commit 50777186fb7da53b905909b252aafc58a89c7e2fe48084a995bbfb817da39a10 Author: Adam Majer Date: Mon Dec 9 13:10:14 2024 +0000 - Update to 6.12 - Fix validation of Digest auth header parameters - changes since squid-6.11: - Fix Kerberos detection when cross-compiling - Improve robustness of DNS code on reconfigure - Prevent slow memory leak in TCP DNS queries - Improve errors emitted when invalid ACLs are parsed - Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802) OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=301 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2024-33427.patch b/CVE-2024-33427.patch new file mode 100644 index 0000000..b5ee2a2 --- /dev/null +++ b/CVE-2024-33427.patch @@ -0,0 +1,13 @@ +Index: squid-6.9/src/ConfigParser.cc +=================================================================== +--- squid-6.9.orig/src/ConfigParser.cc ++++ squid-6.9/src/ConfigParser.cc +@@ -181,7 +181,7 @@ ConfigParser::UnQuote(const char *token, + *d = '\0'; + + // We are expecting a separator after quoted string, space or one of "()#" +- if (*(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1)) && !errorStr) { ++ if (!errorStr && *(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1))) { + errorStr = "Expecting space after the end of quoted token"; + errorPos = token; + } diff --git a/README.kerberos b/README.kerberos new file mode 100644 index 0000000..d6203a4 --- /dev/null +++ b/README.kerberos @@ -0,0 +1,61 @@ +This is the README.kerberos file +to have squid negotiate/authenticate via kerberos + +any addons are very welcome +comments could be posted to + + +1) you need to add a "USER" inside your "Domain-Computers" Container + called "squid". Yes a "USER" and not a Computer. + You may use another name, but why ? + +2) After having successfully created the user, you need to create a + keytab file on your WIN box. + +Example: !! This is all in one line !! + + ktpass -princ HTTP/squid@DOMAIN.REALM -pType KRB5_NT_PRINCIPAL \ + -mapuser squid -pass * -out HTTP.keytab + +3) copy over HTTP.keytab to /etc/squid/ on your linux box + +4) you have to tell your browsers to negotiate via kerberos + + Have a look at: + + a) Internet Explorer does not support Kerberos authentication with proxy servers + http://support.microsoft.com/?scid=kb%3Ben-us%3B321728&x=19&y=14 + + This limitation was removed in Windows Internet Explorer 7. + + If Integrated Windows Authentication is turned on in Internet Explorer + for Windows 2000 and Windows XP, you can complete Kerberos authentication + with Web servers either directly or through a proxy server. However, + Internet Explorer cannot use Kerberos to authenticate with the proxy + server itself. + + b) Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6 + http://support.microsoft.com/kb/299838/EN-US/ + + To resolve this issue, enable Internet Explorer 6 to respond to + a negotiate challenge and perform Kerberos authentication: + + 1. In Internet Explorer, click Internet Options on the Tools menu. + 2. Click the Advanced tab, click to select the Enable + Integrated Windows Authentication (requires restart) check box + in the Security section, and then click OK. + 3. Restart Internet Explorer. + + Administrators can enable Integrated Windows Authentication by + setting the EnableNegotiate DWORD value to 1 in the following registry key: + + HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings + + Note Internet Explorer 6, when used with Microsoft Windows 98, + Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, + and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and + default to NTLM (or Windows NT Challenge/Response) authentication even if + the Enable Integrated Windows Authentication (requires restart) check + box is selected because Kerberos authentication is not available on + these operating systems. + diff --git a/cache_dir.sed b/cache_dir.sed new file mode 100644 index 0000000..372c0b4 --- /dev/null +++ b/cache_dir.sed @@ -0,0 +1,7 @@ +#!/usr/bin/sed -nf + +/^\s*cache_dir\s\+[[:alnum:]]\+\s\+\([[:graph:]\/]\+\)\s.*/ { + s//\1\/00/p + q +} + diff --git a/harden_squid.service.patch b/harden_squid.service.patch new file mode 100644 index 0000000..a08ad80 --- /dev/null +++ b/harden_squid.service.patch @@ -0,0 +1,23 @@ +Index: squid-6.2/tools/systemd/squid.service +=================================================================== +--- squid-6.2.orig/tools/systemd/squid.service ++++ squid-6.2/tools/systemd/squid.service +@@ -11,6 +11,18 @@ Documentation=man:squid(8) + After=network.target network-online.target nss-lookup.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=notify + PIDFile=/var/run/squid.pid + ExecStartPre=/usr/sbin/squid --foreground -z diff --git a/initialize_cache_if_needed.sh b/initialize_cache_if_needed.sh new file mode 100644 index 0000000..d46eed9 --- /dev/null +++ b/initialize_cache_if_needed.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +DIR=$(dirname $0) +CACHE_DIR=$($DIR/cache_dir.sed < /etc/squid/squid.conf) +if [ 'x'$CACHE_DIR = 'x' ]; then + exit 0 +fi + +if ! test -d $CACHE_DIR; then + echo "Initializing cache directories..." + exec /usr/sbin/squid -z -F --foreground -S +fi + diff --git a/missing_installs.patch b/missing_installs.patch new file mode 100644 index 0000000..f453c6f --- /dev/null +++ b/missing_installs.patch @@ -0,0 +1,16 @@ +Index: squid-6.2/src/acl/external/kerberos_ldap_group/Makefile.am +=================================================================== +--- squid-6.2.orig/src/acl/external/kerberos_ldap_group/Makefile.am ++++ squid-6.2/src/acl/external/kerberos_ldap_group/Makefile.am +@@ -15,9 +15,11 @@ EXTRA_DIST= \ + + AM_CPPFLAGS += -I$(srcdir) + ++ + libexec_SCRIPTS = cert_tool + + libexec_PROGRAMS = ext_kerberos_ldap_group_acl ++man_MANS = ext_kerberos_ldap_group_acl.8 + + ext_kerberos_ldap_group_acl_SOURCES = \ + kerberos_ldap_group.cc \ diff --git a/old_nettle_compat.patch b/old_nettle_compat.patch new file mode 100644 index 0000000..68e48f9 --- /dev/null +++ b/old_nettle_compat.patch @@ -0,0 +1,423 @@ +Author: Adam Majer +Date: Thu Jul 18 13:57:22 CEST 2019 + +nettle from SLE-12 is missing the change from later +versions that ignores the destLen parameter size to +base64_decode_update function. This is only used in +the assert() but we need to pass real size of the buffer +as otherwise all we get is a crash. + +The missing commit in nettle is, +commit 07cb0b62a5fab216ed647f5a87e0f17ab3c9a615 +Author: Niels Möller +Date: Fri Feb 7 09:11:20 2014 +0100 + + Base64 and base16 decoding: Use *dst_length as output only. + + +Index: squid-5.4.1/src/HttpHeader.cc +=================================================================== +--- squid-5.4.1.orig/src/HttpHeader.cc ++++ squid-5.4.1/src/HttpHeader.cc +@@ -1351,8 +1351,8 @@ HttpHeader::getAuthToken(Http::HdrType i + char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen)); + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t decodedLen = 0; +- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), fieldLen, field) || ++ unsigned decodedLen = BASE64_DECODE_LENGTH(fieldLen); ++ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(decodedAuthToken), fieldLen, (uint8_t*)field) || + !base64_decode_final(&ctx)) { + return nil; + } +Index: squid-5.4.1/src/auth/basic/Config.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/basic/Config.cc ++++ squid-5.4.1/src/auth/basic/Config.cc +@@ -178,8 +178,8 @@ Auth::Basic::Config::decodeCleartext(con + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); + +- size_t dstLen = 0; +- if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, eek) && base64_decode_final(&ctx)) { ++ unsigned int dstLen = BASE64_DECODE_LENGTH(srcLen)+1; ++ if (base64_decode_update(&ctx, &dstLen, reinterpret_cast(cleartext), srcLen, (const uint8_t*)eek) && base64_decode_final(&ctx)) { + cleartext[dstLen] = '\0'; + + if (utf8 && !isValidUtf8String(cleartext, cleartext + dstLen)) { +Index: squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc ++++ squid-5.4.1/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t + { + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); ++ *decodedLen = BASE64_DECODE_LENGTH(strlen(srcLen)); + if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) || + !base64_decode_final(&ctx)) { + SEND("BH base64 decode failed"); +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc +@@ -681,8 +681,8 @@ main(int argc, char *const argv[]) + + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t dstLen = 0; +- if (!base64_decode_update(&ctx, &dstLen, static_cast(input_token.value), srcLen, b64Token) || ++ unsigned dstLen = BASE64_DECODE_LENGTH(srcLen); ++ if (!base64_decode_update(&ctx, &dstLen, static_cast(input_token.value), srcLen, (const uint8_t*)b64Token) || + !base64_decode_final(&ctx)) { + debug((char *) "%s| %s: ERROR: Invalid base64 token [%s]\n", LogTime(), PROGRAM, b64Token); + fprintf(stdout, "BH Invalid negotiate request token\n"); +@@ -743,8 +743,8 @@ main(int argc, char *const argv[]) + } + struct base64_encode_ctx tokCtx; + base64_encode_init(&tokCtx); +- size_t blen = base64_encode_update(&tokCtx, token, spnegoTokenLength, reinterpret_cast(spnegoToken)); +- blen += base64_encode_final(&tokCtx, token+blen); ++ size_t blen = base64_encode_update(&tokCtx, (uint8_t*)token, spnegoTokenLength, reinterpret_cast(spnegoToken)); ++ blen += base64_encode_final(&tokCtx, (uint8_t*)token+blen); + token[blen] = '\0'; + + if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1)) +Index: squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc ++++ squid-5.4.1/src/auth/negotiate/wrapper/negotiate_wrapper.cc +@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT + + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t dstLen = 0; +- if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), buf+3) || ++ unsigned dstLen = length+1; ++ if (!base64_decode_update(&ctx, &dstLen, token, strlen(buf+3), (const uint8_t*)buf+3) || + !base64_decode_final(&ctx)) { + if (debug_enabled) + fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3); +Index: squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc ++++ squid-5.4.1/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc +@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai + + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, b64buf, len, reinterpret_cast(&chal)); +- blen += base64_encode_final(&ctx, b64buf+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, len, reinterpret_cast(&chal)); ++ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); + b64buf[blen] = '\0'; + return b64buf; + } +@@ -516,9 +516,9 @@ manage_request() + /* figure out what we got */ + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t dstLen = 0; ++ unsigned dstLen = NTLM_BLOB_BUFFER_SIZE; + int decodedLen = 0; +- if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast(decoded), strlen(buf)-3, buf+3) || ++ if (!base64_decode_update(&ctx, &dstLen, reinterpret_cast(decoded), strlen(buf)-3, (const uint8_t*)buf+3) || + !base64_decode_final(&ctx)) { + SEND("NA Packet format error, couldn't base64-decode"); + return; +Index: squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc ++++ squid-5.4.1/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t + { + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); ++ *decodedLen = BASE64_DECODE_LENGTH(strlen(buf))+1; + if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), buf) || + !base64_decode_final(&ctx)) { + SEND_BH("message=\"base64 decode failed\""); +Index: squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc ++++ squid-5.4.1/src/auth/ntlm/fake/ntlm_fake_auth.cc +@@ -164,9 +164,9 @@ main(int argc, char *argv[]) + ntlmhdr *packet; + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t dstLen = 0; ++ unsigned dstLen = HELPER_INPUT_BUFFER; + if (buflen > 3 && +- base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, buf+3) && ++ base64_decode_update(&ctx, &dstLen, decodedBuf, buflen-3, (const uint8_t*)buf+3) && + base64_decode_final(&ctx)) { + decodedLen = dstLen; + packet = (ntlmhdr*)decodedBuf; +@@ -205,8 +205,8 @@ main(int argc, char *argv[]) + struct base64_encode_ctx eCtx; + base64_encode_init(&eCtx); + char *data = static_cast(xcalloc(base64_encode_len(len), 1)); +- size_t blen = base64_encode_update(&eCtx, data, len, reinterpret_cast(&chal)); +- blen += base64_encode_final(&eCtx, data+blen); ++ size_t blen = base64_encode_update(&eCtx, (uint8_t*)data, len, reinterpret_cast(&chal)); ++ blen += base64_encode_final(&eCtx, (uint8_t*)data+blen); + if (NTLM_packet_debug_enabled) { + printf("TT %.*s\n", (int)blen, data); + debug("sending 'TT' to squid with data:\n"); +Index: squid-5.4.1/tools/cachemgr.cc +=================================================================== +--- squid-5.4.1.orig/tools/cachemgr.cc ++++ squid-5.4.1/tools/cachemgr.cc +@@ -1110,8 +1110,8 @@ make_pub_auth(cachemgr_request * req) + req->pub_auth = (char *) xmalloc(encodedLen); + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, req->pub_auth, bufLen, reinterpret_cast(buf)); +- blen += base64_encode_final(&ctx, req->pub_auth + blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)req->pub_auth, bufLen, reinterpret_cast(buf)); ++ blen += base64_encode_final(&ctx, (uint8_t*)req->pub_auth + blen); + req->pub_auth[blen] = '\0'; + debug("cmgr: encoded: '%s'\n", req->pub_auth); + } +@@ -1131,8 +1131,8 @@ decode_pub_auth(cachemgr_request * req) + char *buf = static_cast(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1)); + struct base64_decode_ctx ctx; + base64_decode_init(&ctx); +- size_t decodedLen = 0; +- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), req->pub_auth) || ++ unsigned decodedLen = BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1; ++ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast(buf), strlen(req->pub_auth), (uint8_t*)req->pub_auth) || + !base64_decode_final(&ctx)) { + debug("cmgr: base64 decode failure. Incomplete auth token string.\n"); + xfree(buf); +@@ -1225,8 +1225,8 @@ make_auth_header(const cachemgr_request + char *str64 = static_cast(xmalloc(encodedLen)); + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, str64, bufLen, reinterpret_cast(buf)); +- blen += base64_encode_final(&ctx, str64+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)str64, bufLen, reinterpret_cast(buf)); ++ blen += base64_encode_final(&ctx, (uint8_t*)str64+blen); + str64[blen] = '\0'; + + stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64); +Index: squid-5.4.1/include/base64.h +=================================================================== +--- squid-5.4.1.orig/include/base64.h ++++ squid-5.4.1/include/base64.h +@@ -9,11 +9,11 @@ + #ifndef _SQUID_BASE64_H + #define _SQUID_BASE64_H + +-#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64 ++#if HAVE_NETTLE_BASE64_H + #include + + #else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */ +- ++#error "Mssing libnettle-devel" + /* base64.h + + Base-64 encoding and decoding. +Index: squid-5.4.1/lib/base64.c +=================================================================== +--- squid-5.4.1.orig/lib/base64.c ++++ squid-5.4.1/lib/base64.c +@@ -13,7 +13,7 @@ + #include "squid.h" + #include "base64.h" + +-#if !HAVE_NETTLE_BASE64_H || !HAVE_NETTLE34_BASE64 ++#if !HAVE_NETTLE_BASE64_H + + /* base64-encode.c + +Index: squid-5.4.1/src/format/Format.cc +=================================================================== +--- squid-5.4.1.orig/src/format/Format.cc ++++ squid-5.4.1/src/format/Format.cc +@@ -556,8 +556,8 @@ Format::Format::assemble(MemBuf &mb, con + + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- auto encLength = base64_encode_update(&ctx, buf, rawLength, reinterpret_cast(handshake.rawContent())); +- encLength += base64_encode_final(&ctx, buf + encLength); ++ auto encLength = base64_encode_update(&ctx, (uint8_t*)buf, rawLength, reinterpret_cast(handshake.rawContent())); ++ encLength += base64_encode_final(&ctx, (uint8_t*)buf + encLength); + + sb.rawAppendFinish(buf, encLength); + out = sb.c_str(); +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc +@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy) + token = (char *) xcalloc(base64_encode_len(output_token.length), 1); + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); +- blen += base64_encode_final(&ctx, token+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast(output_token.value)); ++ blen += base64_encode_final(&ctx, (uint8_t*)token+blen); + } + } + +Index: squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +=================================================================== +--- squid-5.4.1.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc ++++ squid-5.4.1/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc +@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t + base64_encode_init(&ctx); + const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */; + char *b64buf = static_cast(xcalloc(expectedSz, 1)); +- size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast(ag)); +- blen += base64_encode_final(&ctx, b64buf+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length+4, reinterpret_cast(ag)); ++ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); + b64buf[expectedSz-1] = '\0'; + if (!pstrcat(ad_groups, b64buf)) { + debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", +@@ -334,8 +334,8 @@ getextrasids(char *ad_groups, uint32_t E + base64_encode_init(&ctx); + const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */; + char *b64buf = static_cast(xcalloc(expectedSz, 1)); +- size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast(ag)); +- blen += base64_encode_final(&ctx, b64buf+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, length, reinterpret_cast(ag)); ++ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); + b64buf[expectedSz-1] = '\0'; + if (!pstrcat(ad_groups, reinterpret_cast(b64buf))) { + debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n", +Index: squid-5.4.1/src/adaptation/icap/ModXact.cc +=================================================================== +--- squid-5.4.1.orig/src/adaptation/icap/ModXact.cc ++++ squid-5.4.1/src/adaptation/icap/ModXact.cc +@@ -1412,10 +1412,10 @@ void Adaptation::Icap::ModXact::makeRequ + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); + char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; +- size_t resultLen = base64_encode_update(&ctx, base64buf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); +- resultLen += base64_encode_update(&ctx, base64buf+resultLen, 1, reinterpret_cast(":")); +- resultLen += base64_encode_update(&ctx, base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); +- resultLen += base64_encode_final(&ctx, base64buf+resultLen); ++ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); ++ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, 1, reinterpret_cast(":")); ++ resultLen += base64_encode_update(&ctx, (uint8_t*)base64buf+resultLen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); ++ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen); + buf.appendf("Proxy-Authorization: Basic %.*s\r\n", (int)resultLen, base64buf); + } + +@@ -1571,8 +1571,8 @@ void Adaptation::Icap::ModXact::makeUser + if (value) { + if (TheConfig.client_username_encode) { + char base64buf[base64_encode_len(MAX_LOGIN_SZ)]; +- size_t resultLen = base64_encode_update(&ctx, base64buf, strlen(value), reinterpret_cast(value)); +- resultLen += base64_encode_final(&ctx, base64buf+resultLen); ++ size_t resultLen = base64_encode_update(&ctx, (uint8_t*)base64buf, strlen(value), reinterpret_cast(value)); ++ resultLen += base64_encode_final(&ctx, (uint8_t*)base64buf+resultLen); + buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf); + } else + buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value); +Index: squid-5.4.1/src/http.cc +=================================================================== +--- squid-5.4.1.orig/src/http.cc ++++ squid-5.4.1/src/http.cc +@@ -1807,9 +1807,9 @@ httpFixupAuthentication(HttpRequest * re + username = request->auth_user_request->username(); + #endif + +- blen = base64_encode_update(&ctx, loginbuf, strlen(username), reinterpret_cast(username)); +- blen += base64_encode_update(&ctx, loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast(request->peer_login +1)); +- blen += base64_encode_final(&ctx, loginbuf+blen); ++ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(username), reinterpret_cast(username)); ++ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, strlen(request->peer_login +1), reinterpret_cast(request->peer_login +1)); ++ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); + httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); + return; + } +@@ -1819,10 +1819,10 @@ httpFixupAuthentication(HttpRequest * re + (strcmp(request->peer_login, "PASS") == 0 || + strcmp(request->peer_login, "PROXYPASS") == 0)) { + +- blen = base64_encode_update(&ctx, loginbuf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); +- blen += base64_encode_update(&ctx, loginbuf+blen, 1, reinterpret_cast(":")); +- blen += base64_encode_update(&ctx, loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); +- blen += base64_encode_final(&ctx, loginbuf+blen); ++ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, request->extacl_user.size(), reinterpret_cast(request->extacl_user.rawBuf())); ++ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, 1, reinterpret_cast(":")); ++ blen += base64_encode_update(&ctx, (uint8_t*)loginbuf+blen, request->extacl_passwd.size(), reinterpret_cast(request->extacl_passwd.rawBuf())); ++ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); + httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); + return; + } +@@ -1851,8 +1851,8 @@ httpFixupAuthentication(HttpRequest * re + } + #endif /* HAVE_KRB5 && HAVE_GSSAPI */ + +- blen = base64_encode_update(&ctx, loginbuf, strlen(request->peer_login), reinterpret_cast(request->peer_login)); +- blen += base64_encode_final(&ctx, loginbuf+blen); ++ blen = base64_encode_update(&ctx, (uint8_t*)loginbuf, strlen(request->peer_login), reinterpret_cast(request->peer_login)); ++ blen += base64_encode_final(&ctx, (uint8_t*)loginbuf+blen); + httpHeaderPutStrf(hdr_out, header, "Basic %.*s", (int)blen, loginbuf); + return; + } +@@ -1979,8 +1979,8 @@ HttpStateData::httpBuildRequestHeader(Ht + static char result[base64_encode_len(MAX_URL*2)]; // should be big enough for a single URI segment + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, result, request->url.userInfo().length(), reinterpret_cast(request->url.userInfo().rawContent())); +- blen += base64_encode_final(&ctx, result+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)result, request->url.userInfo().length(), reinterpret_cast(request->url.userInfo().rawContent())); ++ blen += base64_encode_final(&ctx, (uint8_t*)result+blen); + result[blen] = '\0'; + if (blen) + httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result); +Index: squid-5.4.1/src/peer_proxy_negotiate_auth.cc +=================================================================== +--- squid-5.4.1.orig/src/peer_proxy_negotiate_auth.cc ++++ squid-5.4.1/src/peer_proxy_negotiate_auth.cc +@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr + static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to. + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, b64buf, output_token.length, reinterpret_cast(output_token.value)); +- blen += base64_encode_final(&ctx, b64buf+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)b64buf, output_token.length, reinterpret_cast(output_token.value)); ++ blen += base64_encode_final(&ctx, (uint8_t*)b64buf+blen); + b64buf[blen] = '\0'; + + token = reinterpret_cast(b64buf); +Index: squid-5.4.1/tools/squidclient/gssapi_support.cc +=================================================================== +--- squid-5.4.1.orig/tools/squidclient/gssapi_support.cc ++++ squid-5.4.1/tools/squidclient/gssapi_support.cc +@@ -134,8 +134,8 @@ GSSAPI_token(const char *server) + token = new char[base64_encode_len(output_token.length)]; + struct base64_encode_ctx ctx; + base64_encode_init(&ctx); +- size_t blen = base64_encode_update(&ctx, token, output_token.length, reinterpret_cast(output_token.value)); +- blen += base64_encode_final(&ctx, token+blen); ++ size_t blen = base64_encode_update(&ctx, (uint8_t*)token, output_token.length, reinterpret_cast(output_token.value)); ++ blen += base64_encode_final(&ctx, (uint8_t*)token+blen); + token[blen] = '\0'; + } + } +Index: squid-5.4.1/tools/squidclient/squidclient.cc +=================================================================== +--- squid-5.4.1.orig/tools/squidclient/squidclient.cc ++++ squid-5.4.1/tools/squidclient/squidclient.cc +@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os) + const auto buf = new char[bcapacity]; + + size_t bsize = 0; +- bsize += base64_encode_update(&ctx, buf, strlen(user), reinterpret_cast(user)); +- bsize += base64_encode_update(&ctx, buf+bsize, 1, reinterpret_cast(":")); +- bsize += base64_encode_update(&ctx, buf+bsize, strlen(password), reinterpret_cast(password)); +- bsize += base64_encode_final(&ctx, buf+bsize); ++ bsize += base64_encode_update(&ctx, (uint8_t*)buf, strlen(user), reinterpret_cast(user)); ++ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, 1, reinterpret_cast(":")); ++ bsize += base64_encode_update(&ctx, (uint8_t*)buf+bsize, strlen(password), reinterpret_cast(password)); ++ bsize += base64_encode_final(&ctx, (uint8_t*)buf+bsize); + assert(bsize <= bcapacity); // paranoid and late but better than nothing + + os << header << ": Basic "; diff --git a/pam.squid b/pam.squid new file mode 100644 index 0000000..02eb463 --- /dev/null +++ b/pam.squid @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session + diff --git a/squid-6.10.tar.xz b/squid-6.10.tar.xz new file mode 100644 index 0000000..96b39e0 --- /dev/null +++ b/squid-6.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0b07b187e723f04770dd25beb89aec12030a158696aa8892d87c8b26853408a7 +size 2558208 diff --git a/squid-6.10.tar.xz.asc b/squid-6.10.tar.xz.asc new file mode 100644 index 0000000..eb52da6 --- /dev/null +++ b/squid-6.10.tar.xz.asc @@ -0,0 +1,17 @@ +File: squid-6.10.tar.xz +Date: Sat Jun 8 02:53:29 PM UTC 2024 +Size: 2558208 +MD5 : 86deefa7282c4388be95260aa4d4cf6a +SHA1: 70e90865df0e4e9ba7765b622da40bda9bb8fc5d +Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 + 29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865 +sub cv25519 2021-05-15 [E] + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iHUEABYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZmRwewAKCRAo+FAp/vbo +ZZV0AP0WDdXJFarEEYCSXSv/zT1l0FrI8jLQCT3Rsp6nTbWxfwD/VYmUMDetPLPJ +GYHJNrRm7OceMQcsqhQIz6X71SR9AQs= +=4HPC +-----END PGP SIGNATURE----- diff --git a/squid-6.12.tar.xz b/squid-6.12.tar.xz new file mode 100644 index 0000000..ffeaefa --- /dev/null +++ b/squid-6.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3df3abb2603a513266f24a5d4699a9f0d76b9f554d1848b67f9c51cd3b3cb50 +size 2548220 diff --git a/squid-6.12.tar.xz.asc b/squid-6.12.tar.xz.asc new file mode 100644 index 0000000..865a651 --- /dev/null +++ b/squid-6.12.tar.xz.asc @@ -0,0 +1,17 @@ +File: squid-6.12.tar.xz +Date: Fri Oct 11 08:30:43 PM UTC 2024 +Size: 2548220 +MD5 : 26a264b234e22e012ea531d4f5d43ed1 +SHA1: 2885015423b66f0b87e2e3ed0dfd17f3f124d7e6 +Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 + 29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865 +sub cv25519 2021-05-15 [E] + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iHUEABYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZwmLBQAKCRAo+FAp/vbo +ZYYJAP9pMd7sF4qmLLMlHIu48KMKqGhJdkEEpZJbOvmXS4lpBQD/QzCU3cng78NN +orwehX0iYHf0lWvY8IjBV/9YEPi9iww= +=yaaw +-----END PGP SIGNATURE----- diff --git a/squid-user.conf b/squid-user.conf new file mode 100644 index 0000000..5ad331b --- /dev/null +++ b/squid-user.conf @@ -0,0 +1,4 @@ +# Type Name ID GECOS [HOME] +u squid - "WWW-proxy squid" /var/cache/squid +g winbind - - +m squid winbind diff --git a/squid.changes b/squid.changes new file mode 100644 index 0000000..cf08bd4 --- /dev/null +++ b/squid.changes @@ -0,0 +1,3378 @@ +------------------------------------------------------------------- +Mon Dec 9 13:01:22 UTC 2024 - Adam Majer + +- Update to 6.12 + - Fix validation of Digest auth header parameters + +- changes since squid-6.11: + - Fix Kerberos detection when cross-compiling + - Improve robustness of DNS code on reconfigure + - Prevent slow memory leak in TCP DNS queries + - Improve errors emitted when invalid ACLs are parsed + +------------------------------------------------------------------- +Mon Nov 25 11:31:27 UTC 2024 - Adam Majer + +- Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802) + +------------------------------------------------------------------- +Thu Jun 27 07:00:50 UTC 2024 - Adam Majer + +- update to 6.10 + - ESI: Disable by default (#1728) + - Bug 5378: type mismatch in libTrie (#1830) (bsc#1227086, CVE-2024-37894) + - testCacheManager: use cppunit exception tests (#1811) + - testRandomUuid: use cppunit exception tests (#1814) + - Docs: REQUIRED in ident_regex, proxy_auth_regex, ext_user_regex (#1818) + - Fix build with clang v18 [-Wvla-cxx-extension] (#1813) (#1817) + +------------------------------------------------------------------- +Tue May 28 08:39:49 UTC 2024 - Adam Majer + +- update to 6.9 + - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef + - Bug 5069: Keep listening after getsockname() error + - Bug 5360: FwdState::noteDestinationsEnd() assertion "err" + - Reduce stale errno usage + - Plug memory leak in handling cache manager requests + - Fix error: template-id not allowed for constructor in C++20 + - Improve release packaging automation + +- header_fixups.patch: upstreamed, removed +- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed +- CVE-2024-33427.patch: fixes possible buffer overread leading to + denial of service (bsc#1225417, CVE-2024-33427) + +------------------------------------------------------------------- +Wed Mar 6 12:02:14 UTC 2024 - Adam Majer + +- update to 6.8 + - Fix marking of problematic cached IP addresses (#1691) + - Bug 5344: mgr:config segfaults without logformat (#1680) + - Fix infinite recursion when parsing HTTP chunks (#1553) + (bsc#1216715, CVE-2024-25111) + +- changes in 6.7 + - Bug 5337: workaround for crash on startup if -a option is used + - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500 + - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request + - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier + - Fix memory leak on SslBump certificates with Authority Key Identifier extension + - Fix a possible integer overflow in FTP Gateway + - Extend cache_log_message to Bug 5187 and job invalidation BUGs + - Remove incorrect beta version warning + +- squid.keyring: updated +- header_fixups.patch: added +- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on + client errors + +------------------------------------------------------------------- +Mon Feb 26 13:37:08 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Thu Dec 28 22:12:14 UTC 2023 - Sean Lewis + +- update to 6.6: + - bug 5328: Fix ESI build with libxml2 v2.12.0 + - Bug 5319: QOS Netfilter MARK preservation is always disabled + - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" + - Bug 5317: FATAL attempt to read data from memory + - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled + - FTP: Ignore credenials with a NUL-prefixed username + - log_db_daemon: Fix DSN construction + - Limit the number of allowed X-Forwarded-For hops (bsc#1217654, CVE-2023-50269) + - Do not update StoreEntry expiration after errorAppendEntry() + - improve handling of response sending errors (bsc#1219131, CVE-2024-23638) + +- changes in 6.5: + - Bug 5309: frequent "lowestOffset () <= target_offset" assertion + - Bug 4977: Remove mem_hdr::freeDataUpto() assertion + - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617) + - Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285) + - Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286) + +------------------------------------------------------------------- +Wed Oct 25 14:32:33 UTC 2023 - Adam Majer + +- update to 6.4: + * security fixes: + + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + + Fix validation of certificates (bsc#1216803, CVE-2023-46724) + + One-Byte Buffer OverRead in HTTP Request Header Parsing (bsc#1217274) + * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL + * Bug 4981: Work around in-call job invalidation bugs + * basic_smb_lm_auth: fix 'no previous declaration' warnings + * CacheManager: require /squid-internal-mgr/ URL path prefix + * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] + * documentation changes + +------------------------------------------------------------------- +Tue Sep 19 16:20:19 UTC 2023 - Adam Majer + +- update to 6.3: + - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL + - Bug 4981: Work around in-call job invalidation bugs + - basic_smb_lm_auth: fix 'no previous declaration' warnings + - CacheManager: require /squid-internal-mgr/ URL path prefix + - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] + +------------------------------------------------------------------- +Wed Aug 9 07:48:25 UTC 2023 - Paolo Stivanin + +- update to 6.2 (bsc#1217825, CVE-2023-49288, bsc#1216497): + * Major UI changes: + - Remove 8K limit for single access.log line + - Add tls_key_log to report TLS communication secrets + * Minor UI changes: + - Add %transport::>connection_id logformat code + - Add paranoid_hit_validation directive + - Report SMP store queues state (mgr:store_queues) + - Addcache_log_message directive + * Developer Interest changes: + - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status + - Reject HTTP/1.0 requests with unusual framing + - codespell check added to source maintenance enforcement + - Streamlined ./configure handling of optional libraries + - Add –progress option to test-builds.sh + - Remove layer-00-bootstrap from test script + - Convert LRU map into a CLP map + - Remove legacy context-based debugging in favor of CodeContext + * Removed features: + - Remove unused cache_diff binary + - Remove obsolete membanger test + - Remove deprecated leakfinder (–enable-leakfinder) + +------------------------------------------------------------------- +Tue May 9 14:32:34 UTC 2023 - Adam Majer + +- update to 5.9: + * Improve reply_body_max_size matching accuracy + * fix gcc13 warning + +------------------------------------------------------------------- +Tue May 2 15:14:15 UTC 2023 - Adam Majer + +- partial revert of earlier "fix PIDFile" + - move pidfile back to /run/squid.pid and not in the directory + owned by squid. The purpose of /run/squid/ is to facilitate + SMP worker's IPC and not for the PID file. The PID file can + live just fine in /run since it's written by root. (bsc#1210960) + +------------------------------------------------------------------- +Fri Mar 31 08:43:29 UTC 2023 - Dirk Müller + +- update to 5.8: + * Bug 5162: mgr:index URL do not produce MGR_INDEX template + * Bug 5241: Block all non-localhost requests by default + * Bug 5241: Block to-localhost, to-link-local requests by + default + * ext_kerberos_ldap_group_acl: Support -b with -D + * Fix ACL type typo in req_header, rep_header key-changing + ERRORs + * ... and several compile fixes + * ... and some code cleanup and polishing + +------------------------------------------------------------------- +Thu Mar 23 14:56:44 UTC 2023 - Martin Liška + +- Enable LTO again as it survives tests now. + +------------------------------------------------------------------- +Wed Jan 25 09:48:26 UTC 2023 - Thorsten Kukuk + +- Disable NIS auth module (NIS is deprecated and get's currently + removed) + +------------------------------------------------------------------- +Tue Jan 3 08:24:05 UTC 2023 - Stefan Schubert + +- Migration of PAM settings to /usr/lib/pam.d. + +------------------------------------------------------------------- +Thu Sep 15 10:41:14 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Sun Sep 11 08:00:04 UTC 2022 - Dirk Müller + +- update to 5.7: + - Regression Fix: Typo in manager ACL (bsc#1203677, CVE-2022-41317) + - Bug 5186: noteDestinationsEnd check failed: transportWait + - Bug 5160: Test suite fails with -flto=auto + - Bug 3193 pt2: NTLM decoder truncating strings + (bsc#1203680, CVE-2022-41318) + - Bug 5133: OpenSSL 3.0 support + - ext_session_acl: fix TDB key lookup + - forward_max_tries: Do not count discarded connections + - ... and many compile and debugging fixes + +------------------------------------------------------------------- +Mon Aug 29 08:25:53 UTC 2022 - chris@computersalat.de + +- fix PIDFile + * NOT needed in service file + (squid.service: Can't open PID file /run/squid.pid) + * placed to tmpfilesdir + +------------------------------------------------------------------- +Wed Jun 29 11:31:00 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Fri Jun 24 09:26:49 UTC 2022 - Adam Majer + +- Update to 5.6: + * Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784) + +- Changes in 5.5: + * fixes regression Bug 5192: esi_parser default is incorrect + * Bug 5177: clientca certificates sent to https_port clients + * Bug 5090: Must(!request->pinnedConnection()) violation + * Kid restart leads to persistent queue overflows, delays/timeouts + +------------------------------------------------------------------- +Thu Mar 31 14:24:59 UTC 2022 - Adam Majer + +- Do not try to set special permissions for basic_pam_auth (bsc#1197649) + +------------------------------------------------------------------- +Tue Mar 29 10:48:38 UTC 2022 - Adam Majer + +- Fix upgrade path from squid 4.x where we replaced some symlinks + with directories in pretrans section (bsc#1197333) +- old_nettle_compat.patch: refresh patch + +------------------------------------------------------------------- +Sat Feb 26 11:29:47 UTC 2022 - Andreas Stieger + +- Update to 5.4.1: + * Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening + * code clean-ups and developer visible changes + +------------------------------------------------------------------- +Tue Feb 8 09:55:02 UTC 2022 - Paolo Stivanin + +- Update to 5.4: + * Bug 5190: Preserve configured order of intermediate CA certificate chain + * Bug 5188: Fix reconfiguration leaking tls-cert=... memory + * Bug 5187: Properly track (and mark) truncated store entries + * Bug 5134: assertion failed: Transients.cc:221: "old == e" + * Bug 5132: Close the tunnel if to-server conn closes after client + +------------------------------------------------------------------- +Wed Dec 22 14:03:32 UTC 2021 - Martin Pluskal + +- Adjust harden_squid.service.patch to resolve boo#1193938 + +------------------------------------------------------------------- +Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller + +- update to 5.3: + * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion + * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses + * Bug 5060: Parallel builds are not reliable + * Documentation updates for logformat directive + +------------------------------------------------------------------- +Tue Nov 23 15:20:27 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_squid.service.patch + Modified: + * squid.service + +------------------------------------------------------------------- +Mon Oct 4 13:19:48 UTC 2021 - Adam Majer + +- transition to squid 5.x. This is a major release and for changes + and how to transition from 4.x, see the release notes, + http://www.squid-cache.org/Versions/v5/RELEASENOTES.html +- update to 5.2 + * fixes issues with WCCP protocol that may lead to information + disclosure (bsc#1189403, CVE-2021-28116) + +- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb) +- new BR: pkgconfig(tdb) + +------------------------------------------------------------------- +Sun Aug 1 09:20:03 UTC 2021 - Dirk Müller + +- update to 4.16: + - Regression Fix: --with-valgrind-debug build broken since 4.15 + - Bug 5129 pt1: remove Lock use from HttpRequestMethod + - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED + - Bug 4528: ICAP transactions quit on async DNS lookups + +------------------------------------------------------------------- +Tue May 18 09:43:49 UTC 2021 - Adam Majer + +- fix building with SLE12 + +------------------------------------------------------------------- +Tue May 11 21:54:04 UTC 2021 - Dirk Müller + +- update to 4.15: + - Bug 5112: Excessively loud chunked reply parsing error reporting + - Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652) + - Bug 5104: Memory leak in RFC 2169 response parsing + (bsc#1185921, CVE-2021-28651) + - Bug 3556: "FD ... is not an open socket" for accept() problems + - Profiling: CPU timing implemented for MAC non-x86 + - Fix HttpHeaderStats definition to include hoErrorDetail + - Fix Squid-to-client write_timeout triggers client_lifetime timeout + - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs + (bsc#1185919, CVE-2021-28662) + - Handle more Range requests (bsc#1185916, CVE-2021-31806) + - Handle more partial responses (bsc#1185923, bsc#1186654, CVE-2021-33620) + - Stop processing a response if the Store entry is gone + - ... and some portability fixes + - ... and some documentation updates + +------------------------------------------------------------------- +Tue Feb 9 22:55:15 UTC 2021 - Dirk Müller + +- update to 4.14: + - fixes HTTP Request Smuggling vulnerability (bsc#1183436, CVE-2020-25097) + - Regression Fix: support for non-lowercase Transfer-Encoding value + - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs + - Bug 5076: WCCP Security Info incorrect + - Bug 5073: Compile error: index was not declared in this scope + - Bug 5065: url_rewrite_program documentation update + - Bug 3074 pt2: improved handling of URI paths implicit '/' + - Fix transactions exceeding client_lifetime logged as _ABORTED + +------------------------------------------------------------------- +Mon Nov 2 10:34:59 UTC 2020 - Adam Majer + +- re-add older SLES12 requirements so we can use one devel project + for all codestreams + +------------------------------------------------------------------- +Fri Oct 30 11:52:08 UTC 2020 - Matthias Gerstner + +- fix previous change to reinstante permissions macros, because the wrong path + has been used (bsc#1171569). +- use libexecdir instead of libdir to conform to recent changes in Factory + (bsc#1171164). + +------------------------------------------------------------------- +Thu Oct 8 11:01:44 UTC 2020 - Matthias Gerstner + +- Reinstate permissions macros for pinger binary, because the permissions + package is also responsible for setting up the cap_net_raw capability, + currently a fresh squid install doesn't get a capability bit at all + (bsc#1171569). + +------------------------------------------------------------------- +Mon Aug 24 11:38:09 UTC 2020 - Adam Majer + +- squid 4.13: + * Enforce token characters for field-name (#700) + * Fix livelocking in peerDigestHandleReply (#698) + (bsc#1175671, CVE-2020-24606) + * Improve Transfer-Encoding handling (#702) + (bsc#1175665, CVE-2020-15811) + * Forbid obs-fold and bare CR whitespace in framing header fields (#701) + * Source Format Enforcement + * Enforce token characters for field-name (#700) + (bsc#1175664, CVE-2020-15810) + * Do not stall while debugging a scan of an empty store_table (#699) + * Fix livelocking in peerDigestHandleReply (#698) + * Honor on_unsupported_protocol for intercepted https_port (#689) + * Bug #5051: Some collapsed revalidation responses never expire (#683) + * SslBump: Support parsing GREASEd (and future) TLS handshakes (#663) + +------------------------------------------------------------------- +Fri Jul 24 15:03:53 UTC 2020 - Adam Majer + +- Change pinger and basic_pam_auth helper to use standard permissions. + pinger uses cap_net_raw=ep instead (bsc#1171569) +- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16 + Please adjust your config paths accordingly + +------------------------------------------------------------------- +Sun Jun 21 05:28:33 UTC 2020 - Andreas Stieger + +- squid 4.12: + * Fixes a potential Denial of Service when processing TLS certificates + during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304) + * Regression Fix: Revert to slow search for new SMP shm pages + * Fix Negative responses are never cached + * HTTP: validate Content-Length value prefix (CVE-2020-15049, bsc#1173455) + * HTTP: add flexible RFC 3986 URI encoder + * Fix stall if transaction overwrites a recently active cache + entry + +------------------------------------------------------------------- +Thu Apr 23 13:02:37 UTC 2020 - Adam Majer + +- Update to squid 4.11: + * Fix incorrect buffer handling that can result in cache + poisoning, remote execution, and denial of service attacks when + processing ESI responses + (CVE-2019-12519, CVE-2019-12521, bsc#1169659) + * Fixes possible information disclosure when translating + FTP server listings into HTTP responses. + (CVE-2019-12528, bsc#1162689) + * Fixes possible denial of service caused by incorrect buffer + management ext_lm_group_acl when processing NTLM Authentication + credentials. (CVE-2020-8517, bsc#1162691) + * Fixes a potential remote execution vulnerability when using + HTTP Digest Authentication (CVE-2020-11945, bsc#1170313) + * Fixes problem when reconfigure killed Coordinator in + SMP+ufs configurations (#556) + +------------------------------------------------------------------- +Mon Apr 20 10:24:46 UTC 2020 - Thorsten Kukuk + +- Make logrotate recommended, it's not strictly required and + doesn't make any sense in containers + +------------------------------------------------------------------- +Tue Feb 18 15:46:02 CET 2020 - kukuk@suse.de + +- Use sysusers instead of shadow to create squid user and groups +- Don't hard require systemd + +------------------------------------------------------------------- +Wed Feb 5 09:57:59 UTC 2020 - Adam Majer + +- Update to squid 4.10: + * fixes a security issue allowing a remote client ability to cause + use a buffer overflow when squid is acting as reverse-proxy. + (CVE-2020-8449, CVE-2020-8450, bsc#1162687) + * fixes a security issue allowing for information disclosure in + FTP gateway (CVE-2019-12528, bsc#1162689) + * fixes a security issue in ext_lm_group_acl when processing + NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) + * improve cache handling with chunked responses + +------------------------------------------------------------------- +Fri Nov 8 15:24:15 UTC 2019 - Adam Majer + +- Update to squid 4.9: + * fixes multiple Cross-Site Scripting issues in cachemgr.cgi + (CVE-2019-13345, bsc#1140738) + * fixes heap overflow in URN processing + (CVE-2019-12526, bsc#1156326) + * fixes multiple issues in URI processing + (CVE-2019-12523, CVE-2019-18676, bsc#1156329) + * fixes Cross-Site Request Forgery in HTTP Request processing + (CVE-2019-18677, bsc#1156328) + * fixes HTTP Request Splitting in HTTP message processing + (CVE-2019-18678, bsc#1156323) + * fixes information disclosure in HTTP Digest Authentication + (CVE-2019-18679, bsc#1156324) + * lower cache_peer hostname - this showed up as DNS failures + if peer name was configured with any upper case characters + * TLS: Multiple SSL-Bump fixes + * TLS: Fix expiration of self-signed generated certs to be 3 years + * TLS: Fix on_unsupported_protocol tunnel action + * Fix several rock cache_dir corruption issues + * fixes handling of invalid domain names in cachemgr.cgi + (CVE-2019-18860, bsc#1167373) + +- fix_configuration_error.patch: upstreamed +- old_nettle_compat.patch: refreshed + +------------------------------------------------------------------- +Tue Aug 6 13:05:58 UTC 2019 - Adam Majer + +- fix_configuration_error.patch: Fix compilation with -Wreturn-type +- old_nettle_compat.patch: Update to actually use older version + +------------------------------------------------------------------- +Thu Jul 18 14:11:28 UTC 2019 - Adam Majer + +- old_nettle_compat.patch: Fix compatibility with nettle in SLE-12 + +------------------------------------------------------------------- +Mon Jul 15 14:58:13 UTC 2019 - Adam Majer + +- Update to squid 4.8: + + Ignore ECONNABORTED in accept(2) + + RFC 7230 forbids generation of userinfo subcomponent of https URL + + cachemgr.cgi: unallocated memory access resulting in a potential + denial of service. (bsc#1141442, CVE-2019-12854) + + terminating c-strings beyond BASE64_DECODE_LENGTH + + Replace uudecode with libnettle base64 decoder fixing a denial + of service vulnerability (bsc#1141329, CVE-2019-12529) + + fix to_localhost does not include :: + + Fix GCC-9 build issues + + Fix Digest auth parameter parsing preventing a potential + denial of service (bsc#1141332, CVE-2019-12525) + + Update HttpHeader::getAuth to SBuf which prevents a potential + heap overflowing allowing a possible remote code execution + attack when processing HTTP Authentication credentials + (bsc#1141330, CVE-2019-12527) + + Add the NO_TLSv1_3 option to available tls-options values + + Fix handling of tiny invalid responses + + Fix Memory leak when http_reply_access uses external_acl + + Fix Multiple XSS issues in cachemgr.cgi + (bsc#1140738, CVE-2019-13345) +- use unbundled version of libnettle +- disable LTO as a workaround to tests failing + +------------------------------------------------------------------- +Wed May 8 10:41:22 UTC 2019 - Adam Majer + +- Update to squid 4.7: (jsc#SLE-5648) + + Fix stack-based buffer-overflow when parsing SNMP messages + + Fixed squidclient authentication + + Add support for buffer-size= to UDP logging + + Trust intermediate CAs from trusted stores + + Bug #4928: Cannot convert non-IPv4 to IPv4 + + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs + + Bug #4823: assertion failed: "lowestOffset () <= target_offset" + (bsc#1133089) + + Bug #4942: --with-filedescriptors does not do anything + +------------------------------------------------------------------- +Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de + +- Syncronize bug and CVE references between 3.x and 4.x squid changelog + versions. These bugs were fixed here either without properly referencing + them during the fix or 4.x branch was never affected by them. + (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556, + bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749, + bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002, + bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554, + bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054, + bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948, + bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572, + bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570, + bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390, + bsc#959290, CVE-2016-4052, CVE-2016-4053, + bsc#1029157, bsc#1024020, bsc#998595, fate#319674) + +------------------------------------------------------------------- +Sat Feb 23 06:37:31 UTC 2019 - seanlew@opensuse.org + +- Update to squid 4.6: + + master commit b599471 leaks memory (#4919) + + SourceFormat Enforcement (#367) + + Detect IPv6 loopack binding errors (#355) + + Do not call setsid() in --foreground mode (#354) + + Fail Rock swapout if the disk dropped write reqs (#352) + + Initialize StoreMapSlice when reserving a new cache slot (#350) + + Fixed disker-to-worker queue overflows (#353) + + Fix OpenSSL builds that define OPENSSL_NO_ENGINE (#349) + + Fix BodyPipe/Sink memory leaks associated with auto-consumption + + Exit when GoIntoBackground() fork() call fails (#344) + + GCC-8 compile errors with -O3 optimization (#4875) + + Initial translations to ka/georgian language (#345) + + basic_ldap_auth: Return BH on internal errors (#347) + +------------------------------------------------------------------- +Mon Feb 18 10:03:23 UTC 2019 - adam.majer@suse.de + +- Revert whitespace deletions of .changes as it makes diffs a pain. + +------------------------------------------------------------------- +Sat Feb 16 00:19:25 UTC 2019 - Jan Engelhardt + +- Do not hide errors from useradd. Make scriptlets + plain sh compatible. + +------------------------------------------------------------------- +Wed Jan 02 05:45:03 UTC 2019 - sean@suspend.net + +- Update to squid 4.5: + + Squid crashes when ICAPS and a sslcrtvalidator used together (#328) + + ssl_bump prevents from accessing some web contents (#304) + + Docs: improved lexgrog compatibility (#340) + + Redesign forward_max_tries count TCP connection attempts + + Fix client_connection_mark ACL handling of clientless transactions + + Fix netdb exchange with a TLS cache peer + + Update netdb when tunneling requests + + Use pkg-config for detecting libxml2 + + Misc doc updates + + Misc code compile fixes + +------------------------------------------------------------------- +Fri Nov 9 13:13:37 UTC 2018 - adam.majer@suse.de + +- Fix permissions of installed file to tmpfilesdir + +------------------------------------------------------------------- +Mon Oct 29 10:26:08 UTC 2018 - adam.majer@suse.de + +- New upstream stable version 4.4: + + Fix memory leak when parsing SNMP packet + (bsc#1113669, CVE-2018-19132) + + Fixed display of error page by quoting certificate fields + before displaying them (bsc#1113668, CVE-2018-19131) + + Malformed %>ru URIs for CONNECT requests + +------------------------------------------------------------------- +Tue Oct 23 09:20:12 UTC 2018 - adam.majer@suse.de + +- Create runtime directories needed when SMP mode is enabled. + (bsc#1112695, bsc#1112066) +- Make changelog entries format consistent + +------------------------------------------------------------------- +Thu Oct 4 07:36:49 UTC 2018 - Martin Pluskal + +- Correct changelog +- Enable tests + +------------------------------------------------------------------- +Tue Oct 02 10:16:22 UTC 2018 - sean@suspend.net + +- New upstream stable version 4.3: + + Bug 4885: Excessive memory usage when running out of descriptors + + Bug 4877: Add missing text about external_acl_type %DATA changes + + Bug 4875 pt1: GCC-8 compile errors with -O3 optimization + + Bug 4716: Blank lines in cachemgr.conf are not skipped + + Bug 4691: balance_on_multiple_ip config option docs + + basic_pop3_auth: fix startup errors + + langpack: Add missing dialect aliases + + Fix range_offset_limit debugging + + Fix icc build errors + + Update systemd dependencies in squid.service + +------------------------------------------------------------------- +Mon Aug 13 07:30:05 UTC 2018 - adam.majer@suse.de + +- New upstream stable version 4.2: + + fix HTTPMSGLOCK missing pointer safety + + gcc-8 fixes + + fix milliseconds logformats prepend 0s instead of spaces + + fix %>ru logging of huge URLs + +------------------------------------------------------------------- +Thu Jul 5 15:30:07 UTC 2018 - adam.majer@suse.de + +- New upstream stable version 4.1: + + Fix --with-netfilter-conntrack error message + + Supply ALE for force_request_body_continuation ACL + +------------------------------------------------------------------- +Mon Jun 18 13:04:17 UTC 2018 - adam.majer@suse.de + +- New upstream version 4.0.25: + + Fixed regression: querying private entries for HTCP/ICP + + Fixed regression: deny_info %R macro not being expanded + + Fixed regression: proxy_auth ACL -i/+i flags not working + + Fixed regression: filter chain certificates for validity + when loading + + Fixed regression: Transient reader locking broken in 4.0.24 + + Fixed NegotiateSsl crash on aborting transaction + + Fixed IPC shared memory leaks when disker queue overflows + + Update negotiate_kerberos_auth helper protocol to v3.4 + + Fixed: purge tool does not obey --sysconfdir= build option + + Add timestamps to (most) FATAL messages +- a3f6783.patch: upstreamed, obsolete. + +------------------------------------------------------------------- +Wed Jun 6 13:52:01 UTC 2018 - adam.majer@suse.de + +- a3f6783.patch: Fixes certificate handling with intermediates + chains + +------------------------------------------------------------------- +Tue May 15 07:43:44 UTC 2018 - adam.majer@suse.de + +- Fix package configure + +------------------------------------------------------------------- +Wed Mar 28 09:01:14 UTC 2018 - adam.majer@suse.de + +- New upstream version 4.0.24 + + Bug 4505: SMP caches sometimes do not purge entries + + TPROXY: Fix clientside_mark and client port logging + + Native FTP: Fix "Cannot assign requested address" with TPROXY + + SSL-Bump: Fix authentication with types other than Basic + + ... and some documentation fixes +- install license correctly (bsc#1082318) and transition to SPDXv3 + +------------------------------------------------------------------- +Mon Feb 19 08:08:14 UTC 2018 - adam.majer@suse.de + +- Spec file cleanup: + + Drop unused fillup template - it's not used by systemd script + + Drop %pretrans section which is only used to upgrade from + version 3.4 of squid - no supported codestream has that version. + + Drop explicit BR: on systemd-rpm-macros +- Update squid.service systemd file + + Don't need to use squid to manage squid anymore + + Drop references to default config file, since it's default +- Drop reference to nonexistent EnvironmentFile in the service file + +------------------------------------------------------------------- +Mon Jan 29 10:36:36 UTC 2018 - adam.majer@suse.de + +- Change default error pages symlink from German to English. + +------------------------------------------------------------------- +Mon Jan 22 12:48:24 UTC 2018 - adam.majer@suse.de + +- Update Squid to 4.0.23 + * fixes DoS caused by incorrect pointer handling when processing + ESI responses. This affects the default custom esi_parser + (libxml2 and expat esi_parsers are unaffected) + (bnc#1077003, CVE-2018-1000024) + * fixes DoS caused by incorrect pointer handing whien processing + ESI responses or downloading intermediate CA certificates + (bnc#1077006, CVE-2018-1000027) + * fixes "User names not sent to url_rewrite_program" + * fixes %= 0" assertion in file_write() during + reconfiguration + * Do not leak url_rewrite_extras and store_id_extras on + reconfigure/shutdown. + * Fix potential ICAP null pointer dereference after rev.14082 + * Fix logged request size (%http::>st) and other size-related + %codes. + +------------------------------------------------------------------- +Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de + +- Merge changes from SLE12 SP2 so we have identical packages + +------------------------------------------------------------------- +Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de + +- Update Squid to 3.5.21 + * fix assertion failure in xcalloc when using many cache_dir + Squid is documented as supporting up to 64 cache directories, + but would crash with a memory allocation error if more than + a few were actually configured. + * fix authentication credentials IP TTL updated incorrectly + This bug caused error in max_user_ip ACL accounting to allow + clients to shift IP address more times than configured. + Fix may have an effect on IPv6 clients using "proviacy adressing" + to rotate IPs. + * fix mal-formed Cache-Control:stale-if-error header + This bug shows up as incorrect stale-if-error values being + relayed by Squid breaking the use of this feature in the + recipients. Squid now relays the header values correctly. + * fix Proxy-Authenticate problem using ICAP server + With this change Squid now treats the ICAP REQMOD adaptation + point as a part of itself with regards to proxy authentication. + The Proxy-Authentication header received from the client is + delivered as part of the HTTP request headers in expectation + that the ICAP service may authenticate and/or + produce 407 response itself. + * fix HTTP: MUST always revalidate Cache-Control:no-cache responses + This bug shows up as Squid not revalidating some responses until + they became stale according to refresh_pattern heuristic rules + (specifically the minimum caching age). Squid now revalidates + these objects on every request. + * fix HTTP: do not allow Proxy-Connection to override Connection + * fix SSL CN wildcard must only match a single domain fragment + This bug shows up as incorrect matching (or non-matching) of the + ss::server_name ACL against TLS certificate values. Squid now + treats the certificate CN fields according to X.509 domain + matching requirements instead of HTTP domain matching + requirements. +- squid-brokenad.patch + * propertly capitalize option name + * make the conditional if() not a riddle + +------------------------------------------------------------------- +Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de + +- Remove no-op option from configure + --enable-ntlm-fail-open has been removed more than 4 years ago in + squid 3.3.0.1 and apparently it wasn't useful for 10 years prior + to that already + http://www.squid-cache.org/mail-archive/squid-dev/201207/0072.html + +------------------------------------------------------------------- +Sun Jul 10 07:49:53 UTC 2016 - mpluskal@suse.com + +- Update to version 3.5.20: + * Assertion failed: Write.cc:38: "fd_table[conn->fd].flags.open" + * Bug #4523: smblib compile fails on NetBSD + * Do not make bogus recvmsg(2) calls when closing UDS sockets. + * Fix SEGFAULT parsing malformed adaptation service configuration + * Fixed ConnStateData::In::maybeMakeSpaceAvailable() logic. + * Bug #3579: assertion failed 'MemPools[type]' from dst_as ACL + * SourceFormat Enforcement + * Do not allow low-level debugging to hide important/critical + messages. + * Bug #4485: off-by-one out-of-bounds Parser::Tokenizer::int64() + read errors + * Increase debug level in a peek-and-splice related debug message + * Fix icons loading speed. + * Fix OpenSSL detection on FreeBSD + * Do not override user defined -std option + * SourceFormat Enforcement + * Support unified EUI format code in external_acl_type + +------------------------------------------------------------------- +Mon May 9 08:50:11 UTC 2016 - hpj@urpla.net + +- Update to 3.5.19 + * Regression Bug 4515: interception proxy hangs +- Update to 3.5.18 + * Bug 4510: stale comment about 32KB limit on shared memory cache + entries + * Bug 4509: EUI compile error on NetBSD + * Bug 4501: HTTP/1.1: normalize Host header + * Bug 4498: URL-unescape the login-info after extraction from URI + * Bug 4455: SegFault from ESIInclude::Start + * Prevent Squid forcing -b 2048 into the arguments for + sslcrtd_program + * Fix TLS/SSL server handshake alert handling + +------------------------------------------------------------------- +Thu May 5 10:56:34 UTC 2016 - hpj@urpla.net + +- Update to 3.5.17 + * Regression Bug 4480: logformat [.width_max] + * Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match + on second attempt + * Bug 4495: Unknown SSL option SSL_OP_NO_TICKET + * Bug 4493: theObject->sharedMemorySize() == theSegment.size() + exception + * Bug 4483: ./configure garbles -Og option in CFLAGS + * Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc + * Bug 4468: NotNode (!acl) naming: Terminate the name before + strncat(name). + * Bug 4465: Header forgery detection leads to crash + * Bug 2460 partial: workaround deferred reads on shutdown and + restart + * cachemgr.cgi: use dynamic MemBuf for internal content + generation + * ESI: Fix several element construction issues + * TLS: Fix Handshake Error: ccs received early + * TLS: Add chained and signing cert to peek-then-bumped + connections + * Fix some startup/shutdown crashes + +------------------------------------------------------------------- +Mon Apr 4 07:19:58 UTC 2016 - mpluskal@suse.com + +- Update to 3.5.16 (boo#973771) + * Bug 4476: Removed duplicated #include lines + * Bug 4452: squid -z segfaults with ufs + * Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion + * Bug 4423: adding stdio: prefix to cache_log directive produces + FATAL error + * Bug 4409: compile error when two Heimdal libraries are + installed + * Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304 + * pinger: Fix buffer overflow in Icmp6::Recv + * pinger: Fix select(2) to actually use max_fd + * pinger: drop capabilities on Linux + * Fix memory leak of HttpRequest objects + * Fix memory leak when the cache of sslcrtvalidator_program is + disabled via ttl=0 + * Fix assertion failed: Write.cc:41: "!ccb->active()" + * Fix crash on shutdown while cleaning up idle ICAP connections + * RFC 7725: Add registry entry for 451 status text + * ... and some build issues +- Refresh all patches + +------------------------------------------------------------------- +Mon Mar 7 13:47:55 UTC 2016 - chris@computersalat.de + +- Changes to squid-3.5.15 (23 Feb 2016): + * Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser + * Fix multiple assertion on String overflows + * Fix unit test errors on MacOS + * Better handling of huge response headers. Fewer incorrect "Bug #3279" messages. + * Log noise reduction for eCAP +- Changes to squid-3.5.14 (16 Feb 2016): + * Bug 4437: Fix Segfault on Certain SSL Handshake Errors + * Bug 4431: C code is not compiled with CFLAGS + * Bug 4418: FlexibleArray compile error with GCC 6 + * Bug 4378: assertion failed: DestinationIp.cc:60: + 'checklist->conn() && checklist->conn()->clientConnection != NULL' + * Fix invalid FTP connection handling on blocked content + * Fix handling of shared memory left over by Squid crashes or bugs + * Fix mgr:config report 'qos_flows mark' output + * Fix compile error in CPU affinity + * Fix %un logging external ACL username + * Avoid more certificate validation memory leaks + * ... and some documentation updates + +------------------------------------------------------------------- +Sun Jan 24 18:28:45 UTC 2016 - chris@computersalat.de + +- Changes to squid-3.5.13 (06 Jan 2016): + * Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath + * Bug 4387: Kerberos build errors on Solaris + * TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange + * TLS: Complete certificate chains using external intermediate certificates + * Avoid memory leaks when an X.509 certificate validator is used with SslBump + * Fix connection retry and fallback after failed server TLS connections + * Fix GnuTLS detection via pkg-config + * Fix startup crash with a misconfigured (too-small) shared memory cache + * ... and some documentation updates +- Changes to squid-3.5.12 (28 Nov 2015): + * Bug 4374: refresh_pattern config parser (%) + * Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' + * Bug 4228: links with krb5 libs despite --without options + * Fix SSL_get_certificate() problem detection + * Fix TLS handshake problem during Renegotiation + * Fix cache_peer forceddomain= in CONNECT + * Fix status code-based HTTP reason phrase for eCAP-generated messages + * Fix build errors in cpuafinity.cc + * ... and several documentation updates +- Changes to squid-3.5.11 (01 Nov 2015): + * Bug 3574: crashes on reconfigure and startup + * Bug 4347: compile errors with LibreSSL 2.3 + * Bug 4281: copy-paste typos in src/tools.cc + * Bug 4279: No response from proxy for FTP-download of non-existing file + * Bug 4188: Bumping intercepted SSL connections does not work on Solaris + * Fix incorrect authentication headers on cache digest requests + * Fix connection stats, including %getConn())' + * Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in + SSL I/O buffer + * Fix assertion errorpage.cc:600: "entry->isEmpty()" + * Fix comm_connect_addr on failures returns Comm:OK + * Fix missing external ACL helper notes + * Fix "Not enough space to hold server hello message" error + message + * Fix segmentation fault inside + Adaptation::Icap::Xaction::swanSong + * Prevent unused ssl_crtd helpers being run +- Update permission in logrotate config +- Refresh squid-config.patch + +------------------------------------------------------------------- +Fri May 22 17:43:50 UTC 2015 - mpluskal@suse.com + +- Update to 3.5.4 + * Bug 4234: comm_connect_addr uses errno incorrectly + * Bug 4231: fd_open() not correctly handling UDS socket descriptions + * Bug 4226: digest_edirectory_auth: found but cannot be built + * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" + * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections + * Fix require-proxy-header preventing HTTPS proxying and ssl-bump + * Fix Negotiate/Kerberos authentication request size exceeds output buffer size + * Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates + * Add server_name ACL matching server name(s) obtained from various sources + * Add Kerberos support for MAC OS X 10.x + * Support for resuming TLS sessions + * ... and some portability and compile fixes + * ... and several documentation updates + * ... and all fixes from squid 3.4.13 +- Refresh patches + +------------------------------------------------------------------- +Wed May 6 08:32:28 UTC 2015 - mpluskal@suse.com + +- Remove emulate_httpd_log from config on update + +------------------------------------------------------------------- +Tue Apr 28 08:59:41 UTC 2015 - mpluskal@suse.com + +- Fix update from 3.4 to 3.5 + +------------------------------------------------------------------- +Sun Apr 26 11:18:42 UTC 2015 - mpluskal@suse.com + +- Fix SLE 11 build with older kerberos libraries + * squid-old-kerberos.patch + +------------------------------------------------------------------- +Wed Apr 1 06:55:04 UTC 2015 - mpluskal@suse.com + +- Update to 3.5.3 + * Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory + * Regression Bug 4206: Incorrect connection close on expect:100-continue + * Bug 4204: ./configure does not abort when required helpers cannot be built + * Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment + * Bug 2907: high CPU usage on CONNECT when using delay pools + * basic_getpwnam_auth: fail authentication on crypt() failures + * basic_nis_auth: fail authentication on crypt() failures + * ext_kerberos_ldap_group_acl: Heimdal support improvements + * ext_wbinfo_group_acl: Perl 5.20 support + * ... and several compile issues + +------------------------------------------------------------------- +Sat Mar 21 13:16:42 UTC 2015 - mpluskal@suse.com + +- Use xz compressed source +- Update to 3.5.2 + * Regression Bug 4176: Digest auth too many helper lookups + * Regression Bug 4180: not-fully-initialized data member in + ACLUserData + * Bug 4172: Solaris broken krb5-config + * Bug 4073: Cygwin compile errors + * Bug 3919: remove several never-true / never-false comparisons + * HTTPS: Add missing root CAs when validating chains that passed + internal checks + * Fix some cbdataFree related memory leaks + * Quieten CBDATA 'leak' messages + * Set SNI information in transparent bumping mode + * negotiate_kerberos_auth: fix krb5.conf backward compatibility + * Fix memory leaks in cachemgr.cgi URL parser + * Fix sslproxy_options in peek-and-splice mode + * ... and fix several portability and build issues + * ... and some documentation updates + * ... and all fixes from squid 3.4.11 + +------------------------------------------------------------------- +Thu Feb 19 01:09:38 UTC 2015 - chris@computersalat.de + +- Update to 3.5.1 (13 Jan 2015): + * Fix handling of invalid SSL server certificates when splicing connections + * basic_smb_lm_auth: Simplified MSNT basic auth helper + * squidclient: Fix -A and -P options + * ... and several portability fixes + * ... and all fixes from squid 3.4.11 + * ... and a lot of documentation updates +- removed obsolete patch + * squid-compiled_without_RPM_OPT_FLAGS.patch +- rebased patches + * squid-config.patch + * squid-nobuilddates.patch + * squid-brokenad.patch +- replace configure option + * --enable-ssl > --with-openssl + +------------------------------------------------------------------- +Wed Feb 18 23:28:06 UTC 2015 - chris@computersalat.de + +- remove obsolete RELEASENOTES.html + * included in package + +------------------------------------------------------------------- +Wed Feb 11 22:35:30 UTC 2015 - mpluskal@suse.com + +- Update to 3.4.11: + * cachemgr.cgi: memory leak in request parser + * Fix typo on commStartSslClose + * Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro + * Bug #3760: squidclient ignores --disable-ipv6 + * Bug #3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 + * Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers + * Bug #4164: SEGFAULT when %W formating code used in errorpages + * Deleting first fs left psstate->servers pointing to uninitialized memory + * Maintenance: check release notes on packaging + * Bug #4057: Avoid on-exit crashes when adaptation is enabled. + +------------------------------------------------------------------- +Sat Jan 10 01:08:40 UTC 2015 - chris@computersalat.de + +- recover old spec + * merge in suggested changes from tchvatal +- fix permissions for SLE11 + * revert suid bit for pinger and basic_pam_auth + add them to permissions file (commented) +- readd deleted files + * RELEASENOTES + * permissions (needed for SLE11) + * init.rh + +------------------------------------------------------------------- +Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com + +- Cleanup with spec-cleaner +- Version bump to 3.4.10: + * Fix bootstrap.sh dependency on SPONSORS.list + * HTTP/2: Support 421 (Misdirected Request) status code + * Alternate-Protocol is a hop-by-hop header + * Bug #4148: external_acl_type header format does not accept the new libformat syntax + * Bug #4033: Rebuild corrupted ssl_db/size file + * Bug #3902: Docs: external_acl_type cache hash key + * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6 + * Fix segmentation fault in ACLUrlPathStrategy::match +- Remove support for other distros as we build for opensuse anyway + +------------------------------------------------------------------- +Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net + +- remove permissions.easy and permissions.paranoid files from package + as they are not used any more + +------------------------------------------------------------------- +Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net + +- remove setBadness in rpmlintrc as it should be already in Factory + permissions package handled + +------------------------------------------------------------------- +Mon Dec 8 15:28:42 UTC 2014 - meissner@suse.com + +- %verifyscript is its own section, move out of the %postun section + +------------------------------------------------------------------- +Tue Dec 2 10:27:49 UTC 2014 - dimstar@opensuse.org + +- Use URLs to paths that the source validator actually understands + and make this acceptable for Tumbleweed. + +------------------------------------------------------------------- +Thu Nov 27 21:18:35 UTC 2014 - chris@computersalat.de + +- fix for boo#894636 (squid's logrotate snippet runs init script) + * modify squid.logrotate to work on both systemd and SysVinit + +------------------------------------------------------------------- +Thu Nov 27 13:16:58 UTC 2014 - lmuelle@suse.com + +- Changes to 3.4.9 (31 Oct 2014): + + Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update + + Bug 4102: sslbump cert contains only a dot character in key usage extension + + Bug 4093: source-maintenance.sh errors and warnings due to wrong + tools/options + + Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 + + Bug 4024: Bad host/IP ::1 when using IPv4-only environment + + Bug 3803: ident leaks memory on failure + + kerberos_ldap_group/cert_tool: Remove ksh dependency; + obsoletes squid-cert_tool_use_bash_not_ksh.patch + + ... and some automated code style updates + + ... and some documentation updates +- Changes to 3.4.8 (15 Sep 2014): + + Fix off by one in SNMP subsystem + + pinger: Fix various ICMP handling issues; CVE-2014-7141; CVE-2014-7142; + http://www.squid-cache.org/Advisories/SQUID-2014_4.txt; bnc#891268 + obsoletes squid-icmp-DoS.patch + +------------------------------------------------------------------- +Wed Nov 26 21:45:48 UTC 2014 - lmuelle@suse.com + +- Remove dependency on gpg-offline as signature checking is implemented in the + source validator. + +------------------------------------------------------------------- +Wed Sep 24 11:49:04 UTC 2014 - chris@computersalat.de + +- fix spec and changes file + +------------------------------------------------------------------- +Tue Sep 16 09:31:35 UTC 2014 - boris@steki.net + +- update logrotate file + * postrotate now defaults to 'systemd' + +------------------------------------------------------------------- +Tue Sep 16 08:35:11 UTC 2014 - boris@steki.net + +- fix for icmp pinger DOS bnc#891268 + +------------------------------------------------------------------- +Mon Sep 15 11:36:51 UTC 2014 - chris@computersalat.de + +- some spec cleanup +- some systemd/SysVinit fixes +- fix sysconfig file for ! suse_version + +------------------------------------------------------------------- +Thu Sep 11 15:25:01 UTC 2014 - boris@steki.net + +- replaced permissions handling using setuid bit with use of + linux capabilities (on supported systems) +- general cleanup of .spec file and systemd handling + +------------------------------------------------------------------- +Fri Sep 5 15:04:47 UTC 2014 - chris@computersalat.de + +- Changes to 3.4.7 (28 Aug 2014): + * Regression Fix: Kerberos LDAP authorizing groups with principle subdomain + * Bug 4080: worker hangs when client identd is not responding + * Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC + * HTTP/1.1: Ignore Range headers with unidentifiable byte-range values + * SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension + * Enable compile-time override for MAXTCPLISTENPORTS + * ntlm_sspi_auth: Fix various build errors + * negotiate_wrapper: Fix build issues with non-portable vfork() + * negotiate_sspi_auth: Portability fixes for MinGW + * ext_lm_group_acl: Portability fixes for MinGW + * ... and several minor memory leaks +- fix for bnc#894636 + * fix postrotate for systemd +- rebase patches + * squid-cert_tool_use_bash_not_ksh.patch + * squid-compiled_without_RPM_OPT_FLAGS.patch + * squid-nobuilddates.patch + * squid-config.patch + +------------------------------------------------------------------- +Thu Sep 4 16:02:45 UTC 2014 - chris@computersalat.de + +- fix for bnc#894840 + * fix logrotate file (sharedscripts) + +------------------------------------------------------------------- +Sun Aug 31 09:32:01 UTC 2014 - boris@steki.net + +- add --disable-arch-native configure param as vmware does not + emulate all instruction set and squid fails with + "Illegal instruction" more info at + http://wiki.squid-cache.org/KnowledgeBase/IllegalInstructionError + +------------------------------------------------------------------- +Thu Aug 14 16:42:17 CEST 2014 - draht@suse.de + +- squid-cert_tool_use_bash_not_ksh.patch: + /usr/sbin/cert_tool should use bash, not ksh. [bnc#891313] + +------------------------------------------------------------------- +Sun Aug 10 21:16:29 UTC 2014 - chris@computersalat.de + +- Changes to squid-3.4.6 (25 Jun 2014): + * Regression: segmentation fault logging with %tg format specifier + * Bug 4065: round-robin neighbor selection with unequal weights + * Bug 4056: assertion MemPools[type] from netdbExchangeStart() + * Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response + * Fix segmentation fault setting up server SSL connnection + * Fix hanging Non-HTTPS connections on SSL-bump enabled port + * Fix Cache Manager actions listed more than once + * ... and many minor memory leaks + * ... and several portability build issues + * ... and some documentation updates +- Changes to squid-3.4.5 (02 May 2014): + * Regression Bug 4051: inverted test on CONNECT payload existence + * Regression Fix: order dependency between cache_dir and maximum_object_size + * Fix logformat %note display + * Resolve 'dying from an unhandled exception: c' + * Copyright: Update CONTRIBUTORS list of copyright holders +- fix deps + * libtool >= 2.4 + * older libtool needs --with-included-ltd + +------------------------------------------------------------------- +Thu Jul 31 14:01:54 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Thu Apr 24 20:47:05 UTC 2014 - boris@steki.net + +- fix rhel/centos usermod parameter invocation order + +------------------------------------------------------------------- +Wed Apr 9 15:42:06 UTC 2014 - boris@steki.net + +- setuid handling for opensuse using permissions updated + +------------------------------------------------------------------- +Mon Apr 7 12:06:41 UTC 2014 - boris@steki.net + +- enable build for centos/rhel + - add centos/rhel init script + +------------------------------------------------------------------- +Sat Mar 29 16:47:44 UTC 2014 - chris@computersalat.de + +- add 'squid' as default group and added suid bit for /usr/sbin/pinger + # pinger needs 'root' privileges to be able to ping (cache peer) + * attr(4750,root,squid) /usr/sbin/pinger + +------------------------------------------------------------------- +Fri Mar 28 18:46:44 UTC 2014 - chris@computersalat.de + +- fix pidfile dir + * systemd -> /run/squid.pid + * SysVinit -> /var/run/squid.pid + +------------------------------------------------------------------- +Sun Mar 16 08:54:50 UTC 2014 - boris@steki.net + +- added patch to force kerberos principalname handling + ( http://bugs.squid-cache.org/show_bug.cgi?id=4042 ) + * squid-brokenad.patch + +------------------------------------------------------------------- +Sat Mar 15 12:11:30 UTC 2014 - chris@computersalat.de + +- Changes to squid-3.4.4 (09 Mar 2014): + * Bug 4029: intercepted HTTPS requests bypass caching checks + * Bug 4001: remove use of strsep() + * Bug 3186 and 3628: Digest authentication always sending stale=false for nonce + * Fix stalled concurrent rock store reads + * Fix helper ID number assignment + * Fix build failures from CMSG related definitions + * Fix build failures from libcompat unsafe.h protections + * Copyright: Relicense helpers by Treehouse Networks Ltd. + * ... and all bug fixes from 3.3.12 +- fix for bnc#743563 + * fix spec(post): remove SLE_10 permissions stuff +- rebased patches: + * squid-compiled_without_RPM_OPT_FLAGS.patch + * squid-nobuilddates.patch + +------------------------------------------------------------------- +Fri Mar 14 14:34:27 UTC 2014 - boris@steki.net + +- add ssl bump to build config + +------------------------------------------------------------------- +Thu Feb 27 13:26:24 UTC 2014 - chris@computersalat.de + +- Changes to squid-3.4.3 (02 Feb 2014): + * Bug 4008: HttpHeader warnOnError should be an int not a bool + * Bug 4002: clang 3.4 unable to compile + * Bug 3996: Malformed DNS reply leads to crash + * Bug 3995: compile error on CentOS 5 with GCC 4.1.2 + * Bug 3975: atomic detection cross-compilation failure + * Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode + * Bug 3954: compile failure in CpuAffinity.cc + * Bug 3927: tests/testRock fatal.cc required + * Fix memory leak in peer Cache Digest exchange + * Fix external_acl_type async loop failures + * Fix destination IP address cycling + * ... and a few polishing changes + +------------------------------------------------------------------- +Tue Jan 7 19:45:22 UTC 2014 - chris@computersalat.de + +- Changes to squid-3.4.2 (30 Dec 2013): + * Regression Bug 3980: FATAL ERROR due to max_user_ip -s option + * Regression Fix: \-unescaping in quoted strings from helpers + * Regression Fix: URL helper API bypassing on URL containing '=' character + * Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery + * Bug 3806: Caching responses with Vary header + * Bug 3498: FTP PUT assertion + * WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD + * Enable concurrency by default for SSL certificate validator + * ... and fix several build errors + +------------------------------------------------------------------- +Wed Dec 25 23:10:24 UTC 2013 - chris@computersalat.de + +- Changes to squid-3.4.1 (09 Dec 2013): + * Bug 3935: Invalid pointer dereference when peeking at origin server certificate + * Bug 3589: intercepted and ICAP modified request using a cache_peer + * ... and several portability fixes + * ... and some documentation updates +- Changes to squid-3.4.0.3 (01 Dec 2013): + * Bug 3941: Release notes error + * Receive annotations from authentication and external ACL helpers + * basic_nis_auth: Improved portability + * ... and several documentation updates + * ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 +- Changes to squid-3.4.0.2 (03 Oct 2013): + * Regression Bug 3891: squid.conf parser errors in 3.4.0.1 + * Regression Fix: re-disable MinGW C++11 support + * Bug 3914: partial: make squidclient tool build cleanly with -Wconversion + * Fix memory leak in refresh_pattern parsing + * negotiate_kerberos_auth: upgrade to present group= keys + * Handle NTLM helper returning OK without user= value + * Add dns_multicast_local to control mDNS operation + * Add --disable-arch-native build option + * Display Build-Info in cache manager info report + * ... and all changes from squid 3.3.9 + * ... and some code and debug output polishing +- Changes to squid-3.4.0.1 (29 Jul 2013): + * Port from 2.7: StoreURL (renamed Store-ID) support + * Bug 3795: fix several mistakes in the MIB file + * Bug 3793: configure: improved helper detection + * Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS + * Bug 3676: Support GCC 4.7 with -Wshadow option + * Bug 3643: NTLM helpers stuck in reserved state by Safari + * Bug 3389: Auto-reconnect for tcp access_log + * Bug 2066: squid does not do chdir() after chroot() + * Fix uninitialized fields in IcapLogEntry + * Fix a number of minor issues detected by Coverity Scan + * Fix some potential memory leaks detected by Coverity Scan + * Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers + * Fix ACL matching algorithm to avoid repeating tests + * basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username + * squidpurge: fix META TLV parsing issues + * squid.conf: enforce all the directive and option names are lower-case + * Support EUI on HTTPS and FTP data connections + * Support OK/ERR/BH response codes from any helper + * Support No-lookup flag (-n) on DNS ACLs + * Support -march=native compiler optimization by default + * Support forwarding intercepted but not bumped connections to cache_peers + * Support IPv6 NAT interception on Linux and some BSD + * Deprecate log_icap and log_access configuration directives + * HTTP/1.1: improved method invalidation and cacheability detection + * HTTP/1.1: support length configuration for pipeline_prefetch queue + * Improved TPROXY support for OpenBSD and FreeBSD + * Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file + * Add all-of and any-of ACL types for grouping sets of ACL tests + * Add note directive for transaction annotations + * Add %note log format for transaction annotation logging + * Add note ACL type for matching annotated transactions with by annotation name or value + * Add kv-pair support to URL-rewrite/redirector interface + * Add SSL server certificate validator interface, helper and result cache + * Add SSL server certificate fingerprint ACL type + * Add spoof_client_ip access control + * Add pt-bz (Belize Portuguese) dialect to translations + * ... and many Windows portability changes (still incomplete) + * ... and many documentation changes + * ... and much code cleanup and polishing +- modified patches: + * squid-compiled_without_RPM_OPT_FLAGS.patch + * squid-config.patch +- remove obsolete fix-pod2man-check patch + +------------------------------------------------------------------- +Wed Dec 25 21:29:38 UTC 2013 - chris@computersalat.de + +- Changes to squid-3.3.11 (01 Dec 2013): + * Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 + * Bug 3972: Segfault when getting the deny_info page ID after a reconfigure + * Bug 3970: max_filedescriptors disabled due to missing setrlimit + * Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope + * Bug 3960: DEAD cache_peer are not revived + * Bug 3956: xstrndup: tried to dup a NULL pointer + * Bug 3906: Filedescriptor leaks in SNMP + * Bug 3782: Digest authentication not obeying nonce_max_count + * HTTP/1.1: Make header parser obey relaxed_header_parser + * HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted + * SMP: Replace blocking sleep(3) and close UDS socket on failures + * Windows: fix several compile errors +- Changes to squid-3.3.10 (03 Nov 2013): + * Bug 3929: request_header_add not working for tunnel requests + * Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration + * Bug 3918: Self Test Failures on Mac OS X 10.8 + * Bug 3887: tcp_outgoing_tos not working for IPv6 + * Bug 3836: Fix issues with automake 1.13+ and make check + * Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() + * Fix pinning hierarchy log information + * Fix close idle client connections associated with closed idle pinned connections. + * Fix cbdata 'error: expression result unused' errors + * Avoid "hot idle": A series of rapid select() calls with zero timeout. + * Append Connection:close to OPTIONS requests when icap_persistent_connections is off + * ntlm_fake_auth: pass DOMAIN data to Squid in original case + * kerberos_ldap_group: fix LDAP string duplication + * Use IPv6 localhost nameserver on DNS configuration errors + * Add cache_miss_revalidate + * ... and several portability improvements +- modified patches: + * squid-compiled_without_RPM_OPT_FLAGS.patch + * squid-config.patch +- fix build for SLE (libxml2-devel vs pkgconfig(libxml2)) +- fix changed files + * bindir/purge + * bindir/squidclient + +------------------------------------------------------------------- +Sat Sep 28 17:56:52 UTC 2013 - chris@computersalat.de + +- Changes to squid-3.3.9 (11 Sep 2013): + * Regression Bug 3077: off-by-one error in Digest header decoding + * Bug 3895: fix acl_uses_indirect_client and cache_peer_access + * Bug 3879: assertion failed ConnStateData::validatePinnedConnection + * Bug 3863: myportname acl causes segmentation fault + * Bug 3849: Duplicate certificate sent when using https_port + * Bug 2287: Better fix for unsupported HTTP version handling + * Bug 2112: Reload into If-None-Match + * Fix several assert with side effects in ICAP/eCAP response handling + * Fix myportname ACL on ICAP/eCAP transactions + * Fix external ACL user:pass detail logging after adaptation + * Fix SMP mgr:info report 'Largest file desc currently in use' + * Improved compatibility with gcc 4.8, clang and icc + * Show number of available filedescriptors when reserved FD changes + * Sync with newest OpenSSL error codes + * Register Http2-Settings header + * ... and many Windows portability fixes +- fix changelog + +------------------------------------------------------------------- +Thu Sep 5 11:43:22 UTC 2013 - chris@computersalat.de + +- fix build for Factory + * rework fix-pod2man-check + +------------------------------------------------------------------- +Mon Sep 2 21:58:38 UTC 2013 - chris@computersalat.de + +- fix build for 1110 (SLES_11) + * add configure --disable-strict-error-checking + +------------------------------------------------------------------- +Sun Sep 1 12:25:46 UTC 2013 - chris@computersalat.de + +- Changes to squid-3.3.8 (13 Jul 2013): + * Bug 3869: assertion failed: MemBuf.cc:272: size < capacity + * Improved handling of port values in Host: header validation +- Changes to squid-3.3.7 (11 Jul 2013): + * Bug 3297: Fix openSSL related build failures + * Fix build on FreeBSD 9.x platform with clang + * Protect against buffer overrun in DNS query generation +- Changes to squid-3.3.6 (01 Jul 2013): + * Bug 3854: pt1: compile errors on AIX + * Bug 3802: Fix wrong check inside Format::Format::assemble + * Bug 3762: remove bogus WARNING in cache.log + * Bug 3717: assertion failed with dstdom_regex with IP based URL + * Bug 1991: kqueue causes SSL to hang + * Ask for SSL key password when started with -N but without sslpassword_program + * Make sure % 1 + - Bug 3655: pinning failure breaks NTLM and Negotiate authentication + - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry + - HTTP/1.1: honour Cache-Control before Pragma:no-cache + - HTTP/1.1: Cache-Control compliance upgrade + - Remove obsoleted refresh_pattern ignore-no-cache option + - Fix IPv6 enabled squidclient + - ... and several compile fixes + +------------------------------------------------------------------- +Sat Oct 20 11:52:33 UTC 2012 - chris@computersalat.de + +- update to 3.2.2 (06 Oct 2012): + - Regression: Make login=PASS send no credentials when none available + - Regression: Handle dstdomain duplicates and overlapping names better + - Bug 3661: Segmentation fault when using more than 1 worker + - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error + - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry + - Bug 3648: polish String class files + - Bug 3647: parsing hier_code acl fails + - Bug 3626: forwarding loops on intercepted traffic + - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object + - Bug 3609: several RADIUS helper improvements + - Bug 3605: memory leak in Negotiate authentication + - Fix small memory leak in src ACL parse + - Fix maximum_single_addr_tries upgrade + - Fix chunked encoding on responses carrying a Content-Range header. + - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT + - ... and several compile errors +- fix deps + * add missing Obsoletes/Provides for squid3 + +------------------------------------------------------------------- +Wed Aug 15 17:40:30 UTC 2012 - chris@computersalat.de + +- package rename from squid3 back to squid + * old 'squid' (2.7STABLE9) now obsolete + * only one "stable" squid available >= 3.2 + +------------------------------------------------------------------- +Wed Aug 15 11:46:11 UTC 2012 - chris@computersalat.de + +- update to 3.2.1 (15 Aug 2012): + - Bug 3605: memory leak in peer selection + - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST + - ... and some documentation updates +- rebase squid-config patch + +------------------------------------------------------------------- +Fri Aug 3 11:27:00 UTC 2012 - chris@computersalat.de + +- update to 3.2.0.19 (02 Aug 2012) + - Regression Bug 3580: IDENT request makes squid crash + - Regression Bug 3577: File Descriptors not properly closed + - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic + - Regression Fix: Restore memory caching ability + - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) + - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion + - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. + - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index + - Support custom headers in [request|reply]_header_* manglers + - ... and much code polishing +- remove upstream patches + * 3.2-11611 - 3.2-11638 +- rebase config, nobuilddates, compiled_without_RPM_OPT_FLAGS patches + +------------------------------------------------------------------- +Mon Jul 30 23:52:17 UTC 2012 - chris@computersalat.de + +- add upstream patches + * 3.2-11631 - 3.2-11638 + +------------------------------------------------------------------- +Fri Jul 27 13:11:15 UTC 2012 - chris@computersalat.de + +- update to 3.2.0.18 (29 Jun 2012) + - Bug 3576: ICY streams being Transfer-Encoding:chunked + - Bug 3537: statistics histogram leaks memory + - Bug 3526: digest authentication crash + - Bug 3484: Docs: sslproxy_cert_error example flawed + - Bug 3462: Delay Pools and ICAP + - Bug 3405: ssl_crtd crashes failing to remove certificate + - Bug 3380: Mac OSX compile errors with CMSG_SPACE + - Bug 3258: Requests hang when Host forgery verify fails + - Bug 3186: Digest auth caches failed state without revalidating + - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring + - Bug 2885: AIX: check and set required compiler flags + - Fix ssl_crtd compile issues with libsslutil + - Fix build with GCC 4.7 (and probably other C++11 compilers). + - Fix double-escape of %R on deny_info redirect responses + - Support status 308 Permanent Redirect + - Support for TLSv1.1 and TLSv1.2 options and methods + - Support passing external_acl_type credentials on ICAP + - Language Updates: fr, hy, pt_BR + - ... and many compile issues on Windows + - ... and some minor code polish + for more info please see ChangeLog +- remove obsolete swapdir, FSF patches +- rebase config, nobuilddates patches +- add upstream patches + * 3.2-11611 - 3.2-11630 +- add compiled_without_RPM_OPT_FLAGS patch + * squid3 no-rpm-opt-flags :./cf_gen.cc + +------------------------------------------------------------------- +Tue Jun 12 10:22:46 UTC 2012 - chris@computersalat.de + +- update to 3.1.20 + - Regression Bug 3545: FreeBSD dnsserver segfaults + - Regression Bug 3504: clientside_tos fails to mark traffic + - Bug 3539: CONNECT server connection not closed correctly on errors + - Bug 3502: client timeout uses server-side read_timeout, not request_timeout + - Bug 3466: Adaptation stuck on last single-byte body piece + - Bug 3463: dnsserver fails to compile + - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option + - Bug 3390: Proxy auth data visible to scripts + - Bug 3263: ssl_crtd: undefined references to squid_curtime + - Bug 3233: Invalid URL accepted with url host is white spaces + - Bug 3133: Memory leak handling requests for sites that don't exist + - Bug 3074: Improper URL handling with empty path (RFC 3986) + - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 + - Regression: snmp/udp address directives not resolving hostname + - Better helper-to-Squid buffer size management. + - Support CoAP over HTTP (coap:// and coaps:// URLs) + - Support for 3.2 error template codes +- rebase config, swapdir patch + +------------------------------------------------------------------- +Fri Feb 17 16:01:23 UTC 2012 - chris@computersalat.de + +- some cleanup + * rebase patches (p0), remove version from patch_names +- add Source signature file +- add FSF patch (incorrect-fsf-address) +- add rpmlintrc file + * macro-in-comment + * no-manual-page-for-binary + +------------------------------------------------------------------- +Wed Feb 15 20:50:59 UTC 2012 - chris@computersalat.de + +- update to 3.1.19 + - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state + - Bug 3473: erase last uses of obsolete auth_user_hash_pointer + - Bug 3470: GCC 4.7 + - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL + - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state + - Bug 3440: compile error in Adaptation + - Bug 3420: Request body consumption races and !theConsumer exception + - Bug 3370: external ACL sometimes skipping + - Bug 3085: Crash when parsing esi:include + - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses + - Fix SSL library dependency fixes +- remove obsolete upstream patches + * squid-3.1-10415 - ..421 +- add squid source signature file + +------------------------------------------------------------------- +Mon Jan 16 13:49:22 UTC 2012 - chris@computersalat.de + +- add upstream patches + * 3.1-10419: Bug #3085: Crash when parsing esi:include + * 3.1-10420: Bug #3473: erase last uses of obsolete auth_user_hash_pointer + * 3.1-10421: Bug #3420: Request body consumption races and !theConsumer + exception. + +------------------------------------------------------------------- +Wed Dec 21 12:12:09 UTC 2011 - chris@computersalat.de + +- fix for bnc#737905 + * fix test EXPRESSION in post section + +------------------------------------------------------------------- +Mon Dec 12 12:47:50 UTC 2011 - chris@computersalat.de + +- add upstream patches + * 3.1-10417: Polish: debug messages on swap.state rename failure + * 3.1-10418: Bug #3442: assertion failed: external_acl.cc:908: + ch->auth_user_request != NULL + +------------------------------------------------------------------- +Wed Dec 7 22:33:43 UTC 2011 - chris@computersalat.de + +- fix build + * add upstream patches + - 3.1-10415: Portability: SSL library dependency fixes + - 3.1-10416: Bug #3440: compile error in Adaptation + +------------------------------------------------------------------- +Mon Dec 5 09:21:26 UTC 2011 - chris@computersalat.de + +- update to 3.1.18 + - Regression: compile error in FTP +- Changes to squid-3.1.17 (03 Dec 2011): + - Bug 3432: Crash logging FTP errors + - Bug 3428: Active FTP data channel accepted twice + - Bug 3423: access violation in URL parser + - Bug 3422: Buffer overflow in recv-announce + - Bug 3412: External ACL Uses Invalid Cache Entry + - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new + - Bug 3398: persistent server connection closed after PUT/DELETE + - Bug 3299: dnsserver: various undefined references + - Bug 3077: '\' in url query strings cause Digest authentication to fail + - Bug 2910: MemBuf may grow beyond max_capacity + - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption + - Bug 1243: Build overrides configured AR setting + - Avoid crashes when processing bad X509 common names (CN). + - Support %% in external ACL format + - ... and several other compile error fixes + - ... and several documentation fixes + +------------------------------------------------------------------- +Wed Nov 30 18:58:11 UTC 2011 - crrodriguez@opensuse.org + +- make coolo's bot reviewer happy + +------------------------------------------------------------------- +Wed Nov 30 18:11:27 UTC 2011 - crrodriguez@opensuse.org + +- Use service type "simple" + +------------------------------------------------------------------- +Mon Nov 28 20:18:40 UTC 2011 - crrodriguez@opensuse.org + +- Support systemd + +------------------------------------------------------------------- +Sun Nov 27 06:56:29 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sat Oct 15 14:00:35 UTC 2011 - chris@computersalat.de + +- update to 3.1.16 + - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED + - Bug 3368: Unhandled exceptions are not logged (workaround) + - Bug 3326: miss_access incorrect default + - Bug 3320: miss_access description confusing + - Bug 3241: squid_kerb_auth cross compilation fix + - Bug 3237: seq fault in free() from rfc1035RRDestroy + - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response + - db_auth: display available DSN drivers on connect error + - Updated OpenSSL 1.0.0 version checks + - ... and several documentation fixes + +------------------------------------------------------------------- +Wed Oct 5 00:32:36 UTC 2011 - crrodriguez@opensuse.org + +- Build with -DOPENSSL_LOAD_CONF see OPENSSL_config(3) for detail + +------------------------------------------------------------------- +Tue Aug 30 15:44:50 UTC 2011 - chris@computersalat.de + +- update to 3.1.15 + - Regression fix: vhost and defaultsite causing vport to be ignored + - Regression Bug 3295: broken escaping in rfc1738_do_escape + - Bug #3232: fails to compile with OpenSSL v1.0.0 + - Bug #3222: cache_peer name is not logging on CONNECT + - Bug #3131: fd_table[fd].closing() assert + from ConnStateData::noteMoreBodySpaceAvailable() + - Bug #3217: "!fd_table[fd].closing()" + from ServerStateData::noteMoreBodySpaceAvailable + - Bug #3213: https sites (CONNECT) not open when using NTLM + - Bug #3114: Memory leak in SSL certificate verify code + - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes + - Bug #2662: cf_gen failure when cross compiling + - Bug #2655: passing wrong the username to the url_rewrite_program + - Bug #2495: ignore whitespace prefix on config lines + - Bug #2051: 'default' cache_peer option does not match documentation + - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() + - Bug #1791: timestampsSet does not validate Date: if server sends very old date + - Correct parsing of large Gopher indexes + - Enable negative cacheing on unknown or -1 expiry timestamp + - Remove hierarchy_stoplist default value + - Migrate cf_gen tool from C-style to C++ + - ... and several documentation and compiler warning fixes + +------------------------------------------------------------------- +Thu Aug 18 04:33:40 UTC 2011 - crrodriguez@opensuse.org + +- Disable "ident" lookups, obsolete and dangerous thing + to have enabled these days. + +------------------------------------------------------------------- +Sun Jul 24 14:29:24 UTC 2011 - chris@computersalat.de + +- fix build for SLE_10 + +------------------------------------------------------------------- +Wed Jul 20 04:29:08 UTC 2011 - crrodriguez@opensuse.org + +- This is a long running network daemon, build with + full RELRO +- remove -fno-strict-aliasing, no longer needed. + +------------------------------------------------------------------- +Mon Jul 4 22:05:17 UTC 2011 - chris@computersalat.de + +- update to 3.1.14 + - Regression Bug 3261: Could not create a DNS socket and exit +- 3.1.13 + - Regression Bug 3239: problems with myip/myport upgrade + - Bug 3153: hung ICAP RESPMOD transactions + - Update ssl_crtd to use 'OK' status inline with other helpers +- remove obsolete upstream patches (10319,10320) + +------------------------------------------------------------------- +Mon Jun 27 13:42:53 UTC 2011 - chris@computersalat.de + +- add upstream patches + o 10319, SourceFormat Enforcemen + o 10320, Bug 3153: additional compile fixes + +------------------------------------------------------------------- +Sun Jun 19 18:37:40 UTC 2011 - chris@computersalat.de + +- update to 3.1.12.3 + - Bug 3236: Port of %oa, % 3.1.12.3 + o nobuilddates 3.1.12 -> 3.1.12.3 +- remove obsolete patches + o 3.1.11-unused + o 3.1.12-no-sslv2 + +------------------------------------------------------------------- +Thu Jun 2 14:33:36 UTC 2011 - chris@computersalat.de + +- update to 3.1.12.2 + - Bug 3226: Tags from external ACLs do not correctly expire + - Bug 3215: Malformed IPv6 DNS reverse lookup + - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches + - Bug 3205: SSL-bump starts then hangs + - Bug 3178: gcc-4.6 complains unused variables + - Bug 3122: Unknown record type in WCCPv2 Packet (6) + - Bug 2965 (partial): Compile errors on MinGW + - Fix to only ssl-bump CONNECT requests if they are about to be tunneled + - Fix cache manager display of -i/+i in regex ACL config display + - Fix cache manager display of cache_peer options userhash and sourcehash + - Fix URL re-writer loosing many transaction details + - Fix always-true comparison in ICAP for some 32-bit platforms + - Support for 'slow' group ACLs in ssl_bump access control + - Support OpenSSL 1.0.0 built without SSLv2 + - Support GCC 4.6 and binutils-gold + - Add CSS id attribute to BODY tag of generated error pages. + - Display WARNING and ERROR when max_filedescriptors has failed + +------------------------------------------------------------------- +Thu May 5 19:27:36 UTC 2011 - chris@computersalat.de + +- update to 3.1.12.1 + - Port from 3.2: Dynamic SSL Certificate generation + - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp + - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 + - Bug 3183: Invalid URL accepted with url host part of only '@' + - Display ERROR in cache.log for invalid configured paths + - Cache Manager: send User-Agent header from cachemgr.cgi + - ... and many portability compile fixes for non-GCC systems. + +------------------------------------------------------------------- +Tue May 3 17:57:56 UTC 2011 - chris@computersalat.de + +- rework initscript + o rename source to squid.init + o ShouldStart winbind + o setup cache_dir only if defined in squid.conf + otherwise squid won't start, cause cache_dir is not set by default + o new vars to squid.sysconfig + default_opts '-sYD' -> '-sY' (-D obsolete) +- remove author from spec +- updated unused patch (idoenmez@novell.com) + +------------------------------------------------------------------- +Fri Apr 29 11:10:06 UTC 2011 - idoenmez@novell.com + +- Add squid-3.1.11-unused.patch: remove write only variables to + fix compilation with gcc 4.6 + +------------------------------------------------------------------- +Thu Apr 21 16:05:07 UTC 2011 - chris@computersalat.de + +- mv RPM_BUILD_ROOT to {buildroot} +- fdupes only on {buildroot}{_prefix} + o no symlinks on config files ;) + hence configs won't be overwritten on update + +------------------------------------------------------------------- +Tue Apr 12 13:11:40 UTC 2011 - chris@computersalat.de + +- rework config patch + o 3.1.4 -> 3.1.12 +- add some comments for patches +- sort header TAGS + +------------------------------------------------------------------- +Mon Apr 11 03:03:01 UTC 2011 - crrodriguez@opensuse.org + +- Allow compile without SSLv2 + o no-sslv2 patch +- Supress build dates in binaries. + o nobuilddates patch +- Default cache storage type should be "aufs" in Linux + o update config patch + +------------------------------------------------------------------- +Wed Apr 6 14:15:58 UTC 2011 - chris@computersalat.de + +- update to 3.1.12 + (Bugs tracked by http://bugs.squid-cache.org/) + - Regression fix: Use bigger buffer for server reads. + - Regression fix: Add reply_header_replace directive for ability lost since 2.7 + - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 + - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" + - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled + - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure + - Bug 3164: Total memory info display 32-bit overflows + - Bug 3155: Werror is hard-coded in libTrie build + - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage + - Bug 2976: invalid URL on intercepted requests during reconfigure + - Bug 2720: comment in same line as cache/mem_replacement_policy causes error + - Bug 2621: Provide request headers to RESPMOD when using cache_peer. + - Bug 2330: AuthUser objects are never unlocked + - Prevent CONNECT request relaying to origin servers + - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) + - squidclient: send Cache Manager password using -w + - eCAP: give full Request-URI to adapters + - ... and several debug and error display cleanups + +------------------------------------------------------------------- +Sun Feb 13 17:03:55 UTC 2011 - chris@computersalat.de + +- update to 3.1.11 + - Bug 3149: not caching eCAP adapted body + - Bug 3144: redirector program blocks while reading STDIN + - Bug 3140: memory leak in error page generation + - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server + - Bug 3115: logging segfaults if access_log is set to a directory + - Bug 2968: Show the Vary: headers information in cachemgr objects report + - Bug 2959: remove SAMBAPREFIX dependency + - Bug 2868: icc doesn't like string literal in assert checks + - HTTP/1.1: Send 307 status on deny_info redirection + - HTTP/1.1: Support POST/PUT with no body + - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents + - Support RFC 5861 Cache-Control: stale-if-error option + - Add ftp_eprt directive to disable EPRT extensions in FTP + - Fix external_acl_type grace=0 to obey TTL + - Fix IP/FQDN cache accounting to avoid idle caches on busy servers + - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth + - ... and some documentation updates and corrections + - ... and some portability and stability fixes + +------------------------------------------------------------------- +Tue Jan 4 11:49:40 UTC 2011 - chris@computersalat.de + +- update to 3.1.10 + - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice + - Bug 3113: Consuming too much memory when uploading files + - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for + - Bug 3096: Consuming too much memory when delaying traffic + - Bug 3091: Bypassed ICAP errors are not counted as service failures + - Bug 3090: Polish FTP login error handing + - Bug 3068: cache_dir capacity and usage overflows + - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain + - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests + - Fix memory leak in adaptation_access + - Fix /dev/poll and poll() selection priority + - Fix PREFIX/var/run creation during install + - Fix cachemgr http_port config report display + - Add upgrade help process for obsolete options + - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' + - HTTP/1.1: entry is stale if request has max-age=0 + - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD + - Toolchain update to support newer auto-tools + - ... and updated error page translations + - ... and updated documentation + - ... and some code optimization/simplification polish +- reworked swapdir patch + +------------------------------------------------------------------- +Fri Oct 29 23:57:39 UTC 2010 - chris@computersalat.de + +- update to 3.1.9 + - Bug 3088: dnsserver is segfaulting + - Bug 3084: IPv6 without Host: header in request causes connection to hang + - Bug 3082: Typo in error message + - Bug 3073: tunnelStateFree memory leak of host member + - Bug 3058: errorSend and ICY leak MemBuf object + - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port + - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies + - Bug 3053: cache version 1 LFS support detection broken + - Bug 3051: integer display overflow + - Bug 3040: Lower-case domain entries from hosts and resolv.conf files + - Bug 3036: adaptation_access acls cannot see myportname + - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs + - Bug 2964: Prevent memory leaks when ICAP transactions fail + - Bug 2808: getRoundRobinParent not handling weights correctly + - Bug 2793: memory statistics sometimes display wrong + - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support + - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb + - Ensure /var/cache or jail equivalent exists on install + - HTTP/1.1: delete Warnings that have warning-date different from Date + - HTTP/1.1: do not remove ETag header from partial responses + - HTTP/1.1: make date parser stricter to better handle malformed Expires + - HTTP/1.1: improve age calculation + - HTTP/1.1: reply with a 504 error if required validation fails + - HTTP/1.1: add appropriate Warnings if serving a stale hit + - HTTP/1.1: support requests with Cache-Control: min-fresh + - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store + - squidclient: Display IP(s) connected to in verbose (-v) display + - Fixes several issues with ICAP persistent connections + - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS + - ... and some cosmetic polishing +- removed obsolete patches + o squid-beta-3.0-ia64 (upstream) + o squid-beta-3.0-mem_node_64bit (not needed, Amos) + o squid-3.1.4-openldap (not needed, Amos) +- reworked swapdir patch + o send upstream + +------------------------------------------------------------------- +Sun Sep 5 18:49:46 UTC 2010 - chris@computersalat.de + +- update to 3.1.8 + - Bug 3033: incorrect information regarding TOS + - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL + - Bug 3005,2972: Locate LTDL headers correctly (again) + - Bug 2872: leaking file descriptors + - Bug 2583: pure virtual method called + - Hardened DNS client against packet queue attacks + - Hardened HTTP request-line parser + - Several HTTP/1.1 support improvements + - Improved cross-compile support + - .. and several internal pointer safety fixes +- remove obsolete patches + o bug2972-real-fix.patch + o squid-bootstrap.patch + +------------------------------------------------------------------- +Tue Aug 31 13:43:26 UTC 2010 - chris@computersalat.de + +- added bug2972-real-fix.patch + o fix build for SLE_10 + o but impossible to apply LDAP patch + +------------------------------------------------------------------- +Wed Aug 25 09:46:36 UTC 2010 - chris@computersalat.de + +- update to 3.1.7 + - Regression Bug 3021: Large DNS reply causes crash + - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes + - Regression Bug 2997: visible_hostname directive no longer matches docs + - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port + - Bug 3006: handle IPV6_V6ONLY definition missing + - Bug 3004: Solaris 9 SunStudio 12 build failure + - Bug 3003: inconsistent concepts in documentation of cache_dir + - Bug 3001: dnsserver link issues + - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) + - HTTP/1.1: Improved Range header field validation + - HTTP/1.1: Forward multiple unknown Cache-Control directives + - HTTP/1.1: Stop sending Proxy-Connection header + - Fix 32-bit wrap in refresh_pattern min/max values + - ... and several documentation corrections. + +------------------------------------------------------------------- +Tue Aug 10 11:07:29 UTC 2010 - chris@computersalat.de + +- update to 3.1.6 + - Bug 2994, 2995: IPv4-only regressions + - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() + - Bug 2975: chunked requests not supported after regular ones + - Fix: 32-bit overflow in reported bytes received from next hop + - Fix Libtool build regressions + - Limited split-stack IPv6 support. + - squid_db_auth support MD5 encrypted passwords + +------------------------------------------------------------------- +Sun Jul 25 16:16:47 UTC 2010 - chris@computersalat.de + +- update to 3.1.5 + - Bug 2967: raw-IPv6 address URL with append_domain broken + - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached + - Bug 2943: ICAP tokens not logged when using multiple access + - Bug 2937: Fails to detect chunked encoding if not given in all lower case + - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod + - Fix free memory corruption and off-by-one error when comparing SNMP OIDs + - Port from 2.7: max_filedescriptor config option + - Fix persistent_connection_after_error is meant to be on by default + - ... and several build errors. + +------------------------------------------------------------------- +Wed Jun 9 11:51:33 UTC 2010 - chris@computersalat.de + +- fix build for SLE_10 + o added bootstrap patch + o fix permissions.secure for pam_auth +- spec mods + o build with --mandir + o add BuildReq libcap-devel (TPROXY) + +------------------------------------------------------------------- +Tue Jun 8 20:54:20 UTC 2010 - chris@computersalat.de + +- new version 3.1.4 + - Bug 2933: Verification of the max. port number for WCCP2 dynamic service + - Bug 2924: RADIUS helper compile issues + - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" + - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client + - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" + - Bug 2879: pt2: 3.0 regression in headers end finding + - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests + - Bug 2876: FD_SETSIZE override not working on all linux distributions + - Bug 2810: common log format generates 2 lines of syslog + - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB + - Bug 2753: Fall back on IPv4 if IPv6 is not present + - Bug 2697: Adaptation leaks and extra requests after reconfiguration + - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field + - Change LDAP helpers to default to LDAP version 3 if available + - Add Joomla and Salted Hash support to squid_db_auth helper + - Fixed IpAddress port printing for ports higher than 9999 + - Disable chunked memory pooling by default. + - ... and several build errors. +- reworked config patch with fuzz=0 +- removed libxml2 patch +- added swapdir patch +- reworked ldap patch +- adopt build_option storeio: (build all) + o --enable-storeio=aufs,diskd,null,ufs -> --enable-storeio +- adopt build_option ntlm-auth-helpers: SMB -> smb_lm + o ntlm_auth -> ntlm_smb_lm_auth +- enable parallel build +- fix permissions file + +------------------------------------------------------------------- +Tue Mar 16 22:18:08 UTC 2010 - chris@computersalat.de + +- new version 3.0.STABLE25 + - Bug 2845: Rework the http digest auth parser + - Bug 2787: unknown/unexpected status code messages + - Bug 2507: squid_ldap_group: Strip Domain name separated by + + - Bug 2367: stale=true on digest requests with unknown nonce + - ... and several other minor corrections + +------------------------------------------------------------------- +Tue Feb 16 09:33:33 UTC 2010 - chris@computersalat.de + +- new version 3.0.STABLE24 + * Bug 2858: Segment violation in HTCP + * Updated refresh pattern for dynamic pages +- version 3.0.STABLE23 + * Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 + * Regression Fix: Build error in Kerberos helper after library removal. +- version 3.0.STABLE22 + * Regression Fix: Make Squid abort on all config parse failures. + * Bug 2787: Reduce unexpected http status to non-critical warnings. + * Bug 2496: Downloading some variants in full before relaying + * Bug 2452: Add upper limit to external_acl_type entries. + * Removed optional kerberos/spnegohelp/ library due to licensing issues + * Add client_ip_max_connections + * Handle DNS header-only packets as invalid. +- version 3.0.STABLE21 + * Bug 2830: Clarify where NULL byte is in headers. + * Bug 2778: Linking issues using SunCC + * Bug 2395: FTP errors not displayed + * Bug 2155: Assertion failures on malformed Content-Range response headers + * Fix parsing and a few bugs in ACL time type + * Fix RFC keep-alive compliance on intercepted replies + * Improved security hardening on %nn parser + * Replace several GCC-specific code snippets. + +------------------------------------------------------------------- +Mon Nov 9 20:40:30 UTC 2009 - chris@computersalat.de + +- new version 3.0.STABLE20 + * Bug 2794: ESI parsing on FreeBSD + * Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity + * Bug 2779: Support GNU/kFreeBSD + * Bug 2773: Segfault in RFC2069 Digest authantication + * Bug 2768: squid_ldap_group argument parsing error + * Bug 2761: Gopher and double HTTP response header + * Bug 2735: Incomplete -fhuge-objects detection + * Bug 2722: prevent CONNECT via http_port with accel + * Bug 2624: Invalid response for IMS request + * Bug 2510: digest_ldap_auth TLS support + * Correct LINUX_CAPABILITY actions on non-Linux +- removed old upstream patches + o squid-3.0-9107.patch - squid-3.0-9124.patch + +------------------------------------------------------------------- +Wed Oct 7 23:58:37 CEST 2009 - chris@computersalat.de + +- added upstream patches + o squid-3.0-9107.patch - squid-3.0-9124.patch + +------------------------------------------------------------------- +Mon Sep 14 13:37:55 UTC 2009 - chris@computersalat.de + +- new version 3.0.STABLE19 + * Bug 2745: Invalid Response error on small reads + * Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf + * Bug 2734: some compile errors on Solaris + * Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy + * Bug 2541: Hang in 100% CPU loop while extacting header details + using a delimiter other than comma + * Bug 2362: Remove support for deferred state in stateful helpers + * Add 0.0.0.0 as a to_localhost address + * Docs: Improve chroot directive documentation slightly + * Fixup libxml2 include magics, was failing when a configure cache was used + * ... and some minor testing improvements. +- spec mods + o adding group winbind, add squid to group winbind + when using squid with samba-winbind for ntlm_auth + squid needs read access to /var/lib/samba/winbindd_privileged + group winbind is added if squid is installed before winbind ;) + +------------------------------------------------------------------- +Sat Sep 5 20:21:53 CEST 2009 - chris@computersalat.de + +- added upstream patches + o b9097 - b9103 +- rpmlint + o added fdupes + +------------------------------------------------------------------- +Wed Sep 2 13:15:45 UTC 2009 - chris@computersalat.de + +- cleanup spec + o removed #-------- + +------------------------------------------------------------------- +Tue Sep 1 10:04:02 CEST 2009 - coolo@novell.com + +- remove outdated patches + +------------------------------------------------------------------- +Mon Aug 31 10:30:54 CEST 2009 - coolo@novell.com + +- merge factory changes with buildservice + +------------------------------------------------------------------- +Sun Aug 30 20:03:46 UTC 2009 - aj@suse.de + +- Fix patch numbering for rpm 4.7. + +------------------------------------------------------------------- +Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de + +- make patch0 usage consistent + +------------------------------------------------------------------- +Fri Aug 21 13:27:52 UTC 2009 - chris@computersalat.de + +- added upstream patches + o b9095, b9096 + +------------------------------------------------------------------- +Sat Aug 15 16:26:30 CEST 2009 - chris@computersalat.de + +- added upstream patches + o b9089 - b9094 + o disabled b9089,b9090,b9092 cause can not patch inexistent file + +------------------------------------------------------------------- +Tue Aug 11 11:10:13 UTC 2009 - chris@computersalat.de + +- new version 3.0.STABLE18: + * Bug 2728: regression: assertion failed: !eof + * Bug 2732: reply_body_max_size smaller than error page loops + infinitely until out of memory + * Bug 2725: pconn failure if domain or client_address are unset + * Bug 2648: reserved helpers not shut down after reconfigure/rotate + * Bug 2462: make check should tell when cppunit is missing + * Remove excess messages about headers < minimum size + * Support Libtool 2.2.6 +- Changes to squid-3.0.STABLE17 (27 Jul 2009): + * Bug 2680 regression: Crash after rotate with no helpers running + * Bug 2710: squid_kerb_auth non-terminated string + * Bug 2679: strsep and strtoll detection failure + * Bug 2674: Remove limit on HTTP headers read. + * Bug 2659: String length overflows on append, leading to segfaults + * Bug 2620: Invalid HTTP response codes causes segfault + * Bug 2080: wbinfo_group.pl - false positive under certain conditions + * Bug 1087: ESI processor not quoting attributes correctly. + * Fix: issue with AUFS/UFS/DiskD writing objects to disk cache + * Several small build issues with previous release. + for full changes list, see: + http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18-RELEASENOTES.html +- removed squid-3.0.STABLE16-gcc_warn_kerb_auth.patch +- removed changed, deprectated configure options + o deprecated: + --enable-poll + o changed to default: + --enable-htcp + --enable-snmp + +------------------------------------------------------------------- +Sat Jul 25 19:27:34 CEST 2009 - chris@computersalat.de + +- spec mods + * removed ^---------- + * removed ^#--------- + +------------------------------------------------------------------- +Thu Jul 23 18:22:09 CEST 2009 - chris@computersalat.de + +- new version 3.0.STABLE16: + * Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk + * Bug 2481: Don't set expires: now in generated error responses + * Bug 2387: The calculation of the number of hash buckets correctly + * Fix infinite loop in MSNT auth helper + * Fix FD_SETSIZE on FreeBSD + * Fix stripping NT domain in squid_ldap_group + * Fix RADIUS auth helper build + * Add Translate: and Unless-Modified-Since: headers to known list + * Make fakeauth handle NTLMv2 better + * Better Kerberos support detection + * Several Widows port fixes +- Changes to squid-3.0.STABLE16-RC1 (16 May 2009): + * Bug 1148: Ported from 3.1: Chunked Transfer Encoding + * Bug 2648: NTLM helpers not shutting down when deferred +- Changes to squid-3.0.STABLE15 (06 May 2009): + * Regression Bug 2635: Incorrect Max-Forwards header type + * Bug 2652: 'Success' error on CONNECT requests + * Bug 2625: IDENT receiving errors + * Bug 2610: ipfilter support detection + * Bug 2578: FTP download resume failure + * Bug 2536: %H on HTTPS error pages + * Bug 2491: assertion "age >= 0" + * Bug 2276: too many NTLM helpers running + * Endian system and compiler fixes provided by the NetBSD project + * documentation fixes provided by the Debian project +- Changes to squid-3.0.STABLE14 (11 Apr 2009): + * Regression Fix: HTTP/0.9 in accelerator mode + * Bug 1232: cache_dir parameter limited to only 63 entries + * Bug 1868: support HTTP 207 status + * Bug 2518: assertion failure on restart/reconfigure + * Bug 2588: coredump in rDNS lookup + * Bug 2595: Out of bounds memory write in squid_kerb_auth + * Bug 2599: Idempotent start + * Bug 2605: Prevent setsid() on helpers in daemon mode + * Fix external_acl_type option parsing + * Fix delay pools counters on FTP + * Fix several issues with ident (some remain) + * Fix performance issues with persistent connections + * Fix performance issues with delay pools + * Fix forwarding of OPTIONS requests + * Add support for HTTP 1.1 Content-Disposition header + * Add support for Windows 7, Windows Server 2008 R2 and later + * ... and many small documentation updates + for full changes list, see: + http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE16-RELEASENOTES.html +- reworked gcc_warn_kerb_auth + * was partially added +- added after RELEASE patches + * b9052 - b9067 + for full changes list, see: + http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE16.html +- some spec mods + * removed {rel} + +------------------------------------------------------------------- +Wed Jun 10 16:54:49 CEST 2009 - ro@suse.de + +- strchr returns a const char* now, work around + +------------------------------------------------------------------- +Sun May 3 15:34:27 CEST 2009 - chris@computersalat.de + +- some spec fixes + +------------------------------------------------------------------- +Thu Feb 19 19:53:26 UTC 2009 - chris@computersalat.de + +- new version 3.0.STABLE13: + * following patches removed from build + * b8898.patch + * b8900.patch + * b8902.patch + * b8904.patch + * b8905.patch + * b8906.patch + * b8907.patch +- some rpmlint fixes + +------------------------------------------------------------------- +Wed Feb 18 12:37:05 UTC 2009 - chris@computersalat.de + +- fixed failing fillup +- fixed expansion error for SLES_9 +- added KRB5_KTNAME to sysconfig file + mods to init script +- added README.kerberos + +------------------------------------------------------------------- +Wed Jan 28 16:40:00 CET 2009 - kssingvo@suse.de + +- update to squid-3.0.STABLE13 with these fixes: + * ICAP filters break download resume + * HTCP fails without icp_port + * logformat '%tl' field not working as advertised + * Policy: Change half_closed_clients default to off + * Policy: Removed -V command line option, deprecated by 2.6 + * filedescriptors being left unnecessary opened + * fault passing ICAP filtered traffic to peers + * Sefgaults in MemBuf::reset during idnsSendQuery + * bad default in ACLChecklist + * access.log request size tag + * cache_peer forceddomainname=X option + ... and few minor ones. For complete list see: + http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE12.html + +------------------------------------------------------------------- +Thu Nov 6 15:59:17 CET 2008 - kssingvo@suse.de + +- reworked on sysconfig files (bnc#439006) + +------------------------------------------------------------------- +Mon Oct 27 16:48:56 CET 2008 - kssingvo@suse.de + +- update to squid-3.0.STABLE10, fixes mainly: + bad assert in forwarding + Segfault on failed TCP DNS query + DNS requests getting stuck in idns queue + FTP PUT gives bad gateway + ... and few minor ones. For complete list see: + http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE10.html +- removed old patches, which were included upstream now +- renamed sysconfig.squid to sysconfig.squid3 (bnc#439006) + +------------------------------------------------------------------- +Mon Oct 13 14:52:39 CEST 2008 - kssingvo@suse.de + +- reenabled linux-netfilter in configure as seems to work now again + +------------------------------------------------------------------- +Thu Oct 2 14:36:14 CEST 2008 - kssingvo@suse.de + +- added official patches: + * assertion fix in forward.cc + * bad links in ./configure due to website changes + * define DEFAULT_CACHEMGR_CONFIG before its first use + * don't strcmp Config.Log.store if it's NULL in storeLogOpen + * workaround: When dns_error_message value is lost + * ftp put gives bad gateway but put is correct + * fix of a compilation error + +------------------------------------------------------------------- +Wed Sep 10 12:40:46 CEST 2008 - kssingvo@suse.de + +- new version 3.0.STABLE9: + * Correct HTCP stats + * fix: mgr:active_requests always returns "delay_pool 0" + * fix: 3.0 must still wrap CARP properly + * Improve display on fd debug output + * Correct ICAP notes: *_postcache vector points not coded + * fix: squid_ldap_group -h reports the old % codes for -f + * Fix: Unsupported method in request may show raw binary data in log + * Fix: cppunit tests broken by squid.h defines + * fix: no_check.pl ntlm helper never sends challenge + * Increase buffer in authenticateNegotiateStart / squid_kerb_auth + * peer name not logged in access.log like expected, instead the ip + address is logged + * Fixed typo in squid.h which would prevent leak checking for arrays + * COSS removal from 3.0 + * Use safe functions in basic auth MSNT helper + for full changes list, see: + http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html +- removed coss as disk storage method, as it became unstable now + +------------------------------------------------------------------- +Wed Aug 20 12:29:36 CEST 2008 - kssingvo@suse.de + +- fixed configure option: + * change from "with-large-files" to "enable-large-files" + * removed netfilters (kernel 2.4) option +- fixed init script +- added sysconfig as in squid + +------------------------------------------------------------------- +Tue Jul 22 16:08:26 CEST 2008 - kssingvo@suse.de + +- new version 3.0.STABLE8: + * Support for cachemgr sub-actions + * userhash peer selection method + * sourcehash peer selection method + * round-robin balancing fixes + * acl documentation cleanup + * cachemgr.cgi HTML output encoding + * Regression: Log format size options + * Correct the opening of PF device file. + * ICAP accept mechanism + * Regression: fakeauth_auth crashes + * Boost error pages HTML standards. + * Fixes several issues on 64-bit systems + * Fixes several issues on older or stricter compilers + * Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround + * Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1 + for full changes list, see: + http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html +- removed unneccesary compiler warning patch +- added new patch for warnings in kerberos auth + +------------------------------------------------------------------- +Wed Jul 2 16:13:35 CEST 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE7, which is mainly a bugfix version only: + * important fix for ASN.1 DoS (no CVE) + * spelling corrections + * assertion on ESI page + * in snmp reporting + * (extra) whitespaces in logfile + * added note that negative_ttl is a HTTP violation + * Memory allocation problem in restoreCapabilities(), tools.cc + * etc. + for full change list see: +http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE7.html + +------------------------------------------------------------------- +Wed May 21 17:39:14 CEST 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE5, which is mainly a bugfix version only: + * fix in parsing cachemgr.conf + * segfault in tunnelConnectTimeout() + * segfault in MemBuf::append() + * basic auth leaks memory + * access_log syslog results in blanks syslog lines + * umask support with porting from 2.6 + * segfault in AuthDigestUserRequest::authUser + * ntlm_auth helper resolves DC hostname to 0 + ... and some minor bugfixes more +- added cachemngr.conf.default to files + +------------------------------------------------------------------- +Mon May 19 19:39:48 CEST 2008 - kssingvo@suse.de + +- added "sharedscripts" to logrotate (bnc#388088) + +------------------------------------------------------------------- +Fri May 9 15:36:15 CEST 2008 - schwab@suse.de + +- Use autoreconf. + +------------------------------------------------------------------- +Tue Apr 29 17:39:40 CEST 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE5, which is mainly a bugfix version only: + * Bypassing 403 and 404 status to ICAP using icap_access - Failed + * file uploads (RFC1867) fail with "error:double-CR" + * Range tests failing. + * crashes/restarts when ICAP enabled on respmod for HTTP body size + greater than 100kb + * Support for resolv.conf 'domain' option + * Fix for incorrect default time/date log format + * Fix: reentrant debugging crashes Squid + * better handling of intercepted URI + * better port for non-FQDN URI lookups + * Improved logging, including incorrect timestamp format in earlier + 3.0 releases + * Support for profiling on x86 64-bit systems +- removed upstream patches, which are now included in source tarball +- removed own compiler warning patch (now upstream) + +------------------------------------------------------------------- +Thu Apr 17 12:07:17 CEST 2008 - kssingvo@suse.de + +- added official patches: + * increase MAX_URL to 8192 + * Honor 0x and 0 prefixes as numeric base indication when parsing + squid.conf integer options. + * Correct and simplify parsing of list headers + * Fix processing of large reply headers + * Removed execute bit from various non-executable source files + * assertion failed: HttpHdrContRange.cc:100: "spec->length >= 0" + * Fallback on transparent interception mode even if the connection + didn't seem to be transparently intercepted + * fix pt 2: DIRECT/ mixed with DIRECT/ + * Fallout from build-testing the new backports. +- fixed a compiler warning, which got treated as an error + +------------------------------------------------------------------- +Mon Apr 7 18:46:46 CEST 2008 - kssingvo@suse.de + +- fix for unpackaged non-man pages (SLE9, SLE10 build failures) + +------------------------------------------------------------------- +Mon Apr 7 18:26:43 CEST 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE2: + * improved HTTP 1.1 support + * Proxy-Authentication regression + * Strip Domain from NTLM usernames for use in class 4 Delay Pools + * compile error slipped into STABLE3 + * ... and as usual Many bug fixes since STABLE 2. + Please, have a look into included ChangeLog file for details. + +------------------------------------------------------------------- +Tue Mar 18 16:11:37 CET 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE2: + * Add myportname ACL for matching the accepting port name (see + release notes) + * Add include directive for squid.conf (see release notes) + * Add ability to strip kerberos realm from usernames during Auth + * License cleanup to comply with GPLv2 or later + * Updated Error Pages and Translations + * Updated configuration examples + * Updated valgrind support for valgrind-3.3.0 + * Improved support for Windows and MacOS X Leopard + * Improved support for files larger than 2GB + * Improved support for CARP arrays and WCCPv2 + * Improved cachmgr, SNMP, and log reporting + * ... and as usual Many bug fixes since STABLE 1 +- removed unnecessary, official patches for STABLE1 + +------------------------------------------------------------------- +Wed Mar 12 13:39:43 CET 2008 - kssingvo@suse.de + +- added many official patches: + * Squid Bugzilla #2250: double-freeing memory in http_port name= + option code. + * Optimisation cleanup of fake_auth + * Fix Castings slipped out of back-ported patches from 3.1. + * Update errors/list to match the actual list of error pages used + * Added a CPPUNIT assertion to test whether a failed CPPUNIT test + case properly + * Several String fixes. + * The connect(2) system call might return "connection ready" + * Sort cache list in wccpv2 to ensure a consistent hash + allocation across all serv + * Squid Bugzilla #1978: fwdServerClose retries non-idempotent + methods + * Squid Bugzilla #2172: When user fails authentification Squid + restarts + * Squid Bugzilla #2186: NONE/- due to persistent connections + * Squid Bugzilla #2189 fix: when dumping SNMP oids, do not + overrun the result buffer. + * Assert that checklist and request are set instead of + segfaulting as in bug 2168 + * Squid Bugzilla #1923 fix: Do not send hop-by-hop headers to the + ICAP server. + * Squid Bugzilla #1933 fix: Fixed memory pools configuration + reporting. + * Squid Bugzilla #2110 fix: When Squid is shutting down, disable + persistent connections + * Squid Bugzilla #2153: Use the cache_peer name in CARP hashing + to support multiple peers on the same host + * Add check for glob() and glob.h availability + * make include support wildcards, and document the directive + (copied from squid-2) + * Use our own strwordtok instead of strtok_r. Not only is it + portable, but also understands quoting and escaping + * Squid Bugzilla #2180 (update) - include minor issues + * include directive for squid.conf + * More off_t related cleanups triggered by Squid Bugzilla #2164. + * Squid Bugzilla #2164: assertion failed: stmem.cc:321: + "candidate.offset >= 0" + * Squid Bugzilla #2150: Connection hangs on automatic retry + * Squid Bugzilla #2175: Update valgrind support for + valgrind-3.3.0 + * Random authenticaiton failures when using Digest authentication + * digest auth related memory corruption + * Allow informal errors on stderr when using -k parse + * Squid Bugzilla #2063: Hide debugging messages before cache.log + is opened + * Squid Bugzilla #2018: dead_peer_timeout fails to declare peer + dead + * Squid Bugzilla #2114: cache memory accounting not working well + * Fix some minor casting errors affecting cachemgr reporting when + cache/mem >2GB + * Squid Bugzilla #2231: Compile error in squid_kerb_auth under + Mac OS X 10.5.2 + * Squid Bugzilla #2101: Reuse pconns using LIFO + * Squid Bugzilla #2159: WCCPv2 assertion failure on Mask + assignment + * Kill unused body_size variable + * Kill obsolete phttpd/0.99.72 malformed HEAD response + workaround. + * License cleanup to comply with GPLv2 or later. + * Sync store meta assignments with Squid-2. + * Don't be so verbose about not yet implemented store meta data + types + * Accept some unknown store meta entries without throwing away + the rest. + * Patch to strip kerberos realm from username + * Clean up of deferred reads and delay pools was not applied to + comm_select_win32.cc + * Fix missing default disk store type into QUICKSTART example. + * Alter caching policy for Dynamic Objects. + * Squid Bugzilla #2166 - Error compiling on Mac OS X 10.5 Leopard + * Correct example IPs in tcp_outgoing_address config + * Squid Bugzilla #2189 - wrong parameters used for memset +- removed our patches, which are upstream included now +- worked on BuildRequires: + +------------------------------------------------------------------- +Tue Jan 15 15:04:06 CET 2008 - kssingvo@suse.de + +- update to version 3.0.STABLE1: + * Updated changelog for 3.0.STABLE1 release + * MFC + * Name the upcoming release 3.0.STABLE1 MFC + * Remove references to myself and NLANR, add pointer to COPYRIGHT + file + * Change old info@ircache.net contact address to + info@squid-cache.org + * Fixed more compile errors after removal of snprintf.h + * Fix compile errors after removal of snprintf.h + * Removed the following debugging line, numerous copies of which + used to appear + * Set default formatting flags for the debugging stream to + "fixed" with a + * Delete now unused snprintf.h header file + * removed lib/snprintf.c credits as it's no longer shipped with + Squid + * Kill GPL-incompatible (Apache) lib/snprintf.c source. + * assertion failed: comm.cc:116: "ccb->active == false" + * squid.conf, others overwrite -X + * Wrap equation argument to debugs() properly. + * Correct attribution of current MD5 changes. + * Fix typo added during some patch. + * Fix SegFault when NetDB asked to ping a zero-length + domain/hostname + * allow pending cache hits when delay pools not compiled in pack + header entries on cache updates + * Update to Squid MD5 syntax + * Correct update of 304 headers + * Make squid_db_auth reopen the database connection on each query + by default + * Updated MD5 credits (no longer RSA). Removed winbind credits + (no longer shipped with Squid) + * Drop the RSA licensed MD5 implementation, and use the one + shipped with Squid instead + * Change priority of proxy auth and extacl provided username in + login=*:pass + * Declare Squid 3 Windows support NOT STABLE. + * Fix build failure caused by a typo. + * Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other + developers + * Change 'ESI' define to 'SQUID_ESI' + * More fixes for recent MD5 mixups + * Fix-fix for MD5. + * fix GCC 4.3 warnings, part 1 + * operator != declared outside of the HttpRequestMethod class + results in + * Returning -1 in the unreached portion of u_short GetService() + code results in + * partial fix: Allocate space for a NULL terminator of the helper + * RFC 1157 - SNMP v1 Protocol is used by squid. + * Enable squid to lookup /etc/services for named peer ports. + * Re-fix libmd5 detection on configure + * Solaris 10 appears to provide MD5 natively + * Add some include-protection to IPInterception.cc + * Extended the Squid -> Rewriter interface with key=value pairs + * Close three possible buffer over/under-runs + * Looks like 'dstdomain' and 'dstdomain_regex' ACLs were broken. + * Spelling. + * Code cleanup. + * NetBIOS is now officially obsolete. + * fix: Better handling of HTTP 206 Partial Content responses. + * Added debugging while investigating + * RFC bits omitted earlier. + * RFC 3162 - updated RADIUS authentication protocol + * Policy Change: Make all ACL a predefined default. + * Add RFC 1902, 1905 - SNMP Protocols used by squid. + * Close several unsafe control paths after fatalf() + * Close several unsafe control paths after self_destruct() + * fix: handle REQMOD HTTP responses without body + * fix: SegFault in tunnelConnectTimeout error page generation. + * Need to read clearer. We agreed on allow localnet->deny all. + * Alter policy of ICP and HTCP access to default allow only local + networks + * autoconf 2.61 works. + * Add notes about htcp_access effects on HTCP peers to config. + * Update udp_(incoming|outgoing)_address option docs to reflect + current state. + * Respect DNS ttl=0 + * Digest delays are no longer bound to any fixed unit of time. + * digest_generation docs should reference compile option not + internal macro. + * 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE documents to + errors/Armenian + * Likely fix for helper-related SEGV shortly after reconfigure + * automake 1.10 also works.. + * More >2GB fixes. BodyPipe::unproducedSize() method should also + return an uint64_t +- squid3 now obsoletes squid (= squid2) +- renamed patches, removed unused patches +- removed obsolete use of suse 8.0 version requirement +- changed X-UnitedLinux-Should-XXX to Should-XXX in init script + +------------------------------------------------------------------- +Wed Dec 12 18:25:27 CET 2007 - kssingvo@suse.de + +- BuildRequires doesn't need openldap2 anymore. fixed. + +------------------------------------------------------------------- +Thu Nov 29 11:10:33 CET 2007 - kssingvo@suse.de + +- removed gcc-4.3 patch, now in upstream +- added many upstream patches: + * Fix typo added during some patch. + * Fix SegFault when NetDB asked to ping a zero-length + domain/hostname + * Bug #2096: allow pending cache hits when delay pools not + compiled in + * pack header entries on cache updates + * Update to Squid MD5 syntax + * Correct update of 304 headers + * Make squid_db_auth reopen the database connection on each + query by default + * Updated MD5 credits (no longer RSA). Removed winbind credits + (no longer shipped with Squid) + * Drop the RSA licensed MD5 implementation, and use the one + shipped with Squid instead + * Change priority of proxy auth and extacl provided username in + login=*:pass + * Declare Squid 3 Windows support NOT STABLE. + * Fix build failure caused by a typo. + * Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other + developers + * Change 'ESI' define to 'SQUID_ESI' + * More fixes for recent MD5 mixups + * Fix-fix for MD5. + * Bug #2123 fix, part 1: GCC 4.3 warnings + * operator != declared outside of the HttpRequestMethod class + results in + * Returning -1 in the unreached portion of u_short GetService() + code results in + * Bug #2123 partial fix: Allocate space for a NULL terminator + of the helper + * RFC 1157 - SNMP v1 Protocol is used by squid. + * Enable squid to lookup /etc/services for named peer ports. + * Re-fix libmd5 detection on configure + * Solaris 10 appears to provide MD5 natively + * Add some include-protection to IPInterception.cc + * Extended the Squid -> Rewriter interface with key=value pairs + * Close three possible buffer over/under-runs + * Looks like 'dstdomain' and 'dstdomain_regex' ACLs were + broken. + * Spelling. + * Code cleanup. + * NetBIOS is now officially obsolete. + * Bug #2116 fix: Better handling of HTTP 206 Partial Content + responses. + * Added debugging while investigating bug #2116. + * RFC bits omitted earlier. + * RFC 3162 - updated RADIUS authentication protocol + * Policy Change: Make all ACL a predefined default. + * Add RFC 1902, 1905 - SNMP Protocols used by squid. + * Close several unsafe control paths after fatalf() + * Close several unsafe control paths after self_destruct() + * Author:Rafael Martinez + * Author: Rafael Martinez + * Bug #2104 fix: handle REQMOD HTTP responses without body + * Bug #2098 fix: SegFault in tunnelConnectTimeout error page + generation. + * Need to read clearer. We agreed on allow localnet->deny all. + * Alter policy of ICP and HTCP access to default allow only + local networks + * autoconf 2.61 works. + * Add notes about htcp_access effects on HTCP peers to config. + * Update udp_(incoming|outgoing)_address option docs to reflect + current state. + * Bug #2100: Respect DNS ttl=0 + * Digest delays are no longer bound to any fixed unit of time. + * digest_generation docs should reference compile option not + internal macro. + * Bug #2094: 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE + documents to errors/Armenian + * Likely fix for helper-related SEGV shortly after reconfigure + * automake 1.10 also works.. + * More >2GB fixes. BodyPipe::unproducedSize() method should + also return an uint64_t + +------------------------------------------------------------------- +Tue Nov 20 12:30:45 CET 2007 - kssingvo@suse.de + +- added "squid-beta" to Conflicts: section +- removed unneeded snprintf.c due to license issue (bugzilla#341246) +- replace md5.c and md5.h by GPL version (bugzilla#341246) + +------------------------------------------------------------------- +Tue Nov 13 11:42:02 CET 2007 - kssingvo@suse.de + +- fixed gcc-4.3 "-Wall -Werror" issues + +------------------------------------------------------------------- +Thu Nov 8 10:00:27 CET 2007 - kssingvo@suse.de + +- initial try with RC1, based on squid-beta + diff --git a/squid.keyring b/squid.keyring new file mode 100644 index 0000000..60d72e9 --- /dev/null +++ b/squid.keyring @@ -0,0 +1,2067 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBEfSAIMBCADk3IDpqpCzbLbSliZzXr5Z+K9ytG/qGlGut1be1ZQLcyaMKImi +xKCDwdxYS3N1B8Oj2mHxbEk/8pHZzX/K7l21HQotuj31y0Y9hNz4Sd06SuYm8XUa +ml8dHEtm9OfgRWkvexCp79CtFJQ1H6NL12d+XFosfRlUXxAWX3orLEtMWgdUmIXb +BaQjf+exkGisN1FPh9/ooOOuTu1c0LIRFUhb2kII7HuihaqEpSDdqTEefHWF8AbA +ZDs1+9nNIROJFsY5MX7QNnFnYC94J1aqImVoNbg0knurdPo8iR4hN5ZRUsj/Yjev +cbv0wisZryCtpPrGQ9r/i8bd0UxKql4VW9MXABEBAAG0IkFtb3MgSmVmZnJpZXMg +PGFtb3NAdHJlZW5ldC5jby5uej6JATkEEwECACMCGwMGCwkIBwMCBBUCCAMEFgID +AQIeAQIXgAIZAQUCS9wlXwAKCRCyaOcG/1z0Y9FpB/4sp8CCdb4agK4/EP/olLcN +1em51BS3715Q3A/iOuU9giMTfToqd94qDWiHCbNN+vrx4jjVPYok6QXEzKz5jK6n +VoRSaK+Se72GxdZVhcpcIHsdYcofmR6135RlC3W8aBTYlmX4Uw0FI3Cd9sthsBG0 +sVy9tGDbhmUOsLsqzPyY1FIpq/FyZxoNIjUqaZWVqtOmw7+3LLdjp7xCgQ3dkqmX +d4KDhOWemwSMwD+v4eXSZ7KfHxIPG8Ep7nQfU5+0POl7oC5mVjSSUkWxDWAiFKZE +5H705J/8FUrOFmTO6D5esVgZ6BZ6ktXnRYzXmsN+7Yk+TLvP6MtBT09Q/y1IR21Z +iQE/BBMBAgApAhsDBQkD69yDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkncrZ4C +GQEACgkQsmjnBv9c9GP8SQf/X+KDD3a198N1x13LTYMa5cbRbJHRfChh75Zii935 +NnfU1hLnjZNn19d3YarMDjrDpgXO3nhUzLSABKYC7no4WD0YV3q1T/1H7ZBKk4SP +3CO9osFKI6sRD58BuDP9uyNsTFbsjKbnMGlbJuIGcFyb53iv9RRxh3M4cLPbpegB +2hitrclxgV594eddvVA+7hrKKXIPIljVM8TFGdhUaSlt6yHU5LYEdUNOTyEIZQJk +qOpAUQO8PFuFwfzpjDgEcTjY5VDPISrQQAm6UnwHte07oURmg+3RADokYCD4xeaq +Ygl+dB7CmSEiYXBvYndHJHW2FIcfWH9QoW+tb0LyD0NG5Ih1BBAWCgAdFiEEKbSx +984D0bHe0i8wKPhQKf726GUFAmWvttkACgkQKPhQKf726GWzOgEAhv8hWbxetnps +1DKrlZZmf5NY1G1nuQP8C5PFMuCYYfYA/i2/awR51PE2G5xfCfC/tajAW6xYWj47 +ska8zSzU9WgEtDxBbW9zIEplZmZyaWVzIChTcXVpZCAzLjAgUmVsZWFzZSBLZXkp +IDxzcXVpZDNAdHJlZW5ldC5jby5uej6JATYEEwECACACGwMGCwkIBwMCBBUCCAME +FgIDAQIeAQIXgAUCS9wlXwAKCRCyaOcG/1z0Y/UcB/473QtJku9QSHaH68h+vXi9 +GU7rWGHcCs+HL20fzSnim+trAyoxv+MPUfPH416fgIIMmM9oZlTulp027AwHHUYX +ZsxzYLA/1bqCKYy7TF6DQ6bLVyuM/SddtAiajZQKUq8UwKILSRcGooJcp4Iu8J7y +4jLm/c+hjoLK6jK92tNUtoKGdLOQQ1JpKRRissihGvFg9nxFoFP+i5313k6DKj91 +G1Z5R+bbP7Jf65CjdBENNq7rRNVHMBBscCHG7X332kVSacqEi4WFrjBTEasduOmQ +RQ/frdptK2PmYrqw7F4CsQGo0C1WWXv/5q0gJFb1ovptL9QxmhvVHU0IS0tnKl04 +iQE8BBMBAgAmBQJH0gCDAhsDBQkB4TOABgsJCAcDAgQVAggDBBYCAwECHgECF4AA +CgkQsmjnBv9c9GP8Rgf/XrCY8MqWDPq3L6Ks+dxuyongecPyweu6SypmxVshZM5o +qcf2iwIZl55UqYnT3O+LhAO7s/aVjX6GzLy1onvlQcA3R+cg+/PNHsgbj7uWBx0v +CUhU48sp0brmEVrGnvKLhosE2THWS6SIC5pGd2l75Bj8jDPFYCKuRxenXywoi7rV +afr0D63z6fkrMjcDhqsQiTM82JF6w4HRFjiIhF5/FhsEIcCDS2cNr8iEP0FDkDEC +h2rCKa5svYveEsit92BmvrRaSW/A8TsGOAo9EApy7ANoSRWH7yF4N3RFZW+6uR7Q +AM8G8IvjGIzUMDgEwLc0hCSNX5VG8W8wKs72oancqYkBPAQTAQIAJgIbAwYLCQgH +AwIEFQIIAwQWAgMBAh4BAheABQJJ3KmOBQkD69yDAAoJELJo5wb/XPRj/dwH/3gR +L/USknzpYnXvXIBtQzmyH6K0Kgr7lEeYsHNm5ShcGxQBqXkJ+FAb2QNTRXhi7Zgq +Famo3jFPINjg9PsagakuxxLUCUUjwOYr5GaDhIXmb7IwNi2GKNYp3M2pxkbHR4M0 +mmQM0sR5DqS8m0vpKMQQzOUN0auDwIZC8PrAW4JG+wqAHXUv1fXWukAaibrjyeqP +5kOBIhAXj1zOdjpddhkAG/GN+37xJ9T7KwCHRN1Ma9wVOW56hFSVM1rH+uOUK8/j +bM/9HTMwAhhBKuONMY+2BbS5iKT8Emnc2wivQhHdsTKJixb7Yc4VzauatJ7goSUI +HO6zmLaYsVcNg+CF3vWIdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhlBQJl +r7bZAAoJECj4UCn+9uhlHdYA/1ouxRckYLyB7Dj0PIkTLfNiy4pOsztJ3AQoRZyI +JzlaAQCyF8qRerGNjrrvx2oEH5Zal7AWiX0SWkCI20ajFmdbDbQ8QW1vcyBKZWZm +cmllcyAoU3F1aWQgMy4xIFJlbGVhc2UgS2V5KSA8c3F1aWQzQHRyZWVuZXQuY28u +bno+iQE2BBMBAgAgAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAkvcJV8ACgkQ +smjnBv9c9GOlowf9HxZu4RWMWcSb35vhlVNg6Vn0O+W1uH9lqo1iXyjaQsACC5Mk +qA9Afofh0EZGwEPyI4n2zkXU1BrmKlEcrGiYQhD+SXkNuobPXVMP2oKRGpr0ThxP +z5bR5dSt1yF7O5gdosHsYYJ3JqadA+FR9/XEIjJCCx4sb+cUYqFxyuT+CZHJRyfs +yy9yG3YJku1IowNwYPISFHKctrPuIcuUqPDq3IMQ7quCsMSnELJJR2Kl38RffrYs +tNhXhk0l9ycglVLhgizDjGxTuqFj92FikFLhPV6YBtMpM9sxGB284fAhvgE/3QNb +G45ED+ck30dzaTzYpcCexyvSp/tgF7LUQri0gYkBPAQTAQIAJgUCSdyteAIbAwUJ +A+vcgwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJELJo5wb/XPRjE2MIANM2XaAd +icVXI5SrexhZOlqvtW6THZ8oVHk7rhBzxCaJQ5UhSiJ76lKmUAz1SBW9tPlje5+e +x1hCBHsYQJss7ej/0CS1hLL/LtxjDxdk1gZdBjngRanJkesHt0FMvgh3oWf+c9ab +Mfbaqcgeh9BSzo08CVUOfLiqJLdY+vyNzaXuJSdqYXQqyNuVMmUZKmupoqusrc8c +Sl9nBR3l5nrMkAQBRgEU58xXu37PL4B5kfH4ezAQxxiewb+pr3mOpCzWy1AYwf1B +Firc1YZMmAWcMQI5Ocn+K8rySJE2CTS7f5nG/3J6alZ5q18EJeGwXvxnYKCyaFHb +C/12r3B0I6dxpuOIdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhlBQJlr7bZ +AAoJECj4UCn+9uhloV8A/R4wHfWnpambabI+YxG5+PiElDakRqL/6uKwM2v9qMGN +AP0Yofjbubjw23S197ThzRqsxOcbjD8Km6f1TBN8HF9JBbQkQW1vcyBKZWZmcmll +cyA8c3F1aWQzQHRyZWVuZXQuY28ubno+iQE2BBMBAgAgAhsDBgsJCAcDAgQVAggD +BBYCAwECHgECF4AFAkvcJV8ACgkQsmjnBv9c9GPYAAgAimPR1oDoVz+u7/oWvHEr +FJjgrcFUbe3GdcQrN5BU74G1C9orATjkYgwrl4yxGAUvFmvVgpJqs53JPs8IcDfJ +0QmXrU566mvnpYoXIzNcJPl2mUbzo1dx47a+N4YQYkMiQ41opdCy/0fFJd5fNc7C +71AF02V0sMa25LHG3wxvB5mH3lU+1m7gwFU5xS1b4qfLt7TgMvBlNCpYtGk51QgX +M3o3XTOkHq6oquIEsqL3u8tktDwtBtDZu4/5qm54HdCJ5XEqwt+voVqvMFO/9bJH +yyAC6jKb6TD/Jaqb880Mk2pnjDru/QWTMNeBYmXBC0gK4nG3xc1BYEP6j3V0tSdj +9YkBPAQTAQIAJgUCSfAFegIbAwUJA+vcgwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA +AAoJELJo5wb/XPRjpZUH/jlIV9hxme/VWl5zqIX4QrmindGKyj5WGt+aAVEUUBkj +77Sc9Vli/dfbem/9VcTTnmQ82nz+OvP/3t0Kli8pjbIS/C8XOQa8MR2faVnTRw+p +dHUeIYrDA9FfLIz0tVhUg35sNbykC4NosU8BTfTn1wm28z8wP03o1z6kjLjRHoP8 +hd5rTIkXGgSB7IYSCqFi7QR8caUDmxspcwT90tck2LH6TwQQ5MVJ/by+Yn96F+2O +ue4JQRlKBpg3lO5dy6lAIuqoswItAhe76/3f2x6iMEdbw2466GrpN579texxxr3r +xuqezd3mqeqt1hvnSt6gd2TNaTY56HjT4YKkMDlzLpCIdAQQFgoAHRYhBCm0sffO +A9Gx3tIvMCj4UCn+9uhlBQJlr7bZAAoJECj4UCn+9uhlswIA/3wVibrfYTr/yOw+ +0U4LxpWn415+KDhyAzl6z5ZSF3DjAPYkPoZR26ZH7ORfVVYU+a4uHUvACynJekR/ +YiXFvJUIiHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZa+22QAKCRAo ++FAp/vboZbMCAP98FYm632E6/8jsPtFOC8aVp+Nefig4cgM5es+WUhdw4wEAACQ+ +hlHbpkfs5F9VVhT5ri4dS8ALKcl6RH9iJcW8lQi5AQ0ESdytvQEIAK1MwIER3kWA +GM3Gtv7LNQpC27xxnLo+al4RoyUQO0Buz5J3rBvIl7T1ljc7BIOKycDTmE+p3dvG +aLgIW3ET/YL/+NaXWL3FVTs3Ir7YJTEQdGg0Fj0MCnQgC+dnUE1Bx/oJgQyjJNHr +QaNOcJ63aQe36r0X69UWYZVq0+iNS2DaKuH6tiO9ZuuKI0KjB6p4Gq+nZt5WpkKF +AObltFqaAVbtLxsCFKfbi0FmZ621dDqPhmCN2o0gyDI7zSwIDfUtNzclx31YQhgR +sn/1or7NUd0HVPDjdhCrrY6iwN5UQ3BJ0TWmOHxHjxZ3MJPlHB7vdf9y3kNGLRL/ +RCRyyMB6njkAEQEAAYkCRAQYAQIADwUCSdytvQIbAgUJAeEzgAEpCRCyaOcG/1z0 +Y8BdIAQZAQIABgUCSdytvQAKCRAHimOq0PQeo1NfB/99BwOUL83HifgbYsUFFQ1q +eWDeIAic059U/IHl9VbAsdlRWnE2bio0pIbHDViNUSWHoS4yM19B4T6Ltnj8vYdu +p3Xszi9dc7g/GqSRRWaohwgf88pYkojaAuUqNJ5ujhW+DM9lcXNsoF5PLhRFfKJ9 +XG7yn6LT57V7IUHzT4QAJodfVvxL1yXzxmBsSqbuZWAdP4vbyj5jcytJGmqROep9 +gDkj5vEw7Ys1lKG1F54p0NTVgHRc4o4H1jqM6g4u3mAYoCNgHIV6oVu8ImHB+dwO +5lns3Lw8hePRryPx7vNkf0jiIJOtG3l4r/7woEfC5NR2WIKS2q2NgpN6+OVo+U/D +iqwH/j3oc1yK4WIMeah8sqe5hehHY3ZSjhvoSubK4pMoBcWEOI6Pwyg3j2YRubT8 +V1l74gvRobsQQjPb6HeH3LurXl2pFrBtyEwFfVu7tooZ2JB6fKJZsayWITuH9yvG +0seoNA+DYKKZAkjUyzHh57Z49D0Mw8EeB3VNU30HvlCHjqYnrXaPhwgNiykWepYq +pfHnZdFUSDJUvRkU3Q6fla6Q2gFYg2pGcuVMkzTN3DmMaFFp3sHm5t1w+ltsPD1U +t8044IA8ryN5A09cy28UgSgtd6jzAptVBffeFXbLuQcYJqYDUDTmCYm2JVpkF+mH +kzECNjHQl2vOVzCs8H7gM12PWNi5AQ0ES9wligEIAPB7izYIFDEV//J6dy0lieaI +WGmkYfd/dGC14qXWu3aakvfArv0gOte5x/NvEBvBJ0DnbBxtqoFux2C7PI4XdtU8 +kvdz9tVn8Czubeg6vgdFKm6HZyzmABN6yNZEhNUwyQ6Qej7r2Kw8B7u8Jfr4KB6V +0+NZJ8hyDmx8SjXzf5XSDxtaJh6Ya54MqYuouTADIIyABGkM8woGBKGe9E97Wi8b +hr8ZmKWlLm7hArPKP7caYtsIclA44N0Md23T8BWRuHQpSud4plu8ZB1bMLY1fIQ1 +r7XdTWUb5ZLJOy5A3T2zN3etEJUhNApH6OeZaUifcmKnQukxrNMQ3FyfgQ3WzS0A +EQEAAYkCRAQYAQIADwUCS9wligIbAgUJAeEzgAEpCRCyaOcG/1z0Y8BdIAQZAQIA +BgUCS9wligAKCRDzscyJXvSc7Cv9CACxCJmMNXvQusZ6HoYm8phakrfnDnuSsJur +CK/NkoMPj30S3QO8gVSaR2frEkBSm4VfPGQ8dda4KqdwJCNGepKbSwBULrXZxAZK +0FmbvcnSG2ottBz80aoDNtz/l45bkHFAkbR+EYi82G7UlLwBxu2LarRd+cMq4DCc +nJlCxmZkE4CqP2S4HgBPBTgpbA9AaR9nfxbpVKVdsJU1ig/v48FKMzqDKOg7MLlT +7VN/uVm+U0RkSZHguzRX1e14ZOecmukktDqJUHZ2v3tljfpDdo4GE8xLGD8jqxyP +WJKCYC4CpOljnep1J/ZfbgcQRG3FHkBUXCZFUjRhCDEpN4UksgkzKb4IAK21mbJm +hJZLVq1E2E9vjj81Ga0O/iZ8VGC3CDZVxcAQv+Kk+Lmcxit+BnVmNvN/l7qvo7qq +sFOPLuwcIilPwT9FXRTtaaH8yoJonpOVIUMtqghjKXybknjpUM53tcURtT/n0vDA +/vByBTiI1uPE2aNnL/NkLCLzNacotUZOCSrHnXOy6sXlkjMNLvYC2WDZEAd0aE5o +Kp41vlzDjhGHdc93NOSVymijc1wxfH9pQ8etFz5IFLqI/pQwf78i6LA4bpSFXVXF +GWtUNvknf8ZPEdY8a0SIc1SPEe4fcQ3aWP2hMo8oiGxIcWi3t7s9N/l8nqtPN5BM +vhU5ZU6SrgzjGZmZAaIERtdhhBEEAM5nrHpt8lsEddhzdAjar0WjeJkJLHsucLFG +h1jhea8aE4mKqH60KDYAGkred2fOFtiwGtC9hbv1GwYj/P9L3MOMRvtb5eQMztdT +v+TfJIS4Kr18QrI8Y91Ag2AFhXBBpK5U8MVJOBsl2eTqpwTmh6CUq0AA0k+DLpHz +N+gIVuzDAKDDwpWjAqfyYiGSqtxruF2mi3AwcwP/RBiJx/JqrFWSbyEKwXRPuzML +z587R7tKbP9a96myB9z2PoPHEzbiHqZ51yKlf6d7CuIA6+3+X6bU/I8m0vhVhPAa +dNIH1uUCEhYM/SmWP/kb9RovhUIrroi/TKg0Te15Uee53cjZXil9eTBKKRu7dtVk +ZSQOVbqPwoI7pgxmGtkD/2vvH0v4nyAP9h8zuYu39wXdzx0HeazbZRwmXAgJCNoJ +hfbOIpEc5pVukdJQlIDl79yqM3IM25NeAMGZinx7LQalqi1c+a+jucwIN2smSYBz +y/a8h6zr/ACE6sc71eF+IoypWrQRO6QHZDupUzSxePqGtzLF58DOxtR5E0rcQWVL +tCdEdWFuZSBXZXNzZWxzIDx3ZXNzZWxzQHNxdWlkLWNhY2hlLm9yZz6IZgQTEQIA +JgUCRtdhhAIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEEJQq0Mk +AvL4kL0AoKVy4X0yxhHNhqRhuvbDa1x9LjrgAJ92vSBL19zGDQVjOE/BseZCH8+4 +YokBHAQQAQIABgUCR9OGVAAKCRCyaOcG/1z0YzjQB/41gQdO5gHAUUGy9AvYTo1x +UnIgRmE3DismETfgIPEyQgYIlncFwVVQcPwnzp1nWBHK+TJYRZ/xOhLkAo/jeuIE +6R1cckDr/doz25a4+wRL+eWHiXmQVTSL7eP8libYBX2aGvukajkgZ4tMpdIFcpOr +gB7JOoajTJkOP/o5GwhDpOQVCkU1pqseRB23WXpkp/hQzwT/O71AwjSHNRjOOnRo +3mCyod70a8XtBVoTFFpZcnZVBZy/dSC2pYfYQAFHy6ZOCWJThEWipZ5FnuL0JPtg +lgjxWiu4BmTQKBo7TjTgpe6VT9MyHuCIemuaGPEoaWPiHgoRxMpx941K17RBXwLC +iEYEEBECAAYFAkerrUwACgkQ53yYxBII6u92SACggAYWdywXepoO132K7DqJRJQO +N5EAoKcKxSMXN7nul1Vl0KZpG/OULtp/uQINBEbXYYQQCACnTre5BbK3g0/5lZ4W +Cj27nQw5OUndoU7k8zExE81F+DBPD0BW1eK6hfnJfw4B3clpZSnEAzUcZ+UjQ3fA +iru+FdJvOpMIW9SGUOfIKMH55kWi5pzNj6XPkd4grHu5ccveM/k0DyHNB+YyPdZl +EH6ZK9zBmuWWeFOIWq14BRtyiWNvE2gNkfxT9JnAhSuWDSxsXJc69b0YmVZLYeZA +g1xbFfq04FG8szxlh0H8zbO+rM9tRGgylpMU+yx2kf6Ey2rQ7mUXI2CwAk5rSZsD +Ubh2U1jr7S4q6v9YVyZay3EV3PUI9Yf5Gk6lmtTbWK5tTuC3VIsP/Wtknh1jB7UR +FwLjAAMFB/0WtqSmLEQ3bxi0qpU3nZUD1drg++pSIPwldRT1Ibf7ezLYO8k28h5P +Cj9cVhb2UIZfwowRzbeyAYluZK9O8omTvedlJDz2u5rJvS5FGm4Cnqt9SNrArLfL +6xbhVifaafMt/JFkqm27wJ5JV0L84Fubr9dfcCG341iPAg/2SXLiXpBzDTq8PgC6 +iv8oLW38WdvpFp/xoU/9NSvUxVsduUzch0QuEt1rWR50228reqq61GswvcmTRBsP +BNr1ReLn+ard6FVK2Wgop2BZBstswYAF7kguYENRP6KOpl1PyOUy3q7bjLQW16S4 +RoYEm7KHMEQvbhLkKwRryhv5WqsAvHIciE8EGBECAA8FAkbXYYQCGwwFCQlmAYAA +CgkQQlCrQyQC8vjOLgCeIJJBPharprKNCXD9NK1A7aS7jaYAn3ps617n1y4A6kNh +RRBYlBU1kSbNmQGiBEHIB1URBADa25b+kviy0nUr6GdO77soJEpmj0ERlCJrbUmp +r7Qx0dVwhfdHuzgOgZaZJDr7dTJ6TFGaxDrHzkn8Lbys0CGct+Sjhf3RNdyuvvDY +5TCFRkyqz0v+MymW1hKFQZ0euKPNwXVTcn90CQpHHKSHuNPTfd9N/w6EisZo5y02 +2KtKOwCgkK6K6FOpfIcEIjH3Cyc2ixrkO5kEAKrirTLhqnRSNcaoroPKuWVsFIDm +28Wo8G8djICQj2syYmDv5Y4mvk4uj1PoFACPP9Ixwz1ulEbTOUETkosZqjWV65HK +SETUWgJaM3JeRjuT2XIQSfnbKLt3YurfKRPXYzgNMxp4pK90RjSYDzytQ09vDTGv +KNYSCoR/1S7AECPxBAC+GtSAn7TKNiqhT75OGQNVmkJ82o3v8n35vN/7D7Prb4M+ +C1GY5QUsVgRA/m/6I1ZMv26J4eMiaKzrXpCiv6DHraMz26x68NHPY0KyEZams3LO +ZpKj/6/FlHWGkfHkivdAOD7Cg6vopnZTdD4a0ZrQXavHjI6//zT/1Pusl5Upn7Qt +SGVucmlrIE5vcmRzdHJvbSA8aGVucmlrQGhlbnJpa25vcmRzdHJvbS5uZXQ+iEYE +ExECAAYFAkQdRl0ACgkQhnv5qfvT647YVQCfXg0Ei9vH8cXYTMPR5nd6laOYVlcA +oInjOFVaZhJv9kH5NsfNrsUGRLA0iGMEExECACMCGwMCHgECF4AGCwkIBwMCBBUC +CAMEFgIDAQUCRVdDjQIZAQAKCRDnXpDAOcwz29BpAJ9PVh0b0mal1gl6Niy0T1mM +ZYcGWQCgjKVnC031Hj9G1aSIGWxytDXEUjeIRgQQEQIABgUCRE+aWgAKCRAQYQTB +b4yO5kdfAJ9Pemn56OjSd5j/4V8ZHltXG7OXzwCfZG0aTSurAdTYELWYAsPfO4f8 +jPyIRgQQEQIABgUCRE+adgAKCRDGMDVhGlTFc94nAKDdikbqXdw42jYrvUNMrsOt +yyqYBACfcYV8WSpSsIjtK59ut+JOiQPvsbaIRgQQEQIABgUCRFfQzAAKCRCvfDtM +sOyKH2iRAKCG0c/+rhlEy2z40vm5myy7+jECaQCghHjrmhkz/TRcc+8zumkTy6rk +ATSIRgQQEQIABgUCRVXyPQAKCRDsDq9xNneAJYZGAKCSO5Zyga25TFA2t6CmPoJj +qf0TSACbBhVanS75UNQ4kqgaDy6BvLDYhIWIRgQQEQIABgUCRVdduAAKCRDxukwe +0ci6jxBFAJ9Dl6pJLWXKj7N6AHwlG1zJzWkhlACfZJa3op6fQW8jxf8HMHDKf8kc +BymIRgQQEQIABgUCRlg6awAKCRDVFzJ0PVE0jPRFAJ0UQhlEeaAId/r+9zer7BMD +qgefmgCfVen4M2cCphhA8Q3O6kFEsNOpVWeIRgQQEQIABgUCRlrKBgAKCRCqBeUW +dvTPCdfFAKClM4RDOds7Vqe7TWqyTVC3A03ceACeIScde8/7j6TE2XqnI+BxHrpC +5lCIRgQTEQIABgUCRFj5vAAKCRDSW+bmq94QBCxOAJ9NEq8IJ5wIeMBES4JqQ6yW +ZHDYMwCfe5RDHCOre0+wv6y3NYdiKRKONDKIXgQTEQIAHgUCQ4zUeAIbAwYLCQgH +AwIDFQIDAxYCAQIeAQIXgAAKCRDnXpDAOcwz233+AJ4zrOF7ZJFtydKBLaGhfiWj +Snve9ACfSEkrYkoiP4MQ7w53+sAsCoyp2LSIXgQTEQIAHgUCQ+58rAIbAwYLCQgH +AwIDFQIDAxYCAQIeAQIXgAAKCRDnXpDAOcwz28xSAJ9vgksiY6xrr4nTo4etDgAB +CZUPPgCfS2JwexhxlZoMvRLYbNH/4+fAgeWIYAQTEQIAIAIbAwIeAQIXgAUCRUtM +SAYLCQgHAwIEFQIIAwQWAgMBAAoJEOdekMA5zDPb4f8AoIhEoX/6ryomXU/1xt/+ +AYcqPbM/AKCNZZ0RyMe5oiXjt3KtfiqWEK/rjIicBBABAgAGBQJEWHgBAAoJEMRK +uLhQMn35JNAEAJwQPX104cGS2Klgd9w1vueGT1bqr52i9UKQUgq1XwJL8vLaPIKS +3CQNn5g1P0AJUJocA+dWj0OVBpvG+dKzZfsBz5m+eZU22IS9Pjp+kKxkaG/tHU5Z +uVur3+fTleNie6s/MhIE+eA139G3ZejTYijmfRUDC4lqpvtgH1Bbq+4siEYEEBEC +AAYFAkZazb4ACgkQ1TjsCVOAV0b3qgCglaoS4lh3Dd5U7Mvthq+LhhcaauYAnAld +OqQQpVbkvcpoHCsMozH4PwtBiJwEEAECAAYFAkZbLYoACgkQtkLQumUDh8cNzwQA +u9L6q3EYDNnL4zsFyKZpc9x7saBOooXOGZj2cl/qA3BfLgymaC2aLGRyD1YWnhNB +BqAvd+cbIxyL+2OpeNkXJz+huGjK4846xngV+Cmko/jQaM595aWwTGA4DAu9BYhO +BJIYRThKNxhceLiboLw8Da/IiFW2NyVHPxxcwHIxyCaIRgQQEQIABgUCRmAIzQAK +CRCE8MXENIOqE92WAJ9ys7ynHRFb/zWubVB7KCZ18J9ONQCeObg0HUEptPa7DZI3 +ysdnjatDyQSIRgQQEQIABgUCRmLiCQAKCRB0v0rS45VjgcrpAJ42oSQ+EH5NGWnk +vb2LXz7zjnLMTgCfToGTpukEcPhrtasRVN1y0WufThWJARwEEAECAAYFAkfTn9wA +CgkQsmjnBv9c9GOjIggAo75Qod5frSozFAUtg5awcJOaMxfnf5qje2gWKVjNiVSd +XjTbVm2MpZm/b6z21Cdzbw9SH7MGAnIgw1C6Ho/3xCV2qjMPpnwbn2iHZQe1hFca +kVNbxPnLRAyFspCL7IXB5Nzz/fZdtTM3lHMOtxSn2gq//2Xb/r7inNZERbWJmM5f +Z14y4xxDiiezro6ylJejRyz/G52BODrpl+fJwojupSWRa8hzXx1/TWdSkEVjs28L +Wu7Kb+8+4fLeoL3cEoI1dQ4v7kexeCvjSG/aJcAY8XnEWXpn2XzB4SXdwAv7tjwv +L9/Z3kOXyrDOTcqvBov3JrhzQrDz2n/NYvzFBl3f14hGBBARAgAGBQJG56OfAAoJ +EF2lxlUw9Iv/DikAoLLZWh7Xkqfq52QYEFFcJdZfohmcAKCcBHK9qYdwGPez6Mjy +Crs3qh0ZXYhGBBARAgAGBQJG6AEeAAoJEFuNpocPp3TZquoAoIzllaEJ9Crog1b5 +YhiGLnyQdqUEAJ95J7fSgV6hIlT+Cr09Hlgvc7GwqohGBBARAgAGBQJHWbZnAAoJ +EHIENnC95fHu9YwAmwWVlUAemK7vMXmdenfPiJkElxJzAJ96CtjaTkZ7B2hEC2iB +d3cQkYcog4hGBBARAgAGBQJHWbe5AAoJEOEOegnnL3n6054An0dgBntumXiAD3hf +Ly0rILFnYZpcAJ9sVyS1hlXmuvgoEotJmOPrTjVWlIhGBBARAgAGBQJHXAs1AAoJ +EO2/HhEm8iS4t0gAn1Bf4epAqMDVkZvlV5/87k8EKW5IAJ4/Q7WGQGJUvZonBgdv +FRwpnGY5QIhGBBARAgAGBQJHXYGpAAoJEIUGW1nVLdGnEH8An27A3qEqztK/hgic +qqXKmu6W4OapAKCbK2wZZAgGDfwi6lfx0VvG0lKcrYhGBBARAgAGBQJHYaYlAAoJ +EFB4/VGsulDHzjYAoKe9Yy4OItYT5g3oRR6hYNmZs8B9AJ40MTMxIz/f4VRHXaAg +rdyoOE067IhGBBARAgAGBQJHaZMMAAoJEN2c/HmxMgNJ7GcAnAv2iPcZWpj1qcu1 +3XndGVnHWQ7aAJ9pwD69ZCtikpShYSOgLqSCMjP1v4hGBBARAgAGBQJHaZQyAAoJ +EN2c/HmxMgNJh0MAn3KQFay+XsBpJBmweleSYjzbCQK5AJ4+mVo/xfJWLLAIfz1a +8RGBxEHVFohGBBMRAgAGBQJHXuK3AAoJEIXCJ+WlVzjyd/8AoLAJnmU8j+wHd3Vn +UC+OKuss2noqAKCBJsr9dw5LPGbQMxgrWzRs2s4/UYi8BBABAgAGBQJHXV8qAAoJ +EO2iHpS1ZXFv89UE/jW+fVz9eePmE+p2/vS3Qivgf01ThadOkn146XVssSjjoP9l +ZkDcudkWPM/utLeCj5sNTYH3I4vtAThIfwwPjbnbzAqM9EiNFnohrqLww1ALeWZJ +HXQN/0yWTcKhgejcUi5RQ0JNX9N/uhdTK4pWqbz7Ru9LJJT401GKMLHZrdycAPl5 +wAMT8wOGW5t0W5La6kebAITQ7C/9EXkAR4gu82+IdQQQFgoAHRYhBCm0sffOA9Gx +3tIvMCj4UCn+9uhlBQJlr7auAAoJECj4UCn+9uhlgPgBAJ0XX7r0KIgfthYzl4O5 +YMd38ubUVWEGGdw8rYm+fkQoAP95rwlfBB9K5afGnECh+oBq2T/m1CWV4hwTjKqp +caeaDrQmSGVucmlrIE5vcmRzdHJvbSA8aG5vQHNxdWlkLWNhY2hlLm9yZz6IRgQT +EQIABgUCQcgLRQAKCRCGe/mp+9PrjiLzAJ9pUVgH9kLS85GBDOVap6p00zlANwCb +Bjb+RGsnK7KUbS2mvexV0cmGWY+IRgQTEQIABgUCQcgRJwAKCRA66+xuxmZI/dzl +AJ9j9S3N5/YsEzo4i5T26GhioKqW8wCgnvwfCmDHBYH8nlhv+6r6K11Gxf6IXQQT +EQIAHQIeAQIXgAYLCQgHAwIEFQIIAwQWAgMBBQJFV0OKAAoJEOdekMA5zDPbiCkA +nApjrdzKcTwp76mQ9ViyMxyHEaEHAJ9IbzKQgWrVOjfQezOjyqc3pDjRH4hGBBAR +AgAGBQJDQ57LAAoJEJ8QOwnTFo8yR/8AnAiySKQvD7XP9159YzyqMuW5gQutAJ4x +C0A7XI2lRyfVrVTUI0QKxMC/F4hGBBARAgAGBQJDST++AAoJEBIG8aOS/Zr2WQcA +n2UgNQ4HVrkOt1TwQPxzZ9pzsv3HAJ99gQ6hVyC2/YkyeqBu5xkvnKYA9YhGBBAR +AgAGBQJDST/gAAoJEFZ6xPbaO03aOjoAoIq34RIzYjD+SiHN0UNt2R3vMmkWAJ9w +lLM3lH1Krm0poi9KbIQyE6A4fohGBBARAgAGBQJDSkfUAAoJEFptr5X2ttOxwpcA +n14KsSyzGvzdj9q+PqmPX6imG7OOAKCEdIPbomk6CGol9l4MwLfEXsBvnYhGBBAR +AgAGBQJET5pWAAoJEBBhBMFvjI7mdRoAoKK26wOjkhiErdwzAXiRJ/8hh61mAJoC +ozZulxg/2uGNiMWbGozINKMEEYhGBBARAgAGBQJET5pzAAoJEMYwNWEaVMVz+CsA +n3uYuSQNHsYlYx6tqRhcgZqb0X2IAJ9sdX33gH6QjeGaqE6iNsGt4/aRGYhGBBAR +AgAGBQJEV9DFAAoJEK98O0yw7Iof48QAn2yIVmhfOG26T1Zf2T8vdF00ic3xAJ9Z +nokyjTLsSSVWdFmxwmPQKy+0EohGBBARAgAGBQJFVfI6AAoJEOwOr3E2d4Alv+YA +n0suFFQ212yAlmeLk5FCIit7zCv3AJ4nYhWwyY2WaXRvJj/EcSBK/vyje4hGBBAR +AgAGBQJFV127AAoJEPG6TB7RyLqPMyAAoKvjAMecb53/1hvTJLtehjQ3upQHAKCJ +q+BCiCUkQxdYnvCnZe04fo5aZohGBBARAgAGBQJGWspCAAoJEKoF5RZ29M8JikUA +oOXP+N5KtrpD1AlUmvPTqKvJu0fXAKCAbpQnDAKTVyQsqr3hdDnyz+jrg4hGBBMR +AgAGBQJDTd94AAoJEJz8HhM4K2MXVSEAn1ctpFeMo2eAL55l8CJ0eGFr5lWdAJ9s +sWFHtd9dcyr6OwixdWCx4J2PDohGBBMRAgAGBQJEWPm8AAoJENJb5uar3hAE0T0A +n15VxXLnu5CGODWDPCov2rUBoh9bAJ9mOMoKH6bnDvDbanIky/gfuJrWrohZBBMR +AgAZBQJByAdVBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDnXpDAOcwz23FrAJ0bsnLA +R5M0fytiK0w8p9tMZ9vRSwCgj8ZCgOGWGPPRcr6Amf6Z9PfjHQmIWQQTEQIAGQUC +QcgHVQQLBwMCAxUCAwMWAgECHgECF4AACgkQ516QwDnMM9txawCePSunzi8FQkdl +ESyJCZSPtLoHeT4AnjQ/W+8tRmfhnzg8uO35FjJ3Dht2iFwEExECABwECwcDAgMV +AgMDFgIBAh4BAheAAhkBBQJByAdWAAoJEOdekMA5zDPbL/sAn33F261SB75VyIn0 +/GPHzN23CrQkAJ9W1t1emGU7FouYvI3zWBT3Z7RGAYhgBBMRAgAgAh4BAheAAhkB +BQJFS0xDBgsJCAcDAgQVAggDBBYCAwEACgkQ516QwDnMM9vI0wCePcSs4Mzssoab +nq2rfQ61VNnUNNsAnRrSyj0b+ndQUTVIwFdImqudcX/GiJwEEAECAAYFAkRYd/AA +CgkQxEq4uFAyfflgjQP/WlvguCJ+c+7cVSmWQWW4Bw760piY1g5+17mm8qg6somg +JDnAxN3Uj5uVeWaIM/Kg7Iq4FGTMNLvsf3oCoDKPtVmbnvf9/6iZzGx+0hzrGzJM ++jiKXFDCG5D0CVwsL4a5S2ugz8pKG0uyXLONzwh+DENChvmiR/OnVuxaiIHX5deJ +ASIEEAECAAwFAkKKd9YFAwASdQAACgkQlxC4m8pXrXzYEAgAqG5rorZLMroxtPdB +eesvYHj9PV+z8My3QpxckyDorF4i7vzkeJ/82cVeyMeu2o45G6AgVU7ufoAsJ+zE +ZFFJU26SPgnJBhcL64kLiWoLFS58h5xKAocFWqx7iCgow1okgcALq9IGOluzyerE +nplL8FO+AOdSgpwUEM65M7D7QBP49o2WNRTAPqc0U9effocmZXfcwmB6imBgJ9WJ +CpOD9FDSTC4gKnRgAGr8XZnet4WAqvTSGjVCimUnyRy37og91Cg4Uv4dCaUWx/nN +pwgcSPfpf41ctQ20+G1HulyVgXijdvn+AMBM+BRdW0N0UFUjI/aPA8dqmqm6QiLR +0HMOsIkBIgQQAQIADAUCQp6xbgUDABJ1AAAKCRCXELibyletfBPjB/96h9wVGqSb +0JL1EDwbOmiQxyk/Wmkcpp4OHIM1wDQAiXjPGyZ0STkVISsIFmmQVrc+qmCsQq6j +uBYJ+lpFwLG592k7YNXhEb+UHEfw+9PArts4jYEZ3Quns8l59BmT+1LCSPjk2sYN +IIlo93mHuZHvIArr1+Aei8Wj1lU13cqO2Sj4OqQoyu3rUmmhtJlR8XiTddkljmL/ +loV2SS2/mfI81RSe+phidXO/kc7NDUIOCUQtY2wSwFZPb+0kuEBtb3MMMOXciHPk +/XyWlrzZVfRp4N974KQBCF2fZGoxBVNIkqZFTupyIq5J34jLpx3EC5idzxcqn7Kp +n49Jsh6PA3LCiQEiBBABAgAMBQJCsx3uBQMAEnUAAAoJEJcQuJvKV618qiEH/0mM +zFom8k2Nrr8+Kvi6AY9zUyKf6mJnQqD7D8dcq48zugSPde1/RpKV9kAZCgUaOOWt +jSeOg/XGs5nYfF1FzLQKmiPllNKvM2vuf7EgBboNV9wCNT3FwGYSX0MJdQs2pcoN +yi/C3dri4QHDeW5BunzRCx9REwYxSuF8t8TVPNqH2C7dfXtpIDr5S2K3+n4PvqQm +NPveCSoon77Z0Tpu272b+Kvp5L+3/1KBuFDtIB3lyO2i7lZdBOBSJZ9hhHYcTxjn +sTJmA96Fwx8TXlsJH6DpO1Dm8R3iaqKMbC+2bg0M4Bz2hl7FbBT+lwjtmqjURnjV +nBFbOdjK6oizeo3lXVGJASIEEAECAAwFAkLHjSwFAwASdQAACgkQlxC4m8pXrXyr +RQf9ES75s7/+sg8FVL6IlF+ZoNO2JrePfNetRtCmdCcNIB2ieIbs0gzROfH7GxcG +jP0WU+3567hIxHjppqpj9aQZh/Fv59wQKEeole76iWmkk1faK1Qe3hlpXd6I0BlI +q8qQAGBWgVHi/1mYn0RivepA9k7eje3z/Zd072f9a9gsnZTmGP+8x/qTiqNuCXCB +uayXihaEeV3FwU03b8Xrjr39GPOlRsXsw+3S0kq05BZEcJ/RcbgAPq5LfuzXdM4X +qcA2ohcYzAWsSmdKkOdr610iHM+CupzG+FxeCDjUVovXMDg8/AEDluoEDsUYvlxy +2YJpYLvwFQ8nni+8PAVMDkjO9okBIgQQAQIADAUCQtv8YwUDABJ1AAAKCRCXELib +yletfNNxB/9HR4j+DZ/czSqczR6jmVf2LO71/Ls9fr/k1zIVaSx9nXd+tp9RT31u +5BUkT+O/Vu/3Yjzl4SOh31Q6l/WDohVdZSo/xfl9327VB0OZG8DI4SNg/HX9EgB8 +S9jnS9UM9HOnEIRbnXWnw11uMPeoyD4khH7LZouLIcqZ2D5wQ9zsMpiteZHLXsbl +v2zGZrXtYZUSwpl6W5mDywZ2uUM9+adjO+YtC3EB5tx1SuB8UjczDg4u/f9X1PfU +uSyMjpFktpDl4m9ljUVb2nko4xJ2c4yirHsyNM0m1yjvfagum3bWY7Lq1ECbkSsZ +wYaSkRVmuK1qaRAtrsnEtFTc7K8820BRiQEiBBABAgAMBQJC8I/VBQMAEnUAAAoJ +EJcQuJvKV618GYcH/2qRjyNgN0HApNz4NksyuZQpWS5VN3i/K9scjpQ7s0KRFypV +czWyDniB+BZL9G9iFOVERJgiqhuzd1a07seEiFtUC+ISKSQVA9laoD6AokzHSWE9 +rvp6ICnCMepvZn+hDKzrM5jNEdTKdpDPDQh019ikGtqgZ3zuRjiEsi5MdjjRt8Jr ++lmFTIIO5UzESxYKB1jpkqSqjtP4M/aqdh4dRcyoh/WD2xSnD5OG43SN8MavwaYC +YugClx16xX/tIOGv/0g9t8KGZ9BPzwRcx0Er3KIdxbxIlKolsDYKIIgMcYYMhKa8 +LUwPyHmQTU8H29aVNHktwdBvqdt/pvfbXuUHiQCJASIEEAECAAwFAkLxvUoFAwAS +dQAACgkQlxC4m8pXrXz0WAf+OeSPMjqqEGHNSk8xw/eUPBjM91JJ+5DwkfJA2N4B +LMrem9fC0Qiyu3kWE6IB87P+gtCcwMYCWb2CNc5XChrW051pGOLpnnyiX3L88rz2 +uRvrYPQwUYU56cpMvyCWiQPTsFS2pxCexiRc8FZCksu8RkanKqy/HaPDm2XgFAA7 +a5ibxQieFAHHi2RYSKnlLcUem/QN7g/nXPkrekwYCcphASKCOl8klNweerTgb0pE +LWFPoLjxtS1U9MKydcyw1MVcHjfkU6b1p8Ir4Fd6ujASAjtx9sz3VxVUzo0HcmmS +GQPa7qCgVZfBdzk0myexStCIKgso7mCDYq9AYb17Jknfl4kBIgQQAQIADAUCQwjP +mQUDABJ1AAAKCRCXELibyletfFHiCACeGIDqsNTYpWjzmJrGX6ElKLge1IhEam8P +24um6JgRVOQX1ylL0dJGM8Byyu3mXbkRCg48pfDIINgUlMSV3XzZs0Lx6MLIykZ6 +7G9KsdsS2b6XMcXvvkTL08GKCmtycjviEXTTc1x57EKMcDFcpEDSI5HpOACMKQRG +W7d48nFYGcQffknC5LycWw+jo4O5VkZGoT6oBZa1xU2TeNxvORQYmBSmSLD6tGq4 +HxhImVHry4pkkDwGHEHHKN5La4As/4nNJyL96Fd9hxLV0VgbbCXN2aTzWegx3OSM +5zEzoYfJWE4EaMZ8W01yiXsAsJYUgScvtFlUHuTlG0N1Fxjq1fyfiQEiBBABAgAM +BQJDGpvZBQMAEnUAAAoJEJcQuJvKV618sW4H/0o6IlSHFGzT42ZwDVMEQzf9UVjm +T1KidI0b2y38E8bDexVVMTG67AqAOFF5mFkJVV6sdEkjOZoNDSrSt3xBripfCFaW +DHgfW7vjUevYcv6715T69HLR1UUpg9sj2n3jSYDAtURvPVU2sqXiGLdGLHaWqhio +H9IMoU4Zkgp/2W1o+LyZDHf22idbz9/OG/1x3oKvVYhPZVSrgKdJnrZJLrEoxlCM +LwCphak6l/t5f4n+uNNd1CRqcp464yRWPL2AV9m+eA7LpYmNyJ3BhqcgDV0Tj2Rd +oX4936YdVVLEmw/AqGOH6LHORLziI/slFDMKzjB3DsOPBiM1Xe4fdnLmUeaIRgQQ +EQIABgUCRlrNwgAKCRDVOOwJU4BXRoqbAJ902PR+mbRoo4JnQyAYT4JKkIwy6wCc +Cy+YTVMVkV2uVVi7ky7noRyWjciInAQQAQIABgUCRlstjwAKCRC2QtC6ZQOHx1L6 +A/kB8Jh9nmbnqmMix2Fcr2ZTKqGv9hz6POgoOQKWMp6p2uapuqzWFbSc0B3LqdxC +YgXGLvmxq6n6QksUikekczOGVCjQs1uLf6cqhBZVgisQHc9wmf7l7nWDjURkcaan +oVTn/DsaGwBdn74+zDRQzztsMXKU74PrT+paNo+6r49RA4hGBBARAgAGBQJGYAjb +AAoJEITwxcQ0g6oTir8An3QXoV81AcSbZYhyPQR4IXyi2PyeAJ9HkENYYM30HBAy +nWIuDdHH2n4QlohGBBARAgAGBQJGYuIJAAoJEHS/StLjlWOBOxcAn1RkYLsl4H5M +V2ZGRjC+uN3RO0W0AJ98ZmBPAbCA5Xccdorkcykynh66k4kBHAQQAQIABgUCR9Of +3AAKCRCyaOcG/1z0YwqfB/9YsuEpzQDYXzXwzfLddKGtdE4AAzwDflCEwaFWDIcU +2kOTjQyxPeclqRUFQJwdfqhD2KUd+AWlUtlPJUI51emSoRYMiSwM2cpJ0AP+3e1S +WVeTUOlzdQlTAHs/MFVIyMfP1aF74NRq5BBoh9nEnBXtkdb1Biz8kClCGa7fzC2j +93UQo7LVBbOJVFSVNLd9uBOf6Qk2mY46qyHnp801gwwP2wUXIqaPCpaCVWP5350M +7TSTRVhY6apqbqHtMm9kg+TqfZ0B46hFW2zj3a0FjGdDFK+aj/fH2xImBqqYKdm+ +5HpqrqgHGuVPt1SDeA7IdY8ccLzLYqpUaZYZQ5nNtBXyiEYEEBECAAYFAkNKLrEA +CgkQXaXGVTD0i//cAQCeLjgYxA4dX4sqdf+unJooFeUFrngAoKjJIj2R7lThoDWR +B/7oRc1Z86qwiEYEEBECAAYFAkboASEACgkQW42mhw+ndNltEgCglZ/8KwP/PNSD +JrYEks+9LmVFG3oAn0yMX74vBJ63Ym8Cxq4hEfZPjjSqiEYEEBECAAYFAkdZtmkA +CgkQcgQ2cL3l8e5EXgCfbE1uNlZhvy4FtaH9yOU8B1uj9D8An0vTgF6RDpbC2M6l +BWFbf5QLqdmKiEYEEBECAAYFAkdZt7wACgkQ4Q56CecvefpxxACdGH2/7ddBaxzl +QJD7t8HumF2m958AnjIQuoN7Ec4uveGL8UQbPhp8hMbFiEYEEBECAAYFAkdcCzUA +CgkQ7b8eESbyJLhh6wCg3s5HK8zBgnY9QWwR3YiSJNlqEJAAmwcIoLPNt3m9AGK8 +yV1d3W9BNycXiEYEEBECAAYFAkddgfAACgkQhQZbWdUt0acPggCgqob5o3NjOw72 +KfFjGczggROQRGQAn08sa/fVWhARexxXcrWPQ7qxzVUfiEYEEBECAAYFAkdhpiUA +CgkQUHj9Uay6UMdhgACfXXaMbbiqQ+vHGQTwSU8YIes++0UAoJwTUggHlJTy67E7 +zjNfCv2w2ZQDiEYEExECAAYFAkde4rcACgkQhcIn5aVXOPKcgQCgnBmRrtiUfGzJ +C2bijUZIZuwOHf8AmgIKQz48vovuFFEKphXXuOkwadRYiLwEEAECAAYFAkddXyoA +CgkQ7aIelLVlcW9bFwT/WCBRbYFykUcFcRqa4g5tVlqYbJjBvVMmTNmIpe4aDO3b +JylLc5GsDj7ja3AiZck10/hPMC3MF7o9aiiBVsuuvRlgF5I22vfymJFKGMtSqS4n +OdOx36SPWcGnkQlg79gtpy5bgZLjEgYBLyQa3EiBLS4cubxDBeTBwTbMD+rcDzdR +6P7PCFt2g7Smc88Kb1Ok4fRKrRpWcPRGcajgTWz6hYh1BBAWCgAdFiEEKbSx984D +0bHe0i8wKPhQKf726GUFAmWvtrIACgkQKPhQKf726GXFCQEAu0ZLbTaIQ/Myw3BP +s3Q9eOW6tDzy7rbFpMtvQrPfjXsBAIGo1vjgnUVGQ8Re7xDcnYp+hKrU4yXY9Mkp +14iiZzcGtCVIZW5yaWsgTm9yZHN0cm9tIDxobm9Ac3F1aWQtY2FjaGUuc2U+iEYE +ExECAAYFAkQdRk8ACgkQhnv5qfvT645WeQCcDEnVxy37nOw/jKrJZNoOfoQ5RhkA +nRivQkvTRRenwIJ2Yj9Ir24ozNRGiGAEExECACACGwMCHgECF4AFAkVLTEgGCwkI +BwMCBBUCCAMEFgIDAQAKCRDnXpDAOcwz25bgAJ4htwBjuHHRS6lui926caA8uxZp +fwCeKHntpjYxiVPwqb1QVUGiy/EVZDqIRgQQEQIABgUCQ0Oe0AAKCRCfEDsJ0xaP +Mn33AJ0e9eM+mLJAC6UjK09aYInJrMxNYQCfZVb7TmWKJefr+gbo9PrqBb5ppVqI +RgQQEQIABgUCQ0k/zgAKCRASBvGjkv2a9v9BAKClosC8sSRYh+wnCVNA2KQhJnEO +dgCeKRdLDnw7Im08PtynZcBbBO9afyeIRgQQEQIABgUCQ0k/5AAKCRBWesT22jtN +2rGHAJ9O1Kp1qLitfs8MK5KQYTw62nHRJACdFMuRC6jJCXoHoaVDsTgdQZL5l+OI +RgQQEQIABgUCQ0pIJwAKCRBaba+V9rbTsasDAJ4xDeFI9MtSiVcIHxqpQZ3kbOA4 +bwCeLyTUS6XYQ8NZtIC9E3UsDnO+vaWIRgQQEQIABgUCRE+aVgAKCRAQYQTBb4yO +5nUaAKCitusDo5IYhK3cMwF4kSf/IYetZgCaAqM2bpcYP9rhjYjFmxqMyDSjBBGI +RgQQEQIABgUCRE+aWgAKCRAQYQTBb4yO5itsAJ9sXX61bUys4SaHvfPXpSv+qBdV +dQCeM37KQIb9IQhSWwwtT3+XcE0UjzaIRgQQEQIABgUCRE+acwAKCRDGMDVhGlTF +c/grAJ97mLkkDR7GJWMerakYXIGam9F9iACfbHV994B+kI3hmqhOojbBreP2kRmI +RgQQEQIABgUCRE+adgAKCRDGMDVhGlTFc/QlAKCkdCuAEYuPdeCOaYybZmTWuYSR +3QCglZh46GYOaIu4CLH7nV3MRijD77iIRgQQEQIABgUCRFfQxQAKCRCvfDtMsOyK +H+PEAJ9siFZoXzhtuk9WX9k/L3RdNInN8QCfWZ6JMo0y7EklVnRZscJj0CsvtBKI +RgQQEQIABgUCRFfQzAAKCRCvfDtMsOyKH5SuAJwKZiKB278Tr6oDWr5EAZZPPC0V +RwCfV6eSq+rE31e16bJ9bMhZPRH7/+CIRgQQEQIABgUCRVXyPQAKCRDsDq9xNneA +JWPsAJ9EL/PjGS24HJmvgTn/gb0HtLdczQCgg0ra8zkFxFwh2+TKVIY+WRs0SOWI +RgQQEQIABgUCRVdduwAKCRDxukwe0ci6j0J7AJwJ581Fs1CTMoLHb+17Jrl5yPQX +ogCfe1NfL/ACYpqeDEhRerSGBYSRgFCIRgQQEQIABgUCRlrKGwAKCRCqBeUWdvTP +CQggAKCwE6wzmVpaH5DETVQksU4MgbmvpACgiOiyivxdfZfFGv9qYytz4ZwU5xqI +RgQTEQIABgUCQ03fegAKCRCc/B4TOCtjFzpzAJ416mlWDdtgdhG/YPrKSon60yV5 +pQCeJ4JHO3EqxMF5lUd4ZFVfRq9HCxaIRgQTEQIABgUCRFj5vAAKCRDSW+bmq94Q +BIWtAJ94kZ76NOd65o8UyBhPhrM3YCzJ6QCfcXtosiBIP7UtSMcPgV/14tfV7E6I +RgQTEQIABgUCRFj5vAAKCRDSW+bmq94QBNE9AJ9eVcVy57uQhjg1gzwqL9q1AaIf +WwCfZjjKCh+m5w7w22pyJMv4H7ia1q6IXAQTEQIAHAUCQcgUcwIbAwQLBwMCAxUC +AwMWAgECHgECF4AACgkQ516QwDnMM9sziwCgg7hGvr5rVuljEZcb71qWxIz5fREA +n0/WuCxEgcCLq666KD61SnN09eoniJwEEAECAAYFAkRYd/AACgkQxEq4uFAyfflg +jQP/WlvguCJ+c+7cVSmWQWW4Bw760piY1g5+17mm8qg6somgJDnAxN3Uj5uVeWaI +M/Kg7Iq4FGTMNLvsf3oCoDKPtVmbnvf9/6iZzGx+0hzrGzJM+jiKXFDCG5D0CVws +L4a5S2ugz8pKG0uyXLONzwh+DENChvmiR/OnVuxaiIHX5deInAQQAQIABgUCRFh4 +AQAKCRDESri4UDJ9+WBrA/42jMhpm1RmRmVdgVq7PsuaEWfCqTeH33ldfa9UKifn +jEmFYKyILo1pqjn7Eio383SQReq/2tlx5t4/rsYcrbi3QGpznX24dVNCT7Schlbw +V9DPqnSjxqlDCpXiJOl72zEG2aVpsfzQoVGxVw9QUSY516oGBqYuF5Uxv7lskVxG +k4kBIgQQAQIADAUCQop31gUDABJ1AAAKCRCXELibyletfAMCB/9RcejKkv3iA+pY +vdaoUcG2mNBw/zYm2R1Al9MQLqZeWuVYucbwSOV9ZawCCpvd5aSPyMHzHXiFOGJO +kvqg8RoK73QC2YdkrkI8f4l4DHbCrum+uctBNWAkD2LQVzdy6bsF3gH8YyM5kV32 +l8Gs8O8a+uKtKjWhLzxKt/u3I168LFaZWYL4EOVqI+6cL1Osn4BHGJuKtQx8+a+H +mYrr1LXexgKkp+odjCBIaw2QY0+YEGlPzE8+1jmBjqA/xwxg+gocn9BZFWScwBIO +pCWycgWFYYR1DJccI0wdZgEXmTlMyzdua0NuUeyjN1tERPeIGzVd7qsKZnbUHqpa +wj6fA3kYiQEiBBABAgAMBQJCnrFuBQMAEnUAAAoJEJcQuJvKV618ZH4H/36bpZs9 +UT/dpqZbzEFVI8Qw5wBHhN4AeEeqt+SggDtjjrIZQWYdcPiJcgCuJKHBA/Ida6fI +exXZKjGYNI0MtOmc77XDJCM3FS0fwlrVvai2GkwqfLHSawYvTfCp4Of7VWEAAiyk +fjH5UoO7iAur5qnPN5OeRtmm9AwL188RSJqhCiAD59Ept5goji3B0P7UIm/K+RlV +7mDV3sTcAOt00hP34zmqOswTWCVZP04zPkGsuhj3KjN46zB7iLWkNbDhuud/Uf5s +DQ2AeiX14wlNSyeqaS+2GAsl7lwVjgUimY1p3WlTyAyO+3sBjXblS0q95B4MoFXr +DToV/bVwePGrgTGJASIEEAECAAwFAkKzHe4FAwASdQAACgkQlxC4m8pXrXyn9wgA +n4pGrOI1JuY9to0acd+PQmhdaRzXUvsse4eo0lhaol8XzOBWK7yAxrL9kwtxqqz1 +mSGEKapk/y4kDXQp9gfc2tOHmIInCKe9Je9I5sBP9WML3SQqqsBavuJc6MFpzB97 +1amed+iMN8FTXozpYDd+47ANT8uE/yPHmK6ap+u4SnxM9EvWTDjrXPKmo9Wk0/gb +t/BMhUPw97mjdKRsWMzHlC284X4Dh1RPkMy1NNVNDgsIwHf8kdY919V6NkROPygJ +kZBufKA8uyae9M5VCVq2AbY9s4htC5v/jac26xCkt0xMjT2oGG84OMFRQn+mtLis +3cLXfXIJPIdBcIpD5OGUqokBIgQQAQIADAUCQseNLAUDABJ1AAAKCRCXELibylet +fCtBB/9HMbChxQhM8NCpF4fJ0J6zYB5it8kemFT5oehdgHnrqJyNqd2i9yyoF9dp +cGjruMzLh/IrhxDktC+MLpbjNbgZuv1TIuwVyucLNF07XwsJ7mezCyUV5d1kA9Cq ++wMCXqRl/vKRCOIRKLl5MUqC0ZroVglDk+/1VeliX44NJ2YbfQQrMqIrkXG1Hi0O +kMp0P5I94r7vC3dMwQvbVcRpxj3sn6XJ6GY8IMa9uvUI9vMiXgOQNvFybXudm8wL +orfP7ejfr4qdW5fGm1UNFULxtyqO2yIA5+EplFysZjOnVaDX0pLhjBWQogLUq8pG +gMdGQxGynAhGaYxKh9bzChF1ERIRiQEiBBABAgAMBQJC2/xjBQMAEnUAAAoJEJcQ +uJvKV6186JoH/jhfhPSIyAdnUvjzux7CggHPag1Hw8ZcizV4rWRgSEDb55qldHHV +cB6m5I4vZjHXK7EU+TnVHJmCNfiKQAN0t5OdzPfm2kG+X3lyLFZuNvyuYfGD5Ru+ +EquZucuDnY8jUakFQSXaC3A+RtA1F3Jfm0xJJi+ptt2bRYJlE+HyZbfl4RdijPZC +TAgQwx10ByLSP9fZwEYUUSs3kQq+LS0j2pPMJFS76hawr7WngBeJOqY1IFeJZZHj +6pYEryNBNl+BVwMvBGzujXQd1ITHpT0iOQuHTMiCH496VK14C9mF2MG+eMTMO/2O +Dc9P+bvUKCod579oYxAtlmSdjI/MJusBO3aJASIEEAECAAwFAkLwj9UFAwASdQAA +CgkQlxC4m8pXrXyMcgf+N0uHYpleftu8nKdLKlt+YMcReimKIAMQ8tStQNQOKgfC +uZeX/fRzp9L5+YYdsrfYPMVKu0WmBpcWS7lzfMHBq5JVI1mjHtLZMcJ44xNHbolD +NJHXc+kyBzSGq4HXvYUi7NbRednvJyJNsj7GCOdDglmDOtgGcIlT6ksn3/JDVGpD +I9Jnq4xxQfYxxfTSPwJAmGqRbAgudWiDlAr6YGAmUH7oW6B/V7K1palFKJMuWX8h +S+WOC8HcyRABJlkdadm1kTOVwj8hUXbtONCW/qj2itSpZpSC13hQb+27Vf1FnaBK +2J5KCOvUajDWixWe3zncZPOWqV3HGHKCfTOqodHWbokBIgQQAQIADAUCQvG9SwUD +ABJ1AAAKCRCXELibyletfOtkB/9F863LQkZpx5knJ/fO68obiWVyIs8v8tznd3zn +2XpOfgOy6Hq2GNkXZHgYDaMehKQkSsAkm6Sycqd1te3Pex8EXItD3pV27XN8CG1+ +gQPCqVA4g2ilT+vlFDPM72rm1exv02+rYNrpI+AlxVoI4tIt8oJeYDbKlo8vkIXv +bafNmez6D+JChYf9Y+4V3a63kfH+T0nCf25xZA9xyM4NFek+Wjik9NDY2URv+ENR +sVCAzuIyuPMB58JsRiIpMoTjF4MqXnTjptRsoSzIZtGj4EqAixOsWFVNv4r2Cz7Q +sFfFEVgtXedfNP38ahnuQMCEAV+/Bb+xKoiSu4oALTbFHrexiQEiBBABAgAMBQJD +CM+ZBQMAEnUAAAoJEJcQuJvKV618zNcH+wZ7qz7/+fu5gTl0haJ3vkU5jWSESFzB +JrFWI0THgMDKEPUrUrASmheC61mx9r++boeQI7JiaxHAxMzojKCkDCKhJxsZv5+4 +4C104SGDE4QCEOJI63q5ByVvRHiedENN/BpaerQBxujZrU93CLSlNluGbRYl0TTw +Xw6h9pb6t2Wes7TX3lIkfRJZFexfLOkv5iVHpl+6xf8BPSXCRS7XcxnUhraCQqnY +Ol4h2lPeBMHv5cJ4R8/lNEVja8qaY3Wl5gy7w+ZZHt19byhN4aofejf94NrgtN7f +FUKW9OwZdQI9D/aLuD3cYkQ+cXAZBBuqlxjiyrrBCDQA0Sc2GeAYhE6JASIEEAEC +AAwFAkMam9kFAwASdQAACgkQlxC4m8pXrXyHygf/YakueqBs7CiaNBhjjGQa3LRH +rI8YUst9Z9gqQTVo+3QhlKRPGD8Yz+kQvzCAdG5xSKnDmMgAoBFe0Gk2T78TZ9II +JrTVzxLzESd9XqjC4GPRPN9q7OTw71G2QKZ7ZJs/Yw0rXPnXNEq+28oM5Ym82ETA +gXdlQn7nYXPkrlk9Aog+/faPWWM66HQCJj928d+AYf8DjyN4YUZNssy1YJAAFAek +DueYv7CD6ixJ8orrRDm3uFhEBPYKxTACvRFB1iK+quU6sEeTNjzzWQfekDc6XVBq +aqNsdEOjHVLrxxTJVw0rpr5GymF34sGlXJMESGnJTVXa3100m+HeM+Z/D78d64kB +IgQQAQIADAUCRFsNhwUDABJ1AAAKCRCXELibyletfNWdCACGxNuiNGihbHgjrwc+ +8o6sAgSGrHTij7N+uuKE9+xofJceZL56CKYtqyDvpIGYBPzW6zDXQMnpUMy5/cc1 +R6xl71uaPzBzM+YrukqdAuFdSaaiAQf3NOt4f4hXeAUzGqo4q+LG8rFcKmQyvzAf +yuRZo8IqUZftDMgUXelsJh+StWLLZg9TeEEo5KjlXHHRBA7sCaD510vVCgLKYOfM +JyIcs4rRd+/ejQNFGXWMG+Q/EZ3RzDuTQrJJF/lR2+Qs6OiXqkGGfBSZeEzg6K89 +8f4zPFc15LDuJtrFV6jGOMy1xK/XdKb8G4nN1AKm9CgTumzawUgQiqE9alGf67SP +mWeZiQEiBBABAgAMBQJFItJ3BQMAEnUAAAoJEJcQuJvKV618RTEH/2QK5OJMCE6m +IAtFd9/fLQHuZUKam1xYsN7VDFVATphNZiSoobpD1TER4Z8PV/vlHf/aOc5RaEW5 +oiEhvuFCFRRs/WbZEVAqhBkU9bU/VBhpvE7smwYnA8Vmizw5VeUWy5gbi6ZrHDXF +jtI3c+UFSqf+QMX1dblIxIeia+47qRQ+CKdX7fYNIRxq9jRcx+7fJSg/JFgYtDcO +jiD1tqgeYExhxjewgEKBOSEsI4WTuIuayi9v1Vf/UVijH/2qMLhyRBb8G8hTKmgC +iiLhixqHH2T1SEaD8DiZS5fWMyU8cWfBRvROD2y3M7ssuC4AlccpvedgT6mO2CTB +eiz93eWdaYeIRgQQEQIABgUCRmAI2wAKCRCE8MXENIOqEyU2AKCEUCCPozM3ZGsr +zOR3GyXY3Cc3bQCfbpi7aF6M6z58kZM9zj8W22jsY72IRgQQEQIABgUCRmLiCQAK +CRB0v0rS45Vjgbb3AJ9gnUvnsMtzqIjlEbNMwfxxRzAh/gCfRDT988J6CUCb27sQ +hnb5lmjVd82JARwEEAECAAYFAkfTn9wACgkQsmjnBv9c9GPc9gf/QEzskIGzF4ii ++f7QhTPhh2i7QqVcYYYGFmArKYpyy/srbhT9MbKphAaoBO0ZcTM9tQXUgOJOqy8s +Cm0SitpWOwo4cnH7rAAUbMDP5X7oyE7Pa8Cvj7Ar0XjDlkhCEyyjizd2FHnY7qrX +Yzmw7aNTZZk3Jn3JZPWYayiEaduP76JHBWByYXwGULa+yvXwxpJOhykK9L0Ks+2B +jdw++S5olu1sso/1Bm4d8kBhh2gqcx+TZUi6RFWwM8g0uC8bkxicFF8KRpetjB4B +17GV+L+UOnJLnTefg3yb7eDl6yC8ITdP8nYeKgBfkZH85oFouzQwFKIoaQWAIkSP +gPAbccnC/4hGBBARAgAGBQJDSi69AAoJEF2lxlUw9Iv/HK0An3ZFlUY5JNaV1/SV +jpgibtxYlI9VAJ9qzMb3K4Gp4wT9tCIPpjxKMUd9sIhGBBARAgAGBQJG6AEhAAoJ +EFuNpocPp3TZsgsAnRmyCw2uvXj/632WumG+GF1y70NjAKCGADcY/8lZ6JnI/+UC +7GOKzrafHIhGBBARAgAGBQJHWbZpAAoJEHIENnC95fHuJuoAn3IyE7Hd8fOQ+Q3z +1faRLmuqq3iHAJ9BPvN/9BIdlKlstca4XkLe6N84q4hGBBARAgAGBQJHWbe8AAoJ +EOEOegnnL3n6ILgAnRZ7hNzK7GWOOQsFurWRXfw7+9BsAJsErGlpGfuF7uRmt7qq +hJyY4Vz7CohGBBARAgAGBQJHXAs1AAoJEO2/HhEm8iS4QJUAmwU3BSB3yYYGmvhx +9xk9H8/boAUjAJwK86mc/ImzPcoWawuaQy1tI70MlIhGBBARAgAGBQJHXYG4AAoJ +EIUGW1nVLdGn3LEAoJVA/X+JGh3HdptcG8Z7dAFTxPvmAKDJzakOgRiWWg1PiJjb +A4HSyLfcz4hGBBARAgAGBQJHYaYlAAoJEFB4/VGsulDHfeUAn2PJH8TB3uyBRnGW +w+CedCYD0UIaAKCuV2pFwcoPPSBsDbT7YLoUIMZR14hGBBMRAgAGBQJHXuK3AAoJ +EIXCJ+WlVzjy29UAnjT9AnjkZIVCGAnAGKUlHrtIHVMbAJ40IN3dXHtCNmaXKT5F +qfWoryrBG4i8BBABAgAGBQJHXV8qAAoJEO2iHpS1ZXFv+F4E/jqcYbVZSb1phM7R +nB7v2xPaSjTosUGxiCkgT9k/7CiUDsBGNKzOiMNQ5rvX4ClybCOr7tTa5Gv55J9T +9L0gLS5sPTMSSDBE/Oq1UQKI5DhKkdFW99u5AekkDm2Iu0D2yLMlJj2LuVyhY7Db +5u+3ykRYbt3dqDc0FyCvV/l0t/XbwEfotpvQ14/lY0OE+Z9zHBl8WlpGRYmRE9/d +8WmT3qSIdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhlBQJlr7ayAAoJECj4 +UCn+9uhlU2sA/2e+9vuhhz2aYvuOxmsFNdO+EJUASGjwPueOdi1L5T0mAP9FJZyJ +4ERMWaRJeZ1wYWrelYjCw9uNdTDIWNYCR9NhALQvSGVucmlrIE5vcmRzdHJvbSA8 +aGVucmlrQGZhbWlsamVuLW5vcmRzdHJvbS5zZT6IRgQTEQIABgUCRB1GYQAKCRCG +e/mp+9PrjjYNAJ4hDKgDDa/fMKzA6DlZ4g+BQCY6pQCfVt6nx4t9sMJBvrnONIsY +Ykrz1AWIYAQTEQIAIAIbAwIeAQIXgAUCRUtMSAYLCQgHAwIEFQIIAwQWAgMBAAoJ +EOdekMA5zDPb+CQAnRw27pVHkdX8wDLT8WuR04pC4udtAKCINsADI/slbVUz2I79 +Dm3lwMfqkohGBBARAgAGBQJDQ57QAAoJEJ8QOwnTFo8y8BgAnAu4Xgsmg/DoDY30 +MIE+e8zozPeXAJ9DJ/lwHs2dWyRrjX8E2Cav8AK+PYhGBBARAgAGBQJDST/OAAoJ +EBIG8aOS/Zr2iF4An3T9HGOmWwpkFHAuJjn6H2pOIrRyAKCRfZxkjKwgkWjTeDeg +DaY+tOdXTIhGBBARAgAGBQJDST/kAAoJEFZ6xPbaO03a0/YAoLWZRRjGhqdMbb4m +T6WLl+Z16mMzAJ0Xri1zsl/9EJi0TgLFwm1i88mHRYhGBBARAgAGBQJDSkgnAAoJ +EFptr5X2ttOx1a0An1qneSbzwbMZKVuxyOZZUXbU+VnqAKC5mkWprSU4tLDFk4a/ +5kk1uiI60ohGBBARAgAGBQJET5paAAoJEBBhBMFvjI7mSY4AoId8jrnXL5bTzDyl +D6W60gC/Jb8CAKCdBYypEipboOYRCBHAeReO+xj2aIhGBBARAgAGBQJET5p2AAoJ +EMYwNWEaVMVzPg0AoMwoQKKFgWnfXRY/5p+mx9+asJ4aAJ0e/Vq8rIDPquBAnCc5 +WBFVduBKFIhGBBARAgAGBQJEV9DMAAoJEK98O0yw7IofeE8AnRzcHl0Mtr8OQrok +m1z3pyQevzL4AKCW/PoyQdZblCKHY0cHSLTahywjvYhGBBARAgAGBQJFVfI9AAoJ +EOwOr3E2d4AlhvIAn2zvjZVAaVktWWuX9noix50vKdJIAJ9e/yRclvFbE+cyQmBx +iV5BPcgLtYhGBBARAgAGBQJFV127AAoJEPG6TB7RyLqP6AEAoIioC1zIRVwjoI9G +een3k1rxKilfAJwMfferltyQ4sQJ96PTjdWouKuYp4hGBBARAgAGBQJGWsq7AAoJ +EKoF5RZ29M8JSB0AoPUQGJgAtgx/Axclv3xu7qMXZvHAAJ9jzOwoxZhjbSco3DYc +DnHARXqStYhGBBMRAgAGBQJDTd97AAoJEJz8HhM4K2MX9YkAnjJZaiuU+tN9pSzO +lWRaxnVeunU/AJ0fZVJ1w5nciyXUbvbVsE7ouweDI4hGBBMRAgAGBQJEWPm8AAoJ +ENJb5uar3hAEzOEAnimv3ATxZ9lrbyzpRy3rTtT/V5EDAJ49wwTvx5DjWO7noXvx +LzzI80K76IhcBBMRAgAcBQJB0zmZAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRDn +XpDAOcwz25+lAJ4tlogWpTBuJ4Hsaj/re+OGwM/HgQCfQGhVnNgqlEe89mwif96k +Ri1RF2mInAQQAQIABgUCRFh4AQAKCRDESri4UDJ9+aYvA/4oV48yywFQgU9LkksD +km7iwKbnTsNHb6Ivp/Z/I9srZriX000usI5+14o3ds5MtqEjxxCFDyo/uR+9wVfd +qbBovrXkMJSoxb4TuLnNVoRttcM5ZcWkXpTEVwXYvLiq7cOhjJQQGx9GIl5tyomH +RAYiEpTy+8HUt/FJ22FR7xDhD4kBIgQQAQIADAUCQop31gUDABJ1AAAKCRCXELib +yletfA3SB/4pgPo+n+qOL0A+iwKUHM4YKNZoZddQfQhLKZfmSFue1MzMKHg9pUPT +sMq8idQENqx+0u0suWAWe9Pw4u6iDLllUe134KGYyMl2+jz3exCWHtEmgCOJI6Xx +edR/lj6jBuG8xnY1ODGn1DMJdvhTAMWKpCcpbIdEgRCcOPg/bCUcq+ynlXK52TYX +sU591Ai63goj0zf5lSr05RW/ABtT+Sx13pHGceOaXB0utXE20y4BGL+WkVSHKTHV +m4TALzjrTUGfdTl0zOyJ31zQe/d6Rwir9Xrv2OMK99eX/XZrhf8K9SLnuEp59Kpj +QLBpl6HqHpEgRXg0n1vziRsE+pWx+y/tiQEiBBABAgAMBQJCnrFuBQMAEnUAAAoJ +EJcQuJvKV618W+gH/2/Od2gN+DOlvjfksvAWvYpZnL1xZ9EqT2XL2sxGcZXPb7LY +ZO5I4mDYv8sF5UHUb5zpn96xciEEER/CQI7LMbPKt/gDRg08px/+xHUWI+3syWL9 +sX8KyKWOcLCZg/h5MeCSsBpXHHRSXFaNVxIQENUhIp5xqm3zzhhh8Ip/A/996l2s +2ldisDiKsobmTm2sEE94WZeI1J8XIhzcrOi4KDqjz+PLNDdr5TjV8ISB6no25BdN +UhBUViaif2P/8DreZt5/wF2MyOM2UoAWA3ngDgagqauuzdsGEM6GlehxidSuwmpo +3ZbQNQn8H+X8K5V8acOJhvSKJkorIpDFcLroSYmJASIEEAECAAwFAkKzHe4FAwAS +dQAACgkQlxC4m8pXrXyDMQf+IQLn/3jdb6yEairHQtF/7rIoJA6ru/7ajtZxH6L7 +geVwa3+Zh46jy8tqn0m7fRT4OYxhqoVZZOLGoxh0zw90qaVlk7S1lbb/zmDZs8ug +CSHYhS+bgVT7zRCBXlE9/BeUGVpsPLFhSfg/eGUJB34HZnVcjGZv+pFkF9TRUSll +ugX4Im+WsWlkxxQOjFZWvmL3qrslbshDJeK5tOtDAHWg10JGh/PrvhcfhZJVxTtO +d/4vqcIyHf4aTEM/h+byOtSeI4YJhW24q5vmhS0gWR6DbGBMQuNFaercytZI+3mc +18lYxQ6dcyF6GAvLPnDo6vpPacB6E5RSYenXSfjXlfsF24kBIgQQAQIADAUCQseN +LAUDABJ1AAAKCRCXELibyletfPr4CACxGgNTJti35CxKsAKKF4EgYijnbmWxY42x +TJ3GNdIz7SmlIOSQWiG1BNiqkBnJgzU1ObVL+EKxIDyv9Glq9/U4s6vAASDEOLii +fQ5qtDZSimK0+HUnVdxZ+Z6lobcEjBw/R8EbiytaTw4WR/Mea0TxzAjXBrFoeNpR +Amq5Th37Lm0HpwqhuE8DeFWKVkHenlc2PqUo1de10mgWf+hMecdEP0Fpnc+Y8G0c +YYrlyA66eWLgXILNex14l7a2P6TNSWsZr/C0Zf1yf4bsGpZq9+JhqVDMGruzqgVa +9ezNgH4u2FnpUaBtPeqEpzdS9ZwwRELqSN/8Q+nAmr3rDpf6UVDViQEiBBABAgAM +BQJC2/xjBQMAEnUAAAoJEJcQuJvKV618GTAH/ikUf5zPHXO54lYuT6XD52IMgkUx +sJ+6yuYmNhzwHbkaDq+DLGVQk6r8Lb2WOkojU1tTxpbYW+wqNePezTerq6GpHc3x +YwAsf/dgYsNnGlrBf2AcNvkjijRiB/UDihLein3OAUwQACHEN3SrEiND4s3PTTo2 +PitrNkooyIhv9/MERu9wKt4UhsUA/Un5ozYCGHg6Q2KrxJgBzgmvWHw4IceK82rF +3G0+pCPcE159I8LYLzUyEH3IjbUhEWc5FsAYvrDcUSs5eUASpeb5r3b/CGwusw1D +bb5H9NrGDwPxRhb70RoRfoZxqt431cnav0s2eahCCVMM3A4Z4zDwdbYxxJSJASIE +EAECAAwFAkLwj9UFAwASdQAACgkQlxC4m8pXrXysDwf/RvfiMYXMg77Sb6R89ek7 +qaMY6K7F9/ph15l74Fknpf57MrktiPc9ZKfruv19cwlYS4sN3o0gDvHXDOQ72dNZ +XO1KsROPMzl3/iW7/OV1fBqFtDMmsSxbywktKyIhuxiqkZPzfB9w+MTBa284UlpS +K8G1ER3ULKlu/EosODOXGf7T+4NfRGh7OL45nCM+HqWm+Q06DX/Cop5sR6diygYd +kmDTA1Dh4RsouzcYstnS3Nsgm++3AORwJdIfew8l2FtRPASaThl7tBe02/UqyxD3 +nYufDQX3j9IOPDX+KtNqqYYuCQwrqkcNreVwfiXb09eOhROsTD4louKYTOxOE47B +9okBIgQQAQIADAUCQvG9SwUDABJ1AAAKCRCXELibyletfFC3B/0dgS6hjCg5L2NW +4aGM8Sq9XTeYPHGD53LlRCfPuPN6RK4jOEpKIPQzkeZJYok4FA2MWPM2+pXBkeaj +zpexI/CKmwAiY+PYbr/MFe/0VVrvITJtjE2TimjmOqPrFnJJ7FthxuEzFzkA3alf +jYtX+jmG4A5IwlKI5wPHPvVv70Q9e94XHMSkyUqyhu6AQ/FTUN5xy4JWM0DseTXL +cxSFLbDR96Zbe4f3Vl8LxF3r1gscPkhMCpsxKFkNorxmUk+FhWbN2mo4eX0a34P/ +aCxJZLFpvz/pD+Nf2Rdtpls4dlnYFkpFnwzOyjsFmwhopK/b5pYuvIwJetXbkP3K +mM3ktMFHiQEiBBABAgAMBQJDCM+ZBQMAEnUAAAoJEJcQuJvKV618D34H/irjWA9R +0ERdWXtmVfaeXGGiJPW0/GDUafQ/4nYGXdybyapUMHAMp1w8VvSa0ZYGXMB+1sl7 +aKfY+qfR1+PSWwhUNm0wx8huAo992PlcCTKkdfN1OykWsQUNFEA5q5ep+VQUGOYu +qUgOW6R4U3lPlyxS+IXAO9tMmWepYBIVRGj3dJtg72vh8XQCsXSpNJ8SDTrTVeZ6 +0LM0QYKH1kK8um9CQUNYbGULTrSlkjwFYphTEaxJtaOclhopZ8qmaidEd1Ox7Hv7 +utUdAz+sMhtv/IOAH+NZnVdEm4YhpaWj4hzHvrChmyH30REg15yvA58Z7sFImwwD +h6OlFVF/tQsymniJASIEEAECAAwFAkMam9kFAwASdQAACgkQlxC4m8pXrXzKNQf+ +MGuXZ49+r6Pf5odY/t1Hao+bLIvPcN2MTfaYyweXXv277S85A24ObttZvYhwRoLa +3PS/0IPTNMHnrkAQB4gNzh1P+hk5tos1UuC+hNAxtzM71pB6XTStcaYpdYgpL3Z8 +7Wxs2NtECME6t/g49bGCdfxvoWSMq/c75xLIyJ+PkdWL254UWUHcDYRPJy2HVpzD +CW/IKZcpZZbc6DsjO3BvE0l0zF1Vhs8RyeBjKtNze22j7ny8ZBcOheNluuAi/3GJ +zCjhfqOgHnlS1Dlcq0g6lCUsB9s/YBGCivIPH+g4rWIuUvQHBoLKrG2kfGvY1YyU +ZEWaKUFX7Jte8i162BUppYkBIgQQAQIADAUCRFsNhwUDABJ1AAAKCRCXELibylet +fA5fB/96y5sehAwOc2qoZd1BbkWi8Rrupou3CchAIQvisFLQQpg3FCWUO9LrfvUN +qhNFIvBtEohqxLgP3D2wZK4H52aqExmgbujBW5f5FT+ggJ0F3lz/VdwQ/DTOlkaB ++OIgwXJXpY2pLMw+c8XiM+HSNZavn1wD+pL+eL0nhnmyPH786cOUZE9UPxPN5MQF +Ut5L+BLaFhFx8N96L9MI82iCeHGpKvSFugx8qJS80SGY8r6l4j4Rva9wGc718upP +b31xEKyKsYHMwc9P/9cgdL5anubOA2+06Co/+k4bX5YM6QPy5MxtIjRyrMgjgLm6 +1P537YfkuJjEu03ayZqH1l1W9gS5iQEiBBABAgAMBQJFItJ3BQMAEnUAAAoJEJcQ +uJvKV618PrUH/i/eZ8zrRG9aMysqA9JwMREB/Bh7twfMTQmb+BocPXyJeATDaiL6 +xHDShB6Q20f7ovIPbwo3M9Q1TjzUX99MFPCJnNvBv50z9NM3aAvpdVdT3bKm2AjF +itoCLSYe8GkF1Z82MsivE/R78/Ba6kikpouj8a1M1ugMWPwYJNmpaQ7NVgoiSP8U +SEV7Y/8T/uH7Cpf03t1MEXhlqMoEFy/HIklplObU+ptF26McCySui7p7XvImnVPN +I0K5xZxNbLnoM9Z+L6awxLMUzkXGkIFvD/H++0/O0amkp1bD3A2HOIJFKPENYcTl +iwCjBANliV9x8POCZoOInAFg4y/QFXWcowaIRgQQEQIABgUCRlrNwgAKCRDVOOwJ +U4BXRq2WAJ9R2/fWWXZoVIVlc9G085MuRNSUOwCeMd2kzjLY8kkAeAwWGT5xzjsJ +zDuInAQQAQIABgUCRlstjwAKCRC2QtC6ZQOHx2DMBACCyVHiDmWB82RiO1TxGc6R +Wv6VYDLXK4/tb3NuUzAkQWr4lI56C8squ8k5LJ5F094gWJEpJiP6ABdFrbkYapO0 +anTwOdmHROMulFAKptvamvMFFqQnjetDjpEI2VdPvrDlLosTn00URYRWlypNKmpl +WkJ1vwbSEIEsSu/e2XU2KYhGBBARAgAGBQJGYAjbAAoJEITwxcQ0g6oTOykAn0n6 +XT0SI4uDazFgOTiRb0ZjMsm2AJ9OTeIdYQerDmbW+cQ1X7Fct3KbyYhGBBARAgAG +BQJGYuIJAAoJEHS/StLjlWOBJzAAnAorg2rqHMR8iNh4LPWrOT3Pghq5AJ99E7qR +gCDptYI5MdXg/PsYi2mjoIkBHAQQAQIABgUCR9Of3AAKCRCyaOcG/1z0Y73YB/9b +GD+u12NVOFzyGpZgzz//dS8VDzrvfGP7oN7iZLOb9U3/Rnkmnekgcxw1P14ZLc2M +NiHbsZ6zj9eJ7sF8mqEBcHPFy2312YAMHRxQ6dHK6Kewumyt7OKgo5fsMrBYtLNQ +lK+W9YFPb3YMFkyuAI+Ti309eZO8mDCxOJCX++wD+PQm5l1CYM9lLZxC48l+cny/ +NRCThC4I7iJnGQ0r+EIlewUpwVV0UxLy5QCjN7aFk+zOvwHZAxxKsxOMAk8moj/I +CFiwpxQdATPRWMYG7zIM77etI1CSlCBrkQwenk7PJ0cpW1gy27npN9wYIDdGUNv3 +JSBYVHJks5aUXyuSVnSuiEYEEBECAAYFAkNKLr0ACgkQXaXGVTD0i/8UbQCgiTaV +S4YSX2KH8KcRw9bMXED3lp4An0/HMLXln5B6KibC7tU3tuJB+UfhiEYEEBECAAYF +AkboASEACgkQW42mhw+ndNkBLwCfZmYbI3l/EEMoMouwKe8N5TZnKAMAn3E4zGkH +jcpvZDT/z09VcvEtyUQ7iEYEEBECAAYFAkdZtmkACgkQcgQ2cL3l8e4D7QCgoVjL +7RvbtKkLBsAYABZn7MZeO8kAoMbil1TBspzBMJVdz7LdBcpK6eXxiEYEEBECAAYF +AkdZt7wACgkQ4Q56CecvefrlFgCgiZzS+WvoIGHwpne0M10jiHcBTT4AoIMTjl1N +pu9Dl8swL/gWyFM/oXO0iEYEEBECAAYFAkdcCzUACgkQ7b8eESbyJLhh3wCdH4Q6 +OJmQoSN49QmzVW1Ms3KBE3oAoJpvDtf3vnCJz5LuD9uQa83zzznSiEYEEBECAAYF +AkddgfMACgkQhQZbWdUt0acnjwCg1pT4Aqq7+u087KvIoLDHvxWpoVkAn1/lPka2 +FXZm5pDbDJbpBnDyPw86iEYEEBECAAYFAkdhpiUACgkQUHj9Uay6UMc11ACdFmF9 +FnY0Ge/hAXcpjgeq1Z7Jr2gAnRsRGFsnUzQg/DY0TVCd5nVWojLCiEYEExECAAYF +Akde4rcACgkQhcIn5aVXOPJfOgCfX2clf1maYwM3HzJxSmgpgPfXvh0AoLFV+NqM +n6PvWvk6vY/U8VnEQf0FiLwEEAECAAYFAkddXyoACgkQ7aIelLVlcW/4YwT/W4Lb +5FC1VYktkrppAzBfssH/Lzo693RCdlA0IzAgmh7dMQ9ZYpI5IhulG1u+f7wuI+3e +zcIH2GqAlcNo5nw5f86P0D+XBOd+HUlfyzPott2/ZukT+Q+r33DnaVzpQ0QJDDHd ++dcESyB7ERL33iuDARBA+wbn84MA9974HIJv8rAEEKeFBX+QEnLkezBKgKx9WusN +NtpcNFOHI28DjYMuyIh1BBAWCgAdFiEEKbSx984D0bHe0i8wKPhQKf726GUFAmWv +trIACgkQKPhQKf726GU5kwD/dNNN4FiZlV4fjc5dGoMqyekVE+DvKVupAAPu7Pkb +hGoBANFI9rs9zuLfyVoj4A3nbbd599qP+Ij3P5wXhaPkkEMCtCxIZW5yaWsgTm9y +ZHN0cm9tIDxoZW5yaWtAaGVucmlrbm9yZHN0cm9tLnNlPohGBBMRAgAGBQJEHUZY +AAoJEIZ7+an70+uOm7UAn0C3R33QguW6tNnUlWFgI16pX0zHAKCSsbQvvnI7L7gi +OjDR+9VWneWIDohgBBMRAgAgAhsDAh4BAheABQJFS0xIBgsJCAcDAgQVAggDBBYC +AwEACgkQ516QwDnMM9uSIQCdGdPGwnWdt/XyxoKq1L7600edgVwAn2X9J0z4rJjv +sFsvD0Z8ofIp3UdxiEYEEBECAAYFAkRPmloACgkQEGEEwW+Mjua2AACffoKWDO8U +tuf/CJJIAmWBSw8UC6EAoKe8D/cKUJ3OkQW8y6atgthHp06TiEYEEBECAAYFAkRP +mnYACgkQxjA1YRpUxXMVFQCgmmNb/MiSXAYTdH8oJya4acARTmMAoNzOxBriv2Op +85MjRxUEKoOsLcpTiEYEEBECAAYFAkRX0MwACgkQr3w7TLDsih86QACgqexHlolO +8ZnZkmbg+NUpZ8g4tzwAoKtroezWxaUgqZHljo3pUk8+gw1wiEYEEBECAAYFAkVV +8j0ACgkQ7A6vcTZ3gCUKcACeIjDCqnHOQh8vr5NpZxJABUtfbM8AmwST3pWfRYSF +MpuE2iNnfXO/8AsGiEYEEBECAAYFAkVXXbsACgkQ8bpMHtHIuo/4igCeI1iIRU5P +UVRl71DSO2+mfIfK/UcAni7pmxnP7vH/2hmMLM7l1b3B1Om8iEYEEBECAAYFAkZa +ypwACgkQqgXlFnb0zwnZcwCfd/LuBED1UYuOkHrnCZqeY+jn6IYAn3xRJJ9x28Cf +D2aUg0/09nGqwqH+iEYEExECAAYFAkRY+bwACgkQ0lvm5qveEASvhgCcCxAqi+EK +UcpfVTJ4FNp2/SeCfnAAn1ZoP0s76+4BO1oShMVUd7PaBQGEiF4EExECAB4FAkOM +1KwCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ516QwDnMM9tdAQCdHz07mmlz +MWOVNg3gjxQdzD8CiNQAn0KM3xy516/pYUYXpS7yraaOa0m7iJwEEAECAAYFAkRY +eAEACgkQxEq4uFAyffmlCgP+IwWGYAHZ1hkb2bzG3ij9i/DyFuWW0EhsSzcN4X+B +D0ILhqu/uYB0ykHROzDZVScFs49KVx9RJApUzaRJi57c3nEp9B4bKf+L7zfElDAu ++i2ZGGYtE5QvWn2Y8cqG4DoxGSBzAZIxl2jqhfL/FenY54N8Cep52Uslp+ZLBZmG +XtSIRgQQEQIABgUCRlrNwgAKCRDVOOwJU4BXRtqpAJ0XwrPHo+lmyS8TXeuBth4v +JYTsOQCfQwNBx/bAOv7vqKvB/0rGLjAPKHSInAQQAQIABgUCRlstjwAKCRC2QtC6 +ZQOHx4ErA/9Mq/nAPG5cr18hNta+NQFvT0xX+3ZVNucd4F5PLGJK5MyKcxN9dQf6 +7DkCHnzjdUUZ1IcqLkJta3c0uYg1MamdQSCCU6Akw6i2NT6D65RCjJZX9/OkV7yA +LbkxxBOYSSDtMGUsA4PSC9kl9zo6e+h1BAyB+ZIVYZ31n46g97sfB4hGBBARAgAG +BQJGYAjbAAoJEITwxcQ0g6oTvFkAn0tz96gkA8hML4tqIjSBI8pMYkSFAJ9CwiWf +lNxji6H3eKBnhcJTUaReoYhGBBARAgAGBQJGYuIJAAoJEHS/StLjlWOBUHYAoIDl +k9FrDJz9bVbulducOHVHaVQxAJ0R0AHJhBI8XzYMu1M4W6uy+onMrYkBHAQQAQIA +BgUCR9Of3AAKCRCyaOcG/1z0Y2TVB/9eYM9PkJteeANIPINRs8dD9JLOzht1xwU6 +6aAA5FADKn6KTuk5vwcOYjCOn5lkL3GAdpsN+Yy7+X08k0dK+r2Ke8xsl1FhsuX4 +LVA6Zd7Lac2oTdVCorN2tu3KMQMcdsQoxhwdtPKHBkpiyuN5RBH0OzuShBr+qh9f +p0ac6aU9op7t8jGRpq/VMWYEqanXpklQUFMSI7WGdKJ+Utx1kJjp1BW0f4qoBtKc +/y1DocZUQ++5ZC1JYaDgcAS81eltLCqsL4vQdKwXz34MjRfTBi2xU2sKzT5B16bs ++ltohm5n69Ir+Y9hlAAQF2OiWL+Vb1sDz6A1ILN9S5x6Jz0qSGPkiEUEEBECAAYF +AkdcCzUACgkQ7b8eESbyJLiAPACYt5wO5itaNqCPyVHDCKmt1j5E+wCaAw/Xr/V4 +KNQ3AjuNtg+3b4XWq6eIRgQQEQIABgUCRuejpAAKCRBdpcZVMPSL/4GaAJ9lAMNC +0P369pa78S7lpCJyRJyLmACeJDZBvthqY4M1B+8jf0Gp9Ko7DnCIRgQQEQIABgUC +RugBIQAKCRBbjaaHD6d02a+cAKCDm8z2PhUwCNKgM6gkjUzXuVJ2ewCgszYIg89K +rLhVmxlqCwaThgolK5mIRgQQEQIABgUCR1m2aQAKCRByBDZwveXx7nKMAJ9oS3H+ +yY3rFfwV0XPy4DT9qoJ/ggCgmuB6KAiBM+yvu7Q1+brDJBCgfAeIRgQQEQIABgUC +R1m3vAAKCRDhDnoJ5y95+p7NAJ92V0qCcidST9XWea2kazPAUP4/vgCeJrVxTJoa +BS8xvbY5HDGKQ6Uu2M+IRgQQEQIABgUCR12B8wAKCRCFBltZ1S3RpxquAKDNDshV +WNoPCNpizNsgdjc/Kk1iBgCg9GyP5fppqh+pHSBqSXIxKnFcJfaIRgQQEQIABgUC +R2GmJQAKCRBQeP1RrLpQx0CmAKDOeGPs1SFH+unpdTEkRFXugOyMMwCg7DrHU0hY +mv78AQXiTNhWJIGKj4aIRgQTEQIABgUCR17itwAKCRCFwiflpVc48nt6AJ9Z5je1 +GofhkbpUpxv0yu/sOAuz4QCfaMgm8OxlGAYfFfT2CIOGCXohik+IvAQQAQIABgUC +R11fKgAKCRDtoh6UtWVxb20YBP45sUXso8fO+zoEBMswwOCVdqRCprDAkz5R8l/h +R2ixQHI7sqlgdmxpx1oCrjPd9rMpDcRQC+OWZ06WEeRPICjb94IksvB8y/qxGsMn +R4sB/96ZnbRigRQumIHRVYKXPZqT2xsS8VXPjT1ThKjzym+yuymulHQWFYQU8JZM +tMyla6LVuINKLEtWybAQ4JlrLgbJTR23Tnd7q3bQaJYXcPlSiHUEEBYKAB0WIQQp +tLH3zgPRsd7SLzAo+FAp/vboZQUCZa+2sgAKCRAo+FAp/vboZfdPAQCiCz96vj+F +ow9jr7hwqh6QQc9k5NrxWTXw6TBFpvboKgD+KZ7Nag8gXTjwRuTRcVHMLdnM5NOG +QdSHIABLfwhmZga0JkhlbnJpayBOb3Jkc3Ryb20gPGhub0BtYXJhc3lzdGVtcy5j +b20+iEYEExECAAYFAkQdRlMACgkQhnv5qfvT644xOACeIo6LLbeUwhoLGR8kbopd +5czDAFMAnj1UV8B4hxHxjQD7GKp8MwHHkut3iFwEExECABwFAkHIFFMCGwMECwcD +AgMVAgMDFgIBAh4BAheAAAoJEOdekMA5zDPbsXAAoIw7LFEiWVMf+7DkuvLjV3kg +ns0KAJ4kcJcQnvuhtkA/P83PhcTIrY2E/4hGBBARAgAGBQJDQ57QAAoJEJ8QOwnT +Fo8y96IAni1Bku+GOAHy4mnCq9kepKfob+TvAJ9wfLL556zyMS8m+3manYnZITtK +sYhGBBARAgAGBQJDST/OAAoJEBIG8aOS/Zr2jIsAnAuybxrzve9XScDBDhNSJ99S +mItTAJoC6daUjhMiYsRMCNp+Ovu1Alk6o4hGBBARAgAGBQJDST/kAAoJEFZ6xPba +O03a+YoAn1H3xD0OVJ6/8MvKRN1Qjw2+I1IlAJ94i9bm2PWNn5X0fG2IP3ft6apA +UYhGBBARAgAGBQJDSkgnAAoJEFptr5X2ttOxNpUAni12mIMdfQgSYjZfZz4zBW2t +dmpNAJ4n6zKQu5kBpMgzNi+PD0/BgGOFUohGBBARAgAGBQJET5paAAoJEBBhBMFv +jI7mAMMAoITLIXumh6OvMrrDhAQdXCh45Ma5AJ4+t7jLlkJuOMnBKWd1k0lesxyt +7IhGBBARAgAGBQJET5p2AAoJEMYwNWEaVMVzRuIAn1P1Ptzvy7GIHV+zezSXVg4H +/QXqAJ0bBIpt0222Yq4ERKTEEmhJv23gwIhGBBARAgAGBQJEV9DMAAoJEK98O0yw +7Iof0dcAn3C+qzuKUfCoBpyFqo4r64xkaVNcAJkBJy1JsOpKuolxmyNPFKZ5UW/2 +UYhGBBARAgAGBQJFVfI9AAoJEOwOr3E2d4AlCpsAoI5P4Lnrv00kgcJsn9EzK0ir +pOiNAJ9OYeYf3McG8fmVIj0Fa8uSxEKHd4hGBBARAgAGBQJFV127AAoJEPG6TB7R +yLqP+FcAoLLu7uuCOlFYfE1qXUd0jz+C4ZjeAKC9yQeTQi2XzdBNi0+lDgLunlM7 +t4hGBBARAgAGBQJGWsovAAoJEKoF5RZ29M8JZ/UAoJ8tByHlTO0iVA5xWxXIRliR +H+aaAJ0eRTSutJcYV1XkhIT3X9Uv5fNCDYhGBBMRAgAGBQJDTd97AAoJEJz8HhM4 +K2MXYLIAniiFc2SHa9EuaEdHsIlQjaYic5VMAJ4lnGw76XotZNEWRSkWgWoCa0CS +PIhGBBMRAgAGBQJEWPm8AAoJENJb5uar3hAEY4gAn1+Q9LW0oYmf3k1QgGtPRHRO +cp0uAJwLbVAlYchP4mmXDwY2vSge2LW5SIicBBABAgAGBQJEWHgBAAoJEMRKuLhQ +Mn35kvwEAJ2HG3OE1kKraDALM6vF/zKDKz6ZYVBGbONB3yXkvt5w+hC0wtGiJchR +5cqAfjNSGEjYc4K5SziPqkuR/j7I7HlyxIHEDT7D1vjMPMDd+gHXLVuQO3ZbzKqp +YtOvadlTQsw6NkhoHXhXXBi3kN+Yr4Kb/1W2jVWjlK+a0DGxKDGgiQEiBBABAgAM +BQJCinfWBQMAEnUAAAoJEJcQuJvKV618KG8IAJnH8D/H6br/zg9kMdhtEIO5Nh+g +bfia+TET4FfhZdRLwh9B7NQ+5qeaMZwEAp/NU7/FD3iYQHJNEY2Oexs8UnGrzcfc +CrJSg9E/yTNSggPcrFV2U/XU5cSyuQKo4pVJjgVnyE/xPYEj7UPKjXo33GmGHWIt +RPlLFn89cXqt29TkzsVyL3QOCHk8gSonz6JaRm2U/qQSCDT2MY1o4DbIvxnwQtds +q8p7iogO9bhfWGWL06S0Ly7PUkZFOlVBuOL3+5l3HvoTiYHJdZDCCvL0OL+IMc+A +MpyCpS9XPnhP6rgYk7Zkc98Po1WQhPS9AW8DrUdWCY+DOuxvctdmrCtctt6JASIE +EAECAAwFAkKesW4FAwASdQAACgkQlxC4m8pXrXyYbAf+MFDY+k0PcaO/rkGwASde +WVFuijBIveq2hwnH7ccaReNnOPdTVGSzfEv46bLYonqXduM3+1va3C+icXgXn46r +UZRCyvVUE98Bau1T84vWtn2rBE6DtkeqgxSjih+o5pCSt2VXPudJBLRpupQZOMQU +Kr6hxdKQjJdNJ5Ens+h7t1xMnV1xbYXsPZRa3wI8AFwur5l4FLB2IdqnydxmjS5m +lAcE7Dl64qygUOw9/kbBUi/d5YiEw17MIyAoWpj5EZ1Gjpv4GCpOakAU+hlin+iZ +P+FM7Ld3xLqAbwnjlYXoHNEAIgPRM1PyCKV7JgWCD1JvGkuSXiqbHRISCUcQQeBI +bYkBIgQQAQIADAUCQrMd7gUDABJ1AAAKCRCXELibyletfJQuB/4z4CBnb7ZE6BPT +qRpg9u72chfKlPhRr1p6RNW9Jfye6C6DMr1yOL9RDSVmj+ol0VI6YUKNeUB7otDS +lmsNlLaEc3wAQFlrwmRexV6nGaFulirCAq3iX/YHHyW876mufn+9bFePlkP7+/Gh +XV8RC09E+IJZqQEmRuJ66bXrV5gJHXeEbW3DQEf9SAFH+O/vI3ZOt7GxpWSoE3il +Pl+hVnJhM2vRl/tE88uDzFmV2AMNRioM7anjXwZLFhbyVpRn8y+t+IKVpLp1ufgK +GfyCGoMUMvHMlyNMBUT889u92xJrl+5CFsstCxK+2C2IJldu5zRZsgPOZxVaRXIi +ipjBQw3qiQEiBBABAgAMBQJCx40sBQMAEnUAAAoJEJcQuJvKV618mrUH/AysZKJu +VYzDEtAEOFBiLOCheS+jjsycCPBA90kxerwSxMfgiY6Z1FiesDjwldc6kAYqqOie +sPnywalDOqnyKleMJveDTancYQFQX8rQbmQR3ynpd3DG7KyD34TymadCm1Uj6Ckt +1afzz+x4khyFV7Fh/CZPe3aQZg7EuQDqmq1VATRTJBlNnyBORn2ytm2OiuexxZBI +R/QW3EPwukPGabauzsdfmELtrWuJfPAVSndBqFEIEmCB4YxmQ2CTnCbsZIygkTG8 +GqgyavJND4hxGWcgMKsntmM20/3lU9toQWFUKPdvvi9AfG2ZhVYrXEhmZ51J/bMo +TI6ho//YKb9yUnqJASIEEAECAAwFAkLb/GMFAwASdQAACgkQlxC4m8pXrXwOVgf9 +HqHK+9JMfPyuiopJmg0jV5J3xTElwQw6qpFn1tVxKeorXgSUU9oZrtARjUZsZYD8 +yIaD+jUaxfImJvpWngVYQHWU3B2s+ULQ0b4ohOZflpiIIDT5FEU08IJpTwRiFJpR +p7nYll4vRYjuUgxMwhdBs3vJHmtOlL7gvYDlvVr8OwldydYccZXJvlfIKCKnYkha +tz2GQjbP6lLCPFMYpX0zL2RWonYR2+f2m3mOAqvZnjROlJd7BCUo5dg5G5n2d6lx +yjJ+cGxXp+I6OhY/JR3PbTm7uiNsR9Xns+GpPLc1EXmT9x4zqTLa9iW6FvLTs74B +LsPwzebr6+SkbLn251PuqokBIgQQAQIADAUCQvCP1QUDABJ1AAAKCRCXELibylet +fJIZB/4wqR8ducdfFawXCcXGffbED1GBHOxNs33djlwX/pqcPUREftIfUQ2jpNek +Zsv+Vi5hte4BmktKNCw43KpMaGIclFAVzRInKKuOzWdwsx2j49IzORm5pVVRNSkv +WTEqm/CA7J3I8FBp/bMe/y6FgXS3+zdMVw0rJsDtJQIS0aJ15GtoyrDGcjV7IynW +8VqdA98qqP324UPQRyE0ziBydn6b5iByQTXR0qc9PabBEupct1qfbwFAYSswVrFs +OEaoUWDrokXzFUj72R3iS01Vz6YlwIDzGzBz/Iifqr8dyruQ9r4tP4+YnM65Rr3e +Z1RU5tfSYfrggw+t7ZdisRJNXKAViQEiBBABAgAMBQJC8b1LBQMAEnUAAAoJEJcQ +uJvKV618HIQIAKcuQ+zz8sLmqy0UeMA9hUXYZD+uxlUJYWMlrcUgsLCxdXaTzYED +uaKrNw3MAD+0ACZvmIu+fXcb/Zv5T2QLSRJTIiNgxDTu8ie6BoN8Rys9H4U4SoVo +4gEu/fvPefz/zl1KbBWka+3VQT8JrpobOy5W2GdCCVxfAtcJut++a8dnkdDuzSdJ +DDc7qXTGajd+SYvHS7Xk8LWYJ+HtW00vZqNsDOF2seMvnhZeV0mmJoLEYgPVSYc9 +0Ro1cnQ0tv1gy7fWJD0AFeFMhrdbSzzlHNzQenEdnzu3yYBrZGmb32w3XuFW5Mj7 +3AfXE3T+zvEJ+QKjfVvCstIXgwxEqYeGCDyJASIEEAECAAwFAkMIz5kFAwASdQAA +CgkQlxC4m8pXrXzfWwf8Dnx5zR7UvdxrO0FfEuveGDDk2vm2DRIiBVF6x18WJwsH +pxWkDk9iFijNwUlOgeKgFJpFgvylWGtPlNzsl5PkHd/2099KOZakat+q06ylAECa +4zsKdKjHsbInf/RzQ/SROfeEaVvmJgMcWle/rDzCm4MaobwmxEoMJFC31xs0jPzX +QNBj0yUr3V3ibLBHzijl21xyBKWNoJIwO5XkNNGH8TFnFF/Vz2r1wDcl618cFHa5 +I5xCcKoA/rSg5cvmS9Orv8fKU2/yI+AZzvhBRz4dYrCap4yGzQmOUdziJyeBmYWe +u4DmFId/7zCX+hQxcUEUOM3s57XbsB4otH9Lbwfy24kBIgQQAQIADAUCQxqb2QUD +ABJ1AAAKCRCXELibyletfOeSCACF6LRwsrLAmWqPaBBE/tt5VX6aqyWxNsFasgor +rYMLOga4CtzCQQ6A67qVlQNRPq3a3dYoBVzD6Y4EgfrxzvU8slBCJVV34U4ih4Cz +avTGHHe7POKjvgr+ub22vGnXuyRVJ0PO7SAjcfPPswCwDGKTlUlb7ciLGpExyPVc +/wVGVht3rwJyBxDk2y38XgORryViPm/tQKqyJQBzjep4UijHB3fK0DEl7RDi5hwG +QTbDVFkV+ZWQm8HC7+uzooZPE92Rja4Z12/yZkefT4d2MBNbcNEa0wXryFMfb8JU +m/8vdZ/3i5mffMar9KrWiMUp7ouzOS2/c/v6MimQ1DX1uHPXiEYEEBECAAYFAkZa +zcIACgkQ1TjsCVOAV0YhKgCfWCQqcnv/LngOUv1gpL6LyH4RPXIAn0x0TuP2Uq/B +SjXTezlp+l6A7q7KiJwEEAECAAYFAkZbLY8ACgkQtkLQumUDh8fPBgP/WozeYZRA +T2uIzexGD0MJlBZKYbYOaqNbWkBegDfJ2si2KEUYgPftGHLTBOjXqHhzyHs5Ojk6 +kCZs0YVXszLmyq3iQyOGosJQDOr8zc0FSciaj0J2fcR6rSoSQYzdvqQJvYRul8hE +SkRqfV9EuWS23k1iUoyWa9b1AW4Giwt6hsOIRgQQEQIABgUCRmAI2wAKCRCE8MXE +NIOqE0/jAJ9e4N1mUrEEX4tmSAiQvrIMnwuaDQCgjK0gG+3bHyws8zHUIKXxvchk +RmGIRgQQEQIABgUCRmLiCQAKCRB0v0rS45VjgcE6AKCU8mmpWq2nJ6Uj6v8h8SPG +PuKTRACfS47HOAf+ig2eAR5AXr1GaZv/CpaJARwEEAECAAYFAkfTn90ACgkQsmjn +Bv9c9GOCGAf9EcJJGJ3F8a2ra/XeNtA417AjTxAGiO8DpJLh9TiKdFf+bXXKDeEV +JO5tKV3ucSe0PTSFxKNiQR8/KD4gqNeCqUywqeyCrDKklI6Nn3UCgypZu9We51Zb +BMQAJWyPmT1he9vCp/Otq6+qSTQd4AjzhA1mJhWlMuWda3jekKWOHPnQujlNQgKv +jCV0pCIc+9xrWdMD0D7NYq2CM4uM9sK1ktetFQ28v0TqUR24rMkU1yc0HJFzdYCO +xPUN5viX4jD3QbpYv9b6JjWilxRlbZR7r6NsVIonVXEfXFxUyMlnVe7Dvh1w7m8P +mW+SaGdKEo/el/3gcbB29Btbmpx4Wr30J4hGBBARAgAGBQJDSi69AAoJEF2lxlUw +9Iv/usMAn0/3Hy+gQd6iB5XwSWj3RbRTQVpJAKCIEdHm/Sh0GEQUrpfXc0kMxUsc +gIhGBBARAgAGBQJG6AEhAAoJEFuNpocPp3TZ0gQAnjt3Wh5bCS1lvJEhOJq8VVqD +kZTmAJ9AdQ/uXaDcD5GmM8tCGquQB/Mgx4hGBBARAgAGBQJHWbZpAAoJEHIENnC9 +5fHuDYUAn3+HIiochVLY9fnaVelXsc1DeWO4AKCw1A/A+l/ozTOP+gYal16qBicq +SIhGBBARAgAGBQJHWbe8AAoJEOEOegnnL3n6ypYAnj7Q7wIb4yRjl/HgafHpAANO +fahKAJ9CTemnpAnP8Oe3uIwVWio9Sj8UWohGBBARAgAGBQJHXAs1AAoJEO2/HhEm +8iS4DBYAmgM6fyBKyq+XwouU6evgBtuWlJPuAJ0YqMlIv6uVOYDnIu2NjugRglQG +rIhGBBMRAgAGBQJHXuK3AAoJEIXCJ+WlVzjybqQAn124rauJ70GuY/RNPpdyDU68 +C6NmAJ9QtTl2i39UH1JPMVeAn2LqJKqKP4hJBDARAgAJBQJHZlVxAh0gAAoJEOde +kMA5zDPbyoMAnA88JfVOArwkPZ0a9dmK8YB1zV7VAJ0YRX9qjE9sGomt1kd25WMK +QxlBvLQuSGVucmlrIE5vcmRzcm9tIDxoZW5yaWtAZmFtaWxqZW4tbm9yZHN0cm9t +LnNlPohYBDARAgAYBQJB0zpiER0gV3JvbmdseSBzcGVsbGVkAAoJEOdekMA5zDPb +gqYAnjU07H9NCmNyCjqiKnaHEdsryBjKAJ0YPZgYmB6Z8dOoJYXp6g6vDL7JUohG +BBMRAgAGBQJDTd97AAoJEJz8HhM4K2MXqwEAniDME0c2Hu1JNgENogxzi6Pllhj7 +AKCBdgC77AYhxrErXXt5ct2QHSJwh4hcBBMRAgAcBQJByBSqAhsDBAsHAwIDFQID +AxYCAQIeAQIXgAAKCRDnXpDAOcwz2yBXAJ0aShmx8Y7u8J8eCjUVOg0KMh0NXgCg +iU5hCNCo90QOEJcbDUf62spExSK5AQ0EQcgIYBAEAJydcPJJts10nkCgB7NOQ8gs +Rx9DUIurcdefG+fddbU1HvoAU6res7qYy2/dGbg86k9A1PsYNKSdTiASGjZVtKFG +hNSG+tMwbM7oTOLT5O2C/MotZvUvl2TqScwSrQWK4RdXtkgUywLa5Ciq53WOMIml +IDpGbf62jQf44IsHGMHPAAMFA/4tdUvPw1xLmuY1nK4EacxsKUTTA6bTrL91TvAH +tkax2ri5sEDdFpc0Fyw2gDNQeG8p4NWCVfcIBa/NfPf0Cq/SKt5WNAXPQcbFuEx5 +FquMzQR/OFofnaUPhe+QPJ8NPVzLlzAN+swDI26S8idJo9BnSgzTlaKWhne3iy2o +ohLnd4hMBBgRAgAMBQJByAhgBQkDwmcAAAoJEOdekMA5zDPbOIQAnjQjpReyClK4 +95bYDRB+hRpVj1pSAJ4ixv2hplfJTbQqFKXAVvYIcIWyX4hkBCgRAgAkBQJFS0ut +HR0DUGxlYXNlIHVzZSBFMzVENDdBQyBpbnN0ZWFkAAoJEOdekMA5zDPb+H8An3H6 +Evw6acgSAsV8pktb2jBavyMnAKCEECqDtyDfQ2/TTBB1SAdc9ljHb7kBogRByAhK +EQQAoDID0mZa7seykxRtHyQ3jid+pFIq8FlC0IkIiB5p8dN8WJreKv6BARVOoX75 +XxTLogAVSBOvRsrexQ3YG8QbBU/P9LIVgsYUxIFGYZj40tjTxyxOo4Tds8Avpi3O +HEc8Y8ZWQpqyeBHp1BAtvY3rwppNTBtWPcyQmn4YUI33FEMAoOjyhYvH/dQWJIOL +IkkgIqoTiJ5BA/4vXl3hmSns+rKWyKaKJOmugm9Pz1oFJZpVDNKjz3JMzPHsAeHJ +ihmAxYX424JU9irTh0tPKYusKBm2rKj1nTpZGz0EUy9+a3m0Ar7dh7UUg5yOU4zt +aD9rRXytderhlEyj4s1EYijfYXIN2aJ+Vr3uk5d64twO2ihppuJGQqQLewP+K0s5 +BVC1W+2nMT5c4kh7LEkPT4TO26oUIwFseSkNgiSnZaZnMySoriZuMp5U0/rR5rQi +mGD+6jKsr+O2BweuvSiFYyorYeMbt4FmH5PWwBNaAydlkeDjXJQTbk0ZxW9Rwxm7 +Yep06lG11Oth4B10uIo4xRsIZktpyyNEXgkSK+KIlAQYEQIADAUJA8JnAAUCRE6I +dABSRyAEGRECAAYFAkROiG8ACgkQB5pTNio2V7KZmwCeKukfHdJ4LnYrV2ngco3t +f2FPq5oAoJW4JFesv05CALgK5+TE29OzGLDRCRDnXpDAOcwz2wUaAJ9+xQkCJ2vU +i+PbOrBSk2irooBgAwCePMv/lMVECW9HJMESfpQvvISU0Nm5Ag0EQcgHcBAIAING +72JqaB0B5B9Byz4uE5vkVlvKpalXqSeznQhmBch+Mdf3G+am6fAA89/t1zUWnEdV +tn7W7RcWtWulrCtrVEGGxqYbzCJRAU1PZnBMjB+MBS8l2JtABiJ5Iu8lLgC5ghot +FYCkT61AZc0CkKYsh1kH324mJfw/E1riPMZ4VodnwNoi992/5of2O5jU6kEGu/3E +Enp3SQFfaYzxYfY1O7CHiAYWn5v+nu0la4bOYTpptXqLXwYgqpU+hZkhQuADlneO +t4fhQfkPDu31BxQD0sBw1Mb7udXRJ1inEvN7DwG9mHuLae+hd0KQy4LVCLMgPuEb +Kpx9hwuhzGM2r8kAgjMAAwUH/AgFuCgCj7A4jBLZDn37fMQ/vC0I3ukuhI/w5l6A +RPaGKO7uaDnrmXCPfgBMHHCFcAbV+T9G9PNEtEqNaKXlhvIjmSjCTXcSIWkyapqC +6h9cQDITNZ+ByJGOg1pzB0GyyGdREncrz28n63OOYv7XeAWi986uVhpYWqcrp+AD +CPzu2DiKndOUGRekcWIE5BjMPnvZ4EX8Z0CR91nSGEII8CQybxgC2NVCMXpNldRi +4ELkceRDuWAvIp/pbDikXPqgNxVtU115qkoHA53ZrmqK7ReRyz5leqkQJUVh/aO2 +EVSYASgqL0els3QVNyHSsAle/eaVR2IPOg4ZSRKU2GxUh0aIRgQYEQIABgUCQcgH +cAAKCRDnXpDAOcwz24uQAJ95uwZcE04iHudCZ3MCbDRNwtjoIACeJsI/aiPLPGsn +WpsYUx9MqOH1lNS4jQRFWJSNAQQAzbJdwz3wQ0JpXSRd61ol6skXLH5HQq2e5JE2 +ASpbkuCtF7z6qaJ0NYtI27H+UU6DJNVuv3tba6Qr/RklxF+qSZhEJQQEAm6HdCTL +yFuxbkeZ5j76I2IPtaFgzqao7k54YpDCrveP4OvgBm2zl7+bw/c9Wl5nfTJkzFCM +m+h6BKUAEQEAAYjnBBgRAgAJBQJFWJSNAhsCAKgJEOdekMA5zDPbnSAEGQECAAYF +AkVYlI0ACgkQQ09DkpvHx1psXAP/a2FFHDmtC5bdpfNS/rr4Ei786j1mTyCpMG+Y +/KKizxtkwvhzdj+7XUgioGcDPjbHJ+1H0qHijimWaVFd424Nx0MqPkQ7Kh+BwVAu +xvWj9khO+wRI58KxGLYRfUGvCeb+vcSuuxKLfxdxRDNNh2gUeW+hPMptlNBaNcFx +m7nZRDqKKgCdFWvGFvNDE/by3+q59LTri88Qr6gAoJAPeTT/XH2ounl5LFdE2q5M +r9txuI0ERVj/HAEEAKWQSwloAYl0EZaGJWpU3MUck6n7n/AcQeFFmzQsnR9KJ0pB +juHEcsCn2QdfdRWEZWEh54wTXsrLtCnyku7UknnSDL9BHUA1JV+kNOOuM0X2g8dz +FX5gNhCXMC52B2uUNx/1VkX6/QdVEkreF0fRmlhgS/wb+uykHSYm3cK60SdbABEB +AAGISAQYEQIACQUCRVj/HAIbDAAKCRDnXpDAOcwz2yAKAJ0QQeJGoBrWHR7uBEh9 +4tDYUH/QOgCY81kOkSyYFWlHfP/xmh3NxkIZNLiOBEVY/tABBAC8i+wlHb/AX6CN +b8kQwGYaD5uB0XPA4xQ9UKJyg7je2fIkkaPsQNuAu+kpXFoMNK1I+RVNNFpVbuyX +PbhrTnHns6XffmBYZHaL5o0FY4V1/vftWYkrknPFqocVSflPd/bBWAL4Y2CmnkKm +G9YEAHZdnsxrNUZmN93vHcf6U2eLAQAgoyEgC4hJBBgRAgAJBQJFWP7QAhsgAAoJ +EOdekMA5zDPbBP4Ani4HTI+yDKberS3ejPOYzuUU1g2KAJ49TGbfYlhPuVM4pric +0kjmnHG5ypkBogQ9OQRAEQQAjBqeqLEBY6IWaFXVVbfmiai2qp+chlK0pTUTJbwv +KM3JYKYeCOWkoBNSKaDl0R+RHJRH/CU9gGoAfen2XC5sKE6SwZX+KO/KiqzdQRgM +v5IhpAiJYek+laOOmaVF9wxchUaC+ttn84MRl/DDFBOMQDoSEy0ShjwrupIcwbsB +qmMAoKHevWmSEA/ThK34kbExNd3F0mXzA/9KhjI1LTtIb7RFyzTDB56PSQohv+nN +8hYaI1UYUwF5lGE+ghUGMVQ8QPJb/EO0BXQ6GEZb9gZewp1C/JmisR+8V40aZ6o/ +pmR9z6czuXtoCM+ENzUgS8zFSOjhOqRDbLyU1wgiSzYiQOTkzACiWWn9RnFMo76A +ajBCbEpzjGpPogP6AncrXRdrzWDrKUdZbAYUa/wdlq7JJHWB1WAs+9XZWXQjSNTh +amchmPVLZIh3o9CIVGfjz46mMEPr7XQiTr4l98rhvYW5WxreZ09HaZBwB0MOykJ9 +vcvRPlp3HaU6tsjG/6rF9l8I7XUaIjgGtjiPmu6XlYKTFqnBPu19RfHMnc+0KlJv +YmVydCBDb2xsaW5zIDxyb2JlcnRjQHJvYmVydGNvbGxpbnMubmV0PohGBBARAgAG +BQJAw32cAAoJENgO81qLtSevnLYAn3Xd985nRXJUUNMkk7TxbXgK50ItAJ4nMLmt +yymfqmrKyqVMTud7IDNfSYhGBBARAgAGBQJBLT4lAAoJEOGSwFQ7G7LrV1kAmQEn +PPcI4dbv9p4T0h9emstITQZwAJ9T72ay7fAVo84pGu4TFaUvRijQt4hGBBARAgAG +BQJB0VFuAAoJEJBY+m7rM85GfXsAoKuOGmI09lYHBa6kbn9VTB2zx6KBAJwKjR0y +4OdqBez6VihOrdFFBLxSAYhGBBARAgAGBQJCciN2AAoJENP5ldV3av4SbkEAoIc+ +F3CjVaoffcaukNQvqUGe9NDyAKChqoYb650bVHb6TYtz/VFawLYcGYhGBBIRAgAG +BQJACoqIAAoJEMKwefz1x1JW4owAn2iN6Wy2l7Mwks1EEC13HKvbLoXgAJ0fXcqx +H8QhOZWv4RII5TYpCGtzk4hGBBIRAgAGBQJADI6xAAoJEFrpGWwd5fJpWjsAn2+S +UEMh6fxvc+foPjDCDNAWBTW4AKCwNpia9W4DhRK3a0T7NP6vKPg/aohGBBIRAgAG +BQJAFeNEAAoJECIYyB6OfAP/JzAAoIzdJaJZEoF/g0h7fH5BhuFr4g9XAJ4ySBcW +xcQdzwWYiFONQZvyglcdi4hGBBIRAgAGBQJAu3qJAAoJEBigzI1XBqS0/J4AniwB +xMxiyJbZ3ZACcZ+Qtj0Axg/GAJwPcfsNwdYjvY8qpGYTTubFnOp0iIhGBBIRAgAG +BQJAu+fwAAoJEJ/PLM0/PmQmEnAAnRN7oohH259OkytBWw5eWPIHhHpgAJ9x/koy +ExPtAfODhb3ebd1dWY/GoYhGBBIRAgAGBQJAwwFjAAoJEEClvu1y0DyxP6gAn1dC +ClAIqhzGqeIw4B4pfQH+a+iOAJ94e+pWqbPmgsv+zqmLFa/dGJ0/eIhGBBIRAgAG +BQJAw/4WAAoJEMl0JfuuS12SB6sAoI37imWEaVUEqBrfiZyIyTQ+PyRoAJ9Lk+q4 +g0HZOBRoswlXFweGvBOL/ohGBBIRAgAGBQJA2CkZAAoJEA0PThLBxU2kMLAAnRWt +sQPUhZKj/RReSy0BoPLu7h08AJ9IcZdvCAebi4SnRGyHCEWuY6IWyIhGBBIRAgAG +BQJA2QC9AAoJEEcGFPCRDhssq9EAniarqKNhWwDT4SKCtwwf5LL3FsvRAJ9uHyWr +1gV/1lixJayBcvHpH/2wY4hGBBIRAgAGBQJA2pokAAoJEKYOsLT93rYs31wAoM49 +Sfw1wqxtKUOL1Y9sdstl1dBIAJ9ZC1EiJFWKR4qNcfd+aAMP5dIlrohGBBIRAgAG +BQJA3pOKAAoJEAycHDXwLL7O1AwAn2CuBHdGbqdohwS8DoLcXVrkmqGZAKCKmzQe +SkrLB2ULLtLVOSK4OF7xn4hGBBIRAgAGBQJA8oaVAAoJEN/tuyIlvNW/fvoAn2Yr +GgZe3uUbuHtbI36Mbh2XoxmmAJ9V8EvHJHV6PHhtAW6h/dCN/HhlnohGBBMRAgAG +BQJAC0UAAAoJEDxjyj+gs+iLJ1cAoMwuGj5x22vRA1t2nQOQXaLQLmMtAJ9WWGF9 +8gPzb9r8FhH1yAXYbD1JEYhGBBMRAgAGBQJAD0yQAAoJEDnUdONp8e9XcCYAn3Z8 +fOe9g6k37XvIu3tl2FACdxxlAJ44xFJanxU3uyP6Q+pS9j+kLmTKPIhGBBMRAgAG +BQJAEbWKAAoJEIpncZwt6CezxpYAniKtV+ZTTc8GRuzMVvv3jzq7NFh1AJ40iH4X +3r8omM7RbM+UH6jB6Lw8lIhGBBMRAgAGBQJAFIP4AAoJEHbvjOiHsc+16c0AoJzs +CBuEimZkbj5zPAMtTnCsK/YNAKDtvnt5+mE3UwikVmtYzpDhoh4Y5YhGBBMRAgAG +BQJAZSpQAAoJEGykGndDuNbIFeMAniLFfsl0zypHPNk0ScgCsZvGtCU7AKC5kOdQ +i4+yEE8WIZFDrfBed0H36ohGBBMRAgAGBQJAdy03AAoJEKQ+bScSgofoO5cAnj8u +3w6QDEwcd2LO5CfPzGgzetLPAJ4hzujAu1kVIas6mAP/2ro3ws7HR4hGBBMRAgAG +BQJAd6tJAAoJECHsT9yErWds4L8AnjBoFE3G9RYZMDGGL86xaaJgQnsHAJ9RlcdV +xjuiacdBgI8RlaEKWBGLWohGBBMRAgAGBQJAd6t+AAoJEIQs23pEd54Y5bkAnRx/ +BS888oM6o47Zk0My6q2ga5wqAKCL30MiyP1q1x/pexSD6L/ooKbEhohGBBMRAgAG +BQJAd7KSAAoJEGy/iy5WWzj5ES8AoIIZ7UrPV05+py6CvioWlvRqAxsiAJ48IAHE +h0LtLlll2GeAFh2ojY5ZNohGBBMRAgAGBQJAeLsOAAoJEMzf5JsKCsknXbwAnjFj +t/Mty2bI286c9BcnQBnPahMfAJsGkCOYOX+HH2V3yOL0oAUYCUWNaohGBBMRAgAG +BQJAgqnTAAoJEEMaPO2i19KS/sIAnA9XcX+PiQP0Tkl364422U8+ROSjAKDEegam +jTN2622fA8v49UeIKc3H8IhGBBMRAgAGBQJAuzvAAAoJEFGs9q11voCXaG0Anja7 +O0pbTWmq7hX1529oW0P8lYH5AJ4nG8LWziIw3hiut3GvJmHeRzy5WIhGBBMRAgAG +BQJAu2NKAAoJEIyQNH+PBoASjxUAn30zXbqwhZRrQEuyBQd+gt6uxPCEAKCPUyhZ +LLtQuLRkd92R8AepVQBPGohGBBMRAgAGBQJAu84NAAoJEIqQZ3kYgCg8/UwAn1j5 +e/BDinaP+0kPl8j6ZIMSpHvbAJ9BONE7/5yJctRd8qRhO4iOIVDhDIhGBBMRAgAG +BQJAwpmTAAoJEAG0czTg1J6ZKJAAnjQxmL1wcZQ0L4pbeV7tol8cEbk1AJ9bgdST +3z6fc2THQ+wox7VNp4bb5IhGBBMRAgAGBQJAyc6LAAoJEHGh/2Ab+N4Pn24AnA+u +OOMRaN5gEdGcNMFx40UN0xo/AJ40r1u4JSX+A4BqVjg4ZZl+m6+gtIhGBBMRAgAG +BQJAzEIAAAoJEPfw5w8wfVbtnsIAnArrSQ2L1ZJ+sgr3kG8sXjdct9R+AJ4s60+2 +DXCOAnZcp4gHT9k2LE6MnYhGBBMRAgAGBQJA2SkZAAoJEB9pRMJROafNi1YAniaX +EhRveqsSb8Wu2TZbw1g9HX+BAJ9YMMxOp7hd/JtQ5EDODzir3LJzcYhGBBMRAgAG +BQJA4HrcAAoJECFPaEFRX5t0etEAn35l920hVniGHXJo7obBJ9M5MpdbAJ9x87GF +NgTvw+l8N7f67UZgaivFeohGBBMRAgAGBQJA4hUVAAoJEHNQcJzxpXPJbFkAn1w5 +1eQ6Vq5TNJ72TBw2uS9RVRA9AJ0Z6UTvdqqnSMQ6mRbQ/bRkbF0yk4hGBBMRAgAG +BQJA5rUyAAoJEOn/+WIfpupoiD4An1kfjX7fBGaxXM2zRpyHlDptheEtAKCcg0bc +VzPME84EuTXdNpcmtYr0XohGBBMRAgAGBQJBISXyAAoJEAGvk9mRz6NNSVkAn2TH +tZY5+bBAuybLd4PyyzoDJN/9AJ0YbsFrTbbmzu7p1FjTow50CGWor4hGBBMRAgAG +BQJBITc2AAoJEHPjbrAaTz1J35EAoJk3VkdTz+akVhoVR+ZjjtCTQyUWAJsEDMMl +3pI5LTA1L8Kz527b6IzJfYhGBBMRAgAGBQJBUpK5AAoJEDxjyj+gs+iLkYQAn2kf +i3JGD1zyHgLfSZYS8iybT1WPAKCI1v3cUsD5tmV6KJeJ0eXdZUMpXohGBBMRAgAG +BQJBolraAAoJEEKfAVsJbE3TNpsAoJaYtwaQQQJXW012bk47DaH7//vEAJ47JhBO +5AGsV1GhCGF073AvUsXBsohGBBMRAgAGBQJBu61tAAoJEDRQ7VE/zCqQ4tYAn3LA +kujfc1Vzd2p08DtH/mebM3ubAJ0Z+n4IMpX2gy/hnc5169ttH/paBIhGBBMRAgAG +BQJBx9agAAoJEA3nJ21eBXfyPQkAoOj99m1F47ixIBRmfOGXH7pHnOwlAJ4zASKf +7mGl33kbBck9ys5iGmjsFIhGBBMRAgAGBQJByA2OAAoJEDrr7G7GZkj9YkkAoN/M +cavZVsbMC8l1x/ydc97DAV4xAJ9gUwPNECDK9vhSdjZdXKF5ZnlhHYhGBBMRAgAG +BQJByA6wAAoJEOdekMA5zDPbn/AAnRrv5ozdoiRKzCwVQXgVNFNYXKVDAJ9Z0X0z +MWxAw/XnfQiDAkGNE9jNVohGBBMRAgAGBQJByFS3AAoJEPbdMwIQ+kzRYGQAn05g +UsWM63nLbaFsQhlDitqsL9oIAJ9ly6r94lndsvYT7fTcRALH2ajcVohGBBMRAgAG +BQJB9bWaAAoJEGtzoQYqYj9y3G0Ani/OtkCFkHfGIA0NXf1QQ6YJliPjAKCnk9Pv +IanJTMXt53jwwOoU91kaK4hGBBMRAgAGBQJB9bXFAAoJEFJ5L6+ZeK+G6/UAoLmu +58Oi2z0vl53mEERpsCtG0ttvAJ95wnG65W8eee+nVFu+ikGfZyP2bohGBBMRAgAG +BQJCcjsmAAoJEKUG5tTdTVCIY6AAoNGW6vckMbaxIlRjNOlLFDNpd/yYAKCiZKZJ +rAxuA3JPX+LpGAXSXwMtq4hGBBMRAgAGBQJCefzxAAoJEG+u8y5QgnL+sWwAn2qY +oMUcSlQImIsd1im0uHHzfSC9AJ9kMbCyqaTN4Um5lxWbsJKjvGZ/g4hJBBMRAgAJ +BQJBvN05AgcAAAoJEErDk/ui0Gk2JRgAoJLgX+hexZykpqd4M+xO1wA+GMcBAKDS +hzA5mae4ytN3YBmvxbLuUJqh4IhJBBMRAgAJBQJCeDJ4AgcAAAoJELiUDm2pe2mg +cigAnRXX/61hcvf0Sd5kwIJSfviqrsTFAKCA+lA8ojq3z7HGLHJYiJOgmVnY0Ihh +BBMRAgAhAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheABQJCO1AhAhkBAAoJEIZ7+an7 +0+uOY7oAoJXCeQHMBHLMolGFLsHbpjbooVGJAJ9lRe2nwOzBWv8t1XKcsogic5GB +toicBBMBAgAGBQJAeMIwAAoJEKv/B7RG8yEtN0sEAKEYj95rZyXWESgo0mYomDj9 +kdRBQ/MGBa+JQwkcRetZLgSl6wFCqTGsANEXImuVOdasdUngNmmZazLqd/CMVyIc +ibtsC8oMe+/jum4av19H93CPK2oIkO3PrusjefKrhreKE/MsJbSrGjhF00+nBFwa +8IUJZ5Iqj7mrC4Au6HA4iEYEEBECAAYFAkDEDIcACgkQBN1Ia7JOLPeMAACfStRl +fZurwqOpzrcFz/N3W6itQCUAnjMNRkrm30yKIT6LZBfGuYSz7UefiEYEEBECAAYF +AkKmM/sACgkQt6wuUb1BcUsQWQCZAQGHT1W1Dk1o7UE0UYZ5E6UP3nwAni+VmDA1 +vEj8iAcmre1lvH3Xy77giEYEEBECAAYFAkNnvl8ACgkQLiz2e3eWpgvGnwCdH4Uk +iOZXDUHdgC068YX8XdubCxoAoMEEdoEY36BO9lKcnD73nSQyvdDeiEYEEBECAAYF +AkSCsaEACgkQG8PvG6BKogc9+QCghBqqsJ3vRI0hNvn4xXt5tekkqcIAn2/aA3OA +CtSGpWwB/3EqvKmiPTLoiEYEEBECAAYFAkSCseIACgkQaJb8rqwGGzJAEwCg0/vw +sOBKwJHr01kyozBmX7i5HU0An1RkHdKTZOR5zII6wGSZz75aLHM2iEYEEBECAAYF +AkSINFQACgkQPa9Uoh7vUnY4EACdHvg74KiyBrVlDTqpxeZs+mASDhAAnj7l3wWo +b0ilW/qZLNXrkoT6RxeyiEYEEBECAAYFAkSRN4gACgkQjCXuDw3At9ZcawCfb4e9 +VdTBNERj69IxAaCVLO0d8JIAn2735WLrYpopmmFuyWxGEM2qXGaPiEYEEBECAAYF +AkU67ugACgkQKj530phnNM4tFgCeJSOQUuY/+Ol47D9hiw40oO9IF64AoJD0Bm6J +spAiUH1VMfx0nYkTgJJgiEYEExECAAYFAkRA2r0ACgkQXTznf9VPCEdTtACaA3Ft +zlevWsHbiduwTuXqZ+Pze6sAnR4pBd2tA2m9jv1frCqKxlVcr0q0iEYEExECAAYF +AkSJBf4ACgkQW7P1GVgWeRpPNwCgo4TFoMGwMnsT+zYemgNDmzLJe3sAnRWOkYH/ +JcXo9/8sH8xLIJGoq9GbiF4EExECAB4FAj9s3JkCGwMGCwkIBwMCAxUCAwMWAgEC +HgECF4AACgkQhnv5qfvT645D5ACdF22OXUpPlAbjU0oPW/UySBIfPHAAniOYGwnp +Mf94paKfNZRjiQC8hVCgiEYEEBECAAYFAkXFrcUACgkQrvqPEfHQdqOCSQCfRKGh +ryn+kIKinCSqLKW63dY3p6EAn0EB2LOKFCGB5ln+rUUOC6Panhp0iEYEEBECAAYF +AkXJBAIACgkQ2riYzssZSt0QxwCfc0JVoCavafABChMUp8DwUo2jw7wAnRViRz87 +kTP7yTQ2vzXV2UPCTyn9iQEcBBABAgAGBQJH06BLAAoJELJo5wb/XPRj8HIIAKgu +tGBwLJbt8lvkloSaC8/LDp+zgg+6XiS7XFM36Z/IFHcYELPj4PFvmDeDBaWE8G2U +FLkKHwuLDyAOXtK4E6AstUzP2z9AhJ9TD7ytr6dZ2XiwHGAgYw8pASSa5EzbOR1L +fVrixeDWCPYdkdkEJ0+Wvh4Bu/jwt1km6jrFC3yeNCUABmDdodhHFZ1Eu067+1Uf +uHFDyCfOSk43j7J7rNPxe+bk984dSD2A4o9+WDx3QtHmr4YCHrVxL6GgBWAIDXS2 +xBs149YQo21rGBbDSnq57H+whYmw74Ql4hrOXdgoxoZwEgKv5zNJ/eYqOqStxErM +8xNheze6+GrJihDBr5uIdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhlBQJl +r7byAAoJECj4UCn+9uhloF0A/1Uyif+NWWyY48DR+a4V7fP5E1mecljsFE3KCUdY +VSfOAQCsxXllspaqQu0x1fj+yh/+/kg0GR7BXGp/lylkVWuWA7QiUm9iZXJ0IENv +bGxpbnMgPHJvYmVydEB1YnVudHUuY29tPohGBBARAgAGBQJCciN5AAoJENP5ldV3 +av4SA50AniSWDS1no44ZcdRp0dAjPIC4nD8uAKCcuDx8ilHKTn+boax8CG3DuU0u +xYhGBBMRAgAGBQJCefz0AAoJEG+u8y5QgnL+7+YAoJjqRrjXzYnqaNVuxcMA6zOP +bxEKAKCtFBSHz93u6kdVuxhqADWYhcLkh4heBBMRAgAeBQJCcgxVAhsDBgsJCAcD +AgMVAgMDFgIBAh4BAheAAAoJEIZ7+an70+uOBkcAoKGlR8J5NNQ2gZc6uU1LfRDm +N32kAKCAL2HhEyIhsdB1HY1kShN60OPa5IhGBBARAgAGBQJChtWGAAoJEGSnwKfy +zwGoAZ0An0T/KBVm3czCSzRo7GqS+OSTA6RTAJwKqjrhLjG76kTaEsKX3ScU0Mdo +zYhGBBARAgAGBQJCpnQ/AAoJELesLlG9QXFLL8oAnAqgoM+G0ajKnTfibSVJJFKD +QL3uAJ4sI+th+/repT9Nr+xcAmLJC1qxsohGBBARAgAGBQJDZ75jAAoJEC4s9nt3 +lqYLSEsAn2xScff+3RY4qjxsequ+Gd7rBBh1AKCKs93Xy4Iq4O3WKRWnccRDKjUt +sYhGBBARAgAGBQJDagfRAAoJEDxjyj+gs+iL5CgAn2+9iH7RYpFS2EJe6RHlUEXb +Q/b7AJ9N/foA+dYc+fuLSR3jCjGBAordoohGBBARAgAGBQJDZ75fAAoJEC4s9nt3 +lqYLxp8AnR+FJIjmVw1B3YAtOvGF/F3bmwsaAKDBBHaBGN+gTvZSnJw+950kMr3Q +3ohGBBARAgAGBQJEgrGlAAoJEBvD7xugSqIHEzkAni+aDu9CdCU2s6gEKgLzDyhd +aTDdAJ9JDsuYfksTMzroA+L1rcpQVZgXXohGBBARAgAGBQJEgrHqAAoJEGiW/K6s +BhsyNjgAoL1AM/6RYnBR9GFCoVQXUCy60p4+AJwO21CwKlcBv2AJfNrBC8OMfTAD +PIhGBBARAgAGBQJEiDRZAAoJED2vVKIe71J2oDUAnjRiSGD18baf/vpn5jzr1Euj +0HubAJ9VfjxNPX5euYEo5IuBsPsmS/5SdohGBBARAgAGBQJEiDRZAAoJED2vVKIe +71J2zZwAn3n/XMPVcig1Vk2QnOucmgJR6ZJBAJ9TDzbzbyU23SQfhGOxTLc0+K0U +eYhGBBARAgAGBQJEkTeeAAoJEIwl7g8NwLfWtjMAn2isoTOKn17F3LuKxhB/TpsV +0I0pAKClMJZEOLne+V0OyAX15hTqgab4b4hGBBARAgAGBQJFOu7rAAoJECo+d9KY +ZzTOov4AoIz66b3M/7odg79Zty4UsDFgkUqwAKCSEG5VFMymt88iZuvqzcJXhQGX +d4hGBBMRAgAGBQJEQNq9AAoJEF0853/VTwhHU7QAmgNxbc5Xr1rB24nbsE7l6mfj +83urAJ0eKQXdrQNpvY79X6wqisZVXK9KtIhGBBMRAgAGBQJEQNq9AAoJEF0853/V +TwhHXTwAnj4WAHnEPxOVnTxozCyaVtgK82xdAJ0eRwnzCHxFr39gk/s92F9/I43b +xYhGBBMRAgAGBQJEiQYCAAoJEFuz9RlYFnkaJH4AnAgNHwVWVxhxB1ENv5wRS36X +qsPCAJ0W9hFmHHdeDoFMLKg1jheDZJiJ1IhGBBARAgAGBQJFyQQRAAoJENq4mM7L +GUrdONAAn1rn6l8Lk6JdhMMEmIwX92FK3ps3AJ9mmrQxS1hzfOP59UbXZrAlGdKI +uIkBHAQQAQIABgUCR9OgSwAKCRCyaOcG/1z0Y5C9CAClP/YIzrt4DLOKh5P9EIXC +XoknjXSZpUgNuxec1u39rExxag24yvVdxQuosptjE4EPyeOlr8eAHl2FDyOcsINE +DkY3zw3+HDADBq9WuqmJmyrYiDE8OIhDv/y4BtZvHei7b/t40fcajCSIJxt3ivS8 +tWVrRPI+duq+BfGnji6FQ4O/PUVcPt7LDZ4jezGRH3yQmCoJ6O60MDexpzkkOCGn +gZcFp4tmdidEA8QP5piVg+sc4y7lSY3cpighzVkg/PJCB5kUaksB64AQUsYaRdyv +ifFElvbPfBpzR5ORMq+jnMDNYovhHOMorfwfmbhtvmppDbe6Cq36Ud45hFVcNsIP +iHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZa+28wAKCRAo+FAp/vbo +Za/MAQChGmECGWkfRh2NuxBpMXz9k1frD+GZR0KR2juB94rOGwD8D16nYrGq66Uq +2N4hKINrSXmHvyvPXqa7fmSYTC9j0ga0JVJvYmVydCBDb2xsaW5zIDxyYmNvbGxp +bnNAY3lnd2luLmNvbT6IRgQQEQIABgUCP1icvwAKCRApvl0iaP1Un4wsAJ476PLT +kSTjZa7YTQV8QFn8p62M7QCfeceJSvbk42TqILr4hu901Aw6SSuIRgQQEQIABgUC +QMN9nAAKCRDYDvNai7Unr1x1AJ9evf9wYdi2mYDULT24EbIv1RndigCfcImCtwn5 +F0u4V427oMsSkRujDJiIRgQQEQIABgUCQS0+JQAKCRDhksBUOxuy64HiAJ9DOUj0 +aWhRRCPt9AhhDceJtwekWwCfRg9ThHq3qGBFBBrWskiT1An38kCIRgQQEQIABgUC +QdFRbgAKCRCQWPpu6zPORhJlAJ0Vwy/3WpX11yoB3FKzOXab5ZpQkACgh/B2WSSc +GvP7H4hk83GunFmOpbaIRgQQEQIABgUCQnIjeQAKCRDT+ZXVd2r+EgPNAJ444M9I +p1/blSakHLjONll6DA/mWwCdG9UJUe8Pw8vbdfHehuDpr6LDYyWIRgQSEQIABgUC +PpYYpAAKCRDj134flRYZkf73AJ9eYpFEoWurH+QdmRpzNzjoE/MSHwCeKk+b/MSH +jfbac8HWw1e9n45rtBuIRgQSEQIABgUCP1YSYAAKCRDw3I4AsoxZldzAAJ9Rffo0 +Aa5uzxVzijTYMdiYSTE5rwCg5CgwEHOzc3g9skO9l9PEeN5q79GIRgQSEQIABgUC +P1ihwgAKCRDm72g3LP0cOLBpAJ4xzat/u/Bt/T3GWbv2HxQdmNX4IQCeKWkbkoap +OHtLQR5LTH9e0Ah9s5aIRgQSEQIABgUCP1u42wAKCRA8DDO7RCtb6aKvAJ9bXGI7 +RRRXLpQP954kWgv6FqRLmwCeI6AdliDc/JAjUxVSBhotU7a831yIRgQSEQIABgUC +QAqKiAAKCRDCsHn89cdSVjBNAKCz97Dt4+sAVrKFBqp/AMHAyvOcggCdEzGecACz +V6D8N7yDGuQZuA9LTjOIRgQSEQIABgUCQAyOsQAKCRBa6RlsHeXyaY3YAJoC0k7i +BL/3oXoaWoUosO1X4JSLUACfQuMaV9NIb4xd0AH8PNrSPRkNRNeIRgQSEQIABgUC +QBXjRAAKCRAiGMgejnwD/y5GAJ9w+CQDWje7hnpsqs3MV4yUPsZ4+gCfcU9y2nRQ +eI7wlZ/b9CmS5ysdNkeIRgQSEQIABgUCQLt6iQAKCRAYoMyNVwaktJdNAJ90OxX5 +UP+0wkPSFIFQbCRJFor1yQCfZqFsVmHDGQZqexE0/0ojICTydXWIRgQSEQIABgUC +QLvn8AAKCRCfzyzNPz5kJn1YAJwId4pQX1ShNk8Xr0bGml9N5zFWowCbBO6k3Fi1 +T7Y1kFSdbDQBf2qG2XeIRgQSEQIABgUCQMMBYwAKCRBApb7tctA8sTjbAKC4IHE7 +vEAan4YDjVCAyV7qPo/AYACfdhTNrtQ7LSLyzaBb1YTTnOcdOtuIRgQSEQIABgUC +QMP+FgAKCRDJdCX7rktdkk1VAJ4iiNSLqq8brNWG5fG7E6v37VJFIACfSOzzABz/ +C2+J75sSHyFixhlMNbuIRgQSEQIABgUCQNgpGQAKCRAND04SwcVNpIMKAJkBBEWQ +uODGumSwzW33RdiAl9MxfwCcCgegDppbTdpSdwwL4fSB3yLkmyeIRgQSEQIABgUC +QNkAvQAKCRBHBhTwkQ4bLM3mAKCPHAeyt3mJvxP7TNLLFKqPWlVO5QCgys56kcNt +BO6ic7x4jio8ul0thb+IRgQSEQIABgUCQNqaJAAKCRCmDrC0/d62LGp6AJ9bRGeI +S3R9gZsEFnBhOu0XvIlEJgCgpH44GD2ijVomT9Vf/7lyYeo3OcGIRgQSEQIABgUC +QN6TiQAKCRAMnBw18Cy+zru+AKCQb22QSMjKncinFIc0ampbX5SI9ACfZSvu8SJr +4FOQZb8HK4VnGL08Pf2IRgQSEQIABgUCQPKGlQAKCRDf7bsiJbzVvwXXAKDXLeT4 +qbyZjTOG+eg++rN2Sop3HQCg1bQrN/PedPfvAQugBrEFyx6q/riIRgQTEQIABgUC +PzTdZAAKCRAXW4/hvruTP30nAKDKkHqvJVsRWynsJv1gVkifS/ka3gCfVjO2Fd32 +4fiW9xcQaKX+qHt40VGIRgQTEQIABgUCPzThNgAKCRAis/Cwib/T9TPuAJ9DxopL +qJ4CTTwmb15AIkPeq/+4mgCghN0rjV1//1aB0j7bnckJC1isNgqIRgQTEQIABgUC +P1YKjAAKCRCbJMB9LotovRg3AJ9P3KRi6Hl1jyDg929QxesATCOB1gCfUXf1jyOX +GH06iWBL3rNYtklvZsuIRgQTEQIABgUCP3BaFgAKCRDgKFrVdgDK70doAJ4lfj0n +IQjxK18oIroLlXfPxKRyQwCgnBm/TALMZI3+2F0yI/pZezauSYiIRgQTEQIABgUC +QAtFAAAKCRA8Y8o/oLPoi1zgAJ9jFfBjH/GwHzhzHJWZ20WWUqV+0QCfaiNvF8VX +xya9nV82NnUe9OTJkwGIRgQTEQIABgUCQA9MkAAKCRA51HTjafHvVwjAAJsHK96F +UP8buN6kGs3HzLIemIYkmgCgnTvGqf2ZJmtojuWid84FMedm8lmIRgQTEQIABgUC +QBG1igAKCRCKZ3GcLegns9XwAJ4n2Ru5B8nqrWV5kSR+yOPFPsB5MACbB4Tui8rA +xiGcl6XlrEXhsavWh7WIRgQTEQIABgUCQBSD+AAKCRB274zoh7HPtco5AKCFpaHN +MlzWzbe1YiHdZDysVUM63gCeOs87fF9OX9tzRepIwM3nMKFwePGIRgQTEQIABgUC +QGUqUAAKCRBspBp3Q7jWyOckAJsHly60kmRaIQKXxG1+64n6Hb14nQCfbAQAWwpF +5/5HGdosw8QF3deZjV6IRgQTEQIABgUCQHctNwAKCRCkPm0nEoKH6BdyAJ9Oezrg +bKXhzCgDHHnX+e3/2CtsGgCdEzRy1fAtlzIoRs04llB/PrGJoGqIRgQTEQIABgUC +QHerQwAKCRAh7E/chK1nbPhGAKCPFS5cS4eHysHo+OzsqqKjNrOsaACeO6Zu1Qvv +2B+9I8qV7VJN4b8IjZiIRgQTEQIABgUCQHerfgAKCRCELNt6RHeeGN/YAJ9KMDlZ +ugEBz5ZdKwObfeqW/KNXFQCeKMmJwKTfvd8efEuS+prnoK2w8y+IRgQTEQIABgUC +QHeykgAKCRBsv4suVls4+ZECAJwLbkBlXj749xdgsu3KUbcLp27QewCdGc0NdQOd +pQwvyZw1fHvKhqcfQXSIRgQTEQIABgUCQHi7BQAKCRDM3+SbCgrJJ/lNAJ9Tdpe0 +4IvZ35Ar3b19XycgPyY2cQCZAUrkYPCdyclEsX5TEdpuCJ4ehx6IRgQTEQIABgUC +QIKp0wAKCRBDGjztotfSkrjPAKC405tPO1KQVBKE3hvQQ4mJtBTMlACeM8EWe2jI +ORgbGM8V4uqu2IyHz9iIRgQTEQIABgUCQLs7wAAKCRBRrPatdb6Al4ofAJ9aja8L +F3RCnwCBjHaGzYC2xxhrKwCeLZmfSk+0FK7xfaKzTyY+7CPYToWIRgQTEQIABgUC +QLtjSgAKCRCMkDR/jwaAEqHFAKC72Dbvie8MvJM7XNu3reErL7eReACfZ5dwF0yL +BmXxGuAgUMEOicEL/GGIRgQTEQIABgUCQLvODQAKCRCKkGd5GIAoPFYMAKC6Bubt +KHC0X5QYOstAaPXJolh2xQCgnJbpw/dnNZfyTmunXGT6F/FLoI+IRgQTEQIABgUC +QMKZkwAKCRABtHM04NSemST1AJwIjdIzyEUDNKKHS0dLunYEtXsL3wCfbuiZgm3+ +M5QMxWF7EbINGyOgp6KIRgQTEQIABgUCQMnOiwAKCRBxof9gG/jeD+9sAJ90bygM +781ty4+6OISSG7J5bm6rHgCfYLozq4zR9/WPo9OZuyxw1HbQ4yyIRgQTEQIABgUC +QMxB/AAKCRD38OcPMH1W7eBtAJ9y7lZoIKhSm6jFE9pGZXgc4OqgkQCfS/zrWz/Y +6xge6Jk358eXYLHwI26IRgQTEQIABgUCQNkpGQAKCRAfaUTCUTmnzdstAJ9KacbQ +2CrpK/0BQaDN7LmSLGm14wCfZ10yYh1kFQROzv/8+opwT5eA7iKIRgQTEQIABgUC +QOB63AAKCRAhT2hBUV+bdMbEAJ9TpidshCVITNviZm2GzWkpycv3UQCeO96CK7PD +mQXNqngjEB7MnKkxSsyIRgQTEQIABgUCQOIVFQAKCRBzUHCc8aVzybxhAJ9Vqfn5 +2LL5vh5HqtlA/+xrBvl7JgCeJoBWutuiG2j/ZUWxyyLGs9dA3FmIRgQTEQIABgUC +QOa1MgAKCRDp//liH6bqaLooAJ4wGL0/AaJXLQ9yCI1kTaqmZJKb/wCgpumqmiR2 +9V0GuzJHBXAclqWbnCqIRgQTEQIABgUCQSEl8QAKCRABr5PZkc+jTYC5AJoCAWVv +gCWfWOwJAELSw0aIcv91YACfXNoAffk09jFKBUoUj13l3B/E5J+IRgQTEQIABgUC +QSE3NgAKCRBz426wGk89Sea3AKCD73o1ks6ZXKZOAZOV6jZ6uot1qACgigWODFZw +j1tvHMhfqeAulskZIFSIRgQTEQIABgUCQaJa2gAKCRBCnwFbCWxN0y/wAJ9wnAX9 +FlgLOaXnGM/T5Wia86p1JACgn2BiZQV9Iqq7eKx0X4ga+gcp+zOIRgQTEQIABgUC +QbutbQAKCRA0UO1RP8wqkE8FAKDoRasA5r81e4O9pJrDvrnFA9HSYQCfdskCpy9W +puVup3b8nKzPus9P8iWIRgQTEQIABgUCQcfWnQAKCRAN5ydtXgV38iD5AKD5qXdk +nSZD+xYRt1HVDpsi8dc+8wCfSRFPj5saRNUq+ToPJg87+dldcMyIRgQTEQIABgUC +QcgNgAAKCRA66+xuxmZI/eeYAJ9WQ8Hs6KQ1I9fIxcrNVfwze3qVHwCgi/8Q0+3M +Wpz4Z786nhabQYO5ZIiIRgQTEQIABgUCQcgOrQAKCRDnXpDAOcwz21fFAJ9gCxT2 +SVrnMF33VWtjGv+5TsgfFQCeN21nwqnwtKX1/vdnbsddQsn1wl2IRgQTEQIABgUC +QchUpgAKCRD23TMCEPpM0dMDAJ4q8qDScc1r7QYd8e5XjjnX//TauQCfeqIWbVEK +LNYgAkL708ymDhkSKnWIRgQTEQIABgUCQfW1mgAKCRBrc6EGKmI/crF8AKCE3lTr +tp79HtQ2BoqfiDbsckWSIwCgmdU8QMAtl/pR6G/06T7sFKjABXeIRgQTEQIABgUC +QfW1xAAKCRBSeS+vmXivhiRSAKDkONZk5UOdw1O5uQbHd2m1wDmyaACgvVNZZFi4 +hEpNJxd427LtZbMPefqIRgQTEQIABgUCQnI7JgAKCRClBubU3U1QiChnAJ4xi+/0 +E/y/OigqMkfkvfj2VcHfVACfe75i6VuVXypnhTt37dFhdOIeR0SIRgQTEQIABgUC +Qnn89AAKCRBvrvMuUIJy/viHAJ9qNw0EegYvA3OIh1pD4Nevs4MNYACfXzxPWmc+ +HGMosO58agzboNp8/NeISQQTEQIACQUCQbzdOQIHAAAKCRBKw5P7otBpNrebAKDr +PjwfajCpHHXS6xXF2ER9GMrvJACgvU2dX7Ii9HpT72FrTXErZuyck6SISQQTEQIA +CQUCQngyjgIHAAAKCRC4lA5tqXtpoA5zAKCVpAvqaQ8jURiIGoZLVhU5C5CmHgCe +P5rgXzBjuSIWFFhEKkSB2YX/tRGIXwQTEQIAFwUCPUIm7gULBwoDBAMVAwIDFgIB +AheAABIJEIZ7+an70+uOB2VHUEcAAQH8tACgmiV6oN5xcRXwfmRtpSPSoFrlPhsA +nA4WcXDV4pWgK4Zbkt0PJm2iuVXViQCVAwUQP2P7XWRmcAD8BdppAQGbMAP7BU9d +wwM/yb+ml68UlGBmxPFmUVWvLNLrxV42cWcb5VTn8dapFSmOj95xcG3MP+RXJT5G +jQmdfTnVY7wccLxMRxu/BLMkUB3vGtRJq4wSv019SbX2goKQxtblgSpcdl48UbTF +V6Ac7l5TFkvggktPssOLR1FIyoqtvHHJ39re65+InAQTAQIABgUCQHjCKgAKCRCr +/we0RvMhLZSjBADBjMKaxfTKnjq35BeEBoifGA2nbuMhZJALzB13BxaYvqjfXoRr +QssJzxTQsOuDvl8YEek+Jpxh72+rRUB6FIXKfNulKAZ06IbxV9vSTFoGbMvZtNiS +KswUbtMmkBUiEAx04Ge83DSraxsDDil7TeNUaFJyx3GKLZnYS0BNhpiqmohGBBAR +AgAGBQJAxAyHAAoJEATdSGuyTiz3YWUAoN0cdT8Nl9snKPI+ZYWH4pwDcUxnAKCn +O1AiDlRE3CLDEa+MJSkmxrIKLYhGBBARAgAGBQJDZ75jAAoJEC4s9nt3lqYLB5AA +oNVVFSgzUoU27BatX2tJMNYMdXaiAKCY3QR9SdMBUDTqwUyZy4vo1XnnL4hGBBAR +AgAGBQJEgrGlAAoJEBvD7xugSqIHGFwAoNcM8BZnZ9KifNEwuuwYt2G0nN7VAJ47 +OgKnI3nPVY2GHA2aIruDJ3BS44hGBBARAgAGBQJEgrHqAAoJEGiW/K6sBhsypMEA +oIEnXy2VkryEtyDGx/Lsc6DWpTzaAJ4r9KEP3qD01LHRGSdfOnfEeKUxvYhGBBAR +AgAGBQJEiDRZAAoJED2vVKIe71J2oDUAnjRiSGD18baf/vpn5jzr1Euj0HubAJ9V +fjxNPX5euYEo5IuBsPsmS/5SdohGBBARAgAGBQJFOu7sAAoJECo+d9KYZzTOv9wA +nRLNlzjiwrudGxOrfRHlzBhnVbl7AJ4m61uDATuzZ5jNPb+RkzExAYxvwohGBBMR +AgAGBQJEQNq9AAoJEF0853/VTwhHQIwAniVCZu3SmFZZgMXRTff1omCTUVgXAJ99 +1JysQJHW42+asnLDv8MvENB2H4hGBBMRAgAGBQJEiQYCAAoJEFuz9RlYFnka/jcA +n1LZgwKfMXZvwzBS9AXgz3tBkU7kAJ9FfpUgjnsh6Q2W9fc+XN/qooNydYhGBBAR +AgAGBQJFyQQRAAoJENq4mM7LGUrdhzoAnRyv+rKECN5GXCbkkJVX5xEpya2nAJwK +qPyBhSEus6kTVTYF1cqIBzsuWYkBHAQQAQIABgUCR9OgTAAKCRCyaOcG/1z0Y/Fd +CADUUmWtnr2Fk05Bf2lg5iZ9JolU+KvGrtlddlq6XI09JQWrJAUsFf+FwOO4CSir +Ve+M8IZPMaQL25LrW2NurC+8TL3H28C2kgcHTcPEEoDQO52Kw96b+cG9OPHftUaj +rxzkI0nHlZtmH/GjcqC6OhEJdCTkOd8uRiUILkiBuxR1gFqTmgeL9O/fJ6Y5ZykX +4Aijcu14WfaZhUO4Z4fBjuuuPqee4PBIB2fJ3DBW2LWXQ5400M1YmH9dWbqBbR5C +Cv/Nr9q/8p6OUx4XerRgMzGAw+DGPaUyVvTArn6YWFR2FZXkS7yzvLJkrAWrWHeh +TZqwIpLyEZCdUCkpOlIiGxJDiHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vbo +ZQUCZa+28wAKCRAo+FAp/vboZcOJAQD7QSV2atQv26e1B3ImMeFZzGF6Q4x+pM/+ +SNI0xGUc1AD8DSaax/MIW+CICzIROqUg99SSM2TTGrqxZgEHMaqDlA+0JVJvYmVy +dCBDb2xsaW5zIDxyb2JlcnRAY2Fub25pY2FsLmNvbT6IRgQQEQIABgUCQnIjeQAK +CRDT+ZXVd2r+EvN+AKCuhQUpULRd8LRrI5h1JNGQQkcTAwCgpqwNGDPMCDYNPYQY +F5LCoGoiRiWIRgQTEQIABgUCQnI7JAAKCRClBubU3U1QiFJVAKDWXHemX80cMUma +JofpxzRQo2SsngCg657EE9NjOKFTDHpaoWp2fprVB4mIRgQTEQIABgUCQnn89AAK +CRBvrvMuUIJy/r4xAKDb2+34jA3YkYWgdIXYpy5VZzVB9wCfeHdMqwVz/QvAmQfo +A8cbSxfiThmISQQTEQIACQUCQngyjgIHAAAKCRC4lA5tqXtpoGjCAJ4//izCbC8u +QsfCfiTo7YdxUfLuUACgmHXQ9C0nMOdyidujXmHAPYrwIlCIXgQTEQIAHgUCQnIM +SAIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRCGe/mp+9PrjlsrAJ4/STscGjuF +HazMulOLo2ymgbiGjQCgngF/v5cnZJ+DaOb+AwrBTv6yvyGIRgQQEQIABgUCQqZ0 +RAAKCRC3rC5RvUFxS0AtAKC5ueiY4N4ez88JHZKF5cQKazcaHgCfSIB7L9tX8xPU +lgF0t/GB+QCQ7p+IRgQQEQIABgUCQ2e+YwAKCRAuLPZ7d5amC/uKAJkBmzur3uWU +UPYVnM057lb1OJRnIgCfR/LrCLpuhH5Qw4DGIILHP94adQSIRgQQEQIABgUCQ2oH +0QAKCRA8Y8o/oLPoi8AJAJ9Rs0i5T8q+E9LecFLNGMBC/6037ACgnZbR/GFBOI58 +qx28EEl4OX6CD4GIRgQQEQIABgUCRIKxpQAKCRAbw+8boEqiB62CAJ9O9sq6diN5 +irZXYOjhEWKxlfBEtwCgo83bDET9eAViZZoBaMkcsRK99baIRgQQEQIABgUCRIKx +6gAKCRBolvyurAYbMgh6AKDXPw26AigjkqnPt3X7Itjd1R/S1wCgyQlvLKLrRt9t +nYgf6o0jrEYoMsyIRgQQEQIABgUCRIg0WQAKCRA9r1SiHu9Sdi5hAJ9hNQ5TEdVL +zyeMOLCMuqA+ND0ALQCferhP9vD0oVXAOZl+BEeFOZq2p7WIRgQQEQIABgUCRJE3 +ngAKCRCMJe4PDcC31nVFAJ45UUaN65Q5xICSS/k6W67eSB1uKwCfWa7EHae1Z63q +hO2lh1VRVpjFdCOIRgQQEQIABgUCRTru7AAKCRAqPnfSmGc0zjsKAJ92eh9LJMnr +pYB5pGocJjyCUFJO5gCbB4LPIDhAk3voZ6XVOHIJ1VVXLfqIRgQTEQIABgUCREDa +vQAKCRBdPOd/1U8IR4/RAJ4twVS69kkQTLrjHH+hda1XanL50gCeNFbZuEL+tnt5 +lAxruQFRxFRTPzKIRgQTEQIABgUCRIkGAgAKCRBbs/UZWBZ5GgEhAJ4yVQMhN6vT +YQXlLUKFlrEL68DUDwCgiOWUrjeu3pJT9CNyoCnClImPxw6IRgQQEQIABgUCRckE +EQAKCRDauJjOyxlK3TG9AJ4tZXUoAH3U21yZO7VJPOgRqY5NcACgjBL7ILGlaKBy +0lbLmUTh+DQ/REOJARwEEAECAAYFAkfToEwACgkQsmjnBv9c9GPpmggAoZh2UepY +FWznbz2XVHRQTXAmf8lPIFFYbhCzTK/DAIxXQZLPwfRQZ7zP88B1yFazD/IV0Psq +v/98YIRHV0nE42cN34f/045eQxDbcnzSkQeZuCXYyULq4ibTv9NGjZw91+7k5jIH +fFVBNARPnKMStKUrLvb1VIhftnogg76w4X8NKdQVFhvVXIGKdnKAOTiPIGc4qpBG +SjU7U+5YG9JM34kDdi0UEnujAnJwl4HExqeB8xEMILFDvo16fbuY7/3DGz2f8FgA +1FILfU4Jf6svy8/dHoAvFSr4xD9gTbTJXBNLB8r0vQfvQlPVDk3KdL3UtvXIcJXB +4iyiES+JdvxKLYh1BBAWCgAdFiEEKbSx984D0bHe0i8wKPhQKf726GUFAmWvtvMA +CgkQKPhQKf726GXCWgD+L9K9ZuC0ZHY0DxY5gEr2jGem5NvoOYFDP966Ff5wSTUB +AIT/A8vKqKEN7eL17NJ4O0qPXD10zHSFAEbpGs+yyR4OtCdSb2JlcnQgQ29sbGlu +cyA8cmJ0Y29sbGluc0Bob3RtYWlsLmNvbT6IRQQSEQIABgUCQMMBYwAKCRBApb7t +ctA8sauCAKCBjn9GUWosxmQz9GOIA7H7xHS1CACY+4AxwwoGtuM4o+aHlOhUq3UH +h4hGBBARAgAGBQI9OQwfAAoJEG9GN29rpw7e2eMAn2kGBt9qU7qZ35Pa2TnkKF8q +LStgAJ41OabQptDAik4UTy7j/7BEpfFcxIhGBBARAgAGBQI9ORw/AAoJEMHadt92 +y/m0EjYAn0+imj7kaUzbVRd/QTITMLVXeGSPAJwJ0TMHpZY7aRkjHokYHI8DLKhR +EohGBBARAgAGBQI/WJy/AAoJECm+XSJo/VSfoPIAnRqI0e1htqnoHhc7QiBRmbxQ +ELdhAKCOUA7TGZxKv3JzvN8DzRMXg7zHDohGBBARAgAGBQJAw32cAAoJENgO81qL +tSevUgcAn3Q2ipULMvcT7tnsDrg/XuUQTimmAJ9kjOc0Yr77CYlJWdt9wYaX9AbI +DIhGBBARAgAGBQJBLT4lAAoJEOGSwFQ7G7LrIBkAnjvPXA24/MzapkOQ2BZyYUXx +b+2gAJ4j0y6d+yAHHGDpOoPCqqGyttPEvYhGBBARAgAGBQJB0VFuAAoJEJBY+m7r +M85GRVsAn3PwFG7BPlmwltTiu0xM6RoRiM1eAKCeJJ3U9mB2rEb+N3DSWHti7mbV +wYhGBBARAgAGBQJCciN5AAoJENP5ldV3av4SSi4AnjBEdVRrh+TabVIajWRt3UqT +HEqJAJoCD/C/XmakrZjnC9GA8L6VUAYfEYhGBBIRAgAGBQI+lhifAAoJEOPXfh+V +FhmRyiYAnj6SG8MD5I6UnQBaP7wRlNV30mgRAJ4h/i8VGPo+5w9SHw2l5xC9Ufvo +AYhGBBIRAgAGBQI/VhJgAAoJEPDcjgCyjFmVxGQAnA9uz0lnSDi9jHKfs2vv4Tpr +zg5/AKCXz71KnuRsYmMHZ/fR3nttHA9EcYhGBBIRAgAGBQI/W7jbAAoJEDwMM7tE +K1vp7q0AoJ8vp0pb8BjcCYcTSUGJ8l7V/6RHAJ9wQwvzCuwlq6bcu93Mnfy2qZ7a +IYhGBBIRAgAGBQJACoqIAAoJEMKwefz1x1JWo2AAoI6LNR70i8HHT3j5pRVsKMB1 +MdKmAJ9UJBI4uCCxIDnWlhNW017VNmLsJIhGBBIRAgAGBQJADI6xAAoJEFrpGWwd +5fJpaZgAn1DURLihVIoIFh3CInhtLNKmwbh5AKC3Me/96WV1g2lnSWpIa3MJ55xv +9IhGBBIRAgAGBQJAFeNEAAoJECIYyB6OfAP/F9kAnRCFAB5ZOWKJEnTcthxVjYhD +ZjvUAJ9vf6uY7cKXjLmuqoBhAVM8lwXDbYhGBBIRAgAGBQJAu3qIAAoJEBigzI1X +BqS0QdoAniY+JUCRXeE8GbZIgN7wn2RFot1gAJ9pqNjimpr0iPCL9/GOYeSMgRaZ +kohGBBIRAgAGBQJAu+fwAAoJEJ/PLM0/PmQmi0UAn04gq1HlsrAti/myuBb42fzX +HbPEAJ4xh8ymyNncu23w44K4nFSRm52+74hGBBIRAgAGBQJAw/4WAAoJEMl0Jfuu +S12S00EAn1ItVZnHMvJrl1LC1WgmZ9Pgx9veAKCQDWAIvBPepaqzpmZ4FgFBS1so +5YhGBBIRAgAGBQJA2CkZAAoJEA0PThLBxU2kUGwAnRCNatuNdTmr6hZ1umzQzYFK +S02uAKChG7Emxn8xaMiZfCzHYVaXrJQP34hGBBIRAgAGBQJA2QC9AAoJEEcGFPCR +Dhss5gsAoL2rgMDrw3nMYu4JcrYAZD4r2S8EAJ9WDAfBpb/RHy1gNgU56CVFtcGi +eohGBBIRAgAGBQJA2pokAAoJEKYOsLT93rYs3KgAn1fT3itWDphTna87FVSp/7DE +9GoUAKCcH4R/sXQWVPyMNIIejKHKZeRkWIhGBBIRAgAGBQJA3pOJAAoJEAycHDXw +LL7OTdwAn2E3I87ky0B/Ny0/GnS1RVhHXE8sAJ97Yy9Ph5UezOIcDAssrAxp1k+p +EIhGBBIRAgAGBQJA8oaVAAoJEN/tuyIlvNW/AZAAn1eKK1jbvvvwTF0cLHx2OHmr +ldyyAJ0XrHhD9KdA1BFLMVuze2svRRwSKIhGBBMRAgAGBQI/NN1dAAoJEBdbj+G+ +u5M/knoAniNV9D0ptQ3n4zACitPVZ9YNvviWAJoDEjCbrDHgW3X30ynsS5KgnSaO +VIhGBBMRAgAGBQI/NOEqAAoJECKz8LCJv9P1dp8Anj/42MewHg5kT4Qa8E5MVPwj +Bao2AKCfcR/IDD+KyZEPrlV42lNn0BESc4hGBBMRAgAGBQI/VgqMAAoJEJskwH0u +i2i9KcEAmwUwg0XamvGH6GPeQq9vi69tUKxvAJ9aYZhB2QSFKgojDh4UeOUVPjk0 +oohGBBMRAgAGBQI/cFoWAAoJEOAoWtV2AMrvIJEAn1Bw7AwM/gCRGQ4li8FCFtQc +dGBFAJ9FSK89uyHUZcRpXoyr6WB5WX0CWYhGBBMRAgAGBQJAC0UAAAoJEDxjyj+g +s+iLYF8An0lPjit0vkf7Ads0LS0Ms6cbBBBIAKC86UcypE9kzQVqsS0XzpYA3TRi +8ohGBBMRAgAGBQJAD0yQAAoJEDnUdONp8e9XR20AnjO1juxrZL1Zd4tlGQZUWcbo +b3w+AKCItXtFz9Kz/ks4vTZobw5Do4znY4hGBBMRAgAGBQJAEbWKAAoJEIpncZwt +6CezZSoAoIdD9sKh2Pc28Z4VfnvOfet8tnsDAJ9JW10L1DH2FQaOmbRXWF/Q3j/k +FIhGBBMRAgAGBQJAFIP4AAoJEHbvjOiHsc+16OcAoJ9SW1PC+7n1iG3gL9Lrr41o +UO0JAJ4v0lnucVRCBAeIQGF3B2dT+fiH84hGBBMRAgAGBQJAZSpQAAoJEGykGndD +uNbI1vAAoLYAMBAprU5Z0eO0La2E87CIpGgYAKCVyFKGGRqavyd8tCiSCMxFAbUd +1ohGBBMRAgAGBQJAdy03AAoJEKQ+bScSgofocvgAoMaLSTeTpOgaWoeDCV8pyTmu +GfMYAJ0aIZehnBuKmXtbw488Er3ttptrP4hGBBMRAgAGBQJAd6t+AAoJEIQs23pE +d54YcBsAnAvPhtvEnYmYMoPt59SaErJBjF6ZAKCZHjXtqYo1xYJUj1RLnhjNB6LG +Y4hGBBMRAgAGBQJAd7KSAAoJEGy/iy5WWzj5LZ8An07uNqbZF9EJxdUsQOGudSBK +mBN0AJ4tpzHTyLv88K1ZxwbXLi8DofVMGohGBBMRAgAGBQJAgqnTAAoJEEMaPO2i +19KS87AAn2LYCEBaIffJ+Vg8yInsPgVCv35TAKCEHv2tjouXcWUtC0qFC6hkolbo +v4hGBBMRAgAGBQJAqD8ZAAoJENGHgwDnG0uOeEQAniDPZDgKstRh4yay8trtjqki +OtCGAJ96Ide4CueJlWoQhy7EyX4Xi/1KcohGBBMRAgAGBQJAuzvAAAoJEFGs9q11 +voCXSoIAoKdXZRbrPf5YcCVH9zF49FKpXN5JAJ42OS86l69BbCPHKDb5HM46IIV5 +AohGBBMRAgAGBQJAu2NKAAoJEIyQNH+PBoAScnYAniVZdaCTWfX/HhEzqlyP6j/m +//4JAJ9JbR4wKufqQoVsyHIpjMm2loReXohGBBMRAgAGBQJAu5eZAAoJEMYT3Ok+ +IGCsd+0An1rvB7z2f8gQGq6T7nJuevhjVItkAJ4xcNa2cW6wVGAinlO0Xx70zXir +94hGBBMRAgAGBQJAu8rWAAoJEKFjDI904LdmODQAn16vtcsqWvMRJpr0YmcfmTur +cjrdAKCYdO4KuDcehvkaFeLe1Bx/azbdT4hGBBMRAgAGBQJAu84NAAoJEIqQZ3kY +gCg85sMAoII5zZmU4XKtCxx15sCe/VxrpJd6AJ0b4/9n6Ubw2EJYugJo3UjtYByo +Z4hGBBMRAgAGBQJAwpmTAAoJEAG0czTg1J6ZIdgAn1o2S15iMAogYHKt3daVQx2h +dRFyAKCYL8kF9xj9ulZj7hkuJZazEH30c4hGBBMRAgAGBQJAyc6LAAoJEHGh/2Ab ++N4PsNIAoK/vRT4O/G7XAgZ8qyL5kdjMSpjzAKDK+VaX4VRRtSlTNmDBXDlKTT1b +eYhGBBMRAgAGBQJA2SkZAAoJEB9pRMJROafNEAgAn1tqH1avh+KUFbxhjxCf00op +A8qRAJ9uQJHwibGBAhAF8NM99KkFuIpPJohGBBMRAgAGBQJA4HrcAAoJECFPaEFR +X5t0fV4AnjdaP+f2IHSvQIF7zii7cpLjRSaeAJ9iak6BOUGxE8XKdQp4BVNRni1i +RIhGBBMRAgAGBQJA4hUVAAoJEHNQcJzxpXPJgLQAoIH5l6cxC01Lg2ko2E0gVDB/ +jpneAJ400OwWM/ltvUOnriJQqt092BI/p4hGBBMRAgAGBQJA5rUyAAoJEOn/+WIf +pupoyeAAnjRJ5jBMgiZpdjr7idWTk+Uh9TSrAKCGpnAz1OpZREJC6dZpW+u6BbW9 +eIhGBBMRAgAGBQJBISXxAAoJEAGvk9mRz6NNb+UAnRWtJvWB9pYwGPmcBRLwMS6w +QQOGAJ9gsUUKuq5hJxQ5FSUGr8xlxf+KmYhGBBMRAgAGBQJBITc2AAoJEHPjbrAa +Tz1JzeYAnRVkxSAYv4v650tCPk0FOdJf4f6tAJ9J3K2euicImnOadzKPHjOO+hjD +z4hGBBMRAgAGBQJBolraAAoJEEKfAVsJbE3TaZAAn2CpY9ap7GIqDn2gD6+m4ysP +S4g9AJ4w9UErlGVvFcAZ8dtuiI9mssb4bohGBBMRAgAGBQJBu61tAAoJEDRQ7VE/ +zCqQP2sAoID6n2ucstX7TisgfpLx+yZM88SSAJ45UBF85jaZCSROePYLl2T6A0nO +PIhGBBMRAgAGBQJByA2OAAoJEDrr7G7GZkj9j8UAnRJgfevQbx53Y99NL6dZUjES +E5qCAKC8gcEydoBoUCuYqSlId7hKjIJddohGBBMRAgAGBQJB9bWaAAoJEGtzoQYq +Yj9ywb0An0dlm0tguP++6mvZY6ICWlC29uWoAJ9vA0dW7QHUSTJx5LmBhkGy68/x +oohGBBMRAgAGBQJB9bXFAAoJEFJ5L6+ZeK+GlgoAnjR7u2LA4JD+FDedl9fnsbxO +bhNmAKDpgESQoaSzAn6qmXcZtabUZ+5UFIhGBBMRAgAGBQJCcjsmAAoJEKUG5tTd +TVCI4xUAn1niZA+abatawfVjuDWDwClQJuMZAJ4raKBCNpeHAVERQnPOu3waJaM4 +dohGBBMRAgAGBQJCefz0AAoJEG+u8y5QgnL+BKkAoMfh2CpyQfV5GDDd2oN9zfle +4gDfAJ9LuP7yEvrB2VajZevLJkpCwqYnA4hJBBMRAgAJBQJBvN05AgcAAAoJEErD +k/ui0Gk2//QAn0HdIkAxFaB9t/CVu7Q1ZjReRGizAKDZtm/w5TuW3CMW56runilZ +FRZYiIhJBBMRAgAJBQJCeDKOAgcAAAoJELiUDm2pe2mgs8QAnRZLaz+93OK0IK3m ++0cligLNmEa4AJ9h1HL0AAUJdgZ+W2z7737h4+1xVIhfBBMRAgAXBQI9OQRABQsH +CgMEAxUDAgMWAgECF4AAEgkQhnv5qfvT644HZUdQRwABAUtDAJ0Uj7ye9YT354zh +pnjI6af/j+zCswCfX341MQxNT64pixaGVmg08NZvARyJAJUDBRA/Y/tdZGZwAPwF +2mkBAbniA/4oHI3uUBIUFNKaJpBR8m4x+r6U5FqpKI+XSbcwCHDub3gLQDYOQ2G1 +egFytQeaUst6hGTUzedee1CCup6g0zmHE69C9eye5AbVhC+9Jx8oxk5HGZhDNWnp +E8HqWstRjapSMGR/t5hQWc3tBQwZCKZr9RAtVyVQrO+1qXNPkXfKyohGBBARAgAG +BQJAxAyFAAoJEATdSGuyTiz3GDYAn0jGjo7D/CKytfL2EJxOpPeQNavJAJ0XC6fa +332boqovL815rhrdreh484hGBBARAgAGBQJDZ75jAAoJEC4s9nt3lqYLlskAn30W +DYAGmOP4EZXA6tbg8yddPYrgAJ9wdcob2ITca1r9BCfw/YewsslBMYhGBBARAgAG +BQJEgrGlAAoJEBvD7xugSqIH7HAAnAn76WKUuSrmXGbqzpV2DWwoMZa4AJsE3W0y +RP/pVy86FgYpM0LCxtEHJohGBBARAgAGBQJEgrHqAAoJEGiW/K6sBhsyaggAoIn+ +WgE20v1/bfGumKLWqffwlBxFAJsET0S5P1eEczDydWODn1buSY+N14hGBBARAgAG +BQJEiDRaAAoJED2vVKIe71J2ZVAAnjrsuzp6uSkCV/S32t6G3Jo8uKH4AKCNRDST +oFXH/YDXVXb4jlsLJrwFS4hGBBARAgAGBQJFOu7sAAoJECo+d9KYZzTOuxUAoJ0K ++Oh0zMAJwDib2hP95tIOh8p7AJ9x1566xStZU8nidqxWzLY31iNc2YhGBBMRAgAG +BQJEQNq9AAoJEF0853/VTwhHN2EAnRyOB5pFD0fkRUAG/LxN3kp/sgalAJ935XxG ++QGqXBY1iFclvJey5H/Bq4hGBBMRAgAGBQJEiV6eAAoJEFuz9RlYFnkaUPwAn336 +j03TecF5Uspkz9W2tVrr0ikbAKCexA7STYX4GPglJYgBsS4T8rA5S4hGBBARAgAG +BQJFyQQRAAoJENq4mM7LGUrdOHQAn2pw6NW5ZDQ6PtiaUBIZ5zDbC3tPAJ46GDrR +a5v73hyXGYgLqxJwZgKtz4kBHAQQAQIABgUCR9OgTAAKCRCyaOcG/1z0YxzDB/9c +1Di4TfLxU2EPCIVTrlhA0e6WvbMPAD1xNu7OxeZwmQGYWInuhs8HZrn6LIGy2CdN +nps2qdMZV4AfAwamG7B3T6cmkgDxcEHRrC4Ra7geMzITqGDByiu/f0EemjtSairU +WHEyZqbSnNS1GPQbYZfxwnP6dXxBRkWXqdu3O9xsUZjpQuM6zYzTUe3ePfjUeeq+ +vp0P8XPlldrVYqyggoa5b/i9XGBNvdDdoZH50PE6EmMonn2uOjJ0hq6/CtSiASFM +inXBl+Nu1BLvHQio29ieSs3+pI0TsbAsGkFvxN7y0OPClNAebEVuQwsVaTuDgErX +m2XITsXfcXgTiMBdtb8oiHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUC +Za+28wAKCRAo+FAp/vboZXtAAQCUpjXvPXweG/cIw4eNWiIc+b8vmV+LqDzlzp2c +9lPXUwD+LLl6pOXRwmJsbKV0bLaJNrs5W1tBQxz7R+8N+aE+jQq0KFJvYmVydCBD +b2xsaW5zIDxsaWZlbGVzc0BiaWdwb25kLm5ldC5hdT6ISQQwEQIACQUCPzRGwgId +IAAKCRCGe/mp+9PrjoqjAJ9CnaYOGmdo6iKu7CXeyMmMtKbt+ACeI8zXWcwhTJXg +8UxSlh1OP5KMJ9mIRgQQEQIABgUCPTkMIgAKCRBvRjdva6cO3oOmAJ9Ws6MJHngK +tC05aF7JL2Ss/tcYHgCbB8dly/qUEbWJDnvjA/+WKsRnJLSIRgQQEQIABgUCPTkc +QgAKCRDB2nbfdsv5tKwnAJ9/q1WkDXJ9aQ2VKTXHKabVIvq7gACeIYTRSEbY3g/y +0A4SNxgFJVJzRPSIRgQQEQIABgUCQMQMhgAKCRAE3Uhrsk4s99UeAKDFExzzICW5 +k2Bt3DbdUiG8DGPYhwCgnnIKI1cNRu0Dad15Wuuq9m0dQyyIRgQSEQIABgUCPpYY +owAKCRDj134flRYZkYDuAKCdgzRt2/7IauBwg+/ZwMEr4u6fugCePHAx1hKcA8ZB +KfvPm/Omi3pMAE2IVwQTEQIAFwUCPTkI/QULBwoDBAMVAwIDFgIBAheAAAoJEIZ7 ++an70+uOi0cAnidOX+tobnImPhGWPOArDia1mdg7AJ4yJLuSWmNkSspEC1QlBI5c +rRXC2okAlQMFED9j+11kZnAA/AXaaQEBFXMD/3t3P6tjvXRjTEBJ8DoCznAaXcE+ +wDyYWv5CmubJ9xFydfFkBzvide5ZdU/xbn6yaKISuR7om/ZlBFcu8mGsQNEd1FUy +/u9GnGynv2Ymr+7ctIkDO/gOV0Z6B2ASzQ+e9t3Ms4UbkvaUtYsOUZto3lNjvHA0 +v5HNHFORfDN+Ks8PtChSb2JlcnQgQ29sbGlucyA8cm9iZXJ0Y0BzcXVpZC1jYWNo +ZS5vcmc+iEYEEBECAAYFAj9YnL8ACgkQKb5dImj9VJ9gLACgj7O9AekSaPz1z5AH +C94t7l2qUHQAoI88/wviaCU/jfBq9Guvf2sh6rfYiEYEEBECAAYFAkDDfZwACgkQ +2A7zWou1J69EDwCePU51E4Io7D2CqfwLd9ia9tyDhSEAoJxVhkPTpVMQ+Oz2MotD +GKPgAvd+iEYEEBECAAYFAkEtPiUACgkQ4ZLAVDsbsuv/YQCeJ9PuEqhUlJSXLf2U +9bG21LUngjIAnjTC8PG22ymFa0VWoI3io23z1aW1iEYEEBECAAYFAkHRUW4ACgkQ +kFj6buszzkbEjgCfTKJ04fus/M/ABOzpqPLzouAOVFkAmgPjBKzfmzD+0FgJIV8c +ON78QP9UiEYEEBECAAYFAkJyI3kACgkQ0/mV1Xdq/hJkIACeMbX43kQabcHWdH/w +qNpRNPXWd6wAn1+3DB/hP3+wodnkBSIMoqwGJ7XDiEYEEhECAAYFAj6WGKMACgkQ +49d+H5UWGZED1gCfU7U0DgpmlUkm1ojr4QXM5Vd40okAnR8BAsEqHgksbj2+oe3A +jhGu6jbEiEYEEhECAAYFAj9WEmAACgkQ8NyOALKMWZUscwCgmsQ2I+KXklPa/TWc +7aipq+3qtKwAoK8m8+iqZvacPRBodADXV8nX/pgxiEYEEhECAAYFAj9YocIACgkQ +5u9oNyz9HDg/AgCdHcpgETTOrzQKaApcnLnA+LB1Cf4AnA/cG2OtfILRblpvgiF8 +yuSLIFHziEYEEhECAAYFAj9buNsACgkQPAwzu0QrW+k/1gCfQRHvxq9u1ofmqa01 +FulIC0S7sHUAnRdldgyfE87SXkbhQsmqKqRbYVyLiEYEEhECAAYFAkAKiogACgkQ +wrB5/PXHUlaxGwCgieehgSpXrolKWL/W+MJrvbCovb4An1owp+i0c+CO/Dc1HCOf +vMwNfnPhiEYEEhECAAYFAkAMjrEACgkQWukZbB3l8mkw/wCfSjJKuEoEMzxgis9c +ZvgpVYg4+NkAoKzdydSiDb2ZymuraSqonEAnmaq3iEYEEhECAAYFAkAV40QACgkQ +IhjIHo58A/8jxQCfclJSJbzSqsyJAwObfPEBsHm6jacAnRSO+mbmSLEQ9uO+nqMe +J+yAxBpaiEYEEhECAAYFAkC7eogACgkQGKDMjVcGpLSZSACfb83mEh0Gh+x7/+f4 +nhVLawtyKDAAnRyGdcEt6aoC++lnAe4pvZARrmJHiEYEEhECAAYFAkC75/AACgkQ +n88szT8+ZCbDzgCeMzXQaocmb05x/x/MXxQj7tm+nIsAn0LYxtpOdkBRRJpL0Yq1 +b87nbXMiiEYEEhECAAYFAkDDAWMACgkQQKW+7XLQPLExEACfcUisO/Q+5cgTuB2g +iphehF2fDOMAn3nDEEH+bYKC/63frABkgGXk3/jNiEYEEhECAAYFAkDD/hYACgkQ +yXQl+65LXZKx+gCeLItdC14YDvd4dx7DVJmEWIXRaCYAn0P9ZLCCoc7SPyA1wSi/ +yCHNu+4wiEYEEhECAAYFAkDYKRkACgkQDQ9OEsHFTaR4GQCcCBEWe3Ejvk2RS669 +dO8IXmDrefsAnjpRh8PlJ8XGIy7JLCUXihTux2RRiEYEEhECAAYFAkDZAL0ACgkQ +RwYU8JEOGyx+0gCff6gz+uUidf1D2FTD4P5ytT4Mc9cAoNT9wIfxBPZttAMFgFkr +zoU72Hs5iEYEEhECAAYFAkDamiQACgkQpg6wtP3etiwwCwCeJD3LdCqH06ZZVKm4 +cpb6xb/a/DAAnihOx0PssO/Ud+CM5HMyVirzLhbeiEYEEhECAAYFAkDek4kACgkQ +DJwcNfAsvs5PIgCeK2Eb78zX6Zmdvn/WKlPqq3CKgQ4AnRR7jaFFRE2TwuERW76S +IPpgRSqAiEYEEhECAAYFAkDyhpUACgkQ3+27IiW81b9cYwCdHxyFcb0UOpKsl/no +oYhlTqYMQ64An1qGRR671O+NJYv80NBFFkWc6B3kiEYEExECAAYFAj803WQACgkQ +F1uP4b67kz/VvQCeM6T9hax8HnT0ybqVy9u/Ql/pNhIAnjvWZ2VQXkQN5Td6RowZ +yKl0c26iiEYEExECAAYFAj804TYACgkQIrPwsIm/0/UE6wCgixkjiGCu4zcxV9RO +FCtXaep8ixUAmwRwnpzQR2I7GPMdo6++mq8EOBjciEYEExECAAYFAj9WCowACgkQ +myTAfS6LaL0HjgCgm0fkvka6OANXyqTdEHURgdt4a7YAmwf7TDSRrDnvk9f8L/Qd +GYzvCbZFiEYEExECAAYFAj9wWhYACgkQ4Cha1XYAyu853wCfTSFHD8AqaJG0Uwox +ojp2hfYsYG8AoM6dB5UNVrFfMeUl+E8BBau0IpeCiEYEExECAAYFAkALRQAACgkQ +PGPKP6Cz6IsgAwCgj+0Mo6UOmIaYpyvNBPSwrgmp/+YAn3Aix2x4UeZpl1tJoL/H +tt6G63+GiEYEExECAAYFAkAPTJAACgkQOdR042nx71f/WQCfWYM0KsvxV/VfnSh1 +fwfjdo/xbPAAoKSBXW44HdmDNhiHVliHtsJmVM2UiEYEExECAAYFAkARtYoACgkQ +imdxnC3oJ7ORqACfSjnqu4fmdQkSTLK9tF2aTTXq/HcAn1pMhHwoAFSdXTqOAj1I +Vl37kWsQiEYEExECAAYFAkAUg/gACgkQdu+M6Iexz7U8+ACglp1XoZmStTogrpAj +LzSdsD4xwqcAn2O+cBV3suc18vAsNDZI1vNPHePaiEYEExECAAYFAkBlKlAACgkQ +bKQad0O41sg5agCgwf4md9DrK5CivQnTPua8oTswSwMAnRwPl4TVuIrrfVPPRApl +jIJEt05ciEYEExECAAYFAkB3LTcACgkQpD5tJxKCh+gHAwCfWCRnlrJll3dlSc3Y +JDYPY0/OGTQAoIL6E/xzcTxPPd6pDya4Y5ekCTJqiEYEExECAAYFAkB3qzwACgkQ +IexP3IStZ2zJvgCgsFtLFF0yYAz8XiV9xYaHBrKVR0EAoICFlHM4QfopsPJNUtml +Q8pDLrJ5iEYEExECAAYFAkB3q34ACgkQhCzbekR3nhgTFwCfW7IL6JG/RMy9Ncj4 +bhyU7Qza39EAnAu1MS9L/D6G4BNWOEwAyLzHyVfbiEYEExECAAYFAkB3spIACgkQ +bL+LLlZbOPk6yACdHsV5ERxVOVSNoPQEq45p2kbOqR4An1zRvkIinXujx/4b3EZ8 +xjYIpF2JiEYEExECAAYFAkB4uv0ACgkQzN/kmwoKySclYwCcCFAkJ6Q3cW6zLJSW +8aZQx9f5gH0AnimNbNlijpreHQfiBOKEyoYmKt9oiEYEExECAAYFAkCCqdMACgkQ +Qxo87aLX0pKX3gCffOsWpoTGwa4ZvmnTVVC0B6eHfcAAn0p3hRFpg/sn8hC25EXB +kZ2S+u2miEYEExECAAYFAkC7O8AACgkQUaz2rXW+gJeQ3ACeNWNh+ka3RNcX+vFD +l2ISMgxsJ0YAoIhxBlAUWn/Dsv3MRkF5r89/U9aliEYEExECAAYFAkC7Y0oACgkQ +jJA0f48GgBJd7wCfQo8MIrxx7mcw/Haiz1HuWLdcRtYAoKiunHQyD2NkK1LVgomj +QTJJVR+KiEYEExECAAYFAkC7zg0ACgkQipBneRiAKDwtbgCgmYh+hHu3j1o1YPCo +aGMdcriEI5MAniq3kzFXmIgpds7B5NjNUSjYTzmPiEYEExECAAYFAkDCmZMACgkQ +AbRzNODUnpmXAQCfQ36PnA3VNzIEB6Hlg+uPc+4M+tYAoIysfZQYU3P+0SjFjKRG +M2KqgRHiiEYEExECAAYFAkDJzosACgkQcaH/YBv43g91qQCggScsqfjX7bAt+gAz +2qaCakKK3DQAoLm+C81Nd8REsoaHsbGXt7UOpo2wiEYEExECAAYFAkDMQgAACgkQ +9/DnDzB9Vu3GJwCdGvZ3NKW+lbqY7r+19FENXD0SRAsAnA71uuKwAoPA93pDUKEP +f/qkWQkeiEYEExECAAYFAkDZKRkACgkQH2lEwlE5p83E7gCfbOLCNh0+jyt5q9O3 +ZOwJuJ5OWK0An3LBSDjLeOIR1tQMHeuJiFhbyltCiEYEExECAAYFAkDgetwACgkQ +IU9oQVFfm3QwNgCggI5I7Bd9LiFm54HNT5j1OKK4i4EAn1Bo+G6cOsbzGQNFFxTO +Q29ZoYx0iEYEExECAAYFAkDiFRUACgkQc1BwnPGlc8lXNgCdGWehmmvkbovcu01P +YIuoeXhEXjQAn3ghUAVlN1Fm9487H71queT08gRAiEYEExECAAYFAkDmtTIACgkQ +6f/5Yh+m6mhsLwCeN4qqu5gflhvwCwVSM9JPiNwI1Q8AnRPPG7NfBYtp6eD3Jfs/ +9xbWJx6viEYEExECAAYFAkEhJfIACgkQAa+T2ZHPo00k9gCeMPGp1GbdiEPCuBPI +JkBEz19WvjgAnjWtzkdro0+iRGm81aElmbEn67PuiEYEExECAAYFAkEhNzYACgkQ +c+NusBpPPUkYvwCfcPNA8AiTppN2Ql+TMB6IMWbebD0AnjNAHkymPb/hH6uFoBV7 +Um1WInkniEYEExECAAYFAkGiWtoACgkQQp8BWwlsTdO2mgCdGc1Ei3tBfZwuDUx1 +Vdeo0AxH430An1sihW59uZO2TgDf4dvE7Lj+zlW0iEYEExECAAYFAkG7rW0ACgkQ +NFDtUT/MKpDnNACg52aB0DRTj6R72A4M0J1Wsf2Y1QQAoOMFcrwXCe4JhvTVEuXc +bNjlSeFYiEYEExECAAYFAkHH1p4ACgkQDecnbV4Fd/IHGgCfW6drqGwhsC/DnLQs +KLwVtl5TYwMAoMyCN/juKTLyBpYqOaZP5x2Dxat8iEYEExECAAYFAkHIDY4ACgkQ +OuvsbsZmSP1iJACg24vFG8gkpzUOpsSbHFmi9IbMwBQAnjuxdysCCiHnjv0ep7zY +mIYzCBWOiEYEExECAAYFAkHIDrAACgkQ516QwDnMM9ufGACfdvhuVHrCfLOTMg1C +9lop7kpWxs0An3n6QzbgjDaLitjgshLx7eXrUEVViEYEExECAAYFAkHIVKwACgkQ +9t0zAhD6TNF9MwCfW4BprqnkZhZ2NVJg05FsUgLcv0EAnjC4b/5wBq/nTyDLKraM +/WGgTQMZiEYEExECAAYFAkH1tZoACgkQa3OhBipiP3K8PgCg9S7E432EXzbjIu68 +tRucqCmkGTAAoIxReI+ter/N0hlv31wOZgfqPtdniEYEExECAAYFAkH1tcUACgkQ +Unkvr5l4r4YCYgCg4grhEkb86rlxtYJedxZuYZbNuA0An1Sa4cpTorbaz/CtOS3A +zxJt2q51iEYEExECAAYFAkJyOyYACgkQpQbm1N1NUIivqQCgo/SRcoPN68lTNtGh +0NkdqVGGsbgAnjWwEvwCXc1tEMPdTzqh7kYgg6A4iEYEExECAAYFAkJ5/PQACgkQ +b67zLlCCcv4eGgCfV0Y4A4Gn1GhVyQchjWRhyyvOw3cAoPJQBG4BsqwKeLcQWMjy +QG2xGNn3iEkEExECAAkFAkG83TkCBwAACgkQSsOT+6LQaTYhGgCgiBr6H4xKHAW+ +AIREXqVNNg/tZ3QAn1cj84MD5dv1Hgpk7B4rMabd+o0HiEkEExECAAkFAkJ4Mo4C +BwAACgkQuJQObal7aaBCxwCggWt0PXxjpOmnH1K+vlo1v2079VYAnieakhIYTp6R +n0LMFgG8eq3kdOv/iF8EExECABcFAj1CJgAFCwcKAwQDFQMCAxYCAQIXgAASCRCG +e/mp+9PrjgdlR1BHAAEBuMsAn3huwOMFu4naHv7N4vldhZ4yRnBuAJ4oMM65nHiN +9K3s6RuR8Q5mOpa3IYkAlQMFED9j+11kZnAA/AXaaQEBTkQEAJ4snsRZkzUthCQ5 +q6ZP9oYNOyYRxUBmpLWAEiTXu5Kwc5kNRRoUhkXKR/sF7dr0+XBn1FL/EfKDFkoO +5qFu/ZItUqVQ1lysbam02BcxTsSrGBotfPmWlHKaZ/aivP6sLkdfazuS7Sa+2Rnj +ZPpsKt9gOyKFDA+OI56XVNPkQTHQiJwEEwECAAYFAkB4wiMACgkQq/8HtEbzIS3y +sQQApmAFRBgIzK4lgx0qbHaYHdpwyODBs9zYzpLhYKab2KS/zacGxDQXZ4wBXfr/ +jYcsjg5QLNpSwTHQ4T6Bw2f1vc22FwzZwJoFI3quL945UXHgaBkrh2kSr6JB8Dyb +pQMlsYtVfTZySe1H1yLakGJfcrppQWw5ctufDcRUy0LdOPWIRgQQEQIABgUCQMQM +hgAKCRAE3Uhrsk4s9xT+AKDCloKaDuMobDuSRGK9UIQSUr7ZMQCghh0rdYvCph4W +YAQhXXFT2/ToLP6IRgQQEQIABgUCQ2e+YwAKCRAuLPZ7d5amC5QnAKCAzU3DPM9a +lWmtW+8/GywgiUfDTACfdD8TaKRWwSNr4Ozp3IwI6B8bFyCIRgQQEQIABgUCRIKx +pQAKCRAbw+8boEqiB5/aAKDdfFyjOuXrIVKXRmN/GS8Y4pSnXQCdEFhDNra7VR9V +pKFOFhVXXcLdQ7WIRgQQEQIABgUCRIKx6gAKCRBolvyurAYbMmu2AJ0YOnM2i7r3 +fU0ShU2VG7Jl5o6MAwCeI4GIl1zAHWwCQmIAJJN/jo2TBaSIRgQQEQIABgUCRIg0 +WgAKCRA9r1SiHu9Sdh3MAKCZndLDYZ8JjbGcninED1qzhZ00HACdHvtiVAzMQbxf +frFHYkB4BT1ndFCIRgQQEQIABgUCRTru7AAKCRAqPnfSmGc0ziaQAJ4g1eG3C//8 +0eccqhoUfjmHVtKLggCfSasOVS+0sVkxU/xnkp2QDHY9/cWIRgQTEQIABgUCREDa +vQAKCRBdPOd/1U8IR+RgAJ4tdaLLeB2McfQQPVW3YcnYTDQ1wACeMNeBrRNijeBu +ijFGSq+fyYHfScOIRgQTEQIABgUCRIkGAgAKCRBbs/UZWBZ5GmnrAJ4rRhxWwDsg +qL4zL9U1UkKvawI6/gCeIEpQoZ8+qLniDULW3mC20QlnY1mIRgQQEQIABgUCRckE +EQAKCRDauJjOyxlK3bQ/AJwPgXVawIs9300WGfUOALvPTYDksQCeKZnQ22nkspbL +HHgNJ9/fFGcDIjeJARwEEAECAAYFAkfToEwACgkQsmjnBv9c9GPZ1ggAs48pSPTz +SEo/psQ9VRujexmktoSnFXcS8N8dZGJMc4g01AH0q9yAOU37iLoaDkA4XB85zZZT +HFbYOYJLC446ABCU5sBcIyXwIjltLheOueT9XUdwE1ANfZbcw/XqIqN0CwMjh9lB +Rhr9lP5cSZZQ/O58RghdvKclay/KQ1Oi7qnpAciRRzOiYYxzglVUDCWzi24K52KO +lDAc3wsmETJYYuPyqS4y87lE3RzJLAZY39rB8ogLnJl9qsYRtYEOWcXvhbUOIBIl +OqGADy96aMQF4HP0KwL+b20dJgUIKSY7DgkJgbaJtLDs7EJQXLfOh+rh6inhrIPZ +WvYNhDxksGo1VIh1BBAWCgAdFiEEKbSx984D0bHe0i8wKPhQKf726GUFAmWvtvMA +CgkQKPhQKf726GX/agEA7l2ZvV3Yizex3+oZ3aQ+0O5t0vaIlpQTnQSLddXOZ94B +AMQKTTVv5xBysyK4qZVNrU30ImbQTIGo77xFVBbMMxEHtClSb2JlcnQgQ29sbGlu +cyA8bGlmZWxlc3NAYWFyZHZhcmsubmV0LmF1PohGBBARAgAGBQI/WJy/AAoJECm+ +XSJo/VSff6QAn12DWGZsqtlqkdmymQ5mFELOmndmAJwI3beB2+nz0aC3+nbRE44S +vc06l4hGBBARAgAGBQJAw32cAAoJENgO81qLtSevcM0An2r/jYoFvN32QZj8BjUi +NwHG0evlAJ46EG+ZCNUcJy3WGFR+4U50BW6RM4hGBBARAgAGBQJBLT4lAAoJEOGS +wFQ7G7Lr4ZoAmwXVVWP5EoByUt7h4KDIW45+UsJ8AJ9G78ajDBTucaeak8kjy1/v +mxnfxIhGBBARAgAGBQJB0VFuAAoJEJBY+m7rM85GmEoAoIfiSZ27iqFGGB30m+4r +Nyz7C7kJAKCqHyyzpDzUbHvO5mwnqj2I6JBKIohGBBARAgAGBQJCciN5AAoJENP5 +ldV3av4SpCkAoMe34nEqd6vMHvc02WJBlcMLEHOGAJ9NkE6chhwhP0HG3KUM/oKY +kp+HmYhGBBIRAgAGBQI/VhJgAAoJEPDcjgCyjFmVJVsAoJHqryOoHDUV55B9i1m5 +wZ0QNWyQAJ0SyVz8cgCFYBvILHV7yrpjj/EsZIhGBBIRAgAGBQI/WKHCAAoJEObv +aDcs/Rw4cRYAniLt5GfUIIz4g8r2Ss9ggmP/cbqSAKCT0US8SzepsNgwSdzUxHkm +GGYBGIhGBBIRAgAGBQI/W7jbAAoJEDwMM7tEK1vpTFEAn27ahrqN65+WB8B16Z3J +nBSOYJvzAJ9MYwo9W1W0V9YW8Lw/0Q5V/AoW7YhGBBIRAgAGBQJACoqIAAoJEMKw +efz1x1JW2H8An1/gyEF5BmsY5kJphZs/4TTELmmIAJsEz6/Cy6n2lsguVBx+WuUG ++oM/xIhGBBIRAgAGBQJADI6xAAoJEFrpGWwd5fJpZSMAoIH8wGQXsQ2kdEXTL+yD +Ca/7bvATAKCiwNqNFyaBg9JBmBqS2qMK7D0s9ohGBBIRAgAGBQJAFeNEAAoJECIY +yB6OfAP/lvkAniE15A+INURQWJ386TTBQM5lWgOJAJ4kwlKlZFFwGmGRM6V4Iu2A +eoEjUYhGBBIRAgAGBQJAu3qIAAoJEBigzI1XBqS0ApcAoNpCLKgXNwGpZDr+wqFr +YxJo6Ih9AKCOIJp8jUPxkOVngCiLOtzDoWkla4hGBBIRAgAGBQJAu+fwAAoJEJ/P +LM0/PmQmKXMAn19QkOGmWjn8wWhGGIyoHHix5O+VAJwJI6dTBkiGe3E4fcl4I4np +6PvVx4hGBBIRAgAGBQJAwwFjAAoJEEClvu1y0Dyxdi4AnAk1xuK2fOnx6OlcP9dS +Nl79R+5QAKC0wlqK4kjsY2g0R9pBzQEPuq8vHohGBBIRAgAGBQJAw/4WAAoJEMl0 +JfuuS12SIK4An3mJcbZZ8okC/DRsygL+gojEpTEwAJ9NCTOqGiAs9UyjCQM7EuKK +1CI+P4hGBBIRAgAGBQJA2CkZAAoJEA0PThLBxU2k754AoLf9jT0RUKhi5jq48NHj +HuBK0dUIAKCt+aakG9zQkqv2K5HDwVG0Z50JmIhGBBIRAgAGBQJA2QC9AAoJEEcG +FPCRDhssVYEAoMHo5XGSM24TQ1Y017bj0FeZeTbfAJ9NmWyfcqXkuz4HgP9mlrhI +1hpscYhGBBIRAgAGBQJA2pokAAoJEKYOsLT93rYsFIcAn0+hUTi8A33HNs3oYk4J +98Yht6feAKDL3uzrplpbR37yFM2tpSUbAsa4BYhGBBIRAgAGBQJA3pOIAAoJEAyc +HDXwLL7OJGYAn0qTPUrNR2aEolOquiSQ4CRbLhYZAJ0cxdfESlXq3b1nUsX9LTM2 +LYilDYhGBBIRAgAGBQJA8oaVAAoJEN/tuyIlvNW/DOMAoMGFb+W4/sDfxGjFRCRl +BVPOJfZ8AJ95beWSe2/sX5Fgi1LnI9YYzS0PH4hGBBMRAgAGBQI/NN1kAAoJEBdb +j+G+u5M/3t4An3+6WIAxEasGV8uE7qtMEeRKosR1AKCpxf3QP41pli4bS4Ia3s9K +IOv6xIhGBBMRAgAGBQI/NOE2AAoJECKz8LCJv9P1XVYAoMguoSZ5vBxdP/gZbT0Q +eW7jnBI/AKCszHDIaRdV2267sGFRkljdAmf7vohGBBMRAgAGBQI/VgqMAAoJEJsk +wH0ui2i9j+EAoLtVsJCkt4cyKzc48JJn/kjOz+SWAJ9OBT8EtAQXzdkLAm6xMRIO +DQYI5IhGBBMRAgAGBQI/cFoWAAoJEOAoWtV2AMrvfbIAoIuryKPV+Pin1ZbI6xE+ +4DkNJ38KAJ9IC0PnuuW3igmAiqXMd2K+sj02lIhGBBMRAgAGBQJAC0UAAAoJEDxj +yj+gs+iLqV0AoMxs9gd2S9WM0vXN3KYvzg1FKOigAKCYLjsnOyfyYB+k+KlxsaLD +Yo6mK4hGBBMRAgAGBQJAD0yQAAoJEDnUdONp8e9XQDwAn35DY8BK/5K64B/z4X05 +9w6ATSS4AJ4ik6mGRIiUS1CWvZRsG35QeqQxIohGBBMRAgAGBQJAEbWKAAoJEIpn +cZwt6CezxewAn088eJRqBnVmVLFUv4sJAoIW74NxAJ9gg5jHPDzXmGqXFAQp2OQn +yeXOWYhGBBMRAgAGBQJAFIP4AAoJEHbvjOiHsc+1nsAAoIcRMe+7m/aOCkpslgTW +3gjPslONAJ9v9IhpdoyruPxvB7cDUCJXZPrDa4hGBBMRAgAGBQJAZSpQAAoJEGyk +GndDuNbIG2QAnjhqXwEJyV3QkmyNDxwEZUZ8P3bhAJ9zLODn91ay464j2OsA0Ref +OcDam4hGBBMRAgAGBQJAdy03AAoJEKQ+bScSgofo9qYAoIBWMWHvFrrK/q91R7JW +qcU5UbsBAJ9IALOVkGYloSQTvBTQpiN7RSb0BohGBBMRAgAGBQJAd6t+AAoJEIQs +23pEd54YXXsAmwWZ9NRobmlDW08kxXn3whsOSYMpAJ9PR4TBgIhirSJnWbl+K7j8 +bGf/lohGBBMRAgAGBQJAd7KSAAoJEGy/iy5WWzj5UckAn03nDuz/tK9J0/Qvfcy1 +x1fmU2shAJ0dhvw8cVNz0ujmEKcPf1eafSWVVIhGBBMRAgAGBQJAgqnTAAoJEEMa +PO2i19KSbEYAn1mpDu6SZiQo+vroGTGq1ryHd43mAJ4h53eZBVLxZLhhbLRHTzby +cQFP0IhGBBMRAgAGBQJAuzvAAAoJEFGs9q11voCXQo4Anikb1MuFAzXPVlQ/t4nx +PcG0SXYAAJ9I4tpHqkzX921isCfUkuMCDWA5OIhGBBMRAgAGBQJAu2NKAAoJEIyQ +NH+PBoAShhwAoL41s4xQQRBka2PzdzJgwM7EUPAVAKCEcXrC+9FTQdjyOYS9CapR +iWwCVIhGBBMRAgAGBQJAu84NAAoJEIqQZ3kYgCg8nxoAoImVx4M/MYm7/t4V4dro +OaaX2OGuAJ97qzjk9KUXuf+wW9tENfHou6eTCohGBBMRAgAGBQJAwpmTAAoJEAG0 +czTg1J6Z86IAn2axx85N/puwBT6Sy/0eJY4RO2teAJ4sm7pLSsvJG88U2plbnGuh +r20T9YhGBBMRAgAGBQJAyc6LAAoJEHGh/2Ab+N4P3YIAni1FgOd7nIcNXtwQlfaQ +7XpB+/S6AJ9uH7HAV5IyPmnG2IXTunu+yxkmT4hGBBMRAgAGBQJA2SkZAAoJEB9p +RMJROafNQ2IAniExcgMBSxAztdM7010qesvk7IxhAJsElXFvGxdFAckwcEb9eDTZ +WdPSpohGBBMRAgAGBQJA4HrcAAoJECFPaEFRX5t0DQkAn0nUu2rNK/fBgAg0wVvl +QG89WyNUAJ9t8L5tfV1wCcDQuF3y1QokTo5Wd4hGBBMRAgAGBQJA4hUVAAoJEHNQ +cJzxpXPJpQEAoINTcXLzpl5CPxXel1A/dFdWBYUmAJsFeLq4er8xGX1ztd4WIKPv +G+cot4hGBBMRAgAGBQJA5rUyAAoJEOn/+WIfpupozqMAoLyM0uJIktbX//9VBeso +vwngFz3uAJ0dT4Os/Bbdh53alaUR+n76iZUCS4hGBBMRAgAGBQJBISXyAAoJEAGv +k9mRz6NNeDkAn2V0xuuyeXag7OwXbAhcqM3MJ/IoAKCiPyg2ApggL4EZO9Q2wpig +offL1ohGBBMRAgAGBQJBITc2AAoJEHPjbrAaTz1JVU8AnjGCIf2T5iz618v1eCy5 +MIletS5sAJ97kr7PVZj1SMwgLTRWGRqyfBQMRIhGBBMRAgAGBQJBolraAAoJEEKf +AVsJbE3TqAQAoNkEbUwWr6X4KIUB4zkntZwxLWvJAJ9Os8JV0CnODqCMwdgZB7R5 +aMY4jIhGBBMRAgAGBQJBu61tAAoJEDRQ7VE/zCqQkGoAnjPduf+o6eYvzfYqUq/y +cVIZQxPcAKC8zr3/QrgGPvDcB9fTBNCElqD6bohGBBMRAgAGBQJBx9afAAoJEA3n +J21eBXfymCcAmgJWalcYGBEdpgxF/EALgDsgBPayAJ4wMmmtB7shu7p/ABmmXNjW +TDBiQIhGBBMRAgAGBQJByA2OAAoJEDrr7G7GZkj9O6AAoNjERJQHYxRXFVUe0NxA +Nk1pcF9VAJ4g3Glba+WTsTAKdYxibRIqGV/ZfohGBBMRAgAGBQJByFSwAAoJEPbd +MwIQ+kzRRMwAn1sDnjP6GL8jKQo3+wpyaGiARIlOAJ0QHE+VoxAtXNtO2pnVDBID +Ehju7IhGBBMRAgAGBQJB9bWaAAoJEGtzoQYqYj9ylwkAnjfcIMD5/F9lOVZJgAO8 +rcJ7SjEAAJ9GY/dNYIRioyZnQesriVGDuMQ24IhGBBMRAgAGBQJB9bXFAAoJEFJ5 +L6+ZeK+G2e8An3oXWoHRCN6y1abaT6qaexjxWiWlAKDpzIELSZFXKCuDTK8xzQaF +HIg2h4hGBBMRAgAGBQJCcjsmAAoJEKUG5tTdTVCIiSgAn3umAwusT8r4dGTFN22l +fnJeUuSkAKDK6+gVlZYGGUc4Zih/io28r68+SIhGBBMRAgAGBQJCefz0AAoJEG+u +8y5QgnL+R1oAmwe9NlVaWT7NVx/jpqbuLRL/+OvSAJ92dnKcW9FrgDnRP9lvExad +xBua94hJBBMRAgAJBQJBvN05AgcAAAoJEErDk/ui0Gk2EJIAn3ezhm9PrI4L77rk +oPUTbFo0s0T5AJ4+Sqen7b5Se1Tq97K/7suOVo3MM4hJBBMRAgAJBQJCeDKOAgcA +AAoJELiUDm2pe2mgiy0An1eqtJ4SZ3UOXmNXpAJP8brzepe3AJ9XFvmcSEodcUfA +zy8Ro3cXhWV0CIhcBBMRAgAcBQI+oTtCAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAAK +CRCGe/mp+9PrjkbpAJ9lIfrxmCWhMHY/lCBLdyOF5kcnwgCgirSQ1C7tmKgBNFvX +XDePwDOWiR2JAJUDBRA/Y/tdZGZwAPwF2mkBAezyBACWDL9vT+PCHjwFqVy0vLU+ +f/+C1f3koZ3+go4I5lOc4omRerpQKCI+1CNzyPMtJnFea0K8opU5KK6TuLgulhPi +VA/NJgC7ZX9CvqZOnmSsbTcIewaJdZHi7G7v0xaZh0geqY5qk1ZbWHWR/ySl2NEV +jn2RAzPcO6FcZCgRaI2g9IhGBBARAgAGBQJAxAyEAAoJEATdSGuyTiz3ozAAn3n4 +AzHhVCvveKogxf6Ia87xMc3tAJ41K+ArAKv4kcfjW0tyHlNvjS0CPohGBBARAgAG +BQJChtWGAAoJEGSnwKfyzwGoPG4AoIGUc2Dp9BehoQlIOzNU2wiyIQxiAKCBOWea +ZA4e5JcaKisX4LXpFi/dH4hGBBARAgAGBQJDZ75jAAoJEC4s9nt3lqYL4JMAoNWm +O6XNo4s7ZSmATQnhf4fc/Ps8AJ98K0ARWfkl+la/ehLMjzDRZPIJcYhFBBARAgAG +BQJEiDRaAAoJED2vVKIe71J29S0AmPZpZ+iusni4laz1lXnFohvE6k4An2UM+11t +31pe2PR3xt7TnjyknSiKiEYEEBECAAYFAkSCsaUACgkQG8PvG6BKogeeSgCgi82g +/fVolJMbVI1YSsP6xSmv0dwAni82NvH752RuAMJqHHSZWUjj+SQLiEYEEBECAAYF +AkSCseoACgkQaJb8rqwGGzJTqACfZwCVqBCxymFYtJsBKpTzp3CyjHcAni+lyI8Y +hkEt3+AKwj7JxNYAQrN2iEYEEBECAAYFAkU67uwACgkQKj530phnNM5IIACgmf19 +zPL0roJe6PCxwHX/JnmQE8kAoIvg6WUvIu8WA9chrQ1G9ZxJddA3iEYEExECAAYF +AkRA2r0ACgkQXTznf9VPCEfm5ACfXFKNwUNmBoZvuaQc3XNv8DYp2/MAn3CkH1N7 +8plMAgd36whyIcNmNg7DiEYEExECAAYFAkSJBgIACgkQW7P1GVgWeRo+5ACfW1DU +IJM5sIuXXsmxfTicFiTZeJkAn28z8WScvmz23qexKlVf42+9kaVNiEYEEBECAAYF +AkXJBBEACgkQ2riYzssZSt3oKgCeIGtbYMXsD/O0n6oUKfbJjnclMX4AoITvRdbx +yuhbAycWqqM5W9PSkkp/iQEcBBABAgAGBQJH06BMAAoJELJo5wb/XPRj34wIAN1g +2ZddoaSAm6ePH5TLaOGp2qGc6yPFUzIJje0VYiAG8ORzW4Hq9PmTh+LvTdafZBEp +tVdwkTboeXZp4IptcTrugaNxOSLFBeq3cvAaPXlTRkb/1QLn3/GCoFT6rsnynbqZ +7VKdwA+Ikblq4vCB/KIWBTO+lPS/VVtosO2CdpVxok55Qco1Hb3a0zvRY/aK2Y03 +3GLmCLLfcWp9w/pLzMt5aOyugwqvwgXPCW1lgTfEaGbVlTye0dQiwHCYgcY6Qrnt +GXnlwIXaCUuqpzlS1UyacmRQSb+A3UQrQG9I3zjYhZCqw80BcCDsUpfKx4s4d/vE +Ra05PfDnoHFEtdp5za+IdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhlBQJl +r7bzAAoJECj4UCn+9uhlXYwBAO26YGXYcnn1FNJx5jl1YMTxJxVKL4XqUhH9uOC8 +ErcTAP4lc4Ohku+ddLqFGjFhrhZC2bDmG6viai37qRjGBaptAbQpUm9iZXJ0IENv +bGxpbnMgPHJvYi5jb2xsaW5zQHNlY3VyZTY0LmNvbT6IRgQQEQIABgUCP1icvwAK +CRApvl0iaP1UnyDRAKCkHjyaBvebollSlrG45OzxA3doKACdFR0Nivq2+plNGgE5 +zS/5NUlMbjGIRgQQEQIABgUCQMN9nAAKCRDYDvNai7Unr+bRAJ9tB5iOvnSl5N7e +9nUvFecIv0h+2QCfflv1qo8I5ofi/MGxDmhyRSNnMgKIRgQQEQIABgUCQS0+JQAK +CRDhksBUOxuy67agAJ9ykzDLp40uyU13fsx9aivUaEKugwCfSuvlMJ+/yu1YAsR8 +2nteISVQ78WIRgQQEQIABgUCQdFRbgAKCRCQWPpu6zPORnOOAJ9MYesrbQHsqmFk +8n06a+ToT4vhDwCgwp43SAL7BNcga3sDWkSVE66PBhiIRgQQEQIABgUCQnIjeQAK +CRDT+ZXVd2r+EmVVAKC3Vsqy50k9l0ZWvjt/U6WYiEzLKACgyvaJ9fOsg2wcu5Td +M1lWFIb0PlKIRgQSEQIABgUCP1YSYAAKCRDw3I4AsoxZlcRRAKCmzoKLu5ylGFWQ +bCAxgUqlrQoyOACgiuLrYkLhDnUXlsZNxBEvzUaKRoSIRgQSEQIABgUCP1ihwgAK +CRDm72g3LP0cOB5+AKC4aIQLWn2SZ62iKW/V1o2QwK9DYwCfWD5NxN2Ymq8/ANR6 +PQEFTeNWNMmIRgQSEQIABgUCP1u42wAKCRA8DDO7RCtb6RjwAJ90gFZu310b7498 +5a07vUZDzSyreACfST+Mq347w0GjbhKJGGv1ZFOG1NeIRgQSEQIABgUCQAqKiAAK +CRDCsHn89cdSVjAGAKCVZm0WxqNxhdbgvjKaemXO8TNLLACgvfZy8VcKMYsc088O +2Y5F+xx4g2mIRgQSEQIABgUCQAyOsQAKCRBa6RlsHeXyaSzpAJ9jevekczw7pflE +K42yNfDaVMgJPQCfbFyaDw90ve5pXLW1HDwB/CblrpeIRgQSEQIABgUCQBXjRAAK +CRAiGMgejnwD//kTAJ97tRMakkRIZeYlyuLonH7jvtIzHACfRfxXvU73iqgakbXu +xnt/Jy+322uIRgQSEQIABgUCQLt6iAAKCRAYoMyNVwaktLGgAKD7LhnEL0Sg8q6c +lniGv0FnMjMIrQCdEahdX7pPTssIt1Qi1hCN/im4TtOIRgQSEQIABgUCQLvn8AAK +CRCfzyzNPz5kJjiYAJ4w2d9dohjg5kXqZMxGUl6RcCEoPgCcCgkOF1VmgvElw/H2 +ppLAH2BRAoGIRgQSEQIABgUCQMMBYwAKCRBApb7tctA8seckAKDew2vAdpeIeQvD +UXrYsy2JxnlQegCg1h0go6H23xV9+DSddnmXvW6Dqh6IRgQSEQIABgUCQMP+FgAK +CRDJdCX7rktdkkaoAJsGSGBnX66zvhSkLwnqKgNFdm7etwCgk+lKy5lMwoluG31C +yck4IuDYRbaIRgQSEQIABgUCQNgpGQAKCRAND04SwcVNpE3aAJ4nU1k6C+Vwoslq +XyqmbX/2Kp/+iQCg5CmwObqvkEjJKxrckVHiCOLDvGiIRgQSEQIABgUCQNkAvQAK +CRBHBhTwkQ4bLJJbAJwOeqIfkUNfWuX9mfpwkgu3vPgWPACggREzBb8w0FxU9fZq +CeuvdJDYbf+IRgQSEQIABgUCQNqaJAAKCRCmDrC0/d62LGUkAJ90bGceoEBkTiql +x4J7gbocmiGKRgCgsxLQvq2ogqTvfknzuRv2biWrrKCIRgQSEQIABgUCQN6TiAAK +CRAMnBw18Cy+zsSuAJwNMEP81XU7YyxyiOkeJmams5a3ewCfYz5xcdVqB3F254Lx +f88BJnFX4sCIRgQSEQIABgUCQPKGlQAKCRDf7bsiJbzVv+oiAKC3dDsIktZcPdK/ +AgtJ2+mFFtVlEACg7zwk+aGy80UMtTVzGO5t3p+2xrSIRgQTEQIABgUCPzTdZAAK +CRAXW4/hvruTP1e+AKDnODAs9z4y6BTaP3zmtnopAKCTjwCfciwvUF5ngkQyOlAf +9Ntvjpw0O1KIRgQTEQIABgUCPzThNgAKCRAis/Cwib/T9al+AKDZUauocoEyU9/E +VWc764kG1W309QCgnn8hseXePamMalOuYkURpV6sl7uIRgQTEQIABgUCP1YKjAAK +CRCbJMB9LotovVjYAKC7Iu5t/CshX/wgALput3E6P1dlwACfegjAGbrTLIm3oeIr +XO92LOgMDRSIRgQTEQIABgUCP3BaFgAKCRDgKFrVdgDK754UAKCTjGlQzpOvovZc +545Zx5cEYal2HACeMnZKDlHMBR8RJL0qJPtBx4lfNoCIRgQTEQIABgUCQAtFAAAK +CRA8Y8o/oLPoi+MxAJ9Z3DmW/Q/m8G0mF8HV8d4QEiXlZgCfVZKugP9ELkVdi8Ex +2J0YojBvGYeIRgQTEQIABgUCQA9MkAAKCRA51HTjafHvV7ywAJ9HWDLLe3mRw8ve +HqX7Q2sRfXwY9gCeMmFMqCDOe0TV3bPpubdq8wm3Pv6IRgQTEQIABgUCQBG1igAK +CRCKZ3GcLegns/mXAJ9CUBNiBpzHxIGm4SJvaHcUnPa2uQCfX+Y6/qfcfql4X8aA +BDzf/q45yLuIRgQTEQIABgUCQBSD+AAKCRB274zoh7HPtesZAJ4/k6gRPFiZDcEJ +09WGggueWUpCDQCeI3EIXEQ+BonNF0hOMtD/WAFyniyIRgQTEQIABgUCQGUqUAAK +CRBspBp3Q7jWyKGNAKCTZ37H+M4ui5/py1ZXCAgprmFJegCdHJC3MlV4w6ni2ONz +4+UjQeo6HJWIRgQTEQIABgUCQHctNwAKCRCkPm0nEoKH6CTWAJ9mirDZ3SJkiX0a +jNCGNrMuMC0bwwCgow5/RccL7JoyQ3CN5fjg8Ax2x3yIRgQTEQIABgUCQHerfgAK +CRCELNt6RHeeGDs7AJ0eD5mPpRjXVVYWR5eA+6m2w1GhKACfeygxtR4NXx/SUMVl +vFGAhXy0DLWIRgQTEQIABgUCQHeykgAKCRBsv4suVls4+fd1AJ4q8v05hv3ZiW5Q ++1XVrXr4uC5G8gCfZq9LQwVWIhc3LdCXDwyKFnXn5n+IRgQTEQIABgUCQIKp0wAK +CRBDGjztotfSkm32AJ4txnyniJtFQKsWILDBiQTd/oc0eQCcCUcrO5zO9thUfcGD +YboWPggGR8mIRgQTEQIABgUCQLs7wAAKCRBRrPatdb6Al4XPAJ4kmA3bZ1cKiURS +AR9A1xRL2k35OgCeN/Wfpa5uTSRsYI90qOlSzj6tAluIRgQTEQIABgUCQLtjSgAK +CRCMkDR/jwaAErZpAKCI2qMJaPmGsSpHGxSLZMQ5qk4roACZAZrsXZ4aoCgO253h +MQk/lQKfFnWIRgQTEQIABgUCQLvODQAKCRCKkGd5GIAoPL+sAJ97GotMgKSdR7Kg ++FieD+qNYwDnEgCePXCi78XAOfXX+KkgKKjsY8iciyGIRgQTEQIABgUCQMKZkwAK +CRABtHM04NSemfuLAJ907JsMEkn64e08YFHLEeLZJr4f+ACeMmAsJ2Nfl7/CtL/o +kJQa/v0i0V+IRgQTEQIABgUCQMnOiwAKCRBxof9gG/jeDyHHAKCojROdW8aVaNwL +14uf0KB9UriAOQCfWQlY6p6+sNkQkaYPKnTCvIyEaL+IRgQTEQIABgUCQNkpGQAK +CRAfaUTCUTmnzelTAJ9j3rCy2ThI5cRny8bRg8QmGuF5aQCeIuOuyJvTtWesI10m +RzMSLZ2uNBaIRgQTEQIABgUCQOB63AAKCRAhT2hBUV+bdHTMAJ4tRscOYk9NapoW +CyLGoReI7XSHZACcD06eiZSV2BZAGHpBRbN6G5a8TQSIRgQTEQIABgUCQOIVFQAK +CRBzUHCc8aVzybf5AJ9yraph+JCLR8wwhwPLpA57BtnAXgCdFtnKYxWZ+MGhNHpF +KWIAngCm67KIRgQTEQIABgUCQOa1MgAKCRDp//liH6bqaJGwAJ9/YPp140XwxVoS +1yr1Hu0FdKcTxwCfbNMV+r+B/MbhnWUdPUWKWzRdT7OIRgQTEQIABgUCQSEl8gAK +CRABr5PZkc+jTc1EAKCblkaACQtqqa+jHsohKpaMcrJyaACcDyuhGCdgylrndcu7 +P2f75BlNiT2IRgQTEQIABgUCQSE3NgAKCRBz426wGk89SS1dAKCHj6Vxujlp6BQR +5fc4Lp5+yF1X1QCeLRxyXRwNRqyLwAG/dGVWPQUI91OIRgQTEQIABgUCQaJa2gAK +CRBCnwFbCWxN0z+2AJ0VczSfQZxkzat598InGpOoo0Mn1gCaAv1AA6MlDa2NX7Cz +2H2Iq9DhMyGIRgQTEQIABgUCQbutbQAKCRA0UO1RP8wqkLQYAKDhyxI6ontrEu/S +Zzw7sZ+X77VpEACdFxEQMXzEIuVy9pkZBvP2X5aQgnGIRgQTEQIABgUCQcgNjgAK +CRA66+xuxmZI/XSIAJoDmP40op1bG72daKMUs1davXGIIACdHGMcbWY8deSJamjY +IxBEaW1N9N+IRgQTEQIABgUCQfW1mgAKCRBrc6EGKmI/csBmAJ0ePNgyO2NQB9mQ +uuuHGvuBLNCfKgCdGK0Hp0FosEKQ5RIW4hSoIEVcMcCIRgQTEQIABgUCQfW1xQAK +CRBSeS+vmXivhm3HAJ9gTZFLqEe9F2I06Th4zwEImQzSCwCcCvkE6Ew2Eh1wiRS8 +D8PEpX+TrsuIRgQTEQIABgUCQnI7JgAKCRClBubU3U1QiCVDAJ9rTmv+vbYeDwF3 +eBP1ma/2HgmhYQCg7U7ZbjTsZbpV4k0D/7QXgq4/niGIRgQTEQIABgUCQnn89AAK +CRBvrvMuUIJy/vxaAKD3Iba9Pj5OXJjgj+tO5mZje9XBEACfT83DxjYIjUop3/yN +g72BZlCbzvyISQQTEQIACQUCQbzdOQIHAAAKCRBKw5P7otBpNvL2AJ4ulCylpmNA +paLRk9DyBu5S/nB4TACfS3t6AgtFpw9BGPfwxk/iaGtzC2+ISQQTEQIACQUCQngy +jgIHAAAKCRC4lA5tqXtpoDZdAKCSngu+IttmkzFVotAo9Zp+CWw+gQCcCTtqlV7W +7FMlk3DIz0PrCino/ISIXgQTEQIAHgUCPzJSrQIbAwYLCQgHAwIDFQIDAxYCAQIe +AQIXgAAKCRCGe/mp+9PrjjIEAJ0Xvd+TLIKSqg83K+rlPGYIv10ItwCfdHuG6qeB ++Du5lHwWIWpNc+2Gi76JAJUDBRA/Y/tdZGZwAPwF2mkBAWDjBACnSSoG36URoKb7 +oOjwTSVAr3+aFnhqrME74q0Y7KBLBbtZwja4HzIx0OUIlL8l6vKU71BYlkAjGT5v +w0DK0+zgPFSlonOLGsrTIOtEpowgtmNpk+EjgAo+sGK3ne8NRAcQPDof/dI9sGN2 +c7BXizx9gpNBOhJX4jGMPGyVMoa8vIhGBBARAgAGBQJAxAyEAAoJEATdSGuyTiz3 +FgkAoJ1upKXH4rO9QT67juOayGzA0RIdAJ4qOeTunmSQ4PR3XeRffQNobQ54qIhG +BBARAgAGBQJDZ75jAAoJEC4s9nt3lqYLxlMAn184Ahn6aMcPLxkQBFIe/56TQxKe +AKCEjbiowDfhmkT0yqt0FCeNVj8k+4hGBBARAgAGBQJEgrGlAAoJEBvD7xugSqIH +If4AnRFt6LlioTv8v0HgnGDofTnbryuUAKDkzsGs+ti8PrPksi2EXZAqF/qcwohG +BBARAgAGBQJEgrHqAAoJEGiW/K6sBhsyuuIAn0HHyOMst0W4ulPdVp6LVaBjZ6eO +AJ93coOdubfpTnUIWMigawla4Sd4wohGBBARAgAGBQJEiDRaAAoJED2vVKIe71J2 +n2YAnjOmH+WRk3Vj9SJpV7+XZcsk7W7zAJ9+w6m1x+PwcWdz4L3lU6/qlcJr0ohG +BBARAgAGBQJFOu7sAAoJECo+d9KYZzTOsmsAn25MhQAg+HrWkho2snDcuzAtXfFf +AKCEIgDlAWwQJm5Won0mhwsNxGdKT4hGBBMRAgAGBQJEQNq9AAoJEF0853/VTwhH +9fgAnjejJKZJkEFcYXISV2FNtqSAavMHAJ9jidhXvREny4UrplL15i7YyOIYf4hG +BBARAgAGBQJFyQQRAAoJENq4mM7LGUrdB7kAn0XlU51/rjrRV8ZtvmvyBh7MiMuT +AJwIyRYRQpq9Fin3c7/V1rQGeqAUy4kBHAQQAQIABgUCR9OgTAAKCRCyaOcG/1z0 +Y4boCACzlSdu5c2BAW64za1iQXHIQOYw57wfbv0jBxae0vV2LKbKh9tryj+K4p6F +v+95ZuCkOw16ZdCJUVJIok24gT39uW9JQqtnQZuzaQ/Z6jLkzAizwKqGwaRxUW5x +EhXoCVoEXHIkAjIRwmOB7KciAyMjyDT3ZqGYWh8tBbp/nQEYopy+w2wK1QHT71iD +S/JtCI8TT+9iMOKAmM3hUE55utpMK99bcEFwGU6qvW+MnPjAjVQJWncwapHTuZ91 +IjIebBbH4uzChtvQ72yfjD1J5kurviUnYUJhCUDF6QA049uX+1rjma8pd/yFMhlT +8ITrWmroGw7VBQ1JKQx3bkJADdS2iHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp +/vboZQUCZa+28wAKCRAo+FAp/vboZRMRAP4tYwIurDs1/URzH6x120z6Iu9QM7G3 +xTcZDrcVKg70OwD8Che0ltB3WD561H33Y5tgc4TJ367MbSx5akWSxBJlpAm0KlJv +YmVydCBDb2xsaW5zIDxyb2JlcnQuY29sbGluc0B1YnVudHUuY29tPohGBBARAgAG +BQJCciN5AAoJENP5ldV3av4SJMcAnRFepDH3caVP7gXaZNcEBRoxQQ1+AKCRNZZR +mcHKEt3NZHNPkeWfPVsyMYhGBBMRAgAGBQJCcjsmAAoJEKUG5tTdTVCI8igAnRqp +ciBOCoNihTcLqThWyVkhIkBkAKCMGmv9KPEPAfBRoaKhZaLP2GQTM4hGBBMRAgAG +BQJCefz0AAoJEG+u8y5QgnL+CmMAoKXz6aVQvag1+xFFG5PrlYNL/OEDAJ9kZJ/6 +9HnjtSneVfQAvbhmYeqv6YhJBBMRAgAJBQJCeDKOAgcAAAoJELiUDm2pe2mgTNYA +oK2xcDqlSnhVMMGcVi7w5tNevI7dAJ9sme565OwdWtBymUEW45LtOP9ASYheBBMR +AgAeBQJCcgnuAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEIZ7+an70+uOGs0A +n3MqaJT3rypqcLpxR3pUTXd3kR7VAKCJSzasXLCKL5LrIshpuNuaiGmf5YhGBBAR +AgAGBQJCpnREAAoJELesLlG9QXFLkOEAn0KXV8FUQWMGdRu/E5Qq9N6fS6NaAKDY +y0thSkuh/8mFOkjg7Wag9futXohGBBARAgAGBQJDZ75jAAoJEC4s9nt3lqYL0d0A +n03kmnLRgQ2wCRdkt3WDT3wrvkwFAKC52K1rNVM2uqpIpkDCr/P2ZoRKHIhGBBAR +AgAGBQJDagfRAAoJEDxjyj+gs+iLx6cAn2bkqSe8hOWyOfqU4jRPzDpJv11YAKDG +falH1Gs4JsRDocfazVVWeQXylohGBBARAgAGBQJEgrGlAAoJEBvD7xugSqIH878A +n2+CaFYdYVNdqZYlSFdqrIqoNhsGAKCtXRDk2EwBJL5nKyg9HD25o/ch2IhGBBAR +AgAGBQJEgrHqAAoJEGiW/K6sBhsyAB4AoJ4OyQ3bozTqAydmmNAErFNNOAv7AJ4r +a8MyYPRkaunmznPoAcpulGOxAohGBBARAgAGBQJEiDRaAAoJED2vVKIe71J2FmoA +njtQCf92AL8/C9//4Rx/7mQLfcIfAJ0fZvRBy1rJ+WMo6JLBr9kcpsxNfohGBBAR +AgAGBQJFOu7sAAoJECo+d9KYZzTOL0IAn07OZarHQ10LQJK/d/Iumcxl5QAnAJ0b +cQdt46PQ9cgQxMuPVMQu9syzQYhGBBMRAgAGBQJEQNq9AAoJEF0853/VTwhHohYA +n35kINAHO1w2n8FVZgfUqGwjMsv7AJ4/0R8+37DRVmIxwIMNurGdkhtfEYhGBBMR +AgAGBQJEiQYCAAoJEFuz9RlYFnkaBYYAn0V7fziM4P+V13tJZnzfafjKUJZIAKCM +NiBFaEwGx6dzcc+P9IgVK5eOyIhGBBARAgAGBQJFyQQRAAoJENq4mM7LGUrdl1YA +nAow2qZgpdcS7lN+wZ7LvKbOZrBKAJ4vNm3c+CpbQX8G3587rKwPU9xBuIkBHAQQ +AQIABgUCR9OgTAAKCRCyaOcG/1z0Y9SoCADbpRjtP8E4QZuswIx+z18NebzH4zuk +x/0ohOlBaq60tweDuihtIU63hqZlWWY4BHqcwoO+bCDCxb13bQRJY51yQQ0qiBfy +WUQSnAsP/Mxx4AWOqvO3yCgbsSFXKaOV28OHhqIUiwjRtXyQ9WKLoqybLJIzrIA9 +uGLhhNOEH7dayrKZL9vbfB/SvjYjYmUB7HrIIE2OZq4H5wnrK06q++541kAkMUk8 +yQOZSfz/cTjSXko47Dtnp4zNe6Po7CInlJVdfDD+ThAD2/d71UuJ/L2Z1KjEU/fE +qvaMraJSFIHW396u+HyhuOIR7JGGYI2xgXRUaaPhRZW6Q2a1d9NoZx85iHUEEBYK +AB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZa+28wAKCRAo+FAp/vboZcmLAQCO +w71DAlMbNy+F1EHpA1ELMgiGvRzqtqQOhImcpwbzRgEAkSGvJZzQLv8WHw4FBJGJ +176t1OxuX04srx5QFm/VDAe0LFJvYmVydCBDb2xsaW5zIDxyb2JlcnQuY29sbGlu +c0BzZWN1cmU2NC5jb20+iEUEEBECAAYFAkJyI3kACgkQ0/mV1Xdq/hIhkACY3pEB +seCShxuut+xTQSLQLm7DZACZAcwKsQdrA3kg7ImAOCnonmmpTiKIRQQTEQIABgUC +QBG1igAKCRCKZ3GcLegns0kyAKCJ9MXExVK9Jw7k+xdS5Jkn4vY0QACY3Y+P235f +BzD2nCHNtqeSjRSNPohGBBARAgAGBQJAw32cAAoJENgO81qLtSevLjIAnRBWWa+9 +PZYIoB63g4FxLMMWuy2yAJ9LEU7zUkrpekQH/QMGgXA19xzpSohGBBARAgAGBQJB +LT4lAAoJEOGSwFQ7G7Lr3EMAnib3+F7cPlSYtoc+UuXvYjomOxGhAJ4nDwtj9Sob +cNSF/eans4mh36DvDohGBBARAgAGBQJB0VFuAAoJEJBY+m7rM85GXRYAni+4bais +FVzcPvZJ9phh1LwDeAXwAJ4/hl5jC9YSDgamVFDFR2tHdfwxWIhGBBIRAgAGBQJA +CoqIAAoJEMKwefz1x1JWoPkAn0UJvpikL71QZub+nqDUKZs9nik3AJ9a/rwtUpfi +ge0MbUcJugdRW2i0h4hGBBIRAgAGBQJADI6xAAoJEFrpGWwd5fJpTY8An16BDUVf +9IKKCn6sgTd4TTxCHQoXAKC5lO47rpt91t/s3oBC8iFO5+f6C4hGBBIRAgAGBQJA +FeNEAAoJECIYyB6OfAP/rGoAn04XDPucbMCEpC4SJxcqVajg0h6eAJoCuP0nkI33 +AC0cNXad8lzkyTz4BohGBBIRAgAGBQJAu3qJAAoJEBigzI1XBqS0Z3sAn374ryfe +La5AjoqA22RudxZfIFZ0AKDraIcOAZr3eA3BmKHfSczwOLrEiohGBBIRAgAGBQJA +u+fwAAoJEJ/PLM0/PmQmYMMAnjVlFFy+pJ4P7oAoe4uuEy53CWELAJ9rhRwQYzHW ++IdFGtemtLpLJEpL2YhGBBIRAgAGBQJAwwFjAAoJEEClvu1y0DyxCdQAn1Nl9mgM +rs8EZAHmEJDvUi+5DrHaAKDh+9TclfnqfH2T3FgDJNr9+ulGCYhGBBIRAgAGBQJA +w/4WAAoJEMl0JfuuS12SDhwAn0XOaxH0zWMZLIBAaqeDfrkQMJftAKCCogW1Ipgm +GDqO617w0UKRpsHpC4hGBBIRAgAGBQJA2CkZAAoJEA0PThLBxU2kE74An0foWbY/ +BPzJSq6xgR6POZg1JIMOAJ0Sxo7fkjmUPjh6s6UHzrZibDxqyYhGBBIRAgAGBQJA +2QC9AAoJEEcGFPCRDhssAcMAn2XsLUB9mvt6uL58VgaCQhz2qvbNAJ0aZLbSInIx +xYPkS29D2PY5WQ8c8ohGBBIRAgAGBQJA2pokAAoJEKYOsLT93rYsoqcAnRW/gOgh +GBFSQqku5oxAnau0q8wqAJ91rgELbuEBzh7mLwJnNiFcfL5ZPohGBBIRAgAGBQJA +3pOKAAoJEAycHDXwLL7OQ6wAnRfXhXpoZ917qkxckuWI4D0qGTHdAJ9+gqeEZeiB +m1OoixiC2XOJsBMkQ4hGBBIRAgAGBQJA8oaVAAoJEN/tuyIlvNW/Pf0AnAptpd38 +6HMuHVmVW3UkPxMuHH9dAJ9MIH8Gd3PNAhWKZgH456E8fMdLVIhGBBMRAgAGBQJA +C0UAAAoJEDxjyj+gs+iLtRoAn0khPaiqldX9myjgsFJuQkxoJjXqAJ9mRFo1j763 +O/I92FHYGqq9H3ggiIhGBBMRAgAGBQJAD0yQAAoJEDnUdONp8e9Xf08AnRtYLdt4 +dkObht2/PnEwdu2day3JAKCrcxGJcC+bc/AS+yrRQqnRzMqr1IhGBBMRAgAGBQJA +FIP4AAoJEHbvjOiHsc+1f2AAoJnSSILTrHnEok5dBHJRivBAfgUTAKC/YXzyBZ09 +QrRXGyRKrIIwNDD7FYhGBBMRAgAGBQJAZSpQAAoJEGykGndDuNbIrtIAnRtw44W4 +Jo0TjR7Pr3PQwUcr/CCkAKCgYrEPaCBYUBbXgloRQvvQqkNc94hGBBMRAgAGBQJA +dy03AAoJEKQ+bScSgofo9BoAoL1ZhV3koNynieu/q1FAerzhJXEuAJ9pcrTfUFH3 +oGyKwIQTCz+XqhRL3IhGBBMRAgAGBQJAd6t+AAoJEIQs23pEd54Yr58AoKI/o582 +33kynrSnaYQxYcPYqR8lAJ0UsrHsi0SzFtgrZNGETUveWNw1cYhGBBMRAgAGBQJA +d7KSAAoJEGy/iy5WWzj5XvYAn3riwUBG3pJIFZtRgcWS6LKV1hMkAJ4wtsRDXAKu +jBDekgg0HaLoc100GohGBBMRAgAGBQJAgqnTAAoJEEMaPO2i19KSYm0AnAwLe5HI +LUxTwHn0UWYQSIzb6jIuAKCzuusEcp6Knq4yKaeHAAwFn8Hs7YhGBBMRAgAGBQJA +uzvAAAoJEFGs9q11voCXYBkAoIAgy+eC2/TgFt1ow5c1ze6clrS8AJ9sEDX5TK2a +7oiiKJXr32Lynzg1G4hGBBMRAgAGBQJAu2NKAAoJEIyQNH+PBoAScTUAn3//JMf1 +i9YxNKgpVE3BjcWFMiAGAJ4rFM8Gz1rQYWevpvhpcBwVNq9Q5YhGBBMRAgAGBQJA +u84NAAoJEIqQZ3kYgCg8X6MAoJBTz4gOo8A2rUv5IOJ6nuObn98kAJ9lWgalESNI +uzgQy3Cb1Gis/3PKFYhGBBMRAgAGBQJAwpmTAAoJEAG0czTg1J6Zs70An0VGNp2j +hJ4cdICKCbvYL1RMoUuHAKCa2I08xIOarAxa24ep7+Vklqm2y4hGBBMRAgAGBQJA +yc6LAAoJEHGh/2Ab+N4PUngAoNtNr4sj1ANzF0D61uxKzjeV7YYOAKDUPdzTlV5K +4SxE2qEn8dQGN9mkM4hGBBMRAgAGBQJA2SkZAAoJEB9pRMJROafNKUEAnjiNjXtI +2QfSY4horrvtG2P+ey2bAKCFtCIcuI4xJzJ802WqDMEFKBVkHIhGBBMRAgAGBQJA +4HrcAAoJECFPaEFRX5t0lQgAn2E3KqfQomB4KM3J0J6T0tEp8/O1AJ0QOBz1DiDz +rtfsRlf683zLCCUCyIhGBBMRAgAGBQJA4hUVAAoJEHNQcJzxpXPJXHcAn3mPpmgt +fa7iC6wHqcf1CvhUZUwaAJ42RsElfnSY2/gv42bVwBTj/yowrohGBBMRAgAGBQJA +5rUyAAoJEOn/+WIfpupo8tMAnj2wd4/6VCu9ZxpCSECN3XpRJiXUAKCURGuTrvo2 +HIuGeMhdMHRSTgARlYhGBBMRAgAGBQJBISXyAAoJEAGvk9mRz6NNBxUAn0Ucl5ef +VPtUVTqOSXTL9nk8lPpeAJ9W2akcuz2qbLrv5JEp+aDL7xB76IhGBBMRAgAGBQJB +ITc2AAoJEHPjbrAaTz1JsToAn3FHc622UxcPysQfPKEf+eaM8cv3AJ0Ywv8DYAAE +N4OlRT2MdgEEzrE2VohGBBMRAgAGBQJBolraAAoJEEKfAVsJbE3Tmr4AoJBC+PxP +91bopMvy12Xoix/h2JRQAJ9NALddrUy4cKq/cD/0wQZ5MaSB64hGBBMRAgAGBQJB +u61tAAoJEDRQ7VE/zCqQaLwAn2MakH/QoCF7dgtG2uOeFGuHbrKaAJ48AXhSQar4 ++iAG0fV4UAOMiY2yVohGBBMRAgAGBQJByA2OAAoJEDrr7G7GZkj9vrEAoKVTANJ0 +YMBSt1j9KvpL3TJwqC5uAJ9spY3Ekjl7gGcroR8re0RguseIwIhGBBMRAgAGBQJB +9bWaAAoJEGtzoQYqYj9yvZYAoIKD6a/sP+kiF6q3+5VH8M+jpUqfAJ9gsuThWj4F +W3E30SvlHiA1fUuYKohGBBMRAgAGBQJB9bXFAAoJEFJ5L6+ZeK+G2DgAnR7DLS0L +qTBpJX8uDTab6hAukCHiAJ9IIAoOhiwG8c+6WJxMVTfwOo0FaohGBBMRAgAGBQJC +cjsmAAoJEKUG5tTdTVCIF94AoOWYNjoeBYR0ruPv2sgKo049L57WAJ9tS0LKA9q6 +/q6GwhMGBSNlCQuUwYhGBBMRAgAGBQJCefz0AAoJEG+u8y5QgnL+PKkAoKF7jXhb +s2i8hbSM6gMnHpftRAXmAJ94z42zUAp4gkNgIebAVTlPucnxTYhJBBMRAgAJBQJB +vN05AgcAAAoJEErDk/ui0Gk2tywAoKrgcITfgeol+YWA0NERXGQvj29NAKCA3iSx +UpCk0U77RyinAaMHPiHG7ohJBBMRAgAJBQJCeDKOAgcAAAoJELiUDm2pe2mgyUkA +n3pbbJvkKUhFoEeNys7GBIjMq1o2AKC5MjhwTi+IA6JkFtUubQHMDlpc6IheBBMR +AgAeBQI/chCJAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEIZ7+an70+uOfpgA +n0ol/2xJML1jQFVqnQyICYavvG1HAJ0Qedv5hskMTdqyU/M1XG6lc2oXLYhGBBAR +AgAGBQJAxAyIAAoJEATdSGuyTiz3wowAn3kxQ0CxThjw1fULoJv8afwfealhAJ4x +w1D5/EANA2fnbMWTvj95KOz6dYhGBBARAgAGBQJDZ75jAAoJEC4s9nt3lqYLiBkA +n3bP+tUGV1zK0OBDh1gclP0TFWdpAJsFkleZW5Busab5nyAOBkDFxy9djohGBBAR +AgAGBQJEgrGlAAoJEBvD7xugSqIHoGwAoOBTHNNq0XfsX8qEBN+6AP5yjAo3AJ9U +gtpvxpbccxcEkA4XQ+xrB45IZohGBBARAgAGBQJEgrHqAAoJEGiW/K6sBhsyGAgA +n2bTsW0YnFOxyGcfDjQszC9STeYgAKDkRevl8g/qDVHJLaEr30qGzxkgQIhGBBAR +AgAGBQJEiDRaAAoJED2vVKIe71J22zMAnjQAYh3JrW0RX9YsDmW/TSl19g2jAJ0b +EhZgQxP2/MUZhcHDf9gh6U+PpYhGBBARAgAGBQJFOu7sAAoJECo+d9KYZzTOWEAA +oIWeegZ9nDIznVoqRn9mloC1HBJLAKCgLZP/RljuCDnRw+YJKWQwHgAd+IhGBBMR +AgAGBQJEQNq9AAoJEF0853/VTwhHjIEAn2gc1Gl4XcE+yZnms+F81J4jkkQ8AJ0T +yqYrPfuyz1SoYlT35Bvm+J6CTohGBBARAgAGBQJFyQQRAAoJENq4mM7LGUrdz4gA +n3wUEARLdix3HZVtrSmrJCSj/8XUAJ9RYaXCs/uhuXqmIBybqIiUGmJl94kBHAQQ +AQIABgUCR9OgTAAKCRCyaOcG/1z0Y2LXCADMEf2o+CD8Cfue8O0IoroqOYNIptXL +83LNhv+OVm99TJGEM7rSccQfllWAw9DnZ5EiPThKnt+wcvfRrX9sLi4SvGmF/X3P +laosUDB++qASSZYxU0L3WZxcrMGHRV09h/AX89f9eQdDUwDkcZgkJeTCX4GjTNkU +Zk3TnUV0GJ/2dSOU8YPvpv+ncQT1cct1OYQrtiIochVuaPekIz7uoqGlHi49Gkbx +LrRWgLXgqlJ3lWcTXg9We+kFtkWv2YGvHizI7zKuOKoGGZysC1NckK8c3ir4wgAW +41OenKEJBmlNHGxJdPVT1xkK4bnrZ1h6m9nnT5nJMO/VJOUI7i/1xTeOiHUEEBYK +AB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZa+28wAKCRAo+FAp/vboZdqEAPwN +zPMQv997StkkNbYSxX4m6b2zHd8+47YvDY8+GvrmywEAl1e7+SbJPmEaJFuel9fu +1lWhkFb2cPKNCoj0MGGOBQi0LlJvYmVydCBDb2xsaW5zIDxyb2JlcnQuY29sbGlu +c0BzeW5jcmV0aXplLm5ldD6IRgQQEQIABgUCP1icvAAKCRApvl0iaP1Un+8mAKCA +mBvTGhFm8O7jbCPopAIo+LwU/ACfWs+lvzn+FJ/qEc+agRlvnZtXdaaIRgQQEQIA +BgUCQMN9nAAKCRDYDvNai7Unr53IAJ4pUO7CXvHi+rlxC/Y2RAlbob/2SgCffUsa +sBULqEhT46uNQsdh6ZTg1CyIRgQQEQIABgUCQS0+IwAKCRDhksBUOxuy6yArAJ4+ +DnZ+2eXr3s+8nz9LxpiPtHZ99QCeNbw0IY9wIt9oezkTcqo6cANPBgqIRgQQEQIA +BgUCQdFRZAAKCRCQWPpu6zPORle4AJoCgolYdPFqWs+18Vk5kudgLEsJogCfbxZP +5e31iSD90M6vYogRbA6gPPqIRgQQEQIABgUCQnIjeQAKCRDT+ZXVd2r+EnynAJ9G +Orww9cl+q7h7xRKGyw26hbcp4wCfQDhAS0uRmLBx1fmtDi7nMumoz0SIRgQSEQIA +BgUCPpYYowAKCRDj134flRYZkczeAJ99t0U4VAcFMpfM+CZmTf9mooiI2wCeMgsH +rz2nIyvo71eWMCG+ATA7xlCIRgQSEQIABgUCP1YSXQAKCRDw3I4AsoxZlWfNAJ4w +i6xnj193JdUSXCeYxlALTLTmmQCfW6hu8eNTjp0k0kCGlEEDN1ds7DqIRgQSEQIA +BgUCP1ihvwAKCRDm72g3LP0cODOyAJ9WNAoqtTOZ9aTfONDSSj4GVc5WvQCeNUlO +ZZtLNxaNvlSkRC0Wz3Rh5NyIRgQSEQIABgUCP1u40gAKCRA8DDO7RCtb6Y+uAJ9G +jQLbIA3x6BSu1aKNP3hqODiiuACfehIQn2+nIstMyk1zn+O/L8XwH86IRgQSEQIA +BgUCQAqKhgAKCRDCsHn89cdSVrzsAJ42nnUdMuZ0uInMmgVIzm9Fp+wORwCgkC3/ +Y6gNAhultLdpvmFVZFe5Y5KIRgQSEQIABgUCQAyOrAAKCRBa6RlsHeXyaaImAJ0a +zTYogWWZBh53w7XkcEv0RhaWaACeNY+JzznXEnsEr10aTU4xgK4W8q6IRgQSEQIA +BgUCQBXjRAAKCRAiGMgejnwD/23XAKCdRCKFFm3nkFPBLM8nHcFtkZKtiACffmhm +svMYV7tWeb/yXKxk6NN1dCqIRgQSEQIABgUCQLt6iAAKCRAYoMyNVwaktNhOAJ97 +hzUBdZW8nYtRgPTXXvz9+fDFPACfY2rvyAaPQa3/aLII2/LqtM+6EGKIRgQSEQIA +BgUCQLvn8AAKCRCfzyzNPz5kJhi9AJ9j5uczTQfq3BIGaxPwzpEXbBLsdgCeJ+M1 +7xp+Co4t8CE2J3ySBo5YnuqIRgQSEQIABgUCQMMBYQAKCRBApb7tctA8sT+FAJ9/ +RKCuToCCw91hrA5jfAZsHhneUQCfZJJs6HU7upi65aSeyU/pUtGqGbuIRgQSEQIA +BgUCQMP+EwAKCRDJdCX7rktdkvg8AJ46jX02Ue7SLFC6WX/2SEKWdrYRawCfdDrL +TET6rzprixEIlN7XQP+NElKIRgQSEQIABgUCQNgpEAAKCRAND04SwcVNpK09AKDE +QyGw92UnLt9OuPcLhqm0FfrvowCgutSd0uAO/Bp2RJWhfUHCdR2IVtyIRgQSEQIA +BgUCQNkAtwAKCRBHBhTwkQ4bLEFLAKCMOzcpOUJnGhGFZ1hN29voRIWacQCg5Wch +IS823ghvSpIxb7LWXXr4mmaIRgQSEQIABgUCQNp0ewAKCRC4x7yLA37qcwaEAJ4n +7GFf6ITqQzfEkJ1+nPK+gVO5PwCdGhbsw5r9M/JLsBWFiUdD4thvmLeIRgQSEQIA +BgUCQNqaHgAKCRCmDrC0/d62LCJZAJ0WdWqREidmqszEcDlJZGo7Hcv0ywCdEHO7 +ZKh6RvH397V3+4JEP4xpg+qIRgQSEQIABgUCQN6ThwAKCRAMnBw18Cy+zmTFAJsG +a0+Q4dWBl07wlcQ43GYghV0dCgCgkqr+Dy49+e8Qr0RR/C6pTpPuV5CIRgQSEQIA +BgUCQPKGkgAKCRDf7bsiJbzVv2ORAJ4v/esMeny7jydgwMs8Pp7CLfbHlwCgvn4l +7HOsHvFhwYzZteRtRDbZPNSIRgQTEQIABgUCPzTcgQAKCRC/pQEG0QXO/wrIAJ0Z +sqnRN0n1Is/NezvqxGw0ncPNsACfXU2TRucyddHGV0Dwjq1uzzWarIaIRgQTEQIA +BgUCPzTdZAAKCRAXW4/hvruTPzfoAJ90NuGp6GqyWn/+0J7H/nCa+kiR3wCff9uI +r/fQ/Ieb1bTOlxvhzczQah2IRgQTEQIABgUCPzThNgAKCRAis/Cwib/T9WJoAJ0U +GXUzNySfFvjUTffG8IZN2I1t6ACgzXes2qsyBk4UTKdK/XurjxffV3eIRgQTEQIA +BgUCP1YKigAKCRCbJMB9LotovUmwAJ9NhPxL3rKkJbNEhYf2Ryo5N/0HOwCfc6FT +GNw0PTVFnxmFWcEnmjWhToeIRgQTEQIABgUCP3BaEQAKCRDgKFrVdgDK70XoAKCi +t11DblPWaJOUADS5vRuLfr1hSACgoaaw2U/FLGK04GF8p/UZ1VN9L2eIRgQTEQIA +BgUCQAtE/gAKCRA8Y8o/oLPoi0QzAJ0d57e3GKm5WlNRxyJXV76FGVZBWgCgj8QS +thPh4wdfStbzgwP/5YbZssmIRgQTEQIABgUCQA9MjAAKCRA51HTjafHvV29DAJ9w +AhjDlrdpimmd/Qwx8tnWB107xwCfZ7sHY6+mxog2Y2/MwoKk+sfxWsCIRgQTEQIA +BgUCQBG1hwAKCRCKZ3GcLegnsxCoAJ41g9TGu3TJ1/QnvEprt0azmxYREgCgiiGh +kbkbx++hhAo8op+9ZJpZT9mIRgQTEQIABgUCQBSD8gAKCRB274zoh7HPtRTIAKC8 +rsUdtDOS1ff4+xFb9j55yQqpqgCeMgI87zyllV9H8FYerL2mQkEZwUmIRgQTEQIA +BgUCQGUqPgAKCRBspBp3Q7jWyAmXAJ9NIqLklZU87lyYE3YaeP+n62ZPMwCguN9v +r0Q9Z2FaUjyny7sK7YVbDFaIRgQTEQIABgUCQHctJwAKCRCkPm0nEoKH6JIvAKCe +cfQlXxAZaXOnAX+0zAlfIiZyggCg0c7aptER7dqiz/UwF+uFxnKRq3SIRgQTEQIA +BgUCQHerewAKCRCELNt6RHeeGDr9AJ98Oa8d6v6PxkRsuysGe4nbFkXgzACdFCrs +vyenR6x931WMA8/CP7H8h3qIRgQTEQIABgUCQHeyjwAKCRBsv4suVls4+cruAJ9S +Pz5yFsl1Q/cyfLq1akI5hHA5vwCfboj9Fl49IJ/xhx5r3brDfQCtXOaIRgQTEQIA +BgUCQIKpzQAKCRBDGjztotfSkr4yAKDM++8oPR/8Myr6cAXgr72aZYZ9OQCePIgp +eX/sfUSaO7p+qSn0SNkXrH+IRgQTEQIABgUCQLs7wAAKCRBRrPatdb6Al2gOAJ4w +S1qkozoKOJR/UXyu6rozxedhugCgvZB5ywef4pdJMxmuZac76KIapkGIRgQTEQIA +BgUCQLtjSAAKCRCMkDR/jwaAEgisAJ0aNcF/tfGCTxsYObkBF36rsObXBgCgv+H7 +Zqdc+1xbDE5yxsoH1FN7qJqIRgQTEQIABgUCQLvOCgAKCRCKkGd5GIAoPDL4AJ4p +u0storALgS+8KUJHdf+cuAQxrACePTKUrcq8aEFU+120L0bJxTRWKeyIRgQTEQIA +BgUCQMKZkgAKCRABtHM04NSemceaAJ497o737GfZi0HexR1G6ABLHTK4lACgliv/ +5pNPMe79F3WFb5r5XuPBMTWIRgQTEQIABgUCQMnOhwAKCRBxof9gG/jeD6TuAKDY +dmSSep11wq1Ga4H1uGoBY7qaGgCaA8YptuPw782pRFuxlxfB/fh44piIRgQTEQIA +BgUCQNkpDQAKCRAfaUTCUTmnzQPDAJ408+sREFpkaIa5Ghya2P3d+EeQPQCcChED +pxphf5OL5zA30WtN/92qPZeIRgQTEQIABgUCQOB62QAKCRAhT2hBUV+bdFd1AJ0T +rdoPjEDtj8rIysAs2eSXEpqtjwCdHemCDylR9Xj0SAtuGLNXUWVpH/iIRgQTEQIA +BgUCQOIVEwAKCRBzUHCc8aVzyZ1hAJ4mapLX+uNrhNHZZYuylMOjMLxHqwCeN1b0 ++9dnozKmDj6f7b7zinlpRT6IRgQTEQIABgUCQOa1MAAKCRDp//liH6bqaLtYAKCE +D/2HEbrsjnDUR84x9VppR2oNYACfRgPBWnnTSRRIqZzTGRbeV2zw+EOIRgQTEQIA +BgUCQSEl7gAKCRABr5PZkc+jTdQ6AKCLJClnvEQnVGSICErUGZgtvQQHLACgt1Fo +9frb2YL0Uh/QS4i5rZS+IbCIRgQTEQIABgUCQSE3NgAKCRBz426wGk89SZ/xAJ9A +DfHrRecGdU702D4lJCAsv8I+agCeLRlTgOSDVNeC59w0TWe/0yBcNYKIRgQTEQIA +BgUCQSIUqAAKCRA8gRWOctLgB9vEAKCReb7uCvjAzKWLsAV4fBhjDkuFiwCfQDdG +VG6PNeZUqRvtcU0SG+2U6cKIRgQTEQIABgUCQaJa2QAKCRBCnwFbCWxN09PnAJ94 +Rhsm6yrpPUohZSbMmsMS9YArzACePlRTneAOPIYeGLJ9fJU4r+33FOaIRgQTEQIA +BgUCQbutbQAKCRA0UO1RP8wqkO7+AJ0cA3BM8RfM7aT8ftZ7S0VkP3043ACdGMiR +cGlKelAWnpN3qiPKmi5D2a+IRgQTEQIABgUCQcgNjgAKCRA66+xuxmZI/etaAJ0R +H9IMSv9fUCR0CtqHOB9oPRyXwgCcCLfzZWtOTDHyVngbjDlF3dNDdGOIRgQTEQIA +BgUCQcgOsAAKCRDnXpDAOcwz2/a4AKCQrCY+XMXH0EsGw9b4qB4/jKpE9ACgjFjZ +4kpVmZBDYpZKzRvEl1mBHSeIRgQTEQIABgUCQfW1lQAKCRBrc6EGKmI/cjzLAKCJ +Ksif6Ka5+doZ1SdfQLqJ7hSPZACg4F3Jft7H+xg/+RgJ7uDrMfBWPeyIRgQTEQIA +BgUCQfW1wAAKCRBSeS+vmXivhjDaAKCYDNql7hyZxDmXwUWczLI5CD+RNACgqiYw +byx65xK8pL5I5c3IXSOhjPSIRgQTEQIABgUCQnn89AAKCRBvrvMuUIJy/q8oAJ9A +IMDvPl0N4lFdiad6GKvhXeCHLwCfVMHABYR+6Jb+LmSaBO1hetlEyKiISQQTEQIA +CQUCQbzdMgIHAAAKCRBKw5P7otBpNoPrAKCTPL/RtxOpmMw33N9Gz/dMcHYzvwCg +1o9nK5YRM8FBzWNbQm/RjWtp9LaISQQTEQIACQUCQngyjgIHAAAKCRC4lA5tqXtp +oB67AJ496a22j9zY8MeGR+XuCTYGIUPJ8QCgrG/ik5igBf0Kevyt79eUXKTXvcmI +XwQTEQIAFwULBwoDBAMVAwIDFgIBAheABQJCO1AMABIHZUdQRwABAQkQhnv5qfvT +647AEwCdFWuhPNE8ka3b8XjW8hfyVHEucycAoJ5AnDlpz0zW3TqMT1V30kXeVhNC +iQCVAwUQP2P7V2RmcAD8BdppAQHnHwQAj8Jmt4IQXNd1iyp7Vg8YOlEUFbb13SIG +F1J6u0uLdpA8ouSmYuAs6MIb42WaG8zAMKDv5dXjX33IiIlNE3lPLN4kMrS545DW +5o+NmjXDjQXpQXOZxqVbI1VhKBu/3v/BInDEfOwXjeWyssnOtO3e5+g/zAcclpUA +SBHVzI/P8biIRgQQEQIABgUCQMQMeAAKCRAE3Uhrsk4s9+4pAJ9CYaOilzOdxX59 +1vvT3I29mLooEQCbBlQ/j/nXeVFex2M9nwD0lYJLGnCIRgQQEQIABgUCQ2e+YwAK +CRAuLPZ7d5amCyf5AJ9HlKvRWXesW6D8uRPlDNbQAJfBNgCeJ5ONwn+u19ZKLEOz +ame1RCVsMduIRgQQEQIABgUCRIKxpQAKCRAbw+8boEqiBzLkAJ0RmDU/aF0nM5+s +mqp5ZKLuuRnhbQCglCUVO12KTpZPKHNRo4LiDXyt0lOIRgQQEQIABgUCRIKx6gAK +CRBolvyurAYbMqJVAJ0ZDVRekxWSQi47Wr7xRj1DiYacYwCdH3ZTh6R+FhYaNqbJ +II34jiTUQr6IRgQQEQIABgUCRIg0WgAKCRA9r1SiHu9SdnT3AJ92QpeGrPgSyxPa +zGRoV9Tu3f4nVACfSXys13rsOAHy7/lDpQKeVyU1uzqIRgQQEQIABgUCRTru7AAK +CRAqPnfSmGc0ztotAJ9GHDEhF5+ZATGPB7m0U/ptYJpj6gCgh6YWvBE0PTXY1FaH +HDfk2YEqv3aIRgQTEQIABgUCREDavQAKCRBdPOd/1U8IR9ymAJ42tXOzu5V2vtIK +XiobQqgqfTRHLgCdGxn8UEQE/jtdbvUmR6nCEfN0/U2IVwQTEQIAFwUCPTnunQUL +BwoDBAMVAwIDFgIBAheAAAoJEIZ7+an70+uOkCAAnRlfpgB78c7LAxAW9Ijn6P5X +qS4eAJ0bPqvrHfV5IwXNsO+i5If4vzdBs4haBBMRAgAaBQsHCgMEAxUDAgMWAgEC +F4AFAj80IYICGQEACgkQhnv5qfvT6449rwCeOGwOtSB1SjFiF+E1zP3/0bPnBb4A +nAv6Ve7zwqW10fzq+LVq3EUPDeQYiGsEMBECACsFAkI7T7AkHSBFbWFpbCBhZGRy +ZXNzIG5vIGxvbmdlciBmdW5jdGlvbmFsAAoJEIZ7+an70+uOZ9gAn0T7auFfLmrg +HKNOGnXNiafBrHF3AKCfyrAI1RRpeddHjuPVjz5I090qvYhGBBARAgAGBQJFyQQR +AAoJENq4mM7LGUrd2bIAn3cxhW1Trc+flQDBr1HcrTX8ZqBJAJ9RQHWGitnKe1SG +XaQXe8bZ1WtiFIkBHAQQAQIABgUCR9OgTAAKCRCyaOcG/1z0Y0rqB/97e/8BCfqy +D3G6YdMdARJVj9qIapwmeUgsVmOnP+zKASOVt7eIYd3EdKv3PDI9/g3lKoUHYFWV +L/mL4oJmlUtn78Pm92o+kksX9IsugF0dCOps0q2WXHLwaczhjxa+EWuk0XWFnHgO +PCd+P7h9jlVBnoaHkFIYT//2pHRRLvSFIxyVYZmEwF29eRP5FltZ0u52y7mnJaPN +MrnbE1y3ipaE8yIq0IM/s7AupiOTUTbqWoKRcE/1i5vi7Akcq1ZnpSw48p6Br/oC +PmNbdjYWVkOAXHQ0A4RD2KdOxIpexAO1N3S+k2q4iejTnkQN5bjYugdsQYu5QYib +SJH7cT2tXFsPiHUEEBYKAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZa+29AAK +CRAo+FAp/vboZWPKAQDoFJ95n6ErajcSn034PjDukgdUUHwpkmu9jeelSW3kkgEA +0IuLs5W5xXXv3Baz1FSn8szoWEPu3x+mdNbDJo3oag20SVJvYmVydCBDb2xsaW5z +IChNeSBDYW5vbmljYWwgbG9uZyBhZGRyZXNzKSA8cm9iZXJ0LmNvbGxpbnNAY2Fu +b25pY2FsLmNvbT6IRgQQEQIABgUCQnIjeQAKCRDT+ZXVd2r+ElyfAJ0UQWdwE9Hp +KqDrsw66RwFSQ4V6qACgzsYyusQyxqdv+6jwaehgpGzhdciIRgQTEQIABgUCQnI7 +JgAKCRClBubU3U1QiGYkAJ41r+RnKNLQDakYSNCQGc+OKVTwLwCgnRYLWVuOkhmE +NwVX6kZs8g2d0iGIRgQTEQIABgUCQnn89AAKCRBvrvMuUIJy/owNAJ4zhpW9JoxO +xVSikHjwxLDUUD3pwgCfTwVlE3Ti1JhCY9NLVMoXy8XpGJiISQQTEQIACQUCQngy +jgIHAAAKCRC4lA5tqXtpoFUuAKCFu0/x+Rjmr0p25Tc8nyMk/ZB00QCgiJiVBT+N +zqbpFg0na7ixEEaj7fmIXgQTEQIAHgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAUC +QjtQJgAKCRCGe/mp+9PrjiymAJ9knWAAL2ONNJIQPMl/lQVoHrz1BgCbBRVIIDoF +h4RjcFdgJlCZ65I5ZleIRgQQEQIABgUCQqZ0RAAKCRC3rC5RvUFxS/c2AKDD+xg5 +yl4B2McnH0HuKR5Ol4ATJQCZAQEHx9Kp7lEmvPfP0QnhWY8z/wKIRgQQEQIABgUC +Q2e+YwAKCRAuLPZ7d5amCzk8AJ4j08555CSgmSPsnbmEXbNtcP1mSwCfas2WvztT +8kiEmn3T0FtInTVqdEWIRgQQEQIABgUCQ2oHzgAKCRA8Y8o/oLPoiwMjAKCDEwlr +Q6dkgIzM6DeT+fWxLHiiUQCgs4RQb3/j7Wqh+WPfZJsUa5KWdtmIRgQQEQIABgUC +RIKxpQAKCRAbw+8boEqiB9GDAKDbcFvayGh9LvFo0yy4kUDkcduRRwCfR073UyYV +lk5yEHorEHQggKlogHmIRgQQEQIABgUCRIKx6gAKCRBolvyurAYbMmBfAKDpGmPt +jZQm0ykVha9q+LG9Prz4bQCdHy0EW6JyMO0bzxvstnlzYbgc6kaIRgQQEQIABgUC +RIg0WgAKCRA9r1SiHu9SdsZNAJsFx1UvcuxoW2xD9/FzaIAXUgWdywCZAdm03YNM +AdeGAdn1VUTm2zDjjWGIRgQQEQIABgUCRTru7AAKCRAqPnfSmGc0znmwAJ9rC2bS +juaZi5aEED9i4pkRbeKH9gCgsitttGy9AD2OyVrYyWqWSOV0md2IRgQTEQIABgUC +REDavQAKCRBdPOd/1U8IR+e6AJ0fjQUENnAhd/o2hdhv13KkvLg7OwCfQU4ehzZL +39W/RQN0vcuXzemWROeIRgQTEQIABgUCRIkGAgAKCRBbs/UZWBZ5GtPHAJ9J7FtV +Jy6IHjWkNxyj4kPBaBNGjACcCD/Qy7I2V4y3gqT7uaD7DqBfQS6IRgQQEQIABgUC +RckEEQAKCRDauJjOyxlK3X2FAJ9mokQzK5b3/h/4gMsY6t/aD3S2mgCfWeDlj2ZV +QKo8Au7rJIOBVWchU9eJARwEEAECAAYFAkfToEwACgkQsmjnBv9c9GMN6wgAwbGn +P0iVWDYZBDmDRkfL72BylvZJQO8dLfeUFspoSyNl9ByGsOJjumPtci6Wo03BeOvi +7e2DTBrSeyqNXej1PNedAI4dd1xIIufdeTxuL0y6zXdJneD9i1BAaNwaCdrACNBt +uAieq0uulTRy1ML4041mg7NNGyjz3oV8HUDZT+YZ0wNS03UTuKAidjW1d+EkVObc +fXOMpw+kn5zVJ/S8m3LK2mh/y81JBZjHkOEFMy5sHFHacAJgM4DvlVOW4I3rs7E9 ++eTE/RP5CObL2RdnLWcBJcRUCQwu14qfW4Dddox7od0EGs+gYLeeAkhF7UW2LHyJ +NDhiwR0k4oclgzoZsoh1BBAWCgAdFiEEKbSx984D0bHe0i8wKPhQKf726GUFAmWv +tvQACgkQKPhQKf726GX2RQD+MQr+RB2l4G5Q7sOzGlTv7rLFI3SRMMSJN3D7aMHs +124BAP03CPPRnSWpqlZoXzmta8Y4+ZRs3L8K2eDbIGOB2JIAtENSb2JlcnQgQ29s +bGlucyAoUm9iZXJ0IENvbGxpbnMgRGViaWFuIGFkZHJlc3MpIDxyb2JlcnRjQGRl +Ymlhbi5vcmc+iEYEEBECAAYFAkNnvmMACgkQLiz2e3eWpgtPFwCdFi8b4hmFUl+I +9IW2I3F4ymATsD8AoOIsp640WlAMXTByyv6Onekv+0/LiF0EExECAB4FAkMXiE8C +GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQhnv5qfvT647tWgCXevXivRszBk4e +4RSpSwdQSTzACgCghvjJBfn9HpTer6DF7p/SKOAX3qOIRgQQEQIABgUCRIKxpQAK +CRAbw+8boEqiB96WAKDWm6lADOKvx9ngYbRp++eThHwGYgCg0g7YxznqzSrYVNB8 +3x09vyuwJ/SIRgQQEQIABgUCRIKx6gAKCRBolvyurAYbMmoFAJwKqkBOsjUampsX +6gKOXhKjeTQ3NgCg4MiHQ1BxhEezNw40TeiSy1QL1qWIRgQQEQIABgUCRIg0WgAK +CRA9r1SiHu9SdtElAKCUqGkHRASLq9W/c5G4KdwAlgU29QCeIp5wapGgo/ciV+Q4 +P+zO0bfWPzOIRgQQEQIABgUCRJE3ngAKCRCMJe4PDcC31iGjAJ9aiJeOFCN8/tWT +8BSamfc0PkGmHgCgnX4QfqfIFUfMlc7y2KhqRKr6kcuIRgQQEQIABgUCRTru7AAK +CRAqPnfSmGc0znHHAJ9+4ES+vK1Huct5GNcHBN8HQNfLSQCfYF0IgUAfXC6hXZ2/ +E0U+OmqfnjKIRgQTEQIABgUCREDavQAKCRBdPOd/1U8IR1bqAJ44onU6v5AyQPqf +aiqh62eDT5cWpgCbBzTxQz28oTzxzm47E5lMyZzwNCOIRgQTEQIABgUCRIkGAgAK +CRBbs/UZWBZ5GtpfAKCAjjGQJgFXayEVgRIODVBYtMZCqQCfSbvpaGGTZzYvJcKa +wZS7dFj7CG+IRgQQEQIABgUCRckEEQAKCRDauJjOyxlK3TVAAKCFG/z96plgDlxF +Exp3qnT5Pc5yyQCfRuULtWOzccXt5tBJko+ocxFS9LKJARwEEAECAAYFAkfToEwA +CgkQsmjnBv9c9GOgiwgAnPmatBuHuHlOmxsFBEANRGA9CO/u9tj6boGYGdQGaJuX +7Dz4Ae5W8Icmn+dGRUGqbOkQj0KFOl0Dh4NiHrrzclwPmT8YfPyWL6KNMCftKAOk +n7gqoXG88XkG8jxLCdbXQKXHTswBfRpdjNfAcbBqRfLaDIfUTBNK+fWReStDXOn0 +RN7I+3c5IeaH1CZG2Ds/m02TV7pxVKH5rZb3QPWYWGqJId98LfLsVLiDzcAaC6ER +pwVtw78BQLePAOQ6yVjKB61WhtKwH8dB8INQ9wUhNRF4KrU8viw71mpnewCbMufr +UQtZngeAVqFYBKztTUH82bZdOrH7KmYIkQLPbFkU3oh1BBAWCgAdFiEEKbSx984D +0bHe0i8wKPhQKf726GUFAmWvtvQACgkQKPhQKf726GXWhwEAilfG/4G9kCcaH9tv +iQXy47jcHOeOcBdp9/VhibUqiG8BAMahIxX3QwFkAc/Gr0Vebmm7v9XLYhQkmFjr +euKNV8AHuQENBD05CD8QBAC0dIw2sJbrLi/iXI+sm9gOk3myilY3cnMiKJgiQiFy +PmH+kQp6vdYkvYs7HtjDf4QZ/REUZCL4R9AIZYWCQXleFAcsg60MDqV5ENr5kgyb +ofVsXK5CXDAzNXzVw/kMHJ1bnN5jnqcnN2+eCljXs1UGVwZqKspWiyQGYa1el3z1 +GwADBgP+I9MGZgI5js+en7lAjAPm/O0DVU3hFf8uXDwLIQF7EblLMOgm+tX6kkyF +2y67vUJgVoMqK4FZX/4cQpRZt32Gg3jTliVXK6B5afzgcuM16dMOtHKDn0N8dWb8 +mijLy3JYrXkpYXAXiWDqES2dp7zQ39GzhLwRyqyiDFQG8bVyrkKIVAQYEQIADAUC +PTkIPwUJA8JnAAASCRCGe/mp+9PrjgdlR1BHAAEBRJMAnRbhUE0LZtQRRFpUNgnG +jO8HauOpAJ9vfXd197WebaQTGxlWQUSio7X5HrkBogQ9OQjKEQQAx8PBbtvgdT8n +umsLzkQfD+0sUchHJGJIQRzXMMOZk921HE/2Lr0UtYVPHn9ID6kzjscuQIFKsMAJ +Pi7eOA1pxlZG/9LL8B5N8fTba7PCe71k/BeVP42LMlSR0VPqxWYVVpOgm42lQKWU +ZyI/JBJNzdQt1oEmmhwUzOeik7rsNcMAoNanecCSoYbAsctVuLt66iGgN7kpBAC3 +kYsGi9HLwAcQ1Ruzjf/F+fPkb3saHk576DqIikOqeKi/SWiktxBcSEfXY6oUAiab +uNq51ph1O0s4HLLtyJzljpCPXGASxKWOk6GEQhcBYkjp1sXGXjvLtHAtttgp5+qU +8PiFKK69PptPVLRb5UBuKc7dP0NzGTVw+J1C4WA/TQP/QRF/Rz49J9RJ9uBhNO30 +Eu9r2fHpeT9PBO4526OMEvx3bvB/6N0XcgpFuPq1AKngM08paMNzxaq7BNnAM5j6 +lekQQiaMtanVQVoPoHdcL3WJULniR8oA6zONWkBlHQPMZSbrZSAgd3mB5qV51oGW +31r2diRer5Yx+tPeHkAYhMOIVAQYEQIADAUCPTkIygUJA8JnAAASCRCGe/mp+9Pr +jgdlR1BHAAEByYoAn2LD/vhndvYfpKmdu7pAjQf12IZRAJ9w0JZSn9sXsCBzlZIO +l3VxUua6V7kBogRA+6rnEQQA8JZoq+jgiMHgMpcQO8jEjrWiV9iy/Dt8l37urXbZ +syyosL8jGs5jvTJiejw4h4Fqk9aPapHIaIh70IqFheuxfXYhbwnFL4g2wP55bFMF +Sb7pbtdqPjsEKMr7JSA6GsmjQdJa7fDGSKKFIUxrrimKqS6LJxff52kQO1M+dDtE +QX8AoLfYzwu0XID5quugV3QrRhpeETWdBADYvS54X8i7pWuviQGesXI4w5nGZrWp +KIDw6lW0VVyoGVDKGA84k0CzHp8guDWv5Cc/0UHuHArY15I0+pgAlFyJ/tEdKpJC +E8iieF9C469XGpZAHMJI9kqoOCFC6Mtlh/pyUW3xWnlPyO26kj5TWUI7fXwzgyxN +rT3Lt27/CPCRggQAxW2RsFF7ymbjYPZ2HL11QygTT6whEhcpd6gEX/jfn5RyXXOf +kvBVmuQWvIm/MQI1n6t9ZQQmeUHSymZDexcTKq4Vlk0Qo/XTbubdM5ie84bMl+No +yjd3Pafy/Qi+Z0gik9QzQq2ZaB4Gb1DufkoUdHmTWrUfckSWyjmll/vtIsqIVwQY +EQIADwUCQPuq5wIbAgUJBaOagAASCRCGe/mp+9PrjgdlR1BHAAEBc6oAniH+Xgsb +tYMN64qI2Z5Dp1CTcGBXAJ4q1+gLedy8msRag1CNNXRRlyKtWrkCDQQ9OQRrEAgA +iAcIqS/YaUBQmOe//TKvMbd9KITwvbWoi46yCrux+gf7jGotsyo0Q72zXxI6+ot9 +jccv53AUSHeh4awlGFaYQSX10l9ygknLLyOG2fx+udED/PyppXSslKYvSsrZcTB1 +f/og9RXpQ1mPLX4R9RHxOUIKAQX26mcbFssxlTeL7jeci6a8jfAHz4zEP95pCMBa +PYCWFzmVo5M7YVhfB1YvO+ll9At7DTGGuCyh4ntdt6c5ldehxvGBSLGOBQW66h+S +pQr/V7oALWs4lwZlDmdHVrbIc+ds6KP7/sqBc3Yk1TNhnaTTWc0Z7jfw29pRy+vZ ++6tIhJX3YpYFEtj2170V8wADBQf+L6+xeRILW3oRf8yZzeQ43b+ewzqtwhAaex35 +/JfHve+BFairYqqycV81r6WspsrHn1TJR9FU3CsRGs3Uk0Idl+ZpNWJgNw/P4TUa +vnv8M8YtdP2660VqD5LzNr9FNia4rsu2HnABqSol1mV1AjZMPwZCFmcepR9B90aX +lw2uAil/ZaWG9Ie+pd9cTVyRiry15fKKXCGBkTMwkwiFuwRLRqZXvSYuUdrqVRQQ ++w0voMiO3A3NGTxZYYsPp0DQKNQhziDjffhGtnht6ouYDD2WVq3itAmd51zVpf89 +D/bjJe+Sv4deLXt78u2zp5o1+u8gzxLRpVhCmN2CjZ818ukSw4hOBBgRAgAGBQI9 +OQRrABIJEIZ7+an70+uOB2VHUEcAAQH6BACglV02bsJX4Oe3zCE8SVH5CLLXFeAA +n1H+rK2r7DDC+//bhqAjReOebbMruQINBED7qywQCAD5SZNyX7gK34PHcuFesf4o +lKAMHqYbj87j+QveTNb3Mkpe73Ablvcfi4BQak3/PJDbAiLWV9UEJ8RhqvEWKyvG +bExGGyBocPkJN/0R4kCOdIpe7yZHKEDmGukE7K67zY4FJFTkyqkSWcXQz9GPYEvU +StO5fT+iNF6RRdPzjDbwuZAL4aRSR/cgPM5IPzVfc0gQ9j+x8rJyK8c2d5Km5tVm +8HUHAXQu55Piw9mcSFCKLrcr97MHT/4ym2h2t/dhohhAZBKu8bnyoFqb5IVL7Q7t +sCGIxuagGEYI0z4wKmJ7UrQtjnqWde5lNdtEHdGmuPV21WKkyxUzOh3g/pdzWOgj +AAMFB/9lLeG3sNY5dE8fAM9ugs+2UKxK6YlxjwUj0MGaD4wdHi6TCNqSr4pvsRlQ +2qhA8bgUWxUmy01T/49cpHT0YCC0YqUk/pJiCLF3px4XQgho6yGc/oonaywSjiDi +gY+PbDfSKIesV24M9EbwhPSBS4yPuFrEdq/1pWy+Gi+ZH/Pvph2h6pQxpWSqRp8X +jLm/k7GQkC3lbWuwtdZOv2hqlC4T2BWrbLD06ihDmLJ9XfdSjimXP8UBtKfYaiPl +ZXr6DPSE3MjCjAOioV2aV/ukNPraVVoepNa4TaS+9+bgpFEAa5aH22aO2dBdzPNc +GbTy09qqLVEw9H9vaprf/pjKNeKFiFcEGBECAA8FAkD7qywCGwwFCQWjmoAAEgkQ +hnv5qfvT644HZUdQRwABAUx+AKCOWhc0Ul1cnN+ayzMDu3kX0iCYBgCdHoCeJmzZ +m7+RtyGmX2h7L1fuu0GZAg0EWA9OxQEQAL7Q0NmsPCjFJmfdOG+4tN/qloRsxEE3 +Qs+92xKwmXBCzEnVb0P+MN+ceTaIA0XskmUSD/Z4+jl4Y30oTbuKsuIQDV7nehsy +x/P3h4zDJEStTj+NSs5eOKDVCt6B9nlOPYRTTEaRb266QThedA7YQ5wUMBCvl/3e +c/PFTwYujzHT09WY8zGEdN6AOc8LQqBiD7eECfa5lSTE/SqhmzD/pyd8ZfnhU68I +aK0yjkgoTC21Azq2FLOwkDPX6rNNL5/0LPMg7g/tgL39B3iKyR/j0Fv7RZEZ6qSK +WtNpg/Jy2FPX4WDDv+ivcC8GxOcCypp6cJ5cR4VaUjN6RKEzMt/r7F1BPdlyWvOs +CJQpKF9SX4M4n9ysDhSZ3Vthcozls7P7h0WowKTFZYMpozU1qgNla9Nb81w+dgHx +yzKu/RwgLRegHwrDnjF/CrjRl9B9aQr8C4+XW3HJeuos2KMeCjFFIQnR6fAdZeAS +R9wS9Rqk9yIq76giVPbApJCu1dbCEdKEGHGnjGTYMnFzmlWbZLhDiXtvDaUrHwUQ +VRcEqJaQ1eYpP7bItI+UskdSKQ4j08CSSdzaBPf3EnzQjQ1CKOQkli0NORGyfpX/ +3h4sIL66Rt6iWhgma2cIq7OJAHuUK/LCp6U58Lcd36ZMYhYUPfymQyz7xFiG2gpl +3/GzaAXLjDUvABEBAAG0OEFtb3MgSmVmZnJpZXMgKFNxdWlkIFNpZ25pbmcgS2V5 +KSA8c3F1aWQzQHRyZWVuZXQuY28ubno+iQI3BBMBCAAhBQJYD07FAhsDBQsJCAcC +BhUICQoLAgQWAgMBAh4BAheAAAoJEM1tv47zsX0+NHgP/jhWvRaeMbkwIac8ATGd +IH+z663rH9XNblAgSNrSbXTwjJUIqgUNQt2p1rxLueDZVoVGRApazCnZaDG87NEB +D6rlFlt57apwprBdZOaiYy/ypVowwfVYfyzyhwjLvfwYrIrY3Dl7GMwVuDBjPvjO +tAwhBnpavRObgK9TzJIo8YgLUmMdygLtYX/Xj50WzcBUfZ6JvFiTXYWQLE3M3i1P +aWwC4QR+TGofRZiK04d/aVYaWYfgVcAyk5/KZPFuGXg0graqNqKJeeYdCC+HIeQo +nRkpt8knMlsBVx/JShbu6MYWRHsGjMrFA8sDn346I3OkRM036MEeIRgnMJF5zIHf +OU178ED4PZE7Xf9CJy9VhhFVEmkdiU3vatg3jnL4dyWNwZQ1+1mX1STJSHcQbAeT +t81HNIQU/MRyhoCz9Xk3kR0CtArnFmVsNbS/zAp8NFJpjZ0GT6m5udg//5Z8PE0S +gDcG3TVnb7C0fpRjNAUlLFwPsomsJ/vM2koxj7TgfDAmeu5lac/FaTHA1FuCOCa7 +f0YV3k9jnr3FdcyYoGC/EIDdV9y0XOe6Ed3ei33MKSfXJGk11s33CI1V/RtCrYRJ +QPZg8Pv9dXS7yHcutsxSXhOUjZ1bUGRXigmTb/4qoOQlrw0M6TwfI48d77L4x5eJ +1OEJsmGi6Jip2nTDoJer97VjiQEcBBABCAAGBQJYD1sUAAoJELJo5wb/XPRjcYMH +/2roAMnOOUsrb9VDe5KbiRSrGIi/1K1n51tajLarMsz0o4+jgSgDiTRpRfiXQ9Xc +g+oNgXpqSjQ/rLuLJzOMBz60wWntke7Iv3C3oTH3Wv7xmx1uB9ftTgLBVfeqhxw0 +dTwhh0qRAIFDNK62VSJadj0KQ7KxxZnRVTRyRieJFdmTholkkpa0q+ojrPMM9apt +YzteVfua57KCjSXdYNcQqTKeBF667JLWESMjmuCi96N1pWvL4tlZMrwdbNGGxY8V +VCgdCTCe4f8T3kDLbKzMzSBYm7JLwgNpCKrQ+6hUGVZaW4fMvLeMB56cRZz4V17L +Xcrfh6IKCUueHvx3UtAyhzWIdQQQFgoAHRYhBCm0sffOA9Gx3tIvMCj4UCn+9uhl +BQJlr8Q9AAoJECj4UCn+9uhlZNUBAJeChkJy4AVBiLi3qsA2srACb9DroHIXDmtn +8Z6Hdh0iAQC2vvay5RXuYgWU2Bo6JiymeMnRQT269y+7WNzx3pz7BJgzBGCgPrQW +CSsGAQQB2kcPAQEHQOgNagm/4kzV1tn4VFlR/mE4vhRU8YgwWNIkEXOYjXRetD5G +cmFuY2VzY28gQ2hlbW9sbGkgKGNvZGUgc2lnbmluZyBrZXkpIDxraW5raWVAc3F1 +aWQtY2FjaGUub3JnPoiUBBMWCgA8FiEEKbSx984D0bHe0i8wKPhQKf726GUFAmCg +PrQCGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJECj4UCn+9uhlDnQA +/jdq8vz+EdKlmQ8G5Pl1DeQwoMduCET0kQSxYvKNz+7vAQCBkut3YPsf5/SSu1Zi +NrxX9X8FxOK658awpVQKzxvvDokCMwQQAQoAHRYhBLBohO23ecibBE5k481tv47z +sX0+BQJlr7m4AAoJEM1tv47zsX0+FN4QAJdQjgR21KZ5Lq9IgFVmzIDOJ8iCcjPA +Puqz3Lk98dpXkQj+X1Qmd0/b2p4yd+6SHMUO0VXSo4xHl+KJZ2Xv+h/QSiJ1KuzU +6JWYF0xqUv550XSY3bjeWc5jZXXXJGvyIDsmUHYhHjJBfTQ/fZOLcDASv4WjZIrS +pdYYEd/I0ti9W1IHBpGs75gMENtIP2PFdvd4hAcFHbwTh7NBH7E8HQ1Od6frttB+ +p0+uCmpvqj+HJHxP0X5gZmexw/8I4SFlHhZvW2fkqXxyKycLqJLgMnFmLsrhYgtu +hTBUt6tiY864AsLvfUZ9I79CXm6MrunqN9HGAWrvxoyme5cnPcdA3ZbXYsScqAXU +s9YZPmAkmQh+CHDoF5yQnt7W0UymvuJJAJtCNLU1aUPh1gfc6xkB8KVlc/FxYKJV +MOMGl/KWck0sVHfl6j0/A2KGLmsX6A0TFZfQIJTRUt4mPAF8RQTrdmPVF48kYuCK ++TwKtd8R+Hr8NxCfvZD/a8a6qigvwoUpndO/ODHzBrs5Z5K0d5nKKuejYr3kuKOx +JoZX74go4qQFgVY/hqOhC179WfNY4/ryhtqJbrGoL/rMUmpuMtbapwEf+wZNeqTk +4+D8q1Ntdd7KuLeGIiHHev9rDG9xys1jR6+PoTTPKWGBqHWeLX09KiLLVTetU9ie +OpqmpftEcWlluDgEYKA+tBIKKwYBBAGXVQEFAQEHQMnrqjqN/LbRsjZ66HV7iI7X +fmvap8dSWymY71+Ekiw8AwEIB4h4BBgWCgAgFiEEKbSx984D0bHe0i8wKPhQKf72 +6GUFAmCgPrQCGwwACgkQKPhQKf726GWueAEAtprlrB37fBpCarwugbne3xubqSoJ +hof671QR9a2GDtQA/j/O9zCnNa+QXYl8VMx1xenTs0Tn7Tf9J6vK8YhDYO8PmQGi +BEHIB9cRBACz7t2AETPLyJ9vBBrSRD1S7wXgfZEPvED2JuMKmtaNBD9WFbPBtWYG +uCi2dUYxIo05GvUojR4Q6IxrrHhCcbcodujA7KxHpWc+ua/Yatbp+Qdya8a+D1Dy +w4x7mZA5MhCX5EI9Rtu/dkTaQUn9pS/YoSre48g5OqX6chkA2QjIhwCg5VjW6LEK +C3gIdPux8dVRfeqvAKUEALCVyzfi8RIFRm7tGNY3BN+LzvGRYNdMcdDH8hF3dMMd +RlVMLopGrO4F6AqocfFRAmqGOYmJxZ+U90v3qnP9+NaoH74nwAAC4hqPpGKBJIqq +d6D3cjU6OuPACRvZmlmrted0HbPwB/6jbWk1Vv1y9llq7W00NtpZ0gC8wDerW4l7 +A/9iZZqvtxDuJS9tHKP1TlI8B8pYvbLApdDfqn1E2oUZ7jKLIgBEFIDKPkNIOdou +6DSMqjxUKb79G9zEEJ0chlB4xwgxxToObf749wO52k7dmVFfrGJnuBK0K/H+9YVW +IKNeJcsSgdMO40ayArkxdEDhc5KU3EiBXCjkXX3kyRo2GLQqRnJhbmNlc2NvIENo +ZW1vbGxpIDxmcmFuY2VzY29AY2hlbW9sbGkuaXQ+iEYEExECAAYFAkHIEcQACgkQ +516QwDnMM9tVnQCfdFgba9EJB6wggtINUychvucoGKQAnAxACBlbEV7/x53k5Qm+ +c+erF3NwiFkEExECABkFAkHIB9cECwcDAgMVAgMDFgIBAh4BAheAAAoJEDrr7G7G +Zkj9QFgAoId+TSZvZE+Jn+xzQc1EIQLmWs4ZAJkBC79g4oqxvg1g8msg0FzPjL56 +/YhGBBMRAgAGBQJByDcdAAoJEIZ7+an70+uO/9oAn0YyNkoSd/VpNAbTCWiY/nCX +wRabAJ4yChxNZdi/xWyJLP1N4E9DXeTPJ7QuRnJhbmNlc2NvIENoZW1vbGxpIChr +aW5raWUpIDxraW5raWVAa2lua2llLml0PohcBBMRAgAcBQJByBPAAhsDBAsHAwID +FQIDAxYCAQIeAQIXgAAKCRA66+xuxmZI/QlMAJ9DBkYQXo2vu8RbX6EXWef7GMFn +ZACeKjyMdx2+6JKfcIaveo0y5Mpbrqa5AaIEQcgInBEEAKej1pT+lyQ+1APXmyuV +QyhurIMgixTaK39YnytcOikq45VlliFUSuWuwmlMte6s4Tv+qtSI9KmWeXAVTRcX +nmWVjPYGlJXB31yv62FBAaCJQm+eMeZN9JOzSf0/8Nn2qWunGvGwzlYfsB5awi6z +uVtsTYC7v5T8UrdN/C7BTSM/AKCQSDAuNB4DeD/kveGAKoX0WYZHjwP6A3e0jsth +kBeVZHskjkcj6Y+SCXcJ2F98wbZc8SXAmV+BpD9PQQ8hMaWmxZY0Q5p35ZJGggCs +71NoG35ZY4x2vIJb/QGbh96LvoQm1OjM9YtbTjKzhW+b+lsO/zSRi0Vw6aCkkonj +LcKmc0BDXD6JJ3hBEOA8QuhHvpwDJQrb1qUD/19VFjI9LCuwkVF96Ne/oPqqNBGv +geFcabuJl76a3hEqImnyiNjRvgCsSL+6aLMwzVi1fqzVPboC5a7v8c4RAgpQzo1u +xZCJ3wSY1lJw+HKTMPAXa5+fB/ByUw7Rrtzxgfj9Z/bhEjoG6Q5QzzTJcVDl/pFW +f+Gi7ZmjheiIXmwfiEwEGBECAAwFAkHICJwFCQPCZwAACgkQOuvsbsZmSP2E2gCg +mXWuLz/CQe06ke1cT+3BB52tg+IAoLRsvgYNv4M0EjwtO3spVqg5YBBjuQGiBEHI +CLkRBACLWpQpKTdxxGqUNkORkG6Kluz5ubaos3efkOCjFgDrT4MUo26VTvJTQa3I +CyTuqBPArpeb/9DHmgx7PKIp6yHNk/lHTRyiJMYFzVi896E16JCKJPmu1z8obxkN +8BNQ4gAnCGj8HWMQGh6jIB1bV50NjlY/SykfM/3eqnaqtZusxwCgiSIY+wIdjmnH +OWyl+3xmsvxO5VsD/RMfJpCD8Ul3ktK2WCYRyCWPldd9CDG38tKt7lSiH9ESXt2E +rJPnTMJ2RX6yuYJbQxIY/6tgrLuDLYCUbf7bTZx2CXZ293mCVuq4OKO0bccBAtPI +7JmOYoEztnzDklcSS+M6IwmxdtoNhByBOl8GfMhYHFcR7qrbj6ACJcNPmsEYA/4o +xLFi8vvw9AqgAYwcRwH+Db2MQusXD1gfN2vdYvC+ExVuge6VKHbpxI6Vg9MMiKex +JKt7ADMjDTQ50kd1XIq5h9JnkHXM6Pj/6X2HFUU5VnxBlcikkXcLBNH1mOIZ4Ee2 +6x63VuaAfi8F9s8Z0843FJY+RChr20rg94VYPGp4h4hMBBgRAgAMBQJByAi5BQkD +wmcAAAoJEDrr7G7GZkj9gfMAoJ11Lsm4aqarDhVvxxscRw3QfNMRAKC97Dr0XNLk +g+0COoMw9TY+ph0+DrkCDQRByAhHEAgAvCbA5wQ2sJ7UtkAXzpHjVgh0JO/pRdna +DMv9sCurtVQyJRDfUAHuSamuZrWMPx/99BdQuUF+tpnVyFhqfE7p1pacVGxt5WCx +0DT2xIkJftrj2HTyVbGAVZqNm5wyKjiZWBtE3B0c07pUfDOTOgP4p3jKbBXulaL6 +dg4eEizl93SQ2cIsgkUkWbCOITIDLdhplR5APu7ks6WEVVLyaeeS/pWkiIsslm47 +vJjCz9QjOQQk1I5/MsxIVri87gRcn+fGKjGSxgr+3kQWMjBoknwg7/ua4y9gv1ph +QP5XSV9svMwsuPOuvKAfJAmFI3cbtQsDB1ut1YMouXXYukNyqRFKfwADBQf/W8te +wPAGBl5EJYgCQXwq8ISHPMXP0+PwHWBkoGXDsfFYVijEvH4IoCzEOtpuZWkfSTnH +y6bbQVnW2XDgCXyXwIbCTo9/l05fGQ2Ny01ecISmEWeq8xs2o0RU6xm1/F32C/PB +6oQt5wbnUJjGIoLKJ9P7BLBSYDGT3I74V7JnoDRJKl1xrqnWV5DcIzb899FjZ9Ga +7v2ifkQcwBEe6StPD+9K/JFtx5YCX/Y3kEJPzlKv51o2c7R918QFdSZp9fAk/7EX +uLy2hltP63PRPGRCSZ4CzuB3COAjSPQHOo4DM5eHawn8CVLpgHoP2gGlAI/Od5mf +i5BF13tnAGQB+ySGfIhGBBgRAgAGBQJByAhHAAoJEDrr7G7GZkj9nxUAn2QqdSVW +gGzeALgaLD2LDcyYV0OIAJ9A9EbjHrwcrwDC8eSY22ni3oHHUbkBDQRByAsuEAQA +qQ13wko14q7WG7lPvQQhZm9mbI58G7hhnFu0WWpDkDqJ6PkRYVYSVaMK5XoDA5Fb +YMOuXewCJIRX6KcLDgl4GxPGTaLDMniMLVraZ4Easm5CLWLM6gEDIYnkuWnGjY8E +G+iGth3Gze6kPkuYp0/ftNnoanbXOGOmEf0nuoVHG98ABAsD/jbzE2Im0z9+29PA +eG6c908LKhZCQ4XQSE8XrQgJBZDI7A5rhsragcrwzswyjYr5aV9kfb0tpnZEF60k +6rdYF45nA4inISiCsyrMwjtVSCYRMwXnfwXGld8nRymQUoeic4Y+ZHqXOs7gHm// +jFKRsYDP1Pjtd+uzwH/iG2/NBMediEwEGBECAAwFAkHICy4FCQPCZwAACgkQOuvs +bsZmSP0GPACeOqinNX7BX4eFEBYGGFz7GKLbNBEAnA7OKxT6FSMYtInM03JgXYKl +81Pk +=EMOU +-----END PGP PUBLIC KEY BLOCK----- diff --git a/squid.logrotate b/squid.logrotate new file mode 100644 index 0000000..30491b6 --- /dev/null +++ b/squid.logrotate @@ -0,0 +1,15 @@ +/var/log/squid/access.log /var/log/squid/store.log /var/log/squid/cache.log { + su squid squid + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 640 squid squid + sharedscripts + postrotate + /usr/bin/systemctl -q is-active squid.service && /usr/sbin/squid -k rotate + endscript +} diff --git a/squid.permissions b/squid.permissions new file mode 100644 index 0000000..46b9acf --- /dev/null +++ b/squid.permissions @@ -0,0 +1,2 @@ +/var/cache/squid/ squid:root 750 +/var/log/squid/ squid:root 750 diff --git a/squid.service b/squid.service new file mode 100644 index 0000000..b5523df --- /dev/null +++ b/squid.service @@ -0,0 +1,28 @@ +[Unit] +Description=Squid caching proxy +Documentation=man:squid(8) +After=network.target named.service nss-lookup.service + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=forking +ExecStartPre=%{_libexecdir}/squid/initialize_cache_if_needed.sh +ExecStart=/usr/sbin/squid -FC +ExecReload=/usr/bin/kill -HUP $MAINPID +LimitNOFILE=4096 + +[Install] +WantedBy=multi-user.target + diff --git a/squid.spec b/squid.spec new file mode 100644 index 0000000..f81a9cf --- /dev/null +++ b/squid.spec @@ -0,0 +1,434 @@ +# +# spec file for package squid +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define squidlibexecdir %{_libexecdir}/squid +%define squidconfdir %{_sysconfdir}/squid +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 +%define squidhelperdir %{squidlibexecdir} +%else +%define squidhelperdir %{_sbindir} +%endif +Name: squid +Version: 6.12 +Release: 0 +Summary: Caching and forwarding HTTP web proxy +License: GPL-2.0-or-later +Group: Productivity/Networking/Web/Proxy +URL: http://www.squid-cache.org +Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz +Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc +Source5: pam.squid +Source6: unsquid.pl +Source7: %{name}.logrotate +Source9: %{name}.permissions +Source10: README.kerberos +Source11: %{name}.service +Source12: %{name}-user.conf +# http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html +#Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring +Source13: squid.keyring +Source15: cache_dir.sed +Source16: initialize_cache_if_needed.sh +Source17: tmpfilesdir.squid.conf +Patch1: missing_installs.patch +Patch2: old_nettle_compat.patch +Patch3: harden_squid.service.patch +Patch4: CVE-2024-33427.patch +BuildRequires: cppunit-devel +BuildRequires: expat +BuildRequires: fdupes +%if 0%{?suse_version} < 1590 +BuildRequires: gcc11-c++ +%else +BuildRequires: gcc-c++ +%endif +BuildRequires: libcap-devel +BuildRequires: libtool +BuildRequires: openldap2-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: samba-winbind +BuildRequires: sharutils +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(gssrpc) +BuildRequires: pkgconfig(krb5) +BuildRequires: pkgconfig(libsasl2) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(nettle) +BuildRequires: pkgconfig(tdb) +Requires(pre): permissions +Recommends: logrotate +Provides: http_proxy +%{?systemd_ordering} +%if 0%{?suse_version} <= 1500 +# due to package rename +# Wed Aug 15 17:40:30 UTC 2012 +# remove this after SLE15 +Provides: %{name}3 = %{version} +Obsoletes: %{name}3 < %{version} +%endif +%if 0%{?suse_version} >= 1500 +BuildRequires: sysuser-shadow +BuildRequires: sysuser-tools +%sysusers_requires +%else +Requires(pre): shadow +%endif +%if 0%{?suse_version} >= 1330 && 0%{?suse_version} < 1599 +BuildRequires: libnsl-devel +%endif + +%description +Squid is a caching proxy for the Web supporting HTTP(S), FTP, and +some others. It reduces bandwidth and improves response times by +caching and reusing frequently-requested web pages. Squid has +extensive access controls and can also be used as a server +accelerator. + +%prep +%setup -q +cp %{SOURCE10} . +%patch -P 3 -p1 +%patch -P 4 -p1 + +# upstream patches after RELEASE +perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` +%patch -P 1 -p1 +%if 0%{?suse_version} < 1500 +%patch -P 2 -p1 +%endif + +%build +autoreconf -fi +cd libltdl; autoreconf -fi; cd .. +export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" +export CXXFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF" +export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro,-z,now -pie" +%if 0%{?suse_version} < 1590 +export CC=gcc-11 +export CXX=g++-11 +%endif +%configure \ + --disable-strict-error-checking \ + --sysconfdir=%{squidconfdir} \ + --libexecdir=%{squidhelperdir} \ + --datadir=%{_datadir}/squid \ + --sharedstatedir=%{_localstatedir}/squid \ + --with-logdir=%{_localstatedir}/log/squid \ + --with-pidfile=%{_rundir}/squid.pid \ + --with-dl \ + --enable-disk-io \ + --enable-storeio \ + --enable-removal-policies=heap,lru \ + --enable-icmp \ + --enable-delay-pools \ + --enable-icap-client \ + --enable-useragent-log \ + --enable-referer-log \ + --enable-kill-parent-hack \ + --enable-arp-acl \ + --enable-ssl-crtd \ + --with-openssl \ + --enable-forw-via-db \ + --enable-cache-digests \ + --enable-linux-netfilter \ + --with-large-files \ + --enable-underscores \ + --enable-auth \ +%if 0%{?suse_version} < 1599 + --enable-auth-basic="SMB_LM,DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \ +%else + --enable-auth-basic="SMB_LM,DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB" \ +%endif + --enable-auth-ntlm="SMB_LM,fake" \ + --enable-auth-negotiate \ + --enable-auth-digest \ + --enable-external-acl-helpers=LDAP_group,eDirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group,time_quota \ + --enable-stacktraces \ + --enable-x-accelerator-vary \ + --with-default-user=%{name} \ + --disable-ident-lookups \ + --enable-follow-x-forwarded-for \ + --disable-arch-native \ + --enable-security-cert-generators \ + --enable-security-cert-validators +#make -O SAMBAPREFIX=%{_prefix} %{?_smp_mflags} +mkdir src/icmp/tests +mkdir tools/squidclient/tests +mkdir tools/sysvinit/tests tools/tests +make %{?_smp_mflags} +%if 0%{?suse_version} >= 1500 +%sysusers_generate_pre %{SOURCE12} squid +%endif + +%install +install -d -m 750 %{buildroot}%{_localstatedir}/{cache,log}/%{name} +install -d %{buildroot}%{_sbindir} + +# make_install +%make_install SAMBAPREFIX=%{_prefix} + +mv %{buildroot}{%{_sysconfdir}/%{name}/,%{_datadir}/%{name}/}mime.conf.default +ln -s %{_sysconfdir}/%{name}/mime.conf %{buildroot}%{_datadir}/%{name} # backward compatible + +# install logrotate file +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -Dpm 644 %{SOURCE7} \ + %{buildroot}%{_distconfdir}/logrotate.d/%{name} +%else +install -Dpm 644 %{SOURCE7} \ + %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +%endif + +install -d -m 755 doc/scripts +install scripts/*.pl doc/scripts +cat > doc/scripts/cachemgr.readme <<-EOT +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 + cachemgr.cgi will now be found in %{squidhelperdir} +%else + cachemgr.cgi will now be found in %{_libdir}/%{name} +%endif +EOT + +%if 0%{?suse_version} <= 1500 && 0%{?sle_version} < 150300 +install -dpm 755 %{buildroot}/%{_libdir}/%{name} +mv %{buildroot}%{_sbindir}/cachemgr.cgi %{buildroot}/%{_libdir}/%{name} +%endif + +install -dpm 755 doc/contrib +install %{SOURCE6} doc/contrib +%if 0%{?suse_version} > 1500 +mkdir -p %{buildroot}%{_pam_vendordir} +install -Dpm 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/%{name} +%else +install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/%{name} +%endif + +rm -rf %{buildroot}%{squidconfdir}/errors +for i in errors/*; do + if [ -d $i ]; then + mkdir -p %{buildroot}%{_datadir}/%{name}/$i + install -m 644 $i/* %{buildroot}%{_datadir}/%{name}/$i + fi +done + +# systemd +install -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}.service +install -D -m 755 %{SOURCE15} %{buildroot}%{squidlibexecdir}/cache_dir.sed +install -D -m 755 %{SOURCE16} %{buildroot}%{squidlibexecdir}/initialize_cache_if_needed.sh +sed -i -e 's!%%{_libexecdir}!%{_libexecdir}!' %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} + +# needed for smp support (bsc#1112695, bsc#1112066) +mkdir -p %{buildroot}%{_tmpfilesdir} +install -D -m 644 %{SOURCE17} %{buildroot}%{_tmpfilesdir}/squid.conf + +# Move the MIB definition to the proper place (and name) +mkdir -p %{buildroot}%{_datadir}/snmp/mibs +mv %{buildroot}%{_datadir}/squid/mib.txt \ + %{buildroot}%{_datadir}/snmp/mibs/SQUID-MIB.txt + +%if 0%{?suse_version} >= 1500 +# Install sysusers file. +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ +%endif + +%check +# Fails in chroot environment +make check %{?_smp_mflags} + +%pretrans -p +-- Remove symlink that is has become a directory +path = "%_datadir/squid/errors/es-mx" +st = posix.stat(path) +if st and st.type == "link" then + os.remove(path) +end + +%if 0%{?suse_version} >= 1500 +%pre -f squid.pre +%else + +%pre +# we need this group for /usr/sbin/pinger +getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name} +# we need this group for squid (ntlmauth) +# read access to /var/lib/samba/winbindd_privileged +getent group winbind >/dev/null || %{_sbindir}/groupadd -r winbind +getent passwd squid >/dev/null || \ + %{_sbindir}/useradd -c "WWW-proxy squid" -d %{_localstatedir}/cache/%{name} \ + -G winbind -g %{name} -o -u 31 -r -s /bin/false \ + %{name} +# if default group is not squid, change it +if [ "$(%{_bindir}/id -ng %{name} 2>/dev/null)" != "%{name}" ]; then + %{_sbindir}/usermod -g %{name} %{name} +fi +# if squid is not member of winbind, add him +if [ $(%{_bindir}/id -nG %{name} 2>/dev/null | grep -q winbind; echo $?) -ne 0 ]; then + %{_sbindir}/usermod -G winbind %{name} +fi +%endif +%service_add_pre %{name}.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/%{name} pam.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/%{name} pam.d/%{name} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +# update mode? +if [ "$1" -gt "1" ]; then + if [ -e %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf -a ! -e %{_sysconfdir}/%{name}/%{name}.conf ]; then + echo "moving %{_sysconfdir}/%{name}.conf to %{_sysconfdir}/%{name}/%{name}.conf" + mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf + fi +fi + +%post +%set_permissions %{squidhelperdir}/pinger +%set_permissions %{_localstatedir}/cache/squid/ +%set_permissions %{_localstatedir}/log/squid/ +%tmpfiles_create %{_tmpfilesdir}/squid.conf +%service_add_post squid.service + +%preun +%service_del_preun squid.service + +%verifyscript +%verify_permissions -e %{squidhelperdir}/pinger +%verify_permissions -e %{_localstatedir}/cache/squid/ +%verify_permissions -e %{_localstatedir}/log/squid/ + +%postun +%service_del_postun squid.service + +%files +%ghost %dir %{_rundir}/%{name} +%license COPYING +%doc ChangeLog CONTRIBUTORS CREDITS +%doc QUICKSTART README RELEASENOTES.html SPONSORS* +%doc README.kerberos +%doc doc/contrib doc/scripts +%doc doc/debug-sections.txt src/%{name}.conf.default +%{_mandir}/man?/* +%{_unitdir}/%{name}.service +%{squidlibexecdir}/initialize_cache_if_needed.sh +%{squidlibexecdir}/cache_dir.sed +%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/cache/%{name}/ +%verify(not user group mode) %attr(750,%{name},root) %dir %{_localstatedir}/log/%{name}/ +%dir %{squidconfdir} +%dir %{_tmpfilesdir} +%dir %{_libexecdir}/%{name} +%{_tmpfilesdir}/squid.conf +%if 0%{?suse_version} >= 1500 +%{_sysusersdir}/squid-user.conf +%endif +%config(noreplace) %{squidconfdir}/cachemgr.conf +%config(noreplace) %{squidconfdir}/errorpage.css +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/%{name} +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%endif +%config(noreplace) %{squidconfdir}/mime.conf +%config(noreplace) %{squidconfdir}/%{name}.conf +%config %{squidconfdir}/cachemgr.conf.default +%config %{squidconfdir}/errorpage.css.default +%config %{squidconfdir}/%{name}.conf.default +%config %{squidconfdir}/%{name}.conf.documented +%if 0%{?suse_version} > 1500 +%{_pam_vendordir}/%{name} +%else +%config %{_sysconfdir}/pam.d/%{name} +%endif +%dir %{_datadir}/%{name} +%dir %{_datadir}/snmp +%dir %{_datadir}/snmp/mibs +%{_datadir}/%{name}/errors +%{_datadir}/%{name}/icons +%{_datadir}/%{name}/mime.conf +%{_datadir}/%{name}/mime.conf.default +%{_datadir}/snmp/mibs/SQUID-MIB.txt +%{_bindir}/purge +%{_bindir}/squidclient +%{squidhelperdir}/basic_db_auth +%{squidhelperdir}/basic_fake_auth +%{squidhelperdir}/basic_getpwnam_auth +%{squidhelperdir}/basic_ldap_auth +%{squidhelperdir}/digest_edirectory_auth +%{squidhelperdir}/basic_ncsa_auth +%if 0%{?suse_version} < 1599 +%{squidhelperdir}/basic_nis_auth +%endif +%{squidhelperdir}/basic_pam_auth +%{squidhelperdir}/basic_pop3_auth +%{squidhelperdir}/basic_radius_auth +%{squidhelperdir}/basic_sasl_auth +%{squidhelperdir}/basic_smb_auth +%{squidhelperdir}/basic_smb_auth.sh +%{squidhelperdir}/basic_smb_lm_auth +%{squidhelperdir}/cert_tool +%{squidhelperdir}/digest_file_auth +%{squidhelperdir}/digest_ldap_auth +%{squidhelperdir}/diskd +%{squidhelperdir}/ext_edirectory_userip_acl +%{squidhelperdir}/ext_file_userip_acl +%{squidhelperdir}/ext_kerberos_ldap_group_acl +%{squidhelperdir}/ext_ldap_group_acl +%{squidhelperdir}/ext_session_acl +%{squidhelperdir}/ext_unix_group_acl +%{squidhelperdir}/ext_wbinfo_group_acl +%{squidhelperdir}/helper-mux +%{squidhelperdir}/log_db_daemon +%{squidhelperdir}/log_file_daemon +%{squidhelperdir}/negotiate_kerberos_auth +%{squidhelperdir}/negotiate_kerberos_auth_test +%{squidhelperdir}/negotiate_wrapper_auth +%{squidhelperdir}/ntlm_fake_auth +%{squidhelperdir}/ntlm_smb_lm_auth +%{squidhelperdir}/pinger +%{squidhelperdir}/security_fake_certverify +%{squidhelperdir}/security_file_certgen +%{squidhelperdir}/storeid_file_rewrite +%{squidhelperdir}/unlinkd +%{squidhelperdir}/url_fake_rewrite +%{squidhelperdir}/url_fake_rewrite.sh +%{squidhelperdir}/url_lfs_rewrite +%{squidhelperdir}/ext_time_quota_acl +%{_sbindir}/squid +%{_sbindir}/rcsquid +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 +%dir %{squidhelperdir} +%{squidhelperdir}/cachemgr.cgi +%else +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/cachemgr.cgi +%endif + +%changelog diff --git a/tmpfilesdir.squid.conf b/tmpfilesdir.squid.conf new file mode 100644 index 0000000..eb58fb9 --- /dev/null +++ b/tmpfilesdir.squid.conf @@ -0,0 +1,3 @@ +# See tmpfiles.d(5) for details +d /run/squid 0700 squid root - + diff --git a/unsquid.pl b/unsquid.pl new file mode 100644 index 0000000..b351093 --- /dev/null +++ b/unsquid.pl @@ -0,0 +1,217 @@ +#!/usr/bin/perl -w +# +# unsquid v0.2 -- Squid object dumper. +# Copyright (C) 2000 Avatar . +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA +# +# $Id: unsquid,v 1.4 2000/03/11 17:31:06 avatar Exp $ + +=pod + +=head1 NAME + +unsquid - dump Squid objects + +=head1 SYNOPSIS + +B S<[ B<-d>I ]> +S<[ B<-t>I ]> +S<[ B<-fv> ]> +S<[ B<-Vh> ]> + +=head1 DESCRIPTION + +unsquid dumps Squid cache files specified on the command line into +directories reflecting their original URLs, hence preserving the +original site layouts for off-line browsing. + +Typically usage is + + find /usr/local/squid/cache/??/ -type f -print | \ + xargs unsquid -t 'image/.*' -d /tmp + +The command line options are explained below. + +=over + +=item B<-t>I S I> + +Dump only files matching the MIME type regex I. + +=item B<-f> B<--force> + +Overwrite existing files. For security reason, this option is disabled +when run as root. + +=item B<-v> B<--verbose> + +Print the URLs of dumped objects. + +=item B<-d>I S I> + +Dump the files inside I. + +=item B<-V> B<--version> + +Print the version number. + +=item B<-h> B<--help> + +Print a summary of command line options. + +=back + +=head1 AUTHOR + +Avatar > + +=cut + +use POSIX; +use Getopt::Long; +use strict; + +my $help = < \$destdir, + "type=s" => \$type, + "verbose|v+" => \$verbose, + "force!" => \$force, + "version|V" => \$showver, + "help" => \$showhelp); + +if ($showver) { + print <. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, +to the extent permitted by law. +EOT + exit; +} + +if ($#ARGV < 0 or $showhelp) { + print $help; + exit; +} + +if ($force and $< == 0) { + die "$0: root is not allowed to use the force option"; +} + +for (@ARGV) { + my ($url, $urllen); + + # read 4 bytes from offset 56 as the length of the url + open(INFILE, "<$_") or die "$0: cannot open file $_ for reading: $!"; + seek(INFILE, 56, SEEK_SET) or die "$0: cannot seek 56 bytes: $!"; + read(INFILE, $urllen, 4) or die "$0: cannot read 4 bytes: $!"; + $urllen = ord($urllen) - 1; # kill the last NUL + + # read the url + read(INFILE, $url, $urllen); + + # expand index urls + $url =~ s-/$-/$defaultindex-m; + + # scan the contents + my ($seenheader); + while () { + if ($seenheader) { + print OUTFILE; + next; + } + + # if type is specified, do matching + if (/^Content-Type: /i and defined $type) { + m-[^:]*: (\w+/\w+)-; + last if $1 !~ /$type/; + next; + } + + # at this point we must have matched the type + if (/^\r$/) { + $seenheader = 1; + + makedir($url); + if (! defined $force and -e "$destdir/$url") { + warn "$0: file $destdir/$url exists, skipped"; + last; + } + open(OUTFILE, ">$destdir/$url") + or die "$0: cannot open file $destdir/$url for writing: $!"; + print "$url\n" if $verbose; + } + } + close(INFILE); + close(OUTFILE); +} + +sub makedir { + my ($basename) = @_; + my $path = $destdir; + + if (! -d $destdir) { + warn "$0: destination directory $destdir does not exist, making it"; + mkdir $destdir, 0777 or die "$0: cannot mkdir $destdir: $!"; + } + + while( $basename =~ m-^([^/]*)/- ) { + $path .= "/".$1; + if (! -d $path) { + if (! mkdir $path, 0777) { + if (-f $path) { + # move the file in + open FILE, $path + or die "$0: cannot open $path for reading: $!"; + undef $/; + my $buf = ; + $/ = "\n"; + close FILE; + unlink $path; + + mkdir $path, 0777 + or die "$0: cannot make directory $path: $!"; + + open FILE, ">$path-redirect" + or die "$0: cannot open $path/$defaultindex for writing: $!"; + print FILE $buf; + close FILE; + } else { + die "d$0: cannot mkdir $path: $!"; + } + } + } + $basename = $'; + } +}