diff --git a/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch b/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch deleted file mode 100644 index 0ad7f9d..0000000 --- a/0001-tss2_rc-ensure-layer-number-is-in-bounds.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Thu, 19 Jan 2023 11:53:06 -0600 -Subject: [PATCH] tss2_rc: ensure layer number is in bounds - -The layer handler array was defined as 255, the max number of uint8, -which is the size of the layer field, however valid values are 0-255 -allowing for 256 possibilities and thus the array was off by one and -needed to be sized to 256 entries. Update the size and add tests. - -Note: previous implementations incorrectly dropped bits on unknown error -output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF, -but earlier implementations returned 255:0xFFFF, dropping the middle -bits, this patch fixes that. - -Fixes: CVE-2023-22745 - -Signed-off-by: William Roberts ---- - src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++---------- - test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++- - 2 files changed, 41 insertions(+), 11 deletions(-) - -Index: tpm2-tss-3.2.0/src/tss2-rc/tss2_rc.c -=================================================================== ---- tpm2-tss-3.2.0.orig/src/tss2-rc/tss2_rc.c -+++ tpm2-tss-3.2.0/src/tss2-rc/tss2_rc.c -@@ -1,5 +1,8 @@ - /* SPDX-License-Identifier: BSD-2-Clause */ -- -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif -+#include - #include - #include - #include -@@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc) - static struct { - char name[TSS2_ERR_LAYER_NAME_MAX]; - TSS2_RC_HANDLER handler; --} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT] = { -+} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT + 1] = { - ADD_HANDLER("tpm" , tpm2_ehandler), - ADD_NULL_HANDLER, /* layer 1 is unused */ - ADD_NULL_HANDLER, /* layer 2 is unused */ -@@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc) - static __thread char buf[32]; - - clearbuf(buf); -- catbuf(buf, "0x%X", tpm2_error_get(rc)); -+ catbuf(buf, "0x%X", rc); - - return buf; - } -@@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc) - catbuf(buf, "%u:", layer); - } - -- handler = !handler ? unknown_layer_handler : handler; -- - /* - * Handlers only need the error bits. This way they don't - * need to concern themselves with masking off the layer - * bits or anything else. - */ -- UINT16 err_bits = tpm2_error_get(rc); -- const char *e = err_bits ? handler(err_bits) : "success"; -- if (e) { -- catbuf(buf, "%s", e); -+ if (handler) { -+ UINT16 err_bits = tpm2_error_get(rc); -+ const char *e = err_bits ? handler(err_bits) : "success"; -+ if (e) { -+ catbuf(buf, "%s", e); -+ } else { -+ catbuf(buf, "0x%X", err_bits); -+ } - } else { -- catbuf(buf, "0x%X", err_bits); -+ /* -+ * we don't want to drop any bits if we don't know what to do with it -+ * so drop the layer byte since we we already have that. -+ */ -+ const char *e = unknown_layer_handler(rc >> 8); -+ assert(e); -+ catbuf(buf, "%s", e); - } - - return buf; diff --git a/baselibs.conf b/baselibs.conf index 2eb088f..552bbc9 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,10 +1,12 @@ libtss2-esys0 libtss2-fapi1 libtss2-mu0 +libtss2-policy0 libtss2-rc0 libtss2-sys1 libtss2-tcti-cmd0 libtss2-tcti-device0 -libtss2-tctildr0 libtss2-tcti-mssim0 +libtss2-tcti-spi-helper0 libtss2-tcti-swtpm0 +libtss2-tctildr0 diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes index 715ab09..50aee2a 100644 --- a/tpm2-0-tss.changes +++ b/tpm2-0-tss.changes @@ -1,3 +1,113 @@ +------------------------------------------------------------------- +Thu Feb 16 14:41:06 UTC 2023 - Alberto Planas Dominguez + +- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was + already merged upstream +- Update to 4.0.1 + + Fixed: + * A buffer overflow in tss2-rc as CVE-2023-22745. +- Update to 4.0.0 + + Fixed: + * tcti-ldr: Use heap instead of stack when tcti initialize + * Fix usage of NULL pointer if Esys_TR_SetAuth is calles with + ESYS_TR_NONE. + * Conditionally check user/group manipulation commands. + * Store VERSION into the release tarball. + * When using DESTDIR for make einstall, do not invoke + systemd-sysusers and systemd-tmpfiles. + * esys_iutil: fix possible NPD. + * Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea + handle and not as parameter one, this affected the contents of + cpHash. + * esys: fix allow usage of HMAC sessions for + Esys_TR_FromTPMPublic. + * fapi: fix usage of policy_nv with a TPM nv index. + * linking tcti for libtpms against tss2-tctildr. It should be + linked against tss2-mu. + * build: Remove erroneous trailing comma in linker option. Bug + #2391. + * fapi: fix encoding of complex tpm2bs in authorize nv, + duplication select and policy template policies. Now the complex + and TPMT or TPMS representations can be used. Bug #2383 + * The error message for unsupported FAPI curves was in hex without + a leading 0x, make it integer output to clarify. + * Documentation that had various scalar out pointers as "callee + allocated". + * test: build with opaque FILE structure like in musl libc. + * Transient endorsement keys were not recreated according to the + EK credential profile. + * Evict control for a persistent EK failed during provisioning if + an auth value for the storage hierarchy was set. + * The authorization of the storage hierarchy is now added. Fixes + FAPI: Provisioning error if an auth value is needed for the + storage hierarchy #2438. + * Usage of a second profile in a path was not possible because the + default profile was always used. + * The setting of an empty auth value for Fapi_Provision was fixed. + * JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the + field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS + 2.0 JSON Data Types and Policy Language Specification". Rename + to hashAlg but preserve support for reading keyPEMhashAlg for + backwards compatibility. + * fapi: PolicySecret did not work with keys as secret object. + * Esys_PCR_SetAuthValue: remembers the auth like other SetAutg + ESAPI functions. + * tests: esys-pcr-auth-value.int moved to destructive tests. + * FAPI: Fix double free if keystore is corrupted. + * Marshaling of TPMU_CAPABILITIES data, only field + intelPttProperty was broken before.a + * Spec deviation in Fapi_GetDescription caused description to be + NULL when it should be empty string. This is API breaking but + considered a bug since it deviated from the FAPI spec. + * FAPI: undefined reference to curl_url_strerror when using curl + less than 7.80.0. + * FAPI: Fixed support for EK templates in NV inidices per the + spec, see #2518 for details. + * FAPI: fix NPD in ifapi_curl logging. + * FAPI: Improve documentation fapi-profile + * FAPI: Fix CURL HTTP handling. + * FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in + keystore. + + Added: + * TPM version 1.59 support. + * ci: ubuntu-22.04 added. + * mbedTLS 3.0 is supported by ESAPI. + * Add CreationHash to JSON output for usage between applications + not using the FAPI keystore, like command line tools. + * Reduced code size for SAPI. + * Support for Runtime Switchable ESAPI Crypto Backend via + Esys_SetCryptoCallbacks. + * Testing for TCG EK Credential Profile TPM 2.0, Version 2.4 + Rev. 3, 2021 for the low and high address range of EK templates. + * tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into + the various bit fields. + * FAPI support for P_ECC384 profile. + * tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human + readable error from a TSS2_RC_INFO returned by + Tss2_RC_DecodeInfo + * tcti: Generic SPI driver, implementors only need to connect to + acquire/release, transmit/receive, and sleep/timeout functions. + * FAPI: Add event logging for Firmware and IMA Events. See #2170 + for details. + * FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being + reflected across profiles. + * FAPI: Allow keyedhash keys in PolicySigned. + * ESAPI: Support sha512 for mbedtls crypto backend. + * TPM2B_MAX_CAP_BUFFER and mu routines + * vendor field to TPMU_CAPABILTIIES + * FAPI: support for PolicyTemplate + + Changed + * libmu soname from 0:0:0 to 0:1:0. + * tss2-sys soname from 1:0:0 to 1:1:0 + * tss2-esys: from 0:0:0 to 0:1:0 + * FAPI ignores vendor properties on Fapi_GetInfo + * FAPI Event Logging JSON format, See #2170 for details. + + Removed + * Dead struct TPMS_ALGORITHM_DESCRIPTION + * Dead field intelPttProperty from TPMU_CAPABILITIES + * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal + * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal + ------------------------------------------------------------------- Fri Jan 20 11:10:30 UTC 2023 - Matthias Gerstner diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec index e1cdbc3..fa2f4b7 100644 --- a/tpm2-0-tss.spec +++ b/tpm2-0-tss.spec @@ -17,7 +17,7 @@ Name: tpm2-0-tss -Version: 3.2.0 +Version: 4.0.1 Release: 0 Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips License: BSD-2-Clause @@ -25,10 +25,9 @@ Group: Productivity/Security URL: https://github.com/tpm2-software/tpm2-tss Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz Source1: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz.asc -# curl https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xd6b4d8bac7e0cc97dcd4ac7272e88b53f7a95d84 > tpm2-tss.keyring +# curl https://github.com/williamcroberts.gpg > tpm2-tss.keyring Source2: tpm2-tss.keyring Source3: baselibs.conf -Patch0: 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch BuildRequires: /usr/sbin/groupadd BuildRequires: acl BuildRequires: doxygen @@ -39,6 +38,7 @@ BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libopenssl) BuildRequires: pkgconfig(udev) +BuildRequires: pkgconfig(uuid) # The same user is employed by trousers (and was employed by the old # resourcemgr shipped with the tpm2-0-tss package): # @@ -69,12 +69,14 @@ Requires: glibc-devel Requires: libtss2-esys0 = %{version} Requires: libtss2-fapi1 = %{version} Requires: libtss2-mu0 = %{version} +Requires: libtss2-policy0 = %{version} Requires: libtss2-rc0 = %{version} Requires: libtss2-sys1 = %{version} Requires: libtss2-tcti-cmd0 = %{version} Requires: libtss2-tcti-device0 = %{version} Requires: libtss2-tcti-mssim0 = %{version} Requires: libtss2-tcti-pcap0 = %{version} +Requires: libtss2-tcti-spi-helper0 = %{version} Requires: libtss2-tcti-swtpm0 = %{version} Requires: libtss2-tctildr0 = %{version} Requires: tpm2-0-tss = %{version} @@ -158,6 +160,17 @@ This is the tpm2 Feature API (FAPI) library. This API is designed to be very high-level API, intended to make programming with the TPM as simple as possible. +%package -n libtss2-policy0 +Summary: TPM2 FAPI policy library +Group: System/Libraries + +%description -n libtss2-policy0 +Library that exposes the internal FAPI policy engine as a consumable +library and stable API. Users can take arbitrary JSON policy strings +and implement the callbacks required to produce calculated policies +without a TPM as well as execute policies on an ESYS TR session for +satisfying access policies on an object. + %package -n libtss2-tcti-cmd0 Summary: TCTI cmd interface library Group: System/Libraries @@ -185,8 +198,18 @@ A TCTI which prints TPM commands and responses to a file in pcap-ng format. It a details of direct communication with the interface and protocol exposed by the daemon hosting the TPM2 reference implementation. +%package -n libtss2-tcti-spi-helper0 +Summary: TCTI spi interface library +Group: System/Libraries + +%description -n libtss2-tcti-spi-helper0 +A TCTI module for communication via SPI TPM device driver. Abstracts +the details of communication with a TPM via SPI protocol. It uses user +supplied methods for SPI and timing operations in order to be platform +independent. + %prep -%autosetup -p1 -n tpm2-tss-%{version} +%autosetup -n tpm2-tss-%{version} %build # configure looks for groupadd on PATH @@ -230,12 +253,16 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %tmpfiles_create %{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf %postun -n libtss2-fapi1 -p /sbin/ldconfig +%post -n libtss2-policy0 -p /sbin/ldconfig +%postun -n libtss2-policy0 -p /sbin/ldconfig %post -n libtss2-tcti-cmd0 -p /sbin/ldconfig %postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig %post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig %postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig %post -n libtss2-tcti-pcap0 -p /sbin/ldconfig %postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig +%post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig +%postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig %files %doc *.md @@ -291,6 +318,9 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf # %%ghost %%{_sharedstatedir}/%%{name}/system/keystore # %%ghost %%{_rundir}/%%{name}/eventlog +%files -n libtss2-policy0 +%{_libdir}/libtss2-policy.so.* + %files -n libtss2-tcti-cmd0 %{_libdir}/libtss2-tcti-cmd.so.* @@ -300,4 +330,7 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %files -n libtss2-tcti-pcap0 %{_libdir}/libtss2-tcti-pcap.so.* +%files -n libtss2-tcti-spi-helper0 +%{_libdir}/libtss2-tcti-spi-helper.so.* + %changelog diff --git a/tpm2-tss-3.2.0.tar.gz b/tpm2-tss-3.2.0.tar.gz deleted file mode 100644 index c4c0fd3..0000000 --- a/tpm2-tss-3.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912 -size 1629211 diff --git a/tpm2-tss-3.2.0.tar.gz.asc b/tpm2-tss-3.2.0.tar.gz.asc deleted file mode 100644 index 7ddcbb2..0000000 --- a/tpm2-tss-3.2.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE1rTYusfgzJfc1KxycuiLU/epXYQFAmIPsO0ACgkQcuiLU/ep -XYRd+RAApB43omQ9MpVgQTIRcvwVhZkORXqPC/o9KxorFe7apA1BN5Lj4s5otOUK -C4N86W8eaPjXmoj+yiV7z97ZNVTZ0uUTNrDRh3uS52f7j3BwR1k0CuRcYdi3K34N -92X1VaP3BA37zw4esV5RyhLFBW/o2PJYg092ZOsQ4ko/HcBoUEp87dmH9xoem/O1 -6sMGry+4CbvMX0o9XtQ/1yfJpuINTEVs0Ex7YVNwdseDolP6bmphdyJTF4j9iElV -dNqUBtV0GHgSPj0//JTeMdgsgeRUooufVH+mtBmieFfX4LXzF+0MxcZEUMZyB0IJ -Dc/IkKVglT83t0TQdwtFqxrJHcJJb6UrVW5N8/ogbwR882mhoF3N4k5njEshBn8B -9xph9h91qaelj33uiJiILzyw+dCK1tp3dC0p7vg+GfhHSUjA5mNSS62qQffm59E4 -3tO1mbZ+g3P80oHWJxT2GEDQmWbZN0ao42vLXlInYT7ZOn+tdbV7TUbN33r1i0DD -QAHZevE3d0F9dady0llKWCY7XFKqZ6rC8O7QaJDcPWdZ3urzVgRNDRLIc38WJaYQ -GiHaagsLNi8hvLEumz8F8L/rvcZ24jJeEjkjRewMHQDL0Z8qaSd7y1wdxhvpJdvQ -s0PXDRsg0GU61Fb1l/rYyWfjUJKeJbbmCsviCOUHWjuByyujES0= -=CvUq ------END PGP SIGNATURE----- diff --git a/tpm2-tss-4.0.1.tar.gz b/tpm2-tss-4.0.1.tar.gz new file mode 100644 index 0000000..1aa8a39 --- /dev/null +++ b/tpm2-tss-4.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950 +size 1787139 diff --git a/tpm2-tss-4.0.1.tar.gz.asc b/tpm2-tss-4.0.1.tar.gz.asc new file mode 100644 index 0000000..4bed970 --- /dev/null +++ b/tpm2-tss-4.0.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1PMACgkQbeLpB44f +UMFtQw/+IDx+P0RGWthfR3f4t/cfp9JBgiHfujNigWpv9LNG439Sew+8njEsmvEP +2yAHIiJGFMkwXadLNWgUnhvGYS628zqoPMLgDUW9PVAirrvo6XMf45wrBVLOZTX/ +1N6Bol9wT3TfcVUnSbL/0oZwgTAxSDQJB7I64788ujwGnrbBLTEirDB/sqVVFF5k +1g3rMMH95nTGBqm96PA8gKYutOdOpOH9Gn/CexX9NuDrb00Nqx906kybkCIYEkdy +2Fp03zNTEo+iRtSIhrDZVbab/1UUN2r0rc6T6gABePUHS2lxPth6tLX0tVpq3RLJ +1mi7XJuri2Mqw4APOnavrK5qpCgAqONOn92+QqzmPylUFsRM6mzalDALvDwwknp4 +sEohsiPyxCC+oSErm5Urh3yUlZ8c068zQ1OXGOdZPNM281bEGf3ORRemkI1gT7eI +cC4Y3YRuWBeQyoANAzrAJYttsOe9ia/PadnnQiWcMPH4o4hGjgvYPJuI6fePn2SS +dgC9Z1O1LOk17XnNQb3cAshiOPQo8BjQB89QUi4pJRCbpY6WEB6Wc9OmEEhUuWDT +3ECHeDZGPRg6G4xELT2SZ2QMDhlfORaV0hbU0lMoNMQrslrZALm8424bDt3Q7R9j +iPkpp4ArVdxYvbENkdVcZBZF0qAmPmolNv/PkLVK0o9mYEmXVp8= +=vwbh +-----END PGP SIGNATURE----- diff --git a/tpm2-tss.keyring b/tpm2-tss.keyring index d7e8dc2..0f0421b 100644 --- a/tpm2-tss.keyring +++ b/tpm2-tss.keyring @@ -1,54 +1,51 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: Hostname: -Version: Hockeypuck 2.1.0-152-ga266fd3 -xsFNBFxtMHkBEACtvqN9RbZbJrtpqxLml+j5qVuXQDMTBF99PAhD0rgHfcsG8ezT -oiTf2PEo/DW59D5qwJEJVEMbwh59SX97UJ+diI2gGn2FTzia4qkGG76LGps5LSQU -TTpX+NpOOEy+zttJQJPtk7toHKKfyZBFsgxPepwblEotR047Z0mri2vhXZWum+np -+2B+9IwebS1U1/EBVl10ab9UjFv3Pj3bASCKpseZEJcitKlcjpVFc4hyLZIl+syB -ysZX2+DhiUXFetjz+h4Zb4nAWF5ZPbs0KXo8gnTxqprbfOL+XZFYyeo/63dSlaxt -fkChWb4DIGtxDGogipcGmoZBoFiXzGxc6X+y3wGvoJyzeArusx2IR6VCzSQvuEfz -4kII1tWngId/cokmNx1ervARrf+gOpeii9qva6bYsulqNqaoh68ODJFosbn5DVVb -fXv3l7SmT766Q7yKFSg2TN1aLMn1pY+TE9pxGza5G37qBc/WLC7NTgmUTst8hpCD -kiMj1fRdHoJ3Ura6WilJC8tg/0d0mCiFc8nxOSbf8qvTgDBss4Hpe/cpfS4m4ymk -G23wtg/6arkmOADXsENkGIObTv0pNXklQtZvl9TyTXU7d+GyCL1gQJoI/ZVu1/Zf -8Fds5iPFX9eMqBvh6enZd65FgAyKSxZ+tgwXwFeNZDRsORX3cLG8H3lfiQARAQAB -zS9BbmRyZWFzIEZ1Y2hzIDxhbmRyZWFzLmZ1Y2hzQHNpdC5mcmF1bmhvZmVyLmRl -PsLBlAQTAQoAPhYhBNa02LrH4MyX3NSscnLoi1P3qV2EBQJcbTB5AhsDBQkJZgGA -BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHLoi1P3qV2Eq1QP/i8mU22JaONg -9JcRz/usGnwWBpe+dTnCieoC7mwLTM2vj3ywax/xh8eAw5I3EWWUEKb0Rq/0wWJN -53Ve7Ecge0zY0YJEr/ZOJs/e4D0T0eUxVuRrto67B8XlkagXNeVI6picS1CRY/7r -5ORdgx2p+VLEwnX6KeFa9BsBXOEHdvSDEvupG098cbc7sdl2mLfKJdXBD4Pve7r4 -FpV7QuY+dXsTj5CG23hw6BLNGDm99p2j40y7wfLh1oEAj1b9Gt8QHsiSYiHfndqf -lzc5FWvoU3jxQcXVkGuaLfa1DFgeZZoXUPbbw9jaXTC1LDtnnjnF79Zs8fFvgek/ -wpfnpGhQfa0rIWDoCDEp6yD9X0fbPKAs0glj5PZ1JlFUYfbIbEy29K+YHj3NHGFi -50WcEg+kqbalOEGpQxCfaFDLdQhXrmIUBBwGP15HFPofWgp0gt+gHyYbR92Os/G9 -Vjk4RGcvZM7t24n0hwkUR8ORH4eSQaCOIL3sdQuVjeWnYbzrMSJ1bsJPprn+pmWC -59rcrKEcTXtkBpjTGls2Nng3FWKDeYLsPXYReGjEtPSHulwpMHq46uCWFfAX2ta1 -5qgleeriFq2yCAbWAV+AGL66E+F4iarLyAQHStXl0vRXsl9U4v6sNIL5TC+mxiry -qa64wLi8tDSs1tCDEHxZGyaWxrSM/bwkzsFNBFxtMHkBEADOk0m6SZOJOPrTL+Qw -oSwyxxCWu+ONld98pSRNDDJx38+fvTMWehzYJLqUiyfs8KILvBebVYXpGBOKdk1j -rXHmPE1EOwaxgCgdl1yXQbIcd1eoRMov4gqLSj2gmAYhyrvfM9TU0Uy5zPTEd36Z -f/HjsmRLhBv356s3YsenGfJO/VPlfQfVeJ/e955Xvs6gpo+7njRpHOWHd6zDzfij -y+ArzYYM7Z+bAK1SpJQpwAQ88JmIb9KtumBXOX7Y7RuWvHBbj+LR54pa/VPtMhx5 -Rq3SEz9kJZZjLcUj3EemnA30loJJzGBVTdAMdne6XqLcJPcLELD2ELZDXf2ebzXB -s7uQ7oCDI01uBNi1kSjrRC2wTvCbV3a44B7lVEmYvlXGom3rm6KB8Q68c86/bsAq -CmJ98x1HXBPPFL4PyIIq55e91n/1QfrjceIZu86PAnWTDRselKO3Rhr/ebHXBsNg -lf1rjOIy4YkdRYvUfRq49PR9gRXD6vRfDBzg7VPHuEBWLib2XB1gamkMT0uqaLNM -W61Xm+MW6NKcaO1PY0UYRpfE0VdMJtLYIJVL81IO67+sBO0tegHboJHzxJA9SGEm -Kz37Fw2XYViKkAtuYqfp7hZBQe3LgFJ0kBokJ2cSzlLBkVp73hIVTqPg8wAFvjY0 -MCPuwsRfQG8sQSyomHbETiNuGwARAQABwsF8BBgBCgAmFiEE1rTYusfgzJfc1Kxy -cuiLU/epXYQFAlxtMHkCGwwFCQlmAYAACgkQcuiLU/epXYSZyQ/+P/LpGH70Vx4g -07xBZ7D63IXl3wblvZsJ0jwSStnreCylcJz62wn5ewgucBBaD878dNyJvDEtIvgx -ev1RPvUffvCdWjOmYCnSx/GlzaJES25Nx4Ye40QOrNRd+p34edqrdRKlfiVM5GuS -G9b/EGE1Aq3yFqtGG/tmteM0VOixfXRWBvMuCwZ/oSHyaQzywMJbdammxUahpDLm -CblVAcEAX+PvVd8B0JfTMOkUZJbj6t+9i05X6nbwjn54hJz7/RkyO4mTDeu+/8I7 -z6xLC8DZlDSrTyow83H9YYrbSi9Bcr75CkDCV2Eo0G/WR+lwLxod12a/gmsVnFk+ -JillaEn8NLons/UuglI0RPahdQBeCr3o7m2qg1tKQZue6qhi/X9lYpg7BYvAWt8V -UdSG7uszNBLMCF255VF9g/c/sxPCQqAeivNmd45gSJmcFh4j5Y7J5UI1FYmuMRP6 -m/TxrRkUcpZQItWlItyEatwQqEqloCS1flfeCSKDH048YuZuqoQREj7s8fCJhEmL -yasQrJgzKqOgmHSohHPL3+Y70MmraQrmzsaTNG0pbl12ZYYA326fMcoIuzk8BbFn -OdgQtf8uBxjBxQYwUAQ5vDSGndopizUW7RKegM8eAEqsV9t+nKDFnnvAd88gVxKy -lCrKeqs8B01YCW/gCy709t5b/XvI/xA= -=tkEk ------END PGP PUBLIC KEY BLOCK----- +mQINBFik3GUBEADYDYbSXH3UTr9oCNCI3UxC1hiLH7cM+QIbMtWiwfAbT3G8wrTa +NPj00qNvI4wQ/Xm3h0hB7kri7vP0FqIjIwsTdM6ZpFdVHHKW1m4P8fkOcxqmLN0g +V36MN5fgoGWf2K94aS7ItoweRMcuHnwWawe6aAtbKSYVqhWhoB/3grgd0xhE61AS +o8fJ7uRYNEAYVeOKlC2j+qKfoJbCa6yqZejFwOOzB6qxNRA7JYvckEf8yJ4+Y16m +qPyZ1ErHzpql3+b5ha+g+9g8WzxAbSfGYZTwaQxyePNjXuq2tdEXf9XnESvoaoN4 +pQhiu/0BJEkXPxl1zso65g4Mn22xEELhUnwPDo5YdLlWEZ8xhELLvdJc3Z0nTR5A +4/YaZvvzf7pOD1cwpB6IrRf8n9rOe1aDxh/A//zX9PpIOV25p5kqlE88Ya5VXrnA +Ayfs19RZmK3+FuaI0ij79CRokG9BrI6TXT0pRTDIRu7GvAo2q13MELRvFddyRT2G +mNjsHYcqEbraYTh3LHEiwfWp4ZgDtk8jj3iRabHQUHk9V8vSFzj+wp1E8HzO8Vp3 +BxMDIOG1VPdLi81DP+LbZI1h30ZG63ulqkKIhwx5/h2v4VCYPatVtGqVf37tLstj +Wrs0DkBykuZrecp+AJ5ZJ+UVvR8ajO2ncAoOugNwoj9Wuvz0fVTiJIhuNQARAQAB +tDxXaWxsaWFtIFJvYmVydHMgKEJpbGwgUm9iZXJ0cykgPHdpbGxpYW0uYy5yb2Jl +cnRzQGludGVsLmNvbT6JAjgEEwECACIFAlik3GUCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJEG3i6QeOH1DBibEQAL4EwEzegkc8NyHiW0mntwDoCv3tkUlG +fprp/g7GWfrP+L+pN5yexg3Zm/CgVN/tTNCEr5XtP+sdds8xBF6ReJ8QPO7EiMiM +asPXh8zlODrySXCGHmpa7IzuUC2wgD3Wq7WjniMvnBmqBdL0+8nqA6NFxOOklvK1 +ub7bqLrHKfUfciFOfYAi+C0Bh8kdZtMjfY9sqlJA3sVK2UxVXq9D+oHbL1o454N6 +VzV0rDtsK47GSSCXT75kulPdfOCopTgxPgNsK4VnXgMOL5JMURPJa3rBzmBRFed1 +ynrqwFdmYdMepsUgt/JS2I/23QChqp6AdVDjtGLKS71hox+vdE4S0DoRnMHwHkkt +B6bqQci3RlUP+wcHHRCUXUubxMSlYJqhBdEOclo6N0X0LseLcdAMGda8ZnqbHlyg +hPLmJrM3C5zTLjDb2YJXCy6RVNwqAnU3o33SZCnHqo/zUjEtR03Ztk1DzSeCjo5w +zLac1VFq5S3QdgZUwmPhyeoigqOvHu6Z1s2eL8Aw7Hn8i6MWLz5sOXAtyC9NPwK/ +qbp1a+GQXzNW4rvKl7ZEFKrBKyj8AiRoVLSRKcqZtFT56ltXQjrwKjsWDTEOzjnm +XCSM96xfay6asQH5fw+haC3RIErwyNV0uUDIVC0xDTZ6NgJEBkp8liwNeHE7eHoN +8qWSZZO2syf7uQINBFik3GUBEAC7V2o1kBsLFSKwmgsCuGfW0oBIQiaCcakT6D2X +rKBjmzBvh/UIdXQwl9+vPKtWX3T/7g6UBvezV3uc2ZqrigGmFemoQI3sW7wFk0L9 +/QTUWCMfZtyrWgqyetmPYS+i2PnsEPinsgsEHWf3iu/ew1A7npZwINwMdOSOVw2u +JqYyW2tZCErWKVe31ziYUpXA+HaRm9zoVr0F0sE2GYGWbMVYtqxN9TSYcIAHxB71 +Y31dcY77ln/1JAH4Yzqc063w/lNYogEbbQY7WNgcKdPP+aovpV7kS3TKwsdb9/xT +pj67nnlvjLTMRoW3Ez0PcIDFhuube9uOQupYG4rC4grLeVLwL/ekVmn6TxRN1hG7 +6zYXWiwWi16uAO++eBNt127FwCOVZsPO0ye3/XpOpCdpUadguxF2gGt6xY0gtetj +Vdv6S4kCdSx8NMrO2epS/1pgklxN9R/xl7Wu+JPUuVX4Jy0ycmw7TCWxdK2fuFy6 +6aLCXWWEjRSp06oeVJoVV2py+rYaoau7JG7Zgx1A3gYTm6MLFysfROaQgmfRozIH +0boYh3IA1WWzk4I6ew129ynC5zGXg/+UCnKKwn8Tsh9neq9noRDAonWI7jOCipwF +l51py82093M87zjz9o/qxnB8p00jByQ+MunUykaZrkQKHAsiyIF6cUIeQiy/AL7n +wwSPQQARAQABiQIfBBgBAgAJBQJYpNxlAhsMAAoJEG3i6QeOH1DBtO8P/1D98sl3 +oz/0oSSz0u9nzgOh93UkLbXpjSR4U+g7Wl2ppxQyGSFeWwRwT5BT74EVP2IcrraX +V9c7l+s8PYqnUdX2XAqGMv06523cCrNUU93kUUNjAo3FxGSn7i2kHIvMkDbUoeVk +jyWKfIvyy2sKcVB9GQxfMrbnTR5/Z6fCyGHNqMFb9e9TUWclLzMIhvtkvLuKmf52 +TKKxKQt/wero5zb0fynOttIjuhmOP9CFTiYjdj7qSmQapW8VFdYjyzL+OOFk9gCL +S3mIk1LdkfWah7trmMUTXdmiEibvARAQ3Yjr+Hz9yU1gzEJSPUUugNguqgS5kN+T +3TdwUHAP9whVD2IvN/Mfn29bmFFVfzu3ftJIa1zJmOdZy7KWb6MWVhw3SJ65luPB +qxKWRqFDOSpqzBm6bYQ/Oka49Jl7/dCImSm+7bCC7LDK9hXa3AIlDtWvG4iiL18T +wUOrgXPysB/D/NQaRxT/vSPUOB4WrQzIKIf4vJdyuPdtOtIWm97KUw8r/jDqd4I3 +B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o +YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb +tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D +=xdFJ +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file