0WanBlFYJakk2KXYjZq0kYOpjkmkQgWs9o6oqpftkG +brCWm3IojslLL6Vg+PHV3PNK0yiKP+gnvebpC8nVnB7iNM6tXnbt6jpfmn/y1Niy +X5+KfsVPA2wJkkQTgDJDKtmlPkNTsltuqFQnndXMDPzYejQ7DsUZ6Fyms4WSxDZm +pC/PlVSuB2N+66l005pQcLqnDotOPC+swDFlEy/RYPL4Pf1f47qyC5HttkGZnmWm +7Y9PMtixssC7RvQmZgU1dgJVR7LclODc1jR7213kFHVY8GiELEMm3swBzGpfK1OR +NFPcsQdxZLy5Ag0EW1sedwEQAL6PdiOFH6Z5mHiS71PMIdmKDcaPMWJOSS2fDBz+ +ELyjDuJ10HMFBlFXg/ifgveBQ/7svNksCownwgfnNcJr121SI2FgMKuzpiz0yK0v +3Ajh68fDBEgt+NMj39n7kPTtcBON20DOBRNxX33Co2jQRYReVWq5efuPcHhqjiSl +P8yMm83q0f0iQXEQ/X1lo2m8kvorx0qqzdUNBI+Y/OmVhv2sbm3fct3Qb7aEAE6b +BFYzegZHz5/PWh1qhfhHKDS8JUZsBB2XzXHuPp5DxUiylRbiqKtehFObcgs2O2sc +cTAkNWHfmBxeIDtk28AMwbgdjKEoYXo9c/IUHDIeK+JC8jUPGklF0XQJCdXOzZTV +9fjpzOT+CKFiNT4l19jUKlB1YbaYzz7b7pVLNvVdPCpVzR+w+uRn6Q7FbqsSwtGH +4i/HXyc56qjs25NckVIGhNTO2wWDuk+EgPkWlqcQ6g0h3AE9o/ZUCjkT0xoknTQu +CXrTVn+bJ8xzkSetHGCarOBgD8EiSCZGcHLv6kUiTcQdkhs4Kf4eNYVWYXT+jg9I +WYAuboygmykhqYsry+yYV/4rEo73zP394kjasoTkySsJDqHxK1MEEMZQYr8EY9dQ +dVOe1/vBQ9HqfYPIS/r4OUsWudSsSyTu34FvS/oZoW+Xd0aQtlIfR5saI2MS8+/d +ApyvABEBAAGJBHIEGAEKACYWIQT9mz+dzrtVN6j69SE7DBCVEHEgNAUCW1sedwIb +AgUJBaOagAJACRA7DBCVEHEgNMF0IAQZAQoAHRYhBH1Jkhi2O0+m9VCk/J0YRMh9 +dTNPBQJbWx53AAoJEJ0YRMh9dTNPVWkP/itlsIF/uHBZvrVLWm2NHutkILloAmZ0 +ZY4zNnmrbjGI/h8L0+/54MRzTTGdigcNwjCFiS73IZQLThebFpOEVh/J11iSKZok +pxc/uFg7oQ4dFtccCwcndR2Q+XJJVOUBWyGz31lgpdP4OG9vte9Uz51rxyDU9G/1 +PK35IUiObUqT+d6GJ9cWW+6V2rE7OFDk+fvUyLIiS+Bj5ED9YPpZykgAUuUYKtdA +kdgN016U7pbbRmQn31t9JqZ73GMcdAmafGascboyss3AA6w5FlF7Tmu2H4rCv7ZG +hetnWzcpQE8GQ1g10zHTeSF6HDRpKJmnjTP/PAdvabjNZBjOsUYIQTCKeueYXhNk +20gtCooXKstZzta6jYnjSeV2LSucPa6yWK2C/0N/Ly+eWY9tj3cjG8n/kojzUCrl +BHS8YqulQkgkMa6suGBjWWltUtuZorF5cBpVtXZ+Dxtb0o8FboKsHPRO8hSOHO/X +Kx1p92PGFpVt6clS3nAXRptypeJVQIn4/HuzK4cEuXyzX5bH6liuq2pFL4r5EITv +Gul6xEgPTs3/7Okvis1rFPVg6vtV7D6IFFavSaAPHaYsLoIsfq4gXgB2XCYz+Ipp +Qa6djNIO4FVF5WHnf1HBzy2dDhZD9BcAlwE0mDFhmwM6j/nnKy1oj3R9rvs/DmsZ +fXP2a6SYNqZur90P/A/5RMZuE3KFB2qP9qWZkxa3k9c7ghXw/v9DpoDJoYXHHAnI +nC1j3asr9CiWGylrrz8u9c8m/4A60JT14HJJNHRUtwVVaQ8SZ0RsqfMpuFaxRwOb +iP/qBIsvnkZh9HxxYzrWtVrMH35fr+cvcB63TL0+rpf9vG+CYA3d0URhx9nMOaH+ +Lu0xmHWqlIdpeHTQ961+dt6YO+pacTzPW+p/Q0lJu+hj6YOC5uJBmR/MQl/4PceA +Ar+w3TYOqjX58v53GwBiTH7KJSUtMkGUseZ81sBN4n5h5Xdu9Rf5pZSgBEuTb1UL ++a6+ziddUAK8tryLueA2sOkj4z7J77GmVlxZe7GZQyHbxi61GYW1AakSJG2oa4Tk +E8vF9buCXFCHZh6nwjmwmgxkRZnuclL1eIdh3Gc3eb8NxGdwNQfo+CYLHTkgGD3e +LEzAzp68NsssQ7kNep1u43mA4oEWFpJNqt3aO/FaQDBqX9ND/A2ZRaYlap/vNu/c +oDSjEI7O9i4s/iwA3tzt1ZgLY8Jsq2mwVZTzvBCv18OKotS2W167cdbzilY3AT4t +AfxJUeAFhKJPiUm9Z1RCWJlniRswFWYbqyYlCQ4naLf9xf1NVNisD7RkHVegXhUR +qpR2oH82GLuz1E2o+0HgKGUyTppj/evK89k4kgKYqVlJgtKzubhRYvS0LnsruQIN +BFtbHwwBEADa8ODzCqYVzVAtquftwxWkmH3IC/fDNcpZ4Ypgg0GDPWQ9t0iQfPum +icz+M2Gvo0cgTgr0ycgtENPd2UuMJAmWAet/585jIq+z3MgSTDBqowiDpZWNaCYC +zGrVBw01uXA0rW6dOwmXbTKGFr8D+kFp2I9GDE94t85MvzlwUFIR4Cd7l/pvrN19 +poPVPagUPxLvVcesZzKA3rl3arm35MaEnBMdlpkS9BcXGVnMa8UZYxFEILi94GQk +UnnqCTqluqszj4YmlYNGE7aOg5tfM59Bze+n/siHHTnUVJ6CxADrjlUeILpfqDWf +53Wr4RtJZ3YZMXBIxlLO/yawu6eAPGb8eLpWpUiMWfBdiOlKtdNR1mKSMJoVCAe7 +Yx+zq9Q2TURgJeFaEvVjP5wOt34U4i/ML+RXkFRAc91GzWNVwBrIuzGQm4jFvLoN +WeokFmjCQzET7Hdzw8cIN6VYREPoWDnDIsMwTRzSMxzELJLCxS5MhghC/3LbPiiR ++GEFeWGBUWk2rN0IrW5BGsceAUqVnjTNp3u98X9cdfK7Bq/L8nBW4Es2FIu1Kamv +WZtn67S1kMr4NnpoKBW0TJH79ouFbet3VHThK9vHAVlZigR898JBmdUdB8TA7QFk +pJY6Al2X1tQgYy6RNT09t5rQxLKqbdsrJFohDsWBqf/MCjYJEk5eGQARAQABiQI8 +BBgBCgAmFiEE/Zs/nc67VTeo+vUhOwwQlRBxIDQFAltbHwwCGwwFCQWjmoAACgkQ +OwwQlRBxIDQZoQ//SoHil3Nq70cmhcpt44P2aUhCeM4CS/db7SYo9VcTPJUPhFhp +8G/wQP0eHqFpMIvmxWsvOPVfvpe82n3cVvWvoK2GyxyC+15QP1lsWv6em9/aTr4I +KIoB46ftfH8u9RK9NXQ+cxdEaOb6dowAL/fpSigdtSkcyMOiBSz9WbKSbdV5We6U +7rKW9hsDUonOEgHS9SR5URlMcFOX7v/8QGN9AWMMPvJFSZDbqYHl4zltEAZ4XFBT +Q7+KfQgNO4Nn0cujin6Z68O+PbH+67FY7OWXZqk3DWldf66Rp8s4/O2gK2YFThm5 +w825E3M++2RlAzzjDY9L1/yyr/iIJIECQflF4xHjoEb96YJdRdKjcbskj5e2kGy5 +jYZTI4fYE1DXX76XxN0E8vsh87h1kQ4KVWBeCRfv3JF5UP4cV6q4bD9yJK6WMW7k +/Q8jnJFL9MqmwBjmaRDAOO585rHiUFhgXuhvN2wJ8+wU1Cx4K8eloDmMXFiv8ctY +OqAC+2tZ+GggoS7eJDcge5+xP/d4Iz+Uu7T60BKdDw4G/zqF1XiPGmYHR+agIpXu +AachKfEWAPEPiWXuaMrY5zTpyKGZ+QAAMeDJFWm9HXgzD3Pem5kKtTMO+2knPnLA +7kMfJtuhM54zCxHumHjLftpgmrvXs4kbxwvYPa0bLB9WgkuCRw9jmp0EZrW5Ag0E +W1sfRwEQALmkzvzdLdpFV68H+4nGVKPmn2iaXcjVWP81UyzyMSn08/DnrwG4xWKw +xoy+tLRZhxujb5i0IydixSPmT4kiS9r3agEfMweJuaHl3CfdxAKxQ510apOWCy0k +YWPA9/DsRb53WNj6BBIaWWIB12izy+SPR9wrbj6hgfQnLeeDB7jblALk5puAQ7al +xDyZldFG1GCx/ikZKB2cItantBWwmeb87yO4oCzW13E/ZCOShJULUwLk3R4WCGcY +1RKxdFmlV2cH7UwVc3WIGrnyhuxppC3SUFcNmpsGZuwBQrw/v2YdwyzTOlVdPdpi +ZWxU/gk82UL2kVkU7FJk6jmvzsAIEi/zQ3DDqFAvsrdTdS7BJ8hlXfDpvpb6SgRT +Vnete9RrSelLrNN+1Yvy4aEHZ3g9Z5mnD3wHXp5dO3ogdTU23VhAY9o0nmN4tJVP +dQ1ZLt2dCUlVMfZ9PGNN5F/kFCcQliL0Ia03/rq+VY0Im83ZvaR6i77KzJTzl1or +jJAkI0FUMEtmTeAlWNqzvXdXFiQbc9dyKc1XGVMM/IL8+HQmd9em5mm2+Nx9OgVU +nn2AE+PYsbZtsSuxbskfGeLWzstIHqxFdgG7RY1zqV+l+wUE1RoATCbSbRmgPmtz +/pkZ/o7DH/QUmtuf8FY6MW1t1tB6ZmrCwPIZUdRevC8lUUY0EzrvABEBAAGJBHIE +GAEKACYWIQT9mz+dzrtVN6j69SE7DBCVEHEgNAUCW1sfRwIbAgUJBaOagAJACRA7 +DBCVEHEgNMF0IAQZAQoAHRYhBEE31LmT37rzrAFDqG26LlYIYovEBQJbWx9HAAoJ +EG26LlYIYovEgqkP+wbcaqhQdhGENOSxdDuTL3Hppe88Ot+eQ+WJAU1ggMDgibgj +qawruHhsR/Ca/q6Z5r3MVzz9jHspb32rixbgjCrR2Cvxf674OBLcFgd0fCIMljMi +AWxBUDewnqzErXROXCduNv8YD7XybTn+Mjb7aHsOe4Hql1zJvrLW2FpD6+B7S3cN +fgY6oe5Y7AHlJo1KY9uQV6bGkWUnNzCo0dbV5Hd11xe4g5a9xei0YS9OVS3WazEH +8dpRyMumBlBuQMA7vyeE/tuUj9zbm3JMNynw3z6K+4E1wUd9iee1gj72EQ+6PejE +EdJh1usgEYxpZbtY7+WikXXC5VTOj7XyqvtAfvPHBNU2gxKii63OyXof6NnqSVps +X+0Jz7+JDNuwBSyWozvz/fNqjbwEhPgUL4bHJZNZG0SqmCe5DNgAQpZrRaLQSECC +z53pN3ZqkE2/HU0GnnNiusAmxj0tdT2DyvpXv7a0f/GFYVhsGrSYh98v3UArVZdD +b2K8WTIi6ZWUq3uPQcoU+tuToVoHOhQF2YZZM7zaxiFicI+js/1S/HpYD4bx3faC +/i96hOQLmzz+D6F/FGaTa2ziB+ci2dVzG12DyZLsY8ue/ZOmw+rSsqTjHZsE1luQ +VALV1HqjF8+AQ0iac0v5EiZKXRMf+ZKI1eHUcD4Fy2L1tbIU+6s8jLM1klk/2m4Q +AJ0yG0Ib8MVh5PusOmdI8WMjYol7V9CtRdgPVcMxB77pKLW17yG1RUhtbIUBN2Em +6Tx/VfnP/E31hFTbfHroidhIhJvKRhNa6t68er8Ccb6d9w8LaF/pMMJH01OcueLr +5sA9jB9QnhgTWX1js11zoWzYCpULxsKEfoSWs4+Hrp/gTJY3rbfm9tdqafZKM/Lb +Wf55FdneSKTh4YPA9X7a7t3/9oV8ZpW5goqm1wG+YzKOvGepRCb+1+2T3H8lfXDa +OUFfSubmodBl5WIFR+mfD5zOrgHMZfDKpplqy7VSVv7x8UC0N/gx3VFNxG4sM26R +uhDV7WVkruduYK7f8qekfxVLxFu5il+LOM7lmbJpjKT9koUKwa+gPMLp0IhyDRj2 +aeJ+3brAfvEykhUf/gnWK7YcI9Ae8Zpxch1VeZeLGLhqK0MXfETWa472DI5ZepsN +NOPGItDAp8YjUFVw7jGnTV3ZhiQLTfPF66/6S3IKr2qVAPDanA+uQG0hRe4jNW3G +OXNqRAULL9+uXAsMerJSBcnYG/uNW2kiu9tyP1EqMFL4O6w5SIwFq0uJJa0HDzgL +DeG5ejCFq3R/nTvxavM/s/m/19PCjyOVjnJhqJPXwR14ORyPSB2S6sawDzF83yHm +C7FRZCiCTFu+h1kw2/QtmwCk4DDP4f0GWyt8773sMUJnuQINBFzWvMUBEADOiZ6i +Helhhq0tQvPif6JFUgSJnYHhke3KnNo5KPaOV2Oeibo/QDloM/xI/8wacNVu5mRS +zN2S0OjDjLjOJSMtRsKasCQctIw3wsbPgN+FDV/ZGC06qq3KqbDKaANDu15ySYqV +HLLiz1lCd1RsnJASK2mgJzJpQiKSv1AVV6ZaxgLEW1ihO68RlhNsTYNwsaAo9gH6 +bqWbigroDbQlNyacv0DJbv3eLjmzoVdbevAUZhYdcSdhXYZM+3P9sH7EGP85s9Iu +jAp8HEd65ati6FXEqMRHjXNCYDUDiiWKEpa6GUfUqtEHroH8obbKIOeny7o5Yy4h +q9PT6cmNNC7LkGp845X2nRAfkk3rHA8xmvRQZGoU7/YLVu41HIxhx9GwHBDjX8j2 +XcJfG+hltzaI6kFaf8gD5l5CWYwgHtPiVbMqWNpjMjw3xeGLpwvG9RjeAEn5zWSn +ujU9zR+rwgcXBWMuJDUZle34jmcpcch73+4wdBVnHslmzV8SqdR4Tr8SKZ1+g4il +9qp2RuhSS8uBRNSOpCsxhLDA/UhdAVCKZcEtl9/STgMA4jGVvQflxfkdN1WBZn+O ++2v+25Uibm7tbgdHsPXhPJWySnhhA8/vObE2wiRBXka/lM/b+f6+tCwW1HFQ4Gnv +92FSatz5fxOPC1pbBLjwO4ix2wkepO9Yg9sAUQARAQABiQRyBBgBCgAmFiEE/Zs/ +nc67VTeo+vUhOwwQlRBxIDQFAlzWvMUCGwIFCQWjmoACQAkQOwwQlRBxIDTBdCAE +GQEKAB0WIQTvPx7ywdIHf0vXS8HwtYGA1c1xaAUCXNa8xQAKCRDwtYGA1c1xaK5T +EAC46ADzS2gIq6BSniMmrI3p+UorgYM8RNPU1lBXNdFFEDgIL1c9AWHE+lNWac+Y +R55HQn/rJNzL+kK6Oicjj+Hpby//3j2ZW5uqMHdhZJenYanr6kC0lOYiplzIieWC +Eg6493aCGFyNg/v3skqxTVq9lTq3me2Xi1u4rzPhD8lGqCjA9jS+9+bxAL6uBWAl +D5/kFC/3j440VObTmniL7falozEs3oNw9f1GpOUvBhrzlZlN1z/axAElHzsMk1Wx +bPyskHShwrgO7A83GJG9VrVmmcwsq0TMWHoPsquQjVZSUfu7tjedOixy7WA5cd0z +s6dxDtoKU0kccVvKZ48/CERaap670gX7aIhevWPAK/F26DFqgypi5ucITGbXx+Zy +ZtdpU5nVCi8FDqIQ1FEWabMGeJnnk8va4k/D+vwu8LmzF9Oyw2B0JcAg3Fsg6xJJ +w1p5uEUXsIIBOpKCj3FARZuHMEUrf1Ler4zNDhG0UKH9rQarNcKSpnat/znhD9kx +wUAYLOlhsnlCfJZ/F8NKPRPNl7zG5KJ0wwJ27C5jMLj34LZmP0vbhrWCyVqqVEHm +X3e7WamCC1SDUJl4h2aWkFcA8NAV4fXmY2d6qlp01F5kY07hF25jjOuHLyOMYjhM +UrpWNhCY43k+bjRT4aCciOBwW+i40caZemmT5l9+D1+ikyX8D/0bIEybbWcZTI+Q +2IwrV7IVaq7bj/x7GtaUtgwpOoBKb4judjwBjb2wIihVSPWYrYLpvesnUVKlYH7O +E3DeUnHA7YfRk8wjaeSHDEGVs58vieZFK4q0O//oISmNa/mPY+SlXlnJhr9+uqqf +kR9EOe6uypGLRxYJqxlUdWy+W9SoibdOhnt4Py089RAq6rlu4aQmv6xQrpPPGVTX +Pl/WW3bkPKMjyf8jfyBp4oytm4MGkZ/KPquR118AExVs1aaWWUP7HvHJgMyUT+hE +CIeCuh8SRUflr4IAsV71Bz2ozPJFWGLNnY8HJ/5i4N0uYwTDZb+akgyPsI/W9djt +i9S888XKXtRl3WLijtZeqfCA/oXDc63of+1kvVi6XeFH5mHzqqS/E1QnIoVSl0aa +SNbssiNKhe+z0gBg9GYlxM1DeDry8/85mZSO4EjbJOXoUfT5g7Xx9yc2hJgAhhWp +cL8pZnKzymgyKhPNcJLfq5UM7mkS3eUOnliymC1I1286KWOqOr9IK95FZUs/BPA+ +9yb2XaawWA4h1wVGzsLJzYq0mLKHBeObArngh6zB/bQUFLdVyYQRGhOs3KI7215S +uVC4u2yAeg1vTybGJfHC8LmCxg3Q2E2XfagVKMgAPjVqz6hLsB1KhgNnVgYTMcA5 +rqrKK++KxSUFYbVL9PEOdmlfRKSLUbkCDQRc1rz6ARAArZx1R1FPAS4DZN5a00tJ +sSkBk4br5PLAdWImgqGgUEFLUxaxmb6qrbI2turiOsFJPSDKf91uOKKBY/jGXJNu +pMhrUPmRlBnl2rJmtmkhby+XWSy5kxj7sWd1797ywWu7Gqs+LxGdhR1A4+Y5j8JF +PBBh9KvJaDc/oy2iG5GU1hF3LE1paU2sYsVfknzXQGl1f2AouFXE02WTqFjRa4b4 +IID31gnR0jMjtzkSUMCzJctRbw3OS7C+TI0TqT+9XvEksXTfYXPzH1XIugZQYo/E +T2Pr7+5OQrX9WHHSdEyYxz0KRHNCwJlNOZ7wOsde7ttpimSh99ilq2k8RMtSFYAF +pdT1VB3MaYln4jkTQjGh/uFM8lo6czv3tDT9/ZCvWx8MpkIHaSeGgs5DPceCF4O1 +WxRKt/9mCnKQ+Yz+VLWu6LVNK3U1g7g8tTqGzN0IIN0QUC3n7KIrVTFus/nZcvjY +uDE6e1zo6US+2K0jyAiBT7y96Ermwq1E6a0NuaHW4UCYsKWbNl+7uwb0pt0OwmwZ +VpyDciSda4RZs5K3FAWvnQJv21mazMMNQgp5wcxLix618p8MNvgKhBeWegyEE3yO +1qCivl9w4SLzmLMOOgmZ/jPFqAv7DMEDIqzERZd4MKYNMbePHxSvpvx+iyH9DQRL +GiK3XR4ruxIG+XG0HxASZXcAEQEAAYkCPAQYAQoAJhYhBP2bP53Ou1U3qPr1ITsM +EJUQcSA0BQJc1rz6AhsMBQkFo5qAAAoJEDsMEJUQcSA0zvUP/15CJT/4cmgQMDCK +c6tmoHL741foExbP6si2fMCam6tnxjUV1UX0XNVQALWfaAkTMmiKeeE6HitxDMY/ ++vxns1G1VmikiTBgbCHQoHRJi9oIjiEhbpHI1YVXj8y63z42F9o3+ACoKUffKoL3 +ZVwqUQ4SKmnPuflne1hsI2m+oCvF42z01NHQNzlZBLTFl8Xpl0h0bLUZr3+Z/KfR +f0tfGibt8XJPA2nnncxKGfJ2jbJfN4/oy05v0Qj8ZZWRLX9B6vr7JS8EAt7Usb+Q +qLLGfa4kRg8hFwBdtCSntKdx+e4UMc5osDn0PFWPTN96/BEHNupNaFE1j6/GPvb1 +BIZalZRDh3Nm8ZxXxsrTASqsFvAhp9+FETgN5nAVICjjlIRiFb4Vcmb1am9CRvw/ +aP9t4c17R9ddG+Qokx1mJtRc3RMLeCvXZLsEVb2FExHFZ4tguS4NtdxNpYD6cgdP +tuFImcwFGSpX3mmNVcGxHPEgAddnEuuK+/MmJjUQNSsdYiQnEbxzsnLeRQkRdH6E +X2GXMFYzBzlqNBp1loCeqULwOm2ezG2J3PuuiS6BanlunDEq6vHxb5m7MZxkDxvL +JHE3lfTDwUd4itUnXxG5ovt34you6P7dDbUVX/cSHv/WUAqeJ1HMnN05wpNv+ONg +DTeK7f91P77r+K8H8E6nN/mwat2PuQINBFzWvRUBEADPio6SKXpyc17d3GTIhRTU +c2sopueEsxiCjBxk/Ookdb2le2vfWZVrCMpeZc+dykea4MGpJY/G89ttCtn42iYT +xF/EyWIdZnv1krxcQ4S+vXJJqyHR1olcG9lM0WB58QdXP2CmlYo8A7h6UJjQbK9H +aIm7qLjb3IXVedjF9rAWTWLDOJC59hO7bcvYqLStLe9DwtR01Nd3AWGrqN3SuhFR +o4u03QM3EKBLjRSWvUF2a+xlCbysNqCNL3wC38AfvSal42E43rucvUfChtwEB9iO +WWpLCb7lQqACPhREjqG59DOq4scsIX3K5OWT+VU8DqTx7+2hDiqeOj36clGiap7h +D4xh4W/9oJm4ngVezUOSfXy2cmugEEFh9aiAQtA0b6D3uw31Ygr+RMtc8EauUddM +sTw4E1xitzCp8Yogm6TCZtYldpd9kPmY5bmiMQks4dnHEAcKuZMcNQaEFpfNtWyk +av2yTpePD9iDk4JgullY3oH1+b8Ae32XtA0ceVjvLgxHTCAIZYbaX5dNy6J1Kij1 +HsdGqPaCnCfADJjS+7TurGDy1a6cgsmtJUJZy+9dhVd0S0/g3Fk3OxVGOpA5OupY +QvaZMOzBSbsZEzVxYc2gUVv699ltuUusXuHd/nrJ5Q7USE5r5i4JtoIxlDgCTY+x +ZMSoaRYj8pta2axtHzkf4wARAQABiQRyBBgBCgAmFiEE/Zs/nc67VTeo+vUhOwwQ +lRBxIDQFAlzWvRUCGwIFCQWjmoACQAkQOwwQlRBxIDTBdCAEGQEKAB0WIQS2DzvX +FsCStXFsRh5aLsOTKpg5EAUCXNa9FQAKCRBaLsOTKpg5EDNzD/9+NG/+sxhtEsvf +ZmGYPNPTPC8adKRoq/QmQlsW/5rZmZTawT7lEzrvAhclUIKyOBJuOwHXsXNPpWQF +kxaoabss7qZ35cJvtg9GMWRIEKEmUh9e9Fdbo+heANwkpbwy/Oqrc8Mcnk6mYWJb +iegtMi3j0N7HITr8sLVxpuRLfABQo7OlrKT9aXoAfiUI3Rt+C4ZrW5EfI/IUriuO +hZQlqg3DZ3UTmYaaw4rHZov2JkiU4IyknRzw3YQmdDBiUaaONwYAqCG5RPAIOgnQ +57Bic6kvc0KnScp/ZzbS4x1GkeaJlMOXi+8hfmqt7tYx2UWfNTsQMP1k3716yCC8 +2Fuq9/OgBYP+Yed2P61wsp9w2r7/HCCN74LDkVCfNLw6Gm8EbLnIa/J3Y2feCuUn +hHQHRXInBFHoV47RCHoAyz7uGDncojv2ZaVmAggEmNfkMxlJ5hy1/kKC2A1t2tl/ +nFiMy3xkKVMwQviGjjzpY51zh22sfecVptZ5nFG3KNa5/lhlgh0KmAP2oFgyGJQ5 +2C2+UZxLRexZAt2eEWb/AV7PQbyD7w2rDXEXxbTGWCrQmQkA7M/rcAVUuKvjoLd8 +Xc5uagtkyL7GgCCwB0GIb1GBrfZdg/3fmiwohudh+SBkHsAX/dxyY+n6C5PMjeyo +TB3kJntJbaaUDjL6iyFmS5TnxHXQMAXED/9w+Hs8SZU2KyZ8IXN/mLQ0PUz0TccT +Uzv8iwHP28xyX1bHTWlynpkC0qvpn1X7/ZwBAOgW+l4zyuUqtd4RKSaIMYmGcj5X +AsrcRLDoRNF5BMz/77BONHE7K3JOWb7jE3vFWPojr/LH71jF7jb3DB4Ee5bicDkr +mzwjo+gqWHlUGCgwkXv5fdpRgE/sun41EX0SByHj6lOA8uYvqiHVnyvRQFVT84bb +PrJmy04xmnQaRbZf94xm+9vquGyN47ggKuzbxUIG0+34z2INWjlm/YO/YdDu3h8R +ltvyWl5R/EnGwJClYOGlrMLsYlvKaeAhVwxAkPAJ+bxwP+u2KJdKdCSvkjOnwKu/ +GPxs4QpiM2k5smwmEo+7DFnkLnNWOhHuZjFyvLQLomE21dTfIrS6zdNTHLGzGT/C +xBb9h+Q0RxaPSziPXqZCYxL3dPfOXQ3Ca36m1mm6MWxpCjsKmaCPrNzr4+/poAm+ +YNCHkxhUlvx8+8b8B8z8nkcsd6/c7VX1pWYaEHHojdlWm1G7xQ1CuwquEY/S3dNj +i/t+dsWAf2i/n6grh4zE0g3kf2wZ/tAhEPbS/o0hs0GtxGsUM1R3wKVe1l3iUjv6 +tHuo2JdJZxZkmvJlToU8tLe5bDYKU4/CmRLaKcTsTFN7Av/7ZyNKEvoE41GWsQng +zLjzm043cuZrbQ== +=+Xxw +-----END PGP PUBLIC KEY BLOCK----- diff --git a/usbguard.spec b/usbguard.spec new file mode 100644 index 0000000..47232fa --- /dev/null +++ b/usbguard.spec @@ -0,0 +1,197 @@ +# +# spec file for package usbguard +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global _hardened_build 1 +%define lname libusbguard1 +Name: usbguard +Version: 1.1.3 +Release: 0 +Summary: A tool for implementing USB device usage policy +## Not installed +# src/ThirdParty/Catch: Boost Software License - Version 1.0 +License: GPL-2.0-or-later +Group: System/Daemons +URL: https://usbguard.github.io +Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz +Source1: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz.sum.asc +Source2: usbguard.keyring +Source3: usbguard-daemon.conf +Source4: usbguard-rpmlintrc +Patch0: usbguard-pthread.patch +BuildRequires: asciidoc +BuildRequires: audit-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bash-completion-devel +BuildRequires: dbus-1-glib-devel +%if 0%{?suse_version} == 1500 +BuildRequires: gcc10-c++ +%else +BuildRequires: gcc-c++ +%endif +BuildRequires: libcap-ng-devel +BuildRequires: libqb-devel +BuildRequires: libseccomp-devel +BuildRequires: libsodium-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: polkit-devel +#BuildRequires: spdlog-static +BuildRequires: protobuf-devel +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(udev) +%{?systemd_requires} + +%description +The USBGuard software framework helps to protect your computer against rogue USB +devices by implementing basic whitelisting/blacklisting capabilities based on +USB device attributes. + +%package -n %{lname} +Summary: Library for implementing USB device usage policy +Group: System/Libraries +Obsoletes: libusbguard0 < %{version} + +%description -n %{lname} +The USBGuard software framework helps to protect your computer against rogue USB +devices by implementing basic whitelisting/blacklisting capabilities based on +USB device attributes. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries/C and C++ +Requires: %{lname} = %{version} +Requires: %{name} = %{version} +Requires: libstdc++-devel +Requires: pkgconfig + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package tools +Summary: USBGuard Tools +Group: System/Management +Requires: %{name} = %{version}-%{release} + +%description tools +The %{name}-tools package contains optional tools from the USBGuard +software framework. + +%prep +%autosetup -p1 -n usbguard-%{version} + +%build +%if 0%{?suse_version} == 1500 +export CXX=g++-10 +# gcc10 has no gcc10-PIE yet, enforce manually (see boo#1195628 for progress) +export CPPFLAGS='-fPIE' +export LDFLAGS='-pie' +%endif +mkdir -p ./m4 +autoreconf -fiv + +%configure \ + --disable-silent-rules \ + --with-bundled-catch \ + --with-bundled-pegtl \ + --enable-systemd \ + --with-dbus \ + --disable-static + +make %{?_smp_mflags} + +%check +# while we specify --with-bundled-catch, it is not there :( +# make check + +%install +%make_install INSTALL="install -p" +ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcusbguard + +# Install configuration +mkdir -p %{buildroot}%{_sysconfdir}/usbguard +install -p -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf + +# zsh completion, currently needs manual intervention +mkdir -p %{buildroot}%{_datadir}/zsh/site-functions/ +install -p -m 644 scripts/usbguard-zsh-completion %{buildroot}%{_datadir}/zsh/site-functions/_usbguard + +# turn off system call filtering in Leap 15.X, as it interferes with daemon start up (boo#1173750) +%if 0%{?suse_version} == 1500 && 0%{?is_opensuse} + sed -i '/^SystemCallFilter=@system-service/d' %{buildroot}%{_unitdir}/usbguard.service +%endif + +# Cleanup +find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete + +%preun +%service_del_preun usbguard.service usbguard-dbus.service + +%post +%service_add_post usbguard.service usbguard-dbus.service + +%postun +%service_del_postun usbguard.service usbguard-dbus.service + +%pre +%service_add_pre usbguard.service usbguard-dbus.service + +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig + +%files +%doc README.adoc CHANGELOG.md +%license LICENSE +%{_sbindir}/usbguard-daemon +%dir %{_localstatedir}/log/usbguard +%dir %{_sysconfdir}/usbguard +%{_sbindir}/rcusbguard +%{_sbindir}/usbguard-dbus +%dir %{_sysconfdir}/usbguard/IPCAccessControl.d +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf +%{_unitdir}/usbguard.service +%{_unitdir}/usbguard-dbus.service +%{_mandir}/man8/usbguard-daemon.8%{?ext_man} +%{_mandir}/man8/usbguard-dbus.8%{?ext_man} +%{_mandir}/man5/usbguard-daemon.conf.5%{?ext_man} +%{_mandir}/man5/usbguard-rules.conf.5%{?ext_man} +%{_datadir}/bash-completion/completions/usbguard +%dir %{_datadir}/zsh +%dir %{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/_usbguard +%{_datadir}/dbus-1/system-services/org.usbguard1.service +%{_datadir}/dbus-1/system.d/org.usbguard1.conf +%{_datadir}/polkit-1/actions/org.usbguard1.policy + +%files -n %{lname} +%license LICENSE +%{_libdir}/*.so.* + +%files devel +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%files tools +%{_bindir}/usbguard +%{_bindir}/usbguard-rule-parser +%{_mandir}/man1/usbguard.1%{?ext_man} + +%changelog