Accepting request 601900 from network:vpn

- Update to 2.4.6: * CVE-2018-9336, bsc#1090839: Fix potential double-free() in Interactive Service * Delete the IPv6 route to the "connected" network on tun close * Management: warn about password only when the option is in use * Avoid overflow in wakeup time computation - Remove --askpass again, because it was also asking for a password when none was needed. As a workaround for keys that need a password, the "askpass" statement should be added to the config file (bsc#1078026). - Use Type=notify in openvpn.service to reflect what openvpn is actually doing. - Import the new signing key from upstream. - Remove obsolete configure switch --enable-password-save . - Update to 2.4.5 * New features + The new option --tls-cert-profile can be used to restrict the set of allowed crypto algorithms in TLS certificates in mbed TLS builds. The default profile is 'legacy' for now, which allows SHA1+, RSA-1024+ and any elliptic curve certificates. The default will be changed to the 'preferred' profile in the future, which requires SHA2+, RSA-2048+ and any curve. + openvpnserv: Add support for multi-instances (to support multiple parallel OpenVPN installations, like EduVPN and regular OpenVPN) + Use P_DATA_V2 for server->client packets too (better packet alignment) + improve management interface documentation OBS-URL: https://build.opensuse.org/request/show/601900 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=81
2018-04-30 20:54:10 +00:00 · 2018-04-30 20:54:10 +00:00 · ce0c40d40b
commit ce0c40d40b
parent 720cbe8895 01270aa102
10 changed files with 462 additions and 212 deletions
--- a/0002-Fix-bounds-check-in-read_key.patch
+++ b/0002-Fix-bounds-check-in-read_key.patch
@ -1,58 +0,0 @@
 From 3b1a61e9fb27213c46f76312f4065816bee8ed01 Mon Sep 17 00:00:00 2001
 From: Steffan Karger <steffan.karger@fox-it.com>
 Date: Tue, 15 Aug 2017 10:04:33 +0200
 Subject: [PATCH] Fix bounds check in read_key()
 The bounds check in read_key() was performed after using the value, instead
 of before.  If 'key-method 1' is used, this allowed an attacker to send a
 malformed packet to trigger a stack buffer overflow.
 Fix this by moving the input validation to before the writes.
 Note that 'key-method 1' has been replaced by 'key method 2' as the default
 in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4
 and marked for removal in 2.5.  This should limit the amount of users
 impacted by this issue.
 CVE: 2017-12166
 Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
 Acked-by: Gert Doering <gert@greenie.muc.de>
 Acked-by: David Sommerseth <davids@openvpn.net>
 Message-Id: <80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com>
 URL: https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a1fa@fox-it.com
 Signed-off-by: David Sommerseth <davids@openvpn.net>
 ---
 src/openvpn/crypto.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
 index 131257e5..3f3caa1c 100644
 --- a/src/openvpn/crypto.c
 +++ b/src/openvpn/crypto.c
@@ -1666,6 +1666,11 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
         goto read_err;
     }
 +    if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
 +    {
 +        goto key_len_err;
 +    }
 +
     if (!buf_read(buf, key->cipher, cipher_length))
     {
         goto read_err;
@@ -1675,11 +1680,6 @@ read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
         goto read_err;
     }
 -    if (cipher_length != kt->cipher_length || hmac_length != kt->hmac_length)
 -    {
 -        goto key_len_err;
 -    }
 -
     return 1;
 read_err:
 -- 
 2.13.6
--- a/openvpn-2.4.3.tar.xz
+++ b/openvpn-2.4.3.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb
 size 938440
--- a/openvpn-2.4.3.tar.xz.asc
+++ b/openvpn-2.4.3.tar.xz.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJZSkg4AAoJENcq80SMwrA0XBwQAKoiJYeq99LnxrXrxDNVyGTr
 r8hFA7zo5Py3ZLelliKqVldBVeX6kkfrJAD5Immwt35PzffzSfVjUCd8mTUCoTdK
 nOuxVRsIfccb2B9yF25HmKPk7tXYfOg7QCCPK8Za8QJxLV85U9h0amTa5veRC4wm
 xQ4TRSk3yQRRKarOySpAJU7ue59LJ3jVBbuiNU0i6xGTzykrnqrli6pAzvFuTqfi
 DOIO8lwMFxwyDXonlX2faglfWanjVSv8nIwmP7EzefhTUkT9EU+7aoA1Lluh2HR6
 DmqOxh0x2DCR+pv37PHgQ0LhBJ2IVRp5sKskzUqkupV3S5dqj8OVFGly6+4D5aoO
 mTd9ZtVK1GAM/yw7QKO+jguSxRn/usIgBmxFcVcLZESycTCSS2iqtdQfSp/PtcGM
 0pQfNsyOm6vutlYFaUQqeGYIlqnlBEDeJr7zI9TdQoJ12DmeYyWABQ4MswnEWOGa
 LwD1PeKLNLddXiSXI1b4b/9TDmSiYw2MH9wDbMvKep+1IQhoh1Zubtv+DbcXXXCR
 cKWkDcTDzGoE55yHAPiP5VCZJvwTWEUA6z9hW38vVY2wauHMNXTeNcVGeTggq+YJ
 NfVv5Np7UP2BbSOPAspGsVlV5sekHvl1YAXuA5Y6hyixt1+KxZdJfFbqsU+fYm1n
 B1yC9E8sA2QK4kahvDj/
 =GwRO
 -----END PGP SIGNATURE-----
--- a/openvpn-2.4.6.tar.xz
+++ b/openvpn-2.4.6.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4f6434fa541cc9e363434ea71a16a62cf2615fb2f16af5b38f43ab5939998c26
 size 943376
--- a/openvpn-2.4.6.tar.xz.asc
+++ b/openvpn-2.4.6.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEE1Ri5vWQ8+U2l7Zlw8TKxy68THK4FAlre2XIACgkQ8TKxy68T
 HK44BQ//aJOa+mT+BvGqhz3gZCrz3Ez6QumwJcn7Sx/zovxDf9KpNhFzykcwvtEd
 cNdorJ0il/WkW819srV6u+665MssiIxm6VFg5WzPz5I+nDO23QfETsSu54PIWQBX
 FrI9+6Rec+v4/Y/ktV4FVqUZ/36rnZjX43YYxwijs+tHXROiU9IhIKNmlGVfB7Iy
 tysJrqg5wzwhO+CTYTmMKwrb6LLTwcHxyWMqPiPrflIGY6sy41RlmvP90u1zmugx
 wIka3oOp7cD70KWMJns68Lc0OkFIz3RO2YW7KhunxdcNzCoHrlCr+HCBLSf8lPbx
 yL1sFOVk4ibZxFKzOvtOEJH1wYquI2B5Gd9QQxIeCNUUAvSh3E/0nMZNqJkwlObx
 OtxakHSqfskxVrpAz7OT9ARHIZUWVfYv/B+2454VfxRM2Rr+Job6xO2i5ukTKHc7
 AdCyY2lZlI8909MjJ0cc/ZeNyB4+jugUPz4XX8ebUctBP1gdUD6XZ6DDo11n9JpD
 lwbc/U1w2dmdGIZ3VrfVr3UiNhB5rxhwlxjSj24pczCjP58FQHKhX5u+3y8/MJ/7
 Efirugzny3ie1xpW7MOsrndjiv+wQD/gwaszA9HSQnJ4M49byOKJJSg+/Y0vR/PN
 8oIR7vnEJ5CS0EVaxBJeZifp+gM5L05xdfaGk5WJ9HZDsP4HkUE=
 =dY7S
 -----END PGP SIGNATURE-----
--- a/openvpn-fips140-2.3.2.patch
+++ b/openvpn-fips140-2.3.2.patch
@ -47,7 +47,7 @@ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
 index a55e65c..79f5530 100644
 --- a/src/openvpn/crypto_openssl.c
 +++ b/src/openvpn/crypto_openssl.c
-@@ -926,11 +926,15 @@ hmac_ctx_free(HMAC_CTX *ctx)
+@@ -926,11 +926,15 @@
 void
 hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
@ -56,7 +56,7 @@ index a55e65c..79f5530 100644
 {
     ASSERT(NULL != kt && NULL != ctx);
-     HMAC_CTX_init(ctx);
+     HMAC_CTX_reset(ctx);
 +	/* FIPS 140-2 explicitly allows MD5 for the use in PRF although it is not
 +	 * * to be used anywhere else */
 +	if(kt == EVP_md5() && prf_use)
@ -68,14 +68,14 @@ diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
 index 0b1163e..93283bc 100644
 --- a/src/openvpn/ntlm.c
 +++ b/src/openvpn/ntlm.c
-@@ -87,7 +87,7 @@ gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *
+@@ -88,7 +88,7 @@
     const md_kt_t *md5_kt = md_kt_get("MD5");
     hmac_ctx_t *hmac_ctx = hmac_ctx_new();
 -    hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
 +    hmac_ctx_init(hmac_ctx, key, key_len, md5_kt, 0);
-     hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
+     hmac_ctx_update(hmac_ctx, data, data_len);
-     hmac_ctx_final(hmac_ctx, (unsigned char *)result);
+     hmac_ctx_final(hmac_ctx, result);
     hmac_ctx_cleanup(hmac_ctx);
 diff --git a/src/openvpn/options.c b/src/openvpn/options.c
 index fef5e90..33b6976 100644
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,98 @@
 -------------------------------------------------------------------
 Fri Apr 27 12:25:19 UTC 2018 - max@suse.com
 - Update to 2.4.6:
  * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
    Interactive Service
  * Delete the IPv6 route to the "connected" network on tun close
  * Management: warn about password only when the option is in use
  * Avoid overflow in wakeup time computation
 -------------------------------------------------------------------
 Tue Apr 10 14:29:18 UTC 2018 - max@suse.com
 - Remove --askpass again, because it was also asking for a password
  when none was needed. As a workaround for keys that need a
  password, the "askpass" statement should be added to the config
  file (bsc#1078026).
 - Use Type=notify in openvpn.service to reflect what openvpn is
  actually doing.
 - Import the new signing key from upstream.
 - Remove obsolete configure switch --enable-password-save .
 -------------------------------------------------------------------
 Tue Mar 13 01:32:52 UTC 2018 - avindra@opensuse.org
 - Update to 2.4.5
  * New features
    + The new option --tls-cert-profile can be used to restrict the
      set of allowed crypto algorithms in TLS certificates in mbed
      TLS builds. The default profile is 'legacy' for now, which
      allows SHA1+, RSA-1024+ and any elliptic curve certificates.
      The default will be changed to the 'preferred' profile in the
      future, which requires SHA2+, RSA-2048+ and any curve.
    + openvpnserv: Add support for multi-instances (to support
      multiple parallel OpenVPN installations, like EduVPN and
      regular OpenVPN)
    + Use P_DATA_V2 for server->client packets too (better packet
      alignment)
    + improve management interface documentation
    + rework registry key handling for OpenVPN service, notably
      making most registry values optional, falling back to
      reasonable defaults
    + accept IPv6 address for pushed "dhcp-option DNS ..." (make
      OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
      clients)
  * Bug fixes
    + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
    + Fix lots of compiler warnings (format string, type casts, ...)
    + reload HTTP proxy credentials when moving to the next
      connection profile
    + Fix build with LibreSSL (multiple times)
    + Remove non-useful warning on pushed tun-ipv6 option.
    + autoconf: Fix engine checks for openssl 1.1
    + lz4: Rebase compat-lz4 against upstream v1.7.5
    + lz4: Fix broken builds when pkg-config is not present but
      system library is
    + Fix '--bind ipv6only'
    + Allow learning iroutes with network made up of all 0s
 - Includes 2.4.4
  * Bug fixes
    + Fix issues when a pushed cipher via the Negotiable Crypto
      Parameters (NCP) is rejected by the remote side
    + Ignore --keysize when NCP have resulted in a changed cipher
    + Configurations using --auth-nocache and the management
      interface to provide user credentials (like NetworkManager)
      on client side with servers implementing authentication
      tokens (for example, using --auth-gen-token) will now behave
      correctly and not query the user for an, to them, unknown
      authentication token on renegotiations of the tunnel.
    + Invalid or corrupt SOCKS port number when changing the proxy
      via the management interface.
    + man page should now have proper escaping of hyphen/minus
      characters and other minor corrections.
  * User-visible Changes
    + Linux servers with systemd which use the openvpn-server@.service
      unit file for server configurations will now utilize the
      automatic restart feature in systemd. If the OpenVPN server
      process dies unexpectedly, systemd will ensure the OpenVPN
      configuration will be restarted automatically.
  * Deprecated
    + --no-replay (will be removed in 2.5)
    + --keysize (will be removed in 2.6)
  * Security
    + CVE-2017-12166: Fix bounds check for configurations using
      --key-method 1. Before this fix, attackers could send a
      malformed packet to trigger a stack overflow. This is
      considered to be a low risk issue, as --key-method 2 has
      been the default since 2.0 (released on 2005-04-17). This
      option is already deprecated in v2.4 and will be completely
      removed in v2.5.
 - Rebase openvpn-fips140-2.3.2.patch
 - Drop 0002-Fix-bounds-check-in-read_key.patch
  * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
 - Partial cleanup with spec-cleaner
 -------------------------------------------------------------------
 Tue Feb 13 17:49:09 UTC 2018 - max@suse.com
--- a/openvpn.keyring
+++ b/openvpn.keyring
@ -1,5 +1,4 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1
 mQINBFicXUkBEAC9j2L+kJxqetXfslRL/UOqZUNpfNGUjpP2yb+j9UYdZbS3dq67
 i0oYINqKRO4fZEg0VLpW611fTUL3qhKADmSlrktY8p26T79I/TYAUuwlijTFKUVw
@ -13,97 +12,318 @@ bav3zvqEia7kQiR6qLd6KMk4dcpE5UAdLii8yGNBF93aU4UPJg4zhTl4hBANp8jf
 tCd4LfxB1aurGfqSlwfE3c1wYXOAplzG/CAbvHch0mA1ckKKb9MYvmInYj/cnPxT
 ZBhjT5qBq91qiqNbStVquyBwuyEsa3FpeUopTZWxeO6Ik6hz89g3+Mu2awARAQAB
 tDZPcGVuVlBOIC0gU2VjdXJpdHkgTWFpbGluZyBMaXN0IDxzZWN1cml0eUBvcGVu
-dnBuLm5ldD6JAj8EEwECACkFAlicXUkCGwMFCRLMAwAHCwkIBwMCAQYVCAIJCgsE
+dnBuLm5ldD6IXQQQEQIAHRYhBJ1Sw0fqLFJAInfhLR/HT6mBfHpSBQJZ2PE1AAoJ
-FgIDAQIeAQIXgAAKCRAS9fe0LysB56coD/4/z1WaO6S6MW9GJUHnQC0xym6ZW3Ax
+EB/HT6mBfHpSozAAn1xyDljEjokbnI7wNbGcCDlUlNW7AKCuxM+zG26UM2r0DxVe
-c+iRT2M1FnBBEYEZXdPtQg6dkuAozip/V7MsYt/0xo0bR0ViE8SA53R+E3KW5/zW
+fWTFhBIV+4heBBAWCAAGBQJaX6COAAoJEBu4nAYCNnRJ+tABAP7T3P1mw5hv3fl/
-lebAF9E/QZMobVU3T2fbMDHckRyrSXfjTWnUi4EKrXbC41axwiRJisbFMPAY9aNP
+F1K8RT9+ohTf/yrSzKahNT75AFKbAQDUv4MCnH6qrBQCD/kvOUcOcvmvjFN6sev9
-SHhPDvYvKCNvuVYB1cPOZ0pJYzeuGSiv4FGaUYKdNQOZhinVGccev/+ll/g1yW/Y
+5kR/dEPJDokBHAQQAQgABgUCWXeoHgAKCRA6fjL5C7vds051CAClxiDpvmUjgDnH
-2qFnQPh/z0LJnTwk4PAxrtt6sc+AUXo0CFAnGVYfw42TFqNb23osO8IFHENSS5Uo
+xm3+cesx8XhxykokxI6Pc7MWSuSvFHBy16PTrtv9ePOfqG3jpfO1ZSYBT89OO2bT
-XakMbw+EZYd2gCnUptRUMLLH2mUexVQaFaIdi9j+zqhOfgZ9MRa9OhmC7sq+Poz6
+cLPioHTNj+aYivCYRXf4An2ciPdurTDlQmhv5z8bC2NztCMSgVRN8j+ZWPZh/jv3
-SxmQz6W//TczylpXixRJsK8rdIYMp717ycShX8mOqSWX53Ehc2q8kSCor1xOhDXt
+LSIRdxjk563NL4vdq8U6Meezz5UVfaSm4G8N4oNNDZwK7UVoIYHlyjuPdW6RtBqT
-oBkKYHucX33/+NS6l9XjyW6RMJg1sV4XSvu6Dfw/qnUFj+z00N8lQUiM7KPU6EhN
+rNggs99QwFfRDWYYRoIZvC1qbOGepzPZhluDMmknkvVctV5aheqtPPSGhS4C98i/
-/h5PeyLKxppkpndlBuHZ9YvpiQNnfPRlfwPi1o59N/rhN6Xet5kbD5e8yPnNXZlc
+PV8r6j2+usNKHABpabC4pU3JKBWNK0mR/VidF9zNtqtCyIewtxv7E5Avqq+MzuPx
-gwanJBkwFyrgIKq9zoGD08TfVha44sIsq8iy+3QwFp1BgjBNFthl1JYWVHpnM5ni
+gcxl4cEXiQEcBBABCAAGBQJZpYy/AAoJEC20u+/5mSLkoEcH/2PFU/80HepTS6o8
-FIx87RaRp5CQJZ4+PfZ4B/oisX4Pr9QkEhGxqIy/34zOGnv/k1TDIPwYVXSx0zsK
+RJRmEyBQp+1aGv3gt5MYkUEYTeTLW73qEqt0n4XXeCxnOrmFdhjf6PCK4yp+gk3K
-Q4GdxmxB0QRTbYkCOwQTAQIAJQIbAwUJEswDAAIeAQIXgAUCWJzLrgQLCQgHBBUK
+lmZ7b+ELxqMTF/7IpnlVUztio7NCsJStnJMaLiFPpa5AmZYn8xmsgvsrXiVerkvd
-CQgFFgIDAQAACgkQEvX3tC8rAecE3A/+LCiwUH30gbauYFlk6tWL8GfEKmGqjyYV
+F7txY7T8Cus6BXTn1Sp1av/c86zeU+Ibe9ZkGY/+Wns6TxOAplwHcG4uLXj2oxz9
-IJAmmkdlHXg/oiP96Xjrg6aOHLm/QNIvNIM2Z8u+0i/UxpPcnXp1qxy6YEl2rgbi
+ry8r7Tgg/qB8Vo77c/+wS4hkiP4SyAwRVPHhzipN5eBlFwyW01lqESBYIhqD2z8v
-b0njCC2L23ziEVQniPBrZCWvp5wQdMy3BG+1cvYV+H84YlW3IZm/P6mqgKNU1U1j
+jPRTBwe0xyKa/KpeibD8KLf6fPMWGjQASLe6yRZTDAFOBAnatECtRp5SyWzbUfK7
-Y4zpIVe6oF+WhM7ijZGQFOYzaFBK3kZw5TNguXiQEdisDZF25zHBcz7aR1WtYsd6
+oO87wQ2JARwEEAEIAAYFAlqc7RwACgkQ17bfzgpEGOVeEwf9GacB2u9Cl/weGXgO
-Zm/Tfeaoaa8SW23GdhueruDpIEsEAcMrwfsYnUPTuIQ/NsiQoQWVKHRMxONuJB53
+L9abfQpyQsVf+xnZHnpcqfqXc4ES7ucJyObJ4Le+UOOkDgmWJ71w/v+dl10nQCG+
-o07/1T8C8GPBL3t5xVZZK2Go0XQryUWuW380IrT120B+patIpdySOTzBlDeX75nN
+DRoMQlMe0PQdxEYG3lAvWnfrxqVXz41nyqQmSOTfn/GMAe8EbCIuy2rqXYTLOStq
-dM2epY8mBmlR6Jx1RTAAY1ImYD1myv2+kYZYczfThpN04G2L2LXbnOJ99UmAxGIv
+xAAnfwHzo8l0tV+uwUvP8Q/2fEwoWJsNoiVQkVoKmeeLH/QAdh1JmO1StNMO8N3I
-abPYawYriEYI1r7+WeQXHoHS8SxZex7tSzuVkYYE3mxT0YaPD9FGjbcu/79GYF8O
+76qiUffkTbdAnBZmeruO9DGpgyoAfRins7SJGRHth6ikGuuYc6dHa3PA10IGc+Ad
-qouKUcjFTDOzL3yBZIbJSXlxgXD+AjIOjV54F9+xkmT0GAC55QbCPmvgMLhAbl8b
+YoxPy4J443DiHhEmsBF95wJowJCDAspmhhDOpnPShvfGcU6O8x2Vez+EbnsSrTTQ
-+maKw0MORCTqhzpF5jOVPjhT36ZJXpCNCZ4MA0U1qWY5v/qKKpaP14CXV/rT8VR6
+XQ/TdYkBHAQSAQgABgUCWZqAkQAKCRAjRRsQeqA5Qc0tB/9gG3MLp3yTuqkJ3JgX
-7MgEBdIMUtRM0uMYQHYvHh2Am3BU/Oee4ns3s7OCVhhMeWQ85UEYKQ894fRwOANG
+ZEgdJn5VY9U8fVAmG8lqbr8e9fM2ZDIbWg99w1T/KW/kBOxhlSt/YNQk+SU2x61u
-NlSPHWw+LvKJAhwEEAEIAAYFAlijkAkACgkQV9udq2E7jaFf4w//d+Tx2ti5mWEj
+rRQFwKleJsHlaVRUc6eoAhiHzOwf1I6RT6pn31dhqhNpx2tvJtOLmKZkB53tkA3d
-/7ZygilmqwR8w1yUZAZBeMXkSF4NEeGkInt2bLBDDHoEiRpM7pmPUq4uKEJmm145
+OVbZaU3KaGVYzW2iMlT1aJOwTy7RMFO+pLxmIWqczNeAcu1zersa4nkIQI4F3snY
-cLnfN2RScxefOAxGN2NhAKTHRbN7QIAy7oX7FVvEydOZzFYRYDLdC0fKiSg1BJG4
+I5WZwyuBeIWRK1YPvJqUm1IxKvigfmozos9+y72b6yjFcRllDKIt0eb9JnZ30TPm
-+kaan18S2oWLfAQ9gEH8KD8zbF7a9okeM5GSUkIs6WdNjU3YM1bGiXIbPQWqHI1w
+3nHBzXlLgNVvuQ0oN3s8waVgXnNSIUsbvOkWIsOz5r9Czt9c6cPFhPY6GCIUrvZ8
-/6GpraPbKRCDE/td6FjInpQy7eQl4GW0HPekLdWnrLyZ5KOwTAaDXkIVqse4bwi2
+T//BiQEzBBABCAAdFiEEVQXkUwUfTo/Nvb03sUAmce0N+90FAlnW1ssACgkQsUAm
-e/4OWZLZGM3G5aCkMZ5aUehli4fAIRbjqhfh1lxtIZQsnImrHIIEp3cm/4DghoII
+ce0N+93lzgf+Nh+LSw3YHfwOBb/M/cvWB+2z42tDxLgfDri7rBKCprFW10pX5z6B
-aqqmJ2Tngp/uLfVqy2uNFkM1dAhrW1U7TbLa+DmiYH9X5/0ctd75H1ZQoEjKwKGN
+X7aWvvG/o24McC6d15FTEpLw06tnIDWe52fUTI1HZkGtfl6c5W2Iz2ov5UXLjzfG
-qgw/Rq75rxSBvFSLU9fvuH7WG14WXdCwdFroXXDjhd1g+Pc4qvr9W8yJjBjfi/NI
+wN7Ep1xUEjC8sgST7+pOLz0QJ1Ac5GnMNnDAztqL+P5UOlAHAI1DaR5XLk7AVYA
-1s50iWhTXoBt7rKWwvYhy/LFAo9leEo+RzU6+ugUaOaPOU7F91HwLTut0Gri9rLe
+AJ9D+5I76oDfaIABn+ZMWzIoDgKcpX3hlgFrow66GHZZJI/1lxB+8KNTY21fIYoN
-tujpNn59ZHk4zr+Mcw7UC8X57oW7dW6ZI19G0SWPPhyaU9epcfumlMSqI1r/66Ji
+T52rT1RaLpNL1CqT7QkTs0Sy0HiFTeLfM8xRkMxML5e68nF13x4PR8LABXmZp2EC
-4LJ11Td7Nv2JUTjo/SVGor2IUzABsNjb9s/ffLFvSePjRDJLe2I8l1Qs6bubjGPQ
+M5Selr2p0uJQFCtjHX0ARp3IxdUry32LUokBMwQQAQgAHRYhBIIXWIefkIahtKRX
-HZM2VxQw8mA5MjTFDDd+bk4AEU0bhpG5Ag0EWJxdSQEQAKO2FBTqXkiAYeur4Wzq
+o23OmZIpa7SiBQJaREaZAAoJEG3OmZIpa7SiSrUH/R2PYGiE+0SWTiYTgziSbX2T
-OakSDPk8qeVGaGzWIkehy5l/JV3npacqgRLafPvOTdUDujd1+pAaRABUrA5L+LlJ
+TsV5M+9N5bJk+ApyjxmvrOrRUeI7MSxwlLBgr3fVc02za+Bdv9ZcwqvaW1b3W1vB
-98AZgLzxWywIbTdkLVE+65gdGTchGU95WxqT9HYBzORMdXpc3avWbnX0AJ5DfbBG
+vHO8AxNId9HVY1g+HZYirmSo/RLy4S7Rq29Q4cd+kaUrl5ElynDVdNKkkAvfGySv
-j3nPsxwTTeyg8Gut8p5BGUYJg2vvZ2XJjPQrFUqpN71FLXwlq4j6fQwG8rp5/LCX
+DiUD6QgsojSjHZuUVjTJAIGaV8jOiJwfc3v87e9+0V5mng613wv6ObgDSVc66X0b
-QwA1KPJoNm6W8HT2V812ZcKXmfV0bK88qI9ukvhM6e/2OmOChfm27gR0+A3iGk6E
+GmUJSUq2rqfAE06SqLQ/Dtm4UpJuBA7QdFbQewHVJtw38haK47qPPyp7FV64y/K5
-x9KhA0HhfWPByI14PsFHC6mSg1nJBjN4F7IY5ddP3bg2EILz6Dx0cydh/FznZHM/
+4W+ZPyZ6qb0q93uMeRp0Be82M4tKYG0+VW40eeYsNwRRs48XUBtmwj5eDg48hJyJ
-iXHHeQWu1vkUUnDZ2Lp+QUu8YaHjUbFof0gExnU6T/IAxUjRfNBf+1/5O4beo3gD
+ATMEEAEIAB0WIQSWaLi1rt+ia7Hj4S/ruxlddiv0cgUCWmy76wAKCRDruxlddiv0
-7deXLwUQ5UqFUjEdiGr97zRteLvE6BcMQXEv59gbWgvXKEt47oA5iSCC6/Kxk1vd
+cnXOB/9djGvR1v3PK76yvbtiqG8nZnfVmu8em3sne1LIA5oHUYtqsWCHUrpEY5Lm
-90WrPWSP8FGz8W/vZDYLvHqLAZ0LdM2jVraVx5F1ESjsyXQ89s9BfWaWM2l8WlpG
+lqUDVD5EUir/EAZDy9Muf3PPMrWzg1NPZK4wuO3N62aU3ZgG/aaBJXuLHHA6rYjt
-CnPv/z7sAkzfTIZuqBUB3RkvSNeFOhkydqXxCK1moE13Cdo/YJEAYBoSf28w0Fxm
+PUt2unuIIEmLgzKst6AY8hJuov3C6l07WzE2guvTC8jvZtsJGikgVnEpgIyN6sY2
-fiWUVuq71lpMXbUbQZRg+AyHG/bSTii4riZPKws+k38a4oqHNfBcIHokWj9bLh7m
+QrxxJJbWaM+4bomZh/tFMaczupv98cRZzFv3JlCuNCG4TPUgNI5q7vxRGr2FnVqV
-iemW8EAm+iMzlg4Qc6XYuvN7ABEBAAGJAiUEGAECAA8CGwwFAliji0QFCQICv3sA
+TJ7ZR5AsIakBvAo2pzxE9M5q3ukyYpgMFG5LcUwNO/nRoHXCTh2HEEYPf3VGKbHM
-CgkQEvX3tC8rAefqWg/+Jp2z1PSfQvAcTzrDgGfssQQRDhH8p5KPlbQnjdc54Oz5
+raDswhlBL/J45Aqp3uh8tT+Jw4MEiQEzBBABCAAdFiEEp2KtXeBBcXlrRORD2yVH
-gF2qvJNBVnGEJqMq8HyuyXaGND5PlptV6NTulxgX2U6d7g667ad6aqufO8EAzOj7
+L6i/yo0FAlpLhN8ACgkQ2yVHL6i/yo10Lgf+JehUT4dgsR/8+J4pM9EdQYBXH1SV
-EUxaONVH/jGcRi95g2LTR4CJ9mzS7M1VZ4oUWfx785uhyyyxHuiuFRfMq1zZYOuc
+aRzFsV/moLGiFfJEkM4aBe99gVDWY7ddfljLx/s3VbyiWCX0DuPojCkTGnaXoYgP
-xJ3fI3zIUJMHt6HKzxB14YtwPfyJ5RD/VViaq/Agck9GCaAeDm0dqZnlQf5yx6R4
+EmXrXmjftihPz8hHUXrKkMESGHQYDBtgds7cLEx8M8Zg8BK5zwbMWug+y9JJV24q
-xuEpfp+9CK9iuaPGXui5KQsYaIqS2xqFakGKQ02JrrhQgHTP7BRIjzXv4gv94Eiv
+HMttVCLYbWarHS7VCj8wrIUmLzZeQgi9T0U+D3jv007m4T2E40/UpclAe+nexDb0
-N48L5jaoNk1eHKHFD20XMT2honheB/KXCzdYzz4bIlfNossHpcRahcqMOAud57Ag
+/ehbFKbkVVafIRq8mRcxuoNUChG6RvhD1rV4W904DqdEO+eIgDOMO6GRuaSav9Nu
-CmO/X8husUfc38rJUMlrcvsTEMFoWoNXkhKko/hdRdYG0CiAAsRhCpY+b43NUPgG
+dG6wd8hlk/TFipTX9XUxhanrjGXmm2o0YjQ4vjwqvjy92rcxhTaX/oe5IokBOQQT
-M549KDyJtHLi8jczBy1FYWd73HK95EgS+suTdWN/JIbzYE2PHNW+4CfT2WPBiUxk
+AQgAIxYhBG9AVoIRUvA7ayTy/PhIn4Odc2fzBQJalK8lBYMHhh+AAAoJEPhIn4Od
-oV0ZuzAecjmsffYZDKZgT3+WVmewxyVQGNyGmeRQ2iNDxfntkgL4DRHJkB/ryDsS
+c2fzLbwIAKRAjVowy/tiaBhO52PgKEjDAgq5sCOUiohptA5IIONt8heIIl3YRf8m
-lltRmqwOMbI0unMt1j0CQLllzY3TQvWIiYRcMBESFREgxWrv5kJKZMze0+BNwCMS
+IRIwGUZGyTCf34lIYsMIhAuVizGxnbREZXeC1D5BWuvQ6PQEMRnTWttt2htaNZVX
-iEkwNvm2Jz50EZmOTiNGl5d0SqYgQyw8/i1uxBSs80WA1E60JlI7EqTJHT2Dgs65
+uJh8CJjFY5bYQP0Gqdqg39HZgYnuPTdMN7x3yUzUbPKcRoh77gUjyzOroqS0kGmo
-Ag0EWJxd7gEQAK/OTSfxwn91jNGTy2D29/pIPAR9Q2aYV+AZ1V8sprXwg5XeFvHg
+R0u0tHL+kCEKCHafsDqsXHz023yxlMuYdK+RPnsjBNXi2ygoU/DEpa1f+5E6ypDM
-Msc47wCHSihu3oNGZR2XF5O+gXE6k4/BZpBgBxdijGtb+P3aYHjr0xUNmMWw1VdJ
+103Fiebaal2OI2dCdVTXHbOZFMjiApQYWa8iL2R8/og++JLzf7V28pLjpd1ildCm
-ODh6f2t+1r/GLUUF38GUYL6Hjy54sTF8CHTu5afm4DugxU1bDwOfH1QXMOYC7tIn
+nccCcHQMMVq9rq4v5Pbjj0wxGmBwlEKJAZwEEAEKAAYFAlnluYYACgkQ/a4lZvPw
-Q1y9JWoowKItCcRKfG3DvHfgfnB8jfbGOdyUcLMNIuxCXcAt9rPh1QRCbK+OBBom
+GAdB7wv+LZrFo7356w6ui8U3a7/KJhlaX1/Kn/7mUMjrI52uprs65DHLSJzrt3Iq
-S9pNwXVi6AtGbkw4LNemhspk1rm+kZOMJALKpz2nOc+VA9Ci+6oHkXaUTJt5rJm9
+B7uAmdhpsAyzJaSbRz0f7oKziZ/gFZvLw3Xofo9rMuj0ecZFpULCugZ/s2tWSXYZ
-llqD49p0Tt/wtIWPyr0ThJXoTwuu1aeSiT22vtDO8LoJrognRuxzbDs05pT68W3i
+cFcQZA4tz24ZREIm7f+SEGMMfAI4jymBnxNJKahxvC3wdPCKD3ts0oK9YOzm6Wno
-wBc8P8F8jNJim5Fzu9U0hkqkJv0wHP4Ap/MCDGZ36BMSAE8oQXBsTjHydVye/YL2
+yZLLwFAa1QUQ+/SbgqsO3I4/wn3BU2EvFihDtW1w1wIiNUZ3S940WCFHdMPeFg3i
-8cg3GRckL4C1E8kY1Bn2hmHA9QQbK3iCNduISBmN8abYX9RDJjqrCkrspRefIkbB
+tzLa9vat/+pSyA/fc5CufWeX7Hv9ie6jXofWzir1cFoQGB2YdBNCb6AwuABnMzKV
-5WUo0f6hW+7+UVhQUCD23GA5qPza6Ue2HjSEW2Y8RPXbcBGk0pgX3ee+yRbp9izN
+xLPQsTwksQ4twDBUifqDLUk85O7Y5ae49600SKRBb/qqERTQKTw+5QSG1RLdMHPr
-jn5zb/tSYx5GneMaTwDrbDeB0P0pow9NoH2ONGs+hkXvsKL+pc7crkuFZqRETAfI
+F0qUFDJ9U1mrKMZYmK8iCKx6W6BJsvV5Tsjz3YL2ZV881Bn0LIzL2CBZLmLqgao3
-NOvQDvUF/eto2vfArNW4hxcosrMB78pUQ8LOgtFxjJBR4EHEC25gwXlJABEBAAGJ
+GI2nFsrPICfj0u7o7apK75chVXo/LNSbKpqsx5NXMQq8NvVd09HKK50oUohL3e2q
-BEQEGAECAA8FAlicXe4CGwIFCQICKQACKQkQEvX3tC8rAefBXSAEGQECAAYFAlic
+YFDt0evEiQIcBBABCAAGBQJYo5AJAAoJEFfbnathO42hX+MP/3fk8drYuZlhI/+2
-Xe4ACgkQ1yrzRIzCsDSaeg/+Pr9O9qKYgfmg8nE0M43P5bWO6ootkaf/Uc2LQDuX
+coIpZqsEfMNclGQGQXjF5EheDRHhpCJ7dmywQwx6BIkaTO6Zj1KuLihCZpteOXC5
-qiS8WXmzK8S5zIujxnBH9B4z8nrwCvTZ6JZHUygyhdkvnkDXBtO+MTWPugalxmMW
+3zdkUnMXnzgMRjdjYQCkx0Wze0CAMu6F+xVbxMnTmcxWEWAy3QtHyokoNQSRuPpG
-AaGK/V1M2ZXWHdQpwAfK7dqfuAP9Tse1SoQJVsLFjJ7L33lHAygKG24zJhowQCRG
+mp9fEtqFi3wEPYBB/Cg/M2xe2vaJHjORklJCLOlnTY1N2DNWxolyGz0FqhyNcP+h
-Hc1N491MvbgsEdCCiaIQByVko8itJxLlOa5A7jDJy6I1L5YcoBFY5i5Cm0y/8TRX
+qa2j2ykQgxP7XehYyJ6UMu3kJeBltBz3pC3Vp6y8meSjsEwGg15CFarHuG8Itnv+
-kfCLhwtslXeltPDpHBqd7iKHBc2OYZz9clZNgr1oQFnlntCS9HlnuSPVS50xg4Rd
+DlmS2RjNxuWgpDGeWlHoZYuHwCEW46oX4dZcbSGULJyJqxyCBKd3Jv+A4IaCCGqq
-idyyNvR7tm8LKx0Ptm4Aj8q6+2s1zUVY1yZbyd8vLqZ/QwN7pZhAhiGZXr/e+Prc
+pidk54Kf7i31astrjRZDNXQIa1tVO02y2vg5omB/V+f9HLXe+R9WUKBIysChjaoM
-lL5BalQR2FndYrGY77HAcubWpTkzXC+iGizPSa1nni562rwHdQWXWPt3R5KBmcdJ
+P0au+a8UgbxUi1PX77h+1hteFl3QsHRa6F1w44XdYPj3OKr6/VvMiYwY34vzSNbO
-KirNfeF2WiHP77gFnyCg7o9XzvWsqni7XTm+HGDq+E/RMFYdeSzYJ0wL/kWavpbS
+dIloU16Abe6ylsL2IcvyxQKPZXhKPkc1OvroFGjmjzlOxfdR8C07rdBq4vay3rbo
-kdCN4FBQ4HAc3hypsSHG3Vuian4kykJ0i5uDtgdeLxJmtgQ9PpNZScSrMC1lGBdE
+6TZ+fWR5OM6/jHMO1AvF+e6Fu3VumSNfRtEljz4cmlPXqXH7ppTEqiNa/+uiYuCy
-36cRCvAR3wwf7nzD1F1voTfe5MMx7k7IVdyfs1Ajnjrrm/hlShFifl8hQ2UIyhNM
+ddU3ezb9iVE46P0lRqK9iFMwAbDY2/bP33yxb0nj40QyS3tiPJdULOm7m4xj0B2T
-+bQ/YeHvL1OjpDTmIvxuelJcPmM9+g+gGrV8DYw+ZPrFDOTfEPgRqPze1608JQp1
+NlcUMPJgOTI0xQw3fm5OABFNG4aRiQIcBBABCAAGBQJZl1x/AAoJEGzo53jf9lJ3
-P7FuzA//Zd6iLDL7EmVlx3sJs756SkiUfS1Yj9vTbNRVP/GX+D7rqHQL/vRHQlc4
+/P0QAJ6tKU2y2zAZ6SCKnTHlJXUtTSsSHN4m4X1lzlKJj8a5+TG1l8ucAG3q76BX
-rxqpQIf/T1jhanqXB+NCIGwV49xO1ODsDkSZuJqjPUyW8BpqskR/l+OXbCa04oCy
+tOriTQXUY6tsOIS69aI2BrkiEoSEsUb0DEZgjL4Nulql+/sSmyc4EB58BQLQG9Z
-RBriMtWFUUQ0uquagdvte4dEo6gC4l73cz8emUnB6bOKCq/QxvtjoQSa/VsWrs3D
+hXdWtkaatyOSiMwsoQvwjfVvpzzDTfEK8AujRKNYiZ7zDp//juI8zioYSubuNzNQ
-xIowQOCTk9eW9YOkpwhrSSnksumYS0V+VQ5NpgYesR7oH36d7Sh5RNEk97v9T+OQ
+JOUOr5/+9CUeyRMW88zqXesc+PTkB264DBpNGTXpshgYe38IMGsqhYxu5iW88SCb
-cjDtPXBD2fD5e7nwo+UV0px0y+pAzzf6Gwh20D/gnIJobOAgFl5u/l3LGaYZnUvL
+1f6Adi6ZDBfhg7OrJXqs9w8IgSauSD2uaAWXwQHDyxm/KmCs/crywzxvY3WkMdzY
-4xIaKVNHxjldX8BmHos1+7xC0i5JH0IdNoCHGXF8BmkTz7t9CwuESZeFp6ucsvTt
+VoWO/jptY0YdgQkToef7b/MFILSQUgjpUbCKn1BEFVEy/12sb7hWx2r9C12jooue
-LfLsJW73E5V1y4yWLE2Baucpj3+WFwQBVM311/X2mGMTF6FO7n5UiBE52dmy78kS
+Cg+APvKWe7jKAVDvXtC5Vx0xc6fEPY53wnVSgSfhf1uBHHoZeBLgWTr+lQjrKLI1
-EyfpNwdTJ4NbpiZaeRFusWE9J3zVP+AKXlyANjil/F7xkgbqK32CrD6OLd/AjyoS
+v3uu2vGDwKk3octTh665Dc94tYO5o7uXIRvCetq4TlcBnRDyESMh1SQW06RZdGtP
-QeqBuFk0KIEWnj8FcRnSZCTy0V5iqx/guBvy9gHyGHs39xRH4amybmn/wHX9vULd
+AY/LKfASYGZggTUBo5KIKGf4MhbwinDuldiRvjC4eASkDncwE68Cggq4cvE1vDvL
-KJY9YjVdjtH6OpQw+7Jc9xH4+tInHBB+MErX9Q1TCeg/kANZPAD0aHgUrbawyNHQ
+dC9IfVexcayJHcm6yc75gOdkq4YxgUUL1C7pB5MnawQoI+4LQcmwMPdiIOcnBFX7
-QvVy6MJDfWSsx6t/SAwUHF6rKPiN3nfWTCN8JQccPjw+Ziu+C8E=
+ICTUc0/LIIr22yteSG4E8DBRzJpdGV4AS2OySyuzRva6Pk/liQIcBBABCAAGBQJa
-=iBcj
+BU8SAAoJEMsRIiOnlU8G6psQAKQRrLKzj4eI80vVV0vaV5xETUZQ0pTsek2hJN2E
 3C/qCYKWocD6a+JJWHlalFtirdgo1jh9AjFSBWHXJ1R8EeLbQRhH4vGkMKZgmyJa
 /3NKqjWO4+jMR1tCZqdWT+qIIzu2tB5c2cYDgNo0r62179axcYhYX+xkXzCdw82F
 Z8BISkczmP7qlvgxgx3vt7Sbm6hgOo/jdpHNIk3sMNMLmIkKc1RRqZJqAaeVZT/j
 CNVr80uafW7bDmWbVJG2db1h7ArnGTj+Zdkte6KiajVTpxYQNq6TdXcj5PTpf0NZ
 yAOEhWO7EDUXODxu6TggXETThdSSF5lLp4WbW3Xj7+MxNhNoGfBigwQRxN7KlyuJ
 Z9qusQkwCrButK4cQ0qfnO0jUbK/Rz5IjYCTW14gpHlD7v76/mIoE6NbPL6jFSri
 1PUffyyRmLmURJ4DVUx/ywMNCkNb+0sgJmltoNQJ+ABHJ1ar89i8Z+BSWHlgio4d
 IYZyB4xrQ5H19z44Na7gedXxWx+Ba5h2nzHtzMEEpEmbgs79Tzy9U2kRIDV7CL95
 ttDmvcBskGFruUsgEEqvwI/NBHh7QN6VpsR1Lz6GuF/LKP2JCrZ4QEd+vhvwr2oU
 BghBO2Qqo6vjpy02K1WYinUpdxoyeFkovXpR6BD3Y7tQFeVQP7CleVJICCeZeqyS
 lOW3iQIzBBABCAAdFiEEM9fTErlUMy8TGMhG2vXIZQnVyJgFAlqrP0oACgkQ2vXI
 ZQnVyJiWRxAAvqqyzPQlgKQX10hGqmG3xouYbigUrPXp/Px8GD12ISX+3tQbCueI
 DxOmp9vzM4gKmZ6Qwdi23154hw6DmOOtSTgpTLVrb9F+Htyv5QSkcXMM3fb4TcEP
 NeQlmqueZMYJelbwz+Euas7i6J3ZIFaGwPwu3x5QMvINYzj0X+wIKTwlxa65Cgmp
 MDI0wkZYkk25dda081xry3nz3UlVnE+YMQqOewGWWbmhVObEOAVlnC+M5fzQXdgt
 hx0mdrfYpsna/qkoAuwqB2l/v1zXWXZ9tqDOA1k4gx37Kaekgp1Rkijki8pOeKni
 cfALgejLU5eTBdGuzWjpjYfMJEYy0UOiz9mWcytm7d7UKFmeI3GdsKJ2pB8K7AmZ
 krFC0zKMOo8e0V0ZwnCVts+BEvaQjsuhac+lplHLn2jDwzundy6ZPtEHP1X0Uqdp
 lrAUMVj7yCoUBG8ylvPzS688iBhNa0Mo5gghjxKs0BPxvDu6vtl401YiW92exk1+
 V0XUDrO2V8uZN5PkLZs/9DmVj2OwM+sXPDI7puWytADCiWE7+c55GB5KDG9AllhW
 PwMIDHAL3sZe3leNdFKw64efUDyMJhiqVjrhaDfg4W9p6I/rtF20u+7f8KTs+pnM
 tGJ3Fn1xTDiEKJ2H3ql0QLsJM0SNLj539Ouq71u3qCCJ/j9IJLZw7NOJAjMEEAEI
 AB0WIQRMPD6e3S2TZSduUuoN/Vzk05JP/QUCWpyVMAAKCRAN/Vzk05JP/VCcD/wK
 pl8H1ejxjD4Y9Z2s5vJRPS2fxXtdtMWqegP9k9K/33/WqEXXspFB7kQk36TSLJu6
 FT+Y7PaQUQY2GWcvsmZdQRX2jy3SYIWuuQBoFudTSNMcZBwE98LKaSSkGI9p68M9
 Cx7ym5EYfNj5vp6wYCdOggk95I4v8tAy+2a97FAWea2TBqNOq2Yt4Du4J6hSlIfU
 aqUKH4sQ0F8oU+dGBsMxWW7EJP2rCSyQfiv1CHgRT9hnDSTXvRpWH/VkojY7d/2k
 P6ga5GN3hwi5db2rFY2wF/ZN4QFprqSpc6aRbibrGiS61aL/25JCz01Od72mwz2E
 3njK44uHSZoQamkcO9qqq1+6QrYsFegHQHEnOw5PGpGNGqs5HIfxaptwOYSLeuQL
 6TAPaYqpuwHc4FXdz1y1ZtnWXfaaAOQ+mYaasZvrPpfoEDojS3DgP7Wg+2wjtNJA
 k5xtO+bf9+7b/dhQ/rTsDCx4I7p96XAXBqDmFBlLcsDgEufGOii3EkpxjW6Xyuw/
 SnlQ4SpBorUoujLRCj3rRL3MyMXTxxGydxUbEjTbmnPO7rN2XY4L9gcStgo4t1Sc
 jT+Hsd9rPnvd9v10+UvflEIhYnlREGFYnJodk2R9DKMIBEBVK9+Oln0tH4Q6bzXG
 eHDopsKvEiZ1n59Xa9lqsfzqONiGATneIiRlsmzRnIkCMwQQAQgAHRYhBJ7tSGmo
 2iHzohr6Kc4eHKDusIDrBQJapS1mAAoJEM4eHKDusIDrL/wP/ihBvSKDk53liF3m
 yN6DLCWpCSTBjP30jxneWkQJv8Edf+jVxVOOp9XgONpksjx3mb7EbgHqWFmzu0zV
 UfXgHdKizSXZTTUuhTy6f2bcfzX0/LlRYJuY0hyG/3gNhIgWubaGPANU2RxHFpoc
 t+0STw5XBBm7Z5hIh5OeuH9LwzGR+vU5U9OI6NPzhMDgA7K3CSqZCcqara1BkNJG
 48Dj0E5aYMAdmcFroo83Q8Asxpb/Dbe7+gswuGsDxbShFxpLFqXe7LT2LP1aMrGl
 zd2IQtQ8M77wimKMZDF1KFZm5jAOmmdts7C2KTEAXOYi/OXMxj/eCN8rJQ7SpI2O
 FHusWrL66jMcUIYHIVuyaOHFs8QBqaWC7+I2GbK5DVO2M3i/m8/QFemvqsgmZZbX
 oH55O6c/TKrV+bI6cG1yOxNdmzW7mfRNuNwh88nV2pWNT1vV8ZaPT/KtgbaDop7H
 coTl1VD9QvE9m3LFyCoffou1eFM+YlEdDg1eN4DR77w+pO76zb5yjgjn1zW0d61K
 VRpSGwJv1TM7ttEgAXWxve1VAtCBD7jJXufa7wuBf8WC648Q9rqI9lWwdomWtbu1
 kC8SLobRxDngjRHt/Y677V7i1uH0CWOisP6t22uYvf+eA+bh19rWBiJAInCuXwQa
 BV6qzcOANjgAjsM9XSMYxttIiclMiQIzBBABCAAdFiEEzDhU424zJSWRT79Mt4Wy
 9/ObCB0FAlpjfVEACgkQt4Wy9/ObCB3EmQ//ZJdjAgCO9UN1jCzHxc2MNqO+hm8y
 lUoadobcgNFDXI7xgOTY88f99iv6PE8WDOcU2rPngqtjC9xgTzJMQNAWYXekF6xj
 gxpjN/Vx9osMmjHysO1sqCBr97Db8GkJlxuRsO/5ikumAwxQMryWDRi19mhVut2Q
 8ehuLYoT7PDtgUQmHHLLV0VeqRRz+zg+uzV/uMeK4q9c9ent1arkaWKHtyGMdEhv
 3jfDhKjCkevjj2NFK8LwYgI0BciSaORwkPkxsrgFb0PP1E9AL2T30Y2e2Dm+/Bvs
 OiluUi04fIfQ0iAyH5wryvWuHcgfkijPQ8o/erxrk63glZYoL3b2KWKfzuPrc2F4
 926R6lHXXNTc2Dq32jBbvLZcOaZlxtnfDVA5OyosUsPnh1PxDbUYVvwQ3DG90M1e
 he5tBUz28HPC0QDHqVuRdAhKrihZloZRXlL64wOB2FVwnHGHDQwm3zSxb1IjpdsP
 pJE7AkTOuileWjm9+hbpYrFcfsNeCUqTSOFjFml2nZryQMbYwaWHnYr1h/01MkQx
 5JCOuScQjxZbJBErIvs4ZMw6bSx9BW6JBYRg8HfoQ+PSGoLtqNDZ4wefUSOBHEtf
 JgpdGjp7rXREzAeuXYTo6U9tvhFYEvtvaGvz0u9rPMG0LF/MJZEKRBrsFOGUQowM
 EDcUmvmCXJkNJTaJAjMEEwEIAB0WIQTFm5JsvLuu0WF2I64e3w25nYt6hAUCWrGO
 OgAKCRAe3w25nYt6hGDSD/4p5gJWdiKLGA8U5Tj+qIVbn4RCIRJRZFtRrXwwtcM5
 N6RWWqVeTqpWFbpyOdVsvvolIjPtv85SFNREzOSQ/J5HVRAwbmgun6hleaWrFoJA
 YlglWLiWt+gx7ARhUHgao20QOIknk+gI6LIbMbU+hxRtK4szaDrJVQjvZ0laEkqy
 tlJKL4PVXJsHJ8JrZlxAr6q6E/8JoYmxVx0X6L615ORpLVK1G3SkAd4/hjEMsl7v
 mcHqniDFQfoCn6rt4NrvDgWnyVQwmUPkz+YSN7DIkXjrs82spV7qccRRJK0zijWD
 sJ5XaXXdybKOHbAwXJ0I625bf5vM1swJz9FlllBlkor9+1NrZCJAIWB/pnYL8BMi
 C3mfjzGbZe1MdDCdIpPbN0C2xNKMonVyr9znAQQI1jlh2WUkEOlm/Z6ksTOooQIx
 5Auw0Fra93e+cqapvyxSiODotpIClj1xuaJX8+2ZI8n7Us4DxVjWaUNeou9vrDjq
 RGNNeOSzw216RAuUJRiaykIC6nR51wSJU+NjPvcpzkKmkj2flQeygTsOdlwIcBW9
 fMpDD4PDiGVDgxS6bzENDwILw+1iLZZy6evaotQoiPPucb6t3VImw6uEjozmMn8f
 rKjfW6TT70NrWX5GHxj0UAC+fsxtm/p+Qbopes+SsfIVRDwypgwnFQ2s/eF8V5CG
 f4kCMwQTAQgAHRYhBPFNpZ21ZX1vSx6MHSPyK/O8drqJBQJasY9SAAoJECPyK/O8
 drqJ1u0P/irt0WUhKBHcYuGV8bp1QipW7uigU7EqpF2uV0duc2+PwY6c/CTFGzKc
 o7RXdN5qm9IbDW5E4c+gmRSp3MIruvtt8GMHvGX7WxqiJWHT+4sjJL94ykr/1AOZ
 dbiJ956gEZ8G6I8cyn0HwfQXxiLCK2GVipIe90Ymo/F9Zc0lY9BEvpDvTJb1jlGm
 d9Ch5QO6xpsptzMXBxMAdzSTkLLuwJpgxAyV4xK313DICq1qt6l3Jh3ISl2ZH8Qk
 +HZN5NMJKKq3tq9AtIxldBT4id1gPy/koE51bqNx9v/3CAR76y3uBksi+eOEAKle
 EpSnVsGkbUi6thAgThdaP4ege4ZbWRwpnF396Rq/upXSWzAEGgQVO2dFnEGTFWcG
 JXmzkScbCcd0azUkfQBXbN6jva85OvfvKYNTFr8yDrygAmZD33kxedEXkC2e2Ikz
 nZU3wBsflEpIwix4GiGI/Nbnv7MdIM7zc4UyUF78l9FihhF3KjuPNnJ8e/lbX7Xw
 ubqZzUFXGOdCvVk7niOhXLmGrrEp4Vikyh0VW6r0wfYiUVAVEs6APlOmFbJR1ac2
 rPhYHfrrgPPRziOtYSyS+kdWf9A8F06Tc/N/oZtJau8HOD/YeUpZc93RMeRAjwZX
 wXwIxWUp1gNB3Vh2M3aUsgOApQ6qeFa7qjrQ2oMao1a00cc4mxwJiQI7BBMBAgAl
 AhsDBQkSzAMAAh4BAheABQJYnMuuBAsJCAcEFQoJCAUWAgMBAAAKCRAS9fe0LysB
 5wTcD/4sKLBQffSBtq5gWWTq1YvwZ8QqYaqPJhUgkCaaR2UdeD+iI/3peOuDpo4c
 ub9A0i80gzZny77SL9TGk9ydenWrHLpgSXauBuJvSeMILYvbfOIRVCeI8GtkJa+n
 nBB0zLcEb7Vy9hX4fzhiVbchmb8/qaqAo1TVTWNjjOkhV7qgX5aEzuKNkZAU5jNo
 UEreRnDlM2C5eJAR2KwNkXbnMcFzPtpHVa1ix3pmb9N95qhprxJbbcZ2G56u4Okg
 SwQBwyvB+xidQ9O4hD82yJChBZUodEzE424kHnejTv/VPwLwY8Eve3nFVlkrYajR
 dCvJRa5bfzQitPXbQH6lq0il3JI5PMGUN5fvmc10zZ6ljyYGaVHonHVFMABjUiZg
 PWbK/b6RhlhzN9OGk3TgbYvYtduc4n31SYDEYi9ps9hrBiuIRgjWvv5Z5BcegdLx
 LFl7Hu1LO5WRhgTebFPRho8P0UaNty7/v0ZgXw6qi4pRyMVMM7MvfIFkhslJeXGB
 cP4CMg6NXngX37GSZPQYALnlBsI+a+AwuEBuXxv6ZorDQw5EJOqHOkXmM5U+OFPf
 pklekI0JngwDRTWpZjm/+ooqlo/XgJdX+tPxVHrsyAQF0gxS1EzS4xhAdi8eHYCb
 cFT8557iezezs4JWGEx5ZDzlQRgpDz3h9HA4A0Y2VI8dbD4u8okCPwQTAQIAKQUC
 WJxdSQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBL197Qv
 KwHnpygP/j/PVZo7pLoxb0YlQedALTHKbplbcDFz6JFPYzUWcEERgRld0+1CDp2S
 4CjOKn9Xsyxi3/TGjRtHRWITxIDndH4Tcpbn/NaV5sAX0T9BkyhtVTdPZ9swMdyR
 HKtJd+NNadSLgQqtdsLjVrHCJEmKxsUw8Bj1o09IeE8O9i8oI2+5VgHVw85nSklj
 N64ZKK/gUZpRgp01A5mGKdUZxx6//6WX+DXJb9jaoWdA+H/PQsmdPCTg8DGu23qx
 z4BRejQIUCcZVh/DjZMWo1vbeiw7wgUcQ1JLlShdqQxvD4Rlh3aAKdSm1FQwssfa
 ZR7FVBoVoh2L2P7OqE5+Bn0xFr06GYLuyr4+jPpLGZDPpb/9NzPKWleLFEmwryt0
 hgynvXvJxKFfyY6pJZfncSFzaryRIKivXE6ENe2gGQpge5xfff/41LqX1ePJbpEw
 mDWxXhdK+7oN/D+qdQWP7PTQ3yVBSIzso9ToSE3+Hk97IsrGmmSmd2UG4dn1i+mJ
 A2d89GV/A+LWjn03+uE3pd63mRsPl7zI+c1dmVyDBqckGTAXKuAgqr3OgYPTxN9W
 FrjiwiyryLL7dDAWnUGCME0W2GXUlhZUemczmeIUjHztFpGnkJAlnj499ngH+iKx
 fg+v1CQSEbGojL/fjM4ae/+TVMMg/BhVdLHTOwpDgZ3GbEHRBFNtuQINBFicXUkB
 EACjthQU6l5IgGHrq+Fs6jmpEgz5PKnlRmhs1iJHocuZfyVd56WnKoES2nz7zk3V
 A7o3dfqQGkQAVKwOS/i5SffAGYC88VssCG03ZC1RPuuYHRk3IRlPeVsak/R2Aczk
 THV6XN2r1m519ACeQ32wRo95z7McE03soPBrrfKeQRlGCYNr72dlyYz0KxVKqTe9
 RS18JauI+n0MBvK6efywl0MANSjyaDZulvB09lfNdmXCl5n1dGyvPKiPbpL4TOnv
 9jpjgoX5tu4EdPgN4hpOhMfSoQNB4X1jwciNeD7BRwupkoNZyQYzeBeyGOXXT924
 NhCC8+g8dHMnYfxc52RzP4lxx3kFrtb5FFJw2di6fkFLvGGh41GxaH9IBMZ1Ok/y
 AMVI0XzQX/tf+TuG3qN4A+3Xly8FEOVKhVIxHYhq/e80bXi7xOgXDEFxL+fYG1oL
 1yhLeO6AOYkgguvysZNb3fdFqz1kj/BRs/Fv72Q2C7x6iwGdC3TNo1a2lceRdREo
 7Ml0PPbPQX1mljNpfFpaRgpz7/8+7AJM30yGbqgVAd0ZL0jXhToZMnal8QitZqBN
 dwnaP2CRAGAaEn9vMNBcZn4llFbqu9ZaTF21G0GUYPgMhxv20k4ouK4mTysLPpN/
 GuKKhzXwXCB6JFo/Wy4e5onplvBAJvojM5YOEHOl2LrzewARAQABiQIlBBgBAgAP
 AhsMBQJYo4tEBQkCAr97AAoJEBL197QvKwHn6loP/iads9T0n0LwHE86w4Bn7LEE
 EQ4R/KeSj5W0J43XOeDs+YBdqryTQVZxhCajKvB8rsl2hjQ+T5abVejU7pcYF9lO
 ne4Ouu2nemqrnzvBAMzo+xFMWjjVR/4xnEYveYNi00eAifZs0uzNVWeKFFn8e/Ob
 ocsssR7orhUXzKtc2WDrnMSd3yN8yFCTB7ehys8QdeGLcD38ieUQ/1VYmqvwIHJP
 RgmgHg5tHamZ5UH+csekeMbhKX6fvQivYrmjxl7ouSkLGGiKktsahWpBikNNia64
 UIB0z+wUSI817+IL/eBIrzePC+Y2qDZNXhyhxQ9tFzE9oaJ4Xgfylws3WM8+GyJX
 zaLLB6XEWoXKjDgLneewIApjv1/IbrFH3N/KyVDJa3L7ExDBaFqDV5ISpKP4XUXW
 BtAogALEYQqWPm+NzVD4BjOePSg8ibRy4vI3MwctRWFne9xyveRIEvrLk3VjfySG
 82BNjxzVvuAn09ljwYlMZKFdGbswHnI5rH32GQymYE9/llZnsMclUBjchpnkUNoj
 Q8X57ZIC+A0RyZAf68g7EpZbUZqsDjGyNLpzLdY9AkC5Zc2N00L1iImEXDAREhUR
 IMVq7+ZCSmTM3tPgTcAjEohJMDb5tic+dBGZjk4jRpeXdEqmIEMsPP4tbsQUrPNF
 gNROtCZSOxKkyR09g4LOuQINBFicXe4BEACvzk0n8cJ/dYzRk8tg9vf6SDwEfUNm
 mFfgGdVfLKa18IOV3hbx4DLHOO8Ah0oobt6DRmUdlxeTvoFxOpOPwWaQYAcXYoxr
 W/j92mB469MVDZjFsNVXSTg4en9rfta/xi1FBd/BlGC+h48ueLExfAh07uWn5uA7
 oMVNWw8Dnx9UFzDmAu7SJ0NcvSVqKMCiLQnESnxtw7x34H5wfI32xjnclHCzDSLs
 Ql3ALfaz4dUEQmyvjgQaJkvaTcF1YugLRm5MOCzXpobKZNa5vpGTjCQCyqc9pznP
 lQPQovuqB5F2lEybeayZvZZag+PadE7f8LSFj8q9E4SV6E8LrtWnkok9tr7QzvC6
 Ca6IJ0bsc2w7NOaU+vFt4sAXPD/BfIzSYpuRc7vVNIZKpCb9MBz+AKfzAgxmd+gT
 EgBPKEFwbE4x8nVcnv2C9vHINxkXJC+AtRPJGNQZ9oZhwPUEGyt4gjXbiEgZjfGm
 2F/UQyY6qwpK7KUXnyJGweVlKNH+oVvu/lFYUFAg9txgOaj82ulHth40hFtmPET1
 23ARpNKYF93nvskW6fYszY5+c2/7UmMeRp3jGk8A62w3gdD9KaMPTaB9jjRrPoZF
 77Ci/qXO3K5LhWakREwHyDTr0A71Bf3raNr3wKzVuIcXKLKzAe/KVEPCzoLRcYyQ
 UeBBxAtuYMF5SQARAQABiF4EEBYIAAYFAlpfoI4ACgkQG7icBgI2dEn60AEA/tPc
 /WbDmG/d+X8XUrxFP36iFN//KtLMpqE1PvkAUpsBANS/gwKcfqqsFAIP+S85Rw5y
 +a+MU3qx6/3mRH90Q8kOiQREBBgBAgAPBQJYnF3uAhsCBQkCAikAAikJEBL197Qv
 KwHnwV0gBBkBAgAGBQJYnF3uAAoJENcq80SMwrA0mnoP/j6/TvaimIH5oPJxNDON
 z+W1juqKLZGn/1HNi0A7l6okvFl5syvEucyLo8ZwR/QeM/J68Ar02eiWR1MoMoXZ
 L55A1wbTvjE1j7oGpcZjFgGhiv1dTNmV1h3UKcAHyu3an7gD/U7HtUqECVbCxYye
 y995RwMoChtuMyYaMEAkRh3NTePdTL24LBHQgomiEAclZKPIrScS5TmuQO4wycui
 NS+WHKARWOYuQptMv/E0V5Hwi4cLbJV3pbTw6Rwane4ihwXNjmGc/XJWTYK9aEBZ
 5Z7QkvR5Z7kj1UudMYOEXYncsjb0e7ZvCysdD7ZuAI/KuvtrNc1FWNcmW8nfLy6m
 f0MDe6WYQIYhmV6/3vj63JS+QWpUEdhZ3WKxmO+xwHLm1qU5M1wvohosz0mtZ54u
 etq8B3UFl1j7d0eSgZnHSSoqzX3hdlohz++4BZ8goO6PV871rKp4u105vhxg6vhP
 0TBWHXks2CdMC/5Fmr6W0pHQjeBQUOBwHN4cqbEhxt1bomp+JMpCdIubg7YHXi8S
 ZrYEPT6TWUnEqzAtZRgXRN+nEQrwEd8MH+58w9Rdb6E33uTDMe5OyFXcn7NQI546
 65v4ZUoRYn5fIUNlCMoTTPm0P2Hh7y9To6Q05iL8bnpSXD5jPfoPoBq1fA2MPmT6
 xQzk3xD4Eaj83tetPCUKdT+xbswP/2Xeoiwy+xJlZcd7CbO+ekpIlH0tWI/b02zU
 VT/xl/g+66h0C/70R0JXOK8aqUCH/09Y4Wp6lwfjQiBsFePcTtTg7A5Embiaoz1M
 lvAaarJEf5fjl2wmtOKAskQa4jLVhVFENLqrmoHb7XuHRKOoAuJe93M/HplJwemz
 igqv0Mb7Y6EEmv1bFq7Nw8SKMEDgk5PXlvWDpKcIa0kp5LLpmEtFflUOTaYGHrEe
 6B9+ne0oeUTRJPe7/U/jkHIw7T1wQ9nw+Xu58KPlFdKcdMvqQM83+hsIdtA/4JyC
 aGzgIBZebv5dyxmmGZ1Ly+MSGilTR8Y5XV/AZh6LNfu8QtIuSR9CHTaAhxlxfAZp
 E8+7fQsLhEmXhaernLL07S3y7CVu9xOVdcuMlixNgWrnKY9/lhcEAVTN9df19phj
 ExehTu5+VIgROdnZsu/JEhMn6TcHUyeDW6YmWnkRbrFhPSd81T/gCl5cgDY4pfxe
 8ZIG6it9gqw+ji3fwI8qEkHqgbhZNCiBFp4/BXEZ0mQk8tFeYqsf4Lgb8vYB8hh7
 N/cUR+Gpsm5p/8B1/b1C3SiWPWI1XY7R+jqUMPuyXPcR+PrSJxwQfjBK1/UNUwno
 P5ADWTwA9Gh4FK22sMjR0EL1cujCQ31krMerf0gMFBxeqyj4jd531kwjfCUHHD48
 PmYrvgvBuQINBFqgQNgBEADPqgmj4AdMhHak5YXxljAYuiN6dy5+653LbyWqe+zJ
 vOuo54MFXGMwVhHFYYqDakwKBN8GsCF9DGo0jKHqLCDfYJgcTleF9PZQtjn5l80M
 dFqG/+8i+TMDh6vpe2Y9vHDu7RCYzd3+RJWUhqjE4ut+lbgqr/pLjOvItk7iUSRw
 YArS/Ax4nVRukQVtUvloNKGwECK6nr3PmOeKfJieZwaesbbBAsrtkqQ0QrRBybpX
 qJ61nSztqCyqHmmRnUANNWzjmL5ASEwaoJs3yMt7Nj4/IrKd/2P0qBpjnkcnvB3N
 HUTysH1j2nciAs7PuOnyP+m8QyDkVK+vAnO8wUcpMOSBxqGk21OapPZYAgIyH8jZ
 SdnlThzA6LyI7Kuht+5KgdDGcTHYBVzEKLXEuseokTa+CFvLjZTs+wy6KgNORahk
 niKoQITppW0l9/bh2GvNxeQaW5KHzsmGWPX0mNPFZZUEkUOvor4McQAm1u1NOdNS
 4VFoQE/m4jYpZYbaQamdY3qK0m7gmPo+VDFB+0/zrBUfWR/PA7zzioIClkOJ/LxN
 dDKaH3iPWul0kWu+C5q8xW0U6SBj963MnF+Q0l7fRxS3T7pM6+uKjAHUAoKitdjS
 A9wH7ARCYIJKogv+k6B5c7Fkw7eSV/biRV+j5ggN8TrSYpGPljyj0NJi1xWs+A/I
 ZwARAQABiQREBBgBAgAPBQJaoEDYAhsCBQkB4TOAAikJEBL197QvKwHnwV0gBBkB
 AgAGBQJaoEDYAAoJEPEyscuvExyu+3YP/09D/XesaBhnPs3xMjyTHDDinzJw6XeO
 7WySemlSDcIsKhbrRVbSNRubMTjBx/jlS4XfN0R7SgMrLwNz5s8cl4iW01ZliWx/
 /Ie3ryfPUmhnl6mWXUDSx8BPVwyGNH0nijBh0C53DfjVHxd0All+orLmGp7lopgK
 rZeO8WBbK/HFwn+PTZKr+/SubJQsmQ55G5ys4bIUVi8wenaI9jNdia05YBXxPN4x
 xDqBYIzQ28HnkivH6S6zr7b6S45gia80l7/2CSPuoNwe81nns2pzPigCKs3aFBsM
 KBX+kkSRktEjbyDslSGzXChWnwoR1Iv/XlwhQCFRk7K3MLrqsUof8q/jWqBDA+lT
 K5j81R9p6oeb7Fnh/8qNYcGvEgHfo+ZV1ihushI9a381vuYq66RNhoBwdZJliwjI
 R6Z1UWP2jXhfyAcUhxcryOzdGPbj+LmKrDXGg46wXod5wNAMA0g0JYoXruM2O2tp
 gHtCVW/R3RSD07ipubVHAW2RwCC7mhUfrUZP6WMkyhGsNas0zcRPt9v66YXc0Mcp
 ilbh3g1hcgb5H55YJyZW9IMVFWZqy3ewbI4DIyLQnrUW/yhhtlloBfEaenEEvnfo
 SWyr1o4W90lk3CjjHGqQ7sPG68lwtSxKCdrAR69cb/EtYl5hllqgeok75zOXJX6H
 kSDp3gKear1ZZucP/RdIEGmuQETA/7LzZF1gbQx/luWgXUJcmiqDDN0zlN+VrAqj
 cmWrkJACDF1gA/p7cA+mC22j1ENJLXWdOi9rNvoJxHP2Zcndc3EH/UkQJzp5KnNv
 9gedqAGrzlmaih9uSuH9Pukep5+tMJdJaXq0vPctM8iFdy+9iv8ocikBDGc/miDq
 Xg2VDypUCyOqCAlVpAGqrxVXkeSNUceVzaEAQgjC+ehXgDtzHhtkgAtTLPzarufA
 cjt2kbLFdbELR8Fefq9jGXoCoWfVQUlxLHIPRh1L+11Y6T9DAMGi94kAxWxUn1oQ
 N32UQPrN88CePPrOngZ3gv9CLGbY2Ml/XlT1o6dk209Gauy8dxjraJoXq4WQ+hHv
 JSW0qR+n9E/an/apvIbndUCOzqBTzCoIG5LqfEiLEADez7V1YICaofZpL7RW4GoY
 PbLJMnfPq6PgHtT5QZVTQO98dZeZwmekMhwB7CTLGROp//Ko/FJ9hqE8pZ+N7Nrd
 v+WN/wq9dUjmSHDEbhTTNMJwcRadla7Dhcq4Gvb3lBpoy1o+DbLsEoDuQ3vivEaP
 X64eM9LGYkeBID0zv/LWQoYwBh5kqDyfxTLeOhr6VlueGWn2jNEao9e9Sn4psiKc
 73lcyOecSPhJ1Y3WJz5pqkU88P3KoFHwuztzxx/997XGEU8vcUQSmSmerv+muQIN
 BFqgQQcBEADPVquej+jmKwI7TVFgcsNGjJG92IQr27+1soFTzIvK7KceG603+LzJ
 AqUi5gCgz9qNwCV3C83iAPMhwJlJEQiNTJpHHOLw06MgD/A1BJEv+IAgNxGJEPxM
 eBmENqzxGJBu27l4F7xfybN7jRRIy1sCyeuO+onaL9Z4ig0YMKYqMJQncA2NjZk2
 3ABB5PSMmUUxJ5ZimuLGhJ6qOUoZGsEKtMk2D3rgD6otng44ATakOHJ8cTJvfhPu
 qdJrIUeE6VslR0B61NW5wy2HfmEGyS4ZyBZZGKwxDHYMuBwIDnBf6ed9/8/V8z6R
 5J286vQzMy5DDTp9gRhvogDaX9lp+/RWAylFsZtFJquJ0GFyMkl48fA3CQ59HAXj
 Ln5//BWH3WJMQu6oJGOm2it3LwasyYT5OlbxbPyxEG3htWB5aN5iFYHKMUoGcFkG
 hxMeIOYUvLYk8Esk5v8FH74R3ar5dd39sXdSbq1ZSoFy9A/kYBTQXc/OjnXlhzDc
 EbozSPNwfyxzED52ftFG74ZiJbaKZb2cJSsJlcx+KvWLr+2DEC/VBSmYjUTvVtSW
 J2xBqomspYcHZvTk2J8T5+LUf7HoXCDMTfLQp4nvcFN5Kz7wfbbrAWmjZ4ppEYzb
 RWMY4aiNtcPTrFAwhkfSWc2gGEZgETItbncrdfRzVw4cB3EVDBlThwARAQABiQIl
 BBgBAgAPBQJaoEEHAhsMBQkB4TOAAAoJEBL197QvKwHnonEQAIY6nWM/GEp/eEd0
 gmlcUM9Cyv9m5PbARSum0CF3X5pzwbnY1ckg9ZAFUTI2og72o0SKPUgcoUvFFxZW
 V/+418ffZP6/zWDC9hOZjkgLM3R3uIVDN8HdjAC/ybf1gTQpEM0PfslsKgqomrXB
 8Lw+oqxkK8Uk0Le9zDsaFdZC/tpzGnTQouuo6B9gHTbpwHrtNTkkHqZh6t7+Jh9p
 hgVBxVgx6T1qKP4nx0x0qfAyv8dAVmp2uUxVO7tsK5pXwjT01293JKTQxLfyJI1/
 90ydtdsfVJobU8T2Tcin+EIMuaf7PfYb+7cTkCU82Sa/C2e7t8krXYN3Hk3/t7dd
 RecJSPmwhOijr5PuuGQerF47ovcH3XyyeWK7fOSqiX7jS3MIK9HaN1il18M2qZWl
 TzZQ614FZh/AwJN4uNTO2MdxHXqVSgvmp+QCYNoiyYBl4qE26L72XEVIcXxiMGlX
 wWJQI6+P0r+CjhJyY+vNdfaxy4HadD1h13KfsLNZc4+yKsxXerKZmCDIET+wFe1b
 PFsRNFfwKLjB+CCDqTpF4l03YlPwZwsghaQ8g+NZfl4qyR8NXospGuv7S7gBpsg6
 Icy08LU4uylmFHmVCPJSYXYtjkYRZMyEy8BEOiwQT2bLmePqqRS1GN5uz6ytX41E
 U9coVPCcdBfWUAxoPoOCPH/eNug4
 =00Rq
 -----END PGP PUBLIC KEY BLOCK-----
--- a/openvpn.service
+++ b/openvpn.service
@ -4,10 +4,10 @@ After=network.target
 PartOf=openvpn.target
 [Service]
-Type=forking
+Type=notify
 PrivateTmp=true
 PIDFile=/var/run/openvpn/%i.pid
-ExecStart=/usr/sbin/openvpn --daemon --askpass --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
+ExecStart=/usr/sbin/openvpn --daemon openvpn@%i --suppress-timestamps --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
 ExecReload=/sbin/killproc -p /var/run/openvpn/%i.pid -HUP /usr/sbin/openvpn
 [Install]
--- a/openvpn.spec
+++ b/openvpn.spec
@ -18,9 +18,8 @@
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 %if 0%{?suse_version} > 1210
 %define with_systemd 1
 %else
@ -29,26 +28,20 @@
 %if ! %{defined _rundir}
 %define _rundir %{_localstatedir}/run
 %endif
 Name:           openvpn
-Url:            http://openvpn.net/
+Version:        2.4.6
 %if %{with_systemd}
 %{?systemd_requires}
 %else
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
 Version:        2.4.3
 Release:        0
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
-License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
+License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
 Group:          Productivity/Networking/Security
 Url:            http://openvpn.net/
 Source:         https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz
 Source1:        https://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.xz.asc
 Source2:        %{name}.init
 Source6:        %{name}.sysconfig
 Source3:        %{name}.README.SUSE
 Source4:        client-netconfig.up
 Source5:        client-netconfig.down
 Source6:        %{name}.sysconfig
 Source7:        %{name}.keyring
 Source8:        %{name}.service
 Source9:        %{name}.target
@ -59,23 +52,27 @@ Patch6:         %{name}-fips140-2.3.2.patch
 Patch7:         openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
 Patch8:         openvpn-2.3.x-fixed-multiple-low-severity-issues.patch
 Patch9:         0001-preform-deferred-authentication-in-the-background.patch
 Patch10:        0002-Fix-bounds-check-in-read_key.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  iproute2
 BuildRequires:  libselinux-devel
 BuildRequires:  lzo-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  pkcs11-helper-devel >= 1.11
 BuildRequires:  xz
 Requires:       iproute2
 Requires:       pkcs11-helper >= 1.11
 %if %{with_systemd}
 %{?systemd_requires}
 %else
 PreReq:         %fillup_prereq
 PreReq:         %insserv_prereq
 %endif
 %if %{with_systemd}
 BuildRequires:  systemd
 %endif
 BuildRequires:  libselinux-devel
 BuildRequires:  pkcs11-helper-devel >= 1.11
 Requires:       pkcs11-helper >= 1.11
 %if %{with_systemd}
 BuildRequires:  systemd-devel
 %endif
 Requires:       iproute2
 BuildRequires:  xz
 %description
 OpenVPN is a full-featured SSL VPN solution which can accommodate a wide
@ -141,13 +138,12 @@ Requires:       %{name} = %{version}
 This package provides the header file to build external plugins.
 %prep
-%setup -q -n %{name}-%{version}
+%setup -q
-%patch1 -p0
+%patch1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
    -i src/openvpn/options.c
@ -166,8 +162,7 @@ export LDFLAGS
 %configure \
 	--enable-iproute2		\
 	--enable-x509-alt-username	\
-	--enable-password-save		\
+	--enable-pkcs11			\
 	--enable-pkcs11 \
 %if %{with_systemd}
 	--enable-systemd		\
 %endif
@ -176,10 +171,10 @@ export LDFLAGS
 	--enable-plugin-auth-pam	\
 	CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS"	\
 	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins"
-make %{_smp_mflags}
+make %{?_smp_mflags}
 %install
-make DESTDIR=$RPM_BUILD_ROOT install
+%make_install
 find %{buildroot} -type f -name "*.la" -delete -print
 mkdir -p %{buildroot}/%{_sysconfdir}/openvpn
 mkdir -p %{buildroot}/%{_rundir}/openvpn
@ -212,11 +207,13 @@ rm -rf %{buildroot}%{_datadir}/doc/{OpenVPN,%{name}}
 find sample -name .gitignore | xargs rm -f
 %pre
 %if %{with_systemd}
 %service_add_pre %{name}.target
 %endif
 %post
 %if %{with_systemd}
-systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 %service_add_post %{name}.target
 # try to migrate openvpn.service autostart to openvpn@<CONF>.service
 if test ${FIRST_ARG:-$1} -ge 1 -a \
@ -271,8 +268,8 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
 %endif
 %files
-%defattr(-,root,root)
+%license COPYING
-%doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README
+%doc AUTHORS COPYRIGHT.GPL ChangeLog PORTS README
 %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root}
 %doc README.*
 %doc contrib
@ -280,7 +277,7 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
 %doc sample/sample-keys
 %doc sample/sample-scripts
 %doc doc/management-notes.txt
-%doc %{_mandir}/man8/openvpn.8.gz
+%{_mandir}/man8/openvpn.8%{?ext_man}
 %config(noreplace) %{_sysconfdir}/openvpn/
 %if %{with_systemd}
 %dir %{_tmpfilesdir}
@ -297,19 +294,16 @@ rm -f %{_sysconfdir}/sysconfig/openvpn || :
 %{_sbindir}/openvpn
 %files down-root-plugin
 %defattr(-,root,root)
 %dir %{_libdir}/%{name}
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so
 %files auth-pam-plugin
 %defattr(-,root,root)
 %dir %{_libdir}/%{name}
 %dir %{_libdir}/%{name}/plugins
 %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so
 %files devel
 %defattr(-,root,root)
 %{_includedir}/%{name}-plugin.h
 %{_includedir}/%{name}-msg.h