libgnutls-devel-3.6.7-lp151.2.24.1<>,_㸋/=„PLuj֙{/WS5rX9(ϺI8|jaAbb>79oh_RPzԋuT@A@4dabԴ"q29]O?@KƗn::7Ҟva3+ l兣ҋO o†&-߷$frMYӕ]s!Nih\33JD k17VV% =V+<ɘHe͟Ӓ= N?ڮVڍ;iۘZT>B0? d % N  J ( ; m tZ|ʈ(%8,E9@E:TE>?FGHI XY\]#^ bcsdef l u v,wڐxyzClibgnutls-devel3.6.7lp151.2.24.1Development package for the GnuTLS C APIFiles needed for software development using gnutls._build84k openSUSE Leap 15.1openSUSELGPL-2.1-or-laterhttp://bugs.opensuse.orgDevelopment/Libraries/C and C++https://www.gnutls.org/linuxi586 ALL_ARGS=(--info-dir=/usr/share/info /usr/share/info/gnutls.info.gz) if test -x /sbin/install-info ; then /sbin/install-info "${ALL_ARGS[@]}" || : fi ; test -n "$FIRST_ARG" || FIRST_ARG=$1 if test -x /sbin/install-info ; then if [ "$FIRST_ARG" = 0 ]; then /sbin/install-info --quiet --delete --info-dir=/usr/share/info /usr/share/info/gnutls.info.gz || : fi ; fi ;f-$& ':Q?d  @| cEZ $l!7@@H%M#boi;wbC*<"  1"DKa@=742523$dI&g DL4}}Sbt$6O)s$oy*XQQ$1tu8(v iCF 5QT*N#O*xL?Fo]^{|5nG)v7c]<qsWWO^C^[dBHq='@3" uPDONj"_I6c=617U-VYaozjT5-PA S9*Ss'Q+qW'o@6_3wD^Aau=vZTu5PwGBM+W+X$bBv,$=;:K+H.}bH5~9*Z8I"%)s\"G_  k^<GljFm ifQePP%t /['`;`o%6W" OVAc V -{i%1/#r7$h\@eh_VI_.OOe#qxLPhb;]3UR7_6N$J_/g]#bOb:A5~CsP2Ox%?> 0-f[*|~L"8,. =ih9*b=!u|d|kP:.R(\z=m>~#xvE(YSW^' oN S7 f(R9,(B. 23.o)=obcY,o:$*+'Z0F2B&%%$/*JB# #UD%T\D~aJY^fnR@bHvmiU"}Am bcAQs@ofL${rA큤AA큤A큤___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________3e67342ab9cd25553ecc9d415d40e75c081408f4d4cc5a7653a9b4de24b4403e393c0f0491cfac06a1b3c0be312dff31b0a0d13de20d2ff043370fcfdb0e4f4331885861a6a1db09b12c9376495deb640417a5f6465bae3b317641c6daee44f46dbd58c791ff073ec387d54c3fe5d8df767547ac9de4116a83ef24d764d43b8625bc717fff3c90ec0693398ffe61e1eda61404c080511e62953c1254f55ed7261f66d8dde8d7651c59d38fb5c341f6a2fd59cf525d768bc57347d5cf22e8305fc54f5e3e75e0318a1ee0487551e27a2f5ba251c22cc24c6286cce1ad3449ba6ae674fcc66dd15ce4e7cfa678e28c64c2a2b8ceae6e23e8ba517927c9d779230eea3dc720c96359c4d9953e142bea67514eddfd15c79dd5fdc1ccfdb8229042967a988dc53ee0be2490a8fe36a86ad1af1a71cecf4c41f4a54a4fc9e541cc106743c727c2ce85fdd599fec5b4945ceb208905ca2c89851e3d6c0f9653a468e804170d3a51dca15f272dd4217e417b801dda9ef45f02be4d6d8067bbc507086ccc6a97fb76196be05ae2a629d9a640025eca6b2a988e7bad1748f7743bfd4219be66ff500b44b3f4e1c1a88f4c6823ba998cd31de8e54203ae09c2d9d71947c60a62ede974120630b4635aceb15ba85887ff39c4ffcc0af77f82cd542ce8737bbc79cd64d808ae4c7412b5bf0ce1d97e6eac0f5fd84fe66df31076a1b1ea4e84f10951b765185a57b8db63c0f8652c3b365220b37f4ada2e7251a2c2a0e993a10fd81e95b04a44c42ef7c21032b1ab233286ed80d5ea37f130575c5cf7a498d579322703c511560119ecfc58fb3526700f249a0bc14238a007e2de6511997b9aeb96190117e20a73f657a6a49de4911a8cb962f5674510772e0213997f79f79caf06667d98847a2e125fa9031268f0d4cc831fcc1bb0e5168449b901c41568df83256fc598d83f1b64c0cd17bbc58c7a5fa91d08eee7e7778935f475e2975ea5307775fe7db9f7aa86c70467a7bc139699d2564a9194c60b4cd477208aae100b516595f93074551ddd3fea9bad64f8f8f65cf0aeea93105b34e71dd8e0d2f845982fe21adccdba673e47b126ac659b90e9eacebd2618df31b8da7cdbd5bd74f8641a98347cfbc1df0092c5acf404a46b452794d6314988af79093bfffaed4ac57e5e3817e5e61792201dccc9b26e15907f1b5f151533e71c222abd68ac4d30eaee92ded9a12a068daa9dc5c266a3c8d98215a908a32b131d5c5fea84e767b9288b255856ea9097ea4cd91f1f4592def953540afdf78d67d590608bb5647dc7dc48b5cf2c652e1c0e84955e2b6055f2b786613637a73d5f7c1bdcc8898d3f2fdb9068fcd9dd8a3be07c6af5a7e5bdf5375bb275e3492e9fc8ecaa4ec463627c2d8c4759da0963b5cd5b322e1d781384d1e5e204d7173d0ccce7ada7624cc7d934f9bfb8e36975d54aed08c5d4d8e38060e71cf88472118f351941a80320fc8fd26f3bcb227fbe033e0611ba2f2d5da7c1275334fcb994035e80ac6918260321135215ca9bccdabc25668c2a25b26f0bf584edd004e8184ca003faafcb347c865f6cf9794cbf48c933858af0c814000890f567990ab59880ec426d9a98f2306ec8707602eacd37f60767b99a37e48c502558fbb73d9ce11896a8f3bfbaf644c407e29224268008e71272f11c91afb8c2430853eafcc384a9086e1b55314becfd872fd2b3c99909c49ec9a29d0656c65fc96b491357faf03c5c15abe40b7a8d3970a690beb45b940a9b90cd00d6695664667024d17e5eb3de764730668b89d6b53dfa0789b3a3a4a129b5da7e708f5a4f9e0052987bce55bb28cc12587cc49d14c453674cbf3e7b4109bc94177c7c3b57922d23987175d29d71b33dd6108e3a4d049a7429ce1051ab72e6634841727da48bb2f73b45c3063fa2490480341de92139353b3c425c8916f76a8d91b3d35110dabfa19a7d21e2c452eaba4278818dac7dbdd7c279f5d65a7ad6e8d302f21687e36781efcf303d170f15c2e233108b1e52dd067194e93871006f6fd989c6ef7f6490854a4b664fe55dc5dd28b13ae7f3c2dc67bea03002c2fce84e129128f38e8bc52813b8ae2eba04dca0cfbe82c65b7900f8903814b72bddfde01d0b4883f9288fe55829acda89653217a9024c3df18138a0e67b6e74ae2e4af12985bcbb0e07c7fbf38342be9b0a5e4192440f703f6349b325a8f764db03f26a26a4d386ec36ec6d8a8c88045100f4f975d8c2dbe3ece5a3fcc65c4f0954b8474753463d0c74b62180c8796b4f0760048dc153a2026c430c7c67f74b68103b066759b894c3e62f83203d125f83f8b4a6f30a8939a776ddabc43c84f955d142c35d3ecacdad5d26426bfa29c9d4b92167ffdf2c3b16ffb888616d91d935e4b1c6fa088f1b2e48ca9cce03927ca176ce6ec937483a3fb2a7bdf660b546e445af4b8aa8a242ae1b316dd4abf17e1475ce7af2b64ea59b66deb8d4c0b705140df77b53be04294d2a37c89f1e8c393a3a3f52c97969f3385d9d73722bfb6c37a5e59c40e2faf294d2b31b0cd02773fb3828181e34926af0b5c12c36c3784098af709d00c7d6e72231ad1335fae4b71c65c22459e5041943aa8f6b02fc34da2b15a59ce8e38c79f83f3f313ef40c6efe21b410111d355129ea84b3633028c41c01b722c2225e4ed3217b432c3824a49d9d4b4c63bea776b263e575059dde0b7ee712ec5016d487e4ef69158d7ca9050b7c785c1c5534403549a4a6ff7fe18451e9a4baf55ce18ff0b4ef983f7f6e6e1b5cb269f2c737429b8dcd7b21e3eb7ffb3c90448da7e234088a02eef664ed4b255b466b87bdd0965ce8280f20518bf956cfb569a886430330d193034a68bced45dc2e20c219a7bf20ec747bebf05bae48663a0f6522b13a6d48820b9836d27d54ca6f9a8aad4f5a874646cc3d6623762a33c3d152684f117c79f931f3609a676dd358056ad7dfe9cfc57894564624dc941e3edb5a412675c2f290931d05afda93ab4963ba32336858064c7ced923a96043e6d615d8a107f5289d646318585aa6b1d4432ff0c57e15c41a7580bd8d8db745ead5628c798d7528ee986e5e3f03b79ef11545ad231d97816272dd4e733c9aca2c483a824b2b9d48cf041d317b53c262387c4391901226b859dc3405b8fd66faa5a97415a9da2fd3b1943bf6514006fd48e4a71140b7748f87f09a6b95a2509bd63db3707011ac671f1f2cc9ac5e03f9762451aeb04a1263f8f1f90ba830aba8c58bfc4503e22f3953f76a161e3025074857272ec8bf9c2e75729ac5b2803d1b32a776e76f9ba5d6e5a2f7a36c924ca9bb183744651fbb2aaab42fb0042708f293af90f35517995fe432e6dc45164455b7a3251538b65c98fe1f84fc2900a5eddef4fbb005a5cfc953cc46d6d75d31a6bb190bbf41231ffe7ee1604a4dcc9b488e530a841da612b12eb9c40fe2b16d730f1f7a213bc16f65d5f847bd1c835a38d096cf664859c48aaab247cd7eb2a86848f3959fb8d1809a7a6d572816c75a0cefb480431be31c44f2d74c35b323c811bac31872e74de1725057a0ecd75d48338d50edf697d42db5c11b5c0bc12d91d0ac56ec84459fb236a4ad564b36faddd0c31613ab6f6726215f8ccfb622596bb497e7763673eb356a3bbdfc068cf4356c1d79efaa47726a344ab5e6564f4278fe868df6c0fb92505fa4a8c46e606ea5cd510b9cfe8b9e5a147d6f610397ac68ebf2f4c7dc32baf597f9ed08e7fc5cc0e1fa7e2d215a14cae06c1b62a22bb319a96c11e5163cadfff6b4cc9f9017471604631fa1f4e7a9627cc395a6ef09f231fea2e3b2d934d08a8626b7ab164a6a11c18c4862819d71f913bfb2940710843d283a78058c54092a310ec7ab6013239b7584e326454dc62c025728b4a96c6e6dd8dbeb8e89631c9f77505d5a2198b71e8cd9a292c8bc68bb5526df63ef1137989cfab3b4c46e53974a65f711b38ed3e0347eb3830b9f1f21a4f5b1fe2db44a411455c8d4e46795110858c8bc421cd8eb8d919a16daea8425597b975561656928da4eb6fdcb6ab878618d39ff1193c1d846a165bf411f654beb8f64e6b9998c06343e8598c027a407bffc2a0e4b5474f46345000afe7297aadab3e9c3b41dd2976daba21511d5f0c1b5f9185ada737bd71710f0b10a81c00aa3df7624dc8b91e62698a9ad3b85170a09d2bea884ae3e33bd8967563e15cc1c4344f837459003173c321bfb94667195c32da2e21a56c271774a2ed301fcdf3d1a7f547c0edddb6e346fdee1820b5bd0583a165d8c9b6b2e5c9e2f59bd8e02dff11ca88d38f9ae026311096decae9ed3b26f827621b947641b6d92ac7947a0cd1de2de39470eed4e869bb650f03d0a3882d07f5355c5aa22246b13da370c36a8f0efad1b581e272b0450ce851fc4da77995d22de7aa3b6b84915896a0fdd2ef8ffd381795e6aa95e13b652e26d9e7c30f4331d685d00bcd8a90a5c276185f1b27247560e5a9d543c994751729926573a98ecc57b4dc452d078425d13fe554af4b0d2e27300ed7660ef0562f0831a90daf07a2a53f3df3e4582414a4f7e24e8ba494ac24f489d831787ed211c05472e2a7aa9ccf245fd9e08ca04f5a017a26caa5897f804c517c40fc3eaae8a011af5c1fcc8ecc4cb99488a80b46ae8c5df6fa121d0ebe5afb65e66fbfd8c7ba0add6a33447c8f08871c018e53d3f43bcf6a112b0a4c5eed40c5394069a3a596cdaa74e8b6f16538d7a34490abac7a160136fa813eda2d7db7a6eb8cdbd1daa9b70a83ff254803eb00f42ad6f8026c5625be23630b8164f862f21ba97c49fca0c702484ce70319d26ad92a835b970e0361472cf9ba226ff8ce21b4cf4da43b167837c8c1b075a9cb44e63be7db8559668713e299c4098e4ee87bfb752a91f860856886edbcf069a72b208dbf8ba320832eb72ca5865df9118c46b0508994575651e1230b765f8fd845bb729ffb7f1ebf6d861875adaacb077032aaa097397314db00e26d69f2f59ccbfabcd55cf52677cc4af896ada05c114dda9c47f786a7fcd791fdebb5e55705c0e5ad1b2d48486e0f0e21fbe9bbab7748a59dc21d042d93087668a333983e812b19450173c6b2488266e7785134e95b912b1082e27ba3721ecf2f7345733ec285722d5bc9268e2b2f534ad704ff8e00e7cd6850c9f7716fb4ddd6cf61b94994a476039e9dd1f9b9bb4f902f78d075a8867dc442e01441aa5c8fb8e3f4761ceb75ccad2f21ddacd06910390afb56536366fd2f225dd58c29eded83ad9577fcf7813e9a9740dbcb917024bc8ce5f1249bf24d7d56a0171810a5a61a3642fcc0358dfa85db498b4bc4ecc448b0b3e51b7aa6fe46d419b7696b412eaa6ccdf3065c2803352f92c5c9e79232b70aee66866a42f9104c95ef293a5587c3a12a388fcede5dbaedea2925fb143b4e776032cda01ae6ef30031bfb2201b4a6e1ccf0a548e35998bf956b42f0176f5be365ba33a88729c054dcac74e8c296fcde61acfef90bf0eb263150c80828cdc204d4657bc31b0bfa046535cdb671c72db4adcf9c06bb1069df3c21887ddb72bc177f8a09e3015333cb152ef04935afb1f16e3fcbe9409f4ffb5c9f67fd2372129431d70e175221e6c953387792b040aad47f3a18ba4b5c47ff64f72e8c857db2db1eabe33e1ba4846385453b2174781070013010a033dfb67a34c62d65a68dd318fd2d9ac10ae25a92fb26ba142f069859d09bf22d5cbc0fb2113e2778a94a27efb998297192fbc76261c157fdeb0a254326ada3815979995298428b704711b9df158f73509e246ef484862c36a9cbac8f20de0cde28a15c481c96e6973f66ab8338cd570e1525fa419ad4d371fdd8110d39a71f99cc773ae4026ae790db8870cb7829c9d761cea212907a057533da3a295c5831e9619a5940cae311015e6f9d917dea843da903135bcd529fcaeb8db085d26a4440cfb11d8208972b997128047875838b5eef6ad92ac5693f58bdcf99c4587c1f7233cd110e4742a5922cb7abea85712ac26c0811b2d3e797ee7fef188d52bf61bf17bb408a3acf09c49ba45b1805fa3220d9b4394436518a9e513ace093de1cc24fd81ed1a9ba35e74ee41b681a9db987903cc013f5e4b280f96a7b3d9d5a81c17f06e4e980b1d1f8450596b17f1b6c5951409d660774423f0b6460ba337105b7653dd14a31af517e932ca93a084e3a12667e0dd03a0cc55f202efd3a22fae298ff53ce27e7f209c037a317328182eb6b58d67b1b140c1e129490a3a60aaab1dfccf25e549e2d8d6b581bf219826c35adfe092f50230ee89c0ce2d840d71e0407583ab532962c266c40f48a9de168d1ef7854b39bf0831ff3c0694b75b1022126ddb8aad53706489826e36bee791841be955995268d689e18155fd198f352e59831ff7f8ebf53f9ce536c9ef6960128a6d4319272c2c4cfde71b1b58b2b47b7b9223f5cb45429e063b09cdc1fa3054be2e8ab7d1ee578daccf60aad6b88f5eacbf1c8ce57edbebb1e07d08f8cd7341cae23b62e10532c4642a110944b848ee8e12c2a7d4a308b8f4c94c36b998334b6553aed4600ca714eafe27e32e3dca1aca5e97a7d5f2725514a8db7b901b0d5a579f98a6d06fd7fdd16a036565809b9337705c4f6987be24706cfa50c6677045e484c222aa82b3f4414f59010f9878b7694b8abe86afabe6b18e49b54fe0d92136c518620f665d3251f7f5278f325ca5588aeebedaefc31d2ae4b9d0de0893f72010d04b8bbb53dd8b06831aaad366e89aa0ec273acfbc0fbdca4a361fd2309d5a9905c054433038744abc237f6220f00e13e4c43965b84b2422620b98631ffa03b85a772ed7464dda9b45007abe6cc3abac5687210a72a0368f88ecfa41eee5feb2b5d697cee0fbb65bef8570f179554f4eab6bd19797089f8a3e1960eee42a1b91f6b6c87f3d8fb87828c6b22884b26a729551e85304734de24e6b6e510bbad0124c5e7ad0d48f10aefa60d8f593498684f5ea50c7ccb06f668455f2538a88dc6fae24aa71816d089dc91096b6c0a4be892e2ae16c2513ad629544ebd4c61a7ab74b514be46f90e1c1cd97c40680bd5774f876e2cd210dc70ac7ef1a0cf89ce357b13aa508e353ae12df44bb60b15d49cfcff285bf9d348074a24e8348a3d10750738369c9ffe031a3ae59a7aa529428a5bda139ff5673089d1041a252b1f9657e396ccd1e519f00ad20eacd50102cf2993c88c2e6f4a9e4434ee3cc401543ba2739d8f91f039bc06c1c5b120b7d3e5c081bf0790747148f6d9d5e43a6a035c0f3570700f9b88e3e6f6ad8f77ab87cd78f9b04c6e18e859cf0f4fce82dc5a1fd29dda6177e432d85142182d2dd8814bb0ae7a67a8bc1224bfcb8e9c8728555ae78e85bbf774a815c379fe9f3ff9b2e4e6fcac1fdc9555d5afbf3b496ceb5288fce8434bbcc0fe4d699182f3da9c151c498abef10a2cd0c0d8c9c1cdaf87d5c990796571a8a072fe4d4a730942e32b21d3c3a371471853be33b16c38e31cb653951504761e2ef11fff42184b87e086352278ade87bc2e496bc7f8471666d537f0a44c66f179cc3d77082b35d33ab49ff3c83ac488431a9ba5f65611c30735482b1739da199e8d1c84fda08f39f000e8e1221afc513bc2a3c119287c5202e0aba256976df7031d3450c074112ffd8aac9ea758ca62101a50d5a78d7b2d58878fd4d09f48aedd4e6f1934bf2e334400750e34b9c08119a7855fe13f300b9363a6a98053705b5802531adbc56af9baa428bcb0a0eff4d7158eaf287757cad8ceb31a18c5fb7c369aa756e06f69ad7bd00521d11310400ac5ed4611a886d195934ecdd6df98edba44089226ca04e7010a6d9e81dc02a5be80aaadc66af4a1304750cf2d07b1209660d0935f6790e9660c64b42a8b13aaeec3d54efb3618e7b0fc7fe2b3106bc8b630135de73efc810b1072be93d26ee5edac950305e2506f54b012dbc4c770b2f8ce8d69e16e52f9d93953781c8375d31e644e59ca7234604daceae567ffb740362f4102cffa852a83c96cc542ed27c38ef266eace00ebbc92322d6a2842e40fd4de77d434104c07fec18a48391b1c1f61567eed4ef7b39bb3513ea12c2b896ee69ff3b1cbc28f7e96621b589cd31eeee3752706fad4be6e75ee7c6a09dac2199ff6d0274c33f96f7c055957021471ea8ee18a2f3c4a365fcf856c39f63215786ee0cba61cb17376171214e64c5687d4b27f50126919499be96866539a38e0bd601da085e8d86a2484eef11e1a3cf13121900a6c8f02f6414923129bd7dee0258e155bad8143b649d09f34b8687b2db84894ee66db58a89b14b0b49ac84d50745afb37198fc31581c34f474311874565b3e4ac73a0acc2de2af8e569eba80ed8c1ec261064d63dd58adbcdee7c950e0f704508c91a35b770cf9c87d5361d2120009836d75c6da30cbff143257a7dc21ee038149b7e00ed4f953099b0fb2f33a9814cc1e71844bf5689be4596faa78079d91940969d1b32003f07b145f58062408fa02b836d906f0d7e7ba300132a15c8839005c1a3735659e11011bb198eef4cf980b74ecf322554bf07da17636a87b4660da6bff32ca72e12cfd098e51d7e937babbe5c003ee21e07bd4a4231910912ef9021d279476d8c89d4a7be0c9db792dcba7a7e5921b725f31df7515c447742910ad616bdc8c84266c7e1b9eaa602f53bb812bab6fc73688d27b71e9d93c920aed4c263bcc46103c5523bb2091ff0a667a9e6fb12f22b4813ee3a07a86294fd698b98dd2bc249cb738985f8f9d52c9f031e3370dc31910725c8d4f5f5362890a1771b4803aa28bb9254048bb136071e1b19957571613e4ccfa83a9d090a10683bb7eef254a3c25072a6204f13bde6d4ecb9edbbd717699a84160dda48030c26d60514005ab8f89ed8cb3d1bde0f00b3400412125126f7b8d20021a6aebc1ba60ba0743cf3e136d45cbdb1a0d5974843c2a80168ff4b252a43719c9185d5dfb626c5c75c638440171142937dc6391639a6100940c61b94efc2f0940ddb1a0a11ec33431b5958fb24c0602fb7d58f7d6fe0e788fa3af245713286d17298f5083d2be06f41c63c1d56467fdc3b75e44390fdecb767b9d9afb755fb3beaddab9e25b2e9489fe8592bd2c96a3c0c93a32a291121aa30e60545a920a299a815b8de3d8d5930eb326f5f5aa996d173c8c655e15ba04f12ba75107649ad3e589eb9a207ef717967d11e615e15eba328f4003cb2ddcb78c15f8df49dfb6047bd43437cf95e9a13d9b2528b0ca602a68be0bd7bf0bf47d048b5c864b4032855c362def4354816061064a9026de758015162c999307bb0ab74e86c252947cbb75456ecf91d96bb58a9d8a1147fb2077ca3735ed2d843f7eb3ce9dedf3500ca6f9968ca675ddcc9c15429f66fcbe036fe1ff2a129580a67f2e9eb14366aea481949f643b693d65d7cbd019abbca6e13cf5c6449c361345c920b1ff2480432adf212a5252f6a39dd0bb5c1c389e0fb2afe1bd98bb4f6384f802102728b473c4ea8aef45a56b4d6de67a3c811092c8367bbb802d15f933b82cce7c87f655ff007d375ba735778ed40d87fd01707f116d7fb23b3d0ca9bebf58b526c1c8ccc9119d8b4f2b6243ecb384c3aafa1d7dc3eb66d2245e1205cae835c12f2b67356744f34fe75d6fcaaee8df975d74534b76c6eceb90cec43823f9b8579ae14f15cea22ebe6eb68bc8b4a1e805f2ff5f037e003645ec5c4372cbc626dcc2d9d50c44e05ea207030f935df43ce5fd9afc5b44e5f50ea97d0bea2e9279933ac93b051942b7367c775db149d9cca602baa9c59af1a5236d3e42cb99550f11fad93dfe4fb53f2ce562fcb22a3283d8f2ad0c8b6c5904db37337ec6752447ff9ab7d2b23dc9c346b91610dde7092e42ae7370db311effe2b8a69ccc5a183f4f2d1d4514f019f605bd170e4c49f664766b2d307a6439c3d6ae05440909b7a865131d4132d7be7117ddc38b87bdd111b76d939c3194cdb68e2f7644e82609ec79fd9f74892237818342aa2e797546ee521fbce4a01eef824901ff5356d0744d2b14e3b1f16c25600b9f164bf7518501c215bdcce2f205be005f7a6a71bc30c72a89cb0a48ab3e2d2adb1ac9ecd490853b7af71e7fd98dce9a881fc13fd6fdc79d748fc4da4a61657c03ceaa9fdc6abe8c97b3c1b173132e1e90316858639c9e5bdcd11b7a118a0fbc344a0be5134b82304c6fee7307af4628fbba02c205efc3b92c3370d38d3ed8ae4fb3584598ad74e0333436ef00ded1ad9bed884d71167ca057ce6d4b7dcaaa81f34dbe765c233a787dfc1137f4f56aa6914118038b7043394da640bc5a0ba8275673d5de8ebcefbf60974921239b25e5047b858c9fb0517c56c418f936020d156007752fff4c089d34330548ab2f9053399917044cbd0ffc65ba5c337316eabc596ffe66840d2d612a215bc1ebf019465aa1e3ec32fe678320b5c30d58dff90bfab3ef6fb6aaddb200e2907cd5419fd20698f21194b33c12b3112a446eb97afce859f2ee6512aed552c81b773b8dccbdaf8b492b9eb1a9dce19bf608c0c7ed2d94f49be9eaa8be799e732971d42d8e1ba952ca99d997d2897d22eac548679ca42f5cef05d1815e499b3e65861eaf897aca8f3fc7d46919b8bca5334ee26aef174e41598487ad0cbf4290ba24c1ecc68073255b17620357886feef72f665776f90fccb2a26902040f671594ee3b25a4869a184be12428cfd9b8a6e934319bc47bff5b299351a85787898afdc65cef19c0c58fb92f2e3d9b2f6758b2595dc815f014267fc38057e2d0c9d84fffdf149d8f28bf1ff1362d00801a26d12af0b224444280f9b3ab433c0371a75fd06c94df735088cd83616d362df7b174068710fa97a0c2ecab7c5925d4b90c056ecb14023333233c392cad9ecfbc2038ca1d324e7285d4f6c03875b48c61cf14d2cc62aec9451264ed8c321c35e1d72d8f0170e8bd0306a5930d0890add9c2e730f1d63fec18209b397e2e5cfa245facbbc01a1f71afdb683198815b83d49a38682f211ebf2ac04cf6834a9689e7ad72c1f64c05ed1ad4d1d7d0b72d773c77ed6e482b9636201d2c99df79afb82f7d4be127c3822378c1fa6d74841eeb3d764126f74d4c69f283da12e86781dde11d0414b20b221634a3c22248baad16763553dfafad47c4e49ad0101f9190fa29e521f86f1b9ec92bd9dfbb4dc05b8c4786479499099784415b1e1a7bc91277dfcfa10863c2b798ab5bcef49730cb8d4f435b877830e7e7e330c0479ed35d07f1355fc41013576ee3d028a5f5cfb13358113e9836d5e06002a6f96e4c1c1d36d143b21107b5110bfbe7d25db67103dfcbe93084faa251d2b233c2c583fa9c5ae23f3e903f9a1821c02d199916879d5e98bc63f03c28fc5acc70d149d0b2ba0ff69d5e63fcd816399694eae5b67e0f98f3536ae51a959a4e5ca0a126e3e5b8b3f29a18aecedfbc4b84c38206931f39fec6ce3f12ea26f322f2a70db5c24cd06cbc51067740c4546b37271171531c81c5d0df5f9471266299d9c9acb10840884beb741dbfb2723e153f5a8d0e3e3c473385c91d4accbfae0208aee9ee1d67378df1e5562a9639ee45f91b1e9c51a4f087698a7dcc16af685e6150dbda875ac57072abfb77da6a6b72a63793413737f52d34261271eb2fa8110ac53e118db96b0bc3aaca8c972a47298e0957ccf73b52f5d8687a348c8e9e7735fc71cf5e213468c8ec1ee100b2f534ee6a03c9f65d9256d687fbb7ad469af2583bc16bc0a0338fc0258d3ff5e17bd847dc02577b528e70103d7e466a813e3f2720561b355355c6f2a2e240dec4c1c492a1eda0a9b92fcd478edde451a86f10e258555ba06c9d70b542199e3a8ac3ac8d67e9e51ddef2725dd224a8bbf5a7da88f225c267463b04b72daa55c980d7bf7f8c62332ca6236e52a75e6e1197986d5214a4daf5f19ef763f26d83de9fdbe8b1737b0d28840063465509cdcd7ea1854ea179e2d2466f931b82bc6be196db18bafcda72e48807c3473fc0f0c20c5944ac2386508aad7890d5494874766a0cecf6a41ec2b61247c2331d3fc8e438b31fb504688c0865ceae994240416c32c789ba9339c3ae2fe9be02cc504f03005bc1d034f7ddc2e9ef62c4653bee53f35af0090882b1dabde2e6fdba7bce3d312ef67b936861252032d00c14e319b574afcaa211862d02a63c945e9226ed9fa6f450110d921ed52f2612af1fb09749f8954257208a695760c457dd58d66e28873418cfe28f21d1d41058db66ea4e1b6895b03827e7a437dce3f684b63f4b1c01201cd8fd091c9c1ea2fb408e30bcee267523a6e8c1cfc600a9f5e2da16dc0a6905e54677160e75fd3b63d51a5923ad1a16043d2baa27c2fa148b9dc5e37a77331e36c0e693671cb32d407bfbfa0e64eabceb7b9444f9a0ae2f376d7cf6412022087f0eb00abe0a35b1f9912372ee5647cfd9db9c5dc0a777cd197437250302334f8321cd280ceaf7921202acf721041577db8b132afc622c721ced0af6862089f444b2db7c36cd9b4f46e97b679c44cf0b07a2f11531a9107b9167083b57a4188d638eef14dd04c75b5995df581079105bc77acf12c8601fb3fcc20854d33015ac9360f15f0180ca8716a2e8713f33dadfb43b10f02a3b2157dc5e037c346727ecbd0e045b4e231c945642ffbf1bc995469810ea9b6664f12bb33315107356863d4ec51494edba7c288dcbfa726eec05dd55f470edab40a0e3e78a642707e8c6a1e8aa2b7d6bfac063f0b0d819d7d0da26c0706c73953a58ebf99c715fd67a0fc1e419798c6c316db8f0201ed1d56a41caa1d00fff2ec831054c1335691e629199a3c562e7f86978cfe0cb0c21a05c804c67c2e13ad920e25198bcc9d3a53356f54fc97794cd507b6df76650e891ff1bb56337c5e6ff605d14568d3e9d48c01b51b816f5635f8748e9afde61f0a3c6f1fc267c9ae3abe05aeab25d7c0c3811cf172e6959ccdf761e5677a07d1f1d2c5324bd8199c2e9faf9346f4831e2395739e559d85d684ae9ea8686052dfc7db1904d3daf96f1f49296c845d740fab89264af92dd6f80f925a78b96241a7e893c29a0c5f6bdbc31d66f3ee5b60dc6b5e50372a0e115a9b45ce526e85d7aabf45f427a440a9cab81d54acfb86e281c80de24afcec714eb1504f4a767b3c415c5aa162c548f87c92b86d042841eb93c9d1bd96b0461b0a0b9901469a4746190c4baf3b810be684ecd461e315e019d9b6663d6564773ed7ca3eca39f2b55e110eb80428b34f7727d7df5500d76b0818d444d1e766ac5470043efcae70a0043c20eddd1cd5d447bb47f3804c8d58efa760fa3b1be73236609b0a95873ec7d11e065359ccb7037dd79505bd70f35464a21782349dbd696e035fe5c965c7c71e309d83e40745661e0a36421cf00d5b77021a97b65819377d45625464592fd325c7f007efdc760f7e838aee993836c40c69c502436405626755d9950fcdd68ad335b2e516d7250821cedcecef74a5b0fe7665d89413af234e62ec1f57064473bd12d36e6d44594f3a31990b9918ce5c4c0933d306fa2594fc3185e34c39f3ad11b55b50dd9469004ad9cb2fbbc5b2ac55d8942d3e86c152e2bd39de0547e9dc57829508607831b0ac4d0addd7a4d8a69461547fee277c352a1fd1e21bfa6ed6bdb4b0b8577eb0154a9d9526c1aea513ca6d69bb592c9860d9ba032c9390a704b9509e092e0828be5ae92157a91a0537015a343945f6629c537a984fa8ba84edcd41341c9fb5c08ebad6cc3e6d424644735ca2f1f5374a29c01ce2f8b390778941f3c720db688634b12c89ade659216ca5cdcee9187672f2dffb28de530c07a8f47008d8349ccce4cb4126494b31fee7025f69397d45310e861c9b5589423e2ee53d2303711ebb7daab20d708760b3a0ea7e00219aa0149152b75d8f9436b1719afde8e0090d3926f31cf38f5b1b696326499508dfa865ac4bc643ba1218dbb3fce762d67beeb0817be35f557dd82144bdc6c995084a26e74ba72f0dfa9140d3dbf918441be573303366a545d2643d106dda3c7f447c7215c44fff5a3c134c7cd30606a4b8fe0ac9591b5f9a075a2f56abfc434ebc7ff5c3eb25e07136d80f3016ce6e7b974b6d2c4b468503a8e4911827beadd4c6a507122ed1851830882fece482926cdfe2e721399d86725178eb3e963f3302bd7a69522304d6e25da57e27a444a207b681c90d1c523ce97d1b393f321ebd511653925bc801d27703ce331b310882fec066e052a98554b37538034f0ebeda5f67841bc6f91830924df9f303519afe80bf05981a086d25f064f443b5b0a86ec150f339049abcf5bf2ff773bb1d061b0f86b80908c90fb937063779cb29cbb4d31859be26740565c719bd8528681f7d605c987cc69036f0598fef0e614bb668ff994cf5b2863373f08dc735094b0ec60a37b3cc63805660f5b142c7060cd392ce9265575d47d54b2066fcd29dba7ba13fd7f56f66f461500f8409579fb009973e04bddba178b67227488ed76e0bd7cec2588fe2381969f7f03abb99653290138d33d28fe9e5c6ee8d94dec615e44454de9c130675c86afc586495604597222305725b3851d96540a3a456358394bdf5e1452264f4afad62cd4ce966ecb99afc71d6669662ddf8aefd53cb304d63eb2c4cf08684c1c82a30cb47ba2d0d2a05c022fd0973237a8f9f2e3f4b262f07f3117c336867e35974db28f77df4fed44a4a5c6c57772bf63f6a88162f3e9979c9a5f3c36729eda09b6873216be35b4ca837a3f880874112b504b9374fb581ebd007448af4812daeb3571c34112381c42ef26964cfbeea2885d569867a034fafb1380a2036f759862c58de64b14f772107e3e1460a7c0fcae62e72c17d33769bd5f44a3920dcf1b20cce90ebd19c015401f7bc0efec7726ef43ff00f7de4cd6b9840800807e9bd6c6d9815bb006bd35da72b0d52eda482ec78c2f1221fefb5ad13efb69137b6a496d97b5cd285c62b7d9bfacfa8034fcde421a6362ce6fb728d0af1ad6c5d225310494be162e8c2860a84d6888b0422abd8bf15f379085166668a46488ef66732576c8bbec9d5ea454236c60930b79bcf40cbd11010376c2145ff368d04ea0f0cd36a0076de71c420cd070f11448da850e029a6900763741a936cbc0b8565ca7bd44d187d48591765416ed6d3b45a936901fbd15c8e6864d0f80df55f1eb2110faba7e9c812d0421e489b4e23ed2f2c4060837fa483be70450c9ca288aafb21af4c1e12b9b547efb59d34701f1cf76168a32fadc2a80b2e94d4681171b18d9ac5f599666bcd5ab8142cc3bf47f8a0a62d6ee99ddae795dfb184d380fb348d463dfc180cb813d4a4ef47f255c9855ff9bbb6c8ccbb0b5e452464869f3dfcaa316d66c9632aa0a401650af4faa008feed237671f157dd526c91a18545aa0f4c4c591b0f9a78a3fded41c9642e68ed36310594c8106b00e79f153bd2039960b950149cae2000776475f07f7f7d30257df69ce900d3a56986367e31533b00effd288a0018764b98e5f6ec9e300dcfeaf0fdaf296dc3349324cb973658db54b2b982a71587efe404dbacae04c793c99cba4f8a009396b7b07a68612c39acbf0d7aa8142b33a26f1800c30ab13f893d439c4fd42227395c54f97716d5d6f19547cf969fe1a22b830bffff380e4d8fd6147510245d1a3ff609863b53959004f8c29fddd53a170ae6e7eedebf67673f547a4d6960a18764766df0532ec51e247cd07ae43d01dfcf1f12285c38f180831303bf803dff877a4df3022799deb51e8d400b13de89d76bdbfac1c6c948798e5a70ec115a49654c1fa19252cc8d607a1e53dcc9706122c6c4f3a8916ed0107b10476bf005045470a0fa3a14024ab3964f9e6af26c70a86bca0b8b5d735bd6632f98b0f9042a429d593bee1002b4510df42fdb0d6718db85cc3c82740b597546b2cfe1a2f128c6fe767a4c491356ae1ada19ac1515f270581e5942b66bbebfd40661e76a59de2ae61e9b8a9894efbf161d62df65250eaebe8a8bf99d144133bc1098cc5c5cd65e2d3d7ebb24214479bffcfeb4ce9972ce17377c9ca22099cc459ebc46ecec8a0fbdf6ddbdccd89cc1fb414f2ce10a1a017b588d63b7255ae15a5b01a0e7f691017e738057b440c8cab564061065e20b68e8ba0d0dd838af4e0411b4cfa39bdb609f5109f6ebc095af6395446f5746cc2a35811a52361c1fed3c8d14c7b1a93b76de1ba5a5b367ebd6ef1525c1403dab5f45606908e24815a1a12b4a34dc1c33c3112d24adbf9f5293cd21286934814a1d17b464eef9d79773abee841a6ea4924f25b8c93d8b60f1aa5f5c385e4ff60547ceb5c583b9b1724eede7e57a0b062ef0688dbde7a4a64e292eb34b1af8c37694814aa3c91bc3183bdcba69eaef0b0269e9c9ac60fbd53cf72984c6b8b0a4d998bf71d333d91c0898869bb6c6c6ed91cf5fca065137a11a34170e7a8ed9301adb2ace79fd14d7d1706cefa5f12901ca9174a4ea0aaca27830f20edcfb90837455d83cd7b894164f3204b1e61eafc4aba800d0a2984d549cf35ef598cd45830eaad429dce9f096140fecd6ab5dc71c3953acbc651694cb69e283bb0f448ad1b1df6326fd6ac5723b5260c52c3d3b12a2556de712e8341dddefe23ba33ffaea646fc3e97411c677ab8bfe08a32353085730abb7b8d68f9206c43e4033b6108eaa0d60eaa7dc8ef1c85f12b52f53045c7f9231e0157463f17dcabe5cc7cdb3efa3bd7ddf566065fb32dbdf321a78014ed1b1e598b17e742e1c6f350be07a0c6bab477a7b305e4443f1c728ff21a8e4a9a8e1f3fc1d685026c94e36b806b8b2eef8f2401f4f3b204cdaa33032822c3a7d50def94f87e1e6c297e3a44556b876229f07dad2caf99c6d745391782720a54db04f68d7e1a7413051e186457f4f403e9dfbec0d40e2f80c0536ba30140eb5389ce4c17aa714bc066f7d8453a999f36e67d3ca6838bb0758f60e0b0d7f9a76e53314b0f5116304f4f8499d69bdb425014c9e9ae53c50b1964e8bcb41ebe5c58a66727e66beb9ceca1c15e06239f937fd29e6355daf1ae1fde83721042391aa15657108b49881eef16f39039b6c172dafc6673b1a3151acda9c236d0dd609ab25cff23797c8a79380d7ef57c90359bf99f32d259bf75ed39bf1409f3b41d4e47399c121419167d173fe9edd728cd186cb0fdb681366c67127bce627d6b6d3d736ac84aa8e259dc4c05f5504ed79e71062722c33c8b61e5d13c675a901f7ea1a2866bc76da4ca23eadd0e254c7a74b6bc71c02b3671fd468c25788df139f00888eda13b1b0a0cd0dfb3366c5215e4df60c86a61c652ef80082e7b227f68dbb252954e86e9620a67ddd89e06cbe7a811d13aa269c94a7e3a4e58a644d1c0265838a385fd469fe95a4ece0faa19c2b108e69dad74a68f7e17c547b0eb5e8b17d8798f71de1648c1cfbb13b0351b396100dab927d9b24e2c64c4ee362f135823488e64d2a2dacd6a269a1bf4ef71d25599f9daa3c471689492af26b34a35a1c6d7c46af4115e497d0be72d915b11d03a361ebcbce07f0fbf1a2d444f493d123c822052d31f06e692f5b11ba8d3589130f336196dc79c6bfc78579d7fc42d0eb1c203c01d78b08d9789be45e2b6c28d1b19ac82fcd256415189798571ba41857b9207560c022f417af5038edfc5ff932d0142c4cc68dbe2256b4ce7e23589a553935a9345d12f6c2b17fe66d1422aafbba81b91d6a5e2cdb5cb929b476fbbc6017aa698be9c0cd5d483f83c9ab977ca1cb4ebc4c603cc82b29df5ba87d45a9d1280eb9f3da9e84410fb63859924ced038c51981055733f98e3259f8f45139a22cec5f5c561b8bb8f9c3ddecfb6b174244fd3204f1cdd2687ac91de4aae81eff4bbe5ba8d8d1cf8fca5e609f193d29366ae50887e27fa2ae9366296c1aea651373f9b4e1e78bf942120d3f107048a59a4c96e8da93445488d5619f3b1023ad1d67b391f4b567637c69fd8a0a6642fa7c918473c52f15502f3ab9759c7b52f47fc05269fd9d9a5c6cdca1cbf4b748b3a1f05dff27017633dca9d1aac8d6df4d5770edfc003c93c9413ac5bdd27a666cc58e9863d22dd04aca9ae36c7f4fd616159fe5d3375c39e2e5d6471dd1f6a4627a871a0454dafaceefe62a09998f762daa17d312d05ca52ff7fe87058a43ac3c21261e355e7387872c3994a8676166ab78a6ed2d2edd844bae974bb6046b94ca5a8a1892c71312bef651efafab4e0864516dbae8bd778929469fe8e779b2906792f692fb7c4d3e799c5c2ec6f7d8456413fe7f70396ee3e0e1581fd467d0e33a798e5a8f44a9c5b8088113cdc0b5058e017f39c975a76fc609ea16c753d39fad70dc017cf9cae74bd5ceae2b8328ede3c7283e0dda40512597281cba97f7f41285d5e67c7de35b8241850b1e9637c239f46a7b8cb514ab81cc2e973192cb018d61b5607068498c4735ea93127825694d74a34d98b354194c3556767e5baa34d00c5fb6d1ba44c8116412fa2706987de4b5485f11fe780cb6942ae0560d124e2ce2305f7b7fb29937201ba3236b58bf6237e305b1d4e28b805e6d65924f58c4a81ed395455e96a980ab28b31231249d0a3787fc8affc7501602dc5efa4a97c550b96d9665f1b87221caea2fced5586c7328980f50b4b35b93c504c1058f34a9d67a4b40579da164f680e948ac1f4890ffd616e1ca8559d0e5ef6b78bd4844cdaeafaf33769fb6f13187042fc87670af5510e028c7d0539c150dcf65b8235daeba367b2833ec706c5136200c979cf10619464a48eae83212448647f5c1e60cf357325d11d3c3170c0e2e318ce0adc1a8f437d95784fd971741c6df54ca65cb0be0ec579653625dcc8d0ab8b2741ab4f6371a71a01226d0d4832bd39d9439111d96cf8ca66cd45d52512179e724bd7cb998a9c1f9702ef69d60c00477ae1b387571f9cc1abe52e80818461ec108aa38ca324bcb254685d3f7615f45f25e5a56ea96f665b3aea7bea092a48907dc31715e87046f5ff0b6a01067da1c5cf877ddf523f13fe400c03830a3d9933e2697810d56bfae3e3a911b2a396af71b939c17ed6f9797b9b2256cf88e07bad154532d03697a74278c341e28c14239dc5fa040a2e55a4825fee7dcb5578281d16998c7ce425a009af08c6d891cdce8dfcf08542285245287aeb499e2df5695b62c7583a5f6c948db462d6e7c323ef140212dea60c96e979fff5dae27f906b914757435e0de65be2a3ccf5148f1e133f12904611f64c555d3ac7101ee3a179a928eed3fa678e9d850b8a921f3b1f1f27780adc92ed55a67dd17d6fcc6091525b0b727c02e92675e6e5436a38c91ea48987ab22e071395e74c70f38917eaa9966b595ba6e391ca990937eabb749bf4303dee0e48a88f05a65ad94e5e0a67ff4e2f57ae5dc875aa1ccdabe5f33884158a24abe8c25088dffc6ce86d4ff1aaaebedd32903a7881b0b204a4bf1921fa659cc2a1e30656ecadc5405e992562be5a06732387a3c2e280a6fe2bf97a042dc9926b519865b1b9f60a566a22400397e7d2aa902a20251d14a7bf31e23a3a3302e6367fccccbc03652be95ba43c7b4b308fd4ba919bd11cef3dbfe70444212908781350e1e94226ac70c37f58d6226f1bc17fd959de18b66a82c2b86c67209b387219ee9d451e2f0684cc5ad8555662a47c3631a9cfd332d22b55578db9f146fa7dffb07e64f37d541e8f31eed3703bf5d55ab3586120635df96d9367ff6140afa1e4d261e5b0db779788ec88d295ada9720c457b622532897edbb31d13970c4261bf58e81d67702f3f4b48bd1d7ae8c70926a0dfa601d5e3359d014791dbedec1065073bd6a1696732146f66f0a708c65ef08e1cd1e37de791a715a62eee0a178f2911cf2cd69b56e69584941ab009ccd7752a9d5c2bef1b2a4e1f993caf7d45af9ddf164e5921482d7c13289b6f6ac10722b891dfb3a458517e090cdb8de6adfb88ec8a978fbaeb7aba7492120a8d7d37b845517e6ae505f5e1e8f7d6bd5d20afad4b368598b3e50f492d5f72795e01a1ec60cca73728b213e37b998a3271067a3ee67d04d6c8789ef587bfb860361eb956b45e32222d3b99ae4e9e9894436ebc0723837eab055973ebb4a47192b7e4e47baa594dde5fc6e8653e4e530ac0ea3e3a344696f62f524fa6c3ab889aa343c5994521977da848967e6fd38a3be50b7c51c8e44de4f2ab8e657d46a061e17db4d24c360b8ec7d448cbd5f8a9a0667cea38241dcaf1e0057ad6c1c62f92b845a5f9ac67f76b5f8add5c82fe14e8960ca9e7f3f2908e4c9d687383259ca24f6b298eeaa279565305a2871f30619ad536c2ce0f11d2a0d61e296177d707c9c7fa972b2236e7d466f994e0c6bdc1b8bc9c4d8339a67b1c5a21a17a89718765a54c7a551be648f80ce55a785563cc77ab7595f894ba65202cf6ac740ce85445f8706258e54e404756c66e9184cd2a35a1a5694346c6d5027a88f269abca9616768287ff1c718909c1521c8689351997b51c5c43ba71bb9a3c1f841fa1c39ee096c925ef4dc0ed6da07ea95c41fe81010f558fb06b2a49d51a56a3dc014ca25456a9a50663793c021018485f52fc6d32c04ce8f5baabf450108c0e0066cb88b963945a55ad25d70ae6326765b186091ef78a95e4b9c60a97dc0c33026a76cfb7b48931ccf27658ce13067fbc0e2dfb608ef9ea0400236e7f1b0025c818766176830cf574e898642b65cfb526d86aeb8ec7ba026cfce0e895c1344732249c0dee3c531ccdc0e0eaf28eb7cafb2722ffb152214d5e27ab7bd406e53aafdc4233dfd5ed1889051220925e69f19eb085086995438829329622eb2147ac1ba73e60655be1daef698173f4373771aac2828ad7161d7af8f92c6323c21f04459cac291174b33199298518d0d3356616a9e96d2228c7eab900aa55be8d594fe7f5ce88ea0002e10f8b8a5aa772a97076c49a77dd2b804c2832e773752fc51afd499c2564a90d30dc6161a56ec3106b1bc748e4961aa5faaaeaed0a897587d75e568ef1ea35b2b13cd18df44d423710c901aaf3ac52f8beb4b3eec9fa71fcaf2b3b2dbc1634d7a938ef642df9041f45d5f9027772813997c22cdb950d15c42761cd7f00faeba3fb074f8cde5e2cc24ede42bd4ca63e19a44ca2bf752f3cbfcbb8cea7ebc7d07e9350cd0c095104f47d8f4ec7d87295218942d11b028b015c4378956bd3557623f3fcdb7bd73feb966d003eb2e91a0e337cd0c8d23ccb736c67e58bb52ee4348635fb9ac44ab3f14725d406f667d58f229b243d3b8964c45f8da63a16779e1e35a5e4ee09d927ab757453dcbdeacc0b2e807c7ce09403c10abc2fa92b733b26a87e53af0b0517e2ebf5e2ba706514702eb1216816bc06e0bfee91dbb722fb9003f5c181735c3605f1bf5f3b77f3660c7c0c5060285720b7b1b2994dd0a122b034c4cfe68ce61ac2974a1d9586618294cd371bdbde3a6f1ffa9b73f79018a06c6c118c6b2caca58b29e757001f8d292a8409e0d841bc215cc808e75fb92b3bd1dbf72916c852d1dc0aa8013312e029653573412cd67fc2c2c859141fcc99ecd4d9e49d3a8eb2faa51dd40b286b87a223e0af6d0d9ffa102170a8341140b26e9086d4ac2a5e22a74f32ae7e60ba7954bb63681c9ff4f762e0fa7b41264397e3352e274d4ce8b13982fdc44a121b11d03bd7f746b442a5c269e8d59acb7975219bac8bf2e397c6896665e09d307c698533b3122602253c5347e80713af18c263e58c482bb3489c491e7de7cde2c09188d7b326b71568ecbadf9951ce03c2663e0f35a862a94beb3514cd558c634096c9fa13e35a4cec6eabb1143263094b1724fe69611f9aea66ab25cd2d3824b2a39198bd709d4e0dd6b94441513bbbffbb5374577d083eb4d7ca367b90fcf10f25d7382050052a2697d1e1a9f57d79f0b9485b3cf98645a251f31ed7e4ea765d6959dee59d12cdbcdee065266d9750a72ed4d431ede00b20d9a369019389fdab1b72486fa5fc8441f56251edf53099c744b3c68c116dd6d4aa9646c5241d5b6625232355f5af648770b48b6d09bc8170aa7f09332382db6d7255296967f7583b5691565c16bd8103819131ed701487071f3c36b55e89895640a891d9830f2418a4bbc44258f78e3eecba942d6f36eb3c3ebc35ae05ac09efa85b7c7d5016875be6211a15a4230c87f26312427fdd87dbcf47397f364d62e8f922916221eea0047fda3e27b39646c13f169551726be21240d37570e18e51a52b18019b19efebc96cdd2007e6edcdd474b446e62d22435af0f8199461826baf3df4c062c876db6bf4d1eb2a6bd59668e304fb6e5617431567d6d6e528d2b106cebe7bf9bfd27293c7b40248de9e6bf89d616fc660cf5bc1f99e65e106e4bd9aa1d6a3165fb3e33f0188422186f0fa0bbbd7b4995776bf66d5219eee98c669e94b445391feb938dc9aba117975b51df53889f6b3b1236d34de2cddd8964d234205a0cb53b3577b0a168fc0e5b68521538cc40345d875d6d0e05f314e1240e4263a24c736321402c2d43c0a985a3dedf780d4f43f0855b03034636563b4c28ae6301155d0ab018dabbb5d7c48001371011bfa25371bcfdb94b0e183491442504720182e5312c30003aafa0e87251d8479044b7fa90c0906a463b0d243f6520214431f90143c7e6f6688dc4c24314639d364b54d6be851ab35af308162a4d690ddef4f24e04778e7b41470cea066b3e2ae183029375f44b1fe773823ef09a5eec0e38e88eb450dbf294507aa6cb6731bfe263e01b6364eab676d42c5221091218510d89ee2ce0db2293742dd5a2ea5de07cf20f4141fe76b0cb62a6728db4078723a09f468cb09d0cd643abead01d715ed173937713c6ab754ebd9012565bbb7c2de7d03c6803d5b0f15e4611a630a6e4f2641dc71c66f73623aaf469ffc6a3b4cfa842efa4717906d28c8397a070ee6af548a2e5fe481bc2fe2b6f83633cecb258d5ba4a52ba344464b21f6815387db3caaa7c9b86e1675c83c24df9fb0eaf2e7b7606fd4ca6f28ee85865c07c030c2ceae00dda200e31f9a5f428c1985c693ae17b49a9240d158aa681970dd05cb8905f3751feb27587a39658d289121a73cab1d99fb5c98dfb5926ad7a3049949ec3145324e8ec582363da9f144d478c181492047d6d2e6be8ad711933e3b07d109224d15d5c7b1031e7afd4f15daf2b23d9950570aef1aa6b519b7fbcb5516ce6b12d9571867ec2cc25de87c50da4e7e2190a3907911c3e314f4bf852c2979122ab68c7e146e122e72cef93f8054a33ed9e35fdef459b3c2e59659e855b5531851d2c2f16d79f6e6d1d26a073a665860813e40f695c0830933468b008242cdcd044e9ae13f0724a347384fa75061de3f3911c176c694b0b3d91dd9e196b2b7dbc330942609ff4a7aed4c182a0d5d70a34c8ccb9aa5a881757d7629c6abbae77023206b410a9fd4a6b75fc1a1c4063f7ac7f1267e0d708339870cdb6ce060c794ca003ddf5dd292e9e8719c0cd2a3f2ea60fc6cc2c3a4f86b0b4ef8e055ff72e5e4fcf7ada4a8e8ba2c28f51a29eb1251991b2490eeb71350989180212151b8fac1ac583983839ba680a1ebfcf50d41d9c7d8466f6d9d5012c37776c53594447f6e457ade7f4c30790ebd562bfc275b0250062b80842e107cfe534e8b09ad7e9325d3e5b52d8a99cc694bb443d9cf7efa5e5e70c84d2b58cd8440c37973fd45136f995730735de663081d753d9dbf0641a4ade093684bef3e2d461826cb7daa80903803787af3417e1842422dcceb0774b7a1a7e5bd59d9a07fd9ee8e63c19875cd5526cd2af1278ad6e76fb1ad2b1174376502171e96a4a74e7c7260fc0bcebc564d4400a0d5b331a1efe97b0e0041cb67f48743aa8a8fc922fb9cf2e1d125f4bdcd216440e31f3600e77a3b5475075aa32c9d39eb9958a6f63a320a2446b439c0d7873e79c15d9ad56111df35cede8131890b195f1561ef5330f97a3b5f01c1934015e9b9086eae1586cf053ff28e48f169fbff88c693ec769078ec079f23a21bcbe972baed27a4b81d8406b05b859913568c33861df2f1aa4ce6ecf684167d657f248cc351ee84d927191f1cbd3a1ae3995e79598ef978d4a4aee1a567a6b0d9c9d0007ba57896f24b36e9ef1144fa34cb3b0a0c0dcf4048a0dbbe9d9086de56502c1327a021bd319ec5c47e999082ce6aeca20909a7122b0a033fc48683f08b1efd15cb924cb0900dab3d0f4fbb61dc98255def7653ee2c4083486b9ab78c22008017ea95fcda54acca4d51301962afafd7b18ad83d61d4dfff472f3884239a4e04f45aba693650642e7265c9fda9cc3377915a76c066bb711b01e00d5324a2744909593253f8c36161e4ac727962c3e2e43062e9eb6ac73c99149421d6c406a0a391fc4ddb9264c1869c25e1452490f462e06305564a45aa80dd65114087d78d99df65e966e7abf719cf7e24d0a4aae2c023e4a5302982ca38cd590f5fb1c7eba1dd2744b928f372122334c547a8d4fea1aa68767af17a7a14e934ee2381fc63c4b0c2273b171d2cecc2e65adf707bc7026750b6101f02819dbe4a9b2968f56584a9e670b7dafe50685567c62473aeefe8bbc868a87286666ace55c22cdc0fb1812d931bf13fcc7ab92c611d866763b566062a5328ae39a0cdf5f45c8245b2af44ecd5ab89ebad98558832a2768897985fb9662e45f1484ff76d5e9d27df3f58afa6331527873bcb532a4db12f082742a89f1f5cc0bca2386ad154a1573d1020d87552d6f7be77023fa95b121ff773392c8e35f9fa2f0751b0abd16ebe4d991ea32d2230c46b4f617d9e0a0b7afde5988f16243292a66df9accde1e494e6e54b7ddddd5ded7cea0152aec204e9110919739fb234233e515e12fff19c2085f3ec8c28ac8671259ab6f3ff17fd9e4cff13f010bae7ac9be82c4936bc93e1bda4a569856fc2442794cc672cfd6162d7537ce5e36135f454269a11d19cc0443efa47f9ccc600efd770f92bfec59d0a72d7534acb41864614a2fb2f45ba85b19cbe2cf80dd0a96980efa3356ce25ab7f7cf078e0f6aafd06a198c15bfa12b568bafcd41ac5f1cf43a0e2154106d5b2ab65699842baa8294ebdb0cd43ce706a3f7c8a00af2efaee11e58bfc612eb208afb3cf1494f339739a2831e532b6b0ac23609f37db5cdac94e04450c3e7846ecece2fe1a9d7cb2c16a541ffeb7c5a6062eafd2a849fac5fa055cc3590e9d170cf468c5df80e6c054da1a71320a4feacdc8ff81f3556cc58d14cf5b5a32758d57707ff1264dc552289e2052390c2f882215ecb8285208ad2505d9acce3cb0692d9c74f61da0e63320153648b234e4a6a51e2e4950060fa40523bbf96459098a5585ba38c3d9e774c3601265ba3e57272b78d5ab00b4e43739d8c8b3b116909f362cce8fcaf3ff3c846f665adb172edb384b8019eb8cdf5957da212a14fcc54e86b49bf323a039fa81fb73580e18fce9b1a60c88bc9f05a0102c012eaa0f83623366402739c07e37d217b37c0428609dc90e2aa85f6c9027d504c5e45eda33e00a42c8f906280c4017a6ac6698cbc8866ee83b0eaa8bedafa536f9bab207b2088bc4ae37f3eab4bb4ebea7948055c2f231a232e23176bf65ef64c8417f1a19b21888182007227452ec2e65b1766c6a559abed2883eb6d963144d1c1ee031b0d0fd5ca4604a81786ecb5bee22e6f0eb362c5f6716926f5c1f3ac3e71b94c132bb79a1c02141a5804ab52d53694f7b2a0a899d4adc2c25992c308568c47dd06c573603b7004f993dd109f8ba070cc9e80459278755307d68f30f81dc726730ebeb4486c9bccb3b771054ba62b6f3f8b88588b95dc47108002c71ea8748eae5b64ec13a8b66a23390f1d838eaf844297d60a43bd5fee6d0f17141dcecf128805e04bc562e580df43545f51d74bef021a37c87c73411d5df43fa768e464f0b4d5f2b7b5c93891e035592c6fc6dad1dae20567ba40b171999afa9de254169cb4e827b5fa896200bba5469801c3083ff1c638d9cf68b616972cd6f0c0c7b5d9ec78f7cc9bb462d40959d9efc0305860e78896c8f850d36231255804e5355b56cd51e747128513f4917185fa5759305ed990792882ba960bee466d0fcdb2cbd83049cc618cbec97607d4da4a3d67da1efc61733766806c611add59a3e19c8232cfdc4249b34adf22a9fb32378cc7bfc9af6d09f204ca27d9fb00bc689c84cd585d3f8de13799fa7083222ed492e7001e5bdc21a7d8f37014f8cb8fa6bb0887842d3a4c8d0baa0698ed12e7f8237dbccd1142de676218a4e067178d6cc56746b2b455c745a57b1c6f72fa334a24c37832f80ca1e3817bcb22b8f456b8aa46bfb6ddf145016d12f87aa221312ff273b078299a3092de180c76c122b5e93517658a40e7bac96f462f5a99c1f85a00cbfc2af970715ae0f78bb399c39bc82ef126629f74b2769af0d81179d2c59713c3767af23fbbf1c3a9b866481f619b8117e0a1d9b5e1017755625e6d6231185b0b8d2af7a720b6d89e34803caf7aaf3eb009df8ca5b5593b3cfa4635d01f018cf2965ffd536b664863daf1d531f0c8ec0cb1834a5cc435811cd161cdb22e1baf3df5fc1daa0f8c9b8c93a55de86eb0f642785233a4df8c32ebd787e2879f6378c7aeb445035cc9ec398bc11403051c3dbb9c585f02f1652e9cd15a1b0e4a7fe14c5b6685c7ae174f78f4123be6a96761faf476df3be8354b084d952663523167028e278dc28bbb89be599f7ea5cbb16b80ca682010f6ef842843eb208265cac40b6e84a3c38bd9ddd0af0ef2119057d8b1d2f5a2d5d0b40396c937b78c9368cf5523c4b32d6ef5809aecc55f20ba5731a94ea4be49661f7758b84a08f96a09d4eb47494b846692d9359dfea7272a5f2eaea2ecc857d18da996b81ab7177661d55a3867458578de9b2ae032eee1e52a7f7d22ef9683591acee809b9d11a1e6caf1ad57a6dbf55eb34cd2e662b4fdf2db52b24f561986904eb7974ce874c964f349d734fdb8ef2fdfdd10293c0a033d30a4ca90fa9e54c492f6a15b6071d97023a9fe129f27f0b7749aa290a84a075157fee805d0208d72b421976cb85c4bc3c64e3a4f0bfe9abbfab4ed158951e8c8077f92652b3fb0c18fd60998094668e436a5fe016ee96df8f2e75bdff13f499508f212dea1955f8b68315f17f4ed60039430f2f43cbe60e47cb63024f5cec3dfddd649918bd00b0c7fac1e08bd1901ef3779c990d0cf94cea4c4aa06a11c4891a4d26a5ab464335baa3327b31b95eaed9897dca2016f631bacb32939b13d7ef5a5e14229f96d1e528d38513256bd3302a81f0f3d9d0cc95b8eb216078f5c9d3735e7edc0fccc76492bb4381095e99fee1a0fa2dc48834ec425b33ce439f46ce976ef4d088871a09bf3f31c7672084acfe4e3a83823740a39f12f5cb0250abe07d9917e7d95374033bb2b567ed95c67e44285533fdfb7620841464433243023dff71aabb0e55a1bf64b80c695837ef26704d57ec8f790257e362e335f77851b32de326bb8497840d27d81ab954799242db290dc8e23143b1406a069fc572dbcc1d23c32c425d9335cfc880d8b57901c46787a9e7f6c793087ea349d267f0ea93d4e742f172339d4c193d3c3590ea90194f0ac68f324830c47b8e68bfcfb07a3533c1098f36077d5a5086bad58169c71e40678757a5eeafdafc730fca4a5362fef57ed063543da14ce42df2d2193220675cf17707ffb5e71164688094ca44509f8ff4398e969a495f5928bb93030264e25dffe9b15c427ee9183901a6dd48f29e0979acb4a1001096b4bb58c8331feeabff5fee04b5a45816460e6b40644f3af9fea51da00a2533edf18b597ba7992f8472d0348602e526bc51736513ebb486d80a393dedb85b476c2feaa7e475927235302e1380cceec520de5eb4469f048b48738369a91e4029fbb73b84db7f04ed200f36b06710246cef8ac1eec01af0d467cbab100d04764b4a03bcae89c422958cd48c81ed8e902dbd7f2d317a0122ab926b039d1c685cc1deffbb6797148f64769a484c94e74d295fa3ad60ff665e5718e864145f79256295bee9da9c51dfc9f37b50b1e955075591929d19391098cd88febc6d82abe493527c07b0bfd52daf70db0353f3e0e8135b02e0b41a61c6d9cb685ff7775d4bef4b9c69ceaafb9a766749742cd8e52b3c1989f350752db242492fc1d7c158206b396d4f0c18b213f9df59347e8d36d15af594a36350232aec7561c659410c3322776b317a6b3d721bf9859b5c029c19c35d786d299f4414ead2432f55689ee1484f2cbcc16bac1201439a1fae4b15e66bbfe9a020c459a24641fb0d027d6cd290810ec2bc4be9ce72f6d393e263a0bdc9a6ffad5463cb4f7b94ba3da6bd544ab63199d3d638d2d01b9481414658ecec7ab069910734710e8c3b298c72eeccc04a5aeb7d071f63a2b50c6c74a465d901e3d18e83f5e36be69456ee41068266c1e7e82b7920dc7c8417a54c84f317b70345aa5222fd9513021c805949fffaef9827bcc1b62ef35bd611ed36c42b111f4062d2060417d87fb1030fc3fe8848b9e37a8d157be6a7e0e9498bb6255e96f7489d8a97872e5ab194d999c084417dba04367cef636c9559b1db3f73e81a091e540cdb2688b60c8281b29fccd93f2c89150ebb65fe11247bd4014d0150e9ddaf4393b93687fa80dbbc366702de1d29b25cb5c1beca07c34daef1fc378134f0511ad7dae981e54087c81060055f174b0a533915dcf22e591e332aed7b12521bbef54e4a4f9e9c3e074bb8041a94ee52bda9bb3a2a645036f413de743ff7b7854e60e8ed1f60ba30d8afea2ca61356f75a482bfe241e49eb271ea7a7a26c1c633d61a06cde8c5df3c9abcb185f47845a7cfd488e920ba0314f227dcb0b3839127ccaca237c6ac2ddf61657e3bddd140a8b0486429f2bb807a6a733cc17137e43ddb856dab7f1add030785e4a4127d802b1f50735092228119615e0bee6f5356921e3b1508f4af1256cab314bcedef6971a3f18c8dfd1867a25bc58f2378f243aeacdc4d7aa28b567af20b34cebdff9706efbf946ef2e62095ae44ce1e15173e343007dcf446259adf55297277d7cec89f1325e7e696e132a6e247ce959d7f62f14db76e0ba89ea90c06d20397dbc6eb5bc036082ddab8ad92b1c7a92d7e6bc409c3f8b5df20d3642fcb11a648c5e61632103d50aeddbe5a781a5b584b7af3c69d451f0da61dae921592a14781b571b97392548b98ee89867a3920f08304e5ed9ab29ff0e32fd62866e88718e6a34ea9a064c9388450eb59ade3a74752c41e6ce6f9187d7dd9d7aa1c4cd75f8df99401a289cd34d36fd67565e2581fa3d87639079f757024eec6835369fe55e911a01a0a2a5cd3c8e774e5a34d07456d780dfe48cbb5357bd76392c0da64e7c21db9451b03a4bf17725179a5e749f0bd9e2496317ea7eb4c00637608e71ac9ec00b585ee845ab4d23866c7c09ea4c358e371014640d984f68fccdd14d16c0018f19457bc3048843c1d9441cbd24150e0288e3a141cad13013da0c9be7e0a3eb5f0f7487b7e08b3605dc8f7018f46333665456bf89b7296391be36c7e6ee7e7ba03f321e68a08c46d4ab03b1da277967c48dfe9ba7932cbca9df285fa9c4fe3cce704cc4cf4c21bf2fcdc72eb2ed178b609564ee5bd385ad327bbc16d400ca230bd0bacc25cd7de18c5facd68c080c1565dd60c7e76969090f5ca57bc6ef892ada0e5e32581553fcd684d5e1fb3b554cae84d4ce6c5792afad43ad7061a429aa3a4940dbe9ceb5ceea75ad05b6039df5ddf4a94879fdab32e936d054a765721facf95c3d0a59b3e28dbb4251adc22d49207b970e564ceacb847a1bf5219b3dececa7a99a63c6ae510c348e0fb022037f91dc54e4f139b793990bb5acef93232ee909af662988df4acd6b1408f374c77614895fb70bc2cc5b2ec4c63be1153cb3a992df412aaa054b6c820d530ad01c45425f48420c96689d7392776998da9f34347b7647a82afcb67a4282c44f36a497ad0ada539a05e6e69449ac8aa3d26a1c6dc7bce99004ddcb652813d1068f629e5319f27779c9483828ab69bbfef0997220c97831d7bc6f8bc24228d65f709a3fe8ccf657fdf5a172bc01685ec15966c8b7f005de94c3b701b2d9151377232c047b429ae05e5c51c15d59a2ea687e72513221d10ffb017e5d5a18e5dc00e60209392d7c2babc7a243030ace82acb21a22a06f5df5bafbd0c1dd393432e67d8b6a8a5a9f64e86fba255939c89cdeaffd2947f33be47e67c98349e42355546ee40d94ef2706bf28b3413a8880100be4b079774667e9c89060e5d01d4d72f72112073d98d1cf1ac8937abdcba107fba2d5b387ccf76f9948416aa0294a816aa2429ad8f663173143ebe3caf36d8d676a6694a6d774959ebef31b2093e3e19bd5ebb88446a10b7dbc973405714396c57db7d2b58134bbd16fddd69fc13a9d22e64f01284dabf436866d81aa5a0dd3d391f57dd57ab2d0466213478a23ed12e7d61cd11dc4ade3fd8b071814755fca7d83f10728acc8c6e3db44530c874319f7b7b0b7fc1c942ce2ce4030e6063e22f4f166fd72bbd1d74550dd5e4a74f789ab314d30fca452c96faa0e1d7fc28aa78a71de1886ff07f6a72b149a3b1dc2c48cff3d54e2a1b55984f19ca899d5a24cb72863d30f5db6a3bc32f94e3ce1e7f754a294271e5b3a481934151d3e633025fe36ff5aaf1ecc4302ee02a22b6c75817b9b0cb03d33fa1bd89210bddf6363d846496758699ca9dd46092ebae7f2667b8d725be092a52826e89ac7e9ae03f9da8428d9656dc9f667c7ad3c640f8c5162cc346d65afac4f4091e87fba47fb43f03b621c506f5737656528a7313f50974fa82b59f28fd907ac80abd578a1e1eec57d80a9e5eff9306acc52dce5b13bfb22c5faafe88650c078089d5e62f5a1b5c39bd03f16a0989d5ce7b026295898769c1b36097c82e653c74875ca64647dca0a72366ac7f4cd14dd70f1ec2348b919ec1dd107dbff0c1f233e3f1b8be2a024886a3c025fa8cb603be46c76ef68cca413ddb46183dd1caa4dea10f6c0a63dfdaac6acfed4ce85cff39e8366e148789d2a1008f74ee5d85a12f2f77e5065e80f6c15f71fa4e26be6086ed96e8378652dbd51f3c66ec577dfc53950f2a9e8b2ddcc4cd23d141dc95515539a0a86c4af5a65a121cab4fe9f8b2955aaab1e70f78dcd0f63dfca47488a36c0974d3e6036c2af5209ad684ba9bb63c185299c57cc31c721e7e51e8fa3edf053bb0f9f7c4dbaeba7c8c417f48f40906d54c9213a9c1a8eacbd3178498373444ae16df371d5a2709987e8b0d632cf7b04e2719bf44e2597cb026882398b0749284f99e525609ded24ef004a5be0aa5276a7890c5ddb52eb9df961212f438486c5d6dd69933382101144cbd43b2e782f8b6737f06e994117bcaf5b79cc6bdeaf7ad177fccc2f0f8e52a0200e30cdf372a4117ecaf551df3c2abe216245cff5d17d78cfd0af910411989cd614619f2a7382a58d5cbd74a2ba6f7a9460c3e6dfcef004cb4e737bd73c22f170e37bdbec76ee17457be7fa21f30bef42e6149f0c7a3a8788584384a08149939ba0f3354a9a98cd7e6ccdaaeac32ae3b2fde28037d1b5c4b295b1f8a347c77cf1ef208f06d50ffd92d7964add7e10c536ad336b38d00ab9d656f0ef2ed244d8388ba818e50b695ada53f0ae4031495c93ac7ce26417758ffa8dd5fdd70e653adc8de1d99a45ac09295f81b93c8e2fbca8c5d4b562c363ea121f2119e85532c94786f364250d5086e52f67cf16be00e3275e41dca042ec1f7c32bc36f3549dfd865cf0ba298ff4db2df22999a0b08c9bc47514e89df3f95670cd698b6f3f6571f9b957995eb9a503c613a748152f7a8c315ec9a02d6182c2727d0a98efc7006e46cbbd4598df02c5717615433c0689721fda808dd49612cd73df3355e0c71a3bae68d7f2e7a753d2e05eb153e47db2b2306142f449e4230a0ed229e16fac6e43b11c8208771ba8d0ed28ee21e66c0eae9b5eb4a7a697f00fcf60c56a64751ae26de2e5f0b3327f71d8d4d7a90efc37661cb358e24048b83989568d0aeef14b2b206861abea2a5d064fbc2e7384d47533e455df96cd2f6fab44725c3ad8ad461e3af516c047c2d7a9a10442f513d175e966d2d39178948bcd2b79515051dda17044bc421523116588f6f807f07e90feffc48998e9e43bad5f7a5345847be95c0d200f7f78d08004356f8223d545bfc73aee6cff83057421583292aa45c0dc491a61d7717b45028ad20bd7908e5252d4366b048cf323d9a39c0f33a9fcd4a3f559ef8bd86d75df9538527ba1d28f33ceecd7c14b68a2570b59e5b3f4b29ff055806a9ebba0e151e3662baf489df77e35827a12f4e064b008bc116aac7afe158e3d99747937e9a68474f8390cb7b3eb360a3934bfbabd1b2b2d5bcd4d4182b598b7514cc422e7767209c579fa0bd842f6b2f396cea4f94ada22a205aed8ae665708e6c35c4e58b3d7dd6865e7f063421a8d214d5def4c8f4956b0a098a0f68cef4fcf02177152665978f43f793be5ca6fbdb6d6c1a8fe3a0e1c70a8ab2357f7fb7e650af6d442b1978a410f16030ec90facb7d441ec326f7880ace17028badc435376948aeb056f85632175c2d54c4c7b83247f91fdf407748fb5ad1ad2912a3833ddf7e531a397af258992225376da1ddd2d29e5fa326e6285fc6de95149cdd69185436f59a4194cbccf3e797cb4ca26a001d0a2090a9d9ea8c018e520d6a61383f80b0ac2be6d0367229304b732bc8866bdfd7fde49216ea52eb949d645d3777c8f3561e7f79a1dd593788dccf715ce129108301b2c2e7c91d0f9a0a85ecd84451a5d178bbea2f318bcc366aa5521c9af341f52ceababcc21dff91cde6491d0c854c9d9b0283f7de0a39fd2abf5d27565bee17d48ef15f1d224d25899b16c87239922a059c4c5e76bad3597af193a5cd42a50549d83901769b221f646cd28bcac739a59a096e5c6ffde876b3dc6f252037874a576486d228581292b6d5f0391cc3cb2dcc9cea77fca89d840417bf39a7a489bb2102b0f7087fb79ead95d996bbb80f70339aacb375b71326903de9d22b27774943a1281e3195598b00ddfe8c9e6f70e1aef307c4fc8306dc784982b4eb57e89c25e939c73bc410dc98657cb99ee0f7d8710028bacf1b6aab15231fb274544451a8365dd745531a0318eb887af7ee4ec5caf15258723c13a1e2910d9469dd8922420391b59359f105fdb26e86f08bf50c4529f2a2ce5b3fee93c9b4308206e178117114fd56fd34c038be66ca459c1a69878cca1b125cc60252271d2907775ac19921289ff0330c4f93b5227608ff0aa191b83e71bd9d766b9ab2bea27af6c7ae078f0b4ab716b78609995acf46a8f2a0aa7a4196654c0d8a4343771f4eb25b2f79efb5bb9f2ae489fde8b41ba7fe5b9749360e7c5bd4ea6254a5acd6d5ca908d59733d0a4e5b9dd41f4dd7616bba1df4f2eaf7e4691dd3f89db1af7c2ce69f89733d61a4fd5abeb8a4e669e893dc6199a2341c9fa741241869efe7c2317b98a5f1a5405b2862c2bfffe4ad1d4d8513734bde12c1ab5579ab4495677e15edcb516653ee2d858af04ffaf90fe0ec2a2155b7dcfcf104d7f4f105f5523928c24d5e5b0f06fe8e6648f505e9cb3e20792b5f2acb33749ddc960bfbe98837cde85de7a7cb84ee8b0d5899606d18424b13645188349984571735c3fe67c30673bda7caf7a3f517a16ab4b2e985ee6ea8e1a5919e4804f2a77f7b19e034fe3d8cda88cde9c737466eb75e0ff154dd53a618894deed6de100663dbba8539a8565e0f3f922838e267009f9f5496d27a9cea0449cecaacd8d281cd1835dda1d238505707b5c0bc16489c01f76ff88961d06fcda453af7030c5451e3be3ad1260d38a6cfdb73b533345186efc5b9ddfec60bfe82d77134dae7058980b005c79043d3f0604644a7186dd44b6f6dfbe0604797071da890c9297274d19579b7a6bcd1dfdaba6d20e62bd16668e88ef7d527791e61cc9664b19e871915a81018d6a00987ca7ea130521dd1f6e84816ca6e032fceae65d248da9f0bb25b2b58bf6327a831f4a051a8bb79338bb48a5eb7751b9d95ad40f10122100507181d4b98f879cb7ba4a833031a0ef4998daa1a6a000ffe46f95d77bc3c6cd4ced3a705af496c1f78144609b9b02f0fab2e4d4fc588c057bfee4b8ff7ff137a1247a4b26946a6ed3221c3a0e435a20a81ff583d56e0620fdc4239e3d583fc0557bc3cd50934ba3804e2e695fec21f0a041a3562f83f70b925b5adc042c8e1b55070fe397e66e868bebf83c3b3ae33c5076a5b1cc99590bdfca68a6f90ec25cba2ae94b937616f49d47e8101ce5db8d0ac8b40bc752e379ed30f01fe61f295c50420a6b53d649110b2eafc6eee31ca32619bf5d68c533a7a9f4455c936239c8205a45d45ce5c5d5c84415b487ddc1d4bdd47e1f3e05eae37b6ac41cd67700ef365c8ca84b6ea21eb0dd8abd4619345c32d7c0c5636e2e5599010689e830acaa3b3150e75fd8639b45d81195d75febca05ff07073801798b9c71445b15e0beae2cad7b340ac4bab03edb13b5bedcfce5a7c651da27b7a9d7a755a376e7074045788283c5b3e0ec6d7e4e55edf9dd262b978aff11e66e1ad61d44e011ebc5c91ae66c775a0efec248f5cfe0fba8665d59f28c8ac7dadd0d36aa6d32935784cfb07cc9cd62e3e5aab466c4043a89748f79cadf334c211ae34c9155a00437dd3d2573432d7c2e27c52fe6167402176ab1973f77af9bf7b516f2acdbeab6f4e218d4c46aa64b26563de7e6f3212d5d60fcfce01af76b702490fec0923fbacd3a81c980ba6c0cabf483fdd72c253bcc492fd653113782146b925b74fafe21d2715c812e297f9067de9124d0e450d500bb4c594071b1f65eb1aa3b0af29848b4b9a585fc48adf246b541c5f5ec3dee92c97323edebb939b573099841a63fe921a1457fda2ff4715b7450025335f20deb55b4af80ff5835bc07b31d724e7940405fb5cc42c9b2d4c24aafa0c3e55463ce3ef1d4b20d47ad2c64c66fcf8e3ec3f4e9c7348b7692d7378b10cb5cd217002b5ce824e65b1b81286c9eb364ccee3bb5a654f77ae0880cd6a613e24935cae148f0462a26d44e11aced51b411f5a6c599e219cdf79dd46f61a7b4667af986c1bf10482e0245b8aa4f8b9913df402ca09e881b8e367c52ac00690fe0685b8064ed11dfdb0eb2273c84fa1da13cbab234f383414e7737877312550ee4f4636435f2abb413d68abc2beeb271cc0f7a48393cbe293534e3f9e6b77b4bdc3d07e07156d2539c2096d0876a7650bb71651476218d4e85c77b7be71a8ad257eac4c57f5135d467cd63e802e683df41e2c96e5fb44ab807365434af239903b156caa472cb065ec1b21275fc6174a968dc9e6aa5bba421666a0bb20a4a1d36f154dba66b6a9e6387dd153de14b602f90a053926b0c4de61bc814a335c016021bca10ffc9d7f56d01324bf7723af3d465dacc0ce5f2e17553a3253aa5faec4ace703aa13dfac63aa41274a512f0741840fdb4c7e57d0784966f4bf6c8b38c237401541de08bf627d89958fef141cf1e1f6136837698cc8fd298b7a856e58167699acec52c11fbcb668ea9111680a6021bfff2ed64fb52276d51d56d5dbb9d8d071041c2967f0574ddcbb62207fe6eed34cd88a3b5fcde6eaf7203ccd727cb65fa655283d14caafeb0a62a4b53606407accfa2ae3c4758c5401e477aa3bcae0bd875838c34215e485b589613b037f34217306c3687f943f8e9c35a63126adb2e34567a8114182ffe8532aa670545545a358fd0e4414f6c26c89850afc9a771a7a33ee18512f48e9bd8e96a133594b1699f89fcf7d818491d2fe51d404ec9580ec56f0ba163d33d5da6a70169bb64cd9795562121b157308e6e464fa06f653fd2e9cce865c009093c96ff22efb3276779cfb16863d8d3c95ec5d2f9d5d81eff17f2ccc813bb1612e9e5ecbcc30175d78b75b831d61dd0d161a9d55fd37bc51260b6c24108095a1e162d46200b1cbe5b05a841478d97b7b4d986ad03a47a256c5b46ab21635dc6f07890592ca637e1e730bfb612b0112a933239b1677d44557e172c6f2be46c7017399a4e4bad8540a8b35ad8fab4b216631a292d7e49f9f37f638d9c148c4db35d031e0d681b2fe5250148461e1d0b58d362d98ca961ae6f56ffd35e1ea22e5fb4d4e42db1f89a1936f88765b1b25126ee2525283d193391e7ad7676ca0c83a446b0ef5d00b96fa2054ec3c79a68d78d897fbe74000546602065a6ebbf9ad848cdc52214cdff8a43493a7e25746e082fab8104403c609785449c8458b7b0d89d477ef760bc806caaf504995172c2efcc40d1fa13ad6af907de4ae2b2fde7b79f4e3e9e72f590f721237f6afaed6ae3a34988c3a4ae65ef21dd99c07f756e81f9c19e66a9a4dc7b11d4994fc7e9cddddc3dd335480538e502b2f56470e9ef143f9a7b0223c3cd8b62138c757d545c0e36ed9c72eee5e2d1b53097fda2ee0aae1b634172c401eda1ec35a056f9add469854a4b2e5f0bf7d2e64661ccfeafdc42517995742468c1ff24e52e57f98f937a1e4e6154a9cdade5147005dcb918f166d6505d91ca4cda3b9446b75b3f3092b138510da93560bbeefdffa45dad1c6be0f5c6ac215c13c3fd8c971ddd43f2a76f03059868d7880811cd1ab4912af97c673a205618fcaec5d9c597e3a60106da09ae53a1b15aed2c0512689c373a30f34d028ebfcf7983790c240850971923945eed7ef5d6525beddb03f92b14efe9ec3db9e291e08247951fad99f5c66d574b473941dbac67e0ca8fe3fe325de957d713ca2e74b19a3bc42c6a9da65029520aba9aff816981cd5f0a2bb5b6b7604c1d3197e80c9838fd76652e9f0978041e839f0724a154defc7c010ce82c15659f123e6547960c0578b8a45ebcc425280c09f116378ee1ad31a28d0b0e57ad40379ccfcc2314404272fa96e3aede779ce3ef460fce0ae9e7c96edc73256a8c65da03736421f478da8b46bd410ed547626d789023b5846243ea8d1d8fcff85f60eeaf17fb8fade022204fbb359de8573138ea7514ad6d225c1ec75b66233dab3ab0e762066407bbf74a4e07536108a0848aa379a0258936c610aa66dffbaae970598db6f3768a852a79712fb160cbbcb8828e8605b47dcf6ca0c3e4abf67cbd60f4240315fad82c30d736b182e42c8b54af401bff08de4bfe056a0016dc033ca7748645f51e42d69a0d68d12f5f0f121312bf1369f46793538a81142d02a6f9ac6f141d67720f2e6be250cfca51d6388c7d5fdebf66f22e29671f5165cf2119a7400ce1cc2d776a26fb49849596e6a5327b9766cb0d7f0eca567f83620cd6eb1590651382284e6f2d434da8ba4d782b8c9947b8b1484bfc0bd1d031781a933a0afc4854d571e63bde6497967fdfc8ca3f630e79594cde3d013c1e25deb27ee17d7b98b0fa4a93406926f1313b19b3bffe21c6ac3098cb5259f98216e4b0685b3c37a66ac8078e461243836e35f769645de0134f5279c31a6c8ef3bd351318a1174202fd02a6abb4f1a61ae4e4f29ff4712a2b9f4a46c2db5b604265c45f4ee89b05c0ed3d0023e860fc028fb3ced00180b195646f735797d1add328e6e574fb38bc25aadc6b815f061f52653278c49337a2bed2674f42ba6416095d57b48aa4b5ed6c461ce729b4a3a16450aeba12a07b6520a7ecf62ade13e1d763b06649925cf31eae1c347639fbb2eec079e234d136fd76988bebfcaf0a8509e12c0ea169e82838555a9fe5b04c63140af283a3233edfd6f60891d7267295261bade281292694fb0f6183de6aabba12ae789b5e2b27e8ce0163ae40057d4381319c878b192c2f6faeb6fecb12e231b89e09dd0d74695e13e78a07bf5fd63407327e96632542785dbc8db3a411efad599436ba7a061a5605e5502f4eb04d2396c739c3a73c8d8ebe2bfb4bc347b99a6abc256ba2ccc26460f9a98cad89e223d4a4cc4982f22b122b4f8dcad64bb8a863e82e979ed5db5eec1ef1efe2db8e5bf4a4c084f584383f10bfd56454fb48a7703a6f1ae136ecaa1eac94b9a9aca0e66a999d8fee81833886d517645a6dabc5aaed458cb0d8307896f2d66f93a1da148dd44c93205745c8f76863cbd6a00ea1b156b5c09f1a631ed5784fdf87f4073f8fee11dc2faff7f3dbdd431bcfb91f4547ae9127e524362e1eda44c600540d6c286945729cb83ebd1ba4adff38810e55b4aca1e61c7e1dd6efa0f08be7da3efd41cfa56ec14de4d931915761efbf62aa9c7abe23fce0a26ce2756dd5f635dcaa3132a03093aca7e69c4763678650c082ed09c317b1ab15a9f868fa9671930f65206c75c2aeca8e73fb75f24fca3940d778b120f27e780102ec6a8c72ced25ac3c997a2a8a6276a0aebcae7506749d68917c12b642dc9918a99d0b718f8e04c1c9eaa0975d20ec5d380bf51d2eea89960b0df0b0ece0125be6bf78184e2cc3dc76e52b67744a40120e44aca43cb32c43f379401516724f61804049a1260a87058eaf82b0e24ebc7677afcdb33fb55de1ce5ee45dbd5a52cb0ea2b7cddc837cea29314c730b7c9573f70866622bde512efa8540d33f6b5ea4ad752e381ccd688046a0dc91c50113867aedad1f2570de4b2f2002d68915902481a71742524a69c337391b613cfbe834b15a4ae4377453869882a498145743fabc05045d341924011b69112b81f64d1417a6bd89b0056975065c5b88318321007b20122601830b913c66d3aebc10a2d9c44b5606c0c7d82f24403429bd0315c0cf31671b414c952be4572861aa57d8089dafcd422e9e82506011569f9acc6dc14bd4f15c8eeb8a6ec662c7ca2cd9ce4ee23963edcea09eaf3326a70a72517fed46a378fc267a99ac2ce7af1a817d0b72becb97b0daaf7031a93d05281dad2bdf88acd3ec626e961df8ac528f53439d6637b82716cb5daf0582c52012ce262499bf4bc6f5224d7859846e3ff3dbf6a74ce469578242ef87caaa7bb5690fdd73942d4dc48c309508fffa7b65a32678a258b4ee909a12473c31249a418d475abd7caaa2e379204827b8eb7d98c74c4bd6c62a1430ba3bd816226c65778fd8384bd977f73da63df1fd3d3cacf9b8f8dba6edb19a2851a958608f7edb33769c38f0c4fa4617db163981b61fe8640f409cee06cea60c052c70ae4ac5e12d4d39330a92f6473ae0c778699330dfa7ca99c66897b969d58956e9ccf372c51686034aaece945a6d502ad53d3bc3bf6d218dd11219249dc5f1aa00b1123603de538a9a0538121e9c2f25380d7bed8bc93b9e988787371d88acadfd406e0ae6eee323719a6d31ef3408f8894eac7f7f0c1370034c45e12bf874372a5ffecc853baf7227e1255feff9c87e0b5635d4bdad879ba16fdd099e07e8f0e4af569d9bfa7d51f85fd82d566f82f173224075bcbb015ffda1d8821ef44d28f8c8fcd625706534450845e8429ac012411e0c8916b4d2a2882785c8168a47177d98b30d0648f7c272815ad71ba241faf045e5ec9d309114f752e7a10e77687919a28e60694d81b625ea18496cc010eaa864a51bb8cedb28018df5d8c6726d0dc064fbc41b07115cb620d48b39fe5c81eb4a3948915371a24d872e61acafbe7606621f6afe8e28c8a6e6c688c01403cd1efb3c1c230552c8dc2646b43f9b7136ca7e953acb934ad2701cb58c00404d979e19c074b98f62e3940d578e021437c17f59eb0ba26c680a849d5f088f12ed35f7954bacc0417e9aea44a80006cd085e4e43df6ebb113bfeb6b6105a163c16f18d141c73f35afad48c6bc8c20ee561f8a856e3d4a1d4e1903dc3f1095800e90caa3e9519bf3cdedb11aa4b15eabe91fddb755dddccc042987c68c8803eae1847b08f4df04214920721c826433ab9a596175547ea2add5788623c5f72a7652ae7a37b2739b6e95e8e401b6252aaea916b515feb7e002d5d31d17e63c9bd556776b1643bcc3e012ada9ec3700a22325f321678c5e234884cce2715a451f93d44b1268781da1e509866bc0ae53a51da92481f72282feff5e8204686c8ef5cbb8b5aed2b2f14f53eb1e4bd9ece12ca0d7599b28a07f8860c1a46c05c953492fa3c6fe839330c59d5262b491085e35f573164e7c8870f62ff1c54996d3e838c95cad117f5872f67962334d05e79cfc00071e48f9f8626dee9eca7c8e17930d76d2420c137ff151ae0f3b59fb8f764f028cd889d426e308f263dc4a9fef9011946fdadefe31f38772b1fc8aaf85303240d59d5ee2f2d8a488d896385dded8809d4e0af5eab896fc2eef42b72945fdc49de1e68b3a464de42a859d9dd5127ad73bbf7a748da3ce22ad99eb7aa06a69afa3646b9095c435908fadc8d01060dd4b06254c9edfd7017404568fb25fe2d36be2624d88a53afcd285ef41843756830b596cb57a510722371c740cc5831e596c4b36c2bd1b7044d1b8cf7d65a62f330f08cb9c358704e97a7887e82492f53d1fa6d09b6730e17d8652267c9ed295476f22b8ee49a51d6ac99ae35745ae66ce3b04efb74620082d2b24877f6d4f4fd4e07c1f995805a6ee2d32cfdea1185a69f271b53c9cc069e2b9e22d8a661a2355c3a622b40d87c48f8250cec3fe6d20fd2866fb5a06cb0c4f214674a29f7c0fedc953778c84f7b7de567ac16e5bbecfce456c140398655c5dd9f9b796b984c99f1315c33213e3af6e71e689989733add1f49a9955129121d748057af953b041b4bff25e50f6151997dfbe88c55bb3094671cd8452a0f67f2ec9ce59f27795ad7f6fe04bc2f1a99e1caa4becbc7937285a83dbdf7fba3b6da9fb4380d8dd4b5d5fc0559f76bf0d77a1144dd55ee10bc35e2dae1245684410d3940af0ddf354926784a7265243cd4f4375446f21a8a0fe2a70b9eb0fa89d49c39870aad4e458f3b7366fa402483fb6b3041c1c9b7ba325b8fd9a06cbe3b515ad6df45cda9e05af5e950520a32d71f0e724813f7076d02a15d3b57226c0f8b5f93c8befc8f121e9eae4543dfe4da0d6db9f913ba07b8305774fea62c092b1cd806b100558cbc0b79fda4816595a97ea6fe5069d3b9f4c0fd3e6cf05cd4569cd0a99a15176199d1e8f1428f876f556c06ce409a3dbcccf6573aa18350b373b02ec88a67c4771e9b9b73843fe98063a2f2ad5ee65ad3616620319519b1edaa0d57bf3561d60080cf0bd612cf088b0dd21d0896e6526e81311b3a8022ac0a3e07ec5e86990323a0e605b2c4075b3836ccf99492f2d186bbec5d99ef13f3902d6eb7b463ea7acff2ee444dfea771b8b7bc8aa639da8a79b1f2edb4a1df24c0286f7b5d6f449f850729494fd90ccdba3063bf4494222d2367f303380661806c031d9ae0d9f6db01008a68bdfa8fd1e210ec744e37e572989745f73f40c697ad5d69bb86f8bea912aa5260294d1bee329de8767b13353ed439643fe2562a125cf78ff10c1faaa4a9974b11f544d502d4e4fdf357d24e13f87b60d1b77707c52558a32300e88c86cd5a1ee1402d0bc1e321fea506f349ebcc19d8c6aeca1d3f8a13ad1030a702f9e105235b81585d7eb5151c482dcf78997b2a1f319de729094ae714b48b5b0cc595371a490fc1e45a6cb526321cbe80c3b7f11b22d7c347f8a3be7112417c30d6b81fd0cbcb7a7dfc4096af126faf3307ca593ec3b9b889e3f245472d54e46d5f911bbce309bd4c55929969ffd7d471ceb81e9bdb837f15dea99089f4b38242416fe6c3d45dbacd8093b142f7990ae99838236213ac65a2c3d6ff847fd9143fb0b2d084b86f38870146d45dbaccf5faad8a7739f713ac43f971a44d750561e4f75de8a8d88c6415d297ec78c866b2e2ff8e86f52a5a180487e546998e77c42f4c2e4f892fdfafcdcb139e1571c1c9d27dce88deabdf1e1bad5d9348869f21983eafdd1336239bab3092f8796ae76ea38592c71bee8d7eff5f364be0196658e0e77c0eb7847f25f26492e4322f4fd63edde74de9c3f89531f69811426a8ff42f6413b593fefde9a0eef781cc2a42e251cc1dd35531af95dad93c4ee799fadcffcd5107c4a6e7aee8402115866f8f7cdf90d368c4b3d71be62106f6cb1906e0d93883e97a1caa1cd69f49635b8e9470fa76b5ec6ba1e53fb9af07ede121eb815b7f739597f8e6a9395ccf5d6045de0bb5650b68a50037dcbc8962174c9e8c4aacb461a4ceebe1885bf54cf074febdfd25e1186524e07d460431c432dd6168504471fdd72f98b9768d544dc69cc278ef053e95489eda10b08e5b76e3d5db9b46cd06713cb7f6ccba427f4ccbc1e7059af0ea7c469751c28beca495f6e6e1d9c2c8658842c7638c583f2c4fab7fc9f379df9e28701c46ee296e024a1bd36d50c02169584d4d5394dbdfa477febc07696a81aebfb7124c90e0c1a0095263970607644b5887d6a00a66e11555ae1be5617cf4a63bd40f5e65603af1d2c0c9cb36f152d3dbe2de241a155ff38c0e46432ffe42064427098a5d81180b4e14ca8b0bef6078107e2cda8fe299aaa472f555c68c8bea1a98d2cdf43dbe559c5b5a79ec038a17afa2f967f3e8b5c510ab577bdca4f5e8601a2e25c298b7ac87c98eae052d8448f0fa8d8d4c6ca02c656d188f7f05393756738220058e6c61ee391aa800368c4f003e3522e6fafa0909cb5a3b9163c8b954f17c088055755f80fbd45e8e8557b242ec03449fb79543c9310b0a7e24407e9842bbed3e3778266b81565378fe5694a0e0b9ab0b48af91b884566d71efcd3486e75acc83cccb094558d32817bed508ea1fc2759ffa9f7bfb37ea1883f95ecaca8500b4a8ca7148dafcec8b2907d9da41a2a0eab7316649e83f87ddc63f30ee1c5ef7792d16f08b88c64bc5e371cd3a8ad8ad3845a6057b1774e3d7193b2fb04887f86b300a4be81bb2e648868b9d17fcfbd7298a350983278b9974aacc3bdbbde01cec0358c02f57ce7e6bc90e4ed9bea2746e300730900375ae2cba6cf4c7afb3bcf60b22410a8c4bb24b9075eaef74a93f87d580487d6580c97bbe25920b26ac477d153962814b091080e6bab9a258c48a3385a7f9c2077c8a97993ecc6fcc35c556b49f32822e8e9b91b4f356e23ac6990fffd7ddb8f963b6cd72efca46c76be426bddcbf381f56b56f1e54b0d6f3cb2bbb7e687e4c76ae294d8c64745ecc83918812c032f88a586070f0ecfb1de107c90345577162f01bcc4955dba777295d24873cd069ce2eac51680802e3499cbee24df9f71902959582de465e334302e766be4cd0197122da8b46429f3df9e810abf6ceb9587f151e7a80ff60896b86e12283651a4e994c199ff2fb176eb3c979a0ff1a381e52d9d37691509beb911169bd5b614ad935390d77ce3f270345fb2f1c2d29815e8d54c181c8ed9b07910a686d8d92badf21b1a17f71d977126255a79b7222d7038d5319bf56a3c4b9d92e51b73249d770915aebea2c35333b2c70c2c6c3d5167b7429be1a1d6a3ba6186e9bca744fe3f4e60fa5dd4ca819339485355a71411066e1d1156deddb45c8fb37072822ac43715c030966e74a4ade993745b4b2c7b502472e48f7d4eb8a94e86e040836e93aca44bba2f3a34b59572e65031188f2d47f4fdc3aacf17f5b043b16113a1704df091d48133c67cb5f4122103a9320661f53b998a42e801400378c9a0d4abec3a1377bfee17140be5fe9e2ca817da04702d6d037b3a7a089b9c2bbe864737364bd9dc7e450326016b972001b1732f5b8e7cdf8ec7d2de7c7d37b3c8a17b2ee30316c438b03adf503e7ddb23e5d7d333e25b8eafa2ac22a748fdea9276066aad1b0404ddc40630df2249e897f85053621612f0a34f4db7139578cba8e3e6c7b9d84b1e646014e252d18b8041872420bbc083ecea6f608d069a9351ce64c886899dc6b1f6c616bde04f3bacbaffa0ed6be08d32bede531100659b7fe080ab8d07b5eed84a4160b83e91d872bea6d594a8bf27e7c8150b606fa596e0195f7b2b0cd6685656e30becdf1c95ca24094184c6d1c9a1bc93084885916a778b6717b5b1a0788c2468c922f6c6f1b7bacce762388fc9af9539391430736d2f670d2e8f38410261f1dc5340ed3556796a27d30f5f7a87918a924390a8062d6fa27d08b7bc22bd6c2a96467affd95ab686bb8d01f6ac33f167a244880508c64a1fb5db41dd9f5be8327462dab9716fbde2dec98d5f8cd09dc106552df22ed537626c592a49d095895e7b5cac025b0dfdaf872ca582b74456f70d463355952d995ff8da24e5d036afae1700c8692f9f4a7c00f33b5c9fa2a3efd6bb57cc8784428626a8d2f9a2ef4363f9a2079de4bf7c8f665a192cbae8aee9fd29680b804451dd0b97ef628ca5303b59fa78dbf0a9471357a3484c4d55e7c27ed793ef923e20c42c4f0f64c5471801828526c87fcca3c19223951db7b7a6fc4fddbd005840cbae37dc012bb02d99c30e9b22f93b37b9be22a3319f810ea75d12671fb32979a02fc015a97db3196add3c52f74ed9c528b756171fe4e0c38f6c0f5d0a7b480ff1f5d3487f61b4c7b6cc7e7c422024dfb46e2f51ffc00e0dfca0aec93ad1cec2b3cdb813e0d25135c24d438f62ec7daf745b4268800e956b5ba0921eeee58e2c996c84f5b1ed576dd141a2508b3aad0a2fa1aa71bdb7219e3e8d191503aacea6ae323cb336097067d5ec6dca3f189bd860d6d51ca2fa807f2e87c54695e7fd43277a8e6c575510b0cc5d83d645fa7d43d46d6b75747bcc9151f85772c8b986353db6f0dc9aabc358c127bc784d89cd9e012ae06d45c0a14ba5845fb27888e60bacf22472b7cd9795ffe90103b3ddce5690d2340a692653cbb461d267dfdfddacd01ec9f7da412a04082742a48bd500a29008df2bae8cb4382ab5efbdd356e38fe90138974d90eb1ba0bd3ad3895ac7e4833b12ddd50e23411c834b25e0b212f0b46ff6b6305e043c5de54b8852d7d36dc21f66ace5f8ac6e1baf7564253b08e7ce9e207a18e1e66a77c7ef5837c51f6aba893b5186a0109269e79da1d7169de1783106f251dc5e17e26e69345c4ec8b8192fcc46beb9aedb41925fdb900eae76a5b46d7b66cfe4d1e85d722b0be7876b56602b8367ade405511f8d47fb24c26ea7dcbcae5a810ca3c1a9f92180bb57f15a6cd5a615aa5ec23f2ab6d0c92f502246625c84d081d2d7d7c3975951d026ef29b8d085fdf81f49453aff12dd72a37721d9db712f5df2ab5fcf7218e2f2c73ab2438f8aa212d775b4dc7887f7c643a83cf81f6c89c44659f3df654a24747b98de8c5b0a34f23790ce94be06ed4f3e2eb388a889f9168885456ff50b22329eaf67a0d89200bc6e2641a1c085fa2eadb07581d1fdc3b79d5756ebc75151eca0745d3faebb42e712bb6656d9b9a8655d242a38fbdd92c4f9cdb77cff2e060c18586b3095fa3d393883f7f532539fee1e3840f5a0f2771bdf2e4c39998beca8594fe16514be11720762b1e8d464d10df9e998d5c30a1eca708a6965ab8da8c1207f5f8c802e75f6d0fd2ca1ab1c5dcc33dddd2909dba418daa0742fe90ef2d7dded5e5a2820a84e1c3c087afbef3f3428f773cf7b6170117e52702e0a1d75155849cd066355d2025951fcd9c7e0ebcd2ffe042291ab1dd2fc2fc62bb0ff26b858247f93692bd1b9bcd48a7a8fc749e45fc83b6a2776e4de85018f884f4d74491fd5b91ec597b90f4ad568b4bca50c4ce75aab5ee15788f170168efbc3f8d1b9845bd7a559df31a61d193ba48554fe2f356c28c00cfcb5e5eb74dec3321c0a52e364055fd38cc400cc10e3350fa08e500dfc10c4baa9db2be371618ce8fb4914c097f36c0ebc1948f7ec19f81198b12267c1796ca37c2cbeb7e4894ff4c5246ccc6ecba906ac4d1197db67ebf7e0b2e5d4a890c8a00e52aa0a15710cf44a8b52ce14c64c95bcb780742959257988faccb5d47444025458384c5fdedbea3686e41e57eb656653befe9925059a9e90d53a157e7ff9f0f0ac4ebb592989db0b262e5f618b6575a2dc054cae76c5123b55a00212e35fb03b6f922c2b1d4252ce0d1d17b973fd5256d653b828a419a1d0acdc4d3ed99a341c7c62ed3701f0987d446b5b597d2a7473af49e1ca338d12ec9c651c3cbf0fbaa5354688d407e9e9e0552a1826d70ff0cec85d7cee2393ee4764baae8c19b7edb6da2589f9de8fb463decdbfcb84bb02453b5b644f57c447f9fc13d50f7d75131a1ea9ef81dfa9f946b2235b784497a02bf695490c5d64845eff285084ce9fd0fcaedf806059eaf7a2c520352f9106599646ed0653894766803b3b907ed6e46f4dd478fb1bc807235446040e494ec27e673347f45effc6fecb8e2d4fe9525c36fda8d28feebe9c42d6b70bbe549635228a93cfe5ed1c5659c733d81fad053bdf334f0b0cf4bcd9ccda7b5f8f80720c8d27a9b0c98bf2dcb651553b6e7061492014e8417321c783d9238761f9779c658db8b3c37e221ec3f45c5c89560398cd2495927dcf2787f6b83e93acf7a78975a62ec462a59dd303ea9721321a82a53d416e078ba0d8bc871413c00690ce986228091775990986710444ca8d1faf2ab5d51d3b93d497945a4a6b1817900a2025ba9188e5da8e4147c32a26ac542546209d212a66c2455330bf5d40219c85514cb20bcf75c43385f67d9b24dbd2468f036121ee8cca0fc3c1d124da7e23348246692d28f983815f168f25500ea077b79fba21cc2e9b539013bc0d6f19dd6b3b8b0580d4622433d0fa927782ee05a0a0ebd0efeb0b846029da61c1096f13ceb4d653c9990dddcdb76435359be7c27ce9f523190a90a585e27e58486f4aad7b8bbd2f28597994389dcf5aef8a05c8f15269d35251931ea41bbd0aace46bf6c4e9c7df2d65c1e066dc200e85272bf06a535a95269c7413e4c51b1c0d29c4c51e36aa2d11f29c355030a743d77a9d037103d9409e5434eba744fc28a306c6b46c447befc744b2dcbced7ff95e8faaf7775a62b1cbdc297560870ea3f682861bc31e60c58ddc6397c2e4a8b8e6a2b4e77185a884920fc77c17854808c8c8d92a3d736a38f569b3d2895de46dbde8b237d1dce867281a5dbce15e7dfe5f4ec81dedaab9fa9072cb8167a7275d3a5b4a74a8b581d389de1e4ace8c1b9e5b1c2b960ab4c7e4b59c9fd3c2fe48c79a8ac2fe7f24d12d6748fd5f717a0bdb00513d8cbb549d25be7f67d0be3ebb5f6187043e16fd5baa385ff3891124e21c1bd7b9eeb8fd699c55eef7406b1a89f1623cd2d2d1f6036b8a566c38a1d89c4fc1b6d8ddc54fc03141cfca801235dc3575aef417efffc96ce65cf3ae663414644b46c0f237d83541cb04090e33e006ad73275fe236ddb861bd7be962a9bb2d01ec22f4d4ad1be8062baf6dcd4144e60a3a59eb436c261bb94d74026f25235f3fcb64078a2ec8ba4b20c6a207f04cf144ef5fa4726257866015e3eedef6ed546f66d31ed0f8110572ea4246b9aa361a2e36a2c854e2c829a5843d010f420cbacb0f53eb1de43bc3ccb2200c7d4ebcf55612474e03136373e24c0bcf04153894a878347c93c81452da8a864fd4569125b31701c48fbf24e62ae2598b00548471b734472b651b50342736e9f74792ed05fb7c2083e49bfdc1426ac9d30ad4032d7c80e7aca021387a82b83d9a8058c1e99e4e78fffe788ee09e331f02b0f1844c342087b378a59f3baa3f94790c89b17fa25adbb8ff6ccc830d87e22ba97231646c4e981ffe4b714bd42ec70c7af90dad6b192fb0fc660fb2554b34b9c41676f5f78a1dd1991e3050583be87fc6489725c8c20161fa6cb811b914b9bd4fb558c4c0c8cebec603275f6bbf4fccabab515950dd3c7a630d25131ae5973f2e7b067cd5e2a968891a4b179af355951ddb7fe5a35d7177927ee5e1db8341ccada7ffacfbd339627512c4b82f152dcc9864ee81405c7fadde7fa1719c5ad89e10a818474d9f6ed2e00c0ed621e5805fcf64ac9b6d2904a23e288193baa229cc8257ec9f3afaac85af6d3162243971e247592b99092253e79ec4f26f6acd01f2fe402b80b564e9c5ef497c4a84a5ed6d1d4ab022012dd0db9ea11f51d5062b8e062cb3d7c629f428e06c3802e21321d2775bca0a4201ba9fcd331dbca34189b5fcb51e2e6c22af8a4977fab6d322a0d4819ff26fd4ce812c7008fe6f5d0e1a9aeacbfe35a87516170e39f0d64bb20359389792488d1f176a5b911b62e13d42cbac2fdb67b68d2903217f9cee31b4b0eac838cccc0adfbbe0e68a76598b55bcbd6fdcbf9937e3c413452e7712cbff6327364b32d52c0bce42b8c6f70e84d4e8c302d74a618eace47b01366089c5ed23f5c8303970ead4203984d2b240dd70f36ac330f75f91a99dcde1d96839aca1e2aefb64c8b61c741a9b50ca9c9b98c4ee1fc1643448ba7ab742793e306abf6c228098bd6f13de9acf57288e245df8b65be9a36233f5d7f50e5009b6b1bd1cf83e1c7dfed8fcbb06cfc0d337437a09f84c2072b3a289cd78057d44ec72fe7228958ea74af69a8f856f92986ae038aa7975b3ad56d483f590a83fd3c54b874159f0a1645213744c53c928f680e8ae6c385617d8ab60acf659600f27a1244b4de05918579a5ab30362431e14ec6c9a3fd191d39919f4b061870446b6c515587e70cf1f735c229ecef23224c330fdad7f3be5ab3ea874c436919e17b2ba7b95093f7b626301f02cc6b9681218b16134b8b15126c55ff8345406445ab00f1bd7598a757d11760304d83f30dd005c791ac3af062af366e36aae2c6164b3319aa2d89ae659d371f3361e206d354f8c6b3edffb26cdd113865a76aae1d871caa63b6b1e4f141803547550783b0dd2044fb0d8d4d4ab75ae7c409b764a7570b90b4fa4fdff73b482e50ae75950f70f1f130b1122871156841bedf0b183228c294816726399168fbbf20be74e46e667674e7b513c2273cf115a66aa65b66ed7cd21a730ef6e051ddb989f3370ad3e95c12d8b4e1797f917e979f6f5010dd54e8dcafb76b8ea3fade585cb285637d2bcce26eaf7af35acaa02df15edd4b6f700fb7ba00b18b1af37d4aa84b0d642acb5335d9ccff9ad52b6c2daf4b415ce353cbc2dfb53ccc8daacc3e0afc7e33883904c623f1ca3344b79773e4255550e514a8236188ebd2194fc46e137ac57612c54ad84d2ec72fb3073cb7f56df3692c3f2e2b0df9a419ade9902fd5c7ce73488e956f60cde82b85f92b7add0a2f4b5083101c885436ba9c216d7a13d025095f670b75a6640cbfff4255692db75dc508a7aee4fdd56a3b78c8160234d5dd8af45f2bc7f5cb41957532a539902c913eb2e0fb64f2c56cd14392e5bd92123629a9deb6db31a2792c7ebd4453b7789c007194c14a2044a18656060594d280fa6295646014186977348fff2c65a481bf12ae64cd9210e917831bae5585cc2a6cbd345e5b98d7b6b4107904bd9c98eeaeb50a290cddde26f6c6cb116d80f0b3df771ea6fc7e1790facb1c8863b0e8e94f73f9c216f3157dc2909742b26492d80f0a4b39f6f97bc591c0b8eabeb268c1d49cce389cf84a55981a5aa8d9c6fd6520cdcf13103c52b0b6d40c29433e8cd9a229b8761f3423798f94682c30d22c055614c06347152d565b55652092b36ac0d8be5410c2231861ea265ff9ee4e7496e4c1d1c06c711cce6514d403aaf64d2f65e81788de9744dc825eccf2f1fb19aa57f7d95c246804bdd26894342bc75f18fa23b12ff7605d31826c6d22df3b99cc66a110668435290ede870d945ae5eb468c9774e8d6a4f38719921cef92d0380081f26c21addf7b40e273166da28de73fcdcfbf1f4daae434611f9179df8880c04e5fd934b33f81b453706cd5c9190748fbddba89cc62e357057791ca65a18766f5241998c485428e370bcce6f8704d1292727390702d2fffbd0ce7ddde880ebea431aefa061a0c10afe73b7f165dc72eb6b6d8da0b8fa30316efa2f757000db83b295b4c352baa0aaaa12bd314376b6422d5b7257c9a1222773e1d8016d599bdb744484b470986262f93a3c058cd501b8a734cdb3c6043dc13b0510851b372c8c3f22741acc5c21498bd80c3f20635ebb901b4e50b4461ea023d8b34a5c61c6b9e2c41c35bf43ea1349335eb60954f5c223a792f7dc964dd96eafd3a343434b92ed7b2f60d9e3cd92220fa1376e943eeb2ab0e93a7668c0ea37e212d2fe79a0b41a12d5d28e7e6d954ca606bec3cf3152ec33d29f194876a354aac8fd4cfdcee28368dda40bb2091671c5a9aa295c9eaf92f11241a55d8455574b8a8ac2821f1c1be73b7d5a8a3b2eca9624805f00a2d9af9b461ff808aae04e3c5f37b4c85d42352a8c20c7da5faeaa398047bec3431ce9ab717f5d193f9fcdb9adc0676032d2c821b0fe08b7e8b0dcfd8bf340e5bea861e9c5e93c4f8d8759e93f25153e103512a043e7fe48502d3d0ed4b76be377be314880a0ee2bb6a384778f53809dcdf274c381a3a250cf62887e361001d0fcd55d60916d964fe642f818e0e8864c5361b5ab07b85c27644bf1164f35c69cdf6b363cf2cb44d660323a1b22a9950648dae1b0fc2899654bc4d10c0caecf6b4255a1f95067d13d315b75997c3678c2ccf32ce2b57e91d1acc33c2d3c8098bee4e38da75b46b707ece04138d3d7dea1ddb886f7aa117b7304ccdfb5081c98c22789ffdfc51424d58c16b3a60ff65c7bd1c81155828560f68cb8672d06ceb430f3eb783cb921ed5458b6eb32e3cd60e36bcbe01894e7425e789ca385892a2e0133243d036ca224e6d6f94f6e7087a38e302b8ce18e163a0b9666d617a36ce2cdb0a3be8b211df229ed3e25c031a42d6e40933a8d9a008937de1acac61699654713050e7de6820aaf9668fff91f12f98628aeb6778372e50eb3c268a9dc6e5381ea18805bcad512004373a4282de1ec34caed08cf916b8edcfc7b6a3593bf268e4ac9d74b6af8d16aaf32258276fbfa03792a7a4841fac3c97b2c9810032044ea44e43cf3d363aaf08acea0e3af42d4802efc4283f73e6e8e84c7b251958006d9e8d5d7e1d14e075695cf38a2d9b05a7ea6937b7d21a63282da399085d8ebe72662b85fffa8032eb2df66cbce028901a9d8fc5351fd9fd5ac538cf1dd14d211f1bdf84a62b8909d0afeb900c934c91a8fef7f6fec90cd9110ad84bbe58ae6badf98a1e82f85e3561817f6472564db38655f042d93e57feb13a3527bf8a668133a0452ce1d9b3bdb074abec6220f8d6a87d83c4f89de13709c62fa31d53529b8c95d195d1f500a28615ef5c5053a302d837af23709fb9e13272c74517078dac56bdf2f5e5b4f997d70c8b9d2396da448dd1d74a6e375ee1c161099759647f4c8ae465a388b1fbce67469612d24bd47526716d9bf8b85943684d2a8686fc6b2260a37ec02ed5c674d9e7d6574eb20d27d9349c23e5db2ffc3d2c12953ae9d1614ef222cc7ca044911f04d632a37a04a780c76b0977fcf2d74ec930f43c9855f842f6aa9121292e91b5e7ef51a76df46965d73dd1f8ccf4a660f64c28ec220a5df0f6b85ec8c9988a7055396c81e9a386fed502762aad7c1ad97a1f2226f21705344b6babbc4871a281d504300aedf0b06ceab71ca43ea3092d94c6d7d1e7fa8717127c9e8e967e3f1376209be356492e2f6ea368233aedbffb3372d61ea60096d6bd397bdad056757f44e7dfe885854089e0325f860439924c00f6f22b3a559a03b61a9349d2004a71a1733c52933e3d6a1a921a409db90e03a2a99df428fb8f0bfe776aa2b67e77aad6352612ba2fc7a23bbda3a87522accf6d780ee42144088c674b2ea33d08de863fdf8347bbc5aad07fb97274d9e21572d9052a75f6318147f586535f72f0065f1122303481ef60cb2a366268a8b6202570a19e4cdbde943b7414851a2ba898df5fce37310dfc815dc2990053b052bb1290aecf6f1aa17416361556e35a42d801f51d0d33f34d6900c98a8e7fe627751f399d3a37907b76e15125f60a6ea29eb3f2e11b97fb171accea6e3560eaa9c5955bbbc1dd07c25ebed6d5e8a3eae33fbfd6ea6f405b7cd4a4239a249aabe06c2d17e87ae98eff0cd0d36dc61f305522a0fe4727431395f141b1344dec7120564d4da88f1fe0034d17673b7e264f1633a092939b7607bc780d6bbbf61725ce1426cfdcdbe3c9f11f0c311e7aaa0d7155d27761a59fb0ee8bab2db555274dc7266974c834c9a077fb2b7d57952d4dd1a83a84dc7d33429c580c75cfa34b57fde0b5d7338fef08c9a4f257480e882c11f8b5cc762204fe5c712f960c0c35af058073aabcccfef92983c944bcce135614ad051f557b5077f5de922c37ca19bef39dc9e1260266a076ca39c1cd59c910e564cc1c61ed00c6028f107e86d00e1bd114178c7fbddd97e1456acfac550fe9a155b0d9a6084d330c4b45365db370df7461b0a13a24c7c6a91413a74a751eade12e382452720bbd288579fe766f3d2d186ad41d783f6324c74b6f24c9522daa307ebcfd9dc1368c5ea6552c47d25651f591f8fb138ad075e50f03adae47d1c03502fdd789bd804b27354383c54720f262e8c15830f6160881a260e7d31a2104ccb28fb241fa23c9262d2a54e9cd7bc0a36608769c6ca892de13cb54f3806ec41652b7f1634ffdb555d95ec8aad85f6ff3daa55a2ef898815324fa9aa2fd4f6a315fe169fa423bcd8460b12f4bb9f482a1f95c24f5844682f60183c6e3baa16366e515ca3740c88ae7161013b39053ae65cb2b68a6aad16046f2a3c0920175ab2db0f7f84d4f07eb00a0efcb4fd679782182309f427a009642ae1e201c7666a1703b7be1ff9dfa75c149dd62b6ed4c2954c630f702319c8f4d3a09df8592b611c1b3558e0cdb6af429374d3e9d86a91b9b8ffb6f7103471ecbcd2f59e2c444f2cb796b7c5cef3865e0311f092a8682173165708bb1810fdac4fe1635dd6bde5c7181eb49f4a94420543d5a352c02b11df27dc275f37e937e01d666995108b1e2bbb7ee10b344d09e065ae74429398a7318e2a4473f1da5e36f36d0e79352bc37c33fcfe1f5b1cb20ad5c1d6ed91891815953c05cd6424abb6aaac02133e37ee8ddf93291ef564314c21b70b2db1f0d0fdcd3cd134ea89c9b12e049ca30f77593e022d3d805c6c3be52129ea305bd738360340f7e36f3c2acff46ed2706ebcf63daf9fa43873c2d2f58a614769889bee920c4b93d7b002bdb984ce553c57f5985b0a72442a85a0c501d2b117755588df24514149ae62155eb13e5c7aaaedc289728aa7a24445471364b038506245100e512c4fcffeb1f8a8fab6837e845b3a472fe63aa40ff50e2b79c68611e26c6ed67a9e611a11cfffa14f44a69cb112be0932257cef3b5ec4db6657bd10b1ac44f66a7199c696c2b1934d9c81a17b1290706a64492bcc251c8c3add68c9514f7aa0ab1094926412e93f45c9be2552db67289679ba69d72234ca3e8f51707fade79b3f5a8b82fca0baefda4da0c41b155dbb6b298c6261283848d667cecac32e5b0435556b7d3acbbc4c582ec19ec93e84419d9262c03fcbd1811525b772c7d1870c4f1d6912faaef7713d65b1015d274a1e7a7764220447166b60f085c8944a77b61b575c8aedd34a6c57b0a39426f1c96ba4dee6e5e1b95baff03fde52c3be91c32cb072744905e7d3c4055b70bbe3d4745424c6683667f7aebe52533e2d7dcccb81bdb8b9bc8ae2b12337aab1ec89d5412622fdddad78bca7e20f2afb1e7f8aaa172a75f89944329dc9a57cbe91fdf45b7444b971d053e5f6bb239e945f116e51c54952c5e4a2d02577f4d1116790c3f1da80205dfdbe2b4fc262fbdb255479f66b1a2846c77cb31fc19eae3740f0965bba730cfe7abb0b7ddcb12d13fd2e2086ea5cb6b94306a5af1b655ece3310b91bb649741ede61d63acb2852a474208e753b472ef1ca83816481a79d463069b7fb9eb1acf5350b196cf4f2af2aa8a45e54fecb7bee39a9aa56c6e98d2fc72fbe4f9f45a104dd7887c4f0b2b543353798a17bdb29b45f5fd07f4f8d5293cc3265f3de38679c14dd0546886d9e0ecd41c529c21c187058189251b6f7e58ef3dc8e5196843341542cb3b1c3c9476def797dba5d1100c8bccd31d12a3fafce6ee1e7996cbe691b2dc960fcbce65b27a7e6ed6db915b162fe2daaffa9ec255633284bfcbc098904f56e5f65f011fe7d44b6d8009e5abbad02650c3f77ae09ceb6c145e2ef67fbbeaca3f6fbf1e5fda3bf1e18423444006c6957e607abd34ad0c3221612078dc89a2ceb8c2c8d817e91f5544f718dfe487d003623241cae8aaaac84581d7e0fc52d9aea83ec1fbb1cdafa9ec70fc36da2056f0d23445f2057accfe4400c68f688ca67c8eb95f206e4ad8a5d88f8d6bc12dbe59c73d4d170c6bed7359697f6e68699c2332a2950a527881e45a159027ac24558bef7507e0b5fc059aff7libgnutls.so.30.23.2../doc/packages/libgnutls-devel/gnutls-client-server-use-case.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-sequence.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-state.png.gz../doc/packages/libgnutls-devel/gnutls-internals.png.gz../doc/packages/libgnutls-devel/gnutls-layers.png.gz../doc/packages/libgnutls-devel/gnutls-logo.png.gz../doc/packages/libgnutls-devel/gnutls-modauth.png.gz../doc/packages/libgnutls-devel/gnutls-x509.png.gz../doc/packages/libgnutls-devel/pkcs11-vision.png.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootgnutls-3.6.7-lp151.2.24.1.src.rpmgnutls-devellibgnutls-devellibgnutls-devel(x86-32)pkgconfig(gnutls) @@@@@    /bin/sh/bin/sh/usr/bin/pkg-configglibc-develinfolibgnutls30pkgconfig(hogweed)pkgconfig(libtasn1)pkgconfig(nettle)pkgconfig(p11-kit-1)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.6.73.0.4-14.6.0-14.0-15.2-14.14.1__d@_cO__[@__[@^@^>@^@^k@^^@^x^x]@\P\\N\+@["@Z@ZZ@Z@Z@Z`@Z@ZZz@Y@YX@Y@YzYYf@Y_wY[@Y9<@Y3@YY@Y@YYX@Xs{@XVz@XVz@WW@Wu WV@WcW VŲ@VHVU@UUHUHU<@U*^@UU@U@U ]@T@T@TcKVítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Alexander Bergmann Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Vítězslav Čížek Jason Sikes Jason Sikes Vítězslav Čížek Vítězslav Čížek Jason Sikes Jason Sikes Jason Sikes vcizek@suse.comvcizek@suse.comjengelh@inai.devcizek@suse.comvcizek@suse.comro@suse.demeissner@suse.comkbabioch@suse.comfvogt@suse.comvcizek@suse.comastieger@suse.comvcizek@suse.comastieger@suse.comdimstar@opensuse.orgastieger@suse.comjengelh@inai.detchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.combwiedemann@suse.comvcizek@suse.comvcizek@suse.comastieger@suse.commeissner@suse.comastieger@suse.comastieger@suse.comecsos@opensuse.orgastieger@suse.comvcizek@suse.commeissner@suse.comsleep_walker@opensuse.orgmeissner@suse.commrueckert@suse.demeissner@suse.comidonmez@suse.comastieger@suse.comvcizek@suse.comdmueller@suse.commeissner@suse.comschwab@linux-m68k.orgmeissner@suse.commeissner@suse.comastieger@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.com- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch- FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch- Fix heap buffer overflow in handshake with no_renegotiation alert sent * CVE-2020-24659 (bsc#1176181) - add gnutls-CVE-2020-24659.patch- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - add patches * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch - drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction) The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) * add patches: + gnutls-CVE-2020-13777.patch - Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * add patches: + 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch + 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch + 0003-x509-trigger-fallback-verification-path-when-cert-is.patch + 0004-tests-add-test-case-for-certificate-chain-supersedin.patch- Add RSA 4096 key generation support in FIPS mode (bsc#1171422) * add gnutls-3.6.7-fips-rsa-4096.patch- Don't check for /etc/system-fips which we don't have (bsc#1169992) * add gnutls-fips_mode_enabled.patch- Backport AES XTS support (bsc#1168835) * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch * add gnutls-fips_XTS_key_check.patch- Fix zero random value in DTLS client hello (CVE-2020-11501, bsc#1168345) * add gnutls-CVE-2020-11501.patch- Split off FIPS checksums into a separate libgnutls30-hmac subpackage (bsc#1152692) * update baselibs.conf- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue * No longer truncate output IV if input is shorter than block size. * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test * Added Diffie Hellman public key verification test. * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)- Explicitly require libnettle 3.4.1 (bsc#1134856) * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order to fix CVE-2018-16868, the new implementation makes use of a new rsa_sec_decrypt() function introduced in libnettle 3.4.1 * libnettle was recently updated to the 3.4.1 version but we need to add explicit dependency on it to prevent missing symbol errors with the older versions- Restored autoreconf in build. - Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch since the version requirements of required libraries are once again automatically determined. - Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a better patch name for handling the '--with-guile-site-dir=' problem in 3.6.7.- Update gnutls to 3.6.7 * * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). * * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) * * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. * * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. * * libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). * * libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). * * gnutls-cli: Added option --logfile to redirect informational messages output. - Disabled dane support since dane is not shipped with SLE-15 - Changed configure script to hardware guile site directory since command-line option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix compilation issues on PPC - Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868)- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). * * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). * Removed patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch * Added Patches: * * disable failing psk-file test (race condition): disable-psk-file-test.patch * * Patch configure script to accept specific versions of autotools and guile that are present in SUSE-SLE15. (A bug prevents configure from accepting a range of compatible versions. Upstream's solution is to hardwire for the most current versions.) gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch * Modified: * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- Security update Improve mitigations against Lucky 13 class of attacks * "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) * add patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch- Simplify the DANE support %ifdef condition * build with DANE on openSUSE only- Adjust RPM groups. Drop %if..%endif guards that are idempotent.- build without DANE support on SLE-15, as it doesn't have unbound (bsc#1086428)- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch the dtls-resume test still keeps randomly failing on PPC- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch patch does not apply any more and apparently the build suceeds even if the formerly flaky testcase is run (bsc#1086579)- gnutls.keyring: Nikos key refreshed to be unexpired- GnuTLS 3.6.2: * libgnutls: When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data MTU calculation now, it correctly accounts for the fixed overhead due to padding (as 1 byte), while at the same time considers the rest of the padding as part of data MTU. * libgnutls: Address issue of loading of all PKCS#11 modules on startup on systems with a PKCS#11 trust store (as opposed to a file trust store). Introduced a multi-stage initialization which loads the trust modules, and other modules are deferred for the first pure PKCS#11 request. * libgnutls: The SRP authentication will reject any parameters outside RFC5054. This protects any client from potential MitM due to insecure parameters. That also brings SRP in par with the RFC7919 changes to Diffie-Hellman. * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters for SRP authentication. * libgnutls: Addressed issue in the accelerated code affecting interoperability with versions of nettle >= 3.4. * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by Vitezslav Cizek). * srptool: the --create-conf option no longer includes 1024-bit parameters. * p11tool: Fixed the deletion of objects in batch mode. - Dropped gnutls-check_aes_keysize.patch as it is included upstream now.- Use %license (boo#1082318)- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) * add gnutls-check_aes_keysize.patch- GnuTLS 3.6.1: * Fix interoperability issue with openssl when safe renegotiation was used * gnutls_x509_crl_sign, gnutls_x509_crt_sign, gnutls_x509_crq_sign, were modified to sign with a better algorithm than SHA1. They will now sign with an algorithm that corresponds to the security level of the signer's key. * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal the function to auto-detect an appropriate hash algorithm to use. * Remove support for signature algorithms using SHA2-224 in TLS. TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm in TLS 1.2 * Refuse to use client certificates containing disallowed algorithms for a session, reverting a change on 3.5.5 * Refuse to resume a session which had a different SNI advertised That improves RFC6066 support in server side. * p11tool: Mark all generated objects as sensitive by default. * p11tool: added options --sign-params and --hash. This allows testing signature with multiple algorithms, including RSA-PSS.- Disable flaky dtls_resume test on Power * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- GnuTLS 3.6.0: * Introduce a lock-free random generator which operates per- thread and eliminates random-generator related bottlenecks in multi-threaded operation. * Replace the Salsa20 random generator with one based on CHACHA. The goal is to reduce code needed in cache (CHACHA is also used for TLS), and the number of primitives used by the library. That does not affect the AES-DRBG random generator used in FIPS140-2 mode. * Add support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange * Add support for Ed25519 signing in certificates and TLS key exchange following draft-ietf-tls-rfc4492bis-17 * Enable X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. * Add support for Diffie-Hellman group negotiation following RFC7919. * Introduce various sanity checks on certificate import * Introduce gnutls_x509_crt_set_flags(). This function can set flags in the crt structure. The only flag supported at the moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity checks on import. * PKIX certificates with unknown critical extensions are rejected on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS * Refuse to generate a certificate with an illegal version, or an illegal serial number. That is, gnutls_x509_crt_set_version() and gnutls_x509_crt_set_serial(), will fail on input considered to be invalid in RFC5280. * Call to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused * Add support for PKCS#12 files with no salt (zero length) in their password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. * libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. * Add new callback setting function to gnutls_privkey_t for external keys. The new function (gnutls_privkey_import_ext4), allows signing in addition to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. * Introduce the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These allows enabling all broken and SHA1-based signature algorithms in certificate verification, respectively. * 3DES-CBC is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+3DES-CBC". * SHA1 was marked as insecure for signing certificates. Verification of certificates signed with SHA1 is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. Other uses of SHA1 are still allowed. * RIPEMD160 was marked as insecure for certificate signatures. Verification of certificates signed with RIPEMD160 hash algorithm is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. * No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. These curves were rarely used for that purpose, provide no advantage over x25519 and were deprecated by TLS 1.3. * Remove support for DEFLATE, or any other compression method. * OpenPGP authentication was removed; the resulting library is ABI compatible, with the openpgp related functions being stubs that fail on invocation. Drop gnutls-broken-openpgp-tests.patch, no longer required. * Remove support for libidn (i.e., IDNA2003); gnutls can now be compiled only with libidn2 which provides IDNA2008. * certtool: The option '--load-ca-certificate' can now accept PKCS#11 URLs in addition to files. * certtool: The option '--load-crl' can now be used when generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). * certtool: Keys with provable RSA and DSA parameters are now only read and exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. This removes support for the previous a non-standard key format. * certtool: Added support for generating, printing and handling RSA-PSS and Ed25519 keys and certificates. * certtool: the parameters --rsa, --dsa and --ecdsa to - -generate-privkey are now deprecated, replaced by the - -key-type option. * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were replaced by the --generate-privkey option. * psktool: Generate 256-bit keys by default. * gnutls-server: Increase request buffer size to 16kb, and added the --alpn and --alpn-fatal options, allowing testing of ALPN negotiation. * Enables FIPS 140-2 mode during build- Buildrequire iproute2: the test suite calls /usr/bin/ss and as such we have to ensure to pull it in.- GnuTLS 3.5.15: * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode * certtool: Keys with provable RSA and DSA parameters are now only exported in PKCS#8 form- RPM group fix. Diversification of summaries. - Avoid aims and future plans in description. Say what it does now.- Drop the deprecated openssl compat ; discussed and suggested by vcizek - Cleanup a bit with spec-cleaner- GnuTLS 3.5.14: * Handle specially HSMs which request explicit authentication * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs * do not set leading zeros when copying integers on HSMs * Fix issue discovering certain OCSP signers, and improved the discovery of OCSP signer in the case where the Subject Public Key identifier field matches * ensure OCSP responses are saved with --save-ocsp even if certificate verification fails.- GnuTLS 3.5.13: * libgnutls: fixed issue with AES-GCM in-place encryption and decryption in aarch64 * libgnutls: no longer parse the ResponseID field of the status response TLS extension. The field is not used by GnuTLS nor is made available to calling applications. That addresses a null pointer dereference on server side caused by packets containing the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 * libgnutls: tolerate certificates which do not have strict DER time encoding. It is possible using 3rd party tools to generate certificates with time fields that do not conform to DER requirements. Since 3.4.x these certificates were rejected and cannot be used with GnuTLS, however that caused problems with existing private certificate infrastructures, which were relying on such certificates. Tolerate reading and using these certificates. * minitasn1: updated to libtasn1 4.11. * certtool: allow multiple certificates to be used in --p7-sign with the --load-certificate option- GnuTLS 3.5.12: * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses against DNS fields of certificate (CN or DNSname). The previous behavior was to tolerate some misconfigured servers, but that was non-standard and skipped any IP constraints present in higher level certificates. * libgnutls: when converting to IDNA2008, fallback to IDNA2003 (i.e., transitional encoding) if the domain cannot be converted. That provides maximum compatibility with browsers like firefox that perform the same conversion. * libgnutls: fix issue in RSA-PSK client callback which resulted in no username being sent to the peer * libgnutls: fix regression causing stapled extensions in trust modules not to be considered. * certtool: introduced the email_protection_key option. This option was introduced in documentation for certtool without an implementation of it. It is a shortcut for option 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. * certtool: made printing of key ID and key PIN consistent between certificates, public keys, and private keys. That is the private key printing now uses the same format as the rest. * gnutls-cli: introduced the --sni-hostname option. This allows overriding the hostname advertised to the peer.- skip trust-store tests to avoid build cycle with ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch- GnuTLS 3.5.11: * gnutls.pc: do not include libtool options into Libs.private. * libgnutls: Fixed issue when rehandshaking without a client certificate in a session which initially used one * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access. That allows PKCS#11 operations such as signing to be performed with the same object from multiple threads. * libgnutls: when disabling OpenPGP authentication, the resulting library is ABI compatible (will openpgp related functions being stubs that fail on invocation).- call gzip -n to make build fully reproducible- update to 3.5.10 * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173 * gnutls.pc: do not include libidn2 in Requires.private * libgnutls: optimized access to subject alternative names (SANs) in parsed certificates * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469 when printing certificate information. * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify() flags can be set from the gnutls_certificate_verify_flags enumeration. This allows the functions to pass the same flags available for certificates to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or GNUTLS_VERIFY_ALLOW_BROKEN). * libgnutls: gnutls_store_commitment() can accept flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate in applications which use SHA1 for example, after SHA1 is deprecated. * certtool: No longer ignore the 'add_critical_extension' template option if the 'add_extension' option is not present. * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream) - drop gnutls-3.5.9-pkgconfig.patch (upstream) - remove unknown --disable-srp flag (bsc#901857)- disable the deprecated OpenPGP authentication support * see https://gitlab.com/gnutls/gnutls/issues/102 - add gnutls-broken-openpgp-tests.patch- GnuTLS 3.5.9: * libgnutls: OpenPGP references removed, functionality deprecated * libgnutls: Improve detection of AVX support * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 * p11tool: re-use ID from corresponding objects when writing certificates. * API and ABI modifications: gnutls_idna_map: Added gnutls_idna_reverse_map: Added - prevent pkgconfig issues due to libidn2 when building with GnuTLS add gnutls-3.5.9-pkgconfig.patch- Version 3.5.8 (released 2016-01-09) * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* functions will not leave the verification profiles field to an undefined state. The last call will take precedence. * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. * libgnutls: Introduced option to override the default priority string used by the library. The intention is to allow support of system-wide priority strings (as set with --with-system-priority-file). The configure option is --with-default-priority-string. * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. This prevents crashes when decrypting malformed PKCS#8 keys. * libgnutls: Fix crash on the loading of malformed private keys with certain parameters set to zero. * libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. * libgnutls: Addressed memory leaks in client and server side error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks in X.509 certificate printing error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) - security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2- GnuTLS 3.5.7, the next stable branch, with the following highlights: * SHA3 as a certificate signature algorithm * X25519 (formerly curve25519) for ephemeral EC diffie-hellman key exchange * TLS false start * New APIs to access the Shawe-Taylor-based provable RSA and DSA parameter generation * Prevent the change of identity on rehandshakes by default- GnuTLS 3.4.17: * libgnutls: Introduced time and constraints checks in the end certificate in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() functions. * libgnutls: Set limits on the maximum number of alerts handled. That is, applications using gnutls could be tricked into an busy loop if the peer sends continuously alert messages. Applications which set a maximum handshake time (via gnutls_handshake_set_timeout) will eventually recover but others may remain in a busy loops indefinitely. This is related but not identical to CVE-2016-8610, due to the difference in alert handling of the libraries (gnutls delegates that handling to applications). boo#1005879 * libgnutls: Enhanced the PKCS#7 parser to allow decoding old (pre-rfc5652) structures with arbitrary encapsulated content. * libgnutls: Backported cipher priorities order from 3.5.x branch That adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings. * certtool: When exporting a CRQ in DER format ensure no text data are intermixed. * API and ABI modifications: gnutls_pkcs7_get_embedded_data_oid: Added - includes changes from 3.4.16: * libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key() failures due to key mismatch. This prevents leaks or double freeing on such failures. * libgnutls: Increased the maximum size of the handshake message hash. This will allow the library to cope better with larger packets, as the ones offered by current TLS 1.3 drafts. * libgnutls: Allow to use client certificates despite them containing disallowed algorithms for a session. That allows for example a client to use DSA-SHA1 due to his old DSA certificate, without requiring him to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). * guile: Backported all improvements from 3.5.x branch. * guile: Update code to the I/O port API of Guile >= 2.1.4 This makes sure the GnuTLS bindings will work with the forthcoming 2.2 stable series of Guile, of which 2.1 is a preview.- GnuTLS 3.4.15: * libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. * libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain. * libgnutls: Added support for decrypting PKCS#8 files which use the HMAC-SHA256 as PRF. * libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. - fix build error for 13.2, 42.1 and 42.2- GnuTLS 3.4.14: * libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2, boo#988276) * libgnutls: Fixed DTLS handshake packet reconstruction. * libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER - drop upstreamed 0001-tests-use-datefudge-in-name-constraints-test.patch- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch- Version 3.4.13 (released 2016-06-06) * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with NSS instead of using a separate variable; in addition append any keys to the file instead of overwriting it. * libgnutls: use secure_getenv() where available to obtain environment variables. Addresses GNUTLS-SA-2016-1. - Version 3.4.12 (released 2016-05-20) * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that operation could fail on certain PKCS#11 modules. * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS name of the certificates if the provided names are NULL. * libgnutls: when receiving SNI names, only save and expose to application the supported DNS names. * libgnutls: when importing the certificate names at the gnutls_certificate_set* functions, only consider the CN as a fallback if DNS names are provided via the alternative name extension. * gnutls-cli: on OCSP verification do not fail if we have a single valid reply. Report and reproducer by Thomas Klute. * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to log session keys in client side. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark.- enabled guile support - removed duplicates- Updated to 3.4.11 * Version 3.4.11 (released 2016-04-11) * * libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported by Fridolin Pokorny. * * libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Corrected behavior of ALPN extension parsing during session resumption. Report and patches by Yuriy M. Kaminskiy. * * libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set() which caused it not to accept non-null- terminated hostnames. Reported by Tim Ruehsen. * * libgnutls: Corrected printing of the IP Adress name constraints. * * ocsptool: use HTTP/1.0 for requests. This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. * * certtool: do not require a CA for OCSP signing tag. This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. * Version 3.4.10 (released 2016-03-03) * * libgnutls: Eliminated issues preventing buffers more than 2^32 bytes to be used with hashing functions. * * libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import(). * * libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Several fixes to prevent relying on undefined behavior of C (found with libubsan). * Version 3.4.9 (released 2016-02-03) * * libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate the last commonly supported protocol, rather than the first. Reported by Remi Denis-Courmont (#63). * * libgnutls: Tolerate empty DN fields in informational output functions. * * libgnutls: Corrected regression causes by incorrect fix in gnutls_x509_ext_export_key_usage() at 3.4.8 release.- follow the work in the unbound package and use the libunbound-devel symbol for the buildrequires. we override it for the distro build with libunbound-devel-mini to avoid build loops.- reenable dane support, require unbound-devel bsc#964346 - split out libgnutls-dane-devel to try to avoid build cycle.- Update to 3.4.8 All changes since 3.4.4: * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when used with PKCS #11 keys. * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import their public keys from either a public key object or a certificate. That is, because private keys do not contain all the required parameters for a direct import. * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 tokens. * libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage() * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to draft-ietf-tls-chacha20-poly1305-02. * libgnutls: Several fixes in PKCS #7 signing which improve compatibility with the MacOSX tools. * libgnutls: The max-record extension not negotiated on DTLS. This resolves issue with the max-record being negotiated but ignored. * certtool: Added the --p7-include-cert and --p7-show-data options. * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 ciphersuites. This solves an interoperability issue with openssl. * libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info(). * libgnutls: On a rehandshake allow switching from anonymous to ECDHE and DHE ciphersuites. * libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128 from using arbitrary key sizes. * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping the implicit global initialization. * gnutls.pc: Don't include libtool specific options to link flags. * tools: Better support for FTP AUTH TLS negotiation * libgnutls: Added new simple verification functions. That avoids the need to install a callback to perform certificate verification. See doc/examples/ex-client-x509.c for usage. * libgnutls: Introduced the security parameter 'future' which is at the 256-bit level of security, and 'ultra' was aligned to its documented size at 192-bits. * libgnutls: When writing a certificate into a PKCS #11 token, ensure that CKA_SERIAL_NUMBER and CKA_ISSUER are written. * libgnutls: Allow the presence of legacy ciphers and key exchanges in priority strings and consider them a no-op. * libgnutls: Handle the extended master secret as a mandatory extension. That fixes incompatibility issues with Chromium (#45). * libgnutls: Added the ability to copy a public key into a PKCS #11 token. * tools: Added support for LDAP and XMPP negotiation for STARTTLS. * p11tool: Allow writing a public key into a PKCS #11 token. * certtool: Key generation security level was switched to HIGH. That is, by default the tool generates 3072 bit keys for RSA and DSA. * libgnutls: When re-importing CRLs to a trust list ensure that there no duplicate entries. * certtool: Removed any arbitrary limits imposed on input file sizes and maximum number of certificates imported. * certtool: Allow specifying fixed dates on CRL generation. * gnutls-cli-debug: Added check for inappropriate fallback support (RFC7507).- Update to 3.4.4 This update contains a fix for a denial of service vulnerability: * Allow the parsing of very long DNs. Also fixes double free in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 Other changes: * Add high level API (gnutls_prf_rfc5705) to access the PRF as specified by RFC5705. * Link to trousers (TPM library) dynamically when this functionality is requested. (disabled in SUSE package) * Fix issue with server side sending the status request extension even when not requested. * Add support for RFC7507 by introducing the %FALLBACK_SCSV priority string option. * gnutls_pkcs11_privkey_generate2() will store the generated public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is specified. * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. * API and ABI modifications: gnutls_prf_rfc5705: Added gnutls_hex_encode2: Added gnutls_hex_decode2: Added - build with autogen for libopts compatibility - fix failures in test suite, add upstream commits 0001-certtool-lifted-limits-on-file-size-to-load.patch 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch- update to 3.4.3 * * libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. * * libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). * * libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. * * libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. * * libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. * * libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. * * p11tool: Added --list-token-urls option, and print the token module name in list-tokens. * * libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * * libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. * * libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * * libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. * * certtool: Added options to generate PKCS #7 bundles and signed structures. - includes changes from 3.4.2: * DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * Correct regression with Camellia-256-GCM cipher. * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * Enhance the PKCS #7 API to allow signing and verification of structures. Move API to gnutls/pkcs7.h header. * certtool: Added options to generate PKCS #7 bundles and signed structures.- disable testsuite run against valgrind on aarch64- Updated to 3.4.1 (released 2015-05-03) * * libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. * * libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. * * libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. * * libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. * * libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 * * libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. * * certtool: It can generate SHA256 key IDs. * * gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. * * API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added - gnutls-fix-double-mans.patch: fixed upstream- Disable buggy valgrind on armv7l- updated to 3.4.0 (released 2015-04-08) * * libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. * * libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". * * libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. * * libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. * * libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). * * libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". * * libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". * * libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. * * libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. * * libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. * * libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. * * libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). * * libgnutls: Depend on nettle 3.1. * * libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. * * libgnutls: Use pthread_atfork() to detect fork when available. * * libgnutls: The gnutls_handshake() process will enforce a timeout by default. * * libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. * * libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. * * libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. * * libgnutls: Added helper functions to obtain information on PKCS #8 structures. * * libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. * * libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). * * libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). * * libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). * * libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. * * libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. * * libgnutls-openssl: it is no longer built by default. * * certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. * * certtool: --key-info option will print PKCS #8 encryption information when available. * * certtool: Added the --key-id and --fingerprint options. * * certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). * * certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. * * certtool: it will print the A-label (ACE) names in addition to UTF-8. * * p11tool: added options --set-id and --set-label. * * gnutls-cli: added options --priority-list and --save-cert. * * guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. * * guile: Remove RSA parameters and related procedures. This API had been deprecated. * * guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.- updated to 3.3.13 (released 2015-03-30) * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. * * libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. * * libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). * * libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. * * libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 - new main library major version .so.30 - requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1 - Now need to configure --enable-openssl-compatibility (might go away) - added gnutls-fix-double-mans.patch: avoid double installing manpages - dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed anymore - install_info_delete moved from %postun to %preun- for DANE support, use bcond_with - for tpm support, same - note p11-kit >= 0.20.7 requirement - note libtasn1 3.9 requirement (built-in lib used otherwise)- disable trousers and unbound again for now, as it causes too long build cycles.- added unbound-devel (for DANE) and trousers-devel (for TPM support) - removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff - libgnutls-dane0 new library added - updated to 3.3.13 (released 2015-02-25) * * libgnutls: Enable AESNI in GCM on x86 * * libgnutls: Fixes in DTLS message handling * * libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. * * gnutls-cli: Fixes in OCSP verification. - Version 3.3.12 (released 2015-01-17) * * libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html * * libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. * * libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. * * libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 * * libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 * * libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. * * libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. * * libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. * * certtool: --pubkey-info will also attempt to load a public key from stdin. * * gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. - Version 3.3.11 (released 2014-12-11) * * libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. * * libgnutls: Corrected parsing issue with OCSP responses. - Version 3.3.10 (released 2014-11-10) * * libgnutls: Refuse to import v1 or v2 certificates that contain extensions. * * libgnutls: Fixes in usage of PKCS #11 token callback * * libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. * * libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. * * libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. * * certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. - Version 3.3.9 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. * * libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls-dane: Do not require the CA on a ca match to be direct CA. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details. * * certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. - Version 3.3.8 (released 2014-09-18) * * libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. * * libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. * * libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. * * libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. * * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. * * libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. * * libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). * * libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. * * libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. * * libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. * * libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. * * p11tool: when listing tokens, list their type as well. * * p11tool: when listing objects from a trust module print any attached extensions on certificates. - Version 3.3.7 (released 2014-08-24) * * libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. * * libgnutls: bundle replacements of inet_pton and inet_aton if not available. * * libgnutls: initialize parameters variable on PKCS #8 decryption. * * libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. * * libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. * * libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. * * libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. * * p11tool: Added --info parameter. * * certtool: Added --mark-wrap parameter. * * danetool: --check will attempt to retrieve the server's certificate chain and verify against it. * * danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. * * danetool: Added openssl linking exception, to allow linking with libunbound. - Version 3.3.6 (released 2014-07-23) * * libgnutls: Use inet_ntop to print IP addresses when available * * libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. * * libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. * * libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. * * libgnutls: fixed PKCS #11 private key operations after a fork. * * libgnutls: fixed PKCS #11 ECDSA key generation. * * libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 * * libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. * * p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. * * p11tool: ask for label when one isn't provided. * * p11tool: added --batch parameter to disable any interactivity. * * p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. * * certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. - Version 3.3.5 (released 2014-06-26) * * libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. * * libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. * * libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. * * libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. * * libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. * * certtool: option --to-p12 will now consider --load-ca-certificate * * certtol: Added option to specify the PKCS #12 friendly name on command line. * * p11tool: Allow marking a certificate copied to a token as a CA. - Version 3.3.4 (released 2014-05-31) * * libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. - Version 3.3.3 (released 2014-05-30) * * libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. * * libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. * * libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. * * libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. * * libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 * * gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. * * gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. * * certtool: Allow multiple organizations and organizational unit names to be specified in a template. * * certtool: Warn when invalid configuration options are set to a template. * * ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.3.2 (released 2014-05-06) * * libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. * * libgnutls: Corrected file descriptor leak on random generator initialization. * * libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. * * libgnutls: Avoid deinitialization if initialization has failed. * * libgnutls: null-terminate othername alternative names. * * libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. * * libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. * * libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. * * libgnutls-guile: Fixed compilation issue. * * certtool: Allow exporting a CRL on DER format. * * certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. - Version 3.3.1 (released 2014-04-19) * * libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. * * libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. * * libgnutls: Several small bug fixes found by coverity. * * libgnutls: The conditionally available self-test functions were moved to self-test.h. * * libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. * * libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. * * libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. * * libgnutls: Corrected the *get_*_othername_oid() functions. - Version 3.3.0 (released 2014-04-10) * * libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. * * libgnutls: static libraries are not built by default. * * libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. * * libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. * * libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). * * libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. * * libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. * * libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). * * libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. * * libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. * * libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). * * libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). * * libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. * * libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. * * libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. * * libgnutls: Depend on p11-kit 0.20.0 or later. * * libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. * * libgnutls: The experimental xssl library is removed from the gnutls distribution. * * libgnutls: Reduced the number of gnulib modules used in the main library. * * libgnutls: Added priority string %DISABLE_WILDCARDS. * * libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). * * certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). * * certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. * * certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. * * libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT).- build with PIE for commandline tools- Updated to 3.2.21 (released 2014-12-11) - libgnutls: Corrected regression introduced in 3.2.19 related to session renegotiation. Reported by Dan Winship. - libgnutls: Corrected parsing issue with OCSP responses.- Updated to 3.2.20 (released 2014-11-10) * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. (CVE-2014-8564 bnc#904603) - Updated to 3.2.19 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details./bin/sh/bin/shbuild84 1606476515  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.6.7-lp151.2.24.13.6.7-lp151.2.24.13.6.7-lp151.2.24.13.6.7 gnutlsabstract.hcompat.hcrypto.hdtls.hgnutls.hocsp.hopenpgp.hpkcs11.hpkcs12.hpkcs7.hself-test.hsocket.hsystem-keys.htpm.hurls.hx509-ext.hx509.hlibgnutls.sognutls.pclibgnutls-develexamplesex-alert.cex-cert-select-pkcs11.cex-cert-select.cex-client-anon.cex-client-dtls.cex-client-psk.cex-client-resume.cex-client-srp.cex-client-x509-3.1.cex-client-x509.cex-crq.cex-ocsp-client.cex-pkcs11-list.cex-pkcs12.cex-serv-anon.cex-serv-dtls.cex-serv-psk.cex-serv-srp.cex-serv-x509.cex-session-info.cex-verify-ssh.cex-verify.cex-x509-info.cexamples.hprint-ciphersuites.ctcp.cudp.cverify.cgnutls-client-server-use-case.png.gzgnutls-crypto-layers.png.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.htmlgnutls.pdfpkcs11-vision.png.gzreferenceapi-index-full.htmlgnutls.devhelp2home.png.gzindex.htmlintro.htmlleft-insensitive.png.gzleft.png.gzright-insensitive.png.gzright.png.gzstyle.cssup-insensitive.png.gzup.png.gzgnutls-client-server-use-case.png.gzgnutls-guile.info.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.info-1.gzgnutls.info-2.gzgnutls.info-3.gzgnutls.info-4.gzgnutls.info-5.gzgnutls.info-6.gzgnutls.info-7.gzgnutls.info.gzpkcs11-vision.png.gzdane_cert_type_name.3.gzdane_cert_usage_name.3.gzdane_match_type_name.3.gzdane_query_data.3.gzdane_query_deinit.3.gzdane_query_entries.3.gzdane_query_status.3.gzdane_query_tlsa.3.gzdane_query_to_raw_tlsa.3.gzdane_raw_tlsa.3.gzdane_state_deinit.3.gzdane_state_init.3.gzdane_state_set_dlv_file.3.gzdane_strerror.3.gzdane_verification_status_print.3.gzdane_verify_crt.3.gzdane_verify_crt_raw.3.gzdane_verify_session_crt.3.gzgnutls_aead_cipher_decrypt.3.gzgnutls_aead_cipher_deinit.3.gzgnutls_aead_cipher_encrypt.3.gzgnutls_aead_cipher_encryptv.3.gzgnutls_aead_cipher_init.3.gzgnutls_alert_get.3.gzgnutls_alert_get_name.3.gzgnutls_alert_get_strname.3.gzgnutls_alert_send.3.gzgnutls_alert_send_appropriate.3.gzgnutls_alpn_get_selected_protocol.3.gzgnutls_alpn_set_protocols.3.gzgnutls_anon_allocate_client_credentials.3.gzgnutls_anon_allocate_server_credentials.3.gzgnutls_anon_free_client_credentials.3.gzgnutls_anon_free_server_credentials.3.gzgnutls_anon_set_params_function.3.gzgnutls_anon_set_server_dh_params.3.gzgnutls_anon_set_server_known_dh_params.3.gzgnutls_anon_set_server_params_function.3.gzgnutls_anti_replay_deinit.3.gzgnutls_anti_replay_enable.3.gzgnutls_anti_replay_init.3.gzgnutls_anti_replay_set_add_function.3.gzgnutls_anti_replay_set_ptr.3.gzgnutls_anti_replay_set_window.3.gzgnutls_auth_client_get_type.3.gzgnutls_auth_get_type.3.gzgnutls_auth_server_get_type.3.gzgnutls_base64_decode2.3.gzgnutls_base64_encode2.3.gzgnutls_buffer_append_data.3.gzgnutls_bye.3.gzgnutls_certificate_activation_time_peers.3.gzgnutls_certificate_allocate_credentials.3.gzgnutls_certificate_client_get_request_status.3.gzgnutls_certificate_expiration_time_peers.3.gzgnutls_certificate_free_ca_names.3.gzgnutls_certificate_free_cas.3.gzgnutls_certificate_free_credentials.3.gzgnutls_certificate_free_crls.3.gzgnutls_certificate_free_keys.3.gzgnutls_certificate_get_crt_raw.3.gzgnutls_certificate_get_issuer.3.gzgnutls_certificate_get_ocsp_expiration.3.gzgnutls_certificate_get_ours.3.gzgnutls_certificate_get_peers.3.gzgnutls_certificate_get_peers_subkey_id.3.gzgnutls_certificate_get_trust_list.3.gzgnutls_certificate_get_verify_flags.3.gzgnutls_certificate_get_x509_crt.3.gzgnutls_certificate_get_x509_key.3.gzgnutls_certificate_send_x509_rdn_sequence.3.gzgnutls_certificate_server_set_request.3.gzgnutls_certificate_set_dh_params.3.gzgnutls_certificate_set_flags.3.gzgnutls_certificate_set_key.3.gzgnutls_certificate_set_known_dh_params.3.gzgnutls_certificate_set_ocsp_status_request_file.3.gzgnutls_certificate_set_ocsp_status_request_file2.3.gzgnutls_certificate_set_ocsp_status_request_function.3.gzgnutls_certificate_set_ocsp_status_request_function2.3.gzgnutls_certificate_set_ocsp_status_request_mem.3.gzgnutls_certificate_set_params_function.3.gzgnutls_certificate_set_pin_function.3.gzgnutls_certificate_set_rawpk_key_file.3.gzgnutls_certificate_set_rawpk_key_mem.3.gzgnutls_certificate_set_retrieve_function.3.gzgnutls_certificate_set_retrieve_function2.3.gzgnutls_certificate_set_retrieve_function3.3.gzgnutls_certificate_set_trust_list.3.gzgnutls_certificate_set_verify_flags.3.gzgnutls_certificate_set_verify_function.3.gzgnutls_certificate_set_verify_limits.3.gzgnutls_certificate_set_x509_crl.3.gzgnutls_certificate_set_x509_crl_file.3.gzgnutls_certificate_set_x509_crl_mem.3.gzgnutls_certificate_set_x509_key.3.gzgnutls_certificate_set_x509_key_file.3.gzgnutls_certificate_set_x509_key_file2.3.gzgnutls_certificate_set_x509_key_mem.3.gzgnutls_certificate_set_x509_key_mem2.3.gzgnutls_certificate_set_x509_simple_pkcs12_file.3.gzgnutls_certificate_set_x509_simple_pkcs12_mem.3.gzgnutls_certificate_set_x509_system_trust.3.gzgnutls_certificate_set_x509_trust.3.gzgnutls_certificate_set_x509_trust_dir.3.gzgnutls_certificate_set_x509_trust_file.3.gzgnutls_certificate_set_x509_trust_mem.3.gzgnutls_certificate_type_get.3.gzgnutls_certificate_type_get2.3.gzgnutls_certificate_type_get_id.3.gzgnutls_certificate_type_get_name.3.gzgnutls_certificate_type_list.3.gzgnutls_certificate_verification_status_print.3.gzgnutls_certificate_verify_peers.3.gzgnutls_certificate_verify_peers2.3.gzgnutls_certificate_verify_peers3.3.gzgnutls_check_version.3.gzgnutls_cipher_add_auth.3.gzgnutls_cipher_decrypt.3.gzgnutls_cipher_decrypt2.3.gzgnutls_cipher_deinit.3.gzgnutls_cipher_encrypt.3.gzgnutls_cipher_encrypt2.3.gzgnutls_cipher_get.3.gzgnutls_cipher_get_block_size.3.gzgnutls_cipher_get_id.3.gzgnutls_cipher_get_iv_size.3.gzgnutls_cipher_get_key_size.3.gzgnutls_cipher_get_name.3.gzgnutls_cipher_get_tag_size.3.gzgnutls_cipher_init.3.gzgnutls_cipher_list.3.gzgnutls_cipher_set_iv.3.gzgnutls_cipher_suite_get_name.3.gzgnutls_cipher_suite_info.3.gzgnutls_cipher_tag.3.gzgnutls_compression_get.3.gzgnutls_compression_get_id.3.gzgnutls_compression_get_name.3.gzgnutls_compression_list.3.gzgnutls_credentials_clear.3.gzgnutls_credentials_get.3.gzgnutls_credentials_set.3.gzgnutls_crypto_register_aead_cipher.3.gzgnutls_crypto_register_cipher.3.gzgnutls_crypto_register_digest.3.gzgnutls_crypto_register_mac.3.gzgnutls_db_check_entry.3.gzgnutls_db_check_entry_expire_time.3.gzgnutls_db_check_entry_time.3.gzgnutls_db_get_default_cache_expiration.3.gzgnutls_db_get_ptr.3.gzgnutls_db_remove_session.3.gzgnutls_db_set_cache_expiration.3.gzgnutls_db_set_ptr.3.gzgnutls_db_set_remove_function.3.gzgnutls_db_set_retrieve_function.3.gzgnutls_db_set_store_function.3.gzgnutls_decode_ber_digest_info.3.gzgnutls_decode_gost_rs_value.3.gzgnutls_decode_rs_value.3.gzgnutls_deinit.3.gzgnutls_dh_get_group.3.gzgnutls_dh_get_peers_public_bits.3.gzgnutls_dh_get_prime_bits.3.gzgnutls_dh_get_pubkey.3.gzgnutls_dh_get_secret_bits.3.gzgnutls_dh_params_cpy.3.gzgnutls_dh_params_deinit.3.gzgnutls_dh_params_export2_pkcs3.3.gzgnutls_dh_params_export_pkcs3.3.gzgnutls_dh_params_export_raw.3.gzgnutls_dh_params_generate2.3.gzgnutls_dh_params_import_dsa.3.gzgnutls_dh_params_import_pkcs3.3.gzgnutls_dh_params_import_raw.3.gzgnutls_dh_params_import_raw2.3.gzgnutls_dh_params_import_raw3.3.gzgnutls_dh_params_init.3.gzgnutls_dh_set_prime_bits.3.gzgnutls_digest_get_id.3.gzgnutls_digest_get_name.3.gzgnutls_digest_get_oid.3.gzgnutls_digest_list.3.gzgnutls_dtls_cookie_send.3.gzgnutls_dtls_cookie_verify.3.gzgnutls_dtls_get_data_mtu.3.gzgnutls_dtls_get_mtu.3.gzgnutls_dtls_get_timeout.3.gzgnutls_dtls_prestate_set.3.gzgnutls_dtls_set_data_mtu.3.gzgnutls_dtls_set_mtu.3.gzgnutls_dtls_set_timeouts.3.gzgnutls_ecc_curve_get.3.gzgnutls_ecc_curve_get_id.3.gzgnutls_ecc_curve_get_name.3.gzgnutls_ecc_curve_get_oid.3.gzgnutls_ecc_curve_get_pk.3.gzgnutls_ecc_curve_get_size.3.gzgnutls_ecc_curve_list.3.gzgnutls_encode_ber_digest_info.3.gzgnutls_encode_gost_rs_value.3.gzgnutls_encode_rs_value.3.gzgnutls_error_is_fatal.3.gzgnutls_error_to_alert.3.gzgnutls_est_record_overhead_size.3.gzgnutls_ext_get_current_msg.3.gzgnutls_ext_get_data.3.gzgnutls_ext_get_name.3.gzgnutls_ext_raw_parse.3.gzgnutls_ext_register.3.gzgnutls_ext_set_data.3.gzgnutls_fingerprint.3.gzgnutls_fips140_mode_enabled.3.gzgnutls_fips140_set_mode.3.gzgnutls_global_deinit.3.gzgnutls_global_init.3.gzgnutls_global_set_audit_log_function.3.gzgnutls_global_set_log_function.3.gzgnutls_global_set_log_level.3.gzgnutls_global_set_mem_functions.3.gzgnutls_global_set_mutex.3.gzgnutls_global_set_time_function.3.gzgnutls_gost_paramset_get_name.3.gzgnutls_gost_paramset_get_oid.3.gzgnutls_group_get.3.gzgnutls_group_get_id.3.gzgnutls_group_get_name.3.gzgnutls_group_list.3.gzgnutls_handshake.3.gzgnutls_handshake_description_get_name.3.gzgnutls_handshake_get_last_in.3.gzgnutls_handshake_get_last_out.3.gzgnutls_handshake_set_hook_function.3.gzgnutls_handshake_set_max_packet_length.3.gzgnutls_handshake_set_post_client_hello_function.3.gzgnutls_handshake_set_private_extensions.3.gzgnutls_handshake_set_random.3.gzgnutls_handshake_set_timeout.3.gzgnutls_hash.3.gzgnutls_hash_deinit.3.gzgnutls_hash_fast.3.gzgnutls_hash_get_len.3.gzgnutls_hash_init.3.gzgnutls_hash_output.3.gzgnutls_heartbeat_allowed.3.gzgnutls_heartbeat_enable.3.gzgnutls_heartbeat_get_timeout.3.gzgnutls_heartbeat_ping.3.gzgnutls_heartbeat_pong.3.gzgnutls_heartbeat_set_timeouts.3.gzgnutls_hex2bin.3.gzgnutls_hex_decode.3.gzgnutls_hex_decode2.3.gzgnutls_hex_encode.3.gzgnutls_hex_encode2.3.gzgnutls_hmac.3.gzgnutls_hmac_deinit.3.gzgnutls_hmac_fast.3.gzgnutls_hmac_get_len.3.gzgnutls_hmac_init.3.gzgnutls_hmac_output.3.gzgnutls_hmac_set_nonce.3.gzgnutls_idna_map.3.gzgnutls_idna_reverse_map.3.gzgnutls_init.3.gzgnutls_key_generate.3.gzgnutls_kx_get.3.gzgnutls_kx_get_id.3.gzgnutls_kx_get_name.3.gzgnutls_kx_list.3.gzgnutls_load_file.3.gzgnutls_mac_get.3.gzgnutls_mac_get_id.3.gzgnutls_mac_get_key_size.3.gzgnutls_mac_get_name.3.gzgnutls_mac_get_nonce_size.3.gzgnutls_mac_list.3.gzgnutls_memcmp.3.gzgnutls_memset.3.gzgnutls_ocsp_req_add_cert.3.gzgnutls_ocsp_req_add_cert_id.3.gzgnutls_ocsp_req_deinit.3.gzgnutls_ocsp_req_export.3.gzgnutls_ocsp_req_get_cert_id.3.gzgnutls_ocsp_req_get_extension.3.gzgnutls_ocsp_req_get_nonce.3.gzgnutls_ocsp_req_get_version.3.gzgnutls_ocsp_req_import.3.gzgnutls_ocsp_req_init.3.gzgnutls_ocsp_req_print.3.gzgnutls_ocsp_req_randomize_nonce.3.gzgnutls_ocsp_req_set_extension.3.gzgnutls_ocsp_req_set_nonce.3.gzgnutls_ocsp_resp_check_crt.3.gzgnutls_ocsp_resp_deinit.3.gzgnutls_ocsp_resp_export.3.gzgnutls_ocsp_resp_export2.3.gzgnutls_ocsp_resp_get_certs.3.gzgnutls_ocsp_resp_get_extension.3.gzgnutls_ocsp_resp_get_nonce.3.gzgnutls_ocsp_resp_get_produced.3.gzgnutls_ocsp_resp_get_responder.3.gzgnutls_ocsp_resp_get_responder2.3.gzgnutls_ocsp_resp_get_responder_raw_id.3.gzgnutls_ocsp_resp_get_response.3.gzgnutls_ocsp_resp_get_signature.3.gzgnutls_ocsp_resp_get_signature_algorithm.3.gzgnutls_ocsp_resp_get_single.3.gzgnutls_ocsp_resp_get_status.3.gzgnutls_ocsp_resp_get_version.3.gzgnutls_ocsp_resp_import.3.gzgnutls_ocsp_resp_import2.3.gzgnutls_ocsp_resp_init.3.gzgnutls_ocsp_resp_list_import2.3.gzgnutls_ocsp_resp_print.3.gzgnutls_ocsp_resp_verify.3.gzgnutls_ocsp_resp_verify_direct.3.gzgnutls_ocsp_status_request_enable_client.3.gzgnutls_ocsp_status_request_get.3.gzgnutls_ocsp_status_request_get2.3.gzgnutls_ocsp_status_request_is_checked.3.gzgnutls_oid_to_digest.3.gzgnutls_oid_to_ecc_curve.3.gzgnutls_oid_to_gost_paramset.3.gzgnutls_oid_to_mac.3.gzgnutls_oid_to_pk.3.gzgnutls_oid_to_sign.3.gzgnutls_openpgp_privkey_sign_hash.3.gzgnutls_openpgp_send_cert.3.gzgnutls_packet_deinit.3.gzgnutls_packet_get.3.gzgnutls_pcert_deinit.3.gzgnutls_pcert_export_openpgp.3.gzgnutls_pcert_export_x509.3.gzgnutls_pcert_import_openpgp.3.gzgnutls_pcert_import_openpgp_raw.3.gzgnutls_pcert_import_rawpk.3.gzgnutls_pcert_import_rawpk_raw.3.gzgnutls_pcert_import_x509.3.gzgnutls_pcert_import_x509_list.3.gzgnutls_pcert_import_x509_raw.3.gzgnutls_pcert_list_import_x509_file.3.gzgnutls_pcert_list_import_x509_raw.3.gzgnutls_pem_base64_decode.3.gzgnutls_pem_base64_decode2.3.gzgnutls_pem_base64_encode.3.gzgnutls_pem_base64_encode2.3.gzgnutls_perror.3.gzgnutls_pk_algorithm_get_name.3.gzgnutls_pk_bits_to_sec_param.3.gzgnutls_pk_get_id.3.gzgnutls_pk_get_name.3.gzgnutls_pk_get_oid.3.gzgnutls_pk_list.3.gzgnutls_pk_to_sign.3.gzgnutls_pkcs11_add_provider.3.gzgnutls_pkcs11_copy_attached_extension.3.gzgnutls_pkcs11_copy_pubkey.3.gzgnutls_pkcs11_copy_secret_key.3.gzgnutls_pkcs11_copy_x509_crt.3.gzgnutls_pkcs11_copy_x509_crt2.3.gzgnutls_pkcs11_copy_x509_privkey.3.gzgnutls_pkcs11_copy_x509_privkey2.3.gzgnutls_pkcs11_crt_is_known.3.gzgnutls_pkcs11_deinit.3.gzgnutls_pkcs11_delete_url.3.gzgnutls_pkcs11_get_pin_function.3.gzgnutls_pkcs11_get_raw_issuer.3.gzgnutls_pkcs11_get_raw_issuer_by_dn.3.gzgnutls_pkcs11_get_raw_issuer_by_subject_key_id.3.gzgnutls_pkcs11_init.3.gzgnutls_pkcs11_obj_deinit.3.gzgnutls_pkcs11_obj_export.3.gzgnutls_pkcs11_obj_export2.3.gzgnutls_pkcs11_obj_export3.3.gzgnutls_pkcs11_obj_export_url.3.gzgnutls_pkcs11_obj_flags_get_str.3.gzgnutls_pkcs11_obj_get_exts.3.gzgnutls_pkcs11_obj_get_flags.3.gzgnutls_pkcs11_obj_get_info.3.gzgnutls_pkcs11_obj_get_ptr.3.gzgnutls_pkcs11_obj_get_type.3.gzgnutls_pkcs11_obj_import_url.3.gzgnutls_pkcs11_obj_init.3.gzgnutls_pkcs11_obj_list_import_url3.3.gzgnutls_pkcs11_obj_list_import_url4.3.gzgnutls_pkcs11_obj_set_info.3.gzgnutls_pkcs11_obj_set_pin_function.3.gzgnutls_pkcs11_privkey_cpy.3.gzgnutls_pkcs11_privkey_deinit.3.gzgnutls_pkcs11_privkey_export_pubkey.3.gzgnutls_pkcs11_privkey_export_url.3.gzgnutls_pkcs11_privkey_generate.3.gzgnutls_pkcs11_privkey_generate2.3.gzgnutls_pkcs11_privkey_generate3.3.gzgnutls_pkcs11_privkey_get_info.3.gzgnutls_pkcs11_privkey_get_pk_algorithm.3.gzgnutls_pkcs11_privkey_import_url.3.gzgnutls_pkcs11_privkey_init.3.gzgnutls_pkcs11_privkey_set_pin_function.3.gzgnutls_pkcs11_privkey_status.3.gzgnutls_pkcs11_reinit.3.gzgnutls_pkcs11_set_pin_function.3.gzgnutls_pkcs11_set_token_function.3.gzgnutls_pkcs11_token_check_mechanism.3.gzgnutls_pkcs11_token_get_flags.3.gzgnutls_pkcs11_token_get_info.3.gzgnutls_pkcs11_token_get_mechanism.3.gzgnutls_pkcs11_token_get_ptr.3.gzgnutls_pkcs11_token_get_random.3.gzgnutls_pkcs11_token_get_url.3.gzgnutls_pkcs11_token_init.3.gzgnutls_pkcs11_token_set_pin.3.gzgnutls_pkcs11_type_get_name.3.gzgnutls_pkcs12_bag_decrypt.3.gzgnutls_pkcs12_bag_deinit.3.gzgnutls_pkcs12_bag_enc_info.3.gzgnutls_pkcs12_bag_encrypt.3.gzgnutls_pkcs12_bag_get_count.3.gzgnutls_pkcs12_bag_get_data.3.gzgnutls_pkcs12_bag_get_friendly_name.3.gzgnutls_pkcs12_bag_get_key_id.3.gzgnutls_pkcs12_bag_get_type.3.gzgnutls_pkcs12_bag_init.3.gzgnutls_pkcs12_bag_set_crl.3.gzgnutls_pkcs12_bag_set_crt.3.gzgnutls_pkcs12_bag_set_data.3.gzgnutls_pkcs12_bag_set_friendly_name.3.gzgnutls_pkcs12_bag_set_key_id.3.gzgnutls_pkcs12_bag_set_privkey.3.gzgnutls_pkcs12_deinit.3.gzgnutls_pkcs12_export.3.gzgnutls_pkcs12_export2.3.gzgnutls_pkcs12_generate_mac.3.gzgnutls_pkcs12_generate_mac2.3.gzgnutls_pkcs12_get_bag.3.gzgnutls_pkcs12_import.3.gzgnutls_pkcs12_init.3.gzgnutls_pkcs12_mac_info.3.gzgnutls_pkcs12_set_bag.3.gzgnutls_pkcs12_simple_parse.3.gzgnutls_pkcs12_verify_mac.3.gzgnutls_pkcs7_add_attr.3.gzgnutls_pkcs7_attrs_deinit.3.gzgnutls_pkcs7_deinit.3.gzgnutls_pkcs7_delete_crl.3.gzgnutls_pkcs7_delete_crt.3.gzgnutls_pkcs7_export.3.gzgnutls_pkcs7_export2.3.gzgnutls_pkcs7_get_attr.3.gzgnutls_pkcs7_get_crl_count.3.gzgnutls_pkcs7_get_crl_raw.3.gzgnutls_pkcs7_get_crl_raw2.3.gzgnutls_pkcs7_get_crt_count.3.gzgnutls_pkcs7_get_crt_raw.3.gzgnutls_pkcs7_get_crt_raw2.3.gzgnutls_pkcs7_get_embedded_data.3.gzgnutls_pkcs7_get_embedded_data_oid.3.gzgnutls_pkcs7_get_signature_count.3.gzgnutls_pkcs7_get_signature_info.3.gzgnutls_pkcs7_import.3.gzgnutls_pkcs7_init.3.gzgnutls_pkcs7_print.3.gzgnutls_pkcs7_set_crl.3.gzgnutls_pkcs7_set_crl_raw.3.gzgnutls_pkcs7_set_crt.3.gzgnutls_pkcs7_set_crt_raw.3.gzgnutls_pkcs7_sign.3.gzgnutls_pkcs7_signature_info_deinit.3.gzgnutls_pkcs7_verify.3.gzgnutls_pkcs7_verify_direct.3.gzgnutls_pkcs8_info.3.gzgnutls_pkcs_schema_get_name.3.gzgnutls_pkcs_schema_get_oid.3.gzgnutls_prf.3.gzgnutls_prf_raw.3.gzgnutls_prf_rfc5705.3.gzgnutls_priority_certificate_type_list.3.gzgnutls_priority_certificate_type_list2.3.gzgnutls_priority_cipher_list.3.gzgnutls_priority_compression_list.3.gzgnutls_priority_deinit.3.gzgnutls_priority_ecc_curve_list.3.gzgnutls_priority_get_cipher_suite_index.3.gzgnutls_priority_group_list.3.gzgnutls_priority_init.3.gzgnutls_priority_init2.3.gzgnutls_priority_kx_list.3.gzgnutls_priority_mac_list.3.gzgnutls_priority_protocol_list.3.gzgnutls_priority_set.3.gzgnutls_priority_set_direct.3.gzgnutls_priority_sign_list.3.gzgnutls_priority_string_list.3.gzgnutls_privkey_decrypt_data.3.gzgnutls_privkey_decrypt_data2.3.gzgnutls_privkey_deinit.3.gzgnutls_privkey_export_dsa_raw.3.gzgnutls_privkey_export_dsa_raw2.3.gzgnutls_privkey_export_ecc_raw.3.gzgnutls_privkey_export_ecc_raw2.3.gzgnutls_privkey_export_gost_raw2.3.gzgnutls_privkey_export_openpgp.3.gzgnutls_privkey_export_pkcs11.3.gzgnutls_privkey_export_rsa_raw.3.gzgnutls_privkey_export_rsa_raw2.3.gzgnutls_privkey_export_x509.3.gzgnutls_privkey_generate.3.gzgnutls_privkey_generate2.3.gzgnutls_privkey_get_pk_algorithm.3.gzgnutls_privkey_get_seed.3.gzgnutls_privkey_get_spki.3.gzgnutls_privkey_get_type.3.gzgnutls_privkey_import_dsa_raw.3.gzgnutls_privkey_import_ecc_raw.3.gzgnutls_privkey_import_ext.3.gzgnutls_privkey_import_ext2.3.gzgnutls_privkey_import_ext3.3.gzgnutls_privkey_import_ext4.3.gzgnutls_privkey_import_gost_raw.3.gzgnutls_privkey_import_openpgp.3.gzgnutls_privkey_import_openpgp_raw.3.gzgnutls_privkey_import_pkcs11.3.gzgnutls_privkey_import_pkcs11_url.3.gzgnutls_privkey_import_rsa_raw.3.gzgnutls_privkey_import_tpm_raw.3.gzgnutls_privkey_import_tpm_url.3.gzgnutls_privkey_import_url.3.gzgnutls_privkey_import_x509.3.gzgnutls_privkey_import_x509_raw.3.gzgnutls_privkey_init.3.gzgnutls_privkey_set_flags.3.gzgnutls_privkey_set_pin_function.3.gzgnutls_privkey_set_spki.3.gzgnutls_privkey_sign_data.3.gzgnutls_privkey_sign_data2.3.gzgnutls_privkey_sign_hash.3.gzgnutls_privkey_sign_hash2.3.gzgnutls_privkey_status.3.gzgnutls_privkey_verify_params.3.gzgnutls_privkey_verify_seed.3.gzgnutls_protocol_get_id.3.gzgnutls_protocol_get_name.3.gzgnutls_protocol_get_version.3.gzgnutls_protocol_list.3.gzgnutls_psk_allocate_client_credentials.3.gzgnutls_psk_allocate_server_credentials.3.gzgnutls_psk_client_get_hint.3.gzgnutls_psk_free_client_credentials.3.gzgnutls_psk_free_server_credentials.3.gzgnutls_psk_server_get_username.3.gzgnutls_psk_set_client_credentials.3.gzgnutls_psk_set_client_credentials_function.3.gzgnutls_psk_set_params_function.3.gzgnutls_psk_set_server_credentials_file.3.gzgnutls_psk_set_server_credentials_function.3.gzgnutls_psk_set_server_credentials_hint.3.gzgnutls_psk_set_server_dh_params.3.gzgnutls_psk_set_server_known_dh_params.3.gzgnutls_psk_set_server_params_function.3.gzgnutls_pubkey_deinit.3.gzgnutls_pubkey_encrypt_data.3.gzgnutls_pubkey_export.3.gzgnutls_pubkey_export2.3.gzgnutls_pubkey_export_dsa_raw.3.gzgnutls_pubkey_export_dsa_raw2.3.gzgnutls_pubkey_export_ecc_raw.3.gzgnutls_pubkey_export_ecc_raw2.3.gzgnutls_pubkey_export_ecc_x962.3.gzgnutls_pubkey_export_gost_raw2.3.gzgnutls_pubkey_export_rsa_raw.3.gzgnutls_pubkey_export_rsa_raw2.3.gzgnutls_pubkey_get_key_id.3.gzgnutls_pubkey_get_key_usage.3.gzgnutls_pubkey_get_openpgp_key_id.3.gzgnutls_pubkey_get_pk_algorithm.3.gzgnutls_pubkey_get_preferred_hash_algorithm.3.gzgnutls_pubkey_get_spki.3.gzgnutls_pubkey_import.3.gzgnutls_pubkey_import_dsa_raw.3.gzgnutls_pubkey_import_ecc_raw.3.gzgnutls_pubkey_import_ecc_x962.3.gzgnutls_pubkey_import_gost_raw.3.gzgnutls_pubkey_import_openpgp.3.gzgnutls_pubkey_import_openpgp_raw.3.gzgnutls_pubkey_import_pkcs11.3.gzgnutls_pubkey_import_privkey.3.gzgnutls_pubkey_import_rsa_raw.3.gzgnutls_pubkey_import_tpm_raw.3.gzgnutls_pubkey_import_tpm_url.3.gzgnutls_pubkey_import_url.3.gzgnutls_pubkey_import_x509.3.gzgnutls_pubkey_import_x509_crq.3.gzgnutls_pubkey_import_x509_raw.3.gzgnutls_pubkey_init.3.gzgnutls_pubkey_print.3.gzgnutls_pubkey_set_key_usage.3.gzgnutls_pubkey_set_pin_function.3.gzgnutls_pubkey_set_spki.3.gzgnutls_pubkey_verify_data2.3.gzgnutls_pubkey_verify_hash2.3.gzgnutls_pubkey_verify_params.3.gzgnutls_random_art.3.gzgnutls_range_split.3.gzgnutls_reauth.3.gzgnutls_record_can_use_length_hiding.3.gzgnutls_record_check_corked.3.gzgnutls_record_check_pending.3.gzgnutls_record_cork.3.gzgnutls_record_disable_padding.3.gzgnutls_record_discard_queued.3.gzgnutls_record_get_direction.3.gzgnutls_record_get_discarded.3.gzgnutls_record_get_max_early_data_size.3.gzgnutls_record_get_max_size.3.gzgnutls_record_get_state.3.gzgnutls_record_overhead_size.3.gzgnutls_record_recv.3.gzgnutls_record_recv_early_data.3.gzgnutls_record_recv_packet.3.gzgnutls_record_recv_seq.3.gzgnutls_record_send.3.gzgnutls_record_send2.3.gzgnutls_record_send_early_data.3.gzgnutls_record_send_range.3.gzgnutls_record_set_max_early_data_size.3.gzgnutls_record_set_max_size.3.gzgnutls_record_set_state.3.gzgnutls_record_set_timeout.3.gzgnutls_record_uncork.3.gzgnutls_register_custom_url.3.gzgnutls_rehandshake.3.gzgnutls_rnd.3.gzgnutls_rnd_refresh.3.gzgnutls_safe_renegotiation_status.3.gzgnutls_sec_param_get_name.3.gzgnutls_sec_param_to_pk_bits.3.gzgnutls_sec_param_to_symmetric_bits.3.gzgnutls_server_name_get.3.gzgnutls_server_name_set.3.gzgnutls_session_channel_binding.3.gzgnutls_session_enable_compatibility_mode.3.gzgnutls_session_etm_status.3.gzgnutls_session_ext_master_secret_status.3.gzgnutls_session_ext_register.3.gzgnutls_session_force_valid.3.gzgnutls_session_get_data.3.gzgnutls_session_get_data2.3.gzgnutls_session_get_desc.3.gzgnutls_session_get_flags.3.gzgnutls_session_get_id.3.gzgnutls_session_get_id2.3.gzgnutls_session_get_master_secret.3.gzgnutls_session_get_ptr.3.gzgnutls_session_get_random.3.gzgnutls_session_get_verify_cert_status.3.gzgnutls_session_is_resumed.3.gzgnutls_session_key_update.3.gzgnutls_session_resumption_requested.3.gzgnutls_session_set_data.3.gzgnutls_session_set_id.3.gzgnutls_session_set_premaster.3.gzgnutls_session_set_ptr.3.gzgnutls_session_set_verify_cert.3.gzgnutls_session_set_verify_cert2.3.gzgnutls_session_set_verify_function.3.gzgnutls_session_supplemental_register.3.gzgnutls_session_ticket_enable_client.3.gzgnutls_session_ticket_enable_server.3.gzgnutls_session_ticket_key_generate.3.gzgnutls_session_ticket_send.3.gzgnutls_set_default_priority.3.gzgnutls_set_default_priority_append.3.gzgnutls_sign_algorithm_get.3.gzgnutls_sign_algorithm_get_client.3.gzgnutls_sign_algorithm_get_requested.3.gzgnutls_sign_get_hash_algorithm.3.gzgnutls_sign_get_id.3.gzgnutls_sign_get_name.3.gzgnutls_sign_get_oid.3.gzgnutls_sign_get_pk_algorithm.3.gzgnutls_sign_is_secure.3.gzgnutls_sign_is_secure2.3.gzgnutls_sign_list.3.gzgnutls_sign_supports_pk_algorithm.3.gzgnutls_srp_allocate_client_credentials.3.gzgnutls_srp_allocate_server_credentials.3.gzgnutls_srp_base64_decode.3.gzgnutls_srp_base64_decode2.3.gzgnutls_srp_base64_encode.3.gzgnutls_srp_base64_encode2.3.gzgnutls_srp_free_client_credentials.3.gzgnutls_srp_free_server_credentials.3.gzgnutls_srp_server_get_username.3.gzgnutls_srp_set_client_credentials.3.gzgnutls_srp_set_client_credentials_function.3.gzgnutls_srp_set_prime_bits.3.gzgnutls_srp_set_server_credentials_file.3.gzgnutls_srp_set_server_credentials_function.3.gzgnutls_srp_set_server_fake_salt_seed.3.gzgnutls_srp_verifier.3.gzgnutls_srtp_get_keys.3.gzgnutls_srtp_get_mki.3.gzgnutls_srtp_get_profile_id.3.gzgnutls_srtp_get_profile_name.3.gzgnutls_srtp_get_selected_profile.3.gzgnutls_srtp_set_mki.3.gzgnutls_srtp_set_profile.3.gzgnutls_srtp_set_profile_direct.3.gzgnutls_store_commitment.3.gzgnutls_store_pubkey.3.gzgnutls_strerror.3.gzgnutls_strerror_name.3.gzgnutls_subject_alt_names_deinit.3.gzgnutls_subject_alt_names_get.3.gzgnutls_subject_alt_names_init.3.gzgnutls_subject_alt_names_set.3.gzgnutls_supplemental_get_name.3.gzgnutls_supplemental_recv.3.gzgnutls_supplemental_register.3.gzgnutls_supplemental_send.3.gzgnutls_system_key_add_x509.3.gzgnutls_system_key_delete.3.gzgnutls_system_key_iter_deinit.3.gzgnutls_system_key_iter_get_info.3.gzgnutls_system_recv_timeout.3.gzgnutls_tdb_deinit.3.gzgnutls_tdb_init.3.gzgnutls_tdb_set_store_commitment_func.3.gzgnutls_tdb_set_store_func.3.gzgnutls_tdb_set_verify_func.3.gzgnutls_tpm_get_registered.3.gzgnutls_tpm_key_list_deinit.3.gzgnutls_tpm_key_list_get_url.3.gzgnutls_tpm_privkey_delete.3.gzgnutls_tpm_privkey_generate.3.gzgnutls_transport_get_int.3.gzgnutls_transport_get_int2.3.gzgnutls_transport_get_ptr.3.gzgnutls_transport_get_ptr2.3.gzgnutls_transport_set_errno.3.gzgnutls_transport_set_errno_function.3.gzgnutls_transport_set_fastopen.3.gzgnutls_transport_set_int.3.gzgnutls_transport_set_int2.3.gzgnutls_transport_set_ptr.3.gzgnutls_transport_set_ptr2.3.gzgnutls_transport_set_pull_function.3.gzgnutls_transport_set_pull_timeout_function.3.gzgnutls_transport_set_push_function.3.gzgnutls_transport_set_vec_push_function.3.gzgnutls_url_is_supported.3.gzgnutls_utf8_password_normalize.3.gzgnutls_verify_stored_pubkey.3.gzgnutls_x509_aia_deinit.3.gzgnutls_x509_aia_get.3.gzgnutls_x509_aia_init.3.gzgnutls_x509_aia_set.3.gzgnutls_x509_aki_deinit.3.gzgnutls_x509_aki_get_cert_issuer.3.gzgnutls_x509_aki_get_id.3.gzgnutls_x509_aki_init.3.gzgnutls_x509_aki_set_cert_issuer.3.gzgnutls_x509_aki_set_id.3.gzgnutls_x509_cidr_to_rfc5280.3.gzgnutls_x509_crl_check_issuer.3.gzgnutls_x509_crl_deinit.3.gzgnutls_x509_crl_dist_points_deinit.3.gzgnutls_x509_crl_dist_points_get.3.gzgnutls_x509_crl_dist_points_init.3.gzgnutls_x509_crl_dist_points_set.3.gzgnutls_x509_crl_export.3.gzgnutls_x509_crl_export2.3.gzgnutls_x509_crl_get_authority_key_gn_serial.3.gzgnutls_x509_crl_get_authority_key_id.3.gzgnutls_x509_crl_get_crt_count.3.gzgnutls_x509_crl_get_crt_serial.3.gzgnutls_x509_crl_get_dn_oid.3.gzgnutls_x509_crl_get_extension_data.3.gzgnutls_x509_crl_get_extension_data2.3.gzgnutls_x509_crl_get_extension_info.3.gzgnutls_x509_crl_get_extension_oid.3.gzgnutls_x509_crl_get_issuer_dn.3.gzgnutls_x509_crl_get_issuer_dn2.3.gzgnutls_x509_crl_get_issuer_dn3.3.gzgnutls_x509_crl_get_issuer_dn_by_oid.3.gzgnutls_x509_crl_get_next_update.3.gzgnutls_x509_crl_get_number.3.gzgnutls_x509_crl_get_raw_issuer_dn.3.gzgnutls_x509_crl_get_signature.3.gzgnutls_x509_crl_get_signature_algorithm.3.gzgnutls_x509_crl_get_signature_oid.3.gzgnutls_x509_crl_get_this_update.3.gzgnutls_x509_crl_get_version.3.gzgnutls_x509_crl_import.3.gzgnutls_x509_crl_init.3.gzgnutls_x509_crl_iter_crt_serial.3.gzgnutls_x509_crl_iter_deinit.3.gzgnutls_x509_crl_list_import.3.gzgnutls_x509_crl_list_import2.3.gzgnutls_x509_crl_print.3.gzgnutls_x509_crl_privkey_sign.3.gzgnutls_x509_crl_set_authority_key_id.3.gzgnutls_x509_crl_set_crt.3.gzgnutls_x509_crl_set_crt_serial.3.gzgnutls_x509_crl_set_next_update.3.gzgnutls_x509_crl_set_number.3.gzgnutls_x509_crl_set_this_update.3.gzgnutls_x509_crl_set_version.3.gzgnutls_x509_crl_sign.3.gzgnutls_x509_crl_sign2.3.gzgnutls_x509_crl_verify.3.gzgnutls_x509_crq_deinit.3.gzgnutls_x509_crq_export.3.gzgnutls_x509_crq_export2.3.gzgnutls_x509_crq_get_attribute_by_oid.3.gzgnutls_x509_crq_get_attribute_data.3.gzgnutls_x509_crq_get_attribute_info.3.gzgnutls_x509_crq_get_basic_constraints.3.gzgnutls_x509_crq_get_challenge_password.3.gzgnutls_x509_crq_get_dn.3.gzgnutls_x509_crq_get_dn2.3.gzgnutls_x509_crq_get_dn3.3.gzgnutls_x509_crq_get_dn_by_oid.3.gzgnutls_x509_crq_get_dn_oid.3.gzgnutls_x509_crq_get_extension_by_oid.3.gzgnutls_x509_crq_get_extension_by_oid2.3.gzgnutls_x509_crq_get_extension_data.3.gzgnutls_x509_crq_get_extension_data2.3.gzgnutls_x509_crq_get_extension_info.3.gzgnutls_x509_crq_get_key_id.3.gzgnutls_x509_crq_get_key_purpose_oid.3.gzgnutls_x509_crq_get_key_rsa_raw.3.gzgnutls_x509_crq_get_key_usage.3.gzgnutls_x509_crq_get_pk_algorithm.3.gzgnutls_x509_crq_get_pk_oid.3.gzgnutls_x509_crq_get_private_key_usage_period.3.gzgnutls_x509_crq_get_signature_algorithm.3.gzgnutls_x509_crq_get_signature_oid.3.gzgnutls_x509_crq_get_spki.3.gzgnutls_x509_crq_get_subject_alt_name.3.gzgnutls_x509_crq_get_subject_alt_othername_oid.3.gzgnutls_x509_crq_get_tlsfeatures.3.gzgnutls_x509_crq_get_version.3.gzgnutls_x509_crq_import.3.gzgnutls_x509_crq_init.3.gzgnutls_x509_crq_print.3.gzgnutls_x509_crq_privkey_sign.3.gzgnutls_x509_crq_set_attribute_by_oid.3.gzgnutls_x509_crq_set_basic_constraints.3.gzgnutls_x509_crq_set_challenge_password.3.gzgnutls_x509_crq_set_dn.3.gzgnutls_x509_crq_set_dn_by_oid.3.gzgnutls_x509_crq_set_extension_by_oid.3.gzgnutls_x509_crq_set_key.3.gzgnutls_x509_crq_set_key_purpose_oid.3.gzgnutls_x509_crq_set_key_rsa_raw.3.gzgnutls_x509_crq_set_key_usage.3.gzgnutls_x509_crq_set_private_key_usage_period.3.gzgnutls_x509_crq_set_pubkey.3.gzgnutls_x509_crq_set_spki.3.gzgnutls_x509_crq_set_subject_alt_name.3.gzgnutls_x509_crq_set_subject_alt_othername.3.gzgnutls_x509_crq_set_tlsfeatures.3.gzgnutls_x509_crq_set_version.3.gzgnutls_x509_crq_sign.3.gzgnutls_x509_crq_sign2.3.gzgnutls_x509_crq_verify.3.gzgnutls_x509_crt_check_email.3.gzgnutls_x509_crt_check_hostname.3.gzgnutls_x509_crt_check_hostname2.3.gzgnutls_x509_crt_check_ip.3.gzgnutls_x509_crt_check_issuer.3.gzgnutls_x509_crt_check_key_purpose.3.gzgnutls_x509_crt_check_revocation.3.gzgnutls_x509_crt_cpy_crl_dist_points.3.gzgnutls_x509_crt_deinit.3.gzgnutls_x509_crt_equals.3.gzgnutls_x509_crt_equals2.3.gzgnutls_x509_crt_export.3.gzgnutls_x509_crt_export2.3.gzgnutls_x509_crt_get_activation_time.3.gzgnutls_x509_crt_get_authority_info_access.3.gzgnutls_x509_crt_get_authority_key_gn_serial.3.gzgnutls_x509_crt_get_authority_key_id.3.gzgnutls_x509_crt_get_basic_constraints.3.gzgnutls_x509_crt_get_ca_status.3.gzgnutls_x509_crt_get_crl_dist_points.3.gzgnutls_x509_crt_get_dn.3.gzgnutls_x509_crt_get_dn2.3.gzgnutls_x509_crt_get_dn3.3.gzgnutls_x509_crt_get_dn_by_oid.3.gzgnutls_x509_crt_get_dn_oid.3.gzgnutls_x509_crt_get_expiration_time.3.gzgnutls_x509_crt_get_extension_by_oid.3.gzgnutls_x509_crt_get_extension_by_oid2.3.gzgnutls_x509_crt_get_extension_data.3.gzgnutls_x509_crt_get_extension_data2.3.gzgnutls_x509_crt_get_extension_info.3.gzgnutls_x509_crt_get_extension_oid.3.gzgnutls_x509_crt_get_fingerprint.3.gzgnutls_x509_crt_get_inhibit_anypolicy.3.gzgnutls_x509_crt_get_issuer.3.gzgnutls_x509_crt_get_issuer_alt_name.3.gzgnutls_x509_crt_get_issuer_alt_name2.3.gzgnutls_x509_crt_get_issuer_alt_othername_oid.3.gzgnutls_x509_crt_get_issuer_dn.3.gzgnutls_x509_crt_get_issuer_dn2.3.gzgnutls_x509_crt_get_issuer_dn3.3.gzgnutls_x509_crt_get_issuer_dn_by_oid.3.gzgnutls_x509_crt_get_issuer_dn_oid.3.gzgnutls_x509_crt_get_issuer_unique_id.3.gzgnutls_x509_crt_get_key_id.3.gzgnutls_x509_crt_get_key_purpose_oid.3.gzgnutls_x509_crt_get_key_usage.3.gzgnutls_x509_crt_get_name_constraints.3.gzgnutls_x509_crt_get_pk_algorithm.3.gzgnutls_x509_crt_get_pk_dsa_raw.3.gzgnutls_x509_crt_get_pk_ecc_raw.3.gzgnutls_x509_crt_get_pk_gost_raw.3.gzgnutls_x509_crt_get_pk_oid.3.gzgnutls_x509_crt_get_pk_rsa_raw.3.gzgnutls_x509_crt_get_policy.3.gzgnutls_x509_crt_get_preferred_hash_algorithm.3.gzgnutls_x509_crt_get_private_key_usage_period.3.gzgnutls_x509_crt_get_proxy.3.gzgnutls_x509_crt_get_raw_dn.3.gzgnutls_x509_crt_get_raw_issuer_dn.3.gzgnutls_x509_crt_get_serial.3.gzgnutls_x509_crt_get_signature.3.gzgnutls_x509_crt_get_signature_algorithm.3.gzgnutls_x509_crt_get_signature_oid.3.gzgnutls_x509_crt_get_spki.3.gzgnutls_x509_crt_get_subject.3.gzgnutls_x509_crt_get_subject_alt_name.3.gzgnutls_x509_crt_get_subject_alt_name2.3.gzgnutls_x509_crt_get_subject_alt_othername_oid.3.gzgnutls_x509_crt_get_subject_key_id.3.gzgnutls_x509_crt_get_subject_unique_id.3.gzgnutls_x509_crt_get_tlsfeatures.3.gzgnutls_x509_crt_get_version.3.gzgnutls_x509_crt_import.3.gzgnutls_x509_crt_import_pkcs11.3.gzgnutls_x509_crt_import_url.3.gzgnutls_x509_crt_init.3.gzgnutls_x509_crt_list_import.3.gzgnutls_x509_crt_list_import2.3.gzgnutls_x509_crt_list_import_pkcs11.3.gzgnutls_x509_crt_list_import_url.3.gzgnutls_x509_crt_list_verify.3.gzgnutls_x509_crt_print.3.gzgnutls_x509_crt_privkey_sign.3.gzgnutls_x509_crt_set_activation_time.3.gzgnutls_x509_crt_set_authority_info_access.3.gzgnutls_x509_crt_set_authority_key_id.3.gzgnutls_x509_crt_set_basic_constraints.3.gzgnutls_x509_crt_set_ca_status.3.gzgnutls_x509_crt_set_crl_dist_points.3.gzgnutls_x509_crt_set_crl_dist_points2.3.gzgnutls_x509_crt_set_crq.3.gzgnutls_x509_crt_set_crq_extension_by_oid.3.gzgnutls_x509_crt_set_crq_extensions.3.gzgnutls_x509_crt_set_dn.3.gzgnutls_x509_crt_set_dn_by_oid.3.gzgnutls_x509_crt_set_expiration_time.3.gzgnutls_x509_crt_set_extension_by_oid.3.gzgnutls_x509_crt_set_flags.3.gzgnutls_x509_crt_set_inhibit_anypolicy.3.gzgnutls_x509_crt_set_issuer_alt_name.3.gzgnutls_x509_crt_set_issuer_alt_othername.3.gzgnutls_x509_crt_set_issuer_dn.3.gzgnutls_x509_crt_set_issuer_dn_by_oid.3.gzgnutls_x509_crt_set_issuer_unique_id.3.gzgnutls_x509_crt_set_key.3.gzgnutls_x509_crt_set_key_purpose_oid.3.gzgnutls_x509_crt_set_key_usage.3.gzgnutls_x509_crt_set_name_constraints.3.gzgnutls_x509_crt_set_pin_function.3.gzgnutls_x509_crt_set_policy.3.gzgnutls_x509_crt_set_private_key_usage_period.3.gzgnutls_x509_crt_set_proxy.3.gzgnutls_x509_crt_set_proxy_dn.3.gzgnutls_x509_crt_set_pubkey.3.gzgnutls_x509_crt_set_serial.3.gzgnutls_x509_crt_set_spki.3.gzgnutls_x509_crt_set_subject_alt_name.3.gzgnutls_x509_crt_set_subject_alt_othername.3.gzgnutls_x509_crt_set_subject_alternative_name.3.gzgnutls_x509_crt_set_subject_key_id.3.gzgnutls_x509_crt_set_subject_unique_id.3.gzgnutls_x509_crt_set_tlsfeatures.3.gzgnutls_x509_crt_set_version.3.gzgnutls_x509_crt_sign.3.gzgnutls_x509_crt_sign2.3.gzgnutls_x509_crt_verify.3.gzgnutls_x509_crt_verify_data2.3.gzgnutls_x509_dn_deinit.3.gzgnutls_x509_dn_export.3.gzgnutls_x509_dn_export2.3.gzgnutls_x509_dn_get_rdn_ava.3.gzgnutls_x509_dn_get_str.3.gzgnutls_x509_dn_get_str2.3.gzgnutls_x509_dn_import.3.gzgnutls_x509_dn_init.3.gzgnutls_x509_dn_oid_known.3.gzgnutls_x509_dn_oid_name.3.gzgnutls_x509_dn_set_str.3.gzgnutls_x509_ext_deinit.3.gzgnutls_x509_ext_export_aia.3.gzgnutls_x509_ext_export_authority_key_id.3.gzgnutls_x509_ext_export_basic_constraints.3.gzgnutls_x509_ext_export_crl_dist_points.3.gzgnutls_x509_ext_export_inhibit_anypolicy.3.gzgnutls_x509_ext_export_key_purposes.3.gzgnutls_x509_ext_export_key_usage.3.gzgnutls_x509_ext_export_name_constraints.3.gzgnutls_x509_ext_export_policies.3.gzgnutls_x509_ext_export_private_key_usage_period.3.gzgnutls_x509_ext_export_proxy.3.gzgnutls_x509_ext_export_subject_alt_names.3.gzgnutls_x509_ext_export_subject_key_id.3.gzgnutls_x509_ext_export_tlsfeatures.3.gzgnutls_x509_ext_import_aia.3.gzgnutls_x509_ext_import_authority_key_id.3.gzgnutls_x509_ext_import_basic_constraints.3.gzgnutls_x509_ext_import_crl_dist_points.3.gzgnutls_x509_ext_import_inhibit_anypolicy.3.gzgnutls_x509_ext_import_key_purposes.3.gzgnutls_x509_ext_import_key_usage.3.gzgnutls_x509_ext_import_name_constraints.3.gzgnutls_x509_ext_import_policies.3.gzgnutls_x509_ext_import_private_key_usage_period.3.gzgnutls_x509_ext_import_proxy.3.gzgnutls_x509_ext_import_subject_alt_names.3.gzgnutls_x509_ext_import_subject_key_id.3.gzgnutls_x509_ext_import_tlsfeatures.3.gzgnutls_x509_ext_print.3.gzgnutls_x509_key_purpose_deinit.3.gzgnutls_x509_key_purpose_get.3.gzgnutls_x509_key_purpose_init.3.gzgnutls_x509_key_purpose_set.3.gzgnutls_x509_name_constraints_add_excluded.3.gzgnutls_x509_name_constraints_add_permitted.3.gzgnutls_x509_name_constraints_check.3.gzgnutls_x509_name_constraints_check_crt.3.gzgnutls_x509_name_constraints_deinit.3.gzgnutls_x509_name_constraints_get_excluded.3.gzgnutls_x509_name_constraints_get_permitted.3.gzgnutls_x509_name_constraints_init.3.gzgnutls_x509_othername_to_virtual.3.gzgnutls_x509_policies_deinit.3.gzgnutls_x509_policies_get.3.gzgnutls_x509_policies_init.3.gzgnutls_x509_policies_set.3.gzgnutls_x509_policy_release.3.gzgnutls_x509_privkey_cpy.3.gzgnutls_x509_privkey_deinit.3.gzgnutls_x509_privkey_export.3.gzgnutls_x509_privkey_export2.3.gzgnutls_x509_privkey_export2_pkcs8.3.gzgnutls_x509_privkey_export_dsa_raw.3.gzgnutls_x509_privkey_export_ecc_raw.3.gzgnutls_x509_privkey_export_gost_raw.3.gzgnutls_x509_privkey_export_pkcs8.3.gzgnutls_x509_privkey_export_rsa_raw.3.gzgnutls_x509_privkey_export_rsa_raw2.3.gzgnutls_x509_privkey_fix.3.gzgnutls_x509_privkey_generate.3.gzgnutls_x509_privkey_generate2.3.gzgnutls_x509_privkey_get_key_id.3.gzgnutls_x509_privkey_get_pk_algorithm.3.gzgnutls_x509_privkey_get_pk_algorithm2.3.gzgnutls_x509_privkey_get_seed.3.gzgnutls_x509_privkey_get_spki.3.gzgnutls_x509_privkey_import.3.gzgnutls_x509_privkey_import2.3.gzgnutls_x509_privkey_import_dsa_raw.3.gzgnutls_x509_privkey_import_ecc_raw.3.gzgnutls_x509_privkey_import_gost_raw.3.gzgnutls_x509_privkey_import_openssl.3.gzgnutls_x509_privkey_import_pkcs8.3.gzgnutls_x509_privkey_import_rsa_raw.3.gzgnutls_x509_privkey_import_rsa_raw2.3.gzgnutls_x509_privkey_init.3.gzgnutls_x509_privkey_sec_param.3.gzgnutls_x509_privkey_set_flags.3.gzgnutls_x509_privkey_set_pin_function.3.gzgnutls_x509_privkey_set_spki.3.gzgnutls_x509_privkey_sign_data.3.gzgnutls_x509_privkey_sign_hash.3.gzgnutls_x509_privkey_verify_params.3.gzgnutls_x509_privkey_verify_seed.3.gzgnutls_x509_rdn_get.3.gzgnutls_x509_rdn_get2.3.gzgnutls_x509_rdn_get_by_oid.3.gzgnutls_x509_rdn_get_oid.3.gzgnutls_x509_spki_deinit.3.gzgnutls_x509_spki_get_rsa_pss_params.3.gzgnutls_x509_spki_init.3.gzgnutls_x509_spki_set_rsa_pss_params.3.gzgnutls_x509_tlsfeatures_add.3.gzgnutls_x509_tlsfeatures_check_crt.3.gzgnutls_x509_tlsfeatures_deinit.3.gzgnutls_x509_tlsfeatures_get.3.gzgnutls_x509_tlsfeatures_init.3.gzgnutls_x509_trust_list_add_cas.3.gzgnutls_x509_trust_list_add_crls.3.gzgnutls_x509_trust_list_add_named_crt.3.gzgnutls_x509_trust_list_add_system_trust.3.gzgnutls_x509_trust_list_add_trust_dir.3.gzgnutls_x509_trust_list_add_trust_file.3.gzgnutls_x509_trust_list_add_trust_mem.3.gzgnutls_x509_trust_list_deinit.3.gzgnutls_x509_trust_list_get_issuer.3.gzgnutls_x509_trust_list_get_issuer_by_dn.3.gzgnutls_x509_trust_list_get_issuer_by_subject_key_id.3.gzgnutls_x509_trust_list_init.3.gzgnutls_x509_trust_list_iter_deinit.3.gzgnutls_x509_trust_list_iter_get_ca.3.gzgnutls_x509_trust_list_remove_cas.3.gzgnutls_x509_trust_list_remove_trust_file.3.gzgnutls_x509_trust_list_remove_trust_mem.3.gzgnutls_x509_trust_list_verify_crt.3.gzgnutls_x509_trust_list_verify_crt2.3.gzgnutls_x509_trust_list_verify_named_crt.3.gz/usr/include//usr/include/gnutls//usr/lib//usr/lib/pkgconfig//usr/share/doc/packages//usr/share/doc/packages/libgnutls-devel//usr/share/doc/packages/libgnutls-devel/examples//usr/share/doc/packages/libgnutls-devel/reference//usr/share/info//usr/share/man/man3/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15159/openSUSE_Leap_15.1_Update/1eeb18c8950f40cde1c9ed3060f64e1b-gnutls.openSUSE_Leap_15.1_Updatedrpmxz5i586-suse-linux directoryC source, ASCII textC source, ASCII text, with very long linespkgconfig filePNG image data, 315 x 245, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 423 x 353, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 472 x 321, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 501 x 205, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 633 x 395, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 492 x 242, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 313 x 286, 1-bit grayscale, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 628 x 346, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 331 x 401, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII text, with very long linesPNG image data, 572 x 334, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII textXML 1.0 document, ASCII textPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced (gzip compressed data, max compression, from Unix)assembler source, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)PRRRRR ֺfs5Iutf-826fdee519360fd1bf9690010180e03a17ea05394a7f5c89f97643264540dc770?7zXZ !t/'2]"k%+BBjg#x=yXO^zL*BoN๥uØF?t}yPP#FΓu?M6fq)RcYAHG#!o(?pNɻ|T ^7 7ɔF%f;}sv\ K}q1YesPaL6÷d /bДEv&ߝ6dͱ3f$%G7oSC3b|w:_6?][֨zGRؽW7xph)\C_T=$CqaeXE}ظuQBQɿ\S^RE)JX&ǐʒ.<ퟏV`"#h T̺> dRF,T;Vv ExquK^%bXg H)95dE:=H"_L*MVi(2IPqǐu,0ru7{E;}L1ik@h1]}?JB"<׿MjG;6vbpó)(fj7.- pfMH}:$ӈFF'b% ee&р3^Y^zlsՊh׮{rw2-62g3 PxxLdƚm=.tԴ|2ۻ*R_" 4ʺIW"w"ݤOg U[G LX &| 'Z~6ԓq(Vl-85q. ޚh$%]d{y!3TC0]qpϾ~[8+u.\IQņ0>9{uN\32͆tTeENjtT SItN D~~M5~ vCƪk\) su0@#VJZ6.u_';Yll͞7YId8͈&L @<{ ]Rܭ JT6-zBMSBg#.p'-1q7ҳ v mle͵DzS"iF'Qί#$-G*6m 09-N6R]޴+A# ?\T%HM㵡'2Ǫ>]]` \YrVv3'0{IP ʅp$aMaBrg5)RɵrQ<ܶulB»8kdhvȌ=''7#{S7rjbd[lf|e{+@?Q+3q[,|ImxeޝiܸZ*dW=D$0b{Gk !iCTt.ܟaшoRwVs"׮]SZ0/؉ QE-! \J1"}T1piG5Έ60@ϖtZaUXym):ܣRa3V9.fv?½QLXVtRI*'}Živ*41zbf-ôn=#ox.W/$Q%R  k_JI, `CG0iii=63|tH~l;!BR\ɣ}ܣVo82EOw©d{oⰁb+0T/Bs~z#eΠ?@kX6-bZ%ux]MoYĿ6#˾kB,xYOOv.K;ퟢDIviǺv0HiknÃEb5'IUsQQ| KCo(c$ͼ00s:UC=HǦ\͠[򲱖 }4>(IFϏ{KK (4{Y[R0zMBvG~ߪ~~2%geWJ9iHɞdžGr};=0*[F&pn{ C l\=+L//G;Yknm__ }2Di)0ȇ.$ 3b+ vdf-%  !͹a[o @SD*kf\QkSӨ'kasj.L'\Ek<'w$ZթMi'*yJhV4SE}|$`}&<$h{03X:(N0U YZ