Accepting request 601900 from network:vpn

- Update to 2.4.6:
  * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
    Interactive Service
  * Delete the IPv6 route to the "connected" network on tun close
  * Management: warn about password only when the option is in use
  * Avoid overflow in wakeup time computation

- Remove --askpass again, because it was also asking for a password
  when none was needed. As a workaround for keys that need a
  password, the "askpass" statement should be added to the config
  file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
  actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .

- Update to 2.4.5
  * New features
    + The new option --tls-cert-profile can be used to restrict the
      set of allowed crypto algorithms in TLS certificates in mbed
      TLS builds. The default profile is 'legacy' for now, which
      allows SHA1+, RSA-1024+ and any elliptic curve certificates.
      The default will be changed to the 'preferred' profile in the
      future, which requires SHA2+, RSA-2048+ and any curve.
    + openvpnserv: Add support for multi-instances (to support
      multiple parallel OpenVPN installations, like EduVPN and
      regular OpenVPN)
    + Use P_DATA_V2 for server->client packets too (better packet
      alignment)
    + improve management interface documentation

OBS-URL: https://build.opensuse.org/request/show/601900
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=81
This commit is contained in:
Dominique Leuenberger 2018-04-30 20:54:10 +00:00 committed by Git OBS Bridge
commit ce0c40d40b
10 changed files with 462 additions and 212 deletions

View File

@ -1,58 +0,0 @@
From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Tue, 15 Aug 2017 10:04:33 +0200
Subject: [PATCH] Fix bounds check in read_key()
The bounds check in read_key() was performed after using the value, instead
of before. If 'key-method 1' is used, this allowed an attacker to send a
malformed packet to trigger a stack buffer overflow.
Fix this by moving the input validation to before the writes.
Note that 'key-method 1' has been replaced by 'key method 2' as the default
in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4
and marked for removal in 2.5. This should limit the amount of users
impacted by this issue.
CVE: 2017-12166
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com>
URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com
Signed-off-by: David Sommerseth <davids@openvpn.net>
---
src/openvpn/crypto.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 131257e5..3f3caa1c 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
goto read_err;
}
+ if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
+ {
+ goto key_len_err;
+ }
+
if (!buf_read(buf, key->cipher, cipher_length))
{
goto read_err;
@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
goto read_err;
}
- if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
- {
- goto key_len_err;
- }
-
return 1;
read_err:
--
2.13.6

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb
size 938440

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr
r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK
nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm
xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi
DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6
DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO
mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM
0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa
LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR
cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ
NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n
B1yC9E8sA2QK4kahvDj/
=GwRO
-----END PGP SIGNATURE-----

3
openvpn-2.4.6.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26
size 943376

16
openvpn-2.4.6.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlre2XIACgkQ8TKxy68T
HK44BQ//aJOa+mT+BvGqhz3gZCrz3Ez6QumwJcn7Sx/zovxDf9KpNhFzykcwvtEd
cNdorJ0il/WkW819srV6u+665MssiIxm6VFg5WzPz5I+nDO23QfETsSu54PIWQBX
FrI9+6Rec+v4/Y/ktV4FVqUZ/36rnZjX43YYxwijs+tHXROiU9IhIKNmlGVfB7Iy
tysJrqg5wzwhO+CTYTmMKwrb6LLTwcHxyWMqPiPrflIGY6sy41RlmvP90u1zmugx
wIka3oOp7cD70KWMJns68Lc0OkFIz3RO2YW7KhunxdcNzCoHrlCr+HCBLSf8lPbx
yL1sFOVk4ibZxFKzOvtOEJH1wYquI2B5Gd9QQxIeCNUUAvSh3E/0nMZNqJkwlObx
OtxakHSqfskxVrpAz7OT9ARHIZUWVfYv/B+2454VfxRM2Rr+Job6xO2i5ukTKHc7
AdCyY2lZlI8909MjJ0cc/ZeNyB4+jugUPz4XX8ebUctBP1gdUD6XZ6DDo11n9JpD
lwbc/U1w2dmdGIZ3VrfVr3UiNhB5rxhwlxjSj24pczCjP58FQHKhX5u+3y8/MJ/7
Efirugzny3ie1xpW7MOsrndjiv+wQD/gwaszA9HSQnJ4M49byOKJJSg+/Y0vR/PN
8oIR7vnEJ5CS0EVaxBJeZifp+gM5L05xdfaGk5WJ9HZDsP4HkUE=
=dY7S
-----END PGP SIGNATURE-----

View File

@ -47,7 +47,7 @@ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index a55e65c..79f5530 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx)
@@ -926,11 +926,15 @@
void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
@ -56,7 +56,7 @@ index a55e65c..79f5530 100644
{
ASSERT(NULL != kt && NULL != ctx);
HMAC_CTX_init(ctx);
HMAC_CTX_reset(ctx);
+ /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
+ * * to be used anywhere else */
+ if(kt == EVP_md5() && prf_use)
@ -68,14 +68,14 @@ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 0b1163e..93283bc 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *
@@ -88,7 +88,7 @@
const md_kt_t *md5_kt = md_kt_get("MD5");
hmac_ctx_t *hmac_ctx = hmac_ctx_new();
- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
+ hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
hmac_ctx_final(hmac_ctx, (unsigned char *)result);
hmac_ctx_update(hmac_ctx, data, data_len);
hmac_ctx_final(hmac_ctx, result);
hmac_ctx_cleanup(hmac_ctx);
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index fef5e90..33b6976 100644

View File

@ -1,3 +1,98 @@
-------------------------------------------------------------------
Fri Apr 27 12:25:19 UTC 2018 - max@suse.com
- Update to 2.4.6:
* CVE-2018-9336, bsc#1090839: Fix potential double-free() in
Interactive Service
* Delete the IPv6 route to the "connected" network on tun close
* Management: warn about password only when the option is in use
* Avoid overflow in wakeup time computation
-------------------------------------------------------------------
Tue Apr 10 14:29:18 UTC 2018 - max@suse.com
- Remove --askpass again, because it was also asking for a password
when none was needed. As a workaround for keys that need a
password, the "askpass" statement should be added to the config
file (bsc#1078026).
- Use Type=notify in openvpn.service to reflect what openvpn is
actually doing.
- Import the new signing key from upstream.
- Remove obsolete configure switch --enable-password-save .
-------------------------------------------------------------------
Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org
- Update to 2.4.5
* New features
+ The new option --tls-cert-profile can be used to restrict the
set of allowed crypto algorithms in TLS certificates in mbed
TLS builds. The default profile is 'legacy' for now, which
allows SHA1+, RSA-1024+ and any elliptic curve certificates.
The default will be changed to the 'preferred' profile in the
future, which requires SHA2+, RSA-2048+ and any curve.
+ openvpnserv: Add support for multi-instances (to support
multiple parallel OpenVPN installations, like EduVPN and
regular OpenVPN)
+ Use P_DATA_V2 for server->client packets too (better packet
alignment)
+ improve management interface documentation
+ rework registry key handling for OpenVPN service, notably
making most registry values optional, falling back to
reasonable defaults
+ accept IPv6 address for pushed "dhcp-option DNS ..." (make
OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
clients)
* Bug fixes
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Fix lots of compiler warnings (format string, type casts, ...)
+ reload HTTP proxy credentials when moving to the next
connection profile
+ Fix build with LibreSSL (multiple times)
+ Remove non-useful warning on pushed tun-ipv6 option.
+ autoconf: Fix engine checks for openssl 1.1
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ lz4: Fix broken builds when pkg-config is not present but
system library is
+ Fix '--bind ipv6only'
+ Allow learning iroutes with network made up of all 0s
- Includes 2.4.4
* Bug fixes
+ Fix issues when a pushed cipher via the Negotiable Crypto
Parameters (NCP) is rejected by the remote side
+ Ignore --keysize when NCP have resulted in a changed cipher
+ Configurations using --auth-nocache and the management
interface to provide user credentials (like NetworkManager)
on client side with servers implementing authentication
tokens (for example, using --auth-gen-token) will now behave
correctly and not query the user for an, to them, unknown
authentication token on renegotiations of the tunnel.
+ Invalid or corrupt SOCKS port number when changing the proxy
via the management interface.
+ man page should now have proper escaping of hyphen/minus
characters and other minor corrections.
* User-visible Changes
+ Linux servers with systemd which use the openvpn-server@.service
unit file for server configurations will now utilize the
automatic restart feature in systemd. If the OpenVPN server
process dies unexpectedly, systemd will ensure the OpenVPN
configuration will be restarted automatically.
* Deprecated
+ --no-replay (will be removed in 2.5)
+ --keysize (will be removed in 2.6)
* Security
+ CVE-2017-12166: Fix bounds check for configurations using
--key-method 1. Before this fix, attackers could send a
malformed packet to trigger a stack overflow. This is
considered to be a low risk issue, as --key-method 2 has
been the default since 2.0 (released on 2005-04-17). This
option is already deprecated in v2.4 and will be completely
removed in v2.5.
- Rebase openvpn-fips140-2.3.2.patch
- Drop 0002-Fix-bounds-check-in-read_key.patch
* upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
- Partial cleanup with spec-cleaner
-------------------------------------------------------------------
Tue Feb 13 17:49:09 UTC 2018 - max@suse.com

View File

@ -1,5 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67
i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw
@ -13,97 +12,318 @@ bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf
tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT
ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB
tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu
dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE
FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax
c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW
lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP
SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y
2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo
XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6
SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt
oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN
/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc
gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni
FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK
Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK
CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV
IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi
b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j
Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6
Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53
o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN
dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv
abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O
qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b
+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6
7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG
NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj
/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145
cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4
+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w
/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2
e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII
aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN
qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI
1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe
tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji
4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ
HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq
OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ
98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG
j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX
QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E
x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/
iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD
7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd
90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG
CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm
fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m
iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA
CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5
gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7
EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc
xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4
xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv
N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag
CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG
M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk
oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS
lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS
iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65
Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg
Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ
ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn
Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom
S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9
llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i
wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2
8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB
5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN
jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI
NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ
BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic
Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX
qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW
AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG
Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX
kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd
idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc
lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ
KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS
kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE
36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM
+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1
P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4
rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy
RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D
xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ
cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL
4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt
LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS
EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS
QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd
KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ
QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E=
=iBcj
dnBuLm5ldD6IXQQQEQIAHRYhBJ1Sw0fqLFJAInfhLR/HT6mBfHpSBQJZ2PE1AAoJ
EB/HT6mBfHpSozAAn1xyDljEjokbnI7wNbGcCDlUlNW7AKCuxM+zG26UM2r0DxVe
fWTFhBIV+4heBBAWCAAGBQJaX6COAAoJEBu4nAYCNnRJ+tABAP7T3P1mw5hv3fl/
F1K8RT9+ohTf/yrSzKahNT75AFKbAQDUv4MCnH6qrBQCD/kvOUcOcvmvjFN6sev9
5kR/dEPJDokBHAQQAQgABgUCWXeoHgAKCRA6fjL5C7vds051CAClxiDpvmUjgDnH
xm3+cesx8XhxykokxI6Pc7MWSuSvFHBy16PTrtv9ePOfqG3jpfO1ZSYBT89OO2bT
cLPioHTNj+aYivCYRXf4An2ciPdurTDlQmhv5z8bC2NztCMSgVRN8j+ZWPZh/jv3
LSIRdxjk563NL4vdq8U6Meezz5UVfaSm4G8N4oNNDZwK7UVoIYHlyjuPdW6RtBqT
rNggs99QwFfRDWYYRoIZvC1qbOGepzPZhluDMmknkvVctV5aheqtPPSGhS4C98i/
PV8r6j2+usNKHABpabC4pU3JKBWNK0mR/VidF9zNtqtCyIewtxv7E5Avqq+MzuPx
gcxl4cEXiQEcBBABCAAGBQJZpYy/AAoJEC20u+/5mSLkoEcH/2PFU/80HepTS6o8
RJRmEyBQp+1aGv3gt5MYkUEYTeTLW73qEqt0n4XXeCxnOrmFdhjf6PCK4yp+gk3K
lmZ7b+ELxqMTF/7IpnlVUztio7NCsJStnJMaLiFPpa5AmZYn8xmsgvsrXiVerkvd
F7txY7T8Cus6BXTn1Sp1av/c86zeU+Ibe9ZkGY/+Wns6TxOAplwHcG4uLXj2oxz9
ry8r7Tgg/qB8Vo77c/+wS4hkiP4SyAwRVPHhzipN5eBlFwyW01lqESBYIhqD2z8v
jPRTBwe0xyKa/KpeibD8KLf6fPMWGjQASLe6yRZTDAFOBAnatECtRp5SyWzbUfK7
oO87wQ2JARwEEAEIAAYFAlqc7RwACgkQ17bfzgpEGOVeEwf9GacB2u9Cl/weGXgO
L9abfQpyQsVf+xnZHnpcqfqXc4ES7ucJyObJ4Le+UOOkDgmWJ71w/v+dl10nQCG+
DRoMQlMe0PQdxEYG3lAvWnfrxqVXz41nyqQmSOTfn/GMAe8EbCIuy2rqXYTLOStq
xAAnfwHzo8l0tV+uwUvP8Q/2fEwoWJsNoiVQkVoKmeeLH/QAdh1JmO1StNMO8N3I
76qiUffkTbdAnBZmeruO9DGpgyoAfRins7SJGRHth6ikGuuYc6dHa3PA10IGc+Ad
YoxPy4J443DiHhEmsBF95wJowJCDAspmhhDOpnPShvfGcU6O8x2Vez+EbnsSrTTQ
XQ/TdYkBHAQSAQgABgUCWZqAkQAKCRAjRRsQeqA5Qc0tB/9gG3MLp3yTuqkJ3JgX
ZEgdJn5VY9U8fVAmG8lqbr8e9fM2ZDIbWg99w1T/KW/kBOxhlSt/YNQk+SU2x61u
rRQFwKleJsHlaVRUc6eoAhiHzOwf1I6RT6pn31dhqhNpx2tvJtOLmKZkB53tkA3d
OVbZaU3KaGVYzW2iMlT1aJOwTy7RMFO+pLxmIWqczNeAcu1zersa4nkIQI4F3snY
I5WZwyuBeIWRK1YPvJqUm1IxKvigfmozos9+y72b6yjFcRllDKIt0eb9JnZ30TPm
3nHBzXlLgNVvuQ0oN3s8waVgXnNSIUsbvOkWIsOz5r9Czt9c6cPFhPY6GCIUrvZ8
T//BiQEzBBABCAAdFiEEVQXkUwUfTo/Nvb03sUAmce0N+90FAlnW1ssACgkQsUAm
ce0N+93lzgf+Nh+LSw3YHfwOBb/M/cvWB+2z42tDxLgfDri7rBKCprFW10pX5z6B
X7aWvvG/o24McC6d15FTEpLw06tnIDWe52fUTI1HZkGtfl6c5W2Iz2ov5UXLjzfG
+wN7Ep1xUEjC8sgST7+pOLz0QJ1Ac5GnMNnDAztqL+P5UOlAHAI1DaR5XLk7AVYA
AJ9D+5I76oDfaIABn+ZMWzIoDgKcpX3hlgFrow66GHZZJI/1lxB+8KNTY21fIYoN
T52rT1RaLpNL1CqT7QkTs0Sy0HiFTeLfM8xRkMxML5e68nF13x4PR8LABXmZp2EC
M5Selr2p0uJQFCtjHX0ARp3IxdUry32LUokBMwQQAQgAHRYhBIIXWIefkIahtKRX
o23OmZIpa7SiBQJaREaZAAoJEG3OmZIpa7SiSrUH/R2PYGiE+0SWTiYTgziSbX2T
TsV5M+9N5bJk+ApyjxmvrOrRUeI7MSxwlLBgr3fVc02za+Bdv9ZcwqvaW1b3W1vB
vHO8AxNId9HVY1g+HZYirmSo/RLy4S7Rq29Q4cd+kaUrl5ElynDVdNKkkAvfGySv
DiUD6QgsojSjHZuUVjTJAIGaV8jOiJwfc3v87e9+0V5mng613wv6ObgDSVc66X0b
GmUJSUq2rqfAE06SqLQ/Dtm4UpJuBA7QdFbQewHVJtw38haK47qPPyp7FV64y/K5
4W+ZPyZ6qb0q93uMeRp0Be82M4tKYG0+VW40eeYsNwRRs48XUBtmwj5eDg48hJyJ
ATMEEAEIAB0WIQSWaLi1rt+ia7Hj4S/ruxlddiv0cgUCWmy76wAKCRDruxlddiv0
cnXOB/9djGvR1v3PK76yvbtiqG8nZnfVmu8em3sne1LIA5oHUYtqsWCHUrpEY5Lm
lqUDVD5EUir/EAZDy9Muf3PPMrWzg1NPZK4wuO3N62aU3ZgG/aaBJXuLHHA6rYjt
PUt2unuIIEmLgzKst6AY8hJuov3C6l07WzE2guvTC8jvZtsJGikgVnEpgIyN6sY2
QrxxJJbWaM+4bomZh/tFMaczupv98cRZzFv3JlCuNCG4TPUgNI5q7vxRGr2FnVqV
TJ7ZR5AsIakBvAo2pzxE9M5q3ukyYpgMFG5LcUwNO/nRoHXCTh2HEEYPf3VGKbHM
raDswhlBL/J45Aqp3uh8tT+Jw4MEiQEzBBABCAAdFiEEp2KtXeBBcXlrRORD2yVH
L6i/yo0FAlpLhN8ACgkQ2yVHL6i/yo10Lgf+JehUT4dgsR/8+J4pM9EdQYBXH1SV
aRzFsV/moLGiFfJEkM4aBe99gVDWY7ddfljLx/s3VbyiWCX0DuPojCkTGnaXoYgP
EmXrXmjftihPz8hHUXrKkMESGHQYDBtgds7cLEx8M8Zg8BK5zwbMWug+y9JJV24q
HMttVCLYbWarHS7VCj8wrIUmLzZeQgi9T0U+D3jv007m4T2E40/UpclAe+nexDb0
/ehbFKbkVVafIRq8mRcxuoNUChG6RvhD1rV4W904DqdEO+eIgDOMO6GRuaSav9Nu
dG6wd8hlk/TFipTX9XUxhanrjGXmm2o0YjQ4vjwqvjy92rcxhTaX/oe5IokBOQQT
AQgAIxYhBG9AVoIRUvA7ayTy/PhIn4Odc2fzBQJalK8lBYMHhh+AAAoJEPhIn4Od
c2fzLbwIAKRAjVowy/tiaBhO52PgKEjDAgq5sCOUiohptA5IIONt8heIIl3YRf8m
IRIwGUZGyTCf34lIYsMIhAuVizGxnbREZXeC1D5BWuvQ6PQEMRnTWttt2htaNZVX
uJh8CJjFY5bYQP0Gqdqg39HZgYnuPTdMN7x3yUzUbPKcRoh77gUjyzOroqS0kGmo
R0u0tHL+kCEKCHafsDqsXHz023yxlMuYdK+RPnsjBNXi2ygoU/DEpa1f+5E6ypDM
103Fiebaal2OI2dCdVTXHbOZFMjiApQYWa8iL2R8/og++JLzf7V28pLjpd1ildCm
nccCcHQMMVq9rq4v5Pbjj0wxGmBwlEKJAZwEEAEKAAYFAlnluYYACgkQ/a4lZvPw
GAdB7wv+LZrFo7356w6ui8U3a7/KJhlaX1/Kn/7mUMjrI52uprs65DHLSJzrt3Iq
B7uAmdhpsAyzJaSbRz0f7oKziZ/gFZvLw3Xofo9rMuj0ecZFpULCugZ/s2tWSXYZ
cFcQZA4tz24ZREIm7f+SEGMMfAI4jymBnxNJKahxvC3wdPCKD3ts0oK9YOzm6Wno
yZLLwFAa1QUQ+/SbgqsO3I4/wn3BU2EvFihDtW1w1wIiNUZ3S940WCFHdMPeFg3i
tzLa9vat/+pSyA/fc5CufWeX7Hv9ie6jXofWzir1cFoQGB2YdBNCb6AwuABnMzKV
xLPQsTwksQ4twDBUifqDLUk85O7Y5ae49600SKRBb/qqERTQKTw+5QSG1RLdMHPr
F0qUFDJ9U1mrKMZYmK8iCKx6W6BJsvV5Tsjz3YL2ZV881Bn0LIzL2CBZLmLqgao3
GI2nFsrPICfj0u7o7apK75chVXo/LNSbKpqsx5NXMQq8NvVd09HKK50oUohL3e2q
YFDt0evEiQIcBBABCAAGBQJYo5AJAAoJEFfbnathO42hX+MP/3fk8drYuZlhI/+2
coIpZqsEfMNclGQGQXjF5EheDRHhpCJ7dmywQwx6BIkaTO6Zj1KuLihCZpteOXC5
3zdkUnMXnzgMRjdjYQCkx0Wze0CAMu6F+xVbxMnTmcxWEWAy3QtHyokoNQSRuPpG
mp9fEtqFi3wEPYBB/Cg/M2xe2vaJHjORklJCLOlnTY1N2DNWxolyGz0FqhyNcP+h
qa2j2ykQgxP7XehYyJ6UMu3kJeBltBz3pC3Vp6y8meSjsEwGg15CFarHuG8Itnv+
DlmS2RjNxuWgpDGeWlHoZYuHwCEW46oX4dZcbSGULJyJqxyCBKd3Jv+A4IaCCGqq
pidk54Kf7i31astrjRZDNXQIa1tVO02y2vg5omB/V+f9HLXe+R9WUKBIysChjaoM
P0au+a8UgbxUi1PX77h+1hteFl3QsHRa6F1w44XdYPj3OKr6/VvMiYwY34vzSNbO
dIloU16Abe6ylsL2IcvyxQKPZXhKPkc1OvroFGjmjzlOxfdR8C07rdBq4vay3rbo
6TZ+fWR5OM6/jHMO1AvF+e6Fu3VumSNfRtEljz4cmlPXqXH7ppTEqiNa/+uiYuCy
ddU3ezb9iVE46P0lRqK9iFMwAbDY2/bP33yxb0nj40QyS3tiPJdULOm7m4xj0B2T
NlcUMPJgOTI0xQw3fm5OABFNG4aRiQIcBBABCAAGBQJZl1x/AAoJEGzo53jf9lJ3
/P0QAJ6tKU2y2zAZ6SCKnTHlJXUtTSsSHN4m4X1lzlKJj8a5+TG1l8ucAG3q76BX
+tOriTQXUY6tsOIS69aI2BrkiEoSEsUb0DEZgjL4Nulql+/sSmyc4EB58BQLQG9Z
hXdWtkaatyOSiMwsoQvwjfVvpzzDTfEK8AujRKNYiZ7zDp//juI8zioYSubuNzNQ
JOUOr5/+9CUeyRMW88zqXesc+PTkB264DBpNGTXpshgYe38IMGsqhYxu5iW88SCb
1f6Adi6ZDBfhg7OrJXqs9w8IgSauSD2uaAWXwQHDyxm/KmCs/crywzxvY3WkMdzY
VoWO/jptY0YdgQkToef7b/MFILSQUgjpUbCKn1BEFVEy/12sb7hWx2r9C12jooue
Cg+APvKWe7jKAVDvXtC5Vx0xc6fEPY53wnVSgSfhf1uBHHoZeBLgWTr+lQjrKLI1
v3uu2vGDwKk3octTh665Dc94tYO5o7uXIRvCetq4TlcBnRDyESMh1SQW06RZdGtP
AY/LKfASYGZggTUBo5KIKGf4MhbwinDuldiRvjC4eASkDncwE68Cggq4cvE1vDvL
dC9IfVexcayJHcm6yc75gOdkq4YxgUUL1C7pB5MnawQoI+4LQcmwMPdiIOcnBFX7
ICTUc0/LIIr22yteSG4E8DBRzJpdGV4AS2OySyuzRva6Pk/liQIcBBABCAAGBQJa
BU8SAAoJEMsRIiOnlU8G6psQAKQRrLKzj4eI80vVV0vaV5xETUZQ0pTsek2hJN2E
3C/qCYKWocD6a+JJWHlalFtirdgo1jh9AjFSBWHXJ1R8EeLbQRhH4vGkMKZgmyJa
/3NKqjWO4+jMR1tCZqdWT+qIIzu2tB5c2cYDgNo0r62179axcYhYX+xkXzCdw82F
Z8BISkczmP7qlvgxgx3vt7Sbm6hgOo/jdpHNIk3sMNMLmIkKc1RRqZJqAaeVZT/j
CNVr80uafW7bDmWbVJG2db1h7ArnGTj+Zdkte6KiajVTpxYQNq6TdXcj5PTpf0NZ
yAOEhWO7EDUXODxu6TggXETThdSSF5lLp4WbW3Xj7+MxNhNoGfBigwQRxN7KlyuJ
Z9qusQkwCrButK4cQ0qfnO0jUbK/Rz5IjYCTW14gpHlD7v76/mIoE6NbPL6jFSri
1PUffyyRmLmURJ4DVUx/ywMNCkNb+0sgJmltoNQJ+ABHJ1ar89i8Z+BSWHlgio4d
IYZyB4xrQ5H19z44Na7gedXxWx+Ba5h2nzHtzMEEpEmbgs79Tzy9U2kRIDV7CL95
ttDmvcBskGFruUsgEEqvwI/NBHh7QN6VpsR1Lz6GuF/LKP2JCrZ4QEd+vhvwr2oU
BghBO2Qqo6vjpy02K1WYinUpdxoyeFkovXpR6BD3Y7tQFeVQP7CleVJICCeZeqyS
lOW3iQIzBBABCAAdFiEEM9fTErlUMy8TGMhG2vXIZQnVyJgFAlqrP0oACgkQ2vXI
ZQnVyJiWRxAAvqqyzPQlgKQX10hGqmG3xouYbigUrPXp/Px8GD12ISX+3tQbCueI
DxOmp9vzM4gKmZ6Qwdi23154hw6DmOOtSTgpTLVrb9F+Htyv5QSkcXMM3fb4TcEP
NeQlmqueZMYJelbwz+Euas7i6J3ZIFaGwPwu3x5QMvINYzj0X+wIKTwlxa65Cgmp
MDI0wkZYkk25dda081xry3nz3UlVnE+YMQqOewGWWbmhVObEOAVlnC+M5fzQXdgt
hx0mdrfYpsna/qkoAuwqB2l/v1zXWXZ9tqDOA1k4gx37Kaekgp1Rkijki8pOeKni
cfALgejLU5eTBdGuzWjpjYfMJEYy0UOiz9mWcytm7d7UKFmeI3GdsKJ2pB8K7AmZ
krFC0zKMOo8e0V0ZwnCVts+BEvaQjsuhac+lplHLn2jDwzundy6ZPtEHP1X0Uqdp
lrAUMVj7yCoUBG8ylvPzS688iBhNa0Mo5gghjxKs0BPxvDu6vtl401YiW92exk1+
V0XUDrO2V8uZN5PkLZs/9DmVj2OwM+sXPDI7puWytADCiWE7+c55GB5KDG9AllhW
PwMIDHAL3sZe3leNdFKw64efUDyMJhiqVjrhaDfg4W9p6I/rtF20u+7f8KTs+pnM
tGJ3Fn1xTDiEKJ2H3ql0QLsJM0SNLj539Ouq71u3qCCJ/j9IJLZw7NOJAjMEEAEI
AB0WIQRMPD6e3S2TZSduUuoN/Vzk05JP/QUCWpyVMAAKCRAN/Vzk05JP/VCcD/wK
pl8H1ejxjD4Y9Z2s5vJRPS2fxXtdtMWqegP9k9K/33/WqEXXspFB7kQk36TSLJu6
FT+Y7PaQUQY2GWcvsmZdQRX2jy3SYIWuuQBoFudTSNMcZBwE98LKaSSkGI9p68M9
Cx7ym5EYfNj5vp6wYCdOggk95I4v8tAy+2a97FAWea2TBqNOq2Yt4Du4J6hSlIfU
aqUKH4sQ0F8oU+dGBsMxWW7EJP2rCSyQfiv1CHgRT9hnDSTXvRpWH/VkojY7d/2k
P6ga5GN3hwi5db2rFY2wF/ZN4QFprqSpc6aRbibrGiS61aL/25JCz01Od72mwz2E
3njK44uHSZoQamkcO9qqq1+6QrYsFegHQHEnOw5PGpGNGqs5HIfxaptwOYSLeuQL
6TAPaYqpuwHc4FXdz1y1ZtnWXfaaAOQ+mYaasZvrPpfoEDojS3DgP7Wg+2wjtNJA
k5xtO+bf9+7b/dhQ/rTsDCx4I7p96XAXBqDmFBlLcsDgEufGOii3EkpxjW6Xyuw/
SnlQ4SpBorUoujLRCj3rRL3MyMXTxxGydxUbEjTbmnPO7rN2XY4L9gcStgo4t1Sc
jT+Hsd9rPnvd9v10+UvflEIhYnlREGFYnJodk2R9DKMIBEBVK9+Oln0tH4Q6bzXG
eHDopsKvEiZ1n59Xa9lqsfzqONiGATneIiRlsmzRnIkCMwQQAQgAHRYhBJ7tSGmo
2iHzohr6Kc4eHKDusIDrBQJapS1mAAoJEM4eHKDusIDrL/wP/ihBvSKDk53liF3m
yN6DLCWpCSTBjP30jxneWkQJv8Edf+jVxVOOp9XgONpksjx3mb7EbgHqWFmzu0zV
UfXgHdKizSXZTTUuhTy6f2bcfzX0/LlRYJuY0hyG/3gNhIgWubaGPANU2RxHFpoc
t+0STw5XBBm7Z5hIh5OeuH9LwzGR+vU5U9OI6NPzhMDgA7K3CSqZCcqara1BkNJG
48Dj0E5aYMAdmcFroo83Q8Asxpb/Dbe7+gswuGsDxbShFxpLFqXe7LT2LP1aMrGl
zd2IQtQ8M77wimKMZDF1KFZm5jAOmmdts7C2KTEAXOYi/OXMxj/eCN8rJQ7SpI2O
FHusWrL66jMcUIYHIVuyaOHFs8QBqaWC7+I2GbK5DVO2M3i/m8/QFemvqsgmZZbX
oH55O6c/TKrV+bI6cG1yOxNdmzW7mfRNuNwh88nV2pWNT1vV8ZaPT/KtgbaDop7H
coTl1VD9QvE9m3LFyCoffou1eFM+YlEdDg1eN4DR77w+pO76zb5yjgjn1zW0d61K
VRpSGwJv1TM7ttEgAXWxve1VAtCBD7jJXufa7wuBf8WC648Q9rqI9lWwdomWtbu1
kC8SLobRxDngjRHt/Y677V7i1uH0CWOisP6t22uYvf+eA+bh19rWBiJAInCuXwQa
BV6qzcOANjgAjsM9XSMYxttIiclMiQIzBBABCAAdFiEEzDhU424zJSWRT79Mt4Wy
9/ObCB0FAlpjfVEACgkQt4Wy9/ObCB3EmQ//ZJdjAgCO9UN1jCzHxc2MNqO+hm8y
lUoadobcgNFDXI7xgOTY88f99iv6PE8WDOcU2rPngqtjC9xgTzJMQNAWYXekF6xj
gxpjN/Vx9osMmjHysO1sqCBr97Db8GkJlxuRsO/5ikumAwxQMryWDRi19mhVut2Q
8ehuLYoT7PDtgUQmHHLLV0VeqRRz+zg+uzV/uMeK4q9c9ent1arkaWKHtyGMdEhv
3jfDhKjCkevjj2NFK8LwYgI0BciSaORwkPkxsrgFb0PP1E9AL2T30Y2e2Dm+/Bvs
OiluUi04fIfQ0iAyH5wryvWuHcgfkijPQ8o/erxrk63glZYoL3b2KWKfzuPrc2F4
926R6lHXXNTc2Dq32jBbvLZcOaZlxtnfDVA5OyosUsPnh1PxDbUYVvwQ3DG90M1e
he5tBUz28HPC0QDHqVuRdAhKrihZloZRXlL64wOB2FVwnHGHDQwm3zSxb1IjpdsP
pJE7AkTOuileWjm9+hbpYrFcfsNeCUqTSOFjFml2nZryQMbYwaWHnYr1h/01MkQx
5JCOuScQjxZbJBErIvs4ZMw6bSx9BW6JBYRg8HfoQ+PSGoLtqNDZ4wefUSOBHEtf
JgpdGjp7rXREzAeuXYTo6U9tvhFYEvtvaGvz0u9rPMG0LF/MJZEKRBrsFOGUQowM
EDcUmvmCXJkNJTaJAjMEEwEIAB0WIQTFm5JsvLuu0WF2I64e3w25nYt6hAUCWrGO
OgAKCRAe3w25nYt6hGDSD/4p5gJWdiKLGA8U5Tj+qIVbn4RCIRJRZFtRrXwwtcM5
N6RWWqVeTqpWFbpyOdVsvvolIjPtv85SFNREzOSQ/J5HVRAwbmgun6hleaWrFoJA
YlglWLiWt+gx7ARhUHgao20QOIknk+gI6LIbMbU+hxRtK4szaDrJVQjvZ0laEkqy
tlJKL4PVXJsHJ8JrZlxAr6q6E/8JoYmxVx0X6L615ORpLVK1G3SkAd4/hjEMsl7v
mcHqniDFQfoCn6rt4NrvDgWnyVQwmUPkz+YSN7DIkXjrs82spV7qccRRJK0zijWD
sJ5XaXXdybKOHbAwXJ0I625bf5vM1swJz9FlllBlkor9+1NrZCJAIWB/pnYL8BMi
C3mfjzGbZe1MdDCdIpPbN0C2xNKMonVyr9znAQQI1jlh2WUkEOlm/Z6ksTOooQIx
5Auw0Fra93e+cqapvyxSiODotpIClj1xuaJX8+2ZI8n7Us4DxVjWaUNeou9vrDjq
RGNNeOSzw216RAuUJRiaykIC6nR51wSJU+NjPvcpzkKmkj2flQeygTsOdlwIcBW9
fMpDD4PDiGVDgxS6bzENDwILw+1iLZZy6evaotQoiPPucb6t3VImw6uEjozmMn8f
rKjfW6TT70NrWX5GHxj0UAC+fsxtm/p+Qbopes+SsfIVRDwypgwnFQ2s/eF8V5CG
f4kCMwQTAQgAHRYhBPFNpZ21ZX1vSx6MHSPyK/O8drqJBQJasY9SAAoJECPyK/O8
drqJ1u0P/irt0WUhKBHcYuGV8bp1QipW7uigU7EqpF2uV0duc2+PwY6c/CTFGzKc
o7RXdN5qm9IbDW5E4c+gmRSp3MIruvtt8GMHvGX7WxqiJWHT+4sjJL94ykr/1AOZ
dbiJ956gEZ8G6I8cyn0HwfQXxiLCK2GVipIe90Ymo/F9Zc0lY9BEvpDvTJb1jlGm
d9Ch5QO6xpsptzMXBxMAdzSTkLLuwJpgxAyV4xK313DICq1qt6l3Jh3ISl2ZH8Qk
+HZN5NMJKKq3tq9AtIxldBT4id1gPy/koE51bqNx9v/3CAR76y3uBksi+eOEAKle
EpSnVsGkbUi6thAgThdaP4ege4ZbWRwpnF396Rq/upXSWzAEGgQVO2dFnEGTFWcG
JXmzkScbCcd0azUkfQBXbN6jva85OvfvKYNTFr8yDrygAmZD33kxedEXkC2e2Ikz
nZU3wBsflEpIwix4GiGI/Nbnv7MdIM7zc4UyUF78l9FihhF3KjuPNnJ8e/lbX7Xw
ubqZzUFXGOdCvVk7niOhXLmGrrEp4Vikyh0VW6r0wfYiUVAVEs6APlOmFbJR1ac2
rPhYHfrrgPPRziOtYSyS+kdWf9A8F06Tc/N/oZtJau8HOD/YeUpZc93RMeRAjwZX
wXwIxWUp1gNB3Vh2M3aUsgOApQ6qeFa7qjrQ2oMao1a00cc4mxwJiQI7BBMBAgAl
AhsDBQkSzAMAAh4BAheABQJYnMuuBAsJCAcEFQoJCAUWAgMBAAAKCRAS9fe0LysB
5wTcD/4sKLBQffSBtq5gWWTq1YvwZ8QqYaqPJhUgkCaaR2UdeD+iI/3peOuDpo4c
ub9A0i80gzZny77SL9TGk9ydenWrHLpgSXauBuJvSeMILYvbfOIRVCeI8GtkJa+n
nBB0zLcEb7Vy9hX4fzhiVbchmb8/qaqAo1TVTWNjjOkhV7qgX5aEzuKNkZAU5jNo
UEreRnDlM2C5eJAR2KwNkXbnMcFzPtpHVa1ix3pmb9N95qhprxJbbcZ2G56u4Okg
SwQBwyvB+xidQ9O4hD82yJChBZUodEzE424kHnejTv/VPwLwY8Eve3nFVlkrYajR
dCvJRa5bfzQitPXbQH6lq0il3JI5PMGUN5fvmc10zZ6ljyYGaVHonHVFMABjUiZg
PWbK/b6RhlhzN9OGk3TgbYvYtduc4n31SYDEYi9ps9hrBiuIRgjWvv5Z5BcegdLx
LFl7Hu1LO5WRhgTebFPRho8P0UaNty7/v0ZgXw6qi4pRyMVMM7MvfIFkhslJeXGB
cP4CMg6NXngX37GSZPQYALnlBsI+a+AwuEBuXxv6ZorDQw5EJOqHOkXmM5U+OFPf
pklekI0JngwDRTWpZjm/+ooqlo/XgJdX+tPxVHrsyAQF0gxS1EzS4xhAdi8eHYCb
cFT8557iezezs4JWGEx5ZDzlQRgpDz3h9HA4A0Y2VI8dbD4u8okCPwQTAQIAKQUC
WJxdSQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBL197Qv
KwHnpygP/j/PVZo7pLoxb0YlQedALTHKbplbcDFz6JFPYzUWcEERgRld0+1CDp2S
4CjOKn9Xsyxi3/TGjRtHRWITxIDndH4Tcpbn/NaV5sAX0T9BkyhtVTdPZ9swMdyR
HKtJd+NNadSLgQqtdsLjVrHCJEmKxsUw8Bj1o09IeE8O9i8oI2+5VgHVw85nSklj
N64ZKK/gUZpRgp01A5mGKdUZxx6//6WX+DXJb9jaoWdA+H/PQsmdPCTg8DGu23qx
z4BRejQIUCcZVh/DjZMWo1vbeiw7wgUcQ1JLlShdqQxvD4Rlh3aAKdSm1FQwssfa
ZR7FVBoVoh2L2P7OqE5+Bn0xFr06GYLuyr4+jPpLGZDPpb/9NzPKWleLFEmwryt0
hgynvXvJxKFfyY6pJZfncSFzaryRIKivXE6ENe2gGQpge5xfff/41LqX1ePJbpEw
mDWxXhdK+7oN/D+qdQWP7PTQ3yVBSIzso9ToSE3+Hk97IsrGmmSmd2UG4dn1i+mJ
A2d89GV/A+LWjn03+uE3pd63mRsPl7zI+c1dmVyDBqckGTAXKuAgqr3OgYPTxN9W
FrjiwiyryLL7dDAWnUGCME0W2GXUlhZUemczmeIUjHztFpGnkJAlnj499ngH+iKx
fg+v1CQSEbGojL/fjM4ae/+TVMMg/BhVdLHTOwpDgZ3GbEHRBFNtuQINBFicXUkB
EACjthQU6l5IgGHrq+Fs6jmpEgz5PKnlRmhs1iJHocuZfyVd56WnKoES2nz7zk3V
A7o3dfqQGkQAVKwOS/i5SffAGYC88VssCG03ZC1RPuuYHRk3IRlPeVsak/R2Aczk
THV6XN2r1m519ACeQ32wRo95z7McE03soPBrrfKeQRlGCYNr72dlyYz0KxVKqTe9
RS18JauI+n0MBvK6efywl0MANSjyaDZulvB09lfNdmXCl5n1dGyvPKiPbpL4TOnv
9jpjgoX5tu4EdPgN4hpOhMfSoQNB4X1jwciNeD7BRwupkoNZyQYzeBeyGOXXT924
NhCC8+g8dHMnYfxc52RzP4lxx3kFrtb5FFJw2di6fkFLvGGh41GxaH9IBMZ1Ok/y
AMVI0XzQX/tf+TuG3qN4A+3Xly8FEOVKhVIxHYhq/e80bXi7xOgXDEFxL+fYG1oL
1yhLeO6AOYkgguvysZNb3fdFqz1kj/BRs/Fv72Q2C7x6iwGdC3TNo1a2lceRdREo
7Ml0PPbPQX1mljNpfFpaRgpz7/8+7AJM30yGbqgVAd0ZL0jXhToZMnal8QitZqBN
dwnaP2CRAGAaEn9vMNBcZn4llFbqu9ZaTF21G0GUYPgMhxv20k4ouK4mTysLPpN/
GuKKhzXwXCB6JFo/Wy4e5onplvBAJvojM5YOEHOl2LrzewARAQABiQIlBBgBAgAP
AhsMBQJYo4tEBQkCAr97AAoJEBL197QvKwHn6loP/iads9T0n0LwHE86w4Bn7LEE
EQ4R/KeSj5W0J43XOeDs+YBdqryTQVZxhCajKvB8rsl2hjQ+T5abVejU7pcYF9lO
ne4Ouu2nemqrnzvBAMzo+xFMWjjVR/4xnEYveYNi00eAifZs0uzNVWeKFFn8e/Ob
ocsssR7orhUXzKtc2WDrnMSd3yN8yFCTB7ehys8QdeGLcD38ieUQ/1VYmqvwIHJP
RgmgHg5tHamZ5UH+csekeMbhKX6fvQivYrmjxl7ouSkLGGiKktsahWpBikNNia64
UIB0z+wUSI817+IL/eBIrzePC+Y2qDZNXhyhxQ9tFzE9oaJ4Xgfylws3WM8+GyJX
zaLLB6XEWoXKjDgLneewIApjv1/IbrFH3N/KyVDJa3L7ExDBaFqDV5ISpKP4XUXW
BtAogALEYQqWPm+NzVD4BjOePSg8ibRy4vI3MwctRWFne9xyveRIEvrLk3VjfySG
82BNjxzVvuAn09ljwYlMZKFdGbswHnI5rH32GQymYE9/llZnsMclUBjchpnkUNoj
Q8X57ZIC+A0RyZAf68g7EpZbUZqsDjGyNLpzLdY9AkC5Zc2N00L1iImEXDAREhUR
IMVq7+ZCSmTM3tPgTcAjEohJMDb5tic+dBGZjk4jRpeXdEqmIEMsPP4tbsQUrPNF
gNROtCZSOxKkyR09g4LOuQINBFicXe4BEACvzk0n8cJ/dYzRk8tg9vf6SDwEfUNm
mFfgGdVfLKa18IOV3hbx4DLHOO8Ah0oobt6DRmUdlxeTvoFxOpOPwWaQYAcXYoxr
W/j92mB469MVDZjFsNVXSTg4en9rfta/xi1FBd/BlGC+h48ueLExfAh07uWn5uA7
oMVNWw8Dnx9UFzDmAu7SJ0NcvSVqKMCiLQnESnxtw7x34H5wfI32xjnclHCzDSLs
Ql3ALfaz4dUEQmyvjgQaJkvaTcF1YugLRm5MOCzXpobKZNa5vpGTjCQCyqc9pznP
lQPQovuqB5F2lEybeayZvZZag+PadE7f8LSFj8q9E4SV6E8LrtWnkok9tr7QzvC6
Ca6IJ0bsc2w7NOaU+vFt4sAXPD/BfIzSYpuRc7vVNIZKpCb9MBz+AKfzAgxmd+gT
EgBPKEFwbE4x8nVcnv2C9vHINxkXJC+AtRPJGNQZ9oZhwPUEGyt4gjXbiEgZjfGm
2F/UQyY6qwpK7KUXnyJGweVlKNH+oVvu/lFYUFAg9txgOaj82ulHth40hFtmPET1
23ARpNKYF93nvskW6fYszY5+c2/7UmMeRp3jGk8A62w3gdD9KaMPTaB9jjRrPoZF
77Ci/qXO3K5LhWakREwHyDTr0A71Bf3raNr3wKzVuIcXKLKzAe/KVEPCzoLRcYyQ
UeBBxAtuYMF5SQARAQABiF4EEBYIAAYFAlpfoI4ACgkQG7icBgI2dEn60AEA/tPc
/WbDmG/d+X8XUrxFP36iFN//KtLMpqE1PvkAUpsBANS/gwKcfqqsFAIP+S85Rw5y
+a+MU3qx6/3mRH90Q8kOiQREBBgBAgAPBQJYnF3uAhsCBQkCAikAAikJEBL197Qv
KwHnwV0gBBkBAgAGBQJYnF3uAAoJENcq80SMwrA0mnoP/j6/TvaimIH5oPJxNDON
z+W1juqKLZGn/1HNi0A7l6okvFl5syvEucyLo8ZwR/QeM/J68Ar02eiWR1MoMoXZ
L55A1wbTvjE1j7oGpcZjFgGhiv1dTNmV1h3UKcAHyu3an7gD/U7HtUqECVbCxYye
y995RwMoChtuMyYaMEAkRh3NTePdTL24LBHQgomiEAclZKPIrScS5TmuQO4wycui
NS+WHKARWOYuQptMv/E0V5Hwi4cLbJV3pbTw6Rwane4ihwXNjmGc/XJWTYK9aEBZ
5Z7QkvR5Z7kj1UudMYOEXYncsjb0e7ZvCysdD7ZuAI/KuvtrNc1FWNcmW8nfLy6m
f0MDe6WYQIYhmV6/3vj63JS+QWpUEdhZ3WKxmO+xwHLm1qU5M1wvohosz0mtZ54u
etq8B3UFl1j7d0eSgZnHSSoqzX3hdlohz++4BZ8goO6PV871rKp4u105vhxg6vhP
0TBWHXks2CdMC/5Fmr6W0pHQjeBQUOBwHN4cqbEhxt1bomp+JMpCdIubg7YHXi8S
ZrYEPT6TWUnEqzAtZRgXRN+nEQrwEd8MH+58w9Rdb6E33uTDMe5OyFXcn7NQI546
65v4ZUoRYn5fIUNlCMoTTPm0P2Hh7y9To6Q05iL8bnpSXD5jPfoPoBq1fA2MPmT6
xQzk3xD4Eaj83tetPCUKdT+xbswP/2Xeoiwy+xJlZcd7CbO+ekpIlH0tWI/b02zU
VT/xl/g+66h0C/70R0JXOK8aqUCH/09Y4Wp6lwfjQiBsFePcTtTg7A5Embiaoz1M
lvAaarJEf5fjl2wmtOKAskQa4jLVhVFENLqrmoHb7XuHRKOoAuJe93M/HplJwemz
igqv0Mb7Y6EEmv1bFq7Nw8SKMEDgk5PXlvWDpKcIa0kp5LLpmEtFflUOTaYGHrEe
6B9+ne0oeUTRJPe7/U/jkHIw7T1wQ9nw+Xu58KPlFdKcdMvqQM83+hsIdtA/4JyC
aGzgIBZebv5dyxmmGZ1Ly+MSGilTR8Y5XV/AZh6LNfu8QtIuSR9CHTaAhxlxfAZp
E8+7fQsLhEmXhaernLL07S3y7CVu9xOVdcuMlixNgWrnKY9/lhcEAVTN9df19phj
ExehTu5+VIgROdnZsu/JEhMn6TcHUyeDW6YmWnkRbrFhPSd81T/gCl5cgDY4pfxe
8ZIG6it9gqw+ji3fwI8qEkHqgbhZNCiBFp4/BXEZ0mQk8tFeYqsf4Lgb8vYB8hh7
N/cUR+Gpsm5p/8B1/b1C3SiWPWI1XY7R+jqUMPuyXPcR+PrSJxwQfjBK1/UNUwno
P5ADWTwA9Gh4FK22sMjR0EL1cujCQ31krMerf0gMFBxeqyj4jd531kwjfCUHHD48
PmYrvgvBuQINBFqgQNgBEADPqgmj4AdMhHak5YXxljAYuiN6dy5+653LbyWqe+zJ
vOuo54MFXGMwVhHFYYqDakwKBN8GsCF9DGo0jKHqLCDfYJgcTleF9PZQtjn5l80M
dFqG/+8i+TMDh6vpe2Y9vHDu7RCYzd3+RJWUhqjE4ut+lbgqr/pLjOvItk7iUSRw
YArS/Ax4nVRukQVtUvloNKGwECK6nr3PmOeKfJieZwaesbbBAsrtkqQ0QrRBybpX
qJ61nSztqCyqHmmRnUANNWzjmL5ASEwaoJs3yMt7Nj4/IrKd/2P0qBpjnkcnvB3N
HUTysH1j2nciAs7PuOnyP+m8QyDkVK+vAnO8wUcpMOSBxqGk21OapPZYAgIyH8jZ
SdnlThzA6LyI7Kuht+5KgdDGcTHYBVzEKLXEuseokTa+CFvLjZTs+wy6KgNORahk
niKoQITppW0l9/bh2GvNxeQaW5KHzsmGWPX0mNPFZZUEkUOvor4McQAm1u1NOdNS
4VFoQE/m4jYpZYbaQamdY3qK0m7gmPo+VDFB+0/zrBUfWR/PA7zzioIClkOJ/LxN
dDKaH3iPWul0kWu+C5q8xW0U6SBj963MnF+Q0l7fRxS3T7pM6+uKjAHUAoKitdjS
A9wH7ARCYIJKogv+k6B5c7Fkw7eSV/biRV+j5ggN8TrSYpGPljyj0NJi1xWs+A/I
ZwARAQABiQREBBgBAgAPBQJaoEDYAhsCBQkB4TOAAikJEBL197QvKwHnwV0gBBkB
AgAGBQJaoEDYAAoJEPEyscuvExyu+3YP/09D/XesaBhnPs3xMjyTHDDinzJw6XeO
7WySemlSDcIsKhbrRVbSNRubMTjBx/jlS4XfN0R7SgMrLwNz5s8cl4iW01ZliWx/
/Ie3ryfPUmhnl6mWXUDSx8BPVwyGNH0nijBh0C53DfjVHxd0All+orLmGp7lopgK
rZeO8WBbK/HFwn+PTZKr+/SubJQsmQ55G5ys4bIUVi8wenaI9jNdia05YBXxPN4x
xDqBYIzQ28HnkivH6S6zr7b6S45gia80l7/2CSPuoNwe81nns2pzPigCKs3aFBsM
KBX+kkSRktEjbyDslSGzXChWnwoR1Iv/XlwhQCFRk7K3MLrqsUof8q/jWqBDA+lT
K5j81R9p6oeb7Fnh/8qNYcGvEgHfo+ZV1ihushI9a381vuYq66RNhoBwdZJliwjI
R6Z1UWP2jXhfyAcUhxcryOzdGPbj+LmKrDXGg46wXod5wNAMA0g0JYoXruM2O2tp
gHtCVW/R3RSD07ipubVHAW2RwCC7mhUfrUZP6WMkyhGsNas0zcRPt9v66YXc0Mcp
ilbh3g1hcgb5H55YJyZW9IMVFWZqy3ewbI4DIyLQnrUW/yhhtlloBfEaenEEvnfo
SWyr1o4W90lk3CjjHGqQ7sPG68lwtSxKCdrAR69cb/EtYl5hllqgeok75zOXJX6H
kSDp3gKear1ZZucP/RdIEGmuQETA/7LzZF1gbQx/luWgXUJcmiqDDN0zlN+VrAqj
cmWrkJACDF1gA/p7cA+mC22j1ENJLXWdOi9rNvoJxHP2Zcndc3EH/UkQJzp5KnNv
9gedqAGrzlmaih9uSuH9Pukep5+tMJdJaXq0vPctM8iFdy+9iv8ocikBDGc/miDq
Xg2VDypUCyOqCAlVpAGqrxVXkeSNUceVzaEAQgjC+ehXgDtzHhtkgAtTLPzarufA
cjt2kbLFdbELR8Fefq9jGXoCoWfVQUlxLHIPRh1L+11Y6T9DAMGi94kAxWxUn1oQ
N32UQPrN88CePPrOngZ3gv9CLGbY2Ml/XlT1o6dk209Gauy8dxjraJoXq4WQ+hHv
JSW0qR+n9E/an/apvIbndUCOzqBTzCoIG5LqfEiLEADez7V1YICaofZpL7RW4GoY
PbLJMnfPq6PgHtT5QZVTQO98dZeZwmekMhwB7CTLGROp//Ko/FJ9hqE8pZ+N7Nrd
v+WN/wq9dUjmSHDEbhTTNMJwcRadla7Dhcq4Gvb3lBpoy1o+DbLsEoDuQ3vivEaP
X64eM9LGYkeBID0zv/LWQoYwBh5kqDyfxTLeOhr6VlueGWn2jNEao9e9Sn4psiKc
73lcyOecSPhJ1Y3WJz5pqkU88P3KoFHwuztzxx/997XGEU8vcUQSmSmerv+muQIN
BFqgQQcBEADPVquej+jmKwI7TVFgcsNGjJG92IQr27+1soFTzIvK7KceG603+LzJ
AqUi5gCgz9qNwCV3C83iAPMhwJlJEQiNTJpHHOLw06MgD/A1BJEv+IAgNxGJEPxM
eBmENqzxGJBu27l4F7xfybN7jRRIy1sCyeuO+onaL9Z4ig0YMKYqMJQncA2NjZk2
3ABB5PSMmUUxJ5ZimuLGhJ6qOUoZGsEKtMk2D3rgD6otng44ATakOHJ8cTJvfhPu
qdJrIUeE6VslR0B61NW5wy2HfmEGyS4ZyBZZGKwxDHYMuBwIDnBf6ed9/8/V8z6R
5J286vQzMy5DDTp9gRhvogDaX9lp+/RWAylFsZtFJquJ0GFyMkl48fA3CQ59HAXj
Ln5//BWH3WJMQu6oJGOm2it3LwasyYT5OlbxbPyxEG3htWB5aN5iFYHKMUoGcFkG
hxMeIOYUvLYk8Esk5v8FH74R3ar5dd39sXdSbq1ZSoFy9A/kYBTQXc/OjnXlhzDc
EbozSPNwfyxzED52ftFG74ZiJbaKZb2cJSsJlcx+KvWLr+2DEC/VBSmYjUTvVtSW
J2xBqomspYcHZvTk2J8T5+LUf7HoXCDMTfLQp4nvcFN5Kz7wfbbrAWmjZ4ppEYzb
RWMY4aiNtcPTrFAwhkfSWc2gGEZgETItbncrdfRzVw4cB3EVDBlThwARAQABiQIl
BBgBAgAPBQJaoEEHAhsMBQkB4TOAAAoJEBL197QvKwHnonEQAIY6nWM/GEp/eEd0
gmlcUM9Cyv9m5PbARSum0CF3X5pzwbnY1ckg9ZAFUTI2og72o0SKPUgcoUvFFxZW
V/+418ffZP6/zWDC9hOZjkgLM3R3uIVDN8HdjAC/ybf1gTQpEM0PfslsKgqomrXB
8Lw+oqxkK8Uk0Le9zDsaFdZC/tpzGnTQouuo6B9gHTbpwHrtNTkkHqZh6t7+Jh9p
hgVBxVgx6T1qKP4nx0x0qfAyv8dAVmp2uUxVO7tsK5pXwjT01293JKTQxLfyJI1/
90ydtdsfVJobU8T2Tcin+EIMuaf7PfYb+7cTkCU82Sa/C2e7t8krXYN3Hk3/t7dd
RecJSPmwhOijr5PuuGQerF47ovcH3XyyeWK7fOSqiX7jS3MIK9HaN1il18M2qZWl
TzZQ614FZh/AwJN4uNTO2MdxHXqVSgvmp+QCYNoiyYBl4qE26L72XEVIcXxiMGlX
wWJQI6+P0r+CjhJyY+vNdfaxy4HadD1h13KfsLNZc4+yKsxXerKZmCDIET+wFe1b
PFsRNFfwKLjB+CCDqTpF4l03YlPwZwsghaQ8g+NZfl4qyR8NXospGuv7S7gBpsg6
Icy08LU4uylmFHmVCPJSYXYtjkYRZMyEy8BEOiwQT2bLmePqqRS1GN5uz6ytX41E
U9coVPCcdBfWUAxoPoOCPH/eNug4
=00Rq
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -4,10 +4,10 @@ After=network.target
PartOf=openvpn.target
[Service]
Type=forking
Type=notify
PrivateTmp=true
PIDFile=/var/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn
[Install]

View File

@ -18,9 +18,8 @@
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%if 0%{?suse_version} > 1210
%define with_systemd 1
%else
@ -29,26 +28,20 @@
%if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run
%endif
Name: openvpn
Url: http://openvpn.net/
%if %{with_systemd}
%{?systemd_requires}
%else
PreReq: %insserv_prereq %fillup_prereq
%endif
Version: 2.4.3
Version: 2.4.6
Release: 0
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
Group: Productivity/Networking/Security
Url: http://openvpn.net/
Source: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz
Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc
Source2: %{name}.init
Source6: %{name}.sysconfig
Source3: %{name}.README.SUSE
Source4: client-netconfig.up
Source5: client-netconfig.down
Source6: %{name}.sysconfig
Source7: %{name}.keyring
Source8: %{name}.service
Source9: %{name}.target
@ -59,23 +52,27 @@ Patch6: %{name}-fips140-2.3.2.patch
Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
Patch9: 0001-preform-deferred-authentication-in-the-background.patch
Patch10: 0002-Fix-bounds-check-in-read_key.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: iproute2
BuildRequires: libselinux-devel
BuildRequires: lzo-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkcs11-helper-devel >= 1.11
BuildRequires: xz
Requires: iproute2
Requires: pkcs11-helper >= 1.11
%if %{with_systemd}
%{?systemd_requires}
%else
PreReq: %fillup_prereq
PreReq: %insserv_prereq
%endif
%if %{with_systemd}
BuildRequires: systemd
%endif
BuildRequires: libselinux-devel
BuildRequires: pkcs11-helper-devel >= 1.11
Requires: pkcs11-helper >= 1.11
%if %{with_systemd}
BuildRequires: systemd-devel
%endif
Requires: iproute2
BuildRequires: xz
%description
OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
@ -141,13 +138,12 @@ Requires: %{name} = %{version}
This package provides the header file to build external plugins.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p0
%setup -q
%patch1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
-i src/openvpn/options.c
@ -166,8 +162,7 @@ export LDFLAGS
%configure \
--enable-iproute2 \
--enable-x509-alt-username \
--enable-password-save \
--enable-pkcs11 \
--enable-pkcs11 \
%if %{with_systemd}
--enable-systemd \
%endif
@ -176,10 +171,10 @@ export LDFLAGS
--enable-plugin-auth-pam \
CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \
LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins"
make %{_smp_mflags}
make %{?_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
mkdir -p %{buildroot}/%{_rundir}/openvpn
@ -212,11 +207,13 @@ rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
find sample -name .gitignore | xargs rm -f
%pre
%if %{with_systemd}
%service_add_pre %{name}.target
%endif
%post
%if %{with_systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@<CONF>.service
if test ${FIRST_ARG:-$1} -ge 1 -a \
@ -271,8 +268,8 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%endif
%files
%defattr(-,root,root)
%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
%license COPYING
%doc AUTHORS COPYRIGHT.GPL ChangeLog PORTS README
%doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root}
%doc README.*
%doc contrib
@ -280,7 +277,7 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%doc sample/sample-keys
%doc sample/sample-scripts
%doc doc/management-notes.txt
%doc %{_mandir}/man8/openvpn.8.gz
%{_mandir}/man8/openvpn.8%{?ext_man}
%config(noreplace) %{_sysconfdir}/openvpn/
%if %{with_systemd}
%dir %{_tmpfilesdir}
@ -297,19 +294,16 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
%{_sbindir}/openvpn
%files down-root-plugin
%defattr(-,root,root)
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so
%files auth-pam-plugin
%defattr(-,root,root)
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so
%files devel
%defattr(-,root,root)
%{_includedir}/%{name}-plugin.h
%{_includedir}/%{name}-msg.h