diff --git a/openssl-1.1.1s.tar.gz b/openssl-1.1.1s.tar.gz deleted file mode 100644 index b0db038..0000000 --- a/openssl-1.1.1s.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa -size 9868981 diff --git a/openssl-1.1.1s.tar.gz.asc b/openssl-1.1.1s.tar.gz.asc deleted file mode 100644 index fd139f9..0000000 --- a/openssl-1.1.1s.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJGBAABCAAwFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmNhEsESHHRvbWFzQG9w -ZW5zc2wub3JnAAoJEFJ0ZqIcp55tDTIQAKINCpzYH5Wixo5wvYxo/1x+YugR2FMJ -F7OLFD+HZ+ohrafV+WwGJkjwAEHzoXnho5iPx47RwpJ8lgKzTPgkvUx+LT3/1Shv -2kkiMNV5hJP2kIP7HzrjhbZ72e/gWX8lSM/u5GHzUyEDuM5jyuV+d91csB2tZ9ai -LHS0WzVp5F0E8GqhuQMXklV0eFKeuuUouSdobXVfjFvUs2vQxYY7ARel6b18nQL0 -RPcmuil8XOJwZ2r460ZmsTf1FA0b/eoyEjI2140ZffDILZlI5BpLNoLcpH7Gtq+l -qo2yLConF1nQh4STWu/+fm2281xXrHc5BuL3CgHXIPDnTNE1iOZeE+TYWqu5F+qT -f6sxqI9YFkYTlwjoVruYkeA3x+qtJV4NmE6fBZk4JsVQxRf7g0iIDlIm/tXmbT/U -0YPl0sSYc3uvquwkV4de0TX2hfTChvAWjvlets5hHEh9cGfnGBrfzmwBK8mN18F9 -bCPf4UYPjnB37D9alGc8VsTSDwbNMebzwj9bo3bUi90U/y/9e55Wq8QoQpaqeAXq -mhHuhN6y21TWvOYmNYvcvjGHd5Ikkivs1mHA06HsM0XV8TeZueo0MXse5fC6t25X -Iy84EL2mas0v6rbYOzgAQcdR4hD2zqeQOOfWFt5CvT+1TbiLFmbW8ZgGzkgkVkZ1 -1RMZGNU3T2eU -=0j1K ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1t.tar.gz b/openssl-1.1.1t.tar.gz new file mode 100644 index 0000000..30092f6 --- /dev/null +++ b/openssl-1.1.1t.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b +size 9881866 diff --git a/openssl-1.1.1t.tar.gz.asc b/openssl-1.1.1t.tar.gz.asc new file mode 100644 index 0000000..92fdf9b --- /dev/null +++ b/openssl-1.1.1t.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVA4ACgkQ1enkP335 +7owO9Q/+I6mvbNQeSgpOaOu//sVRGVkOD9pfZJsxZJtQuiYPQtXLlwkZyoh3Ft8b +Gty7sC6zXwWA2sbo4LGeum3jnjb7nb/x3+5O8KARPLFRpy2/4okL3uZnAw8Pr5ps +8VjCEIm9l9UmuWNZPWRQZPtup6Uz5u97/kVLQE17qFQW1bwiUixR+Yc+ICyW/hUQ +F13tbV2GVkoVdJKwD9UpwAs6ft0+faXtkEASNyLykcrTbGbBPVVpieXiH/Vuv6BX +1Ax/oBR5Xem9bGSZkCa5KZMDOqR08GUEA1zqa9Hh8VN4hH11w0cjyKPK9U6dQmAH +P6clMEtbNMYPr3pHO4Ufgwf0OzdnLfxIf8qCiqQcNLmBnCG0NHM0/8zJmiGg1O6r +Fy0P9/nSQ5CIT3t27Xcn8RciwTR7YClEyBtNGS1JdDzGJmomTqmxBns/QyZyKtlG +V+7IsNfUBVdCF4AUP7BRC+SkHf/2/fDyCPETg27AQz/iOUC9KU0DgKLQtmnnRKk0 +Uz49l/WSVJARzPS5y55o8NUEv/QhnSct2eGjYeO3RiikuHDVQoH9R663G6E1koMq +fahxEs0FX39hALOt/CVisZ/H8trIy3r3Buc7EmqLHj/Q40I5IJA9ZCzi1e8UviQV +pQpkVru5VJVwNsm8KB/aBOm6J00mi2kbXMPrW1zwfmJAwt+iSJ4= +=nNu+ +-----END PGP SIGNATURE----- diff --git a/openssl-1_1-openssl-config.patch b/openssl-1_1-openssl-config.patch index 5ff415e..c3d7692 100644 --- a/openssl-1_1-openssl-config.patch +++ b/openssl-1_1-openssl-config.patch @@ -1,7 +1,44 @@ -Index: openssl-1.1.1s/Configurations/unix-Makefile.tmpl -=================================================================== ---- openssl-1.1.1s.orig/Configurations/unix-Makefile.tmpl -+++ openssl-1.1.1s/Configurations/unix-Makefile.tmpl +--- + Configurations/descrip.mms.tmpl | 4 +-- + Configurations/unix-Makefile.tmpl | 22 ++++++++--------- + Configure | 2 - + INSTALL | 2 - + NEWS | 3 ++ + VMS/openssl_utils.com.in | 2 - + apps/CA.pl.in | 8 +++--- + apps/build.info | 6 ++-- + apps/tsget.in | 2 - + doc/HOWTO/certificates.txt | 2 - + doc/man1/CA.pl.pod | 36 ++++++++++++++--------------- + doc/man1/ca.pod | 4 +-- + doc/man1/rehash.pod | 10 ++++---- + doc/man1/tsget.pod | 4 +-- + doc/man1/verify.pod | 2 - + doc/man1/x509.pod | 2 - + doc/man3/OPENSSL_config.pod | 2 - + doc/man3/SSL_CTX_load_verify_locations.pod | 4 +-- + doc/man5/config.pod | 2 - + include/internal/cryptlib.h | 2 - + test/recipes/80-test_ca.t | 10 ++++---- + tools/build.info | 2 - + tools/c_rehash.in | 6 ++-- + 23 files changed, 71 insertions(+), 68 deletions(-) + +--- a/Configurations/descrip.mms.tmpl ++++ b/Configurations/descrip.mms.tmpl +@@ -140,8 +140,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\ + INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} + INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} + {- output_off() if $disabled{apps}; "" -} +-BIN_SCRIPTS=[.tools]c_rehash.pl +-MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl ++BIN_SCRIPTS=[.tools]c_rehash-1_1.pl ++MISC_SCRIPTS=[.apps]CA-1_1.pl, [.apps]tsget-1_1.pl + {- output_on() if $disabled{apps}; "" -} + + APPS_OPENSSL={- use File::Spec::Functions; +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl @@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\ INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} @@ -45,10 +82,8 @@ Index: openssl-1.1.1s/Configurations/unix-Makefile.tmpl generate_crypto_bn: ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) -Index: openssl-1.1.1s/Configure -=================================================================== ---- openssl-1.1.1s.orig/Configure -+++ openssl-1.1.1s/Configure +--- a/Configure ++++ b/Configure @@ -35,7 +35,7 @@ my $usage="Usage: Configure [no- # directories bin, lib, include, share/man, share/doc/openssl # This becomes the value of INSTALLTOP in Makefile @@ -58,10 +93,8 @@ Index: openssl-1.1.1s/Configure # If it's a relative directory, it will be added on the directory # given with --prefix. # This becomes the value of OPENSSLDIR in Makefile and in C. -Index: openssl-1.1.1s/INSTALL -=================================================================== ---- openssl-1.1.1s.orig/INSTALL -+++ openssl-1.1.1s/INSTALL +--- a/INSTALL ++++ b/INSTALL @@ -296,7 +296,7 @@ be undesirable if small executable size is an objective. @@ -71,10 +104,8 @@ Index: openssl-1.1.1s/INSTALL Typically OpenSSL will automatically load a system config file which configures default ssl options. -Index: openssl-1.1.1s/NEWS -=================================================================== ---- openssl-1.1.1s.orig/NEWS -+++ openssl-1.1.1s/NEWS +--- a/NEWS ++++ b/NEWS @@ -5,6 +5,9 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. @@ -82,80 +113,11 @@ Index: openssl-1.1.1s/NEWS + IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master + configuration file openssl.cnf has been renamed to openssl-1_1.cnf. + - Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022] + Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] - o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the -Index: openssl-1.1.1s/doc/HOWTO/certificates.txt -=================================================================== ---- openssl-1.1.1s.orig/doc/HOWTO/certificates.txt -+++ openssl-1.1.1s/doc/HOWTO/certificates.txt -@@ -16,7 +16,7 @@ Certificate authorities should read http - In all the cases shown below, the standard configuration file, as - compiled into openssl, will be used. You may find it in /etc/, - /usr/local/ssl/ or somewhere else. By default the file is named --openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. -+openssl-1_1.cnf and is described at https://www.openssl.org/docs/apps/config.html. - You can specify a different configuration file using the - '-config {file}' argument with the commands shown below. - -Index: openssl-1.1.1s/doc/man3/OPENSSL_config.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man3/OPENSSL_config.pod -+++ openssl-1.1.1s/doc/man3/OPENSSL_config.pod -@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp - - =head1 DESCRIPTION - --OPENSSL_config() configures OpenSSL using the standard B and -+OPENSSL_config() configures OpenSSL using the standard B and - reads from the application section B. If B is NULL then - the default section, B, will be used. - Errors are silently ignored. -Index: openssl-1.1.1s/doc/man5/config.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man5/config.pod -+++ openssl-1.1.1s/doc/man5/config.pod -@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat - =head1 DESCRIPTION - - The OpenSSL CONF library can be used to read configuration files. --It is used for the OpenSSL master configuration file B -+It is used for the OpenSSL master configuration file B - and in a few other places like B files and certificate extension - files for the B utility. OpenSSL applications can also use the - CONF library for their own purposes. -Index: openssl-1.1.1s/include/internal/cryptlib.h -=================================================================== ---- openssl-1.1.1s.orig/include/internal/cryptlib.h -+++ openssl-1.1.1s/include/internal/cryptlib.h -@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO; - typedef struct mem_st MEM; - DEFINE_LHASH_OF(MEM); - --# define OPENSSL_CONF "openssl.cnf" -+# define OPENSSL_CONF "openssl-1_1.cnf" - - # ifndef OPENSSL_SYS_VMS - # define X509_CERT_AREA OPENSSLDIR -Index: openssl-1.1.1s/Configurations/descrip.mms.tmpl -=================================================================== ---- openssl-1.1.1s.orig/Configurations/descrip.mms.tmpl -+++ openssl-1.1.1s/Configurations/descrip.mms.tmpl -@@ -140,8 +140,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\ - INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} - INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} - {- output_off() if $disabled{apps}; "" -} --BIN_SCRIPTS=[.tools]c_rehash.pl --MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl -+BIN_SCRIPTS=[.tools]c_rehash-1_1.pl -+MISC_SCRIPTS=[.apps]CA-1_1.pl, [.apps]tsget-1_1.pl - {- output_on() if $disabled{apps}; "" -} - - APPS_OPENSSL={- use File::Spec::Functions; -Index: openssl-1.1.1s/VMS/openssl_utils.com.in -=================================================================== ---- openssl-1.1.1s.orig/VMS/openssl_utils.com.in -+++ openssl-1.1.1s/VMS/openssl_utils.com.in + o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) +--- a/VMS/openssl_utils.com.in ++++ b/VMS/openssl_utils.com.in @@ -8,7 +8,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL'v' $ $ IF F$TYPE(PERL) .EQS. "STRING" @@ -165,10 +127,8 @@ Index: openssl-1.1.1s/VMS/openssl_utils.com.in $ ELSE $ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH" $ ENDIF -Index: openssl-1.1.1s/apps/CA.pl.in -=================================================================== ---- openssl-1.1.1s.orig/apps/CA.pl.in -+++ openssl-1.1.1s/apps/CA.pl.in +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in @@ -113,10 +113,10 @@ sub run @@ -184,10 +144,8 @@ Index: openssl-1.1.1s/apps/CA.pl.in exit 0; } if ($WHAT eq '-newcert' ) { -Index: openssl-1.1.1s/apps/build.info -=================================================================== ---- openssl-1.1.1s.orig/apps/build.info -+++ openssl-1.1.1s/apps/build.info +--- a/apps/build.info ++++ b/apps/build.info @@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}] GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) DEPEND[progs.h]=../configdata.pm @@ -199,10 +157,8 @@ Index: openssl-1.1.1s/apps/build.info + SOURCE[CA-1_1.pl]=CA.pl.in + SOURCE[tsget-1_1.pl]=tsget.in ENDIF -Index: openssl-1.1.1s/apps/tsget.in -=================================================================== ---- openssl-1.1.1s.orig/apps/tsget.in -+++ openssl-1.1.1s/apps/tsget.in +--- a/apps/tsget.in ++++ b/apps/tsget.in @@ -47,7 +47,7 @@ sub create_curl { $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; $curl->setopt(CURLOPT_FAILONERROR, 1); @@ -212,10 +168,19 @@ Index: openssl-1.1.1s/apps/tsget.in # Options for POST method. $curl->setopt(CURLOPT_UPLOAD, 1); -Index: openssl-1.1.1s/doc/man1/CA.pl.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/CA.pl.pod -+++ openssl-1.1.1s/doc/man1/CA.pl.pod +--- a/doc/HOWTO/certificates.txt ++++ b/doc/HOWTO/certificates.txt +@@ -16,7 +16,7 @@ Certificate authorities should read http + In all the cases shown below, the standard configuration file, as + compiled into openssl, will be used. You may find it in /etc/, + /usr/local/ssl/ or somewhere else. By default the file is named +-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. ++openssl-1_1.cnf and is described at https://www.openssl.org/docs/apps/config.html. + You can specify a different configuration file using the + '-config {file}' argument with the commands shown below. + +--- a/doc/man1/CA.pl.pod ++++ b/doc/man1/CA.pl.pod @@ -2,16 +2,16 @@ =head1 NAME @@ -318,10 +283,8 @@ Index: openssl-1.1.1s/doc/man1/CA.pl.pod can be used and the B environment variable changed to point to the correct path of the configuration file. -Index: openssl-1.1.1s/doc/man1/ca.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/ca.pod -+++ openssl-1.1.1s/doc/man1/ca.pod +--- a/doc/man1/ca.pod ++++ b/doc/man1/ca.pod @@ -698,7 +698,7 @@ the database has to be kept in memory. The B command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility @@ -340,10 +303,8 @@ Index: openssl-1.1.1s/doc/man1/ca.pod L, L =head1 COPYRIGHT -Index: openssl-1.1.1s/doc/man1/rehash.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/rehash.pod -+++ openssl-1.1.1s/doc/man1/rehash.pod +--- a/doc/man1/rehash.pod ++++ b/doc/man1/rehash.pod @@ -6,7 +6,7 @@ Original text by James Westby, contribut =head1 NAME @@ -379,10 +340,8 @@ Index: openssl-1.1.1s/doc/man1/rehash.pod uses the B program to compute the hashes and fingerprints. If not found in the user's B, then set the B environment variable to the full pathname. -Index: openssl-1.1.1s/doc/man1/tsget.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/tsget.pod -+++ openssl-1.1.1s/doc/man1/tsget.pod +--- a/doc/man1/tsget.pod ++++ b/doc/man1/tsget.pod @@ -35,7 +35,7 @@ line. The tool sends the following HTTP request for each timestamp request: @@ -401,10 +360,8 @@ Index: openssl-1.1.1s/doc/man1/tsget.pod OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional) -Index: openssl-1.1.1s/doc/man1/verify.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/verify.pod -+++ openssl-1.1.1s/doc/man1/verify.pod +--- a/doc/man1/verify.pod ++++ b/doc/man1/verify.pod @@ -75,7 +75,7 @@ The file should contain one or more cert A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this @@ -414,10 +371,8 @@ Index: openssl-1.1.1s/doc/man1/verify.pod create symbolic links to a directory of certificates. =item B<-no-CAfile> -Index: openssl-1.1.1s/doc/man1/x509.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man1/x509.pod -+++ openssl-1.1.1s/doc/man1/x509.pod +--- a/doc/man1/x509.pod ++++ b/doc/man1/x509.pod @@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a @@ -427,10 +382,19 @@ Index: openssl-1.1.1s/doc/man1/x509.pod =head1 COPYRIGHT -Index: openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod -=================================================================== ---- openssl-1.1.1s.orig/doc/man3/SSL_CTX_load_verify_locations.pod -+++ openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod +--- a/doc/man3/OPENSSL_config.pod ++++ b/doc/man3/OPENSSL_config.pod +@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp + + =head1 DESCRIPTION + +-OPENSSL_config() configures OpenSSL using the standard B and ++OPENSSL_config() configures OpenSSL using the standard B and + reads from the application section B. If B is NULL then + the default section, B, will be used. + Errors are silently ignored. +--- a/doc/man3/SSL_CTX_load_verify_locations.pod ++++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -63,7 +63,7 @@ If more than one CA certificate with the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other @@ -449,10 +413,30 @@ Index: openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod =head1 SEE ALSO -Index: openssl-1.1.1s/test/recipes/80-test_ca.t -=================================================================== ---- openssl-1.1.1s.orig/test/recipes/80-test_ca.t -+++ openssl-1.1.1s/test/recipes/80-test_ca.t +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat + =head1 DESCRIPTION + + The OpenSSL CONF library can be used to read configuration files. +-It is used for the OpenSSL master configuration file B ++It is used for the OpenSSL master configuration file B + and in a few other places like B files and certificate extension + files for the B utility. OpenSSL applications can also use the + CONF library for their own purposes. +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO; + typedef struct mem_st MEM; + DEFINE_LHASH_OF(MEM); + +-# define OPENSSL_CONF "openssl.cnf" ++# define OPENSSL_CONF "openssl-1_1.cnf" + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR +--- a/test/recipes/80-test_ca.t ++++ b/test/recipes/80-test_ca.t @@ -27,27 +27,27 @@ plan tests => 5; SKIP: { $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; @@ -486,10 +470,8 @@ Index: openssl-1.1.1s/test/recipes/80-test_ca.t 'creating new pre-certificate'); } -Index: openssl-1.1.1s/tools/build.info -=================================================================== ---- openssl-1.1.1s.orig/tools/build.info -+++ openssl-1.1.1s/tools/build.info +--- a/tools/build.info ++++ b/tools/build.info @@ -1,5 +1,5 @@ {- our $c_rehash_name = - $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash"; @@ -497,10 +479,8 @@ Index: openssl-1.1.1s/tools/build.info "" -} IF[{- !$disabled{apps} -}] SCRIPTS={- $c_rehash_name -} -Index: openssl-1.1.1s/tools/c_rehash.in -=================================================================== ---- openssl-1.1.1s.orig/tools/c_rehash.in -+++ openssl-1.1.1s/tools/c_rehash.in +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in @@ -8,7 +8,7 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 044f2a5..391f373 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,73 @@ +------------------------------------------------------------------- +Tue Feb 7 15:59:21 UTC 2023 - Otto Hollmann + +- Update to 1.1.1t: + * Fixed X.400 address type confusion in X.509 GeneralName. + There is a type confusion vulnerability relating to X.400 address processing + inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING + but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This + vulnerability may allow an attacker who can provide a certificate chain and + CRL (neither of which need have a valid signature) to pass arbitrary + pointers to a memcmp call, creating a possible read primitive, subject to + some constraints. Refer to the advisory for more information. Thanks to + David Benjamin for discovering this issue. [bsc#1207533, CVE-2023-0286] + + This issue has been fixed by changing the public header file definition of + GENERAL_NAME so that x400Address reflects the implementation. It was not + possible for any existing application to successfully use the existing + definition; however, if any application references the x400Address field + (e.g. in dead code), note that the type of this field has changed. There is + no ABI change. + * Fixed Use-after-free following BIO_new_NDEF. + The public API function BIO_new_NDEF is a helper function used for + streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL + to support the SMIME, CMS and PKCS7 streaming capabilities, but may also + be called directly by end user applications. + + The function receives a BIO from the caller, prepends a new BIO_f_asn1 + filter BIO onto the front of it to form a BIO chain, and then returns + the new head of the BIO chain to the caller. Under certain conditions, + for example if a CMS recipient public key is invalid, the new filter BIO + is freed and the function returns a NULL result indicating a failure. + However, in this case, the BIO chain is not properly cleaned up and the + BIO passed by the caller still retains internal pointers to the previously + freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO + then a use-after-free will occur. This will most likely result in a crash. + [bsc#1207536, CVE-2023-0215] + * Fixed Double free after calling PEM_read_bio_ex. + The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and + decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload + data. If the function succeeds then the "name_out", "header" and "data" + arguments are populated with pointers to buffers containing the relevant + decoded data. The caller is responsible for freeing those buffers. It is + possible to construct a PEM file that results in 0 bytes of payload data. + In this case PEM_read_bio_ex() will return a failure code but will populate + the header argument with a pointer to a buffer that has already been freed. + If the caller also frees this buffer then a double free will occur. This + will most likely lead to a crash. + + The functions PEM_read_bio() and PEM_read() are simple wrappers around + PEM_read_bio_ex() and therefore these functions are also directly affected. + + These functions are also called indirectly by a number of other OpenSSL + functions including PEM_X509_INFO_read_bio_ex() and + SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL + internal uses of these functions are not vulnerable because the caller does + not free the header argument if PEM_read_bio_ex() returns a failure code. + [bsc#1207538, CVE-2022-4450] + [Kurt Roeckx, Matt Caswell] + * Fixed Timing Oracle in RSA Decryption. + A timing based side channel exists in the OpenSSL RSA Decryption + implementation which could be sufficient to recover a plaintext across + a network in a Bleichenbacher style attack. To achieve a successful + decryption an attacker would have to be able to send a very large number + of trial messages for decryption. The vulnerability affects all RSA padding + modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. + [bsc#1207534, CVE-2022-4304] + * Rebased openssl-1_1-openssl-config.patch + * Update openssl.keyring with key + 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte) + ------------------------------------------------------------------- Wed Dec 14 12:56:06 UTC 2022 - Pedro Monreal diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 14a852d..52be0a1 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -41,7 +41,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" meta-package! -Version: 1.1.1s +Version: 1.1.1t Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL diff --git a/openssl.keyring b/openssl.keyring index e406ce6..6c3798e 100644 --- a/openssl.keyring +++ b/openssl.keyring @@ -1,113 +1,94 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C +Comment: Richard Levitte +Comment: Richard Levitte +Comment: Richard Levitte -mQINBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr -55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH -F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi -UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag -pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K -/Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv -MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8 -laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB -HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3 -zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06 -YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB -tBtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz6JAlQEEwEIAD4WIQSiH6t0sAiK -o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe -AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy -U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE -KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W -nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh -1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I -m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj -kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD -IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M -8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6 -z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41 -xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM -MriPFbQfVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PokCVAQTAQgAPhYh -BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL -AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk -8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO -UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv -FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW -FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q -UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy -Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS -2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW -kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm -T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI -yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I -8tmXB4BcoHFB9N0AtCFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz6J -AlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL -CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh -KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo -2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ -+J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4 -yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M -cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A -ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly -Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y -q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt -Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj -hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI -w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZbkCDQRg8UyoARAApiWRrHjdEu9Fp2yd7K93 -VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27 -1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp -djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50 -IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK -bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn -gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w -NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh -D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H -a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB -HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc -nAaLOI/nw1ydegw8F+s1ALEAEQEAAYkEcgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv -Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy -Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+ -otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5 -SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358 -cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0 -8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ -vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV -yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A -HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg -K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs -aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh -uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE -cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk -RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F -9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/ -JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g -muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN -86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr -HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S -DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE -ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro -uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY -YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl -JKbGoqC+wchHmOK5Ag0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u -aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq -oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7 -FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM -ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL -vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+ -i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb -PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum -ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE -N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH -eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs -LQ1kotFTABEBAAGJAjwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM -JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh -QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB -uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS -nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u -sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD -NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C -nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE -FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ -qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX -Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc -zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2 -TIdjvGbJ/k4qxw== -=Ctij +xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx +5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl +G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr +94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B +iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD +F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW +Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ +DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH +3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+ +y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L +732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB +zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd +AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8 +PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q +CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt +hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845 ++7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5 +cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA +dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b +6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7 +zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66 +M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1 +DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ +N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb +jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB +AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu +jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX +jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY +TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd +x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv +nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue +W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r +d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy +nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp +G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6 +JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI +uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX +lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v +cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ +AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj +h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh +4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd +ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1 +C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6 +MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA +nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4 ++1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY +k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9 +fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W +3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF +IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD +AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp +5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y +dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl +vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO +e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04 +QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5 +1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6 +u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8 +La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0 +S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA +zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35 +wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw +azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj +U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV +9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk +HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM +el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1 +nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt +c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ +Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+ +sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh +ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz +5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB +AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr +2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M +oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn +a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5 +WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp +zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7 +9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3 +WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA +WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/ +pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7 +Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV +/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY= +=1H60 -----END PGP PUBLIC KEY BLOCK-----