Accepting request 601900 from network:vpn

- Update to 2.4.6:
  * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
    Interactive Service
  * Delete the IPv6 route to the "connected" network on tun close
  * Management: warn about password only when the option is in use
  * Avoid overflow in wakeup time computation

- Remove --askpass again, because it was also asking for a password
  when none was needed. As a workaround for keys that need a
  password, the "askpass" statement should be added to the config
  file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
  actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .

- Update to 2.4.5
  * New features
    + The new option --tls-cert-profile can be used to restrict the
      set of allowed crypto algorithms in TLS certificates in mbed
      TLS builds. The default profile is 'legacy' for now, which
      allows SHA1+, RSA-1024+ and any elliptic curve certificates.
      The default will be changed to the 'preferred' profile in the
      future, which requires SHA2+, RSA-2048+ and any curve.
    + openvpnserv: Add support for multi-instances (to support
      multiple parallel OpenVPN installations, like EduVPN and
      regular OpenVPN)
    + Use P_DATA_V2 for server->client packets too (better packet
      alignment)
    + improve management interface documentation

OBS-URL: https://build.opensuse.org/request/show/601900
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=81
This commit is contained in:
Dominique Leuenberger 2018-04-30 20:54:10 +00:00 committed by Git OBS Bridge
commit ce0c40d40b
10 changed files with 462 additions and 212 deletions

View File

@ -1,58 +0,0 @@
From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Tue, 15 Aug 2017 10:04:33 +0200
Subject: [PATCH] Fix bounds check in read_key()
The bounds check in read_key() was performed after using the value, instead
of before. If 'key-method 1' is used, this allowed an attacker to send a
malformed packet to trigger a stack buffer overflow.
Fix this by moving the input validation to before the writes.
Note that 'key-method 1' has been replaced by 'key method 2' as the default
in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4
and marked for removal in 2.5. This should limit the amount of users
impacted by this issue.
CVE: 2017-12166
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com
Signed-off-by: David Sommerseth <davids@openvpn.net>
---
src/openvpn/crypto.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 131257e5..3f3caa1c 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
goto read_err;
}
+ if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
+ {
+ goto key_len_err;
+ }
+
if (!buf_read(buf, key->cipher, cipher_length))
{
goto read_err;
@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
goto read_err;
}
- if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
- {
- goto key_len_err;
- }
-
return 1;
read_err:
--
2.13.6

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb
size 938440

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr
r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK
nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm
xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi
DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6
DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO
mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM
0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa
LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR
cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ
NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n
B1yC9E8sA2QK4kahvDj/
=GwRO
-----END PGP SIGNATURE-----

3
openvpn-2.4.6.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26
size 943376

16
openvpn-2.4.6.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlre2XIACgkQ8TKxy68T
HK44BQ//aJOa+mT+BvGqhz3gZCrz3Ez6QumwJcn7Sx/zovxDf9KpNhFzykcwvtEd
cNdorJ0il/WkW819srV6u+665MssiIxm6VFg5WzPz5I+nDO23QfETsSu54PIWQBX
FrI9+6Rec+v4/Y/ktV4FVqUZ/36rnZjX43YYxwijs+tHXROiU9IhIKNmlGVfB7Iy
tysJrqg5wzwhO+CTYTmMKwrb6LLTwcHxyWMqPiPrflIGY6sy41RlmvP90u1zmugx
wIka3oOp7cD70KWMJns68Lc0OkFIz3RO2YW7KhunxdcNzCoHrlCr+HCBLSf8lPbx
yL1sFOVk4ibZxFKzOvtOEJH1wYquI2B5Gd9QQxIeCNUUAvSh3E/0nMZNqJkwlObx
OtxakHSqfskxVrpAz7OT9ARHIZUWVfYv/B+2454VfxRM2Rr+Job6xO2i5ukTKHc7
AdCyY2lZlI8909MjJ0cc/ZeNyB4+jugUPz4XX8ebUctBP1gdUD6XZ6DDo11n9JpD
lwbc/U1w2dmdGIZ3VrfVr3UiNhB5rxhwlxjSj24pczCjP58FQHKhX5u+3y8/MJ/7
Efirugzny3ie1xpW7MOsrndjiv+wQD/gwaszA9HSQnJ4M49byOKJJSg+/Y0vR/PN
8oIR7vnEJ5CS0EVaxBJeZifp+gM5L05xdfaGk5WJ9HZDsP4HkUE=
=dY7S
-----END PGP SIGNATURE-----

View File

@ -47,7 +47,7 @@ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index a55e65c..79f5530 100644 index a55e65c..79f5530 100644
--- a/src/openvpn/crypto_openssl.c --- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c
@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx) @@ -926,11 +926,15 @@
void void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
@ -56,7 +56,7 @@ index a55e65c..79f5530 100644
{ {
ASSERT(NULL != kt && NULL != ctx); ASSERT(NULL != kt && NULL != ctx);
HMAC_CTX_init(ctx); HMAC_CTX_reset(ctx);
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not + /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
+ * * to be used anywhere else */ + * * to be used anywhere else */
+ if(kt == EVP_md5() && prf_use) + if(kt == EVP_md5() && prf_use)
@ -68,14 +68,14 @@ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 0b1163e..93283bc 100644 index 0b1163e..93283bc 100644
--- a/src/openvpn/ntlm.c --- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c
@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char * @@ -88,7 +88,7 @@
const md_kt_t *md5_kt = md_kt_get("MD5"); const md_kt_t *md5_kt = md_kt_get("MD5");
hmac_ctx_t *hmac_ctx = hmac_ctx_new(); hmac_ctx_t *hmac_ctx = hmac_ctx_new();
- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0); + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len); hmac_ctx_update(hmac_ctx, data, data_len);
hmac_ctx_final(hmac_ctx, (unsigned char *)result); hmac_ctx_final(hmac_ctx, result);
hmac_ctx_cleanup(hmac_ctx); hmac_ctx_cleanup(hmac_ctx);
diff --git a/src/openvpn/options.c b/src/openvpn/options.c diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index fef5e90..33b6976 100644 index fef5e90..33b6976 100644

View File

@ -1,3 +1,98 @@
-------------------------------------------------------------------
Fri Apr 27 12:25:19 UTC 2018 - max@suse.com
- Update to 2.4.6:
* CVE-2018-9336, bsc#1090839: Fix potential double-free() in
Interactive Service
* Delete the IPv6 route to the "connected" network on tun close
* Management: warn about password only when the option is in use
* Avoid overflow in wakeup time computation
-------------------------------------------------------------------
Tue Apr 10 14:29:18 UTC 2018 - max@suse.com
- Remove --askpass again, because it was also asking for a password
when none was needed. As a workaround for keys that need a
password, the "askpass" statement should be added to the config
file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .
-------------------------------------------------------------------
Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org
- Update to 2.4.5
* New features
+ The new option --tls-cert-profile can be used to restrict the
set of allowed crypto algorithms in TLS certificates in mbed
TLS builds. The default profile is 'legacy' for now, which
allows SHA1+, RSA-1024+ and any elliptic curve certificates.
The default will be changed to the 'preferred' profile in the
future, which requires SHA2+, RSA-2048+ and any curve.
+ openvpnserv: Add support for multi-instances (to support
multiple parallel OpenVPN installations, like EduVPN and
regular OpenVPN)
+ Use P_DATA_V2 for server->client packets too (better packet
alignment)
+ improve management interface documentation
+ rework registry key handling for OpenVPN service, notably
making most registry values optional, falling back to
reasonable defaults
+ accept IPv6 address for pushed "dhcp-option DNS ..." (make
OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
clients)
* Bug fixes
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Fix lots of compiler warnings (format string, type casts, ...)
+ reload HTTP proxy credentials when moving to the next
connection profile
+ Fix build with LibreSSL (multiple times)
+ Remove non-useful warning on pushed tun-ipv6 option.
+ autoconf: Fix engine checks for openssl 1.1
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ lz4: Fix broken builds when pkg-config is not present but
system library is
+ Fix '--bind ipv6only'
+ Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
* Bug fixes
+ Fix issues when a pushed cipher via the Negotiable Crypto
Parameters (NCP) is rejected by the remote side
+ Ignore --keysize when NCP have resulted in a changed cipher
+ Configurations using --auth-nocache and the management
interface to provide user credentials (like NetworkManager)
on client side with servers implementing authentication
tokens (for example, using --auth-gen-token) will now behave
correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
+ Invalid or corrupt SOCKS port number when changing the proxy
via the management interface.
+ man page should now have proper escaping of hyphen/minus
characters and other minor corrections.
* User-visible Changes
+ Linux servers with systemd which use the openvpn-server@.service
unit file for server configurations will now utilize the
automatic restart feature in systemd. If the OpenVPN server
process dies unexpectedly, systemd will ensure the OpenVPN
configuration will be restarted automatically.
* Deprecated
+ --no-replay (will be removed in 2.5)
+ --keysize (will be removed in 2.6)
* Security
+ CVE-2017-12166: Fix bounds check for configurations using
--key-method 1. Before this fix, attackers could send a
malformed packet to trigger a stack overflow. This is
considered to be a low risk issue, as --key-method 2 has
been the default since 2.0 (released on 2005-04-17). This
option is already deprecated in v2.4 and will be completely
removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
* upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 13 17:49:09 UTC 2018 - max@suse.com Tue Feb 13 17:49:09 UTC 2018 - max@suse.com

View File

@ -1,5 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67 mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67
i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw
@ -13,97 +12,318 @@ bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf
tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT
ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB
tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu
dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE dnBuLm5ldD6IXQQQEQIAHRYhBJ1Sw0fqLFJAInfhLR/HT6mBfHpSBQJZ2PE1AAoJ
FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax EB/HT6mBfHpSozAAn1xyDljEjokbnI7wNbGcCDlUlNW7AKCuxM+zG26UM2r0DxVe
c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW fWTFhBIV+4heBBAWCAAGBQJaX6COAAoJEBu4nAYCNnRJ+tABAP7T3P1mw5hv3fl/
lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP F1K8RT9+ohTf/yrSzKahNT75AFKbAQDUv4MCnH6qrBQCD/kvOUcOcvmvjFN6sev9
SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y 5kR/dEPJDokBHAQQAQgABgUCWXeoHgAKCRA6fjL5C7vds051CAClxiDpvmUjgDnH
2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo xm3+cesx8XhxykokxI6Pc7MWSuSvFHBy16PTrtv9ePOfqG3jpfO1ZSYBT89OO2bT
XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6 cLPioHTNj+aYivCYRXf4An2ciPdurTDlQmhv5z8bC2NztCMSgVRN8j+ZWPZh/jv3
SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt LSIRdxjk563NL4vdq8U6Meezz5UVfaSm4G8N4oNNDZwK7UVoIYHlyjuPdW6RtBqT
oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN rNggs99QwFfRDWYYRoIZvC1qbOGepzPZhluDMmknkvVctV5aheqtPPSGhS4C98i/
/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc PV8r6j2+usNKHABpabC4pU3JKBWNK0mR/VidF9zNtqtCyIewtxv7E5Avqq+MzuPx
gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni gcxl4cEXiQEcBBABCAAGBQJZpYy/AAoJEC20u+/5mSLkoEcH/2PFU/80HepTS6o8
FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK RJRmEyBQp+1aGv3gt5MYkUEYTeTLW73qEqt0n4XXeCxnOrmFdhjf6PCK4yp+gk3K
Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK lmZ7b+ELxqMTF/7IpnlVUztio7NCsJStnJMaLiFPpa5AmZYn8xmsgvsrXiVerkvd
CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV F7txY7T8Cus6BXTn1Sp1av/c86zeU+Ibe9ZkGY/+Wns6TxOAplwHcG4uLXj2oxz9
IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi ry8r7Tgg/qB8Vo77c/+wS4hkiP4SyAwRVPHhzipN5eBlFwyW01lqESBYIhqD2z8v
b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j jPRTBwe0xyKa/KpeibD8KLf6fPMWGjQASLe6yRZTDAFOBAnatECtRp5SyWzbUfK7
Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6 oO87wQ2JARwEEAEIAAYFAlqc7RwACgkQ17bfzgpEGOVeEwf9GacB2u9Cl/weGXgO
Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53 L9abfQpyQsVf+xnZHnpcqfqXc4ES7ucJyObJ4Le+UOOkDgmWJ71w/v+dl10nQCG+
o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN DRoMQlMe0PQdxEYG3lAvWnfrxqVXz41nyqQmSOTfn/GMAe8EbCIuy2rqXYTLOStq
dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv xAAnfwHzo8l0tV+uwUvP8Q/2fEwoWJsNoiVQkVoKmeeLH/QAdh1JmO1StNMO8N3I
abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O 76qiUffkTbdAnBZmeruO9DGpgyoAfRins7SJGRHth6ikGuuYc6dHa3PA10IGc+Ad
qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b YoxPy4J443DiHhEmsBF95wJowJCDAspmhhDOpnPShvfGcU6O8x2Vez+EbnsSrTTQ
+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6 XQ/TdYkBHAQSAQgABgUCWZqAkQAKCRAjRRsQeqA5Qc0tB/9gG3MLp3yTuqkJ3JgX
7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG ZEgdJn5VY9U8fVAmG8lqbr8e9fM2ZDIbWg99w1T/KW/kBOxhlSt/YNQk+SU2x61u
NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj rRQFwKleJsHlaVRUc6eoAhiHzOwf1I6RT6pn31dhqhNpx2tvJtOLmKZkB53tkA3d
/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145 OVbZaU3KaGVYzW2iMlT1aJOwTy7RMFO+pLxmIWqczNeAcu1zersa4nkIQI4F3snY
cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4 I5WZwyuBeIWRK1YPvJqUm1IxKvigfmozos9+y72b6yjFcRllDKIt0eb9JnZ30TPm
+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w 3nHBzXlLgNVvuQ0oN3s8waVgXnNSIUsbvOkWIsOz5r9Czt9c6cPFhPY6GCIUrvZ8
/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2 T//BiQEzBBABCAAdFiEEVQXkUwUfTo/Nvb03sUAmce0N+90FAlnW1ssACgkQsUAm
e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII ce0N+93lzgf+Nh+LSw3YHfwOBb/M/cvWB+2z42tDxLgfDri7rBKCprFW10pX5z6B
aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN X7aWvvG/o24McC6d15FTEpLw06tnIDWe52fUTI1HZkGtfl6c5W2Iz2ov5UXLjzfG
qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI +wN7Ep1xUEjC8sgST7+pOLz0QJ1Ac5GnMNnDAztqL+P5UOlAHAI1DaR5XLk7AVYA
1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe AJ9D+5I76oDfaIABn+ZMWzIoDgKcpX3hlgFrow66GHZZJI/1lxB+8KNTY21fIYoN
tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji T52rT1RaLpNL1CqT7QkTs0Sy0HiFTeLfM8xRkMxML5e68nF13x4PR8LABXmZp2EC
4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ M5Selr2p0uJQFCtjHX0ARp3IxdUry32LUokBMwQQAQgAHRYhBIIXWIefkIahtKRX
HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq o23OmZIpa7SiBQJaREaZAAoJEG3OmZIpa7SiSrUH/R2PYGiE+0SWTiYTgziSbX2T
OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ TsV5M+9N5bJk+ApyjxmvrOrRUeI7MSxwlLBgr3fVc02za+Bdv9ZcwqvaW1b3W1vB
98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG vHO8AxNId9HVY1g+HZYirmSo/RLy4S7Rq29Q4cd+kaUrl5ElynDVdNKkkAvfGySv
j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX DiUD6QgsojSjHZuUVjTJAIGaV8jOiJwfc3v87e9+0V5mng613wv6ObgDSVc66X0b
QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E GmUJSUq2rqfAE06SqLQ/Dtm4UpJuBA7QdFbQewHVJtw38haK47qPPyp7FV64y/K5
x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/ 4W+ZPyZ6qb0q93uMeRp0Be82M4tKYG0+VW40eeYsNwRRs48XUBtmwj5eDg48hJyJ
iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD ATMEEAEIAB0WIQSWaLi1rt+ia7Hj4S/ruxlddiv0cgUCWmy76wAKCRDruxlddiv0
7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd cnXOB/9djGvR1v3PK76yvbtiqG8nZnfVmu8em3sne1LIA5oHUYtqsWCHUrpEY5Lm
90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG lqUDVD5EUir/EAZDy9Muf3PPMrWzg1NPZK4wuO3N62aU3ZgG/aaBJXuLHHA6rYjt
CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm PUt2unuIIEmLgzKst6AY8hJuov3C6l07WzE2guvTC8jvZtsJGikgVnEpgIyN6sY2
fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m QrxxJJbWaM+4bomZh/tFMaczupv98cRZzFv3JlCuNCG4TPUgNI5q7vxRGr2FnVqV
iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA TJ7ZR5AsIakBvAo2pzxE9M5q3ukyYpgMFG5LcUwNO/nRoHXCTh2HEEYPf3VGKbHM
CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5 raDswhlBL/J45Aqp3uh8tT+Jw4MEiQEzBBABCAAdFiEEp2KtXeBBcXlrRORD2yVH
gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7 L6i/yo0FAlpLhN8ACgkQ2yVHL6i/yo10Lgf+JehUT4dgsR/8+J4pM9EdQYBXH1SV
EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc aRzFsV/moLGiFfJEkM4aBe99gVDWY7ddfljLx/s3VbyiWCX0DuPojCkTGnaXoYgP
xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4 EmXrXmjftihPz8hHUXrKkMESGHQYDBtgds7cLEx8M8Zg8BK5zwbMWug+y9JJV24q
xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv HMttVCLYbWarHS7VCj8wrIUmLzZeQgi9T0U+D3jv007m4T2E40/UpclAe+nexDb0
N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag /ehbFKbkVVafIRq8mRcxuoNUChG6RvhD1rV4W904DqdEO+eIgDOMO6GRuaSav9Nu
CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG dG6wd8hlk/TFipTX9XUxhanrjGXmm2o0YjQ4vjwqvjy92rcxhTaX/oe5IokBOQQT
M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk AQgAIxYhBG9AVoIRUvA7ayTy/PhIn4Odc2fzBQJalK8lBYMHhh+AAAoJEPhIn4Od
oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS c2fzLbwIAKRAjVowy/tiaBhO52PgKEjDAgq5sCOUiohptA5IIONt8heIIl3YRf8m
lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS IRIwGUZGyTCf34lIYsMIhAuVizGxnbREZXeC1D5BWuvQ6PQEMRnTWttt2htaNZVX
iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65 uJh8CJjFY5bYQP0Gqdqg39HZgYnuPTdMN7x3yUzUbPKcRoh77gUjyzOroqS0kGmo
Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg R0u0tHL+kCEKCHafsDqsXHz023yxlMuYdK+RPnsjBNXi2ygoU/DEpa1f+5E6ypDM
Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ 103Fiebaal2OI2dCdVTXHbOZFMjiApQYWa8iL2R8/og++JLzf7V28pLjpd1ildCm
ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn nccCcHQMMVq9rq4v5Pbjj0wxGmBwlEKJAZwEEAEKAAYFAlnluYYACgkQ/a4lZvPw
Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom GAdB7wv+LZrFo7356w6ui8U3a7/KJhlaX1/Kn/7mUMjrI52uprs65DHLSJzrt3Iq
S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9 B7uAmdhpsAyzJaSbRz0f7oKziZ/gFZvLw3Xofo9rMuj0ecZFpULCugZ/s2tWSXYZ
llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i cFcQZA4tz24ZREIm7f+SEGMMfAI4jymBnxNJKahxvC3wdPCKD3ts0oK9YOzm6Wno
wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2 yZLLwFAa1QUQ+/SbgqsO3I4/wn3BU2EvFihDtW1w1wIiNUZ3S940WCFHdMPeFg3i
8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB tzLa9vat/+pSyA/fc5CufWeX7Hv9ie6jXofWzir1cFoQGB2YdBNCb6AwuABnMzKV
5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN xLPQsTwksQ4twDBUifqDLUk85O7Y5ae49600SKRBb/qqERTQKTw+5QSG1RLdMHPr
jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI F0qUFDJ9U1mrKMZYmK8iCKx6W6BJsvV5Tsjz3YL2ZV881Bn0LIzL2CBZLmLqgao3
NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ GI2nFsrPICfj0u7o7apK75chVXo/LNSbKpqsx5NXMQq8NvVd09HKK50oUohL3e2q
BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic YFDt0evEiQIcBBABCAAGBQJYo5AJAAoJEFfbnathO42hX+MP/3fk8drYuZlhI/+2
Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX coIpZqsEfMNclGQGQXjF5EheDRHhpCJ7dmywQwx6BIkaTO6Zj1KuLihCZpteOXC5
qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW 3zdkUnMXnzgMRjdjYQCkx0Wze0CAMu6F+xVbxMnTmcxWEWAy3QtHyokoNQSRuPpG
AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG mp9fEtqFi3wEPYBB/Cg/M2xe2vaJHjORklJCLOlnTY1N2DNWxolyGz0FqhyNcP+h
Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX qa2j2ykQgxP7XehYyJ6UMu3kJeBltBz3pC3Vp6y8meSjsEwGg15CFarHuG8Itnv+
kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd DlmS2RjNxuWgpDGeWlHoZYuHwCEW46oX4dZcbSGULJyJqxyCBKd3Jv+A4IaCCGqq
idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc pidk54Kf7i31astrjRZDNXQIa1tVO02y2vg5omB/V+f9HLXe+R9WUKBIysChjaoM
lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ P0au+a8UgbxUi1PX77h+1hteFl3QsHRa6F1w44XdYPj3OKr6/VvMiYwY34vzSNbO
KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS dIloU16Abe6ylsL2IcvyxQKPZXhKPkc1OvroFGjmjzlOxfdR8C07rdBq4vay3rbo
kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE 6TZ+fWR5OM6/jHMO1AvF+e6Fu3VumSNfRtEljz4cmlPXqXH7ppTEqiNa/+uiYuCy
36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM ddU3ezb9iVE46P0lRqK9iFMwAbDY2/bP33yxb0nj40QyS3tiPJdULOm7m4xj0B2T
+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1 NlcUMPJgOTI0xQw3fm5OABFNG4aRiQIcBBABCAAGBQJZl1x/AAoJEGzo53jf9lJ3
P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4 /P0QAJ6tKU2y2zAZ6SCKnTHlJXUtTSsSHN4m4X1lzlKJj8a5+TG1l8ucAG3q76BX
rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy +tOriTQXUY6tsOIS69aI2BrkiEoSEsUb0DEZgjL4Nulql+/sSmyc4EB58BQLQG9Z
RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D hXdWtkaatyOSiMwsoQvwjfVvpzzDTfEK8AujRKNYiZ7zDp//juI8zioYSubuNzNQ
xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ JOUOr5/+9CUeyRMW88zqXesc+PTkB264DBpNGTXpshgYe38IMGsqhYxu5iW88SCb
cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL 1f6Adi6ZDBfhg7OrJXqs9w8IgSauSD2uaAWXwQHDyxm/KmCs/crywzxvY3WkMdzY
4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt VoWO/jptY0YdgQkToef7b/MFILSQUgjpUbCKn1BEFVEy/12sb7hWx2r9C12jooue
LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS Cg+APvKWe7jKAVDvXtC5Vx0xc6fEPY53wnVSgSfhf1uBHHoZeBLgWTr+lQjrKLI1
EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS v3uu2vGDwKk3octTh665Dc94tYO5o7uXIRvCetq4TlcBnRDyESMh1SQW06RZdGtP
QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd AY/LKfASYGZggTUBo5KIKGf4MhbwinDuldiRvjC4eASkDncwE68Cggq4cvE1vDvL
KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ dC9IfVexcayJHcm6yc75gOdkq4YxgUUL1C7pB5MnawQoI+4LQcmwMPdiIOcnBFX7
QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E= ICTUc0/LIIr22yteSG4E8DBRzJpdGV4AS2OySyuzRva6Pk/liQIcBBABCAAGBQJa
=iBcj BU8SAAoJEMsRIiOnlU8G6psQAKQRrLKzj4eI80vVV0vaV5xETUZQ0pTsek2hJN2E
3C/qCYKWocD6a+JJWHlalFtirdgo1jh9AjFSBWHXJ1R8EeLbQRhH4vGkMKZgmyJa
/3NKqjWO4+jMR1tCZqdWT+qIIzu2tB5c2cYDgNo0r62179axcYhYX+xkXzCdw82F
Z8BISkczmP7qlvgxgx3vt7Sbm6hgOo/jdpHNIk3sMNMLmIkKc1RRqZJqAaeVZT/j
CNVr80uafW7bDmWbVJG2db1h7ArnGTj+Zdkte6KiajVTpxYQNq6TdXcj5PTpf0NZ
yAOEhWO7EDUXODxu6TggXETThdSSF5lLp4WbW3Xj7+MxNhNoGfBigwQRxN7KlyuJ
Z9qusQkwCrButK4cQ0qfnO0jUbK/Rz5IjYCTW14gpHlD7v76/mIoE6NbPL6jFSri
1PUffyyRmLmURJ4DVUx/ywMNCkNb+0sgJmltoNQJ+ABHJ1ar89i8Z+BSWHlgio4d
IYZyB4xrQ5H19z44Na7gedXxWx+Ba5h2nzHtzMEEpEmbgs79Tzy9U2kRIDV7CL95
ttDmvcBskGFruUsgEEqvwI/NBHh7QN6VpsR1Lz6GuF/LKP2JCrZ4QEd+vhvwr2oU
BghBO2Qqo6vjpy02K1WYinUpdxoyeFkovXpR6BD3Y7tQFeVQP7CleVJICCeZeqyS
lOW3iQIzBBABCAAdFiEEM9fTErlUMy8TGMhG2vXIZQnVyJgFAlqrP0oACgkQ2vXI
ZQnVyJiWRxAAvqqyzPQlgKQX10hGqmG3xouYbigUrPXp/Px8GD12ISX+3tQbCueI
DxOmp9vzM4gKmZ6Qwdi23154hw6DmOOtSTgpTLVrb9F+Htyv5QSkcXMM3fb4TcEP
NeQlmqueZMYJelbwz+Euas7i6J3ZIFaGwPwu3x5QMvINYzj0X+wIKTwlxa65Cgmp
MDI0wkZYkk25dda081xry3nz3UlVnE+YMQqOewGWWbmhVObEOAVlnC+M5fzQXdgt
hx0mdrfYpsna/qkoAuwqB2l/v1zXWXZ9tqDOA1k4gx37Kaekgp1Rkijki8pOeKni
cfALgejLU5eTBdGuzWjpjYfMJEYy0UOiz9mWcytm7d7UKFmeI3GdsKJ2pB8K7AmZ
krFC0zKMOo8e0V0ZwnCVts+BEvaQjsuhac+lplHLn2jDwzundy6ZPtEHP1X0Uqdp
lrAUMVj7yCoUBG8ylvPzS688iBhNa0Mo5gghjxKs0BPxvDu6vtl401YiW92exk1+
V0XUDrO2V8uZN5PkLZs/9DmVj2OwM+sXPDI7puWytADCiWE7+c55GB5KDG9AllhW
PwMIDHAL3sZe3leNdFKw64efUDyMJhiqVjrhaDfg4W9p6I/rtF20u+7f8KTs+pnM
tGJ3Fn1xTDiEKJ2H3ql0QLsJM0SNLj539Ouq71u3qCCJ/j9IJLZw7NOJAjMEEAEI
AB0WIQRMPD6e3S2TZSduUuoN/Vzk05JP/QUCWpyVMAAKCRAN/Vzk05JP/VCcD/wK
pl8H1ejxjD4Y9Z2s5vJRPS2fxXtdtMWqegP9k9K/33/WqEXXspFB7kQk36TSLJu6
FT+Y7PaQUQY2GWcvsmZdQRX2jy3SYIWuuQBoFudTSNMcZBwE98LKaSSkGI9p68M9
Cx7ym5EYfNj5vp6wYCdOggk95I4v8tAy+2a97FAWea2TBqNOq2Yt4Du4J6hSlIfU
aqUKH4sQ0F8oU+dGBsMxWW7EJP2rCSyQfiv1CHgRT9hnDSTXvRpWH/VkojY7d/2k
P6ga5GN3hwi5db2rFY2wF/ZN4QFprqSpc6aRbibrGiS61aL/25JCz01Od72mwz2E
3njK44uHSZoQamkcO9qqq1+6QrYsFegHQHEnOw5PGpGNGqs5HIfxaptwOYSLeuQL
6TAPaYqpuwHc4FXdz1y1ZtnWXfaaAOQ+mYaasZvrPpfoEDojS3DgP7Wg+2wjtNJA
k5xtO+bf9+7b/dhQ/rTsDCx4I7p96XAXBqDmFBlLcsDgEufGOii3EkpxjW6Xyuw/
SnlQ4SpBorUoujLRCj3rRL3MyMXTxxGydxUbEjTbmnPO7rN2XY4L9gcStgo4t1Sc
jT+Hsd9rPnvd9v10+UvflEIhYnlREGFYnJodk2R9DKMIBEBVK9+Oln0tH4Q6bzXG
eHDopsKvEiZ1n59Xa9lqsfzqONiGATneIiRlsmzRnIkCMwQQAQgAHRYhBJ7tSGmo
2iHzohr6Kc4eHKDusIDrBQJapS1mAAoJEM4eHKDusIDrL/wP/ihBvSKDk53liF3m
yN6DLCWpCSTBjP30jxneWkQJv8Edf+jVxVOOp9XgONpksjx3mb7EbgHqWFmzu0zV
UfXgHdKizSXZTTUuhTy6f2bcfzX0/LlRYJuY0hyG/3gNhIgWubaGPANU2RxHFpoc
t+0STw5XBBm7Z5hIh5OeuH9LwzGR+vU5U9OI6NPzhMDgA7K3CSqZCcqara1BkNJG
48Dj0E5aYMAdmcFroo83Q8Asxpb/Dbe7+gswuGsDxbShFxpLFqXe7LT2LP1aMrGl
zd2IQtQ8M77wimKMZDF1KFZm5jAOmmdts7C2KTEAXOYi/OXMxj/eCN8rJQ7SpI2O
FHusWrL66jMcUIYHIVuyaOHFs8QBqaWC7+I2GbK5DVO2M3i/m8/QFemvqsgmZZbX
oH55O6c/TKrV+bI6cG1yOxNdmzW7mfRNuNwh88nV2pWNT1vV8ZaPT/KtgbaDop7H
coTl1VD9QvE9m3LFyCoffou1eFM+YlEdDg1eN4DR77w+pO76zb5yjgjn1zW0d61K
VRpSGwJv1TM7ttEgAXWxve1VAtCBD7jJXufa7wuBf8WC648Q9rqI9lWwdomWtbu1
kC8SLobRxDngjRHt/Y677V7i1uH0CWOisP6t22uYvf+eA+bh19rWBiJAInCuXwQa
BV6qzcOANjgAjsM9XSMYxttIiclMiQIzBBABCAAdFiEEzDhU424zJSWRT79Mt4Wy
9/ObCB0FAlpjfVEACgkQt4Wy9/ObCB3EmQ//ZJdjAgCO9UN1jCzHxc2MNqO+hm8y
lUoadobcgNFDXI7xgOTY88f99iv6PE8WDOcU2rPngqtjC9xgTzJMQNAWYXekF6xj
gxpjN/Vx9osMmjHysO1sqCBr97Db8GkJlxuRsO/5ikumAwxQMryWDRi19mhVut2Q
8ehuLYoT7PDtgUQmHHLLV0VeqRRz+zg+uzV/uMeK4q9c9ent1arkaWKHtyGMdEhv
3jfDhKjCkevjj2NFK8LwYgI0BciSaORwkPkxsrgFb0PP1E9AL2T30Y2e2Dm+/Bvs
OiluUi04fIfQ0iAyH5wryvWuHcgfkijPQ8o/erxrk63glZYoL3b2KWKfzuPrc2F4
926R6lHXXNTc2Dq32jBbvLZcOaZlxtnfDVA5OyosUsPnh1PxDbUYVvwQ3DG90M1e
he5tBUz28HPC0QDHqVuRdAhKrihZloZRXlL64wOB2FVwnHGHDQwm3zSxb1IjpdsP
pJE7AkTOuileWjm9+hbpYrFcfsNeCUqTSOFjFml2nZryQMbYwaWHnYr1h/01MkQx
5JCOuScQjxZbJBErIvs4ZMw6bSx9BW6JBYRg8HfoQ+PSGoLtqNDZ4wefUSOBHEtf
JgpdGjp7rXREzAeuXYTo6U9tvhFYEvtvaGvz0u9rPMG0LF/MJZEKRBrsFOGUQowM
EDcUmvmCXJkNJTaJAjMEEwEIAB0WIQTFm5JsvLuu0WF2I64e3w25nYt6hAUCWrGO
OgAKCRAe3w25nYt6hGDSD/4p5gJWdiKLGA8U5Tj+qIVbn4RCIRJRZFtRrXwwtcM5
N6RWWqVeTqpWFbpyOdVsvvolIjPtv85SFNREzOSQ/J5HVRAwbmgun6hleaWrFoJA
YlglWLiWt+gx7ARhUHgao20QOIknk+gI6LIbMbU+hxRtK4szaDrJVQjvZ0laEkqy
tlJKL4PVXJsHJ8JrZlxAr6q6E/8JoYmxVx0X6L615ORpLVK1G3SkAd4/hjEMsl7v
mcHqniDFQfoCn6rt4NrvDgWnyVQwmUPkz+YSN7DIkXjrs82spV7qccRRJK0zijWD
sJ5XaXXdybKOHbAwXJ0I625bf5vM1swJz9FlllBlkor9+1NrZCJAIWB/pnYL8BMi
C3mfjzGbZe1MdDCdIpPbN0C2xNKMonVyr9znAQQI1jlh2WUkEOlm/Z6ksTOooQIx
5Auw0Fra93e+cqapvyxSiODotpIClj1xuaJX8+2ZI8n7Us4DxVjWaUNeou9vrDjq
RGNNeOSzw216RAuUJRiaykIC6nR51wSJU+NjPvcpzkKmkj2flQeygTsOdlwIcBW9
fMpDD4PDiGVDgxS6bzENDwILw+1iLZZy6evaotQoiPPucb6t3VImw6uEjozmMn8f
rKjfW6TT70NrWX5GHxj0UAC+fsxtm/p+Qbopes+SsfIVRDwypgwnFQ2s/eF8V5CG
f4kCMwQTAQgAHRYhBPFNpZ21ZX1vSx6MHSPyK/O8drqJBQJasY9SAAoJECPyK/O8
drqJ1u0P/irt0WUhKBHcYuGV8bp1QipW7uigU7EqpF2uV0duc2+PwY6c/CTFGzKc
o7RXdN5qm9IbDW5E4c+gmRSp3MIruvtt8GMHvGX7WxqiJWHT+4sjJL94ykr/1AOZ
dbiJ956gEZ8G6I8cyn0HwfQXxiLCK2GVipIe90Ymo/F9Zc0lY9BEvpDvTJb1jlGm
d9Ch5QO6xpsptzMXBxMAdzSTkLLuwJpgxAyV4xK313DICq1qt6l3Jh3ISl2ZH8Qk
+HZN5NMJKKq3tq9AtIxldBT4id1gPy/koE51bqNx9v/3CAR76y3uBksi+eOEAKle
EpSnVsGkbUi6thAgThdaP4ege4ZbWRwpnF396Rq/upXSWzAEGgQVO2dFnEGTFWcG
JXmzkScbCcd0azUkfQBXbN6jva85OvfvKYNTFr8yDrygAmZD33kxedEXkC2e2Ikz
nZU3wBsflEpIwix4GiGI/Nbnv7MdIM7zc4UyUF78l9FihhF3KjuPNnJ8e/lbX7Xw
ubqZzUFXGOdCvVk7niOhXLmGrrEp4Vikyh0VW6r0wfYiUVAVEs6APlOmFbJR1ac2
rPhYHfrrgPPRziOtYSyS+kdWf9A8F06Tc/N/oZtJau8HOD/YeUpZc93RMeRAjwZX
wXwIxWUp1gNB3Vh2M3aUsgOApQ6qeFa7qjrQ2oMao1a00cc4mxwJiQI7BBMBAgAl
AhsDBQkSzAMAAh4BAheABQJYnMuuBAsJCAcEFQoJCAUWAgMBAAAKCRAS9fe0LysB
5wTcD/4sKLBQffSBtq5gWWTq1YvwZ8QqYaqPJhUgkCaaR2UdeD+iI/3peOuDpo4c
ub9A0i80gzZny77SL9TGk9ydenWrHLpgSXauBuJvSeMILYvbfOIRVCeI8GtkJa+n
nBB0zLcEb7Vy9hX4fzhiVbchmb8/qaqAo1TVTWNjjOkhV7qgX5aEzuKNkZAU5jNo
UEreRnDlM2C5eJAR2KwNkXbnMcFzPtpHVa1ix3pmb9N95qhprxJbbcZ2G56u4Okg
SwQBwyvB+xidQ9O4hD82yJChBZUodEzE424kHnejTv/VPwLwY8Eve3nFVlkrYajR
dCvJRa5bfzQitPXbQH6lq0il3JI5PMGUN5fvmc10zZ6ljyYGaVHonHVFMABjUiZg
PWbK/b6RhlhzN9OGk3TgbYvYtduc4n31SYDEYi9ps9hrBiuIRgjWvv5Z5BcegdLx
LFl7Hu1LO5WRhgTebFPRho8P0UaNty7/v0ZgXw6qi4pRyMVMM7MvfIFkhslJeXGB
cP4CMg6NXngX37GSZPQYALnlBsI+a+AwuEBuXxv6ZorDQw5EJOqHOkXmM5U+OFPf
pklekI0JngwDRTWpZjm/+ooqlo/XgJdX+tPxVHrsyAQF0gxS1EzS4xhAdi8eHYCb
cFT8557iezezs4JWGEx5ZDzlQRgpDz3h9HA4A0Y2VI8dbD4u8okCPwQTAQIAKQUC
WJxdSQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBL197Qv
KwHnpygP/j/PVZo7pLoxb0YlQedALTHKbplbcDFz6JFPYzUWcEERgRld0+1CDp2S
4CjOKn9Xsyxi3/TGjRtHRWITxIDndH4Tcpbn/NaV5sAX0T9BkyhtVTdPZ9swMdyR
HKtJd+NNadSLgQqtdsLjVrHCJEmKxsUw8Bj1o09IeE8O9i8oI2+5VgHVw85nSklj
N64ZKK/gUZpRgp01A5mGKdUZxx6//6WX+DXJb9jaoWdA+H/PQsmdPCTg8DGu23qx
z4BRejQIUCcZVh/DjZMWo1vbeiw7wgUcQ1JLlShdqQxvD4Rlh3aAKdSm1FQwssfa
ZR7FVBoVoh2L2P7OqE5+Bn0xFr06GYLuyr4+jPpLGZDPpb/9NzPKWleLFEmwryt0
hgynvXvJxKFfyY6pJZfncSFzaryRIKivXE6ENe2gGQpge5xfff/41LqX1ePJbpEw
mDWxXhdK+7oN/D+qdQWP7PTQ3yVBSIzso9ToSE3+Hk97IsrGmmSmd2UG4dn1i+mJ
A2d89GV/A+LWjn03+uE3pd63mRsPl7zI+c1dmVyDBqckGTAXKuAgqr3OgYPTxN9W
FrjiwiyryLL7dDAWnUGCME0W2GXUlhZUemczmeIUjHztFpGnkJAlnj499ngH+iKx
fg+v1CQSEbGojL/fjM4ae/+TVMMg/BhVdLHTOwpDgZ3GbEHRBFNtuQINBFicXUkB
EACjthQU6l5IgGHrq+Fs6jmpEgz5PKnlRmhs1iJHocuZfyVd56WnKoES2nz7zk3V
A7o3dfqQGkQAVKwOS/i5SffAGYC88VssCG03ZC1RPuuYHRk3IRlPeVsak/R2Aczk
THV6XN2r1m519ACeQ32wRo95z7McE03soPBrrfKeQRlGCYNr72dlyYz0KxVKqTe9
RS18JauI+n0MBvK6efywl0MANSjyaDZulvB09lfNdmXCl5n1dGyvPKiPbpL4TOnv
9jpjgoX5tu4EdPgN4hpOhMfSoQNB4X1jwciNeD7BRwupkoNZyQYzeBeyGOXXT924
NhCC8+g8dHMnYfxc52RzP4lxx3kFrtb5FFJw2di6fkFLvGGh41GxaH9IBMZ1Ok/y
AMVI0XzQX/tf+TuG3qN4A+3Xly8FEOVKhVIxHYhq/e80bXi7xOgXDEFxL+fYG1oL
1yhLeO6AOYkgguvysZNb3fdFqz1kj/BRs/Fv72Q2C7x6iwGdC3TNo1a2lceRdREo
7Ml0PPbPQX1mljNpfFpaRgpz7/8+7AJM30yGbqgVAd0ZL0jXhToZMnal8QitZqBN
dwnaP2CRAGAaEn9vMNBcZn4llFbqu9ZaTF21G0GUYPgMhxv20k4ouK4mTysLPpN/
GuKKhzXwXCB6JFo/Wy4e5onplvBAJvojM5YOEHOl2LrzewARAQABiQIlBBgBAgAP
AhsMBQJYo4tEBQkCAr97AAoJEBL197QvKwHn6loP/iads9T0n0LwHE86w4Bn7LEE
EQ4R/KeSj5W0J43XOeDs+YBdqryTQVZxhCajKvB8rsl2hjQ+T5abVejU7pcYF9lO
ne4Ouu2nemqrnzvBAMzo+xFMWjjVR/4xnEYveYNi00eAifZs0uzNVWeKFFn8e/Ob
ocsssR7orhUXzKtc2WDrnMSd3yN8yFCTB7ehys8QdeGLcD38ieUQ/1VYmqvwIHJP
RgmgHg5tHamZ5UH+csekeMbhKX6fvQivYrmjxl7ouSkLGGiKktsahWpBikNNia64
UIB0z+wUSI817+IL/eBIrzePC+Y2qDZNXhyhxQ9tFzE9oaJ4Xgfylws3WM8+GyJX
zaLLB6XEWoXKjDgLneewIApjv1/IbrFH3N/KyVDJa3L7ExDBaFqDV5ISpKP4XUXW
BtAogALEYQqWPm+NzVD4BjOePSg8ibRy4vI3MwctRWFne9xyveRIEvrLk3VjfySG
82BNjxzVvuAn09ljwYlMZKFdGbswHnI5rH32GQymYE9/llZnsMclUBjchpnkUNoj
Q8X57ZIC+A0RyZAf68g7EpZbUZqsDjGyNLpzLdY9AkC5Zc2N00L1iImEXDAREhUR
IMVq7+ZCSmTM3tPgTcAjEohJMDb5tic+dBGZjk4jRpeXdEqmIEMsPP4tbsQUrPNF
gNROtCZSOxKkyR09g4LOuQINBFicXe4BEACvzk0n8cJ/dYzRk8tg9vf6SDwEfUNm
mFfgGdVfLKa18IOV3hbx4DLHOO8Ah0oobt6DRmUdlxeTvoFxOpOPwWaQYAcXYoxr
W/j92mB469MVDZjFsNVXSTg4en9rfta/xi1FBd/BlGC+h48ueLExfAh07uWn5uA7
oMVNWw8Dnx9UFzDmAu7SJ0NcvSVqKMCiLQnESnxtw7x34H5wfI32xjnclHCzDSLs
Ql3ALfaz4dUEQmyvjgQaJkvaTcF1YugLRm5MOCzXpobKZNa5vpGTjCQCyqc9pznP
lQPQovuqB5F2lEybeayZvZZag+PadE7f8LSFj8q9E4SV6E8LrtWnkok9tr7QzvC6
Ca6IJ0bsc2w7NOaU+vFt4sAXPD/BfIzSYpuRc7vVNIZKpCb9MBz+AKfzAgxmd+gT
EgBPKEFwbE4x8nVcnv2C9vHINxkXJC+AtRPJGNQZ9oZhwPUEGyt4gjXbiEgZjfGm
2F/UQyY6qwpK7KUXnyJGweVlKNH+oVvu/lFYUFAg9txgOaj82ulHth40hFtmPET1
23ARpNKYF93nvskW6fYszY5+c2/7UmMeRp3jGk8A62w3gdD9KaMPTaB9jjRrPoZF
77Ci/qXO3K5LhWakREwHyDTr0A71Bf3raNr3wKzVuIcXKLKzAe/KVEPCzoLRcYyQ
UeBBxAtuYMF5SQARAQABiF4EEBYIAAYFAlpfoI4ACgkQG7icBgI2dEn60AEA/tPc
/WbDmG/d+X8XUrxFP36iFN//KtLMpqE1PvkAUpsBANS/gwKcfqqsFAIP+S85Rw5y
+a+MU3qx6/3mRH90Q8kOiQREBBgBAgAPBQJYnF3uAhsCBQkCAikAAikJEBL197Qv
KwHnwV0gBBkBAgAGBQJYnF3uAAoJENcq80SMwrA0mnoP/j6/TvaimIH5oPJxNDON
z+W1juqKLZGn/1HNi0A7l6okvFl5syvEucyLo8ZwR/QeM/J68Ar02eiWR1MoMoXZ
L55A1wbTvjE1j7oGpcZjFgGhiv1dTNmV1h3UKcAHyu3an7gD/U7HtUqECVbCxYye
y995RwMoChtuMyYaMEAkRh3NTePdTL24LBHQgomiEAclZKPIrScS5TmuQO4wycui
NS+WHKARWOYuQptMv/E0V5Hwi4cLbJV3pbTw6Rwane4ihwXNjmGc/XJWTYK9aEBZ
5Z7QkvR5Z7kj1UudMYOEXYncsjb0e7ZvCysdD7ZuAI/KuvtrNc1FWNcmW8nfLy6m
f0MDe6WYQIYhmV6/3vj63JS+QWpUEdhZ3WKxmO+xwHLm1qU5M1wvohosz0mtZ54u
etq8B3UFl1j7d0eSgZnHSSoqzX3hdlohz++4BZ8goO6PV871rKp4u105vhxg6vhP
0TBWHXks2CdMC/5Fmr6W0pHQjeBQUOBwHN4cqbEhxt1bomp+JMpCdIubg7YHXi8S
ZrYEPT6TWUnEqzAtZRgXRN+nEQrwEd8MH+58w9Rdb6E33uTDMe5OyFXcn7NQI546
65v4ZUoRYn5fIUNlCMoTTPm0P2Hh7y9To6Q05iL8bnpSXD5jPfoPoBq1fA2MPmT6
xQzk3xD4Eaj83tetPCUKdT+xbswP/2Xeoiwy+xJlZcd7CbO+ekpIlH0tWI/b02zU
VT/xl/g+66h0C/70R0JXOK8aqUCH/09Y4Wp6lwfjQiBsFePcTtTg7A5Embiaoz1M
lvAaarJEf5fjl2wmtOKAskQa4jLVhVFENLqrmoHb7XuHRKOoAuJe93M/HplJwemz
igqv0Mb7Y6EEmv1bFq7Nw8SKMEDgk5PXlvWDpKcIa0kp5LLpmEtFflUOTaYGHrEe
6B9+ne0oeUTRJPe7/U/jkHIw7T1wQ9nw+Xu58KPlFdKcdMvqQM83+hsIdtA/4JyC
aGzgIBZebv5dyxmmGZ1Ly+MSGilTR8Y5XV/AZh6LNfu8QtIuSR9CHTaAhxlxfAZp
E8+7fQsLhEmXhaernLL07S3y7CVu9xOVdcuMlixNgWrnKY9/lhcEAVTN9df19phj
ExehTu5+VIgROdnZsu/JEhMn6TcHUyeDW6YmWnkRbrFhPSd81T/gCl5cgDY4pfxe
8ZIG6it9gqw+ji3fwI8qEkHqgbhZNCiBFp4/BXEZ0mQk8tFeYqsf4Lgb8vYB8hh7
N/cUR+Gpsm5p/8B1/b1C3SiWPWI1XY7R+jqUMPuyXPcR+PrSJxwQfjBK1/UNUwno
P5ADWTwA9Gh4FK22sMjR0EL1cujCQ31krMerf0gMFBxeqyj4jd531kwjfCUHHD48
PmYrvgvBuQINBFqgQNgBEADPqgmj4AdMhHak5YXxljAYuiN6dy5+653LbyWqe+zJ
vOuo54MFXGMwVhHFYYqDakwKBN8GsCF9DGo0jKHqLCDfYJgcTleF9PZQtjn5l80M
dFqG/+8i+TMDh6vpe2Y9vHDu7RCYzd3+RJWUhqjE4ut+lbgqr/pLjOvItk7iUSRw
YArS/Ax4nVRukQVtUvloNKGwECK6nr3PmOeKfJieZwaesbbBAsrtkqQ0QrRBybpX
qJ61nSztqCyqHmmRnUANNWzjmL5ASEwaoJs3yMt7Nj4/IrKd/2P0qBpjnkcnvB3N
HUTysH1j2nciAs7PuOnyP+m8QyDkVK+vAnO8wUcpMOSBxqGk21OapPZYAgIyH8jZ
SdnlThzA6LyI7Kuht+5KgdDGcTHYBVzEKLXEuseokTa+CFvLjZTs+wy6KgNORahk
niKoQITppW0l9/bh2GvNxeQaW5KHzsmGWPX0mNPFZZUEkUOvor4McQAm1u1NOdNS
4VFoQE/m4jYpZYbaQamdY3qK0m7gmPo+VDFB+0/zrBUfWR/PA7zzioIClkOJ/LxN
dDKaH3iPWul0kWu+C5q8xW0U6SBj963MnF+Q0l7fRxS3T7pM6+uKjAHUAoKitdjS
A9wH7ARCYIJKogv+k6B5c7Fkw7eSV/biRV+j5ggN8TrSYpGPljyj0NJi1xWs+A/I
ZwARAQABiQREBBgBAgAPBQJaoEDYAhsCBQkB4TOAAikJEBL197QvKwHnwV0gBBkB
AgAGBQJaoEDYAAoJEPEyscuvExyu+3YP/09D/XesaBhnPs3xMjyTHDDinzJw6XeO
7WySemlSDcIsKhbrRVbSNRubMTjBx/jlS4XfN0R7SgMrLwNz5s8cl4iW01ZliWx/
/Ie3ryfPUmhnl6mWXUDSx8BPVwyGNH0nijBh0C53DfjVHxd0All+orLmGp7lopgK
rZeO8WBbK/HFwn+PTZKr+/SubJQsmQ55G5ys4bIUVi8wenaI9jNdia05YBXxPN4x
xDqBYIzQ28HnkivH6S6zr7b6S45gia80l7/2CSPuoNwe81nns2pzPigCKs3aFBsM
KBX+kkSRktEjbyDslSGzXChWnwoR1Iv/XlwhQCFRk7K3MLrqsUof8q/jWqBDA+lT
K5j81R9p6oeb7Fnh/8qNYcGvEgHfo+ZV1ihushI9a381vuYq66RNhoBwdZJliwjI
R6Z1UWP2jXhfyAcUhxcryOzdGPbj+LmKrDXGg46wXod5wNAMA0g0JYoXruM2O2tp
gHtCVW/R3RSD07ipubVHAW2RwCC7mhUfrUZP6WMkyhGsNas0zcRPt9v66YXc0Mcp
ilbh3g1hcgb5H55YJyZW9IMVFWZqy3ewbI4DIyLQnrUW/yhhtlloBfEaenEEvnfo
SWyr1o4W90lk3CjjHGqQ7sPG68lwtSxKCdrAR69cb/EtYl5hllqgeok75zOXJX6H
kSDp3gKear1ZZucP/RdIEGmuQETA/7LzZF1gbQx/luWgXUJcmiqDDN0zlN+VrAqj
cmWrkJACDF1gA/p7cA+mC22j1ENJLXWdOi9rNvoJxHP2Zcndc3EH/UkQJzp5KnNv
9gedqAGrzlmaih9uSuH9Pukep5+tMJdJaXq0vPctM8iFdy+9iv8ocikBDGc/miDq
Xg2VDypUCyOqCAlVpAGqrxVXkeSNUceVzaEAQgjC+ehXgDtzHhtkgAtTLPzarufA
cjt2kbLFdbELR8Fefq9jGXoCoWfVQUlxLHIPRh1L+11Y6T9DAMGi94kAxWxUn1oQ
N32UQPrN88CePPrOngZ3gv9CLGbY2Ml/XlT1o6dk209Gauy8dxjraJoXq4WQ+hHv
JSW0qR+n9E/an/apvIbndUCOzqBTzCoIG5LqfEiLEADez7V1YICaofZpL7RW4GoY
PbLJMnfPq6PgHtT5QZVTQO98dZeZwmekMhwB7CTLGROp//Ko/FJ9hqE8pZ+N7Nrd
v+WN/wq9dUjmSHDEbhTTNMJwcRadla7Dhcq4Gvb3lBpoy1o+DbLsEoDuQ3vivEaP
X64eM9LGYkeBID0zv/LWQoYwBh5kqDyfxTLeOhr6VlueGWn2jNEao9e9Sn4psiKc
73lcyOecSPhJ1Y3WJz5pqkU88P3KoFHwuztzxx/997XGEU8vcUQSmSmerv+muQIN
BFqgQQcBEADPVquej+jmKwI7TVFgcsNGjJG92IQr27+1soFTzIvK7KceG603+LzJ
AqUi5gCgz9qNwCV3C83iAPMhwJlJEQiNTJpHHOLw06MgD/A1BJEv+IAgNxGJEPxM
eBmENqzxGJBu27l4F7xfybN7jRRIy1sCyeuO+onaL9Z4ig0YMKYqMJQncA2NjZk2
3ABB5PSMmUUxJ5ZimuLGhJ6qOUoZGsEKtMk2D3rgD6otng44ATakOHJ8cTJvfhPu
qdJrIUeE6VslR0B61NW5wy2HfmEGyS4ZyBZZGKwxDHYMuBwIDnBf6ed9/8/V8z6R
5J286vQzMy5DDTp9gRhvogDaX9lp+/RWAylFsZtFJquJ0GFyMkl48fA3CQ59HAXj
Ln5//BWH3WJMQu6oJGOm2it3LwasyYT5OlbxbPyxEG3htWB5aN5iFYHKMUoGcFkG
hxMeIOYUvLYk8Esk5v8FH74R3ar5dd39sXdSbq1ZSoFy9A/kYBTQXc/OjnXlhzDc
EbozSPNwfyxzED52ftFG74ZiJbaKZb2cJSsJlcx+KvWLr+2DEC/VBSmYjUTvVtSW
J2xBqomspYcHZvTk2J8T5+LUf7HoXCDMTfLQp4nvcFN5Kz7wfbbrAWmjZ4ppEYzb
RWMY4aiNtcPTrFAwhkfSWc2gGEZgETItbncrdfRzVw4cB3EVDBlThwARAQABiQIl
BBgBAgAPBQJaoEEHAhsMBQkB4TOAAAoJEBL197QvKwHnonEQAIY6nWM/GEp/eEd0
gmlcUM9Cyv9m5PbARSum0CF3X5pzwbnY1ckg9ZAFUTI2og72o0SKPUgcoUvFFxZW
V/+418ffZP6/zWDC9hOZjkgLM3R3uIVDN8HdjAC/ybf1gTQpEM0PfslsKgqomrXB
8Lw+oqxkK8Uk0Le9zDsaFdZC/tpzGnTQouuo6B9gHTbpwHrtNTkkHqZh6t7+Jh9p
hgVBxVgx6T1qKP4nx0x0qfAyv8dAVmp2uUxVO7tsK5pXwjT01293JKTQxLfyJI1/
90ydtdsfVJobU8T2Tcin+EIMuaf7PfYb+7cTkCU82Sa/C2e7t8krXYN3Hk3/t7dd
RecJSPmwhOijr5PuuGQerF47ovcH3XyyeWK7fOSqiX7jS3MIK9HaN1il18M2qZWl
TzZQ614FZh/AwJN4uNTO2MdxHXqVSgvmp+QCYNoiyYBl4qE26L72XEVIcXxiMGlX
wWJQI6+P0r+CjhJyY+vNdfaxy4HadD1h13KfsLNZc4+yKsxXerKZmCDIET+wFe1b
PFsRNFfwKLjB+CCDqTpF4l03YlPwZwsghaQ8g+NZfl4qyR8NXospGuv7S7gBpsg6
Icy08LU4uylmFHmVCPJSYXYtjkYRZMyEy8BEOiwQT2bLmePqqRS1GN5uz6ytX41E
U9coVPCcdBfWUAxoPoOCPH/eNug4
=00Rq
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,10 +4,10 @@ After=network.target
PartOf=openvpn.target PartOf=openvpn.target
[Service] [Service]
Type=forking Type=notify
PrivateTmp=true PrivateTmp=true
PIDFile=/var/run/openvpn/%i.pid PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn
[Install] [Install]

View File

@ -18,9 +18,8 @@
#Compat macro for new _fillupdir macro introduced in Nov 2017 #Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir} %if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates %define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif %endif
%if 0%{?suse_version} > 1210 %if 0%{?suse_version} > 1210
%define with_systemd 1 %define with_systemd 1
%else %else
@ -29,26 +28,20 @@
%if ! %{defined _rundir} %if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run %define _rundir %{_localstatedir}/run
%endif %endif
Name: openvpn Name: openvpn
Url: http://openvpn.net/ Version: 2.4.6
%if %{with_systemd}
%{?systemd_requires}
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
Version: 2.4.3
Release: 0 Release: 0
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://openvpn.net/
Source: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz Source: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz
Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc
Source2: %{name}.init Source2: %{name}.init
Source6: %{name}.sysconfig
Source3: %{name}.README.SUSE Source3: %{name}.README.SUSE
Source4: client-netconfig.up Source4: client-netconfig.up
Source5: client-netconfig.down Source5: client-netconfig.down
Source6: %{name}.sysconfig
Source7: %{name}.keyring Source7: %{name}.keyring
Source8: %{name}.service Source8: %{name}.service
Source9: %{name}.target Source9: %{name}.target
@ -59,23 +52,27 @@ Patch6: %{name}-fips140-2.3.2.patch
Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
Patch9: 0001-preform-deferred-authentication-in-the-background.patch Patch9: 0001-preform-deferred-authentication-in-the-background.patch
Patch10: 0002-Fix-bounds-check-in-read_key.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: iproute2 BuildRequires: iproute2
BuildRequires: libselinux-devel
BuildRequires: lzo-devel BuildRequires: lzo-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel >= 1.11
BuildRequires: xz
Requires: iproute2
Requires: pkcs11-helper >= 1.11
%if %{with_systemd}
%{?systemd_requires}
%else
PreReq: %fillup_prereq
PreReq: %insserv_prereq
%endif
%if %{with_systemd} %if %{with_systemd}
BuildRequires: systemd BuildRequires: systemd
%endif %endif
BuildRequires: libselinux-devel
BuildRequires: pkcs11-helper-devel >= 1.11
Requires: pkcs11-helper >= 1.11
%if %{with_systemd} %if %{with_systemd}
BuildRequires: systemd-devel BuildRequires: systemd-devel
%endif %endif
Requires: iproute2
BuildRequires: xz
%description %description
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
@ -141,13 +138,12 @@ Requires: %{name} = %{version}
This package provides the header file to build external plugins. This package provides the header file to build external plugins.
%prep %prep
%setup -q -n %{name}-%{version} %setup -q
%patch1 -p0 %patch1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c -i src/openvpn/options.c
@ -166,8 +162,7 @@ export LDFLAGS
%configure \ %configure \
--enable-iproute2 \ --enable-iproute2 \
--enable-x509-alt-username \ --enable-x509-alt-username \
--enable-password-save \ --enable-pkcs11 \
--enable-pkcs11 \
%if %{with_systemd} %if %{with_systemd}
--enable-systemd \ --enable-systemd \
%endif %endif
@ -176,10 +171,10 @@ export LDFLAGS
--enable-plugin-auth-pam \ --enable-plugin-auth-pam \
CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \ CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \
LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins" LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins"
make %{_smp_mflags} make %{?_smp_mflags}
%install %install
make DESTDIR=$RPM_BUILD_ROOT install %make_install
find %{buildroot} -type f -name "*.la" -delete -print find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}/%{_sysconfdir}/openvpn mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
mkdir -p %{buildroot}/%{_rundir}/openvpn mkdir -p %{buildroot}/%{_rundir}/openvpn
@ -212,11 +207,13 @@ rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
find sample -name .gitignore | xargs rm -f find sample -name .gitignore | xargs rm -f
%pre %pre
%if %{with_systemd}
%service_add_pre %{name}.target %service_add_pre %{name}.target
%endif
%post %post
%if %{with_systemd} %if %{with_systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||: %tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%service_add_post %{name}.target %service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@<CONF>.service # try to migrate openvpn.service autostart to openvpn@<CONF>.service
if test ${FIRST_ARG:-$1} -ge 1 -a \ if test ${FIRST_ARG:-$1} -ge 1 -a \
@ -271,8 +268,8 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%endif %endif
%files %files
%defattr(-,root,root) %license COPYING
%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README %doc AUTHORS COPYRIGHT.GPL ChangeLog PORTS README
%doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root} %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root}
%doc README.* %doc README.*
%doc contrib %doc contrib
@ -280,7 +277,7 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%doc sample/sample-keys %doc sample/sample-keys
%doc sample/sample-scripts %doc sample/sample-scripts
%doc doc/management-notes.txt %doc doc/management-notes.txt
%doc %{_mandir}/man8/openvpn.8.gz %{_mandir}/man8/openvpn.8%{?ext_man}
%config(noreplace) %{_sysconfdir}/openvpn/ %config(noreplace) %{_sysconfdir}/openvpn/
%if %{with_systemd} %if %{with_systemd}
%dir %{_tmpfilesdir} %dir %{_tmpfilesdir}
@ -297,19 +294,16 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%{_sbindir}/openvpn %{_sbindir}/openvpn
%files down-root-plugin %files down-root-plugin
%defattr(-,root,root)
%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/plugins %dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so
%files auth-pam-plugin %files auth-pam-plugin
%defattr(-,root,root)
%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/plugins %dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so
%files devel %files devel
%defattr(-,root,root)
%{_includedir}/%{name}-plugin.h %{_includedir}/%{name}-plugin.h
%{_includedir}/%{name}-msg.h %{_includedir}/%{name}-msg.h