Accepting request 1063662 from home:ohollmann:branches:security:tls
- Update to 3.0.8: * Fixed NULL dereference during PKCS7 data verification. A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. ([bsc#1207541, CVE-2023-0401]) PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. * Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. ([bsc#1207533, CVE-2023-0286]) * Fixed NULL dereference validating DSA public key. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the OBS-URL: https://build.opensuse.org/request/show/1063662 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=53
This commit is contained in:
parent
9250deebcd
commit
0620c0c33d
@ -1,34 +0,0 @@
|
|||||||
From 4d0340a6d2f327700a059f0b8f954d6160f8eef5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pauli <pauli@openssl.org>
|
|
||||||
Date: Fri, 11 Nov 2022 09:40:19 +1100
|
|
||||||
Subject: [PATCH] x509: fix double locking problem
|
|
||||||
|
|
||||||
This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
|
|
||||||
redundant flag setting.
|
|
||||||
|
|
||||||
Fixes #19643
|
|
||||||
|
|
||||||
Fixes LOW CVE-2022-3996
|
|
||||||
|
|
||||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/19652)
|
|
||||||
---
|
|
||||||
crypto/x509/pcy_map.c | 4 ----
|
|
||||||
1 file changed, 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
|
|
||||||
index 05406c6493f..60dfd1e3203 100644
|
|
||||||
--- a/crypto/x509/pcy_map.c
|
|
||||||
+++ b/crypto/x509/pcy_map.c
|
|
||||||
@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
|
|
||||||
|
|
||||||
ret = 1;
|
|
||||||
bad_mapping:
|
|
||||||
- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
|
|
||||||
- x->ex_flags |= EXFLAG_INVALID_POLICY;
|
|
||||||
- CRYPTO_THREAD_unlock(x->lock);
|
|
||||||
- }
|
|
||||||
sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
|
|
||||||
return ret;
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e
|
|
||||||
size 15107575
|
|
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQJGBAABCAAwFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmNhKfISHHRvbWFzQG9w
|
|
||||||
ZW5zc2wub3JnAAoJEFJ0ZqIcp55tQ84P/3vLj5HFHCSjkdthzR+sdxD+ndrdjOgT
|
|
||||||
ToEGqkAntayT8eVwcWNTum71JNc3XCZZEa3KvuvuiK7+emYAhk+zV/R0obyKnNqu
|
|
||||||
it7ZbhMxgWfJnXYIz6aOAZQMYyMr2EFazd5avnR4lY3DkGdvdKC/Gwx7WT+KvOZN
|
|
||||||
xsrYEkupa23VFdah/pcaR+3FIYRPBn5Y8qwRIpXsPm8GZMHbJF2N4BpTEQFuwZtQ
|
|
||||||
RuHnNheqeJp9DFMcGQdjYU7GTSEL8sh1QgwG+WFp0zVUWoPMzb7IfGRXQK4SHuE4
|
|
||||||
qPcQOT7X7nwiFgQGDYClzlkCyduX0LCJMBl+QMOoYTj/HjXejgucrKSlZpInsfD5
|
|
||||||
jAm1vyX0SKNaQ5mAXOmruBcztDAsag+XedmLlodZMgjBp3wyq8VyY2dg/EQXCHtn
|
|
||||||
B/K3vJJj9kJADYD0WVre4n8x5v87lFyTHvrDvtLgZeIs8jUho7Fh9Vr5aYLqAvZ5
|
|
||||||
mR4ZJYmv+K+/h4oNn2j6Q0IclOmjfq0UxB46G0l9yfr/yWo5xebwwa5HPNxwCySg
|
|
||||||
+sAY0/yBoZmcI7POjtbWz6ZJr4nOvwhxnFcIlLxvgJIrNHJJNGHHYT5vCFEuNM/W
|
|
||||||
8QS2+iEoTnYNi46G0q5Zr2VW2UsZGodcPO51RyWZd+EvsH+1D9ZxQxjuUzidrksy
|
|
||||||
vulYjGcU9Di4
|
|
||||||
=72eE
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
openssl-3.0.8.tar.gz
Normal file
3
openssl-3.0.8.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
|
||||||
|
size 15151328
|
16
openssl-3.0.8.tar.gz.asc
Normal file
16
openssl-3.0.8.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVZsACgkQ1enkP335
|
||||||
|
7owJ6BAAk2EnBElYMTM3SuqLDp4fdf2EhSfhxWG45Q9oV8BQ3Th/l8zia/pIOLs7
|
||||||
|
Pt6MXYhdd6IdVij5HMMR/ZMUJi/YnYG9lhhJ+p4NTHP+Tc4UjHoexJQuDZk9jM6y
|
||||||
|
zynSONsuIZRAXI4hiJ2Lg5X0iLhEuYBblPUDDdkO8ojTYkEohMQDj4Jt63vVPylV
|
||||||
|
m+tIDFVfYVQpXnORvy0LNDyjQhDb+gEEnAt8XwpE9FnrvkREHM1WQgmI4+1FLXBc
|
||||||
|
MaCWoFGEmFRMqxbqEjrtnCCafFcCKGYQnozrdN8VK62xGhDEOwEwjgzW00rm1TIG
|
||||||
|
eKOp9XOwcZehM5VR622eD/N4A96ET5Q3WOgqc76I8sWmx0lu/PaXl5bZcAeZpG4v
|
||||||
|
dYI926XSaSsrQ2ADhpgl02vLTVISMejmTNrxZjci0Ce76xjFfcxutD8wppL9Zqg4
|
||||||
|
dwmpW8+qpgXZ+ABN6qYWsIXVHijJcyJgmFdQdcF/FfjVRxviCncz2i5dyUNUgw6Z
|
||||||
|
+nLlYNfk+6v0EVIgIA3rw8TGKGom3m1+d41KAMdEAET6n1D/SKbJxCyyYlBBGZBT
|
||||||
|
7Vd5u2zEjMK4b0Iv81Nq4YsActWk69PULfkYLgRGSvBFtpIn9g9RgV7hKlFTvZ/5
|
||||||
|
S4A8XH/qrlSk+jb2Bl7qlgyZceDti8Ef6Ktz9YDdH0O133BRxAQ=
|
||||||
|
=FUbH
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,135 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 7 15:43:22 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.0.8:
|
||||||
|
* Fixed NULL dereference during PKCS7 data verification.
|
||||||
|
A NULL pointer can be dereferenced when signatures are being
|
||||||
|
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
|
||||||
|
algorithm used for the signature is known to the OpenSSL library but
|
||||||
|
the implementation of the hash algorithm is not available the digest
|
||||||
|
initialization will fail. There is a missing check for the return
|
||||||
|
value from the initialization function which later leads to invalid
|
||||||
|
usage of the digest API most likely leading to a crash.
|
||||||
|
([bsc#1207541, CVE-2023-0401])
|
||||||
|
|
||||||
|
PKCS7 data is processed by the SMIME library calls and also by the
|
||||||
|
time stamp (TS) library calls. The TLS implementation in OpenSSL does
|
||||||
|
not call these functions however third party applications would be
|
||||||
|
affected if they call these functions to verify signatures on untrusted
|
||||||
|
data.
|
||||||
|
* Fixed X.400 address type confusion in X.509 GeneralName.
|
||||||
|
There is a type confusion vulnerability relating to X.400 address processing
|
||||||
|
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
|
||||||
|
but the public structure definition for GENERAL_NAME incorrectly specified
|
||||||
|
the type of the x400Address field as ASN1_TYPE. This field is subsequently
|
||||||
|
interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather
|
||||||
|
than an ASN1_STRING.
|
||||||
|
|
||||||
|
When CRL checking is enabled (i.e. the application sets the
|
||||||
|
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to
|
||||||
|
pass arbitrary pointers to a memcmp call, enabling them to read memory
|
||||||
|
contents or enact a denial of service.
|
||||||
|
([bsc#1207533, CVE-2023-0286])
|
||||||
|
* Fixed NULL dereference validating DSA public key.
|
||||||
|
An invalid pointer dereference on read can be triggered when an
|
||||||
|
application tries to check a malformed DSA public key by the
|
||||||
|
EVP_PKEY_public_check() function. This will most likely lead
|
||||||
|
to an application crash. This function can be called on public
|
||||||
|
keys supplied from untrusted sources which could allow an attacker
|
||||||
|
to cause a denial of service attack.
|
||||||
|
|
||||||
|
The TLS implementation in OpenSSL does not call this function
|
||||||
|
but applications might call the function if there are additional
|
||||||
|
security requirements imposed by standards such as FIPS 140-3.
|
||||||
|
([bsc#1207540, CVE-2023-0217])
|
||||||
|
* Fixed Invalid pointer dereference in d2i_PKCS7 functions.
|
||||||
|
An invalid pointer dereference on read can be triggered when an
|
||||||
|
application tries to load malformed PKCS7 data with the
|
||||||
|
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
|
||||||
|
|
||||||
|
The result of the dereference is an application crash which could
|
||||||
|
lead to a denial of service attack. The TLS implementation in OpenSSL
|
||||||
|
does not call this function however third party applications might
|
||||||
|
call these functions on untrusted data.
|
||||||
|
([bsc#1207539, CVE-2023-0216])
|
||||||
|
* Fixed Use-after-free following BIO_new_NDEF.
|
||||||
|
The public API function BIO_new_NDEF is a helper function used for
|
||||||
|
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
|
||||||
|
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
|
||||||
|
be called directly by end user applications.
|
||||||
|
|
||||||
|
The function receives a BIO from the caller, prepends a new BIO_f_asn1
|
||||||
|
filter BIO onto the front of it to form a BIO chain, and then returns
|
||||||
|
the new head of the BIO chain to the caller. Under certain conditions,
|
||||||
|
for example if a CMS recipient public key is invalid, the new filter BIO
|
||||||
|
is freed and the function returns a NULL result indicating a failure.
|
||||||
|
However, in this case, the BIO chain is not properly cleaned up and the
|
||||||
|
BIO passed by the caller still retains internal pointers to the previously
|
||||||
|
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
|
||||||
|
then a use-after-free will occur. This will most likely result in a crash.
|
||||||
|
([bsc#1207536, CVE-2023-0215])
|
||||||
|
* Fixed Double free after calling PEM_read_bio_ex.
|
||||||
|
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
|
||||||
|
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
|
||||||
|
data. If the function succeeds then the "name_out", "header" and "data"
|
||||||
|
arguments are populated with pointers to buffers containing the relevant
|
||||||
|
decoded data. The caller is responsible for freeing those buffers. It is
|
||||||
|
possible to construct a PEM file that results in 0 bytes of payload data.
|
||||||
|
In this case PEM_read_bio_ex() will return a failure code but will populate
|
||||||
|
the header argument with a pointer to a buffer that has already been freed.
|
||||||
|
If the caller also frees this buffer then a double free will occur. This
|
||||||
|
will most likely lead to a crash.
|
||||||
|
|
||||||
|
The functions PEM_read_bio() and PEM_read() are simple wrappers around
|
||||||
|
PEM_read_bio_ex() and therefore these functions are also directly affected.
|
||||||
|
|
||||||
|
These functions are also called indirectly by a number of other OpenSSL
|
||||||
|
functions including PEM_X509_INFO_read_bio_ex() and
|
||||||
|
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
|
||||||
|
internal uses of these functions are not vulnerable because the caller does
|
||||||
|
not free the header argument if PEM_read_bio_ex() returns a failure code.
|
||||||
|
([bsc#1207538, CVE-2022-4450])
|
||||||
|
* Fixed Timing Oracle in RSA Decryption.
|
||||||
|
A timing based side channel exists in the OpenSSL RSA Decryption
|
||||||
|
implementation which could be sufficient to recover a plaintext across
|
||||||
|
a network in a Bleichenbacher style attack. To achieve a successful
|
||||||
|
decryption an attacker would have to be able to send a very large number
|
||||||
|
of trial messages for decryption. The vulnerability affects all RSA padding
|
||||||
|
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
|
||||||
|
([bsc#1207534, CVE-2022-4304])
|
||||||
|
* Fixed X.509 Name Constraints Read Buffer Overflow.
|
||||||
|
A read buffer overrun can be triggered in X.509 certificate verification,
|
||||||
|
specifically in name constraint checking. The read buffer overrun might
|
||||||
|
result in a crash which could lead to a denial of service attack.
|
||||||
|
In a TLS client, this can be triggered by connecting to a malicious
|
||||||
|
server. In a TLS server, this can be triggered if the server requests
|
||||||
|
client authentication and a malicious client connects.
|
||||||
|
([bsc#1207535, CVE-2022-4203])
|
||||||
|
* Fixed X.509 Policy Constraints Double Locking security issue.
|
||||||
|
If an X.509 certificate contains a malformed policy constraint and
|
||||||
|
policy processing is enabled, then a write lock will be taken twice
|
||||||
|
recursively. On some operating systems (most widely: Windows) this
|
||||||
|
results in a denial of service when the affected process hangs. Policy
|
||||||
|
processing being enabled on a publicly facing server is not considered
|
||||||
|
to be a common setup.
|
||||||
|
([CVE-2022-3996])
|
||||||
|
* Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and
|
||||||
|
`OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
|
||||||
|
`OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and
|
||||||
|
default to `POINT_CONVERSION_UNCOMPRESSED`) when exporting
|
||||||
|
`OSSL_PKEY_PARAM_PUB_KEY`, instead of unconditionally using
|
||||||
|
`POINT_CONVERSION_COMPRESSED` as in previous 3.x releases.
|
||||||
|
For symmetry, our implementation of `EVP_PKEY_ASN1_METHOD->export_to`
|
||||||
|
for legacy EC and SM2 keys is also changed similarly to honor the
|
||||||
|
equivalent conversion format flag as specified in the underlying
|
||||||
|
`EC_KEY` object being exported to a provider, when this function is
|
||||||
|
called through `EVP_PKEY_export()`.
|
||||||
|
* Removed openssl-3-Fix-double-locking-problem.patch,
|
||||||
|
contained in upstream.
|
||||||
|
* Rebased openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
||||||
|
* Update openssl.keyring with key
|
||||||
|
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C (Richard Levitte)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 26 08:17:50 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
Thu Jan 26 08:17:50 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
%define man_suffix 3ssl
|
%define man_suffix 3ssl
|
||||||
Name: openssl-3
|
Name: openssl-3
|
||||||
# Don't forget to update the version in the "openssl" meta-package!
|
# Don't forget to update the version in the "openssl" meta-package!
|
||||||
Version: 3.0.7
|
Version: 3.0.8
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Secure Sockets and Transport Layer Security
|
Summary: Secure Sockets and Transport Layer Security
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -46,8 +46,7 @@ Patch6: openssl-no-date.patch
|
|||||||
# Add crypto-policies support
|
# Add crypto-policies support
|
||||||
Patch7: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
Patch7: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
||||||
Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch
|
Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch
|
||||||
# PATCH-FIX-UPSTREAM bsc#1206374 CVE-2022-3996 X.509 Policy Constraints Double Locking
|
|
||||||
Patch9: openssl-3-Fix-double-locking-problem.patch
|
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: pkgconfig(zlib)
|
BuildRequires: pkgconfig(zlib)
|
||||||
Requires: libopenssl3 = %{version}-%{release}
|
Requires: libopenssl3 = %{version}-%{release}
|
||||||
@ -71,6 +70,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
|
|||||||
|
|
||||||
%package -n libopenssl3
|
%package -n libopenssl3
|
||||||
Summary: Secure Sockets and Transport Layer Security
|
Summary: Secure Sockets and Transport Layer Security
|
||||||
|
License: Apache-2.0
|
||||||
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
|
||||||
Requires: crypto-policies
|
Requires: crypto-policies
|
||||||
%endif
|
%endif
|
||||||
@ -89,6 +89,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
|
|||||||
|
|
||||||
%package -n libopenssl-3-devel
|
%package -n libopenssl-3-devel
|
||||||
Summary: Development files for OpenSSL
|
Summary: Development files for OpenSSL
|
||||||
|
License: Apache-2.0
|
||||||
Requires: libopenssl3 = %{version}
|
Requires: libopenssl3 = %{version}
|
||||||
Requires: pkgconfig(zlib)
|
Requires: pkgconfig(zlib)
|
||||||
Recommends: %{name} = %{version}
|
Recommends: %{name} = %{version}
|
||||||
@ -106,6 +107,7 @@ that want to make use of the OpenSSL C API.
|
|||||||
|
|
||||||
%package doc
|
%package doc
|
||||||
Summary: Additional Package Documentation
|
Summary: Additional Package Documentation
|
||||||
|
License: Apache-2.0
|
||||||
Conflicts: openssl-doc
|
Conflicts: openssl-doc
|
||||||
Provides: openssl-doc = %{version}
|
Provides: openssl-doc = %{version}
|
||||||
Obsoletes: openssl-doc < %{version}
|
Obsoletes: openssl-doc < %{version}
|
||||||
|
@ -6,19 +6,17 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
|
|||||||
(was openssl-1.1.1-system-cipherlist.patch)
|
(was openssl-1.1.1-system-cipherlist.patch)
|
||||||
---
|
---
|
||||||
Configurations/unix-Makefile.tmpl | 5 ++
|
Configurations/unix-Makefile.tmpl | 5 ++
|
||||||
Configure | 10 +++-
|
Configure | 11 ++++
|
||||||
doc/man1/openssl-ciphers.pod.in | 9 ++++
|
doc/man1/openssl-ciphers.pod.in | 9 +++
|
||||||
include/openssl/ssl.h.in | 5 ++
|
include/openssl/ssl.h.in | 5 ++
|
||||||
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
|
ssl/ssl_ciph.c | 87 +++++++++++++++++++++++++++++++++-----
|
||||||
ssl/ssl_lib.c | 4 +-
|
ssl/ssl_lib.c | 4 -
|
||||||
test/cipherlist_test.c | 2 +
|
test/cipherlist_test.c | 2
|
||||||
util/libcrypto.num | 1 +
|
util/libcrypto.num | 1
|
||||||
8 files changed, 110 insertions(+), 14 deletions(-)
|
8 files changed, 110 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
Index: openssl-3.0.7/Configurations/unix-Makefile.tmpl
|
--- a/Configurations/unix-Makefile.tmpl
|
||||||
===================================================================
|
+++ b/Configurations/unix-Makefile.tmpl
|
||||||
--- openssl-3.0.7.orig/Configurations/unix-Makefile.tmpl
|
|
||||||
+++ openssl-3.0.7/Configurations/unix-Makefile.tmpl
|
|
||||||
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||||
HTMLDIR=$(DOCDIR)/html
|
HTMLDIR=$(DOCDIR)/html
|
||||||
@ -38,10 +36,49 @@ Index: openssl-3.0.7/Configurations/unix-Makefile.tmpl
|
|||||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||||
@{$config{CPPFLAGS}}) -}
|
@{$config{CPPFLAGS}}) -}
|
||||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||||
Index: openssl-3.0.7/doc/man1/openssl-ciphers.pod.in
|
--- a/Configure
|
||||||
===================================================================
|
+++ b/Configure
|
||||||
--- openssl-3.0.7.orig/doc/man1/openssl-ciphers.pod.in
|
@@ -27,7 +27,7 @@ use OpenSSL::config;
|
||||||
+++ openssl-3.0.7/doc/man1/openssl-ciphers.pod.in
|
my $orig_death_handler = $SIG{__DIE__};
|
||||||
|
$SIG{__DIE__} = \&death_handler;
|
||||||
|
|
||||||
|
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
|
||||||
|
my $banner = <<"EOF";
|
||||||
|
|
||||||
|
@@ -61,6 +61,10 @@ EOF
|
||||||
|
# given with --prefix.
|
||||||
|
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||||
|
# (Default: PREFIX/ssl)
|
||||||
|
+#
|
||||||
|
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
||||||
|
+# cipher is specified (default).
|
||||||
|
+#
|
||||||
|
# --banner=".." Output specified text instead of default completion banner
|
||||||
|
#
|
||||||
|
# -w Don't wait after showing a Configure warning
|
||||||
|
@@ -387,6 +391,7 @@ $config{prefix}="";
|
||||||
|
$config{openssldir}="";
|
||||||
|
$config{processor}="";
|
||||||
|
$config{libdir}="";
|
||||||
|
+$config{system_ciphers_file}="";
|
||||||
|
my $auto_threads=1; # enable threads automatically? true by default
|
||||||
|
my $default_ranlib;
|
||||||
|
|
||||||
|
@@ -989,6 +994,10 @@ while (@argvcopy)
|
||||||
|
die "FIPS key too long (64 bytes max)\n"
|
||||||
|
if length $1 > 64;
|
||||||
|
}
|
||||||
|
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||||
|
+ {
|
||||||
|
+ $config{system_ciphers_file}=$1;
|
||||||
|
+ }
|
||||||
|
elsif (/^--banner=(.*)$/)
|
||||||
|
{
|
||||||
|
$banner = $1 . "\n";
|
||||||
|
--- a/doc/man1/openssl-ciphers.pod.in
|
||||||
|
+++ b/doc/man1/openssl-ciphers.pod.in
|
||||||
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||||
|
|
||||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||||
@ -58,10 +95,8 @@ Index: openssl-3.0.7/doc/man1/openssl-ciphers.pod.in
|
|||||||
=item B<HIGH>
|
=item B<HIGH>
|
||||||
|
|
||||||
"High" encryption cipher suites. This currently means those with key lengths
|
"High" encryption cipher suites. This currently means those with key lengths
|
||||||
Index: openssl-3.0.7/include/openssl/ssl.h.in
|
--- a/include/openssl/ssl.h.in
|
||||||
===================================================================
|
+++ b/include/openssl/ssl.h.in
|
||||||
--- openssl-3.0.7.orig/include/openssl/ssl.h.in
|
|
||||||
+++ openssl-3.0.7/include/openssl/ssl.h.in
|
|
||||||
@@ -210,6 +210,11 @@ extern "C" {
|
@@ -210,6 +210,11 @@ extern "C" {
|
||||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||||
@ -74,10 +109,8 @@ Index: openssl-3.0.7/include/openssl/ssl.h.in
|
|||||||
|
|
||||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||||
# define SSL_SENT_SHUTDOWN 1
|
# define SSL_SENT_SHUTDOWN 1
|
||||||
Index: openssl-3.0.7/ssl/ssl_ciph.c
|
--- a/ssl/ssl_ciph.c
|
||||||
===================================================================
|
+++ b/ssl/ssl_ciph.c
|
||||||
--- openssl-3.0.7.orig/ssl/ssl_ciph.c
|
|
||||||
+++ openssl-3.0.7/ssl/ssl_ciph.c
|
|
||||||
@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -231,10 +264,8 @@ Index: openssl-3.0.7/ssl/ssl_ciph.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||||
Index: openssl-3.0.7/ssl/ssl_lib.c
|
--- a/ssl/ssl_lib.c
|
||||||
===================================================================
|
+++ b/ssl/ssl_lib.c
|
||||||
--- openssl-3.0.7.orig/ssl/ssl_lib.c
|
|
||||||
+++ openssl-3.0.7/ssl/ssl_lib.c
|
|
||||||
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||||
ctx->tls13_ciphersuites,
|
ctx->tls13_ciphersuites,
|
||||||
&(ctx->cipher_list),
|
&(ctx->cipher_list),
|
||||||
@ -253,10 +284,8 @@ Index: openssl-3.0.7/ssl/ssl_lib.c
|
|||||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||||
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
Index: openssl-3.0.7/test/cipherlist_test.c
|
--- a/test/cipherlist_test.c
|
||||||
===================================================================
|
+++ b/test/cipherlist_test.c
|
||||||
--- openssl-3.0.7.orig/test/cipherlist_test.c
|
|
||||||
+++ openssl-3.0.7/test/cipherlist_test.c
|
|
||||||
@@ -246,7 +246,9 @@ end:
|
@@ -246,7 +246,9 @@ end:
|
||||||
|
|
||||||
int setup_tests(void)
|
int setup_tests(void)
|
||||||
@ -267,55 +296,10 @@ Index: openssl-3.0.7/test/cipherlist_test.c
|
|||||||
ADD_TEST(test_default_cipherlist_explicit);
|
ADD_TEST(test_default_cipherlist_explicit);
|
||||||
ADD_TEST(test_default_cipherlist_clear);
|
ADD_TEST(test_default_cipherlist_clear);
|
||||||
return 1;
|
return 1;
|
||||||
Index: openssl-3.0.7/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
===================================================================
|
+++ b/util/libcrypto.num
|
||||||
--- openssl-3.0.7.orig/util/libcrypto.num
|
@@ -5428,3 +5428,4 @@ EVP_PKEY_CTX_get0_provider
|
||||||
+++ openssl-3.0.7/util/libcrypto.num
|
|
||||||
@@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider
|
|
||||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||||
|
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
||||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
Index: openssl-3.0.7/Configure
|
|
||||||
===================================================================
|
|
||||||
--- openssl-3.0.7.orig/Configure
|
|
||||||
+++ openssl-3.0.7/Configure
|
|
||||||
@@ -27,7 +27,7 @@ use OpenSSL::config;
|
|
||||||
my $orig_death_handler = $SIG{__DIE__};
|
|
||||||
$SIG{__DIE__} = \&death_handler;
|
|
||||||
|
|
||||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
|
|
||||||
my $banner = <<"EOF";
|
|
||||||
|
|
||||||
@@ -61,6 +61,10 @@ EOF
|
|
||||||
# given with --prefix.
|
|
||||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
|
||||||
# (Default: PREFIX/ssl)
|
|
||||||
+#
|
|
||||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
|
||||||
+# cipher is specified (default).
|
|
||||||
+#
|
|
||||||
# --banner=".." Output specified text instead of default completion banner
|
|
||||||
#
|
|
||||||
# -w Don't wait after showing a Configure warning
|
|
||||||
@@ -387,6 +391,7 @@ $config{prefix}="";
|
|
||||||
$config{openssldir}="";
|
|
||||||
$config{processor}="";
|
|
||||||
$config{libdir}="";
|
|
||||||
+$config{system_ciphers_file}="";
|
|
||||||
my $auto_threads=1; # enable threads automatically? true by default
|
|
||||||
my $default_ranlib;
|
|
||||||
|
|
||||||
@@ -989,6 +994,10 @@ while (@argvcopy)
|
|
||||||
die "FIPS key too long (64 bytes max)\n"
|
|
||||||
if length $1 > 64;
|
|
||||||
}
|
|
||||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
|
||||||
+ {
|
|
||||||
+ $config{system_ciphers_file}=$1;
|
|
||||||
+ }
|
|
||||||
elsif (/^--banner=(.*)$/)
|
|
||||||
{
|
|
||||||
$banner = $1 . "\n";
|
|
||||||
|
201
openssl.keyring
201
openssl.keyring
@ -1,113 +1,94 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Comment: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||||
|
Comment: Richard Levitte <levitte@lp.se>
|
||||||
|
Comment: Richard Levitte <levitte@openssl.org>
|
||||||
|
Comment: Richard Levitte <richard@levitte.org>
|
||||||
|
|
||||||
mQINBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr
|
xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx
|
||||||
55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH
|
5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl
|
||||||
F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi
|
G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr
|
||||||
UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag
|
94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B
|
||||||
pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K
|
iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD
|
||||||
/Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv
|
F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW
|
||||||
MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8
|
Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ
|
||||||
laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB
|
DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH
|
||||||
HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3
|
3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+
|
||||||
zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06
|
y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L
|
||||||
YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB
|
732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB
|
||||||
tBtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz6JAlQEEwEIAD4WIQSiH6t0sAiK
|
zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd
|
||||||
o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe
|
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8
|
||||||
AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy
|
PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q
|
||||||
U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE
|
CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt
|
||||||
KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W
|
hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845
|
||||||
nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh
|
+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5
|
||||||
1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I
|
cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA
|
||||||
m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj
|
dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b
|
||||||
kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD
|
6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7
|
||||||
IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M
|
zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66
|
||||||
8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6
|
M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1
|
||||||
z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41
|
DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ
|
||||||
xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM
|
N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb
|
||||||
MriPFbQfVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PokCVAQTAQgAPhYh
|
jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB
|
||||||
BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL
|
AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu
|
||||||
AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk
|
jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX
|
||||||
8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO
|
jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY
|
||||||
UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv
|
TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd
|
||||||
FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW
|
x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv
|
||||||
FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q
|
nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue
|
||||||
UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy
|
W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r
|
||||||
Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS
|
d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy
|
||||||
2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW
|
nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp
|
||||||
kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm
|
G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6
|
||||||
T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI
|
JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI
|
||||||
yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I
|
uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX
|
||||||
8tmXB4BcoHFB9N0AtCFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz6J
|
lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v
|
||||||
AlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL
|
cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ
|
||||||
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh
|
AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj
|
||||||
KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo
|
h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh
|
||||||
2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ
|
4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd
|
||||||
+J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4
|
ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1
|
||||||
yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M
|
C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6
|
||||||
cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A
|
MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA
|
||||||
ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly
|
nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4
|
||||||
Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y
|
+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY
|
||||||
q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt
|
k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9
|
||||||
Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj
|
fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W
|
||||||
hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI
|
3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF
|
||||||
w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZbkCDQRg8UyoARAApiWRrHjdEu9Fp2yd7K93
|
IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD
|
||||||
VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27
|
AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp
|
||||||
1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp
|
5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y
|
||||||
djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50
|
dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl
|
||||||
IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK
|
vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO
|
||||||
bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn
|
e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04
|
||||||
gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w
|
QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5
|
||||||
NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh
|
1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6
|
||||||
D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H
|
u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8
|
||||||
a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB
|
La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0
|
||||||
HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc
|
S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA
|
||||||
nAaLOI/nw1ydegw8F+s1ALEAEQEAAYkEcgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv
|
zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35
|
||||||
Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy
|
wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw
|
||||||
Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+
|
azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj
|
||||||
otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5
|
U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV
|
||||||
SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358
|
9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk
|
||||||
cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0
|
HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM
|
||||||
8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ
|
el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1
|
||||||
vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV
|
nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt
|
||||||
yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A
|
c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ
|
||||||
HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg
|
Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+
|
||||||
K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs
|
sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh
|
||||||
aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh
|
ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz
|
||||||
uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE
|
5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB
|
||||||
cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk
|
AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr
|
||||||
RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F
|
2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M
|
||||||
9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/
|
oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn
|
||||||
JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g
|
a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5
|
||||||
muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN
|
WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp
|
||||||
86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr
|
zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7
|
||||||
HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S
|
9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3
|
||||||
DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE
|
WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA
|
||||||
ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro
|
WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/
|
||||||
uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY
|
pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7
|
||||||
YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl
|
Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV
|
||||||
JKbGoqC+wchHmOK5Ag0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u
|
/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY=
|
||||||
aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq
|
=1H60
|
||||||
oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7
|
|
||||||
FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM
|
|
||||||
ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL
|
|
||||||
vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+
|
|
||||||
i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb
|
|
||||||
PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum
|
|
||||||
ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE
|
|
||||||
N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH
|
|
||||||
eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs
|
|
||||||
LQ1kotFTABEBAAGJAjwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM
|
|
||||||
JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh
|
|
||||||
QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB
|
|
||||||
uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS
|
|
||||||
nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u
|
|
||||||
sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD
|
|
||||||
NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C
|
|
||||||
nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE
|
|
||||||
FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ
|
|
||||||
qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX
|
|
||||||
Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc
|
|
||||||
zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2
|
|
||||||
TIdjvGbJ/k4qxw==
|
|
||||||
=Ctij
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
Loading…
Reference in New Issue
Block a user