Accepting request 1071820 from security:tls:unstable

- Update to 3.1.0:
  * Add FIPS provider configuration option to enforce the Extended Master
    Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
    optionally be supplied to 'openssl fipsinstall'.
  * The FIPS provider includes a few non-approved algorithms for backward
    compatibility purposes and the "fips=yes" property query must be used for
    all algorithm fetches to ensure FIPS compliance. The algorithms that are
    included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
  * Added support for KMAC in KBKDF.
  * RNDR and RNDRRS support in provider functions to provide random number
    generation for Arm CPUs (aarch64).
  * s_client and s_server apps now explicitly say when the TLS version does not
    include the renegotiation mechanism. This avoids confusion between that
    scenario versus when the TLS version includes secure renegotiation but the
    peer lacks support for it.
  * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
  * The various OBJ_* functions have been made thread safe.
  * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
    capable processors.
  * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
    OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
    OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
    marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
    OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
    favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
    type-specific function definitions for these functions regardless of
    whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
    start receiving deprecation warnings for these functions regardless of
    whether they are using them. It is recommended that users transition to the
    new macro, DEFINE_LHASH_OF_EX.

OBS-URL: https://build.opensuse.org/request/show/1071820
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=57

openssl-3.0.8.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
-size 15151328

openssl-3.0.8.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAmPiVZsACgkQ1enkP335
-7owJ6BAAk2EnBElYMTM3SuqLDp4fdf2EhSfhxWG45Q9oV8BQ3Th/l8zia/pIOLs7
-Pt6MXYhdd6IdVij5HMMR/ZMUJi/YnYG9lhhJ+p4NTHP+Tc4UjHoexJQuDZk9jM6y
-zynSONsuIZRAXI4hiJ2Lg5X0iLhEuYBblPUDDdkO8ojTYkEohMQDj4Jt63vVPylV
-m+tIDFVfYVQpXnORvy0LNDyjQhDb+gEEnAt8XwpE9FnrvkREHM1WQgmI4+1FLXBc
-MaCWoFGEmFRMqxbqEjrtnCCafFcCKGYQnozrdN8VK62xGhDEOwEwjgzW00rm1TIG
-eKOp9XOwcZehM5VR622eD/N4A96ET5Q3WOgqc76I8sWmx0lu/PaXl5bZcAeZpG4v
-dYI926XSaSsrQ2ADhpgl02vLTVISMejmTNrxZjci0Ce76xjFfcxutD8wppL9Zqg4
-dwmpW8+qpgXZ+ABN6qYWsIXVHijJcyJgmFdQdcF/FfjVRxviCncz2i5dyUNUgw6Z
-+nLlYNfk+6v0EVIgIA3rw8TGKGom3m1+d41KAMdEAET6n1D/SKbJxCyyYlBBGZBT
-7Vd5u2zEjMK4b0Iv81Nq4YsActWk69PULfkYLgRGSvBFtpIn9g9RgV7hKlFTvZ/5
-S4A8XH/qrlSk+jb2Bl7qlgyZceDti8Ef6Ktz9YDdH0O133BRxAQ=
-=FUbH
------END PGP SIGNATURE-----

openssl-3.1.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4
+size 15525381

openssl-3.1.0.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmQQb54ACgkQ2cTSbQ5g
+RJGINAf9EsijdAcZ3BlsmP+HAt0oOhq2hrRru1Wd/KZ7pGJBVtitmVPPKiegRyL3
+/Y0zgnQvGQvBTQhTWRsT7Rp1LJc8q6P7KPMfh3jDYIk9p/bjI9w7LXOglXmUJQQ1
+aUu++AoVTxGjr7dpdLP80W+MJmdhp9Z3EqDU3Jrumada8JX/v25Y6V7nBX+e6xmB
+xn6acau1eKDFLOFgJ9aXTXwmHk17xWUw7dcW6RB9bQAMlLB3p/7Jkk4bJZU8eQ7t
+eCCZVSudH4kILogoPHGjU7XETYRa27b+djpWguGRIv2faqr65KP7JZUpl6LFiH1M
+087Nc1+uKdHfpps3OO6HIGcmf+ZrLQ==
+=bdJW
+-----END PGP SIGNATURE-----

openssl-3.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Tue Mar 14 13:34:13 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Update to 3.1.0:
+  * Add FIPS provider configuration option to enforce the Extended Master
+    Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
+    optionally be supplied to 'openssl fipsinstall'.
+  * The FIPS provider includes a few non-approved algorithms for backward
+    compatibility purposes and the "fips=yes" property query must be used for
+    all algorithm fetches to ensure FIPS compliance. The algorithms that are
+    included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
+  * Added support for KMAC in KBKDF.
+  * RNDR and RNDRRS support in provider functions to provide random number
+    generation for Arm CPUs (aarch64).
+  * s_client and s_server apps now explicitly say when the TLS version does not
+    include the renegotiation mechanism. This avoids confusion between that
+    scenario versus when the TLS version includes secure renegotiation but the
+    peer lacks support for it.
+  * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
+  * The various OBJ_* functions have been made thread safe.
+  * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
+    capable processors.
+  * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
+    OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
+    OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
+    marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
+    OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
+    favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
+    type-specific function definitions for these functions regardless of
+    whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
+    start receiving deprecation warnings for these functions regardless of
+    whether they are using them. It is recommended that users transition to the
+    new macro, DEFINE_LHASH_OF_EX.
+  * When generating safe-prime DH parameters set the recommended private key
+    length equivalent to minimum key lengths as in RFC 7919.
+  * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
+    maximum size that is smaller or equal to the digest length to comply with
+    FIPS 186-4 section 5. This is implemented by a new option
+    OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the
+    rsa_pss_saltlen parameter, which is now the default. Signature verification
+    is not affected by this change and continues to work as before.
+  * Update openssl.keyring with key
+    8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell)
+
 -------------------------------------------------------------------
 Wed Mar  8 10:37:09 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
 

openssl-3.spec

@@ -22,7 +22,7 @@
 %define man_suffix 3ssl
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" meta-package!
-Version:        3.0.8
+Version:        3.1.0
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        Apache-2.0

openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch

@@ -298,8 +298,8 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
      return 1;
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
-@@ -5428,3 +5428,4 @@ EVP_PKEY_CTX_get0_provider
- OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
- OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
- OSSL_CMP_CTX_reset_geninfo_ITAVs        5558	3_0_8	EXIST::FUNCTION:CMP
-+ossl_safe_getenv                        ?	3_0_0   EXIST::FUNCTION:
+@@ -5434,3 +5434,4 @@ RAND_set0_private
+ EVP_MD_CTX_dup                          5562	3_1_0	EXIST::FUNCTION:
+ EVP_CIPHER_CTX_dup                      5563	3_1_0	EXIST::FUNCTION:
+ BN_are_coprime                          5564	3_1_0	EXIST::FUNCTION:
++ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:

openssl.keyring

@@ -1,94 +1,41 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Comment: 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
-Comment: Richard Levitte <levitte@lp.se>
-Comment: Richard Levitte <levitte@openssl.org>
-Comment: Richard Levitte <richard@levitte.org>
+Comment: 8657 ABB2 60F0 56B1 E519  0839 D9C4 D26D 0E60 4491
+Comment: Matt Caswell <frodo@baggins.org>
+Comment: Matt Caswell <matt@openssl.org>
 
-xsFNBFQwazYBEAC01v949yFYzwbn0UkEkM3MHTrDqWbp+erhXqdVD5ymG/pXvmqx
-5KlxL1TZMuWEFuaq9EVkW8Wm5glk4D14IalIVKARAMDwqgNrPnw0GCAmNIf+Omvl
-G7gdsSR93eALJp1vvKZpeEVZj0M0gQ1i4QIIR8PMqs+2jaYyed4HhRYzUbGKZMnr
-94Onby8FIAYq0B79VqBv5NfMc2KEKrLXwuDSjtZd2TGB7qeLF7sCczyFoi5XTj+B
-iVfdxCzoYEa1Rjp5hGllVj85w2DdfKED/BW7VCel4H+WTZGqTFQ1e3kPo1KdqlwD
-F+Ci2JFU6myPy0LpHrNhn6FsdQGOuRKgYPycol7VzJHKtcGNMDkUFGV2DsgljQuW
-Sj5TNNX5umFCIIN94eLvHtV9bXP98yKB/5pr2JhagL6kdU7OE0c/mugA05gGQTUJ
-DeLNsRq54YC+CLyM9dxMvH7yB43yMfUvgKcSRt0sHUo8g5aOYdFq0SXQUr8+t/iH
-3t5/JxhqBik8FBiu0aISsTDUbvbxQQQe/LhfR+FWDZRFwHOL0VELapfw1whitGG+
-y+F9fQIJfa5yzEiC9AWYZjHRaFB7q6LAvF0V8vP+pkT157fTK63W53mt1+VPMt2L
-732i+/Cqy/6HzwOdnNnNyfEdvm2Jojs8KXN20vChnfUGifvTjxuiFib9sQARAQAB
-zR9SaWNoYXJkIExldml0dGUgPGxldml0dGVAbHAuc2U+wsGPBBMBAgAiBQJUMGwd
-AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8
-PcizspI5PtXp5D99+e6Mq7QP/iNhBEDJYRTrYc6JAmRIg6YyiKjeOx8kXtVCe9+q
-CzC+Y9ehyZB5Dyl0Ybej9jNJdEDJzDHKzVwU4NrfefcTWqUOQDNbpClGtXcQHlUt
-hjREPWpyAEH1OhD5NDTSMI5YYKZDEfiN6oEpWlc7WK0mXZuY5mHOo0B3yNDfV845
-+7CGPK9zuE56/f9SLmCaFsCkNMGbvV4ybLRoBfZdnC5NPOKyJXQ0TG0CbxGMgIN5
-cOrBphU+ZrPYY+p4jEoD5rvFugQl4+oRsvxygpJV5t8pe1ihNMhmzu3CpRtMjmRA
-dzK+27Z8p7m8BORuoC+NbXVpcmjIueXDkYdxP+09qUyw8xE398tAuEXpbCVoQ68b
-6NDCBpowgvUu34zxDn0wKdt2YGHB6z7Kl7b8RycWG3Y8u/Hs+l6QehEmiy6UKXl7
-zW3PIi3192WzElUi7TtG/btqC6YPs0U3SQMkNWzwkjbKM9bC4gPFMK05a8QENc66
-M+USWjNg0TiAkGP9PDlpYyhtjicCTgL51lDm8LBXr9cbzvXav7Jc6NVh7Zby89r1
-DsPFzfDkccOX6nSnqYMISmvRUGrGfgrkeeM0MNu93aPTrs+0fxq+HJIZEhX/YCyQ
-N4jqM+hQGh9bOwM7BacaP9F9vnq2hDK2WIXlWChX9Q70xArViJqzI8/76Ph1inPb
-jbJczSVSaWNoYXJkIExldml0dGUgPGxldml0dGVAb3BlbnNzbC5vcmc+wsGPBBMB
-AgAiBQJUMGwKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnu
-jBYhBHlTrB+8PcizspI5PtXp5D99+e6M1bAP/0byoJMiMsswapbBypQCT/vQmaoX
-jZzNcU4qAKlB5EMlHkxl1T8ytEXxmNMd/e0ltV9HALeBqX1eYHS7oTG3rMXKuYVY
-TO19eM2wLiCW664EUtOsB9zAnpp6X+8UWMoNEpWlEHgkdlADQ0xIrrH3pt29SAbd
-x0QsvwkWPawEoKMoUiGPnVY4hAt7Xx9gDmWEa2T6tExd9soBBTIuIpTH3MbAEHsv
-nBbdyarNltGF/pXYGMmGaYmU0WujqKzqpBpy3zwd0Rx1Kms5e0ZcypVzqx3Xgcue
-W8fbMPTZbG+Z922GUFDJ139WjAA2FsMJ9ES7XIIoJh/4nfBwk+PXcj29TieDnl2r
-d4x7Yxnqp4Vzau+IARz9Vr1OIFVlQbaSdXfmDFi/fvVf9CJZnWwcSwkqp4pk50Zy
-nEA+8TzEQj08jdj0+yrJNvbRxqbIafzSmoU77bANs4gc0WOdTTpvv4honUQROARp
-G/JT47hE7ATVGNdF7bmWNEyEYFtZMdGP0xD+K0xEgsir65aruVixVrNKxOX9wqx6
-JGzHTSTgtAVYAvMIsWJTLuCXZbMRmmmmubfyVaMAisz5UIYD+TCPncuJ1dMUW9WI
-uLNFGLTRGHri01EWe2epaHZWA0WB0cQZaeGpc7C986WskDi9SA9ZzCIGW4oQIBQX
-lRJjjYxIBCnjxtUWzSVSaWNoYXJkIExldml0dGUgPHJpY2hhcmRAbGV2aXR0ZS5v
-cmc+wsGSBBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVDBtJgIZ
-AQAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp5D99+e6MmN0P/AmpB8DasBnj
-h9fAlBM8kEZ23MHVdEguPWX8KBML4L6eVlWRn7hdfpvOS90Ll5LTdtWPAQs8lDYh
-4V86hIYgLK9tisZyby+5NT4dEl6CXgHbRjdDbp0xKfGc5F9jWzPZpG8ZdDz6Zbvd
-ooy/4ThXNS16HcsJRckan6oFjCNAWSNpXDYcLtA7+9ncimrC/C+kGYlyPWJGYZu1
-C3I+oL3+qWwiqAG9hp/zedsIsNP7o24wb0SgD0dTzphmOAPwTRfGS2DHhpbAH9P6
-MZPiFBRGsARRRFfTRGkzI9W1M4bv9l/L8s6STpjD8+40f+aUE8cyUcNj1ycyRGFA
-nwf5MeO3MqzvjocoUyoZNc4t7/6rh6sceFjgMt/DFFZbi3kvz9cJBcaN6TWWktd4
-+1WmLxwcF0n3xaB04KCvXTaBZ5f/Hz5D4O8HyYsS6GlW6yIUiuAOvav8WizaTMbY
-k81XfXBuBKv7Vxk0fRYf9+HJ7fyWyIlIN9FqrSiiopA3JR+8gP8ueFcycmLnl2D9
-fyZn/sv+UCLrMR6fyD/5EtzgzW0AJ8BDJw5n7ctmZ6UhuasDZZMPC2uB9LVhpQ8W
-3mDDxJoaYe5bE2p0ca+mwEHZQpbpjmtT/2x5rGFZYxBUOhuGn/94zEYSqLLDirlF
-IEUgucXLOLQHyEl+kEkCLEmSbn71WsM8wsGPBBMBAgAiBQJUMGs2AhsDBgsJCAcD
-AgYVCAIJCgsEFgIDAQIeAQIXgAAhCRDV6eQ/ffnujBYhBHlTrB+8PcizspI5PtXp
-5D99+e6MbdMP/1yj/fl/t8sl6ZH8v26uBBLSUeZPJYef9TCoe6akV//x4JLujB8y
-dGGW8bToC680zpuYlNn+avMwmjyocPwe7Cqgev6AyO+CjspoodM9Xai0y10CAHCl
-vGAW8mX7c79jtLcMB/Z/0+5u4ErkzfwyURRpB5deLcQ4LhyRVZbLQ72fdCrmPYzO
-e6Rhmfr9nWKL/oHDTLDUtRjAXdurI8YQKK9nCtbsM2uytvYkzpD2wx0B16rB7N04
-QLJBNDyOUJwnm4K+Xt9LLs8NUJ8JXCdwXKXGrFFbt2b3vmy0y4/NR5AUoS444ao5
-1mybA19WkCcCj5mSKmfZ9Dfbv6K3JCJx4ra5uJT2HP2M3NugtumQ1KPBUlNApVC6
-u+Vn7SMqFW/KFRCxOjXDWWU+F4prqzOVc5SYqIUOk7XVxgj1FBryw5Wel5iq1Bn8
-La1Fv3Hs/+pUKHRYYIC48kRET7h6oCmBiNn+XmU0A2qZnIyblmVpmfYftj3UWUC0
-S86qf/dRi8unTXYl8qEQyOSPz8g6t2RDgEsJOzKhiO+j+wcBYVOgrSgsawC8yxjA
-zfVwkprUJognVBJFCv4sKMb9wg99iEacI6O401w3FQy5FyokjmxXzrhn0UPj3t35
-wd81WZ5HWaBSLnBo8HklfDyaybPlXODldSI7OGOch/0/CZEQzQwzsmnazsFNBFQw
-azYBEADPNcBdaXTUwkG81K9NRKsKGVZ1coVRxkOx2+VD2THTY45sBx9MGmQsmSpj
-U45kx/wO5KiTVj+bM+scSzwNgERqLiyf/2hgOIDYaoyKSfAfIVCmm5pSa2Ad01RV
-9qT3i0eSSpa1Kpx8eAHKcVsDsWb2ZCd8/MI9778cCjrCbPI4o9zEVK+fjtmYKtdk
-HsEoMSVU6Jy86E908OLaJbOeo1a7bSKs4tU8zGWAX+ddY5Cb+w3cHQb4QheDWZHM
-el8ZcEgTah7huS6lUA4seQnTKXHmkIZ+uNtB3gFMKso/6GoOGZnUTk8dPY3POLY1
-nbMQ/dEvMQpFxLCOBNQP0lhO4DGP0KuwLXzq2XAxrylX5tY0bNmZKLTjhi4CbKAt
-c/+iwMUkQQXJRw7Vlp9Fp9ogOvzx/YlMaZQZZixg5uN2b4UD5cWliHn4Aq7DkTzQ
-Je31m7sezA3cLnFR86ol2X77y79n0GRjGsMa+b+e9NRWNKs28JiCPF3ya31Kk+3+
-sjauCZQW3KYx31Il5bO3ulLHOtxhSkCUHx5sJ81NJIhZFr+7yAel/ECCiT9KbVbh
-ddJBHsd7GNkwzb1QivcqnYiBW9QzXkQ+xAKHfS7YM5ooYcg6G7jw89/W0xznnGiz
-5JTjMkj1s9cppQ8tdqiV4Uemvx/96Nr5F7n++UJZ7Oval9/zswARAQABwsF2BBgB
-AgAJBQJUMGs2AhsMACEJENXp5D99+e6MFiEEeVOsH7w9yLOykjk+1enkP3357ozr
-2A//YzMQJ6Mo+/SU328dOeoseI/sFypuK882pPhXfJqX8l8H1zyHbKWy5lLLiv1M
-oNOC/8pWbpv2QlWyN3PKrB6srClnpPyiHIO37/lQBcpjvAfy9HWpl21FDxn9Ruxn
-a/IMYwq60EjE5h8NynNn57vydF3qTcTqkhtHW61L3vbBAcz9VMSay9QVm1f6qzM5
-WbbLxp1sfNjQWKSo381kjs1Vj7yCTBrJul3qSeX0CsRB7WF5VYMalpNTHPRIqCWp
-zTMcO3E5SSGIJy+AqwAZZvFiylGrSsux6TnVEVJ07s0nn1yj3q7Ii7av+waGmTf7
-9B0AyZv0IZ4j4NUWFNnGhsG1bEumFLkQl7Id/M61k0yKOusHdzDcZbCzecyww1w3
-WD+j4wvGkfBy4mQRqLiyjutsN/dpxRRkULATME+TH9J5eNq0A5sRRaayEiA1TDcA
-WfF0PtA4smNy1GyIarobC+xn8AENi4eeYZBbfDfh8oRhEsICQ6rs098wiYz8jtZ/
-pOruzbiD7ZKDy+vjKtYqgjGnioHQalJCZrKTUnREpH102pg1Cw6v2OcjiXsqU5L7
-Yrhv1jQIluII051VIJ/QBWe5uT7YiJOsMLMQGWvkObPXEYLld2UF6hK6MH4epkwV
-/w1uNqnlvIeEFgHTKmSHvfwlAF64lUiDCUdWExXybKkE2NY=
-=1H60
+xsBNBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay
+hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3
+iN7I8aU66yMt710nGEmcrR5E4u4NuNoHtnOBKEh+RCLGp5mo6hwbUYUzG3eUI/zi
+2hLApPpaATXnD3ZkhgtHV3ln3Z16nUWQAdIVToxYhvVno2EQsqe8Q3ifl2Uf0Ypa
+N19BDBrxM3WPOAKbJk0Ab1bjgEadavrFBCOl9CrbThewRGmkOdxJWaVkERXMShlz
+UzjJvKOUEUGOxJCmnfQimPQoCdQyVFLgHfRFABEBAAHNIE1hdHQgQ2Fzd2VsbCA8
+ZnJvZG9AYmFnZ2lucy5vcmc+wsCPBBMBAgAiBQJRgC7CAhsDBgsJCAcDAgYVCAIJ
+CgsEFgIDAQIeAQIXgAAhCRDZxNJtDmBEkRYhBIZXq7Jg8Fax5RkIOdnE0m0OYESR
+Y/4H/RKxZJ4saj6+Khvz3flSKt6LgW+fMY5RXXD92AMtLNq+bKxXFvir2mynW+PU
+oS2bXy/Nk7v0B4BEbBZNBgaYWas1FZnYOBuMbIngtLmQsGpD0VoXu9QW2aXpHTjL
+H5FOBBODrTVewCN5Ty5JquZ5mAZUwAiex0ytRzviUl5YpKei+vggU52CJT96e/X2
+0rfnlux9O9vSSwTlDvCeehFd0vI163QBZ/h52dYMSdFvpwhUMXbxRGPEfrIh+oBV
+7tWe4MHhJ+5yThHiBgVL/EZ9OChw9QNnitTPzCV4YvAMiJTsamKWa1lOXUVM+QVr
++aptwmB1VMmotk7m8hImRm+oTlTNH01hdHQgQ2Fzd2VsbCA8bWF0dEBvcGVuc3Ns
+Lm9yZz7CwI8EEwECACIFAlPevrwCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+ACEJENnE0m0OYESRFiEEhlersmDwVrHlGQg52cTSbQ5gRJGgPQf/WUQld+vrqt2+
+yTI6LTNTQBG9RceNuaZiRnsROR1eHtVr9OOfzVPenCavcXghwsY0sPPgSDrvFur9
+PyuuwQ87HmdX+ZGdRP3tSaxC4udHbAsZtEG7bgUozuhfcpC+Ah0lZ3EccmyOkYJW
+ITWYgUBEDOU37qne09udDMA2NHLuL89hT+eIZ2pVwyFydkJfkXtgfrDq3RmZgfeb
+VB5ESdap/G7t7Iewi95syApMj9swbxnsqUtmFr0fCsVdAA8hJPqx9zVuUon0g1QM
+z2IroNH+6WTDt7SGYcuqNapizk/PJd6g2ew9cm3r3CIANiqPgo0Mh02nVGgX2p9v
+WcT4MzquBs7ATQRRgC7CAQgAz2dQkASmxUFjAr3Y8/0yWjX961enomAEjryw4InF
+PDMGttPMiV69VBepb3N04MPo5spyAY24b4bo3Cfng/oxxGl3Z3Giv1gD7JojTJPo
+JWeHGxePBz++5Di0EAvq1+4wBdFUh4RWTbZwqTgckHrwiZcIJF3JGL0cgTmJOtke
+wcLiyMCyKuGVzSjyFTeCqQqHYSHBrr5TyXM3HTqGgURnEhVG16jPWPMIciYXsRfO
+0RwMhqY7y5yRUoC4psmAUaRTduS82BaVzw+DHi1FQ0kYLUsTidippITB57VKkD9V
+7CIM5uP3s+jMJMXNEJQEKdK9oCVOekD3ROc4Mftqv4vloQARAQABwsB2BBgBAgAJ
+BQJRgC7CAhsMACEJENnE0m0OYESRFiEEhlersmDwVrHlGQg52cTSbQ5gRJELNgf/
+elwfYchaV/24buNWDa+50gOuXQ4vXfj5DKry6aYnJBt1UeMV1ssMxCU8OltgzTMh
+TupjrXV1oDXYAxexymWLxwa+qcrbSwDD+wX1gb1O2GOfbiplEnOb5dDc7Gkm8eTw
+0kBJEiAiyPv4SMLhFzm+me4Dq1+xdbsvN05hxTjow9pi5eYrFMxYWi1ZNH2UmPpg
+oIN/4p28G/IN9fdWG5Ni315p3WhLHRMzC609IOsCIJsm8+lHVblT30jxpctFVlQB
+tbDTzgqQLiaTVevlca3VYgMd70D28d186gxUtSEpZ3dKkv+0V8DLhQ6VR/wQ780H
+KIpFp6UWP5aDxpEoOEwe2g==
+=UMCV
 -----END PGP PUBLIC KEY BLOCK-----