commit libcares2.5898 for openSUSE:13.2:Update

Hello community, here is the log from the commit of package libcares2.5898 for openSUSE:13.2:Update checked in at 2016-12-01 11:43:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/libcares2.5898 (Old) and /work/SRC/openSUSE:13.2:Update/.libcares2.5898.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libcares2.5898" Changes: -------- New Changes file: --- /dev/null 2016-10-27 01:54:32.792041256 +0200 +++ /work/SRC/openSUSE:13.2:Update/.libcares2.5898.new/libcares2.changes 2016-12-01 11:43:27.000000000 +0100 @@ -0,0 +1,224 @@ +------------------------------------------------------------------- +Mon Nov 21 08:37:47 UTC 2016 - tchvatal@suse.com + +- Add patch to fix CVE-2016-5180 bnc#1007728: + * c-ares-CVE-2016-5180.patch + +------------------------------------------------------------------- +Thu May 15 12:07:42 UTC 2014 - tchvatal@suse.com + +- Version bump to 1.10.0: + * Various small updates all around + * Cleanup of automake to build with latest tools + * For more see CHANGES +- Remove upstreamed patches: + * cares-autotools.diff +- Remove patch that needs quite work and was never acceted upstream: + * 0001-cares-1.9.1-add-symbol-versioning-support.patch +- Added patches: + * 0001-Use-RPM-compiler-options.patch + +------------------------------------------------------------------- +Fri May 3 07:12:14 UTC 2013 - mvyskocil@suse.com + +- Use the genuine upstream tarball +- Verify tarball using gpg-offline + +------------------------------------------------------------------- +Thu May 2 13:24:49 UTC 2013 - jengelh@inai.de + +- Get rid of outdated autotools construct to fix build with + new automake-1.13 + +------------------------------------------------------------------- +Sun Jan 6 21:14:16 UTC 2013 - p.drouand@gmail.com + +- Update to 1.9.1 version: + * include the ares_parse_soa_reply.* files in the tarball +- Removed patches (fixed and merged on upstream release) + * 0001-ares_destroy.c-fix-segfault-in-ares_destroy_options.patch + * 0002-ares_getnameinfo-fix-random-results-with-c-ares-1.7..patch + * 0003-ares_init.c-fix-segfault-triggered-in-ares_init_opti.patch +- Updated and versionned patchs for upstream release: + * 0001-add-symbol-versioning-support.patch + * cares-ocloexec.patch +------------------------------------------------------------------- +Fri Feb 3 20:27:55 UTC 2012 - crrodriguez@opensuse.org + +- Fix license +- provide symbol versioning support +- fix -debuginfo packages + +------------------------------------------------------------------- +Tue Nov 15 09:16:32 UTC 2011 - jengelh@medozas.de + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) + +------------------------------------------------------------------- +Mon Nov 14 23:42:39 UTC 2011 - crrodriguez@opensuse.org + +- Open all fds with O_CLOEXEC. + +------------------------------------------------------------------- +Mon Oct 17 03:29:31 UTC 2011 - crrodriguez@opensuse.org + +- Cherry-pick 3 patches from HEAD + * ares_destroy.c: fix segfault in ares_destroy_options() + * ares_getnameinfo: fix random results, memory corruption + * ares_init.c: fix segfault triggered in ares_init_options() + upon previous failure of init_by_defaults() + +------------------------------------------------------------------- +Wed Aug 17 21:17:44 UTC 2011 - crrodriguez@opensuse.org + +- Update to version 1.7.4 +* Drop obsolete patch +* detection of semicolon comments in resolv.conf +* fixed ares_parse_*_reply memory leaks +* only fall back to AF_INET searches when looking for AF_UNSPEC addresses + +------------------------------------------------------------------- +Sat Mar 19 21:16:09 UTC 2011 - crrodriguez@opensuse.org + +- fix NULL ptr dereference + + +------------------------------------------------------------------- +Mon Dec 13 16:17:56 UTC 2010 - cristian.rodriguez@opensuse.org + +- c-ares version 1.7.4 + * local-bind: Support binding to local interface/IPs, see + ares_set_local_ip4, ares_set_local_ip6, ares_set_local_dev + + * memory leak in ares_getnameinfo + * add missing break that caused get_ares_servers to fail + * ares_parse_a_reply: fix CNAME response parsing + * init_by_options: don't copy an empty sortlist + * Replaced uint32_t with unsigned int to fix broken builds + on a couple of platforms + * Fix lookup with HOSTALIASES set + * adig: fix NAPTR parsing + * compiler warning cleanups + +------------------------------------------------------------------- +Fri Oct 29 16:51:25 UTC 2010 - cristian.rodriguez@opensuse.org + +- Fix aliasing warning in gcc +- Add missing break that caused get_ares_servers to fail + +------------------------------------------------------------------- +Sun Jul 25 19:02:16 UTC 2010 - cristian.rodriguez@opensuse.org + +- update to version 1.7.3 + * ares_init: Last, not first instance of domain or search should win + * Added ares_parse_mx_reply() + * Fix memory leak + +------------------------------------------------------------------- +Sat Apr 24 11:38:19 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Wed Mar 24 18:26:05 UTC 2010 - crrodriguez@opensuse.org + +- update to version 1.7.1, includes IPV6 nameservers support + +------------------------------------------------------------------- +Wed Mar 10 14:25:32 UTC 2010 - crrodriguez@opensuse.org + +- remove invalid configure options + +------------------------------------------------------------------- +Mon Feb 22 21:53:18 UTC 2010 - crrodriguez@opensuse.org + +- fix build +- update to version 1.7.0, see RELEASE_NOTES for detail + +------------------------------------------------------------------- +Mon Feb 1 11:14:59 UTC 2010 - jengelh@medozas.de + +- package baselibs.conf + +------------------------------------------------------------------- +Wed Sep 30 20:54:42 UTC 2009 - crrodriguez@opensuse.org + +- add gcc visibility support + +------------------------------------------------------------------- +Mon Jan 5 21:03:53 CET 2009 - crrodriguez@suse.de + +- update to version 1.6.0 + * Added support for the glibc "rotate" resolv.conf option (or ARES_OPT_ROTATE) + * Added ares_gethostbyname_file() + * Added ares_dup() + * Added ares_set_socket_callback() + * improved configure detection of several functions + * improved source code portability + * adig supports a regular numerical dotted IP address for the -s option + * handling of EINPROGRESS for UDP connects + * ares_parse_ptr_reply() would cause a buffer to shrink instead of expand if a + reply contained 8 or more records + * buildconf works on OS X + + +------------------------------------------------------------------- +Wed Sep 3 16:37:43 CEST 2008 - crrodriguez@suse.de + +- update to c-ares 1.5.3 final + * address an issue in which a response could be sent back to the + source port of a client from a different address than the request was made to. + This is one form of a DNS cache poisoning attack. + Only necessary on UDP sockets as they are connection-less, TCP + is unaffected. + + +------------------------------------------------------------------- +Sat Aug 9 23:56:49 CEST 2008 - crrodriguez@suse.de + +- update to c-ares 1.5.3+20080809 + * users found that the second and subsequent DNS lookups from + fresh processes using c-ares to resolve the same + address would randomly cause the process to never see a reply. + +------------------------------------------------------------------- +Sun Jun 15 20:44:19 CEST 2008 - crrodriguez@suse.de + +- update to version 1.5.2 final + * code refactoring in ares_gethostbyaddr + * improved checking of /dev/urandom in configure script + * new sample application, acountry + * improved MSVC6 dsp files + * adig sample application supports NAPTR records + * improved file seeding randomizer + * improved parsing of resolver configuration files + * updated configure script to remove autoconf 2.62 warnings + * use monotonic time source if available + * return all PTR-records when doing reverse lookups ++++ 27 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.libcares2.5898.new/libcares2.changes New: ---- 0001-Use-RPM-compiler-options.patch baselibs.conf c-ares-1.10.0.tar.gz c-ares-1.10.0.tar.gz.asc c-ares-CVE-2016-5180.patch cares-1.9.1-ocloexec.patch libcares2.changes libcares2.keyring libcares2.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcares2.spec ++++++ # # spec file for package libcares2 # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define pkg_name c-ares Name: libcares2 Version: 1.10.0 Release: 0 Summary: Library for asynchronous name resolves License: MIT Group: Development/Libraries/C and C++ Url: http://c-ares.haxx.se/ Source0: http://c-ares.haxx.se/download/%{pkg_name}-%{version}.tar.gz Source1: http://c-ares.haxx.se/download/%{pkg_name}-%{version}.tar.gz.asc Source3: libcares2.keyring Source4: baselibs.conf Patch0: cares-1.9.1-ocloexec.patch Patch1: 0001-Use-RPM-compiler-options.patch Patch2: c-ares-CVE-2016-5180.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gpg-offline BuildRequires: libtool BuildRequires: pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build %description c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. %package -n libcares-devel Summary: Library for asynchronous name resolves Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Requires: glibc-devel %description -n libcares-devel c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT. %prep %setup -q -n %{pkg_name}-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 # Remove bogus cflags checking sed -i -e '/XC_CHECK_BUILD_FLAGS/d' configure.ac sed -i -e '/XC_CHECK_USER_FLAGS/d' m4/xc-cc-check.m4 %build autoreconf -fiv %configure \ --enable-symbol-hiding \ --enable-nonblocking \ --enable-shared \ --disable-static \ --with-pic make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install %{?_smp_mflags} find %{buildroot} -type f -name "*.la" -delete -print %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root) %{_libdir}/libcares.so.2* %files -n libcares-devel %defattr(-,root,root) %{_libdir}/libcares.so %{_includedir}/*.h %{_mandir}/man3/ares_* %{_libdir}/pkgconfig/libcares.pc %changelog ++++++ 0001-Use-RPM-compiler-options.patch ++++++

From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 10 Apr 2013 12:32:44 -0400 Subject: [PATCH] Use RPM compiler options

--- m4/cares-compilers.m4 | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4 index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644 --- a/m4/cares-compilers.m4 +++ b/m4/cares-compilers.m4 @@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [ gccvhi=`echo $gccver | cut -d . -f1` gccvlo=`echo $gccver | cut -d . -f2` compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` - flags_dbg_all="-g -g0 -g1 -g2 -g3" - flags_dbg_all="$flags_dbg_all -ggdb" - flags_dbg_all="$flags_dbg_all -gstabs" - flags_dbg_all="$flags_dbg_all -gstabs+" - flags_dbg_all="$flags_dbg_all -gcoff" - flags_dbg_all="$flags_dbg_all -gxcoff" - flags_dbg_all="$flags_dbg_all -gdwarf-2" - flags_dbg_all="$flags_dbg_all -gvms" - flags_dbg_yes="-g" - flags_dbg_off="-g0" - flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" - flags_opt_yes="-O2" - flags_opt_off="-O0" + flags_dbg_all="" + flags_dbg_yes="" + flags_dbg_off="" + flags_opt_all="" + flags_opt_yes="" + flags_opt_off="" CURL_CHECK_DEF([_WIN32], [], [silent]) else AC_MSG_RESULT([no]) -- 1.8.1.4 ++++++ baselibs.conf ++++++ libcares2 ++++++ c-ares-CVE-2016-5180.patch ++++++

From 65c71be1cbe587f290432bef2f669ee6cb8ac137 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 23 Sep 2016 14:44:11 +0200 Subject: [PATCH] ares_create_query: avoid single-byte buffer overwrite

... when the name ends with an escaped dot. CVE-2016-5180 Bug: https://c-ares.haxx.se/adv_20160929.html --- ares_create_query.c | 84 +++++++++++++++++++++++++---------------------------- 1 file changed, 39 insertions(+), 45 deletions(-) Index: c-ares-1.10.0/ares_create_query.c =================================================================== --- c-ares-1.10.0.orig/ares_create_query.c +++ c-ares-1.10.0/ares_create_query.c @@ -85,57 +85,31 @@ */ int ares_create_query(const char *name, int dnsclass, int type, - unsigned short id, int rd, unsigned char **buf, - int *buflen, int max_udp_size) + unsigned short id, int rd, unsigned char **bufp, + int *buflenp, int max_udp_size) { - int len; + size_t len; unsigned char *q; const char *p; + size_t buflen; + unsigned char *buf; /* Set our results early, in case we bail out early with an error. */ - *buflen = 0; - *buf = NULL; + *buflenp = 0; + *bufp = NULL; - /* Compute the length of the encoded name so we can check buflen. - * Start counting at 1 for the zero-length label at the end. */ - len = 1; - for (p = name; *p; p++) - { - if (*p == '\\' && *(p + 1) != 0) - p++; - len++; - } - /* If there are n periods in the name, there are n + 1 labels, and - * thus n + 1 length fields, unless the name is empty or ends with a - * period. So add 1 unless name is empty or ends with a period. + /* Allocate a memory area for the maximum size this packet might need. +2 + * is for the length byte and zero termination if no dots or ecscaping is + * used. */ - if (*name && *(p - 1) != '.') - len++; - - /* Immediately reject names that are longer than the maximum of 255 - * bytes that's specified in RFC 1035 ("To simplify implementations, - * the total length of a domain name (i.e., label octets and label - * length octets) is restricted to 255 octets or less."). We aren't - * doing this just to be a stickler about RFCs. For names that are - * too long, 'dnscache' closes its TCP connection to us immediately - * (when using TCP) and ignores the request when using UDP, and - * BIND's named returns ServFail (TCP or UDP). Sending a request - * that we know will cause 'dnscache' to close the TCP connection is - * painful, since that makes any other outstanding requests on that - * connection fail. And sending a UDP request that we know - * 'dnscache' will ignore is bad because resources will be tied up - * until we time-out the request. - */ - if (len > MAXCDNAME) - return ARES_EBADNAME; - - *buflen = len + HFIXEDSZ + QFIXEDSZ + (max_udp_size ? EDNSFIXEDSZ : 0); - *buf = malloc(*buflen); - if (!*buf) - return ARES_ENOMEM; + len = strlen(name) + 2 + HFIXEDSZ + QFIXEDSZ + + (max_udp_size ? EDNSFIXEDSZ : 0); + buf = malloc(len); + if (!buf) + return ARES_ENOMEM; /* Set up the header. */ - q = *buf; + q = buf; memset(q, 0, HFIXEDSZ); DNS_HEADER_SET_QID(q, id); DNS_HEADER_SET_OPCODE(q, QUERY); @@ -159,8 +133,10 @@ int ares_create_query(const char *name, q += HFIXEDSZ; while (*name) { - if (*name == '.') + if (*name == '.') { + free (buf); return ARES_EBADNAME; + } /* Count the number of bytes in this label. */ len = 0; @@ -170,8 +146,10 @@ int ares_create_query(const char *name, p++; len++; } - if (len > MAXLABEL) + if (len > MAXLABEL) { + free (buf); return ARES_EBADNAME; + } /* Encode the length and copy the data. */ *q++ = (unsigned char)len; @@ -195,14 +173,30 @@ int ares_create_query(const char *name, DNS_QUESTION_SET_TYPE(q, type); DNS_QUESTION_SET_CLASS(q, dnsclass); + q += QFIXEDSZ; if (max_udp_size) { - q += QFIXEDSZ; memset(q, 0, EDNSFIXEDSZ); q++; DNS_RR_SET_TYPE(q, T_OPT); DNS_RR_SET_CLASS(q, max_udp_size); + q += (EDNSFIXEDSZ-1); } + buflen = (q - buf); + + /* Reject names that are longer than the maximum of 255 bytes that's + * specified in RFC 1035 ("To simplify implementations, the total length of + * a domain name (i.e., label octets and label length octets) is restricted + * to 255 octets or less."). */ + if (buflen > (MAXCDNAME + HFIXEDSZ + QFIXEDSZ + + (max_udp_size ? EDNSFIXEDSZ : 0))) { + free (buf); + return ARES_EBADNAME; + } + + /* we know this fits in an int at this point */ + *buflenp = (int) buflen; + *bufp = buf; return ARES_SUCCESS; } ++++++ cares-1.9.1-ocloexec.patch ++++++ diff --git a/ares_gethostbyaddr.c b/ares_gethostbyaddr.c index 4b4c8a7..6896a91 100644 --- a/ares_gethostbyaddr.c +++ b/ares_gethostbyaddr.c @@ -222,7 +222,7 @@ static int file_lookup(struct ares_addr *addr, struct hostent **host) return ARES_ENOTFOUND; #endif - fp = fopen(PATH_HOSTS, "r"); + fp = fopen(PATH_HOSTS, "re"); if (!fp) { error = ERRNO; diff --git a/ares_gethostbyname.c b/ares_gethostbyname.c index 4869402..bfc54b6 100644 --- a/ares_gethostbyname.c +++ b/ares_gethostbyname.c @@ -380,7 +380,7 @@ static int file_lookup(const char *name, int family, struct hostent **host) return ARES_ENOTFOUND; #endif - fp = fopen(PATH_HOSTS, "r"); + fp = fopen(PATH_HOSTS, "re"); if (!fp) { error = ERRNO; diff --git a/ares_init.c b/ares_init.c index 0c1d545..b9b9508 100644 --- a/ares_init.c +++ b/ares_init.c @@ -1173,7 +1173,7 @@ if (ARES_CONFIG_CHECK(channel)) return ARES_SUCCESS; - fp = fopen(PATH_RESOLV_CONF, "r"); + fp = fopen(PATH_RESOLV_CONF, "re"); if (fp) { while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS) { @@ -1215,7 +1215,7 @@ if ((status == ARES_EOF) && (!channel->lookups)) { /* Many systems (Solaris, Linux, BSD's) use nsswitch.conf */ - fp = fopen("/etc/nsswitch.conf", "r"); + fp = fopen("/etc/nsswitch.conf", "re"); if (fp) { while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS) @@ -1245,7 +1245,7 @@ if ((status == ARES_EOF) && (!channel->lookups)) { /* Linux / GNU libc 2.x and possibly others have host.conf */ - fp = fopen("/etc/host.conf", "r"); + fp = fopen("/etc/host.conf", "re"); if (fp) { while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS) @@ -1275,7 +1275,7 @@ if ((status == ARES_EOF) && (!channel->lookups)) { /* Tru64 uses /etc/svc.conf */ - fp = fopen("/etc/svc.conf", "r"); + fp = fopen("/etc/svc.conf", "re"); if (fp) { while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS) @@ -1908,7 +1908,7 @@ } #else /* !WIN32 */ #ifdef RANDOM_FILE - FILE *f = fopen(RANDOM_FILE, "rb"); + FILE *f = fopen(RANDOM_FILE, "rbe"); if(f) { counter = aresx_uztosi(fread(key, 1, key_data_len, f)); fclose(f); diff --git a/ares_process.c b/ares_process.c index 5de1ae6..1b85640 100644 --- a/ares_process.c +++ b/ares_process.c @@ -877,7 +877,7 @@ setsocknonblock(s, TRUE); -#if defined(FD_CLOEXEC) && !defined(MSDOS) +#if !defined(SOCK_CLOEXEC) && defined(FD_CLOEXEC) && !defined(MSDOS) /* Configure the socket fd as close-on-exec. */ if (fcntl(s, F_SETFD, FD_CLOEXEC) == -1) return -1; @@ -964,7 +964,7 @@ } /* Acquire a socket. */ - s = socket(server->addr.family, SOCK_STREAM, 0); + s = socket(server->addr.family, SOCK_STREAM | SOCK_CLOEXEC, 0); if (s == ARES_SOCKET_BAD) return -1; @@ -1056,7 +1056,7 @@ } /* Acquire a socket. */ - s = socket(server->addr.family, SOCK_DGRAM, 0); + s = socket(server->addr.family, SOCK_DGRAM | SOCK_CLOEXEC, 0); if (s == ARES_SOCKET_BAD) return -1; diff --git a/ares_search.c b/ares_search.c index 1877c19..387a16f 100644 --- a/ares_search.c +++ b/ares_search.c @@ -256,7 +256,7 @@ static int single_domain(ares_channel channel, const char *name, char **s) hostaliases = getenv("HOSTALIASES"); if (hostaliases) { - fp = fopen(hostaliases, "r"); + fp = fopen(hostaliases, "re"); if (fp) { while ((status = ares__read_line(fp, &line, &linesize)) ++++++ libcares2.keyring ++++++ pub 1024D/279D5C91 2003-04-28 uid Daniel Stenberg (Haxx) sub 1024g/B70B3510 2003-04-28 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV 0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iFkEExECABkFAj6tnnoECwcD AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAn1gK6Q0qUTHwYJBAhIDmrRi0 ebfDAJ4qDSHd6UU2MEkkFCgGfYgEBXKbb7kBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz 7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfx =yTQx -----END PGP PUBLIC KEY BLOCK-----