diff --git a/0002-Fix-bounds-check-in-read_key.patch b/0002-Fix-bounds-check-in-read_key.patch deleted file mode 100644 index 3a81f40..0000000 --- a/0002-Fix-bounds-check-in-read_key.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Tue, 15 Aug 2017 10:04:33 +0200 -Subject: [PATCH] Fix bounds check in read_key() - -The bounds check in read_key() was performed after using the value, instead -of before. If 'key-method 1' is used, this allowed an attacker to send a -malformed packet to trigger a stack buffer overflow. - -Fix this by moving the input validation to before the writes. - -Note that 'key-method 1' has been replaced by 'key method 2' as the default -in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 -and marked for removal in 2.5. This should limit the amount of users -impacted by this issue. - -CVE: 2017-12166 -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Acked-by: David Sommerseth -Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com> -URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com -Signed-off-by: David Sommerseth ---- - src/openvpn/crypto.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c -index 131257e5..3f3caa1c 100644 ---- a/src/openvpn/crypto.c -+++ b/src/openvpn/crypto.c -@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) - goto read_err; - } - -+ if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length) -+ { -+ goto key_len_err; -+ } -+ - if (!buf_read(buf, key->cipher, cipher_length)) - { - goto read_err; -@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf) - goto read_err; - } - -- if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length) -- { -- goto key_len_err; -- } -- - return 1; - - read_err: --- -2.13.6 - diff --git a/openvpn-2.4.3.tar.xz b/openvpn-2.4.3.tar.xz deleted file mode 100644 index 9b0cb20..0000000 --- a/openvpn-2.4.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb -size 938440 diff --git a/openvpn-2.4.3.tar.xz.asc b/openvpn-2.4.3.tar.xz.asc deleted file mode 100644 index 869c53e..0000000 --- a/openvpn-2.4.3.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr -r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK -nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm -xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi -DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6 -DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO -mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM -0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa -LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR -cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ -NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n -B1yC9E8sA2QK4kahvDj/ -=GwRO ------END PGP SIGNATURE----- diff --git a/openvpn-2.4.6.tar.xz b/openvpn-2.4.6.tar.xz new file mode 100644 index 0000000..4eb0842 --- /dev/null +++ b/openvpn-2.4.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26 +size 943376 diff --git a/openvpn-2.4.6.tar.xz.asc b/openvpn-2.4.6.tar.xz.asc new file mode 100644 index 0000000..48db35e --- /dev/null +++ b/openvpn-2.4.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlre2XIACgkQ8TKxy68T +HK44BQ//aJOa+mT+BvGqhz3gZCrz3Ez6QumwJcn7Sx/zovxDf9KpNhFzykcwvtEd +cNdorJ0il/WkW819srV6u+665MssiIxm6VFg5WzPz5I+nDO23QfETsSu54PIWQBX +FrI9+6Rec+v4/Y/ktV4FVqUZ/36rnZjX43YYxwijs+tHXROiU9IhIKNmlGVfB7Iy +tysJrqg5wzwhO+CTYTmMKwrb6LLTwcHxyWMqPiPrflIGY6sy41RlmvP90u1zmugx +wIka3oOp7cD70KWMJns68Lc0OkFIz3RO2YW7KhunxdcNzCoHrlCr+HCBLSf8lPbx +yL1sFOVk4ibZxFKzOvtOEJH1wYquI2B5Gd9QQxIeCNUUAvSh3E/0nMZNqJkwlObx +OtxakHSqfskxVrpAz7OT9ARHIZUWVfYv/B+2454VfxRM2Rr+Job6xO2i5ukTKHc7 +AdCyY2lZlI8909MjJ0cc/ZeNyB4+jugUPz4XX8ebUctBP1gdUD6XZ6DDo11n9JpD +lwbc/U1w2dmdGIZ3VrfVr3UiNhB5rxhwlxjSj24pczCjP58FQHKhX5u+3y8/MJ/7 +Efirugzny3ie1xpW7MOsrndjiv+wQD/gwaszA9HSQnJ4M49byOKJJSg+/Y0vR/PN +8oIR7vnEJ5CS0EVaxBJeZifp+gM5L05xdfaGk5WJ9HZDsP4HkUE= +=dY7S +-----END PGP SIGNATURE----- diff --git a/openvpn-fips140-2.3.2.patch b/openvpn-fips140-2.3.2.patch index 7b6d4d5..8239c66 100644 --- a/openvpn-fips140-2.3.2.patch +++ b/openvpn-fips140-2.3.2.patch @@ -47,7 +47,7 @@ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index a55e65c..79f5530 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c -@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx) +@@ -926,11 +926,15 @@ void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len, @@ -56,7 +56,7 @@ index a55e65c..79f5530 100644 { ASSERT(NULL != kt && NULL != ctx); - HMAC_CTX_init(ctx); + HMAC_CTX_reset(ctx); + /* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not + * * to be used anywhere else */ + if(kt == EVP_md5() && prf_use) @@ -68,14 +68,14 @@ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 0b1163e..93283bc 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c -@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char * +@@ -88,7 +88,7 @@ const md_kt_t *md5_kt = md_kt_get("MD5"); hmac_ctx_t *hmac_ctx = hmac_ctx_new(); - hmac_ctx_init(hmac_ctx, key, key_len, md5_kt); + hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0); - hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len); - hmac_ctx_final(hmac_ctx, (unsigned char *)result); + hmac_ctx_update(hmac_ctx, data, data_len); + hmac_ctx_final(hmac_ctx, result); hmac_ctx_cleanup(hmac_ctx); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index fef5e90..33b6976 100644 diff --git a/openvpn.changes b/openvpn.changes index 9f1f1db..a97758d 100644 --- a/openvpn.changes +++ b/openvpn.changes @@ -1,3 +1,98 @@ +------------------------------------------------------------------- +Fri Apr 27 12:25:19 UTC 2018 - max@suse.com + +- Update to 2.4.6: + * CVE-2018-9336, bsc#1090839: Fix potential double-free() in + Interactive Service + * Delete the IPv6 route to the "connected" network on tun close + * Management: warn about password only when the option is in use + * Avoid overflow in wakeup time computation + +------------------------------------------------------------------- +Tue Apr 10 14:29:18 UTC 2018 - max@suse.com + +- Remove --askpass again, because it was also asking for a password + when none was needed. As a workaround for keys that need a + password, the "askpass" statement should be added to the config + file (bsc#1078026). +- Use Type=notify in openvpn.service to reflect what openvpn is + actually doing. +- Import the new signing key from upstream. +- Remove obsolete configure switch --enable-password-save . + +------------------------------------------------------------------- +Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org + +- Update to 2.4.5 + * New features + + The new option --tls-cert-profile can be used to restrict the + set of allowed crypto algorithms in TLS certificates in mbed + TLS builds. The default profile is 'legacy' for now, which + allows SHA1+, RSA-1024+ and any elliptic curve certificates. + The default will be changed to the 'preferred' profile in the + future, which requires SHA2+, RSA-2048+ and any curve. + + openvpnserv: Add support for multi-instances (to support + multiple parallel OpenVPN installations, like EduVPN and + regular OpenVPN) + + Use P_DATA_V2 for server->client packets too (better packet + alignment) + + improve management interface documentation + + rework registry key handling for OpenVPN service, notably + making most registry values optional, falling back to + reasonable defaults + + accept IPv6 address for pushed "dhcp-option DNS ..." (make + OpenVPN 2 option compatible with OpenVPN 3 iOS and Android + clients) + * Bug fixes + + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + + Fix lots of compiler warnings (format string, type casts, ...) + + reload HTTP proxy credentials when moving to the next + connection profile + + Fix build with LibreSSL (multiple times) + + Remove non-useful warning on pushed tun-ipv6 option. + + autoconf: Fix engine checks for openssl 1.1 + + lz4: Rebase compat-lz4 against upstream v1.7.5 + + lz4: Fix broken builds when pkg-config is not present but + system library is + + Fix '--bind ipv6only' + + Allow learning iroutes with network made up of all 0s +- Includes 2.4.4 + * Bug fixes + + Fix issues when a pushed cipher via the Negotiable Crypto + Parameters (NCP) is rejected by the remote side + + Ignore --keysize when NCP have resulted in a changed cipher + + Configurations using --auth-nocache and the management + interface to provide user credentials (like NetworkManager) + on client side with servers implementing authentication + tokens (for example, using --auth-gen-token) will now behave + correctly and not query the user for an, to them, unknown + authentication token on renegotiations of the tunnel. + + Invalid or corrupt SOCKS port number when changing the proxy + via the management interface. + + man page should now have proper escaping of hyphen/minus + characters and other minor corrections. + * User-visible Changes + + Linux servers with systemd which use the openvpn-server@.service + unit file for server configurations will now utilize the + automatic restart feature in systemd. If the OpenVPN server + process dies unexpectedly, systemd will ensure the OpenVPN + configuration will be restarted automatically. + * Deprecated + + --no-replay (will be removed in 2.5) + + --keysize (will be removed in 2.6) + * Security + + CVE-2017-12166: Fix bounds check for configurations using + --key-method 1. Before this fix, attackers could send a + malformed packet to trigger a stack overflow. This is + considered to be a low risk issue, as --key-method 2 has + been the default since 2.0 (released on 2005-04-17). This + option is already deprecated in v2.4 and will be completely + removed in v2.5. +- Rebase openvpn-fips140-2.3.2.patch +- Drop 0002-Fix-bounds-check-in-read_key.patch + * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255 +- Partial cleanup with spec-cleaner + ------------------------------------------------------------------- Tue Feb 13 17:49:09 UTC 2018 - max@suse.com diff --git a/openvpn.keyring b/openvpn.keyring index 3fcfd4b..f7c5073 100644 --- a/openvpn.keyring +++ b/openvpn.keyring @@ -1,5 +1,4 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67 i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw @@ -13,97 +12,318 @@ bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu -dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE -FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax -c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW -lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP -SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y -2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo -XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6 -SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt -oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN -/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc -gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni -FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK -Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK -CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV -IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi -b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j -Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6 -Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53 -o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN -dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv -abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O -qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b -+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6 -7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG -NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj -/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145 -cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4 -+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w -/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2 -e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII -aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN -qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI -1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe -tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji -4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ -HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq -OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ -98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG -j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX -QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E -x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/ -iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD -7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd -90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG -CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm -fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m -iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA -CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5 -gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7 -EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc -xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4 -xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv -N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag -CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG -M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk -oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS -lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS -iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65 -Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg -Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ -ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn -Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom -S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9 -llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i -wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2 -8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB -5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN -jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI -NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ -BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic -Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX -qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW -AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG -Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX -kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd -idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc -lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ -KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS -kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE -36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM -+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1 -P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4 -rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy -RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D -xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ -cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL -4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt -LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS -EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS -QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd -KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ -QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E= -=iBcj +dnBuLm5ldD6IXQQQEQIAHRYhBJ1Sw0fqLFJAInfhLR/HT6mBfHpSBQJZ2PE1AAoJ +EB/HT6mBfHpSozAAn1xyDljEjokbnI7wNbGcCDlUlNW7AKCuxM+zG26UM2r0DxVe +fWTFhBIV+4heBBAWCAAGBQJaX6COAAoJEBu4nAYCNnRJ+tABAP7T3P1mw5hv3fl/ +F1K8RT9+ohTf/yrSzKahNT75AFKbAQDUv4MCnH6qrBQCD/kvOUcOcvmvjFN6sev9 +5kR/dEPJDokBHAQQAQgABgUCWXeoHgAKCRA6fjL5C7vds051CAClxiDpvmUjgDnH +xm3+cesx8XhxykokxI6Pc7MWSuSvFHBy16PTrtv9ePOfqG3jpfO1ZSYBT89OO2bT +cLPioHTNj+aYivCYRXf4An2ciPdurTDlQmhv5z8bC2NztCMSgVRN8j+ZWPZh/jv3 +LSIRdxjk563NL4vdq8U6Meezz5UVfaSm4G8N4oNNDZwK7UVoIYHlyjuPdW6RtBqT +rNggs99QwFfRDWYYRoIZvC1qbOGepzPZhluDMmknkvVctV5aheqtPPSGhS4C98i/ +PV8r6j2+usNKHABpabC4pU3JKBWNK0mR/VidF9zNtqtCyIewtxv7E5Avqq+MzuPx +gcxl4cEXiQEcBBABCAAGBQJZpYy/AAoJEC20u+/5mSLkoEcH/2PFU/80HepTS6o8 +RJRmEyBQp+1aGv3gt5MYkUEYTeTLW73qEqt0n4XXeCxnOrmFdhjf6PCK4yp+gk3K +lmZ7b+ELxqMTF/7IpnlVUztio7NCsJStnJMaLiFPpa5AmZYn8xmsgvsrXiVerkvd +F7txY7T8Cus6BXTn1Sp1av/c86zeU+Ibe9ZkGY/+Wns6TxOAplwHcG4uLXj2oxz9 +ry8r7Tgg/qB8Vo77c/+wS4hkiP4SyAwRVPHhzipN5eBlFwyW01lqESBYIhqD2z8v +jPRTBwe0xyKa/KpeibD8KLf6fPMWGjQASLe6yRZTDAFOBAnatECtRp5SyWzbUfK7 +oO87wQ2JARwEEAEIAAYFAlqc7RwACgkQ17bfzgpEGOVeEwf9GacB2u9Cl/weGXgO +L9abfQpyQsVf+xnZHnpcqfqXc4ES7ucJyObJ4Le+UOOkDgmWJ71w/v+dl10nQCG+ +DRoMQlMe0PQdxEYG3lAvWnfrxqVXz41nyqQmSOTfn/GMAe8EbCIuy2rqXYTLOStq +xAAnfwHzo8l0tV+uwUvP8Q/2fEwoWJsNoiVQkVoKmeeLH/QAdh1JmO1StNMO8N3I +76qiUffkTbdAnBZmeruO9DGpgyoAfRins7SJGRHth6ikGuuYc6dHa3PA10IGc+Ad +YoxPy4J443DiHhEmsBF95wJowJCDAspmhhDOpnPShvfGcU6O8x2Vez+EbnsSrTTQ +XQ/TdYkBHAQSAQgABgUCWZqAkQAKCRAjRRsQeqA5Qc0tB/9gG3MLp3yTuqkJ3JgX +ZEgdJn5VY9U8fVAmG8lqbr8e9fM2ZDIbWg99w1T/KW/kBOxhlSt/YNQk+SU2x61u +rRQFwKleJsHlaVRUc6eoAhiHzOwf1I6RT6pn31dhqhNpx2tvJtOLmKZkB53tkA3d +OVbZaU3KaGVYzW2iMlT1aJOwTy7RMFO+pLxmIWqczNeAcu1zersa4nkIQI4F3snY +I5WZwyuBeIWRK1YPvJqUm1IxKvigfmozos9+y72b6yjFcRllDKIt0eb9JnZ30TPm +3nHBzXlLgNVvuQ0oN3s8waVgXnNSIUsbvOkWIsOz5r9Czt9c6cPFhPY6GCIUrvZ8 +T//BiQEzBBABCAAdFiEEVQXkUwUfTo/Nvb03sUAmce0N+90FAlnW1ssACgkQsUAm +ce0N+93lzgf+Nh+LSw3YHfwOBb/M/cvWB+2z42tDxLgfDri7rBKCprFW10pX5z6B +X7aWvvG/o24McC6d15FTEpLw06tnIDWe52fUTI1HZkGtfl6c5W2Iz2ov5UXLjzfG ++wN7Ep1xUEjC8sgST7+pOLz0QJ1Ac5GnMNnDAztqL+P5UOlAHAI1DaR5XLk7AVYA +AJ9D+5I76oDfaIABn+ZMWzIoDgKcpX3hlgFrow66GHZZJI/1lxB+8KNTY21fIYoN +T52rT1RaLpNL1CqT7QkTs0Sy0HiFTeLfM8xRkMxML5e68nF13x4PR8LABXmZp2EC +M5Selr2p0uJQFCtjHX0ARp3IxdUry32LUokBMwQQAQgAHRYhBIIXWIefkIahtKRX +o23OmZIpa7SiBQJaREaZAAoJEG3OmZIpa7SiSrUH/R2PYGiE+0SWTiYTgziSbX2T +TsV5M+9N5bJk+ApyjxmvrOrRUeI7MSxwlLBgr3fVc02za+Bdv9ZcwqvaW1b3W1vB +vHO8AxNId9HVY1g+HZYirmSo/RLy4S7Rq29Q4cd+kaUrl5ElynDVdNKkkAvfGySv +DiUD6QgsojSjHZuUVjTJAIGaV8jOiJwfc3v87e9+0V5mng613wv6ObgDSVc66X0b +GmUJSUq2rqfAE06SqLQ/Dtm4UpJuBA7QdFbQewHVJtw38haK47qPPyp7FV64y/K5 +4W+ZPyZ6qb0q93uMeRp0Be82M4tKYG0+VW40eeYsNwRRs48XUBtmwj5eDg48hJyJ +ATMEEAEIAB0WIQSWaLi1rt+ia7Hj4S/ruxlddiv0cgUCWmy76wAKCRDruxlddiv0 +cnXOB/9djGvR1v3PK76yvbtiqG8nZnfVmu8em3sne1LIA5oHUYtqsWCHUrpEY5Lm +lqUDVD5EUir/EAZDy9Muf3PPMrWzg1NPZK4wuO3N62aU3ZgG/aaBJXuLHHA6rYjt +PUt2unuIIEmLgzKst6AY8hJuov3C6l07WzE2guvTC8jvZtsJGikgVnEpgIyN6sY2 +QrxxJJbWaM+4bomZh/tFMaczupv98cRZzFv3JlCuNCG4TPUgNI5q7vxRGr2FnVqV +TJ7ZR5AsIakBvAo2pzxE9M5q3ukyYpgMFG5LcUwNO/nRoHXCTh2HEEYPf3VGKbHM +raDswhlBL/J45Aqp3uh8tT+Jw4MEiQEzBBABCAAdFiEEp2KtXeBBcXlrRORD2yVH +L6i/yo0FAlpLhN8ACgkQ2yVHL6i/yo10Lgf+JehUT4dgsR/8+J4pM9EdQYBXH1SV +aRzFsV/moLGiFfJEkM4aBe99gVDWY7ddfljLx/s3VbyiWCX0DuPojCkTGnaXoYgP +EmXrXmjftihPz8hHUXrKkMESGHQYDBtgds7cLEx8M8Zg8BK5zwbMWug+y9JJV24q +HMttVCLYbWarHS7VCj8wrIUmLzZeQgi9T0U+D3jv007m4T2E40/UpclAe+nexDb0 +/ehbFKbkVVafIRq8mRcxuoNUChG6RvhD1rV4W904DqdEO+eIgDOMO6GRuaSav9Nu +dG6wd8hlk/TFipTX9XUxhanrjGXmm2o0YjQ4vjwqvjy92rcxhTaX/oe5IokBOQQT +AQgAIxYhBG9AVoIRUvA7ayTy/PhIn4Odc2fzBQJalK8lBYMHhh+AAAoJEPhIn4Od +c2fzLbwIAKRAjVowy/tiaBhO52PgKEjDAgq5sCOUiohptA5IIONt8heIIl3YRf8m +IRIwGUZGyTCf34lIYsMIhAuVizGxnbREZXeC1D5BWuvQ6PQEMRnTWttt2htaNZVX +uJh8CJjFY5bYQP0Gqdqg39HZgYnuPTdMN7x3yUzUbPKcRoh77gUjyzOroqS0kGmo +R0u0tHL+kCEKCHafsDqsXHz023yxlMuYdK+RPnsjBNXi2ygoU/DEpa1f+5E6ypDM +103Fiebaal2OI2dCdVTXHbOZFMjiApQYWa8iL2R8/og++JLzf7V28pLjpd1ildCm +nccCcHQMMVq9rq4v5Pbjj0wxGmBwlEKJAZwEEAEKAAYFAlnluYYACgkQ/a4lZvPw +GAdB7wv+LZrFo7356w6ui8U3a7/KJhlaX1/Kn/7mUMjrI52uprs65DHLSJzrt3Iq +B7uAmdhpsAyzJaSbRz0f7oKziZ/gFZvLw3Xofo9rMuj0ecZFpULCugZ/s2tWSXYZ +cFcQZA4tz24ZREIm7f+SEGMMfAI4jymBnxNJKahxvC3wdPCKD3ts0oK9YOzm6Wno +yZLLwFAa1QUQ+/SbgqsO3I4/wn3BU2EvFihDtW1w1wIiNUZ3S940WCFHdMPeFg3i +tzLa9vat/+pSyA/fc5CufWeX7Hv9ie6jXofWzir1cFoQGB2YdBNCb6AwuABnMzKV +xLPQsTwksQ4twDBUifqDLUk85O7Y5ae49600SKRBb/qqERTQKTw+5QSG1RLdMHPr +F0qUFDJ9U1mrKMZYmK8iCKx6W6BJsvV5Tsjz3YL2ZV881Bn0LIzL2CBZLmLqgao3 +GI2nFsrPICfj0u7o7apK75chVXo/LNSbKpqsx5NXMQq8NvVd09HKK50oUohL3e2q +YFDt0evEiQIcBBABCAAGBQJYo5AJAAoJEFfbnathO42hX+MP/3fk8drYuZlhI/+2 +coIpZqsEfMNclGQGQXjF5EheDRHhpCJ7dmywQwx6BIkaTO6Zj1KuLihCZpteOXC5 +3zdkUnMXnzgMRjdjYQCkx0Wze0CAMu6F+xVbxMnTmcxWEWAy3QtHyokoNQSRuPpG +mp9fEtqFi3wEPYBB/Cg/M2xe2vaJHjORklJCLOlnTY1N2DNWxolyGz0FqhyNcP+h +qa2j2ykQgxP7XehYyJ6UMu3kJeBltBz3pC3Vp6y8meSjsEwGg15CFarHuG8Itnv+ +DlmS2RjNxuWgpDGeWlHoZYuHwCEW46oX4dZcbSGULJyJqxyCBKd3Jv+A4IaCCGqq +pidk54Kf7i31astrjRZDNXQIa1tVO02y2vg5omB/V+f9HLXe+R9WUKBIysChjaoM +P0au+a8UgbxUi1PX77h+1hteFl3QsHRa6F1w44XdYPj3OKr6/VvMiYwY34vzSNbO +dIloU16Abe6ylsL2IcvyxQKPZXhKPkc1OvroFGjmjzlOxfdR8C07rdBq4vay3rbo +6TZ+fWR5OM6/jHMO1AvF+e6Fu3VumSNfRtEljz4cmlPXqXH7ppTEqiNa/+uiYuCy +ddU3ezb9iVE46P0lRqK9iFMwAbDY2/bP33yxb0nj40QyS3tiPJdULOm7m4xj0B2T +NlcUMPJgOTI0xQw3fm5OABFNG4aRiQIcBBABCAAGBQJZl1x/AAoJEGzo53jf9lJ3 +/P0QAJ6tKU2y2zAZ6SCKnTHlJXUtTSsSHN4m4X1lzlKJj8a5+TG1l8ucAG3q76BX ++tOriTQXUY6tsOIS69aI2BrkiEoSEsUb0DEZgjL4Nulql+/sSmyc4EB58BQLQG9Z +hXdWtkaatyOSiMwsoQvwjfVvpzzDTfEK8AujRKNYiZ7zDp//juI8zioYSubuNzNQ +JOUOr5/+9CUeyRMW88zqXesc+PTkB264DBpNGTXpshgYe38IMGsqhYxu5iW88SCb +1f6Adi6ZDBfhg7OrJXqs9w8IgSauSD2uaAWXwQHDyxm/KmCs/crywzxvY3WkMdzY +VoWO/jptY0YdgQkToef7b/MFILSQUgjpUbCKn1BEFVEy/12sb7hWx2r9C12jooue +Cg+APvKWe7jKAVDvXtC5Vx0xc6fEPY53wnVSgSfhf1uBHHoZeBLgWTr+lQjrKLI1 +v3uu2vGDwKk3octTh665Dc94tYO5o7uXIRvCetq4TlcBnRDyESMh1SQW06RZdGtP +AY/LKfASYGZggTUBo5KIKGf4MhbwinDuldiRvjC4eASkDncwE68Cggq4cvE1vDvL +dC9IfVexcayJHcm6yc75gOdkq4YxgUUL1C7pB5MnawQoI+4LQcmwMPdiIOcnBFX7 +ICTUc0/LIIr22yteSG4E8DBRzJpdGV4AS2OySyuzRva6Pk/liQIcBBABCAAGBQJa +BU8SAAoJEMsRIiOnlU8G6psQAKQRrLKzj4eI80vVV0vaV5xETUZQ0pTsek2hJN2E +3C/qCYKWocD6a+JJWHlalFtirdgo1jh9AjFSBWHXJ1R8EeLbQRhH4vGkMKZgmyJa +/3NKqjWO4+jMR1tCZqdWT+qIIzu2tB5c2cYDgNo0r62179axcYhYX+xkXzCdw82F +Z8BISkczmP7qlvgxgx3vt7Sbm6hgOo/jdpHNIk3sMNMLmIkKc1RRqZJqAaeVZT/j +CNVr80uafW7bDmWbVJG2db1h7ArnGTj+Zdkte6KiajVTpxYQNq6TdXcj5PTpf0NZ +yAOEhWO7EDUXODxu6TggXETThdSSF5lLp4WbW3Xj7+MxNhNoGfBigwQRxN7KlyuJ +Z9qusQkwCrButK4cQ0qfnO0jUbK/Rz5IjYCTW14gpHlD7v76/mIoE6NbPL6jFSri +1PUffyyRmLmURJ4DVUx/ywMNCkNb+0sgJmltoNQJ+ABHJ1ar89i8Z+BSWHlgio4d +IYZyB4xrQ5H19z44Na7gedXxWx+Ba5h2nzHtzMEEpEmbgs79Tzy9U2kRIDV7CL95 +ttDmvcBskGFruUsgEEqvwI/NBHh7QN6VpsR1Lz6GuF/LKP2JCrZ4QEd+vhvwr2oU +BghBO2Qqo6vjpy02K1WYinUpdxoyeFkovXpR6BD3Y7tQFeVQP7CleVJICCeZeqyS +lOW3iQIzBBABCAAdFiEEM9fTErlUMy8TGMhG2vXIZQnVyJgFAlqrP0oACgkQ2vXI +ZQnVyJiWRxAAvqqyzPQlgKQX10hGqmG3xouYbigUrPXp/Px8GD12ISX+3tQbCueI +DxOmp9vzM4gKmZ6Qwdi23154hw6DmOOtSTgpTLVrb9F+Htyv5QSkcXMM3fb4TcEP +NeQlmqueZMYJelbwz+Euas7i6J3ZIFaGwPwu3x5QMvINYzj0X+wIKTwlxa65Cgmp +MDI0wkZYkk25dda081xry3nz3UlVnE+YMQqOewGWWbmhVObEOAVlnC+M5fzQXdgt +hx0mdrfYpsna/qkoAuwqB2l/v1zXWXZ9tqDOA1k4gx37Kaekgp1Rkijki8pOeKni +cfALgejLU5eTBdGuzWjpjYfMJEYy0UOiz9mWcytm7d7UKFmeI3GdsKJ2pB8K7AmZ +krFC0zKMOo8e0V0ZwnCVts+BEvaQjsuhac+lplHLn2jDwzundy6ZPtEHP1X0Uqdp +lrAUMVj7yCoUBG8ylvPzS688iBhNa0Mo5gghjxKs0BPxvDu6vtl401YiW92exk1+ +V0XUDrO2V8uZN5PkLZs/9DmVj2OwM+sXPDI7puWytADCiWE7+c55GB5KDG9AllhW +PwMIDHAL3sZe3leNdFKw64efUDyMJhiqVjrhaDfg4W9p6I/rtF20u+7f8KTs+pnM +tGJ3Fn1xTDiEKJ2H3ql0QLsJM0SNLj539Ouq71u3qCCJ/j9IJLZw7NOJAjMEEAEI +AB0WIQRMPD6e3S2TZSduUuoN/Vzk05JP/QUCWpyVMAAKCRAN/Vzk05JP/VCcD/wK +pl8H1ejxjD4Y9Z2s5vJRPS2fxXtdtMWqegP9k9K/33/WqEXXspFB7kQk36TSLJu6 +FT+Y7PaQUQY2GWcvsmZdQRX2jy3SYIWuuQBoFudTSNMcZBwE98LKaSSkGI9p68M9 +Cx7ym5EYfNj5vp6wYCdOggk95I4v8tAy+2a97FAWea2TBqNOq2Yt4Du4J6hSlIfU +aqUKH4sQ0F8oU+dGBsMxWW7EJP2rCSyQfiv1CHgRT9hnDSTXvRpWH/VkojY7d/2k +P6ga5GN3hwi5db2rFY2wF/ZN4QFprqSpc6aRbibrGiS61aL/25JCz01Od72mwz2E +3njK44uHSZoQamkcO9qqq1+6QrYsFegHQHEnOw5PGpGNGqs5HIfxaptwOYSLeuQL +6TAPaYqpuwHc4FXdz1y1ZtnWXfaaAOQ+mYaasZvrPpfoEDojS3DgP7Wg+2wjtNJA +k5xtO+bf9+7b/dhQ/rTsDCx4I7p96XAXBqDmFBlLcsDgEufGOii3EkpxjW6Xyuw/ +SnlQ4SpBorUoujLRCj3rRL3MyMXTxxGydxUbEjTbmnPO7rN2XY4L9gcStgo4t1Sc +jT+Hsd9rPnvd9v10+UvflEIhYnlREGFYnJodk2R9DKMIBEBVK9+Oln0tH4Q6bzXG +eHDopsKvEiZ1n59Xa9lqsfzqONiGATneIiRlsmzRnIkCMwQQAQgAHRYhBJ7tSGmo +2iHzohr6Kc4eHKDusIDrBQJapS1mAAoJEM4eHKDusIDrL/wP/ihBvSKDk53liF3m +yN6DLCWpCSTBjP30jxneWkQJv8Edf+jVxVOOp9XgONpksjx3mb7EbgHqWFmzu0zV +UfXgHdKizSXZTTUuhTy6f2bcfzX0/LlRYJuY0hyG/3gNhIgWubaGPANU2RxHFpoc +t+0STw5XBBm7Z5hIh5OeuH9LwzGR+vU5U9OI6NPzhMDgA7K3CSqZCcqara1BkNJG +48Dj0E5aYMAdmcFroo83Q8Asxpb/Dbe7+gswuGsDxbShFxpLFqXe7LT2LP1aMrGl +zd2IQtQ8M77wimKMZDF1KFZm5jAOmmdts7C2KTEAXOYi/OXMxj/eCN8rJQ7SpI2O +FHusWrL66jMcUIYHIVuyaOHFs8QBqaWC7+I2GbK5DVO2M3i/m8/QFemvqsgmZZbX +oH55O6c/TKrV+bI6cG1yOxNdmzW7mfRNuNwh88nV2pWNT1vV8ZaPT/KtgbaDop7H +coTl1VD9QvE9m3LFyCoffou1eFM+YlEdDg1eN4DR77w+pO76zb5yjgjn1zW0d61K +VRpSGwJv1TM7ttEgAXWxve1VAtCBD7jJXufa7wuBf8WC648Q9rqI9lWwdomWtbu1 +kC8SLobRxDngjRHt/Y677V7i1uH0CWOisP6t22uYvf+eA+bh19rWBiJAInCuXwQa +BV6qzcOANjgAjsM9XSMYxttIiclMiQIzBBABCAAdFiEEzDhU424zJSWRT79Mt4Wy +9/ObCB0FAlpjfVEACgkQt4Wy9/ObCB3EmQ//ZJdjAgCO9UN1jCzHxc2MNqO+hm8y +lUoadobcgNFDXI7xgOTY88f99iv6PE8WDOcU2rPngqtjC9xgTzJMQNAWYXekF6xj +gxpjN/Vx9osMmjHysO1sqCBr97Db8GkJlxuRsO/5ikumAwxQMryWDRi19mhVut2Q +8ehuLYoT7PDtgUQmHHLLV0VeqRRz+zg+uzV/uMeK4q9c9ent1arkaWKHtyGMdEhv +3jfDhKjCkevjj2NFK8LwYgI0BciSaORwkPkxsrgFb0PP1E9AL2T30Y2e2Dm+/Bvs +OiluUi04fIfQ0iAyH5wryvWuHcgfkijPQ8o/erxrk63glZYoL3b2KWKfzuPrc2F4 +926R6lHXXNTc2Dq32jBbvLZcOaZlxtnfDVA5OyosUsPnh1PxDbUYVvwQ3DG90M1e +he5tBUz28HPC0QDHqVuRdAhKrihZloZRXlL64wOB2FVwnHGHDQwm3zSxb1IjpdsP +pJE7AkTOuileWjm9+hbpYrFcfsNeCUqTSOFjFml2nZryQMbYwaWHnYr1h/01MkQx +5JCOuScQjxZbJBErIvs4ZMw6bSx9BW6JBYRg8HfoQ+PSGoLtqNDZ4wefUSOBHEtf +JgpdGjp7rXREzAeuXYTo6U9tvhFYEvtvaGvz0u9rPMG0LF/MJZEKRBrsFOGUQowM +EDcUmvmCXJkNJTaJAjMEEwEIAB0WIQTFm5JsvLuu0WF2I64e3w25nYt6hAUCWrGO +OgAKCRAe3w25nYt6hGDSD/4p5gJWdiKLGA8U5Tj+qIVbn4RCIRJRZFtRrXwwtcM5 +N6RWWqVeTqpWFbpyOdVsvvolIjPtv85SFNREzOSQ/J5HVRAwbmgun6hleaWrFoJA +YlglWLiWt+gx7ARhUHgao20QOIknk+gI6LIbMbU+hxRtK4szaDrJVQjvZ0laEkqy +tlJKL4PVXJsHJ8JrZlxAr6q6E/8JoYmxVx0X6L615ORpLVK1G3SkAd4/hjEMsl7v +mcHqniDFQfoCn6rt4NrvDgWnyVQwmUPkz+YSN7DIkXjrs82spV7qccRRJK0zijWD +sJ5XaXXdybKOHbAwXJ0I625bf5vM1swJz9FlllBlkor9+1NrZCJAIWB/pnYL8BMi +C3mfjzGbZe1MdDCdIpPbN0C2xNKMonVyr9znAQQI1jlh2WUkEOlm/Z6ksTOooQIx +5Auw0Fra93e+cqapvyxSiODotpIClj1xuaJX8+2ZI8n7Us4DxVjWaUNeou9vrDjq +RGNNeOSzw216RAuUJRiaykIC6nR51wSJU+NjPvcpzkKmkj2flQeygTsOdlwIcBW9 +fMpDD4PDiGVDgxS6bzENDwILw+1iLZZy6evaotQoiPPucb6t3VImw6uEjozmMn8f +rKjfW6TT70NrWX5GHxj0UAC+fsxtm/p+Qbopes+SsfIVRDwypgwnFQ2s/eF8V5CG +f4kCMwQTAQgAHRYhBPFNpZ21ZX1vSx6MHSPyK/O8drqJBQJasY9SAAoJECPyK/O8 +drqJ1u0P/irt0WUhKBHcYuGV8bp1QipW7uigU7EqpF2uV0duc2+PwY6c/CTFGzKc +o7RXdN5qm9IbDW5E4c+gmRSp3MIruvtt8GMHvGX7WxqiJWHT+4sjJL94ykr/1AOZ +dbiJ956gEZ8G6I8cyn0HwfQXxiLCK2GVipIe90Ymo/F9Zc0lY9BEvpDvTJb1jlGm +d9Ch5QO6xpsptzMXBxMAdzSTkLLuwJpgxAyV4xK313DICq1qt6l3Jh3ISl2ZH8Qk ++HZN5NMJKKq3tq9AtIxldBT4id1gPy/koE51bqNx9v/3CAR76y3uBksi+eOEAKle +EpSnVsGkbUi6thAgThdaP4ege4ZbWRwpnF396Rq/upXSWzAEGgQVO2dFnEGTFWcG +JXmzkScbCcd0azUkfQBXbN6jva85OvfvKYNTFr8yDrygAmZD33kxedEXkC2e2Ikz +nZU3wBsflEpIwix4GiGI/Nbnv7MdIM7zc4UyUF78l9FihhF3KjuPNnJ8e/lbX7Xw +ubqZzUFXGOdCvVk7niOhXLmGrrEp4Vikyh0VW6r0wfYiUVAVEs6APlOmFbJR1ac2 +rPhYHfrrgPPRziOtYSyS+kdWf9A8F06Tc/N/oZtJau8HOD/YeUpZc93RMeRAjwZX +wXwIxWUp1gNB3Vh2M3aUsgOApQ6qeFa7qjrQ2oMao1a00cc4mxwJiQI7BBMBAgAl +AhsDBQkSzAMAAh4BAheABQJYnMuuBAsJCAcEFQoJCAUWAgMBAAAKCRAS9fe0LysB +5wTcD/4sKLBQffSBtq5gWWTq1YvwZ8QqYaqPJhUgkCaaR2UdeD+iI/3peOuDpo4c +ub9A0i80gzZny77SL9TGk9ydenWrHLpgSXauBuJvSeMILYvbfOIRVCeI8GtkJa+n +nBB0zLcEb7Vy9hX4fzhiVbchmb8/qaqAo1TVTWNjjOkhV7qgX5aEzuKNkZAU5jNo +UEreRnDlM2C5eJAR2KwNkXbnMcFzPtpHVa1ix3pmb9N95qhprxJbbcZ2G56u4Okg +SwQBwyvB+xidQ9O4hD82yJChBZUodEzE424kHnejTv/VPwLwY8Eve3nFVlkrYajR +dCvJRa5bfzQitPXbQH6lq0il3JI5PMGUN5fvmc10zZ6ljyYGaVHonHVFMABjUiZg +PWbK/b6RhlhzN9OGk3TgbYvYtduc4n31SYDEYi9ps9hrBiuIRgjWvv5Z5BcegdLx +LFl7Hu1LO5WRhgTebFPRho8P0UaNty7/v0ZgXw6qi4pRyMVMM7MvfIFkhslJeXGB +cP4CMg6NXngX37GSZPQYALnlBsI+a+AwuEBuXxv6ZorDQw5EJOqHOkXmM5U+OFPf +pklekI0JngwDRTWpZjm/+ooqlo/XgJdX+tPxVHrsyAQF0gxS1EzS4xhAdi8eHYCb +cFT8557iezezs4JWGEx5ZDzlQRgpDz3h9HA4A0Y2VI8dbD4u8okCPwQTAQIAKQUC +WJxdSQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBL197Qv +KwHnpygP/j/PVZo7pLoxb0YlQedALTHKbplbcDFz6JFPYzUWcEERgRld0+1CDp2S +4CjOKn9Xsyxi3/TGjRtHRWITxIDndH4Tcpbn/NaV5sAX0T9BkyhtVTdPZ9swMdyR +HKtJd+NNadSLgQqtdsLjVrHCJEmKxsUw8Bj1o09IeE8O9i8oI2+5VgHVw85nSklj +N64ZKK/gUZpRgp01A5mGKdUZxx6//6WX+DXJb9jaoWdA+H/PQsmdPCTg8DGu23qx +z4BRejQIUCcZVh/DjZMWo1vbeiw7wgUcQ1JLlShdqQxvD4Rlh3aAKdSm1FQwssfa +ZR7FVBoVoh2L2P7OqE5+Bn0xFr06GYLuyr4+jPpLGZDPpb/9NzPKWleLFEmwryt0 +hgynvXvJxKFfyY6pJZfncSFzaryRIKivXE6ENe2gGQpge5xfff/41LqX1ePJbpEw +mDWxXhdK+7oN/D+qdQWP7PTQ3yVBSIzso9ToSE3+Hk97IsrGmmSmd2UG4dn1i+mJ +A2d89GV/A+LWjn03+uE3pd63mRsPl7zI+c1dmVyDBqckGTAXKuAgqr3OgYPTxN9W +FrjiwiyryLL7dDAWnUGCME0W2GXUlhZUemczmeIUjHztFpGnkJAlnj499ngH+iKx +fg+v1CQSEbGojL/fjM4ae/+TVMMg/BhVdLHTOwpDgZ3GbEHRBFNtuQINBFicXUkB +EACjthQU6l5IgGHrq+Fs6jmpEgz5PKnlRmhs1iJHocuZfyVd56WnKoES2nz7zk3V +A7o3dfqQGkQAVKwOS/i5SffAGYC88VssCG03ZC1RPuuYHRk3IRlPeVsak/R2Aczk +THV6XN2r1m519ACeQ32wRo95z7McE03soPBrrfKeQRlGCYNr72dlyYz0KxVKqTe9 +RS18JauI+n0MBvK6efywl0MANSjyaDZulvB09lfNdmXCl5n1dGyvPKiPbpL4TOnv +9jpjgoX5tu4EdPgN4hpOhMfSoQNB4X1jwciNeD7BRwupkoNZyQYzeBeyGOXXT924 +NhCC8+g8dHMnYfxc52RzP4lxx3kFrtb5FFJw2di6fkFLvGGh41GxaH9IBMZ1Ok/y +AMVI0XzQX/tf+TuG3qN4A+3Xly8FEOVKhVIxHYhq/e80bXi7xOgXDEFxL+fYG1oL +1yhLeO6AOYkgguvysZNb3fdFqz1kj/BRs/Fv72Q2C7x6iwGdC3TNo1a2lceRdREo +7Ml0PPbPQX1mljNpfFpaRgpz7/8+7AJM30yGbqgVAd0ZL0jXhToZMnal8QitZqBN +dwnaP2CRAGAaEn9vMNBcZn4llFbqu9ZaTF21G0GUYPgMhxv20k4ouK4mTysLPpN/ +GuKKhzXwXCB6JFo/Wy4e5onplvBAJvojM5YOEHOl2LrzewARAQABiQIlBBgBAgAP +AhsMBQJYo4tEBQkCAr97AAoJEBL197QvKwHn6loP/iads9T0n0LwHE86w4Bn7LEE +EQ4R/KeSj5W0J43XOeDs+YBdqryTQVZxhCajKvB8rsl2hjQ+T5abVejU7pcYF9lO +ne4Ouu2nemqrnzvBAMzo+xFMWjjVR/4xnEYveYNi00eAifZs0uzNVWeKFFn8e/Ob +ocsssR7orhUXzKtc2WDrnMSd3yN8yFCTB7ehys8QdeGLcD38ieUQ/1VYmqvwIHJP +RgmgHg5tHamZ5UH+csekeMbhKX6fvQivYrmjxl7ouSkLGGiKktsahWpBikNNia64 +UIB0z+wUSI817+IL/eBIrzePC+Y2qDZNXhyhxQ9tFzE9oaJ4Xgfylws3WM8+GyJX +zaLLB6XEWoXKjDgLneewIApjv1/IbrFH3N/KyVDJa3L7ExDBaFqDV5ISpKP4XUXW +BtAogALEYQqWPm+NzVD4BjOePSg8ibRy4vI3MwctRWFne9xyveRIEvrLk3VjfySG +82BNjxzVvuAn09ljwYlMZKFdGbswHnI5rH32GQymYE9/llZnsMclUBjchpnkUNoj +Q8X57ZIC+A0RyZAf68g7EpZbUZqsDjGyNLpzLdY9AkC5Zc2N00L1iImEXDAREhUR +IMVq7+ZCSmTM3tPgTcAjEohJMDb5tic+dBGZjk4jRpeXdEqmIEMsPP4tbsQUrPNF +gNROtCZSOxKkyR09g4LOuQINBFicXe4BEACvzk0n8cJ/dYzRk8tg9vf6SDwEfUNm +mFfgGdVfLKa18IOV3hbx4DLHOO8Ah0oobt6DRmUdlxeTvoFxOpOPwWaQYAcXYoxr +W/j92mB469MVDZjFsNVXSTg4en9rfta/xi1FBd/BlGC+h48ueLExfAh07uWn5uA7 +oMVNWw8Dnx9UFzDmAu7SJ0NcvSVqKMCiLQnESnxtw7x34H5wfI32xjnclHCzDSLs +Ql3ALfaz4dUEQmyvjgQaJkvaTcF1YugLRm5MOCzXpobKZNa5vpGTjCQCyqc9pznP +lQPQovuqB5F2lEybeayZvZZag+PadE7f8LSFj8q9E4SV6E8LrtWnkok9tr7QzvC6 +Ca6IJ0bsc2w7NOaU+vFt4sAXPD/BfIzSYpuRc7vVNIZKpCb9MBz+AKfzAgxmd+gT +EgBPKEFwbE4x8nVcnv2C9vHINxkXJC+AtRPJGNQZ9oZhwPUEGyt4gjXbiEgZjfGm +2F/UQyY6qwpK7KUXnyJGweVlKNH+oVvu/lFYUFAg9txgOaj82ulHth40hFtmPET1 +23ARpNKYF93nvskW6fYszY5+c2/7UmMeRp3jGk8A62w3gdD9KaMPTaB9jjRrPoZF +77Ci/qXO3K5LhWakREwHyDTr0A71Bf3raNr3wKzVuIcXKLKzAe/KVEPCzoLRcYyQ +UeBBxAtuYMF5SQARAQABiF4EEBYIAAYFAlpfoI4ACgkQG7icBgI2dEn60AEA/tPc +/WbDmG/d+X8XUrxFP36iFN//KtLMpqE1PvkAUpsBANS/gwKcfqqsFAIP+S85Rw5y ++a+MU3qx6/3mRH90Q8kOiQREBBgBAgAPBQJYnF3uAhsCBQkCAikAAikJEBL197Qv +KwHnwV0gBBkBAgAGBQJYnF3uAAoJENcq80SMwrA0mnoP/j6/TvaimIH5oPJxNDON +z+W1juqKLZGn/1HNi0A7l6okvFl5syvEucyLo8ZwR/QeM/J68Ar02eiWR1MoMoXZ +L55A1wbTvjE1j7oGpcZjFgGhiv1dTNmV1h3UKcAHyu3an7gD/U7HtUqECVbCxYye +y995RwMoChtuMyYaMEAkRh3NTePdTL24LBHQgomiEAclZKPIrScS5TmuQO4wycui +NS+WHKARWOYuQptMv/E0V5Hwi4cLbJV3pbTw6Rwane4ihwXNjmGc/XJWTYK9aEBZ +5Z7QkvR5Z7kj1UudMYOEXYncsjb0e7ZvCysdD7ZuAI/KuvtrNc1FWNcmW8nfLy6m +f0MDe6WYQIYhmV6/3vj63JS+QWpUEdhZ3WKxmO+xwHLm1qU5M1wvohosz0mtZ54u +etq8B3UFl1j7d0eSgZnHSSoqzX3hdlohz++4BZ8goO6PV871rKp4u105vhxg6vhP +0TBWHXks2CdMC/5Fmr6W0pHQjeBQUOBwHN4cqbEhxt1bomp+JMpCdIubg7YHXi8S +ZrYEPT6TWUnEqzAtZRgXRN+nEQrwEd8MH+58w9Rdb6E33uTDMe5OyFXcn7NQI546 +65v4ZUoRYn5fIUNlCMoTTPm0P2Hh7y9To6Q05iL8bnpSXD5jPfoPoBq1fA2MPmT6 +xQzk3xD4Eaj83tetPCUKdT+xbswP/2Xeoiwy+xJlZcd7CbO+ekpIlH0tWI/b02zU +VT/xl/g+66h0C/70R0JXOK8aqUCH/09Y4Wp6lwfjQiBsFePcTtTg7A5Embiaoz1M +lvAaarJEf5fjl2wmtOKAskQa4jLVhVFENLqrmoHb7XuHRKOoAuJe93M/HplJwemz +igqv0Mb7Y6EEmv1bFq7Nw8SKMEDgk5PXlvWDpKcIa0kp5LLpmEtFflUOTaYGHrEe +6B9+ne0oeUTRJPe7/U/jkHIw7T1wQ9nw+Xu58KPlFdKcdMvqQM83+hsIdtA/4JyC +aGzgIBZebv5dyxmmGZ1Ly+MSGilTR8Y5XV/AZh6LNfu8QtIuSR9CHTaAhxlxfAZp +E8+7fQsLhEmXhaernLL07S3y7CVu9xOVdcuMlixNgWrnKY9/lhcEAVTN9df19phj +ExehTu5+VIgROdnZsu/JEhMn6TcHUyeDW6YmWnkRbrFhPSd81T/gCl5cgDY4pfxe +8ZIG6it9gqw+ji3fwI8qEkHqgbhZNCiBFp4/BXEZ0mQk8tFeYqsf4Lgb8vYB8hh7 +N/cUR+Gpsm5p/8B1/b1C3SiWPWI1XY7R+jqUMPuyXPcR+PrSJxwQfjBK1/UNUwno +P5ADWTwA9Gh4FK22sMjR0EL1cujCQ31krMerf0gMFBxeqyj4jd531kwjfCUHHD48 +PmYrvgvBuQINBFqgQNgBEADPqgmj4AdMhHak5YXxljAYuiN6dy5+653LbyWqe+zJ +vOuo54MFXGMwVhHFYYqDakwKBN8GsCF9DGo0jKHqLCDfYJgcTleF9PZQtjn5l80M +dFqG/+8i+TMDh6vpe2Y9vHDu7RCYzd3+RJWUhqjE4ut+lbgqr/pLjOvItk7iUSRw +YArS/Ax4nVRukQVtUvloNKGwECK6nr3PmOeKfJieZwaesbbBAsrtkqQ0QrRBybpX +qJ61nSztqCyqHmmRnUANNWzjmL5ASEwaoJs3yMt7Nj4/IrKd/2P0qBpjnkcnvB3N +HUTysH1j2nciAs7PuOnyP+m8QyDkVK+vAnO8wUcpMOSBxqGk21OapPZYAgIyH8jZ +SdnlThzA6LyI7Kuht+5KgdDGcTHYBVzEKLXEuseokTa+CFvLjZTs+wy6KgNORahk +niKoQITppW0l9/bh2GvNxeQaW5KHzsmGWPX0mNPFZZUEkUOvor4McQAm1u1NOdNS +4VFoQE/m4jYpZYbaQamdY3qK0m7gmPo+VDFB+0/zrBUfWR/PA7zzioIClkOJ/LxN +dDKaH3iPWul0kWu+C5q8xW0U6SBj963MnF+Q0l7fRxS3T7pM6+uKjAHUAoKitdjS +A9wH7ARCYIJKogv+k6B5c7Fkw7eSV/biRV+j5ggN8TrSYpGPljyj0NJi1xWs+A/I +ZwARAQABiQREBBgBAgAPBQJaoEDYAhsCBQkB4TOAAikJEBL197QvKwHnwV0gBBkB +AgAGBQJaoEDYAAoJEPEyscuvExyu+3YP/09D/XesaBhnPs3xMjyTHDDinzJw6XeO +7WySemlSDcIsKhbrRVbSNRubMTjBx/jlS4XfN0R7SgMrLwNz5s8cl4iW01ZliWx/ +/Ie3ryfPUmhnl6mWXUDSx8BPVwyGNH0nijBh0C53DfjVHxd0All+orLmGp7lopgK +rZeO8WBbK/HFwn+PTZKr+/SubJQsmQ55G5ys4bIUVi8wenaI9jNdia05YBXxPN4x +xDqBYIzQ28HnkivH6S6zr7b6S45gia80l7/2CSPuoNwe81nns2pzPigCKs3aFBsM +KBX+kkSRktEjbyDslSGzXChWnwoR1Iv/XlwhQCFRk7K3MLrqsUof8q/jWqBDA+lT +K5j81R9p6oeb7Fnh/8qNYcGvEgHfo+ZV1ihushI9a381vuYq66RNhoBwdZJliwjI +R6Z1UWP2jXhfyAcUhxcryOzdGPbj+LmKrDXGg46wXod5wNAMA0g0JYoXruM2O2tp +gHtCVW/R3RSD07ipubVHAW2RwCC7mhUfrUZP6WMkyhGsNas0zcRPt9v66YXc0Mcp +ilbh3g1hcgb5H55YJyZW9IMVFWZqy3ewbI4DIyLQnrUW/yhhtlloBfEaenEEvnfo +SWyr1o4W90lk3CjjHGqQ7sPG68lwtSxKCdrAR69cb/EtYl5hllqgeok75zOXJX6H +kSDp3gKear1ZZucP/RdIEGmuQETA/7LzZF1gbQx/luWgXUJcmiqDDN0zlN+VrAqj +cmWrkJACDF1gA/p7cA+mC22j1ENJLXWdOi9rNvoJxHP2Zcndc3EH/UkQJzp5KnNv +9gedqAGrzlmaih9uSuH9Pukep5+tMJdJaXq0vPctM8iFdy+9iv8ocikBDGc/miDq +Xg2VDypUCyOqCAlVpAGqrxVXkeSNUceVzaEAQgjC+ehXgDtzHhtkgAtTLPzarufA +cjt2kbLFdbELR8Fefq9jGXoCoWfVQUlxLHIPRh1L+11Y6T9DAMGi94kAxWxUn1oQ +N32UQPrN88CePPrOngZ3gv9CLGbY2Ml/XlT1o6dk209Gauy8dxjraJoXq4WQ+hHv +JSW0qR+n9E/an/apvIbndUCOzqBTzCoIG5LqfEiLEADez7V1YICaofZpL7RW4GoY +PbLJMnfPq6PgHtT5QZVTQO98dZeZwmekMhwB7CTLGROp//Ko/FJ9hqE8pZ+N7Nrd +v+WN/wq9dUjmSHDEbhTTNMJwcRadla7Dhcq4Gvb3lBpoy1o+DbLsEoDuQ3vivEaP +X64eM9LGYkeBID0zv/LWQoYwBh5kqDyfxTLeOhr6VlueGWn2jNEao9e9Sn4psiKc +73lcyOecSPhJ1Y3WJz5pqkU88P3KoFHwuztzxx/997XGEU8vcUQSmSmerv+muQIN +BFqgQQcBEADPVquej+jmKwI7TVFgcsNGjJG92IQr27+1soFTzIvK7KceG603+LzJ +AqUi5gCgz9qNwCV3C83iAPMhwJlJEQiNTJpHHOLw06MgD/A1BJEv+IAgNxGJEPxM +eBmENqzxGJBu27l4F7xfybN7jRRIy1sCyeuO+onaL9Z4ig0YMKYqMJQncA2NjZk2 +3ABB5PSMmUUxJ5ZimuLGhJ6qOUoZGsEKtMk2D3rgD6otng44ATakOHJ8cTJvfhPu +qdJrIUeE6VslR0B61NW5wy2HfmEGyS4ZyBZZGKwxDHYMuBwIDnBf6ed9/8/V8z6R +5J286vQzMy5DDTp9gRhvogDaX9lp+/RWAylFsZtFJquJ0GFyMkl48fA3CQ59HAXj +Ln5//BWH3WJMQu6oJGOm2it3LwasyYT5OlbxbPyxEG3htWB5aN5iFYHKMUoGcFkG +hxMeIOYUvLYk8Esk5v8FH74R3ar5dd39sXdSbq1ZSoFy9A/kYBTQXc/OjnXlhzDc +EbozSPNwfyxzED52ftFG74ZiJbaKZb2cJSsJlcx+KvWLr+2DEC/VBSmYjUTvVtSW +J2xBqomspYcHZvTk2J8T5+LUf7HoXCDMTfLQp4nvcFN5Kz7wfbbrAWmjZ4ppEYzb +RWMY4aiNtcPTrFAwhkfSWc2gGEZgETItbncrdfRzVw4cB3EVDBlThwARAQABiQIl +BBgBAgAPBQJaoEEHAhsMBQkB4TOAAAoJEBL197QvKwHnonEQAIY6nWM/GEp/eEd0 +gmlcUM9Cyv9m5PbARSum0CF3X5pzwbnY1ckg9ZAFUTI2og72o0SKPUgcoUvFFxZW +V/+418ffZP6/zWDC9hOZjkgLM3R3uIVDN8HdjAC/ybf1gTQpEM0PfslsKgqomrXB +8Lw+oqxkK8Uk0Le9zDsaFdZC/tpzGnTQouuo6B9gHTbpwHrtNTkkHqZh6t7+Jh9p +hgVBxVgx6T1qKP4nx0x0qfAyv8dAVmp2uUxVO7tsK5pXwjT01293JKTQxLfyJI1/ +90ydtdsfVJobU8T2Tcin+EIMuaf7PfYb+7cTkCU82Sa/C2e7t8krXYN3Hk3/t7dd +RecJSPmwhOijr5PuuGQerF47ovcH3XyyeWK7fOSqiX7jS3MIK9HaN1il18M2qZWl +TzZQ614FZh/AwJN4uNTO2MdxHXqVSgvmp+QCYNoiyYBl4qE26L72XEVIcXxiMGlX +wWJQI6+P0r+CjhJyY+vNdfaxy4HadD1h13KfsLNZc4+yKsxXerKZmCDIET+wFe1b +PFsRNFfwKLjB+CCDqTpF4l03YlPwZwsghaQ8g+NZfl4qyR8NXospGuv7S7gBpsg6 +Icy08LU4uylmFHmVCPJSYXYtjkYRZMyEy8BEOiwQT2bLmePqqRS1GN5uz6ytX41E +U9coVPCcdBfWUAxoPoOCPH/eNug4 +=00Rq -----END PGP PUBLIC KEY BLOCK----- diff --git a/openvpn.service b/openvpn.service index 496d838..8b94153 100644 --- a/openvpn.service +++ b/openvpn.service @@ -4,10 +4,10 @@ After=network.target PartOf=openvpn.target [Service] -Type=forking +Type=notify PrivateTmp=true PIDFile=/var/run/openvpn/%i.pid -ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf +ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn [Install] diff --git a/openvpn.spec b/openvpn.spec index 943fa8c..550eb5e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -18,9 +18,8 @@ #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates + %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif - %if 0%{?suse_version} > 1210 %define with_systemd 1 %else @@ -29,26 +28,20 @@ %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif - Name: openvpn -Url: http://openvpn.net/ -%if %{with_systemd} -%{?systemd_requires} -%else -PreReq: %insserv_prereq %fillup_prereq -%endif -Version: 2.4.3 +Version: 2.4.6 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface -License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 +License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only Group: Productivity/Networking/Security +Url: http://openvpn.net/ Source: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz Source1: https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc Source2: %{name}.init -Source6: %{name}.sysconfig Source3: %{name}.README.SUSE Source4: client-netconfig.up Source5: client-netconfig.down +Source6: %{name}.sysconfig Source7: %{name}.keyring Source8: %{name}.service Source9: %{name}.target @@ -59,23 +52,27 @@ Patch6: %{name}-fips140-2.3.2.patch Patch7: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch Patch8: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch Patch9: 0001-preform-deferred-authentication-in-the-background.patch -Patch10: 0002-Fix-bounds-check-in-read_key.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: iproute2 +BuildRequires: libselinux-devel BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel +BuildRequires: pkcs11-helper-devel >= 1.11 +BuildRequires: xz +Requires: iproute2 +Requires: pkcs11-helper >= 1.11 +%if %{with_systemd} +%{?systemd_requires} +%else +PreReq: %fillup_prereq +PreReq: %insserv_prereq +%endif %if %{with_systemd} BuildRequires: systemd %endif -BuildRequires: libselinux-devel -BuildRequires: pkcs11-helper-devel >= 1.11 -Requires: pkcs11-helper >= 1.11 %if %{with_systemd} BuildRequires: systemd-devel %endif -Requires: iproute2 -BuildRequires: xz %description OpenVPN is a full-featured SSL VPN solution which can accommodate a wide @@ -141,13 +138,12 @@ Requires: %{name} = %{version} This package provides the header file to build external plugins. %prep -%setup -q -n %{name}-%{version} -%patch1 -p0 +%setup -q +%patch1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ -i src/openvpn/options.c @@ -166,8 +162,7 @@ export LDFLAGS %configure \ --enable-iproute2 \ --enable-x509-alt-username \ - --enable-password-save \ - --enable-pkcs11 \ + --enable-pkcs11 \ %if %{with_systemd} --enable-systemd \ %endif @@ -176,10 +171,10 @@ export LDFLAGS --enable-plugin-auth-pam \ CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \ LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins" -make %{_smp_mflags} +make %{?_smp_mflags} %install -make DESTDIR=$RPM_BUILD_ROOT install +%make_install find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}/%{_sysconfdir}/openvpn mkdir -p %{buildroot}/%{_rundir}/openvpn @@ -212,11 +207,13 @@ rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}} find sample -name .gitignore | xargs rm -f %pre +%if %{with_systemd} %service_add_pre %{name}.target +%endif %post %if %{with_systemd} -systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||: +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf %service_add_post %{name}.target # try to migrate openvpn.service autostart to openvpn@.service if test ${FIRST_ARG:-$1} -ge 1 -a \ @@ -271,8 +268,8 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %endif %files -%defattr(-,root,root) -%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README +%license COPYING +%doc AUTHORS COPYRIGHT.GPL ChangeLog PORTS README %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root} %doc README.* %doc contrib @@ -280,7 +277,7 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %doc sample/sample-keys %doc sample/sample-scripts %doc doc/management-notes.txt -%doc %{_mandir}/man8/openvpn.8.gz +%{_mandir}/man8/openvpn.8%{?ext_man} %config(noreplace) %{_sysconfdir}/openvpn/ %if %{with_systemd} %dir %{_tmpfilesdir} @@ -297,19 +294,16 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || : %{_sbindir}/openvpn %files down-root-plugin -%defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so %files auth-pam-plugin -%defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so %files devel -%defattr(-,root,root) %{_includedir}/%{name}-plugin.h %{_includedir}/%{name}-msg.h