libgnutls-devel-3.6.7-150200.14.22.1<>,cVp9|3#Xi˰$V qb5= RLڷNm‰by*qP2w.i(}<:.9?R~L*ݱrfGOh%5D@ZD=1ߺ}8ۻ ԑd򀷛F%'•&¢˧4R6={S eNe\N;`W{A~+)ޠ] Coy*@O܈x!nc=n|S0^GΤ&+W(Wl&'P>B(?d ' P 6<D n ( < n t~ʰ4&(Q8XK9̈́K:җK>?FGHIXY\]'^ bczdefluv$w݈xyzClibgnutls-devel3.6.7150200.14.22.1Development package for the GnuTLS C APIFiles needed for software development using gnutls.cVibs-centriq-6k SUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Development/Libraries/C and C++https://www.gnutls.org/linuxaarch64 ALL_ARGS=(--info-dir=/usr/share/info /usr/share/info/gnutls.info.gz) if test -x /sbin/install-info ; then /sbin/install-info "${ALL_ARGS[@]}" || : fi ; test -n "$FIRST_ARG" || FIRST_ARG=$1 if test -x /sbin/install-info ; then if [ "$FIRST_ARG" = 0 ]; then /sbin/install-info --quiet --delete --info-dir=/usr/share/info /usr/share/info/gnutls.info.gz || : fi ; fi ;f-$& ':Q?d  @| cEZ $l!7@@H%M#boi;wbC*<"  1"DKa@=742523$dI&g DL4~}Tat%7O*s&p{*XRQ&2tv8(v iDF 6RT)N#O+yL>Fo]^||6nG*w:d]=rtXXP_C^[dBIq>(@4# uQDPOk#_J6b>617U.WYbozjU6-QB S9+Ss'Q,rW(p@7_3wE_Abu=vZUt5QxHCM,X,Y%bBv-$=;:L+H0}bI6~:+[8 J#%*t\"H_  k_<GmkFmjgRfQP%t 0[(`<`p%6X"  OWAc W -|i%10#s8%i]@ei `WJ`/PPf$rxMQhb<^4VR7_6N$K`/g]#bOc:A5~DsP2Ox%?? 0.f[*|~L"8-/ =ji9+b=!u|d|kP:.R(]{<m>#xwE)YSW^& oNS6 f)R9-)C. 23/p(>occY,p:%*,(Z/F2B'&&#.*JB# $UE%T\DaIY^foR@cHwmiV"}Am bcAQs@pfL$ |rA큤AA큤A큤ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc3e67342ab9cd25553ecc9d415d40e75c081408f4d4cc5a7653a9b4de24b4403e393c0f0491cfac06a1b3c0be312dff31b0a0d13de20d2ff043370fcfdb0e4f4331885861a6a1db09b12c9376495deb640417a5f6465bae3b317641c6daee44f46dbd58c791ff073ec387d54c3fe5d8df767547ac9de4116a83ef24d764d43b8625bc717fff3c90ec0693398ffe61e1eda61404c080511e62953c1254f55ed7261f66d8dde8d7651c59d38fb5c341f6a2fd59cf525d768bc57347d5cf22e8305fc54f5e3e75e0318a1ee0487551e27a2f5ba251c22cc24c6286cce1ad3449ba6ae674fcc66dd15ce4e7cfa678e28c64c2a2b8ceae6e23e8ba517927c9d779230eea3dc720c96359c4d9953e142bea67514eddfd15c79dd5fdc1ccfdb8229042967a988dc53ee0be2490a8fe36a86ad1af1a71cecf4c41f4a54a4fc9e541cc106743c727c2ce85fdd599fec5b4945ceb208905ca2c89851e3d6c0f9653a468e804170d3a51dca15f272dd4217e417b801dda9ef45f02be4d6d8067bbc507086ccc6a97fb76196be05ae2a629d9a640025eca6b2a988e7bad1748f7743bfd4219be66ff500b44b3f4e1c1a88f4c6823ba998cd31de8e54203ae09c2d9d71947c60a62ede974120630b4635aceb15ba85887ff39c4ffcc0af77f82cd542ce8737bbc79cd64d808ae4c7412b5bf0ce1d97e6eac0f5fd84fe66df31076a1b1ea4e84f10951b765185a57b8db63c0f8652c3b365220b37f4ada2e7251a2c2a0e993a10f5c93bd19ae62168f9dead98e86e6a6f29a9b2fd4c2804b4681007bfd3b7c3c19322703c511560119ecfc58fb3526700f249a0bc14238a007e2de6511997b9aeb96190117e20a73f657a6a49de4911a8cb962f5674510772e0213997f79f79caf06667d98847a2e125fa9031268f0d4cc831fcc1bb0e5168449b901c41568df83256fc598d83f1b64c0cd17bbc58c7a5fa91d08eee7e7778935f475e2975ea5307775fe7db9f7aa86c70467a7bc139699d2564a9194c60b4cd477208aae100b516595f93074551ddd3fea9bad64f8f8f65cf0aeea93105b34e71dd8e0d2f845982fe21adccdba673e47b126ac659b90e9eacebd2618df31b8da7cdbd5bd74f8641a98347cfbc1df0092c5acf404a46b452794d6314988af79093bfffaed4ac57e5e3817e5e61792201dccc9b26e15907f1b5f151533e71c222abd68ac4d30eaee92ded9a12a068daa9dc5c266a3c8d98215a908a32b131d5c5fea84e767b9288b255856ea9097ea4cd91f1f4592def953540afdf78d67d590608bb5647dc7dc48b5cf2c652e1c0e84955e2b6055f2b786613637a73d5f7c1bdcc8898d3f2fdb9068fcd9dd8a3be07c6af5a7e5bdf5375bb275e3492e9fc8ecaa4ec463627c2d8c4759da0963b5cd5b322e1d781384d1e5e204d7173d0ccce7ada7624cc7d934f9bfb8e36975d54aed08c5d4d8e38060e71cf88472118f351941a80320fc8fd26f3bcb227fbe033e0611ba2f2d5da7c1275334fcb994035e80ac6918260321135215ca9bccdabc25668c2a25b26f0bf584edd004e8184ca003faafcb347c865f6cf9794cbf48c933858af0c814000890f567990ab59880ec426d9a98f2306ec8707602eacd37f60767b99a37e48c502558fbb73d9ce11896a8f3bfbaf644c407e29224268008e71272f11c91afb8c2430853eafcc384a9086e1b55314becfd872fd2b3c99909c49ec9a29d0656c65fc96b491357faf03c5c15abe40b7a8d3970a690beb45b940a9b90cd00d6695664667024d17e5eb3de764730668b89d6b53dfa0789b3a3a4a129b5da7e708f5a4f9e0052987bce55bb28cc12587cc49d14c453674cbf3e7b4109bc94177c7c3b57922d23987175d29d71b33dd6108e3a4d049a7429ce1051ab72e6634841727da48bb2f73b45c3063fa2490480341de92139353b3c425c8916f76a8d91b3d35110dabfa19a7d21e2c452eaba4278818dac7dbdd7c279f5d65a7ad6e8d302f21687e36781efcf303d170f15c2e233108b1e52dd067194e93871006f6fd989c6ef7f6490854a4b664fe55dc5dd28b13ae7f3c2dc67bea03002c2fce84e129128f38e8bc52813b8ae2eba04dca0cfbe82c65b7900f8903814b72bddfde01d0b4883f9288fe55829acda89653217a9024c3df18138a0e67b6e74ae2e4af12985bcbb0e07c7fbf38342be9b0a5e4192440f703f6349b325a8f764db03f26a26a4d386ec36ec6d8a8c88045100f4f975d8c2dbe3ece5a3fcc65c4f0954b8474753463d0c74b62180c8796b4f0760048dc153a2026c430c7c67f74b68103b066759b894c3e62f83203d125f83f8b4a6f30a8939a776ddabc43c84f955d142c35d3ecacdad5d26426bfa29c9d4b92167ffdf2c3b16ffb888616d91d935e4b1c6fa088f1b2e48ca9cce03927ca176ce6ec937483a3fb2a7bdf660b546e445af4b8aa8a242ae1b316dd4abf17e1475ce7af2b64ea59b66deb8d4c0b705140df77b53be04294d2a37c89f1e8c393a3a3f52c97969f3385d9d73722bfb6c37a5e59c40e2faf294d2b31b0cd02773fb3828181e34926af0b5c12c36c3784098af709d00c7d6e72231ad1335fae4b71c65c22459e5041943aa8f6b02fc34da2b15a59ce8e38c79f83f3f313ef40c6efe21b410111d355129ea84b3633028c41c01b722c2225e4ed3217b432c3824a49d9d4b4c63bea776b263e575059dde0b7ee712ec5016d487e4ef69158d7ca9050b7c785c1c5534403549a4a6ff7fe18451e9a4baf55ce18ff0b4ef983f7f6e6e1b5cb269f2c737429b8dcd7b21e3eb7ffb3c90448da7e234088a02eef664ed4b255b466b87bdd0965ce8280f20518bf956cfb569a886430330d193034a68bced45dc2e20c219a7bf20ec747bebf05bae48663a0f6522b13a6d48820b9836d27d54ca6f9a8aad4f5a874646cc3d6623762a33c3d152684f117c79f931f3609a676dd358056ad7dfe9cfc57894564624dc941e3edb5a412675c2f290931d05afda93ab4963ba32336858064c7ced923a96043e6d615d8a107f5289d646318585aa6b1d4432ff0c57e15c41a7580bd8d8db745ead5628c798d7528ee986e5e3f03b79ef11545ad231d97816272dd4e733c9aca2c483a824b2b9d48cf041d317b53c262387c4391901226b859dc3405b8fd66faa5a97415a9da2fd3b1943bf6514006fd48e4a71140b7748f87f09a6b95a2509bd63db3707011ac671f1f2cc9ac5e03f9762451aeb04a1263f8f1f90ba830aba8c58bfc4503e22f3953f76a161e3025074857272ec8bf9c2e75729ac5b2803d1b32a776e76f9ba5d6e5a2f7a36c924ca9bb183744651fbb2aaab42fb0042708f293af90f35517995fe432e6dc45164455b7a3251538b65c98fe1f84fc2900a5eddef4fbb005a5cfc953cc46d6d75d31a6bb190bbf41231ffe7ee1604a4dcc9b488e530a841da612b12eb9c40fe2b16d730f1f7a213bc16f65d5f847bd1c835a38d096cf664859c48aaab247cd7eb2a86848f3959fb8d1809a7a6d572816c75a0cefb480431be31c44f2d74c35b323c811bac31872e74de1725052b7cfeacbb44d728da84b07527b7be878e93ca2d4240a7b2d904c6f1b56bded57261093d11da05ba29d16f48f246f1404535a32ff3fc838e13ab5ab6b166b534953f87fad3b7aa46a035b3353240794b0110503a4c07cad0251af34058b12b19624b18c1a386f3128e37c182154385a408eb2ff355f69f18aaf0fd380bcff7d656d62752a1823c7c0d118107dc118df05519fd1df9d06c6fbeba3f989721260b228a4676c6d2ca30829169f832c96e77fc9a3d4129b22692eeb301fba67e9e8a1173790e4045b5808fcf94bf2d1b50b58ff34587c8d1d69bf6bdddf53066ec00870be481d6e52956fbaa48e90622aa10b478cda9a9b47ba19b11eeaf8040ffb162e75a34592a45c8db07abe475ecba7680ec06aedeee2538fcf701f0867d98eaad658d3bbdf7065c36f7df146f9c27a2a197694c626aa037fc5dfbe2caf0b82f43580f98fcd27ac91581c5b475db7d5050c0bc3f67a4f43f8979563372a5dbc45337e50c32f3bfd44e281294f6108a69e24f576e3e692e76b25dd6b8b397f31e26210e7a3dc4cb23fbc4ecab4d95d6841294412e1aa41e2a76a6b1ee9da36193a8c99d8bde6de2e2d3dd63b82f544b26c4503927e07eeff57c07f7ae7daf3380b2574ae98c53ff40989eed35b7b43f5af4dc3fe3aaf6bfff17b901adb1f638d2195ea75bf0e73bddddd2bbe89c257e375d348c6ec92879815738f1ea65d25cf66f090fc4253c849a2423909f762f4fc6f00b851bd59f5f7707e959021e3dd5dfab3cbfb158f38706e7f50720bfd2b3a29a97e81497b2c86935f5352776befe048a32ba16e788a01a90e11cfe6b5323ee080d3b21b4d8153782a90c4076d9ebf93201b91ffcc73789c6be939148dc6b0c4f3a791ae50a3231dc29c2a0d69feb958143517f0124fb45efdd1f57bc8d032020fd299dfc11c8085445d5fa54f1ff7cfbbcde66b168a11b02577b15ba2dec274b578a8d5ee8a1bb2c98b8f25954beb70e27cab8fa8e78bf1bd785d09198780f0a48ebb038e7a2d644abe54ced79558f05801746bc189f7cfa223a4e0e842878c4a38fa6a7e4b1346f49a8a214edf5e86eb9c84be140752e681caa18b31310ac5ae7e05c042a3770209b4520b5881d52a9a4a9309dd735dc7697e94fdee5f058c22cde0debb762e3131e95b80c929bb7d7d8df95ceb2604d32094a715fc7fb653bcdf814b51a6f7b86ae2d0a1eb56c101c393243def3fa802b8c9b8f5ad36256d39fb5f0cd637182e5f0037245736a982c9d4d744975eb028568ae3ffba24f0b432b136f85c7e58f8fc5f8fb29868e1d27929c2916bbc5073076cf90aad02d1a42c2adeeb35ae37a3fa6837de7bb335fd72786818c24c9519387f582a129b87a8aa768197fd13f4d5a673a4baf8c65196d2d8a19a3ea1e177faa76ae4ba03ee56e67389b380d00dc2ca14cd859ab9ff8d086fa1918c20ae2b914d0fd5fd89e703fa26606a4a8b8cd20a815fa67e0b007ccf0a71a228818701569a4bfb50054b2c4134bc0e008b8f24e31979a48b79e90ca101700a01bdb7f57ab1361606b7514aced96b12f18dacda285e08fa6c4ae818577acc5416d40f364f2ebf6e3831431b018aaa7af03746ea1f55261952d8b73b11f7a7ade596d804c208bfc22dfb243c0700f1ba1d761c4b3c44d7f1c4e3ab91b0cc87ce0e18792aa59f8fc3504d58e5ae90af3b0c6da7dc9e17773a62ed6587d42e0c977611473e3bd036ff7d2756abd8231ebf1dcc2a261c5d1145ffcb139aa60258ca521276800e259c8446d35f234db7e57a54ffa28f5cb5b94d1af0f9c4f8cda4ac34bd834e92c36b018edf7c1efb4141a2a7d8301bfa98a0688ec599ca0d307ac857501cee676eb2a32488b2cd105e9e0bb488ab65a16c03d50c32a130a61f6dac2261410fa82df9ecffe3477d17a15fab18e7ade22309ada2af7c745ced250cfe2230870ca26c8b20e993fd313a68acf3b190a02e422f097a494e8c2b7393b0a66a26d87cba7ce55faabb8de23cf0d57e6c21f7c77fe2f46a0ac5cb5a592a7aba44a29488436f7f5a647faf4d5661ad03838c4ef3b0219063faccaacca29cd2fc17138ca2d8389124ac13f96d4bd4e45898e11d2abbace99714262f6e2b1edf563309c06be894123f59b015e618e1cb846dec40a31b59575a7a942c09457ae900dff76aec7db8dfce0f8908e9ada440e00b5aff7d3524aa27f56b82ba39b3ee4bbf413dc75b256f6a8752b1406be9729c7d12bef68feffb376bfa934abe57789f0c8dfb887830f917c03c0075268b65099b10a58fe77415c48e461b93ae2755c8964afa403cc6ea55d9ffafe85832a66b2ca746c2d57f9c66947db51aa2dde2d497d8f9d44e6a7ba237ff2c5cdd2218b4ac15a6fada8f07521545f8072609d0b119f95f03191372297a713b3ff02581e908e60d08a2ff96420608f71e23817565b49d8caa029c336b495cb8719599dd961595408c6889e0bb890b8d0768e70669673715e1ff980cce5ccda14698fc783f657d0d528623f9689108ea798eab4b3f7f35dbe680943fce035f53f82722fbf9d09510f2452fe32bce5ff3105e230e45f85bea36eb9495cadaa83e656c974bf78642dc87984441792bf2efa41eba6de6853b4e7fd7581b4ac03f1c48d492135b9500dc0a9b98cd862b51398c5a89460cfba3b2d174753aa3ecb61aa736cf96b34ee2912cc8f3b68f594225dc2d13659a4812fbc433e7142669b01a85e852396f9c1fd65bb76860a200ac9e980b51d7dccd8fb5037190b55a35fa409d9ea5eb0b24db656801d853be8a4731bc40e6deb4112ffadfd72aa04bd8438b765bee13d1e70da09bc7d10c7e9d730e9cbf6cc81e727a778c654dd7e3682f918d83280abd5e8875df0dd44d3c19cb83482125d72d2421cd72b15681dd25d417d0ce6ae4409ac043adbf1d62d7a9c747fdc902bd069df64ac2e63405539eb2cf8595ff1116c204377b23e7ed55cc82555ad8ce1971715fd7acb2f919bf450696e131d89fdedcf0966d8b5c7c1df27a4ba1164a6d555559206b5126c081fe0edbcf67e1aef6e82aecd0fe4b1446309e0a206828c11f76079e483dbf024b86be5655169b72749f4c223c5c4142e1fa3a9a9bdf211d463c94425698720db149d519bc156d9678103bad9f8b8c015f5ab604b0c388c448914d95f913e8b280bfe2c2a780c6d0a666442c697c6d73605ebc6e16a03341b021e18a9a98008baa96799f9171b5fca85e9b1fdfaeed42689c5514091c420d81d584c42ad059b00cab8c948de7074fa94f4adee6311b56cfeb8113886439ef0b704d1637c684ea90b6fb586b8bb0e79dfb227817df9da409fad371bb9886a4b1b78d6933d09de86418ef579d3ba30d9635ded61b99b2acf444cdb3bad67b6e22f05c830bda9eaf49a87cc17d2469c2a6a148f2ea11030b138a1a1b41827b3078b6e8e834e70382f42d6dae6505aa54f628c432578222c2bd8b2ad482211532c48fa7400398e2aa184448cea8c8de22224d03f6f14053793e878a0f19747f78c3aea7ee2d2aa57aad6a20cd3b45bd7796881d44a054ca5eb94d66474a600d4e63fa002d2baa3ce1f00fdb53c547dcda8fd39d2216f10d56a99e506a9eb684899dbb4ea87c7a9d6b71200bf0cd360e5a507b8b4b356de5053c647ee892ff7b84d8cc3fe527aa51f7d49aee7feb5f72f65cc37d79e7651fcae81b702f10b368218c34bd832523e26b89f5c56650be641617cc90542f2fda7735c315b893e298923b2cc6ed8937fb5a1d5b1a15491d4f79ff6bff56aec16b140943fd3cc5e1bdeed9f9c19f8e5faf3d01d8e8b1447196ebf7471dae364175f9857de0c3d330255fd1343983884ea1a0004da20c6c74c81c587b88d221819c5066c0937b599e3e58754c4a5f4f6e357aa58997308459344f507c7f11e848372a3f0b44f1da0ebd02f10a6692b6a6a48b3588b17205d439a67a7a9654fd4d4bfcc0fc16cce7f8fa09adb9817c0d1d4b149b20e6073621389992f47e2c9c55ae4206f60a2ae1ca81c157656c3266dcdb9ba91d602ac69624a51d9c98637d8e48ca39debfe648e46fbf48b9af317547adb5bccb6a4524061e127150d457c46ecb8d8a886bca6ab303061e35a8484952562ba76363f9cc7e84ba39d882b1ae64dd7da0be54df3966003f56d433cfefcd8c906f320a857b1831e4661a06b182823e33d707a96151340f248561fb29b8366270a3be6efe40fee598b50c72cb92c3bee0de1f99d405913a53f54ee9e08c66ebe70cbbafb331ec319e63f95c6347378d06884d742cde0acf9ff3a439b42775d6b69d0113396b4ac2e34fa3cd9415ee7b075b06cc461f3c74ddb4e827434c3200ac6e3cf7746957ec3569e96377ee44b918f1d02ac76c5324c4836c7b004fabbe9b88eaf002b15bf12d4a3d02705dc9a02cef1954b773b4d54a5fc275b1fb0d785dad1148aae64d91322b2f1535b0690b0f5132d4b5f6d2d8433c442dd17b9a3f9511a9f4cd802dbd710494874be82b949e12515563eb58b60d7c986ba80f17ed76b8069fbe23e7009b5290ec64e6d70b698824427ef125436204cf080ccf896247d300c3b7d811af743205d7517711747781e6876eb011f0899fc613447d118607170fdd37b8c83fecbddb7315e6e39ec7c6162a9f28998507a1ca13882c657ed4b7db0de84cc078dc977d580f6ba236de278eba90ec78e47acd23e686357e0d977977b3b4207440239b85ea1e49349877cb79c75961298fdad8455dc1b89a5e6f381dfa9465a6eafbf2e6715dca98424210815c8a51a34bdec106949273b29664006e2db63cc963cee588d42efd72f640a909f747f4bf9ea1045eceed9673915d7a3d2f17351f4ebcff80b4eb7a79292d77d57c77ab09c982ee6ae935a8dbfb85b48e49aa3156c5f24bd0f7ccb27b493c31fc80147ed76dbf4737148151c5926d4cda44f3cf350cd996f1e9f371a9e913fed4d172f4d04da0edb8d7cf3f9de414989f197e47d1fcb40a39382b321aa652ac926b145e07f8f99f29b5e0aa9e9d77661421cf7f58b42df1b2df913d6508887afa67f5fbd4dcb9ad979c4ff62d9294bf23154c7223120e3f43e77b77caf0361ca0df049995cd80d92f244ceede8ea848a1a2ac4fe5c2149ab7af6a145f9647485efa70c755e1e0e5fd32d61103bfa4a88f7808a61c77b1817430cf8c08f644eb50185d35695d49575542c25cc59c92e6cd77ef80b9690b04fdd434d190d944974367bc3a173b640b1d6d1c9811bfaae39970967f2d6a090ac2eb758ec429f45e359e10b4d7d293d3122557500ab2cf4c4074dfe6b0d4b2b2b80c468c96411f6a90c4ae086a32e9802292fe7a28d02d6471cc3bc9629d25787fde3b8f93ff59666297d24e9b211f9dd41be0f64db6bf018421f9ddd55d251ff33ba1703ab5d28df04f8578577702f58c98b8b89d9dfca968a6c6c4814086fff7b4a1c686d9782ae5124aa3cbe544921e6bd0ac0d1e541948d257e731e80800f3ef721a1d729d9c7108cd2ff01479adae790022313a77b003e035885a008da1cb9765fbb41c8ae4a4b7b36397eecc7c92a57ddd1eb903f4cc0ac72e4d44edb5f37b7862fef0b6d235ca7cab36f38e67432135a346067a3e3c873004ffe222fb9d9c623d251f23b13197d54cdfa20e4346689b6bf6d3d19a3c55d0586e9b41a772b1ea2127d4520fa9970b071419ba6018673d69182512db02d5463209bb262efa4c86fc744cc6ddfd585cd31de7bb80d8e7c32d1e7dbe807ff31ea40ef9e0272694177fef96bbbd7ae9b41f905a4f6da28be2d40a02f71c7c30e9d2aab818213f4b19da9edf027765282b3b6ab5e1b46355282925aad6f969de2f8b26b33670e95896ac6345db0398bf06057077ef876130b0be900b6d94e27b1c7245da2196d544bf8ec63ce5642515a7754b1cafcba9f08bdf5c86aca46fe82f8a6ae6ad63c8cdf8544d031f480a035f338651cec2de3292ed64b8d913078c881df4a628655f7234b0a8246a332dcec28d3b1d9036e95fa5948cea589ddbf6af7dfa7bbce978265cf7805ade26fd322191f4f19bf13c3c6db33cf3e4a3aa4a4f6f68ad25fdcdd7ff1acea608bd3f7d9feda67a878c036273b1b4751774acf0ea49c2dfa17559ed8f3db9ee3ee69ed97b7707d5e5f5256fcbcb0199190ceb7fdbffa913fb9f7933d4f428465a919bbb622befa0046c23da91d54c4911df431d23b029695c47eb9c93b5d5472ecc8dc76e8eefb284eb9da5508729320bb7f9baf2f2bce3cbb9ba3bb0b99facc4c5c4852c3e87c2366e8a51ad0dbb08f7dd99a513f89d9320c7d64859ba387e6045972fbab033e814826ba2ef3e2979e456ba851944d2c6a1c5daf85551f5f3f5eb28991b02e080e69694a21ced281ca4246dd65319c533b2cccfb9dd0ec7814d5539f2d1291be6da4de73bfa15abb2ab45dcb7d0e5df77811bc6d5eaa23ec9d02bb1bc3eecc409896a8535ff28281b5747334cfc102d3432f2b9ea8bbda62e4dad27f59d851917490df9ab2936ef24600c0616a9052300d36d596f84530633212807ddc2b7f60c8d5243a3f4846b0aa6742b3b087a1032106e417cd5356dbb7db838efa0fe2f939978eb216de041f4b6ac0f4b3112cfc11f4f226f18dabcc041a5379b01eb290a1264e96f935168b2bd1bee0256ee4bb0aa682f820f759e7e3973e6c23cabb03f4913c759528a5cf6ef5c7403e99d505eb092aed0ae119a5f09ebeade25243ea86f2a05c46de4913eeec4aff6346cdcdcbaee3b415d0dd352d2a05b6f1827ff8352a0a1c9d9750af88a5949bbe9d2d210b5844d707f6c7307e26319b0a90606a098104716ba6dd130a152c77264f0b0db3229a42b294b33511dc4a336780e8098870963900b3a0d9bfbe3e13018da465441b3dfff899c87586a0d0771088025c8d079cf9cad28e02686f8c9f442a8839e2099adc6a760765eb71075c4fbd53b66c88f6dd6e04740a76fdd159e0a6392d457ae27128835b30f612be7ee21d27d31512f9710da0284cade985c5fbba36af699d6fb2d3d10ddb8df18660a1731b94458b6f81153f269af1ac2bb179f276158b046fe03f5b2ba312817445ac5397fd7a7c69a9c042107b44c64a2cc3ed177e7b49d63a2aa54e9ebcdbcd3ac585795e888fbc3bfcbed4f1f76d602fd21d3d672444a591c329f08904d3985a4c7a136fbd7b335ea20ebab50119ece98c17f295aed660bf6e8e2583f7e2303d195ac0b82d6438daadb4f5836fdbcdd51186efe801abdc009ebffbcda728703c2c74a4af7439343d12c4dfb8d77ca5adb27d5a492ca9c69553deda87c71b70b13208d2a01d55e97c551d71224b75c0f9be05a73558e6c8c246285b3571576fb66e301041ced012c9c2b3609ebb386a95f4ea210c869ddf9c62d010d338252a6e1ae1ec09e6b973c992b03d90b4ee594a623dff38b085c0ec184251c828faefdd1befbd3d017681bf6798459a53dd132472a130d43a994ad9714ac2eb8d9f0ba62bcf3acc2ca5cfbc6258ef0f6dc325b8b2aa0485c8e8f63116205c62708d89f7bb00270ea7a2f0c7b9493a9a789ad64b5c0a566d1690e48839b87c3229a5474b9c77a5f273593ab28729efde07e5aa5f780cb40f49db0de6bbc160f78e771f78783d863c91308ac49ee39df409722eb87d11e5e8c69ff5a69ad4fb14259b6dab1d3207926ed65937883d94d5501604aba220e5c7c71854084d14f9b4b6116f84a7266e45039debccfdeaecb3c6e761fa7e3d64f792e463dc7f1c02da2a10d70ffcfb4054a9ffe22eb209689189c1bb54090ee4d811c4181dfb94c063b24e4e1527b6187eab8ce65c7088af67bb06168957574c1ecafe54f317cd422329df9f74b0d8a6b5376e611c6aa5513d15c21afd7391a0af1dca0b2f298ec3ad1c5f1a7dd4a07eb6c5f3f1db02078115c29159df56bd5ffe573e085f51175185ca8478e09effba18ebbdd8d7414d731a6625c1bcb72ff0dfb4f7940b257538f775c13defef1ed20e4ca9e0379cafce9851826b9bf5387b41dac93db92a44813ca0b221908082cfa2e68901041675cde7eb7b5f23c3467253544c3cd931130a7bfb5ea2e7fd4421a2db70fbd69666e0a304f918c515b732f1f490c748f7f47ce2d9056dfe18bc86d2409230073bc94db66c9d1fd2c3a03949b12bea09dc629b412b86241c418799a6ebed12534a3f40b6d44bb22dd5e688ca05b2a0f1d28ec978f7b79c7093d033fb2362a9492e50dd7ebaca87af35c8bc8221da2ff22f58b136f0273520288cce551110c67b7e7f9bbb931015325805a3029294300b27153ee11694fcb79be53fd11742c4ce0992362538b1655bf197c6f984277cfbcc81fd343a3f7ff1088b0b207433f890c87004fbb30770b3f97edd5b70c9708e9dd230673afea770a26f4b3f73d127ddb6b3de23dd0fdd1e54fd635d83a9296b277907b55297c6d7ef91902d01aaee96b22d661e8e05764457b22e0241162ff1b62a03a26b81968ad32d6b14c7cba9ac2e5adfa8224c75e8c2bf1ccc69af320bf42d83b2e18595003bfbf5038f5b0f52137a71812b6096278ab08520c40d3060490eda7ec18d35cbf245c25fb013229833b5264db78bb4e051af2bc899bbbe87f291c193f7a16ced122c74ede2b2ee92b6c3d218f6da53318ec52ca5ade8a25e73dd4482b17221c17571aecd631671a33dcafdbdad2f569b57bb37bc8f8584b5eb10eb8e6312ae82e478a1674756573125a14923969d137a479e379a2e0a22a1390016aac185a0b222d367b188721dee63f97918db60376255db1acb08d858b6602592f22b1fd753ca71f016309ff04d33315fe21476a0a95df90efb0b69a55cc91963c2b4123d0ffcded4b89fffd563bdcbcab659dcff77009315fc4f4f96e150a152cf81feffa2d7e862ae23040b2d94026c807a2aa950338fa9a928c4c5ca0a055b3624ec05adbac495c05b4f181f39767a1fb357f9a018344a3d9fb109fcf1a2d9515eba86aec64be59a574dd72488cf802c53645f24078fd8602f9b7dc380402f14035fc2f9e191253e34c2e54ac867e2ac6bdde76feae96ef7ddf17266e40c5527b12454b920a781c3add3581e2075daf66b72d40b6f5651c636fbec29b745bf4933c37769de550aee5823c6d4086eec40dd2970732efd9064e57c5704fd6a37f1d885a6d02a396dde46cc77c79b522258829217dc0975ecf52db8e2f2c50fa253238624d927479f231c8c1c465a7018b3e931aa2142c842f3433baa48c286b9f117f38a9ba53fce77b8f0bbc2451eaaeef85b768dfbb3703ce8e04a6ec1b930ea6439c39455ac29dc7d4755526b2216364f7ba40ca94ff9aeb481ba1b7cbfefd632808d920d18c0626df901d0cc4373e6893e3b46e90271b226905f70865243f6e5e8d45c91ef370b8a405a2efa9cc7f48afc2e6cb9e3ba34eec7e88ae353c125c3722a840786b8362fd2c93d374d6f4bcfc52c1293f60585d46732d776bb0b0e5dffd6e2804a172f8e984d91b3d2bf2205b62d8505de67c8dc9d803d518b84d65d37891f96d35e5ee4c7ac2919e5c96876788092ca2f471d806698a657b8ca2dfe5037c7defd27d2a9f9964ef20077104fd6fe3bbaa1c28ab40bfb9890d9e3e03aa0062f51bc347a5cebf80e50238174d313b871efd85cabc4967ca9d48a7f3be9f813d906398ed3216d1ca4a70b83aa3a5f0edc234cdf5e3fee539b7055153d86240ca43a1f54023a7977cbd8b50d63e6fcb3e45d410c15cd65b4b2de507342b577550a1997e798c8d0080b903c6a23fed8c34a785c92e83bdfec914da64cb18aea95924fa39c316ab7558f4dda4f754d34ee47831ddbcf84ed04616ef0f73edf905dc96a9b09cc9c5129b5cdedf5b20e0398f3727c3ef9f17f65b78447ff02014ed2cedc3764e7ad8add8f406a64c3cc1ae7256677b023292c14f2c6e6291016f8612c042997a7535d56aa236152799ffff509a0e86d4cea517541283d3c3e93ea6bbeb02b4dc84f5c2c799e2695316cecf00d3cf5087391c8784852c457891ff21cfaa07039da32109803c5d880c0719a93d2f539a755105d610b33d4124ff9b30201f3686de03f44748390922821fc13bf8cf4f4c5d8217d9ed089301bd780c85a9cd499ace97c8582a508240325193f578e3fb672c15b9e35f2569c33e5b99821eaebb381d33361a50713518a82d1ac73fb40b30c77e0ac9052735467aef6bb5342b4bbd68a7db640ab996dea473586ba116c3854dae7f2c739b2e35f250b802eeede3a3db28eae656845ae21e7825e7511d112bed75e38c1293eae2ce4f630551f3c4167dac7d4606889f20038689da6460bdf2d893afcc5052f3cdadd6f586b03914a70de61c60fe1c093368a664c5068c27452e4df7a9f82af3f25e35f470e546583a26cd0db8112ae8d8b6fe6ac97de9a142eecca8c0a34b864df568f18a5c8ae772d1e69ec72b27823660fe0bf1d834e91a06027ecff506b17738c406948c0181d0860a61cf3f4e03e9ace0dc2cd882a96a0179dff5e265f606ef3815d29a72476307811b0a103f3f4ddb127a793cea9b47f877a8d04c09d4a6d59746ebe4f701b3c9b80a0aee6de31849032bed9ba8ac1e06a046d6b160630ff2f4e360eba3a81289c0901b37b72233189f9377bffe0062534d81a93b5b693e047834ce186c65c8f5543e5c6d8b0323e936671e9aa76ad5c018dc3c1a62077b0be4ff2c89f22d4a8d7950e4cef3faef0d15f3bc0e3312d7432b32be278f33ce11f99ca7bdad8960ae89971f9b99547883cda09472e27f32a986d872f11102dcc7e75ab1a421255bc5ad654970adeb6bbe9f44154b330342a607447e42b6cdc63199605e6be50ad7e723e2f34801784b0d455cebf6614bb9366d4f71a419c530ae5a6a53825e5e23c6c28bbad682ab419cb1678793db7262b58c46b9b0eee4084ed482b108e929549f131b01e3e216caa8ca9aa58e61c79126b195cf25a8849f8c6801df776671c21ff2b861948aef103b27e41dd834c7c7f8c4e0859fda0546fb2c9d968135a06aaaf8b255380c585a1558992d326468c7d1bc952296b4d12b1e89adf512acddffdf6a7725b27fdac747433621866961a29aa780d293dc6835322cbcb6e0a65658d607e7ed1cbca3a7f7e68dc856525d82c9dd7a29ba6f646a5094c4067c0d688b18ae673901aba7e53a15d838f6323f1add82c0f2d4bf9ea798173a8c243e98e5f9def6e7b960ec92778f894948a199bf53f6967e26238d588efe3af0b7646db42f715e5de73e26cbafc9f4f1bdc2b96de02ddab1cac6f6ee9583d0e87c313edf969458689b5a16a2bcaa1ade9d562b257982d375df964eae1ba7d6d4c7f0cd836e7e833413c140975116bfc1d66d9428ab9c7abe7eed943ce950489ac45cd1ca1ded9f165e6203939d17d6bcfcd72a402379cc363509e504828ad8a66e6d20ef321e44fffcff3701ea2f90653e84d7f1c6b2482adefb6e2c0d98f97d9f54debe56186978a3a14ac162a1bcda1691841776d552afa7fc91ceb67ee1a3e06d29a67529a92ef45578f4af6f0fbf7bfba6f88b79796175521e1ba698409e2d7a90757304ef482c6413de134462ac1279f483fcd6b8399fa409d4bf6ea729103da39a14fd4c8801451e7065cbc2284a5e5c58e612147a205ccc45c25f07584729741f3a8e0ee234aa9ab05b35094f5842797fae04f2db62eeb2f0a9b757a232d5c596922bafe46b4e658bd4f188e7bfed4c20df3da1eb783b4beb8c05da26ff83db44664b8d6a91670c1df6b688f02fc51eeaf734cad2b20aa1dfb85f4cefb386416bd82fbcc0b37d4c78944601940cd315e5c7700d61243fd9f07f541889833e4d85bc5ac295e43880fd9d670ea319ac7b32fa39f8cbca7fced645bb620599f76f648d754e704cfa43b4231da5689ae42e2fd5cdd50bee2aee8a9041317ed02066b3caf74e80056c0dc898d2095afc244e432728caff287a5f9a40d1159bf695aa23df806815d0771d8214f7ce4856fae290436345263fcf54c2e3244db7e0bc9564850f05688d890b74958c5b31fb846fb7deea4b629adbcba08822834eda8dc2ec008dc24dadc8845c2b3f368d9b4212c14838e15c7c066acaf9f25102f36ba24c972f323ea9c287081cd8dc04aa558d8edc2c916b645ccc8785c506123b4f781b6eeb445fcfdc707718a7533e6b94d65ad34a7e4674ce346398dba02919ae8d56cb9fcb68410c9ddf8829084c4d9e867dde4c8414dcfa8b7704eed6c914167a35425e412e02d3d03624731580410ff6287c41b08137ccae81392d939e212b1af805c59fa9b60d3d79dbaf5b07e4647a0bc9a27f59595b72972fa0d246385a3cade064d0907227fa544e995b5d747ee5bc9ae4926bad713d26cab2a65eb75784cabb0efb4418f7b51d21c4c678d397cc094d856f8031c207139021adddb9e59e29392d04633ef17e517b415118be8586ffe5eb7c46efd9c278a33f6948ca0d2b973dfa52696bdad26d671668feb8cc7b8bf93b62ecd2a81cc720f3cbbf04118887370313ae75c16f2e54191a31cad88f8eef2314a5ed44024856f979b2347bc7072beda9a489156b391cd5f286f794f0122d92b827f32768d50ee5ea4906c5e9318ae7020ed31257a77617e231e49ce85bc090d2f5205e4a7fde92b885458a9b449ec06f5de39a34e0b79bb67e3997b0f5b2e19d6b8156a0b025e0a66618be35f7df41b502a58cef6ee13db7cdae72d6aa259a73ba50df8b5dfd791b2cfec73a638910dbd325132a887806e327ba0ff2fe4c32dca97f5dd606d716321795204ca726eb6307f8cf15e641544472639156a7f3fc1939e2c8d3ccf33fbd47a86fc62651e7ef714b35980ecb287afa1f82d91f116fadf8f09eacc76678293e027dfe1013aeb4210337d9e116598e1b2a51f90f49db094343796af66cf73e1a9ed656d574f7d9177478609c30e79f3c6dd8ae33773c0cf8d0ff6dfe272f38661d00fc98a397337dea8aa82d13e7e41824d99d6d849843e43494fd609f40e7a86c5764c5dbe4bdd6d4609fc1448744ddf6c2b08c486b7177a3c7f499be12ab23d05edb88b883635a9b80f9623e240a41a6c0f91fc1df3208e1b61fccac76e5f07cbaa95303bfa006276d352645e9a60a9e968d510c768536dfed9158e791b4b1109a6c46a7939ddd99bf1a33558ed1efbb509caeb61c364b68b1cdd6cb5d04052a9d3171ea23f0027a3754ae1f2e65b00338f2eb0c43413c9365bd02619dbb91e2b3811899c547b6e0e98201269aca06a998af6dab0f570cbd60027f9f08c5c9ffa18e3af701f748e315d0efea080801260884aab0c598f41fa3f0224f3c81f812e1289a847dca8434cecc43c4051a5210269b7c7e7d4f5a4d73ad5aa68e395f631ed8f270a8ab5e8c99af2b824ad65b9a42d5ef30a24e77783b1798f3c5ac89258693a419601088b95a115c1c3440b17b311bedf0b185247f48c199b73564b195fb0944ede295ccadeb58b79e9afc7e510222a15058ea76a2cac491d8d0c14a24fb316c780d18bfc9355dca27e21f512ecc63a06204eecaa2d9f8d7419e638827691ac4b694fa4846efac3ad1e135485d792c88b667ec915e2b89dc9201c54a36106c19b7845d2d618d664f2985991733e56a7754c140b370c2b6ff92da6a72dcc783707ca0b4504813f1d55b60e9fee6f43c898aab07a375895e6cddd60df06afde803c3a20e8105bde79808177327b941e6d74346c47057327654081e60233046b13e3e9a8039f74c63c7a6effd870f0ef6141b7e8a9b58a38f6dea01c779fc3f5fee6ac5712d41e8fb50594b7f73abefaeca0d33733b58b91ea988b67ab2e37db46a9357bcd0b7dbe292018e85d4c4b13580de699e1a88ca2981f0e8d1ba2bfbac8f3f058fd4db9d90df3388be448328ef2750db3290c7e9f6c35026447814cb8fb84fea3378160ae74b9f08bb81146d2166ba2c3a6a73ad3c48711f86d23d4b19d8e0d58285cae0521fe39a4126a6b21d6f4103daf3540f9e1dd07429f9196a7973909c3a40070460241717b73521bdda383046e6163b4a44a3e7a152bac286574d13253624125b0fb5cab2f6a0db2ef912898d05cb57ee6b20193cd106af5983fe30c05eceea9a3a52f7b8146dfe0658131a8c2bf67ca0274fe2380022e0604c0014fe7965512614e44b63188f6259cea33469027ad87e4e86cb0651722b7b367d893377bbcafb80aa3493fb607040c74f61c25affbe190f493df46ba89400a9c6fdf1b0e4d7a9742dfa9b4d4183dd88c139880bcbd8318656d0a766a3389a8cc6793880e859c2a1af44a14ae8d690373c7fa544fac032c3041694242ea2136582588064dc3bad17ee5bb6d48640cc8e6f0ab49bdb1cbf0bcf41373b7bb19f3d2750ecb5a7fc5f1693b3bf8600b3f77e4cea1aa2b2f622c8352a77bd4b6acdadabf4c4b3cdd9076bfbb70957ddb283b48eb3c2dc2727789783b37af52dbc7a0dcd5082386ea74f87b0d3bb4988b6512e6fbcec4fbad150b5be3cc3282c3e082aa4980acc786dba06d79d1efc91ca159eae63a623400fa94a3cd265a37cdc890f9d664d0fa6ab5094c29c35d70a596099a3ab7d8c8c95fd03f15687453ee15aa35bd72508ac3d3be8f0335eb5c5e5df33e26fa5bd3fd0b68800c61e5aca3b8e72e51dbafc1596e3ca7b01703c01115e2b9081e53fcd7fbe9cdc16407f639b45c22a027115a5864be6ee3e745a56cd9941e0b7da288a6851e81769a55bbfb618d4ae31bf9959753c843c214784ca173ad91f493df1cbdab4314d367ecd725838dca4c370984b8c7712209768cbbc3595575dcf4be157b3e2e18e58e2016a2517106501cfd62323f5a0bccc488eff6f33cdc084e519bc791c50ef98320306c0ba9031c2306f4444ba76ef6a321ce6c05024d661f4670f772a7d809a8fd5d04fa9fbb45be95e003c276a17363931dd043132e8bb307efb6aa6b467163d32da91dd5841b8102a77ba3986aa26d36dc2a430d05af535adfbff88e9145e419a9276b86fc1f54d4e724f1c0eb026afb0d496b4bbcc751fc3225463ea0aedb4d3184172a3a97b48bbd652c8c3953ae17b28a4271327455ed7c5b0810b2edecd7733ef435b08711e64968b8157cefc7395d4ae5f51c7b5e18051054f61f25af64cf05979b3db62a278dccaad56c29ced2bd1ac0996568aa4d12a63d5cf0ef1afaeba6213972e61c1d3543f5b12625435e3f5a7a555841d3dbdb88fe1cfe899c13c423deab300570db4bbbb93f81634339557920002363b8fda0f3fd6b9844a13c773cf0f86111a307d66c3b06bdcdeead0effa1f19e9c222e8a2bb1d422ac21871573b0012da4f4e197711276f164f963dafbbbecb2ac9882313a53463f1ca4bf579789dbbe4a6afc080dd12873cce7ad60949f1a9bb013ffaaf48d8c57b022a1107bb421b09d4ef6fedcdb55cd9c162a920416e6cbcb61e4a762f22a705510c3cb00fc2fd23d672b3148c896a62cb97773ca99f158a6ebe7e95e6dff9005272376da244a2a18a447ad107e2ff876473fdff4f2abed6d2ea52433780365ee7a290047e5cbc759e5dacb3fb28a95f2fd43962062b0bca8fd4f81ee2b20aea9fbb3a801ae14258b2a9086f3c16957a861e8851a76509a4f70d5af0a8db8521c75c93043e43095d7c24ff83f134f6adfc043a91affbe7dac163df0a64c253a5520a3733617ea443cb9521046825bdd5ca704959a3ac4cd807c6c1303af4142e716aa0fa86eff57729a1332cfe0b68a261fac59b1f1101d929453dd02220336028f2310b58fa7573aa045740a4a6416b6d5dd12f605234f6654de026fd685458df3424cb28dd8878761c158eff88c7e643c936a880b522c974ee90d8926a655fa7a7bd1814b76286985da68f6ef6fc70b1c65ef7889f80d38e134a491e23d56b8778a2417125c50fe360f333a4612923832c983be0a8244ca47a2268b83d9a8e6bb3043bd8789e92c4731b0af0c53d572bfb9f471861f83627603ddb6659eb10c21589d29254a09e8b8e3023babef51729dc51c9fa684a6073c3bfe44992c84f97d771ba396b10063c582c1fe4640c639fb36a3edae7f38598f0dbfaa0bf4ec62e4e83b9384986c02aceb34a7ef813c0b05db25b7d67b1fda5091feedc95aec007012768b10165b3f6c52f178ac5b16f2dfcf8f2506beff538e16c9a0859167c43713c9c309db536f230f4867262935b7f726db49049908de770c7e4935b43dee832780aa3af15a2e0239348b39bd898bb910db6acad2103a2fa3e5ae78635fc89204f9bd6e7fe4eff6b535be48db921da4efdd027611b567094bd6a54055c643e01e0dda58236325b7448e32ce6a66616eb647208da182eb4edb2dd8ff62aa215b8cd4bc0dfe1c9ae1b5f82bc0617fe19dbfcf5f8fb6e443017583659e81dcfc5562bb1f2eefbe4292637699ee414e347e32f15899826daa5125fc671df2687476fc2558cb754011958a6c8aad8497505e9c580408a60be784e3bd75bb985a9af5ed3593f44b88a737b72b4b5cc4e2795bae2262d73c7edcec35d0c7fe93a060cefc2f9f86e56fd0d35348890d447e5d2ab4d163de7e35ece19122ca876281042f70e9a6e375db2c7e9ceed8cbf0f804d15ed295daed6fd3a2c4769f24d1a989b8aca973e2854d6567acc9b7c1613241eddd66662681cbfd8b0b3807d2503321e2c1a09d5031a23667877c3dbc62875cb5e3a6e3eba2192216d376330ceb2392ca53d5fa10045c607b9e0a276db6f6b092f446627d8c3a66ca787dc53802caf9d323fc9e0c79a63f02f8c63fb0e53a866ddc162d8c78f71495fa29822516201b0f246a31c42936600bb013c0562230ec08a080e901833dd20250d35e9db4c45a749fae229209aa3a22197ceec25fb780850482026c909426cbdcd169973a7c81a9ba9decaa8e5f1a821a2030788422f25c9e3a5da178e782ad3dbbb58f420d118d3905c30af1eac899bde9b1f2a71c816023c40e0f42ebeda7cafd315258c8420601a1ada9c66112810f7c847b1ea575be44cbd299659387ac1966ac9999cc5099e993a570a6c5a4812c876855b9d93a4ef26d3901f4e51e721573f7b64f61fbf5d89f350ab23ee7c85e101b79c844028a0fcc2710ea899f284bb3783a3338fb7ff16941c50236e54888f998ebb81cb188c1fbc29c583e0429c61874a9d464164f34d1d86bb76171e8ee7e3a7cd49f682c39cca17a429f2f68f3b6038d06a1e0fd87d1b10c065ea106175ccdc2c2a92e9263afe34baf8f7b6199f41e58da8439001af2378e4452faa1720edb23c02bef59ac057a75d6c075a48864248ca5839d7e96f6b9b37d04dee29f2ae29d70ade90deb9fe110e0a29c71b9312cc8963bc47dd28311e35e828622c939f8749a5ad5e3cafbbf51a80af3908af7eb210242159423a8fcb2c05f35bdcbeab467a66e8b61787a142f913f03459a941c8a67136ecc8a0266ab693eccdb721ee2f3206853ab10afb2ce54baa4ffef3605b6120b524907315f04dfa41dde0ff2087c61598d312526f3c7b8840a210148cde8ee0b1038d010f874cacbec7fff3139b7655af2aa5b51c39f28ab6b5bc9b2ab46df687fd871bd0f8116767934e9fca8d6369aef375332b0030a79c704d0b13a241f0a4e932571f8a098a679bb6d3a48773347eb96a46bb64837d604e25e91b319ffc261c99f6ad10371ba4811239c940c83bc0fde29ca98ce10377549cfc5e982811134cb0fda87f45f03ad79ff48bcd238fe16f8da2d3bb959208f1dfbc5ddaa51374dec2860f2e85de1df626c03b5fb5765b07b41d919e66ae28f21b779468b81ae4c81aad1eb2272c6b944f55934319f633df30caad33fa917d4d84f57a93f59112e4571f64a6902e44ac06e5bee014eba20ba2020a8e7abe8a4115c8db601fda19c19772a84999f9d09870409ae12fb36c3a7697f8f462ab2e20ce1c8556d102fbaab34ebedb3f85bc218ec28f7301a5fc9bc61e39c16cc6ef5e1819d41c30b8b755119f57e4fba7e29bc857294e5638a018a0c32ad0d41219a208824d8d7a2f39f78fbc11170fce604c33b69de332dd2ff137235443090afeef06266f38fb055c5307a794120942bcf544d8208f77f965a2ff41f98481cd2a347a50a441c6f1014d2f5cfd2789dea6e0d0987d46deb58eef1f1894d12e2e09e953eae58d106dae2a1c9475c8ac5b0a9a5e434e7f67532540ec190c70d86d9fcafd7936242899eac58af15dfb3d0bb29e39e327e7047ce3ccabfb72644ff1c757b6c0517d2076575540a81b7fbfea9da03f9bc2784731ebe49dd0e3428c6e1392ba442efdd4c6f0bc3ac560dbd85b926b852aa4fa348fffd1fef45200c10c638d7614c77287997ee8daa792225a5bc90b25ed6655606131de24fb4276658d1134853ad4ff228b876b85002d02d7246b06b9abd4f6a583b758d1799efd0a86d2ebff006bb439c284853f458793c84cfb1b4de47184c7a431e7e398c36b131484e2c7c707bf82654819eba42222c43868abf55761fbcfcd59c5a3f49fd4930d527edfdef93e9358ae781c4b5e4ca599eb7c5ece04cc5cf697a12d2693700ba34dea64307f11eb8e6ee6538fd2ea2f53c36e9e9c15e7f13bb11edf7d61a94253c5c275033bdf4d6d471113a6389ae2f3df36752502cd4b1bb20a503216bd227cc6809d9779ffc5f37bee36096ffe3d644618e9e710c12d2d12920402650bb6c79cc684ea4fba37d3adae36cee7e93b0718831157a09e719cf0954341c4c2c830d7c3d12a55ee1bfd59c409603d8d76a2ea0b6e591e4a9dcbd8867a2c92380036e43e1967ffc54996a13ff44b7942a91cb4e94e50c09f379062881730b2a42da42af658944e47edb3bec42189b4e4e2868d7ca8b5c55b5c97c2e26b7951c386db118a6b3796ab1582f13ae218d319b0916ee684c117b836a568434eb14e621cf419e4dc0b9c7378c3e37697ac6f212f73e7dfe4062653bbe5e740e6fd1b2400cf482e77017571f44c8971463d6f8d6fdb50b71073ea70c13b3f2c0ccc216f754f20dbd8593305ef1e727004c40954336b5b3d0c67a97cd736be9c76da65b2b97c8e9aa4e5ed6807e311e6c777f7614e4cb80f687d6b4950c3ca1200cdc16f0dabede21c03823302c18a0ebb0dd2f1aa00df6c4813731220681d50f1448494c09caa9099bf7961d79424872525015ebf5ad8848b5c97bd9baa3d194ac4320cf534c5dd106cbbf42444bf2cb9c01c38f353af0e9654689024b512f3084491db6364c484dbcddb8dae09c3e13c16e5cdd87ca918922d07c42d3d876425be362d8e49b62d6b906ba33fbc72b56872a32e17f39a0fbdbb838e8b8669674b3121bdd770b1e69b1e08fb5da8be9387d48fac36d12375dbf76a32c53266d7e03e29426d05a82548475d607a182aa50b33fd51c64e9b8a6825e44929973e2395db6d8b50a9fad673fa3629615bc2ac0783a99a413b4fe107f6d98919a2f0d3f76a3f84d7c1984b1973071eedba00aedab8989c74ea5a204b2e1ff5d29423ce3150b5be8313e948112240784597900aa043a6dbbdae393ab1b7dad7bb94eeece45da746b3b46c36ffd79e7fe8c070fa7de198ddc3234226e4f3dc3e09ee871519c046913cad79aad4b9c2390c7564408bde3cf0439c372b5dc39b2bb896ddc89ea6a48dafa2f725abcdd587a8c204c23cf4dfaeb0e2225e6a5daf807ed8593d1ccfb0a6a6c948bbe3abec99d4ee7f753582f4ba5142911f22c5a62fbd6186f8084507b3b2511a247b54393ed20971c0642d41260e9f848635886577feec1e83f0ce2add757cc7e01c47a9bcbfbf5d79ce722c9b6b2f7583184d8fa17556623c1cb76fe206ae8aa66de86926c0787f94a2edc0dcfb98ffd0e38da25f6cf657e1a4a2892ca2675e73f732dd8c528654c4c8aa4a022c049142b8c27d58bc7b37e37400d1563312a8f014ec1ec7d4026ca0fde34eaacf91f1f1081481ee92936b96ab83becdc50812043d1ede9f2840c975a0d6add9861b461f58514e0297d53a1924bf6e214c3a8218d9ceaa7c06274053160aae5c33284673370c17191aa5fd1787ac3630434765f07bb5ff4b4d51dd75dce0d155a1ae065981e2d1bb8c11e9534eb423cf98800ffe6300e7024a590fdf956a66e7422f67e346a48a177e10dabed17b12108ccd0d3ca80e36dbed562e37344136ba98566e3541f18702eb301e455f152da791677caaf52fe77e0a3723f726d2bf227cd4835a5746519c6d894ef32337376ec67410f3d8df4631c321a7aaca790e36a851848da088b958e2333f0184980f9275cc56871f4152eafad5d0a0e1c186cfebb3df3bf75452df36848bd02858beee66b14ddc5aa9c49f8b326114ad5c4ecb057be59ba1c83b5a523cb81a87b14f216fb7571294ed870d0556f5634720f3a94f1e497c37c8b10a4fccb224140b408aa4a8fdea58b6af9c07389ac3c1bb639ce686375da0b6fd9890501344438ab26582f248d37d86a9ec10a5e21f35b459bfadfb3c6f692753db2c7e699e5201aabb4a96f40c9312d62460107b493468814f8d9eff1aaffaf463802870340b1abfee7b9e29d954a10bc657d4e2bef7f093202c975307405a614872fbe851c53fb9cb5f2d4c5bc3ae8a3c61939e3a56bafc97657dbbec072c7d9a9ee87f08a166c04e0e7185afd2bfa6b3ca9b22127e2d70956307c9c219412d600b251af637235c48f6694730771296be9fd6e6bc69f13073d39c1521e1d2944af391bc150dd95552a5abc2b15e9479f1cbda42f995c323abc8fd1da7da75bc1fc9d33729d642001b13bf3a9a2049abd3d44bfd3bb7f5ead52ea50eba0a3741e7c72bc6ae9a5ffcc433ae8e49473631cba7de9aadb7eaf8fd324bc9a56f99e63e6e363fc8a563f28e1e2039e75329b5aca2cf81d3108f96785c5cd7236b11ebb309a438cc7ecf7d0ecc45507f4b4b44d340fee1076b7ed8dbcf16a5b38f2693dcf9bf2fd28ded12c21ed1874172b7bcad4ac2cb9b3b2a71f71214c68a2b3d7498a4b6ab0b7c3ecc7023f75b687c300ed9bf0fc4682001aa700cf60a5409bf41ee23761097696fc9029f54a8b07dff984b74edf8ade9bd4d0f14491caea4f9b79ebd66f66186d6a28957947cdd93cd6fd8d72303968a1e13a108f109553e89b25ab084d14057aca3b983405dbd807924ebc377ab852f2b1201411598adea8505c8407550d8430d8eb41b3a4b5e3fe1e89871136d07634763291aa04f5e48406532ecc3e4f5ffc147e1cc9517646fc1c0abc37b3b26a825105be77bf3b02c32f964de47b7c51d86681e59a768ab8095c2973b0a131f92240a28b6d5b4c6fb1c094ab2f1c662efb68a8369870840ea0fe0a62d0ee9c1abd9278cf9c2fcf375fd705f3f51176da5bdd283f5f222d05a00ce438a7a2406cb356d554f50b0d7b82dcaf9c1b235687508d073c08b219fc565cc2dc221a3cdcaf958ab93fc6747431be1d2289e19f4dc7a3de7dcc6839f01b9d2f371acdad972cc5b1208600d6343ed3142e2da281c4f21c4c22adf074d08cb059b7e7efe6eec6387653eedb7687a817ec974cd2fb42ebd5d94db2ff802d26bd02ca12f517bcc4d6f0b305c976301fb28305641f48d5013e2092db022aa4d8939fdf21a0619e401930121a4c3020085f8423d98fda5deb9275d4ef8142c1d5efeb0a7d285a727bbed2d8c1de676f39d7ea2a6877ae496281d109a6135111682d5afc2e5bc9d3e98e89bb5127065f47671dd7867d368f5a9e03081b42e78e805d248837e5138fedff56352c25edb9d093b126fcc216507087840bfa513eba0a4bc95916857ca8c6ed73345c12333863deb77da06c27a9ce26dbe3475f130995dc27770332d4d9de9644e22662c0c29d50ef399bb9373dea3b132a1834c37d9192742b0c8dac74d451fd0dd5511f11227073603b4950779c0f2ab14366366e20c2c6645a8d0651cbc6300df2a1a7f76df25b420e93dfc6884fc548cfa18635205d829f2aef896f838dbf5150ed6d78b33a9bce270ba88d27dde837d41d679cc50b3f7856f5366a796ac4217803aef25c9fbe7ffc0766b1809023242d4fca591a0875d2e8630de741805bf47a7d5c8eeaa765d4c61f2fa488f3460119f61ae64cb18fd47c73a79182a8c5c3a94b533caaa29d3e239254590d4bec07d4cbeefde32a54ce122e38ba2ffa12eff9909c21d229a0ddcd9c1ce1c89cedfd34a02ca6f252bd5d1f6cea0287fe2ffbfcfcac3f276d73f5db1c73a2011a255fd9afc37581f33dfb202840da42ed5d980a01c12f4dc6921fabd4557d66bc77d9edb32b1d12b739d468b4fc8fde42ca45882e920795dc02487e126e43709bdff54d79424045ce70ce15770b925ce7a49d333f424671465455eb358fda297473c4aca0442bf4f30da84ad35ce52346b0c2516b7bc6bb01284d28bad2161502ceca80c484bdf2141eab4d566ce2ba3af7e1d9e503a319508ea98cb1079eafffca427a7352497bbcce0a0fd5f4cee543978ccc202e301a6d31b5cc9fa9d40edfa33cdbe5400f4ddacdecb1be47a6488b5142d4763c0556d49b427d1fd2574ddd58c49577c5a480bc0d56daff836f9fcbe5feb6b8dbcfb7db7ba0882055c21cc59833c2ed16b1af568128141869f774bb36fc1c6a4b77b3d57d64313c7f0b5d375bfc9196a637a61d1ef6c35ecde0ac6213f83c5d0b623642fcb7855fa1716398707abb10832db198308ea871133c06959872cdb895f17f1184e3500f35408618f6478b555edb3751ffe90a5b7bb265472d8a9a61138deced7050ed61991293ed7a46a2d82296ae2fdb5c1a7d0de6937e60ab86937d751a65f539ac88508345c73a0a575f9d957c86eac9d5b99970bce813a86695357c026603f9713c928912434ef1ee66ea572571e2bbd1c4424bc21fee00d8affff79d0bec5329f916c8cb45660c5ea2adff9d90be3d9aed9a083b205ba199599bcc789e0e70547855912ae156b2f56dfd94862987fb06fc3a96844dd04566204240b203854ca27ead61a2bf7eb5310310778b7b1ffdfec97a091f84fa51f456f3f9651c849e8003db8639e93b8a63d41666852e5edcee417eebe8ef056f97e8de57efcdadbe30f37a79cb00e49075fc6423deb14c4df41bdf0edb10d74707a0b459d996842501639718e7aae742cdcf2b223a2746d7a4913f804bbd2023cd34d86c61107221c3dce06826996d08406c166f9cf63db75ed7117e04941aa689c2ee1d022c954a41cb3680ce9646d636b895d9a68c82f27449af365218a3b881951c31eaa6e0ff37a727c19034507b4d0fded6a6478c9e2b83038f554370027c2365ebba6dfda91a0b51125c9f44fd477fae38d40951baf66e432b17745ede82ec32215128c938d08cdb70e021a5f70969d56fd672286303fa0cbec97b64835f8049c9e5605b2d04792a6c8e6e48119e052068fa8b37519c21f032e9508d221025698df495aacb0b19d3e45a97a68ead8f8f3eb23e1d2596883b5636a9697fe38074da3d91f48af03727030f8ce551b5860ebe9e5a397d3a465db1552c919030588026354ed6b34dd8cd8881ff775e1e0fe9e73544273c1645d5628c986152a07a80d8dcd9fce695a4237d05f584d09650f44923d22124fcdf7caf6def98b18af35ca02924f7bc020a95749dae2a4d9a8a965b47cc4bc0e7a21ebf61bef201789dec0c3a90e5a59eed79bbb86c1461d57c3963b648debbc1c20ecdcda58c0c125188a3189abf7c4a24ac144e01710973d8a160efd8993509b536d54e48a9320473baae49c4a21bf87c26dd570653dcf9cfa2be99ad44bfb84379f8db7a4a361a32b8dc11280f9bcb2f8bbfb9c4e57393a2cec9a20d7c987ed1015409f1dc26645f80264f5d775a8ef7cbb30e1a3271d89a438c0d07a03469a435e666988768c0ae024da0ee74be3ccfc2a7d3fb5762353799bec648ce17606ee61397d13df6526b08de8da3d0d07e940b0a7820786f6466884eedd9b22e0e57e881a236a037e9bb7f3e87cc82646b69650fbe902ca7a21b8aa6619f1100d91d1863520ab03a83a0ed4654a8f7fb416db0f742ff29df12460a9680156c5aab51686985ca044bbc054d95eca419ee62f8e8b0696bc69e4cc42e40b699a6770c0f4d6a430ceeea71ba73612a55dc9cd804b4242ab016419a7259913bf03d4e325e88eaca4145ed092aa19afc7333466bfab6b7e4edb5877a1b2818ed117cb8ccfdeefa87871031bab7a36cfa740593fee603d15efe726595992c31145602d4a85dba3438725dee98dabf1a9d0ec964a0aa5abd0cf3829923708bbb63ac176f2f08c54316e96ba0ad594de7e05f514dfc01d362cd04f90c5e67b46857b35e5c35297a3b0bb38c145b2cce6ae09745a8ab8a4706590f1bf63314b6ad439ed1403918d9eb1dff49a880fc91f4743dc617ca4b96ca7e9686510390a9e9930e226bbdf673d1d70008bd803381d45b0cbe7c41efdf35e9d86747f8ff508fb94b7d63b45609fed4460f9ef05efe8d28d5a1e75c54bcaa4ece1a33352e56f5fb47985142db90151bf721aadfc60555fc3961f28e65163a1a9acc0cb1254993b4f80582b821796068efa440448e2a8fc0d6f3b67d6a37cf4965142eb06361293e4e7296eba7c8d3b1c30b3339ec247989277321d4378d0462475c006d205445d4d340619e4d82cd666b7a0d034e2bdf007c2c3a7ad49bf1424de04cd2d2aa4f77996838b703b4c3c24e9ce7d39a3883c1a36fa9eb3b1e487ca25ce750941261526885063ea221fb0954091d14a56aed3b77bc9b2fc2bfae01bd8690f737d2b645bd84b222ebae7bf9162d1f32d57c1f4e7917285170514658f64fa4c95ca64e688afffa3251b07195e609e5bff985f1e406a3f178a8c3f23953465dc5875dd1db7fd6e37d035371b750f09447c8c60bf6c4f70aa14c7e9423aca514cf2c6e3aa9f8fcaa7b4e3808bf318e8bcb47a448da8cf6ae2af6252085d964484a7701b6dff7202dfd4a608d963ee6831765407d9ff4f171a3364452260f0346f7b33abbe5760555ce1be17efc5335b5f914c277eb1471ee38298df770460933fc2ea793aa483fe731b730224be39b22bfe272d48a1f911e5e896db81421f311abed44f795891c9b9cd5ca35514dfb341f4619d572730f0c5c8f55a2952d3c32749ae9e25e36e6e58e3ca26f4b9728093a4e146551ee04d013d87869bb760f7aeb65c08e823dec00d1be800c99428df7a705bb315b679353573a527845439811fd7740b3fe7b86f91ea2aa1e4f80cc227408fbac09e198bcd58d7e4518b20099d349274f5ccb8388d341a74d3fe482b2322d789be91ff77dd1a1e5d6bb2845e839c881bd616c8713f8849ecf1a008e69da36441ad64d5d9b513fa623f6118438e65426258a3ed52c71f4599fde147415c8df34eac917280d8c91a4288f7a27f04947b7c4d4ad369f7e8f6aeffbaa5d59a78dee685b8043dd9314a7ceaf1875f924c57addc0642e5b43dc8d6f0e4d7bd35b6d580d914ccfd594f09dbc0643a7452d6ff730b5a186f182d32237f28160e6aebb116b56ea6c6d9869073ce800bf02743beff0d90c4ddfe0474007ded25fd7c438ecc6497e2995d012f4a473c0b9020af7bb10a3f6e75d9c2cc589617112fa429839f81d2ca6335e90762e9129036e47137c22bb95a7177c6e6a1d64cf474b49dc529df5ea85431acdf5334be7cedefc5576b7fed9bcfbe28737aaf0ecfe141710496ffe1704ef9a61a3f9fd472d2baba0e74c090652c94a50fd1c6817e1a3344c8bf22e97d780d82846c793217bc6ef2ca4d5dec57895ddde889164c073d983451b44b3aad3fcdb7739cfe3cc921344c9082d8d48f85f20cfa61138938057091b2bb86aa86db4a5481de578c0795f8c185c1253e3fe2415d4c86dc9685641fc8748d3f3d3a90b9cbe49fc4f63302110c7c2af80160f22184171982ef782924d73b6a349366d3f7e95d1e6064781b6cfd802407d78c003ea6a79592f9b4b2f34458a8ece8bc2b1ab209c52346cbd6e0427f3148772e68e3309748978890ff7a0428da0713278c1f3fd88a386fe9f1f52c15ef9a9bd942ffb9de1373ff4df01e038455918d68c5bb7e6deceb65ade43c316b34ba16c312f0687966659674e9302f9d4dc2fa15ab4a3ee9e17bb9b45cdf0105c8d0fb97b3a4fe2d1fc3c95cd47734803408f9d00feb2ff75ee4fa8855c78b991aed21d4c3312c8955de5906d0c95e45e76ecbdc80ab1dc6b9a4d524fa4d16418f13741d9f52ef770cfd60109a98700c8440968d81cb58b06a26a5d248c662ddb85a94ac05b1c71063e928e4b98c60c58ed3b327f943383c49828248170a55a088ce115dd05ff8405471e173532df58a07673008bb1a420402c5eb2585f8499563e5d0e8c0056a1a35d9591d76071d2042514c919e992b3d171d8876a053751456392d8875fd9710ffff76549260f898697634c31dc2409eb151e2c22bf37bfe28676e23f435619c391ee690b31a6fea6424d0034ee430323e4e394c1cc69ed2028d5e292b3e049496e64502d2d0408617ec443634ad4de3e99194df09d3e2e9275844bc31abcef58cfb0420cdcc7e9d1ce30ac13a0a3a289dbbed53cb3de2ced876453e193ff855fbad69ab2e12787fb1d6c0cf9c25431724417c4127b3373079cfd702bb589127fe6efb1914ad06651718aff0c27363cbe9f875e0ea467535e07364151f7ce89cff4f0878414e6d4ab4c827976918fc21fc557e1fea3b254c9c76670666524edb52fb875f94b2be2a321efb2a16862848923e03794982e2182d405f2aea9a4b7f224affec3c7b20eaf33d04f1136a02f9a4342f72d22a2639fab5c23f23d80f92f833fd9968dc9a11270bf59604c1dd97a190c489d75338d190f5fbf92ce1aa2e02f3531dfcf523f0741fa0290d75af61c1389013279d1efd5395ec49652e1236e3de23fb5f24db77e6d914e7395cff2486a3763d78313a9225e69fc52a180f3cb5b63e0d760623ab03bb02e9b5b06b43179164dc97e69f4cacd91a4fe91617ee8b9a612d09198396524531bfadaaedabd8d401c26ca0cc2b813520a883f43fd9ce768a7e35a4a07239cb61e2dc7a42276609eccc32b8eb6751101bd547382ebc92cd73da71e749a9d3645b386d72bc445233f52de522504fba6e1ab170ca14d5c69591fb815fbc9493a9e42501a71c8982048741e06caee840768b45ce6be1550da12003b42c3cd76e879d66743f5ef90a3567d322fcd1f4999aa74b75145f32b56786c7526af1be735c510e5cc96b95039f0c236cc97ef3444f9c8242bc617e6c8761bd7e6294237db16383c9fa45958bfc8b571c2c1693ae988a24cf603be3cd36f798c76981dde9bb7a48c4ebd5fb6366dbdcfbf8b6c58cbebbad44ed757840ebb8f8e272f21259fd78c8e1e9716170e79ebb73e5b3bfb040badc14065542ab96e4082d85aba207e51747a90a54072d913220106d46d1c258d15135e0093f3476a802a5e4da2f7207ab6ea5d0bdad377ed0aa3dde3c0306ed7a61e253b32d85f8cd23dd997821027f70199a02cc5687c7cbe7bb203ebfa85539ba07869eecd28c652dcfad353fa9086b1de4c836df1133828434cbb33823afa41c0775674757ffc4fad4fd70aa9cd8843b01f15013259528cd8e4882d7c42d65c7cff5b2c835589f1179e4594bb98c76197ed4946a5a4b4a37e3f620d2cfd348de3b3add5a64f50711405c936b38094c6c2e8d0cd424cf34c1f5e0877db5e32fc899e0d5a216b35826ae5eb273ee1aecfb0d2ee79269bf7a77e33c8b3ba6942b7e6c1b6343d305363b7fccc244853375e390541bf2fd7c4611d3f5bad54db115964d252be8c388e908b260e6e48e82fb1762d05b37b46ef9c4633d2fbee33dd5dd91f3f320c4fa5fe315fd950cc0ee79562c22391863b6c4cc15357216b9bdeced4cd78b2119c0a4a0491a63df4c900517a5f9ca52b320722acb3625d011c356dd871904b82b67bd823bf2b22f6a56bbd7032f481144cd117df2f6b109f23a72bc2ea090d1710c20bdc2d59d30868e89a72034d97d72fbbe81692f330dd33565c8616196ca7bbcbcfd529d9c3acdeb0793bb33a8145b0c65f53dfb8b24c952c46b12abda246f9a4c0169750333a7d536f775ca085fed8e40331f648da96c669d1fdb48b72143d675ab373ad37751dc4315dcb48cfeafe06d684073e79ecdf10bf884f434486fdf2005711d498273747c52b82b3422d8590f5478d434655afb1c5bdbdb4fb59fccbae39d4f26dd225f3da1e0c8cd6e7fc8ae9b3e4ab67bc34ee4c3526f738818ed5f233cb33adb2866080c9a15426c2482bc97c4caa7fac96a914c3038a69324001b599c4e9434383b747c88a2a11e6865d6de75762af3915da61d7d8dfca44032ec3a13aca8204c816e48ee4dbfb21d621fd3cffe0b2d3292037e26802fbb4e0d9742f35bd906038f32cebb0f3c9c186aa82179002b126a69c56191f6b191a76c7ceb6e20f1e38dbf859646410b7e58a4a49d705556d6af747f6b9b9fdc82e1a06e9810e9b712a55da179d92d309bab047ffa5891c781f537eee022d33bae53b226dfc6cd98efb09daf145843030b1435f62ae699e5b70065c4147b6c01404faae7901ea5f1c08f98fe85913d9f3473d2b06ca9f7e544e04fa042e476086633d38acdd13e27486842d2b3241c57741885b813d76924cdb143d5c3ff4167fecbdd069c4df374a654edd81ecdeeb7f816d84c13332fd0da8f3347081aa043447cbf9bfbfa1c0309540d790811bd4c97864ad5f942aa9832f0c747818984445eecfe6ae91f46d5c80f6652dc0a79eb3a37e9a088668c0e49aded9817e4a9bce88f1398d02606ad18bd7f682e4ba4c88105a6044c83ea3f2f90d0e99ffbaa240f7e362dc62821c1b3f407195f7dd576c2d4056c9c5617a6f653880603b83cb949bfbe7e5986ba47e8d105f41ecee8b57b62f9ef808c006ab13635b9bd266c152545232ac72ebbdabda9419c339415ca47b47c1750d8d8c342faa8b8f8070200b3ef02b19bcb210af6bc89ef25e82318c7b7ebf5be852e3a343865a3865afa2da70727db54a334f56412166db65e7442efa431ddff5425f3df0c6a2c44c26ed552a3de6a14192f7a8b842eab56d80fca4d65b0fe2691f5c2e12f880136022f0bb3b03227017f2d5555a5866386b89144430a551c59720cf186c7b1083b5cdfd1d333717cef3df68fb01d2d9a2b4c5215fc58e260d7b1c2fa120725e60e6e8db7129c5e85800cafbe9e6774817603c76c6e39311377f67d54dd5482b975d74b414bdd2f9ba7954cfe41491a37096a731cf6bfac7def230f08f6d2f005edeabf4a97c133e0a238cdcb6c39925362a1badcd0149842f34f1b844ce85df90f0216089afdf151207f0ec013ff23a9eb6b00086d0d962ac6035b05a79a3575452760c59b7da848066331c6f44f81c94d67a67c4be9abc19f861576863d6b1b0887b54bcb2e66a051b0af20462dd311273813f8f5da3b13806827be82027a0b843d6144a1940ed003578d425d0fe53e15b86c91879b6f38543d5868a78dc3f922977891f6f1f268b47351d750c945184a45cdb60d400d91765e5c01ee580254d6c501e05d285913324902abc28849d5733aa03495de0ccb772712c0bac14cf39a8193d2df767d27b7640e25b2d1c1c179bba47e86a1ac4862a8ca888bce242a505e293081e8280f3a22206bc8b316c5f2db994087a4e30e93732cd00b83836d55f2d170b214f350ad64b6c25b6fa8922c6b4c2c84f456b4d45068307b7e5de3a51bda48ec5f5d8abe79f77c68d59277145d70c12a853f3c8aa43e610dc1c1caf8ff9066bd4c29a64b5bd88074b6545d3ac70506a64cb98591c5e061ab1a5e11bca15f22794a96bab1cea37e62ea3074080f6d2bf999ed80a904a51ec67689641a005c495b000bd39444e89e1b23f316f7f512f3d3b90c6feec67e3fb9133051b8f9801bd9702d0ebdf71f99fd8d941159686c0955d48498e1aa53a78527b177845f1601881367424b174c7e7a77e8fd18b4f0f9e6e6ae091b37e5b3a38e6f61a57d2e6e14bf6ad0b000df35f96f4af37d7910d6d55ea0c34ff16450d99dd0f1566cadea85884f9424cc8288136084a8ccc6fe3b74caf078b26e222c36349e3769b0bed4ed726f47087f4fad74bda94e3b35b77512d1ea6b29896d3ce93bc294539dfa5127738eb943729724de13aae32952752f1b6b85942228fcec8ee5639485f4a7ff2b50e2539a827121820d85a3a9608e137dc7527536e2bcce9e87de2792b092089b6d288162f0b6f98fa86c26efc340a0ebea94b46731e92becfa60f42d9c9e9b5da9bea04fc855485c24357004d03faff449018d251ddb56f363de518a46bd2b42e3ae4a728eba253475b182c397bc4d25af9e5628f869df81a24f11d28c1c9fbdf4bca6a2e1630d0d0e41ca94cbd7e50f2eddf4df423400c8c05befd12c5c07f022253079c1de6b65ed23d5bd8010bb5161976aa531a59492b6e82c449a3318ec276d443424f870e6f4bc545d5aafade557e2433f3d1f143509fbbbb0784fbf2a6e3b317c8638a746dd5c041c653a4c47d08f28029f60ba31c85c0097b9c89dd5f5329d3bf42557eb8d1e376aa00baa2174bdbd9e31e87726954458d88f0c0b5471f571f4ff6c57aa90f67e7d7d2528e241fbbfab87e332a474faa209779199d606616ab6c40d0681026512a35c599dbc4a725214905dfb0fba22b34053d2475fe3f0b92438bcce342c33dd643db84941f3a98892c71d26f31a5971f408892f5d9ec722d7c62139166507e8e38e64f8e23efa1b13c57ab439226392c96329b35d4c513eb23f1af88f52950b0e1cd2254c990615e186b5f2710e9133ad1a58c30e276b4f8ed88b8d22209b45fa8d7ac6ed678451ba1899bbdf44ecb7a93f864c3484d981a472ed4ae19e67c3c82f458ae2f8c7acdacc25b78aa8023f51f7a41ae292051347ee29eeb5e9e52d0516934eccbeccf6c136184ca59b509368f6f142e2418aa721bcbfd81f0d12961c39f7669971c6a6fd8687b0d83a8c74221aeb44239d786f76c869844a84df79a44ab5275a101b4ad95e70408d935cf6b8ea5bff9e6b55ceaae508c6363964c08982a827f276db26a74bb54f0c887b45759e7608d5769934ad96747212973f76b88398a95c9d720dcc90c86670ed9b2c75fb326f0bff42740adc72f61d79bda39fd4341e0b2c1848cbf983e84d662cdbd7d205f9c70748d7b2bb661a3f432adfd502fa83e491579e988399be077eaffbd2d3938984d828e931d73357f7e239f38da494907932861b8ea30cbd62c4ae2f95de9952b7b81006e27f591a0a65a38a42119da6880e21b789ec1d3d2cab2af1fcd743daa8c083bca2ea245c838f5b1ecf8c1b71c38b49f6432a4354945c832a8877d0c5248573efaabeb229e16f8ed3f04f171bb1b933a305279ce72bafc262aca6068fbea9857323a5ed328653df37f9f4dc781cc1bff9a087baa61c31b64e5629ab0a57e08440141cebdce7a0b0b5f6b15ef229ce33397866b80e849ad825c9090818a2b2284f19529bbe126967fb9106803126d355e66414a7faa2388f0c3b065d04e3dbc8c68dfb349f23c5424ffd08ac42396033d99256400b8a2328260f9cfeaecaa16d16d9b1103ee5c0dea6dde48f28c0359704334e8998d644e12d38ae9b7e6d82d9edf11c5d799ff24074e93aa5c78b5ed588a0cf19882eba80bc64bf7902e7d740788fc8d6ad00c519412c057a1be0f15a0452572f2611e9bfe57ffdf6545bc8305d813f06d455e21ec3e3f575d57645c12a4da4f28b2349b26cba213f8cb9874125fa0f253358f029954e47a795cd614f504c5f3a1ab44ada85e242aef41be4455ad3a5a7b1f2cb6c667dce555b15f0fa12f53f09ca58bd3aca894c61b9d06c89f2f9cab79a4f811c6e22d48aad6ddb30456ff383d52d612af9b6c754fb19df80c18a9f8cc8b8ca85e058510dd90ecedafad3b469a7c65b45b890c9ca69a0566cefd2349d37da1941abc51387d044b2b6d05dc869273a519dd66793f8ce10a0af5f47056282b34b25b69fc97c20a3af61549920612fdcd873db8b6eed57427863ad8fb9b4dbc2cefbd3865479f7703520ffa35cb960d13a004cdbbe41401eee00a5c947d3c3e7bbf7236523a3d501f7a863a0e848f1e32aa67bed1d4654fa8f75ef0499fe053bb3456eaae89cdc47847a3f13ab9c5494461af0539817c15551a9cf4971178530a60d21a96586adfd747607b4511e43102ed20f756f89778389373274ec584fed248cf470ac6c41731398ccd21bc68b7f5c9c176ce0328c4ee454bf8fa5089f210d17c47dff03564fe2e6cbee3179c58f27262cfb820c8c8d15fba71c0d6987e44b62220bce2f52f0f1655d5eccfc34e8331bbe6ee4e58ff5c4909a79a5779bd7c4bd2b38292389dbff64c9086e8c32b078df3a8ad16851f4a66a1b21e12819ca86bc73174270964cdad476ca66443a6ef11f2599ebfc1859bf6cb3f6c6d19c00b27f325471226420e1025d563534dff3fda046b7f6d26c5112e2d62e15c752d7d8559ab0402b4eb1bc39d97e80ceec2a2325911bf197af5c0fb403ba0df4ee74b5ce955dd5b44ef4850edf93599d22911079cff59f6b6767befdafc2df4875a3c1d62ba684627ecec16cf2b0f6b7d476f5a211cae1f0cd22db91a7715d7fce54668d6b41e5b1753180bc414fe69fe37c6bc4ce73096fb698115953a7bb5fab271505c5277e531fb5befdbc0216b49c886ba36b789b13bc71e02bfbee98a87f998e78feba6a4fb35445cde9a41af4ac4cfc417b35d5ae9d9c9dc6800b0a3ee3d6127e2fef866954c721b05ab8f7039a7a107f8b6ff51bc69c69fdc7d1f8148c7774dbefe03c4df239983431ff921af8d7bf3966480f110ece4fd337c3ab4566d9f2736e2a4e535efb93b6b1229af6880db4999dcd8f3037b1df8cacd4cda33b0ee8a5cad9393b087c226e3681da86bdc5e7dbb0c4606500d8d1a655851dc20c63eee55ff592ec588a9dcb3899a7ae1c89dccfad93480174fc18868594c5986977dd81f113fcb599126ca26ad68de1bc35e5d9b392243672fd225d8faaaa3bb06489970a083a7782c9e9ca3f3b32eef99b5d2350a040fbccc3b950d88d5113d1f940c9436867b19cbaccac63ebf2d32d0cd6f250247fd296165ce601ae29b030ac83c04f4041de174f2950727e63982567990b48435404c596600e1d68322616785636fa3c0ff545966ffda405671075ec906fb9ea87854ebd7ac73c997bdc45b1f9b798aa2157643de2d72f7134ff98d9c5923a5ed5e797df5dbe44600ae08081c39c3fcd2a41d091b3a0928c20f56c1763c0fd6ee1e12a6f17b720929d58062b7d717a0915b47ae68c25d07e7ceef22ff3149f095792640694299a5ed200dd1ce56e4d81fca639365a93f94a331c7761ed8b3ff1c49fd0d702075abe6260e1cb2f75c19ccb38f24885bd52fc0d810f89fe980da5d46e3c354efa9bc6e5bd8fa14f6b1a476bc82cb28613993e70cddd9067c406577db5f1bbbc4da88a7a2aeb09704839d1477c5588a661c1e61ff9668d45ca8c9376716b7209180e33be094c5ad66acd99f98484725b8c82e8eca748f9f880688f5a3e278f296c94aa80f5167846ce70732efe026e35e8d7adbd7d3454d90023861d41cdb16cb65152dbf79ad20d6098227830318ec97ec37522a23d63bd61c8348de36292848ab0e7820605a1451ef69f70a39b0c8ff38cbf81a558695717b574613b5fa29fec029a9853df94221b5f7f4b60f7cf6954ffe9d47d406033f2ca5bdba98c43fd429da74c06b6d9f76fab33009182b583577c62365be4c80a26efed86ab32760af93de81d0fa21624791cc63c2eaaeebca01fa820e054b3bbaf33a9a0d9f452a6382980aca7aa8f68e0b0a38975f936f5275be96461f50dfefa5271e28e82d5c48c1d3366345f5ef30340f98ce766eaaf58b6b005e1c98675cbb8ac04ce8824eaaf3e39181029fe3b422f217cf429fdd9e0f2575ccb07d3dbda06480fa35e673033dee8959dcc12b53beda50a1b8a87061915e000ee9c2944d8c8f332b6cc28dc4c581c9885704799c80259560a59c059d19ade19cdab4f0b2041bfbac4593c6d2524b0e1084af9e2a64742963422a95ab3315dab2b01d695915f4e35439a27ab919e906b070ca9eaab7f14cc12d4afb2a2d58001f6995f7fcc93acff1bf263c7865828f411ddd152eb287ec11372b2b5638588a1f7938d939fb21d26a03ec14fa9a2f0bbf845434d7e2c65dfa28a2eb01505fecefbee378b67567587f24b8b229c4a908ed32bb14fb900cf24dc46c616bb9a83ced661ce15ac3582978dd1891598acdd03e923cc46fcc41f473d7deebc0eee87d51f6d6015ad8a4cbb124a713ca5dbe392325cc2e49b320edcc0c80dd234c283ad88a3852122af13d5bf435abbefe7b310429044a1e10d357f7e58cd8c6591c4743be3fa1f9c54c66d1e0e8482ddcbe00801207fb92c7f484a76f06d33309cd57f76be5d690ac346bd96497dc7608e4e21469ed1efff50085ac2e5efed4d24179623e98e396e4b329dcb79a7c9369fc165db345a8e4b9b484810c3f531d2627ee5862b3b5e67f84296b766ecf61d9484517ed9e9d2180466a3242cd512a754d654c007f817f2db0c66067aa5aa139d8e111b07bd84188459458a68a9663b9c1edf4c2a15c9b700f6a6d935ec08f50c1f2c96b2b5e921bd91fc422f65206fcb2bfde7955f483a9b89f5f20bead8110d2b42179500f6ba8cc2900a5c43107e03eb17b7c353886ac61559e58774182cb152668acca6a6a5c76a8f54ac57a534ed1fd42cb51b190b31181197d74249ae7303d329f56e0d083c84c1909307f70fc15ada853b6495efbcbb8899d914ca625d7a1e6fd6ed3400218197b38f1c5373c8faea89127abf1614d3ff735d8000391df6b09c442834ccc20d09f62f69731d65b3a01f97ec03bf1f04be6b2785e1f2263adcf576e4c229994968f498f111476f449afbd422c0758bdc9cc90408d2d0bf42d06bc411a24c5d9e56fdb0416649bf6e6dbd368d8ed96742c9392676d7ef4a1049cb9b12b03459a16eaebd962b9983e50d3c1802c104e0a386095f8b35981721990486b444a714ccde5d4e1bb206026606fa18c36bfb37822ed17657ec642b43cbd2e52bd3282e74aedede2b93a93ced5018f5fcce4f3f5f212de9b436db017158df2aee2cbb64e86b917eeafb3497ddd5af2075d12f054af0110b651c4694a14ff18ed2fdac0377b03e1d4b81069c132395a0f0d13cdcf6f04bba5037ca943355edb882c69e452b134853ee4c71057ba0615eae3843356d6045f85e7337f5674c9d231371c017507e079085c43e19d5e4e93afd2979f2d1e09cec039b9c6f27cc7a122e19d44289ddfd0ae8e63b4db9e6843ef1ae589c537ccc29e6e9f3262a4999126e46767f40b9595a5d3d38de9da8e59280399e33d720cbd2ceb6e854b22ea6e682633860ae6cc00b7a50072c0dd8e0ff4177d70a9abddea708b27811d727d5a7fb3777038eef2ae5aebffc035ecd2ce75d382c05d0b9f6a60ef16cee13a3819b32ed059f106e2b7665dec3be9f0754de35884810058cb2844d010a9bebe8f62a9d56b31d80b368d4c24736f65e6e2dbc9a0c23fdabb13879e1f44721c0027e0d7b8b9fc1d90cd0a538f744f136beeb09c5710adfd9b32934bc6f6774f1b1cf1705a54bf795289c849e243744c2e385682e3032d515bda61d135554ec5838fc6a6c845e50262e172ef3bf3024d0033dd5e7a756a05467c83dadae17cd1198d2a37bdda85ca08d9e29950886f199e364e8135b3d31b86e874ea4d78c5afe53f522b1d31cc247f8c8a4c617e907245aeed42c6f056a327ecc648fe58aed55bbb686a2d165bf9663a970ba38b5e16c32069e9a9b6bb7a77440d820bb41290c1d27cc9284ce7bc41b914119e6b28aceede392f5813da59ba8a6888e5596f614544d3aed989d2a68a5146aa72e5ee9a9dc429cfe9fdc21a5fc4e3c2ff7514ed90662b6b3c91647f30e9cf43e92099c37894df32f8ac61165531c1244b55f931bb8638af5e8696ed96b1fb6a37aa64e4e342be15050196423455190a13cd4173ae1fed88b0ae0ffacb2dc63effe874ae226938d59cfaa7c67b97b2038fd7b95dfdfc22c2be218cb886c3839d80a44bb42b63e5a67a9894f539c1cbecf3b0300252627d24aa1632fda0e62c03b43f3cebd013de4b650b8aa72508676e98f466f1d84dfbe7b0955b4f65e789705f6b178f8f22272449c7c7d0ff5ae286eda6818b001d3618e96713ffd06305aae3c0defb201b011bf8d63b5debaa9e166cf4b7495825a2c758a4ff02e5fa8dd41e6f59df097752c5e1a7ed1a6b44c030a8a633621ea5fc30958455d34072db97362a0bed4106ca13764f4c123fe96daf9e918c5bb7cd1ab0945740666bf0a933058920c2e09f2e7c53b26eb5306f7d0470d81e19e69d298e0e201b11e1313398d8e1959f135122bb8ec0e1035f683d633cc6b1669eab4a16ee1f3e3dce00dd9766d1a106abb3a9e1e426fe5729be7c3bbafcf5474753fbabb6c0d7780c17c9a66c806a9a7fb47f2692a59f82bd6aca373a1218e9a8e994636baf82d1b23838a030b4704c608fa9c8339a83bf4f1c53cd1edd4af9379e5d5075a50f5f464295fc8f1342e5b1c6f93fd40dbec4399128f75815dab9023a3ed2958bd31f3f39d91b7077ff074e575e5b8058c0aad0a367d9493864e321513592aa9d0f6c4fe8032ef73279c08baaa48f4a37499801e4b16bc533d7ae328ca26accec3b1a7ca193a35d20a61f2fd348eaae88f50699ef9a28c13b27593211a793dbf8430457092f36ac1e56e76a660affde88d28ba1c0d2a9608e50b492f007c555405c02737d1c293370584ccaa9142a252e6819c8425a93c13ed988628ccf32c225f97f0d839f68a504666b26d8358c6d7ec093423cd2124493f7b75a93ae78e600385db996408a13b8b9fb9c94ac3289a10017eee707adee9459c0e691f3366f8c7e8b10963ee2a86323a4dbd5e5a4b26ef2d6e445fcc931028db3b2f43eedd9e8b4f61a59d8f697491ca4fac32d99cc88b7205931fccf3858e7098b5417667a17c021a0132407efac96d8cb2736019d6099dd19ef7930dcb001ba85fb09236a81d6eb20947a34f7058cebcc7beb6dca64bec38bbdaaf5da74241c1548ce20d644ed110c31f4436e05fa615f184f85f4d3c3585dfda073d718c8fa1c5b56b5ad8d142903ae81aa4eee24e4319ea305be0a8dbc958f8c8ed8adffbc8193821fdb5dba55abcd27899638e69daa3b700e5e82a8ee75cf14a449941dc74809c999119ff3f0906427f9be1d9701e88209898e87d2f2e9bbc3c89c4c92e14b754ea73d28fba5c879229e4a8e7df0a4bed56b864082ca820796bac0bc8bad33ca33a715ebf6826699ce51a1e74e150d3d96279bedf4566370a8f980c8d347ffc3d4b4b3334ddcdbe068deecddfa32609a52c904a7f17eeb8d99c49f590230c3966fd17e669d2d713b6b734873f88fbc5b25b2cedc10ebde9057ad76f13ef96d4e20325049beb1511c4cee4c0ab6680cba0718b08a7e7f563f5a5a928d20749170aca55642442898cd1dc8a23299f6bfdde370d38b79d45664e52711fd66e1dfac4bdc39dfb430fd55b17032ce7fe3123a4b11e5390c7f31bbd5666e0d5ad47aa209c663740cde4cc27e04af795d29085f3768ff2ef1586d8bdf35563b96e49f770a5677c91da7fc04b1fba4e5cf133ca5f2b312d0de3346871bd567cc937262a3f5e8ac691be36dcf90a1dde47716edddffb8ff56a25164d412d310dc32e973c88145ca3b04399432af378f43640bed2e511631e3d9c2c2edf0467631cbde04014e1ae26ce2eae577e8e9789195e9ad8305becd4ac30d6d917ce42183a9a45befe6f4a7e77f37223eca8c46bb9f259b8983f8c0a7ef2ef57dfda5a1f53d2c2cb07da753135db075fce553e3ee86128a50b56cd31dea0b79a76113d6005f2f4dcc4480f4c313c0e9d07c26fd1cd7d69b32d0700efd01b35922c5410932889789edd484e08789a21d2712ceb4c484c19eb1a2c9d0a96f87d1965fba1dd3ceb365c5b33b1ad034d26ef146397a36626be080c61209c7c04bd3cfb6ce09e9996215c15c148b63a479b7dbecd3b9bf7f5d12023e263e12fb4ef78a9416af95b45c2009fbd4e7837929bb6cd8d90a1a28f8b489daeec6a0b173396e2cc1afdd33140a2a143faa7ff14f2bbfcfd585067cdd5eaac9d709939101d48d11aa183e1ebf3fac463f9d40ea4341a512d26f312a90ec707e34f0ba51aed2d9c78173e921b90160dc2e944851050ac5479f7fbd16f0e59eb093aca5b5a3fa1399d554a03d801e66ea8bfca60955d502a63e50bf32091e5b64a02030f89c68994cdfc7790ae11539c4311c86cf8994691a297bff6718080c748eba678fb573fb199ced83aac4a8cbd328ae4c0f1c5fd6e591aaed6430c91e1f20b75f1ce70045d66ffec8d106e6f41e26d1566e8d3a254a9ca10a170e595724173be30f0207baac3f24a735c520683b53ee61533acf99d1c62913564591351fd569734c4b51c639838dfd2c6ae42e9940ba16525db484caf715e8c0141e3bceba87cd6f0b9043324815db8c14e01f8182413a93b99747e6e570b12ea58a4fff018e7705984e23b6ae93e7aa078e1b4ffe4f3cf9dc2bb4bd7ede8dbdbf125c6124101fd77c683fedb6ea7fb98331962d3f6ecb1f00aa9d97486fb31ca437b2c7b5efc3df037bdb5b302a589dc110548bac98b030bdc75db32276eb426fe02b7cbd1f7e7989acb72d56f4ecf5f2316f8d51e8848b4516c0d61fd4a8f2ba1d32e62a248b125c8ee37c645e26fa4ea9cb85ebcc8c552526b45824011b23e1c8d86f06ff007c42d0973c0e27677a582d801ea7d73446a3c1033d3a9b407e4c079ebfccb2185aaa76e22a5f763053c943f4b74d2604b31fa82103146ae1344f1c7ece3b6e357accf082195929fa5c905a92ec8f74154d597d352245b9fb4c44b1c99e4826ed601419ae740f424d9893dece447304dc5373923a6e75684555912b2fbba0b26d5cfe557b4a6c292f69d52e4eb52ccccbd74f7de9408f3d732d4acc6c3ca67e805377f47aca6a035770104539dd7d849bcce953c64b7d82938889b4e2fbe87477ce5f5ac53054281c187e764de5ebdfb1d2e5b8151038473f8adf68ccafbff34fa0e9b5fce24b72ab3d1cb6fec1684095ec653c91d386f6de814fae0c7b58d91a2ed4e6e9c7ff37f87be5073133b31bfe498e83c501b100c8b3c424b9627ab8e0c4cb2c09b46ed26ae1f008d1d71c575d28dff9b43eda9989ce6a9fb5cc867b466dc2f3586b6694bda32c01e91b20bee1cc5d9019665acb25311bc397aea277477ab1bea2f9dd418375556d52296ba3fbd99d224f03e47195097327e94971ae4635811f4c5bdd0e63f5dbeb81346e49055c4b0cd02edb9796cfab44e3008500625fb3b5549e6ee6710fe755c4ca2286bcd8294a0353a9bc7a26b82a0de0b557d83cd21aa5991080a7a1660de3dc111e3853748e06835b221d2687deea193c45f320c1a650a7711e8fb23fceba91fee05ce3e7792831603865e0e8af05e4c32dcfc197c06c3003cd12aca2e5174f04158fc463622fb6130b7cd24b945dfe71252e763c93bc3722d60c78ecbdce3a0b6700e787604be40e881996a549a470706204c33ed22ca79cb456d967aaf74950ce5f0bb48b20f381c6f72a48da8ca14d7e93207fa779caaa423d5be30a6c6456d942b7d903d137ecef37fa88f7de62884bc2fe74cbf58e17d7159806ebe502d6fa4bc54cfe3a3f602849bd5d5908f241effb029b353fbe1bb31a471e29f868edac3d1e0ea59ccf799d015d885310d05cf14e5ee762ed213b352b6aadee2623682032babf353269347391797d6af091b001c6b975f1a1a82f26fe09af29c5271270a64e47cfbdac95a65bc92687b336cad7dcfeec8d4e3d9e3ece2a5e44efd177a54c30797a7022f52c2dd5a364c3757b42a57ebde7f8a1be833c3bb9ec0e18514493e32ce030f27cd687faf5f8748c85dfcf28c6127915bcfd8d9ba083e31fba910e3572adc2d7c00795e6a79eca5c9384c075588429c614e35c3543c263043acfd30e98dcacce4103a4c2f3a455dfb23079a8c7335a755d36b20361c5305f060479809a1ce1601381c2dd7d6439027836bded975d79923e28d54166e3738f234f072306fe44c40555a9421afa1d4c5f089765d1640905ef6ce9aaf3b849f68672129316722ec389595def9dcee7bf4a54999dfeb02e97636e082e2980da2ab25b44d2edeb5e0e1df7b2d351b51bee5a8e871b3bd9bf4bd9b49fe3c601ed9c601922e2f9573ac20982572d5f466fa38d6fb935bfcfd418587d0a83fc9543282d25e1636b18631d1ec987344a96f0e2efba10c8f6bcf9da9115361f063e9e6d8c9a890ddd95ab9686f2f5611f8f646606abf92ca6ebbd5d5ada6f753265d427939b4d5902d1d7f9f05525fae3602f56b93ee2978f24073b7802221cd07295ceff74e6203d7c5107af0850ab4f40eec527fa89aba28fcf09c1fbe4b5c1c627216afc9e3c9d9194a8c9e859278f0ecc786d70a8091e3459f2d2f7bab6a260565331f49a12c79a889fbf82fbc6215a981414605462a4896de9dc1fb8828e0aa81bb2e8b567aa92ae55acb86a376174de277f10fdb15848b0e8de7f9b949bf02cc22275e6e6d421ffc7f652793bcd1c96df7caa7ec927c37bb5ee428b41fd9b5857f9353309be1d3715de029650de0d166aeb8abfc688790b10a428c943b7e8dd14898e6ce7e9665d46652a6f95e462e5c60624e7b35e9ce4648f89642e0eb58075c7faa589fe41e164f58432401cc2f2bfc6fcfe2b5fb5169e097e94ea2ee1fef334a5f758e37258b6de3c5261dd060508dba2a97f2b4d3fbfd1b742e9f6ab5ca8845299ac517aa0be09e70c46e76f003aaa6efc0d9974a8647875526aa9242bda47ed656f562f810f7bd20922260b71d501e5a491aa7a450548d80d7c6a3032ab141b933d8773a3b1cf49af4618c1d829eddf95076e1ad4e58bb731f1b7b4cf7c9c92d52d765f95e192ff6fb79cc187d679c9402c6ee5d9333b872a6770dba69f13a62c529f718632e59a562ab65519dc14ff102c57c7f034c0141f8c9b83fc385c0169f44e0e2a99847f298383a6872f4c39af5cd691a0bb928b4c3b8b5b30b0ae455123cc893c3038c4ed510a48475930b0913795e0eb0a869fcdcc31890dba25544121c093c5c4e878a7ec7cbddf4c1aadd99bbc4860fd8f5c2df0bfc472e98bc3a58a67f6a7ce519b069f86b1f183c70784fe817ff6e1f2cebb975e16788e4cbb36fd0dc5bf27dc1a49c5628b7ba2f58de9ddcbc8bfe71027e2fe90c4159501776d75d120fec55b0ef4f9319ad84ed27e3ab3116cafdb169100cda74e9e05476b1f4027e6497d7cf20356c31db7e9598293ca75b2c5e2911050ac509e44e9b878c342f93d4dc2583d45458fe5ec9874a2d5828687d546a7c504a0c59a23ebe356f0b984ffa171a9b7aec6e1c2ae4c0d1bd9fe420fcdf3fa35b52b2c99feafec9aed4654ec981207e000e619c70ebf0f4462d6e6214ff55cca418936363de38782a7fb9b8667ec28619d9902484281fef9022a1b9e7e63d4aec16aebbb544ab254fa95bb05c9248add7fbe0bcd1690de45b6197afaefa32b894cd617c62f0a82e661658089f6e5247669fb450d5c5be8e0b58a1146edc61cfc4e4e6b1b7fef206db83cfe46adb62445d7b242c26241b93c9b58cba1700f9c6e6696244e4f20e8815ecfc9ef347e68fad7a86e5405138eecb6929db7464916da99e82b0fae8e67befafc3d233fb86bd886ae43d027c206c9fbc0a044011172f5324afc1f5abd2b1bb856ef294492261362ce874a3dc4202e8d18fa930650141601a02284b7b1b96dee87e37fcffecaf9144146d4fc72b2e18565ac8d82a6b9697c375c54afb6175849973525e6e27b36c8ee531f3893456b5ae93f59b1c836a5e1253b5622301daa345db7e041562f7f64d695859e2768626c1383a566d61bd4d7b3c2faef59bec9fa851a7e5df30d655dbf547714264f1c5d565ee8a37a1c1b280f8915154f51d2fc5ef371eceaef1f1d2ee58d5f07abdcbaab50254e2d9d1f8ddaaefdbef6be6a90c4fd81e8badee7d8e17f1d28797e6803f8ce6660506aa8f38662d513745f1bdfee17af9156834001f87e094948100ea439b70f49a4c002307bb92591892f9e17e922ad3fef9a59aa87f8d8e33856aa681563c3a277118fb2678dda94a82886d1856d56b65b713757943536a670a608a875d16591f50af5354c85f039f164b8989a53f5b0c07af638d65fe1aad49839f3ab1d020b74546371e1813e6d0f7a19812726223a0dc1af7d86bfd640576a01dcd33b2020cd4a5fb84348f8ed1dd2c220e3778cc98c5c4bc196eac7ac9a5321a7647f5524c4df7b71a0a8347f3e22d52e8034542d7baa9ee1653d9ae3ef472efd7e0d41e4a40fa098e29e5138e9914214e0118333ef8da2b7fe0433ccf9bb9a46935abf36bff60c59869ec8e229609ad265401bfb290a45056ec015a1ee70e3498d83d87527520646726618b4109631a12f88842cae877b8b76c2ac58776014ad1a351a539c4bfca81d2848dd566c84ae2022703a552601d3ba985bab2295ac76c525ac323023c5f86c7760a0d63eb117e889bdd6d23a834038948b651c5b25151fa2974e8397f4f1b3ab6859421d001c38bc975af822d493ddb87f0483afbf1a626dab5b46be6d2493eb80987a5ad099b39a44b443d0687871067286c6dd44f5f8ca22afad4e3a734bf39da6d0ddf61077512d8d25896bbd4bf8025ed20034f794daf9dc936d83b6a683449282ee3b9181c4fca46216bbfeeeef09f7bf1aa6ef885e22cf1deb93a5cfd569cbc202d296e910ed8113fd5def4b8c65297d9117fc90147726e9dec0b0c7526d82f770bb059049ef3be8cf4de99021f6c8cdc34c81e89858aa4f79a39715236234bd7f055517b7627a1974cd0081819e64d5b6e3c5d2afdd2686c38253f1816b5d2c1ebbda3d74468eee9bbe0e6bb7a2ae35f41803cd472e13f0b8c4468daca537cd52817307d74e71e9c7c5209b400a590182a454d69ec638257dff742d3146a8ed1ca67ed3379c1e4cfbb37cb7b622b0b2d5263b3bfd76d3f80e8659d6e0a519fb376ede607d713bb2d5c40b607e71825bdd4d620776317ee0ad86326fbc7a87622ba633a44de35e277f0e9ac3310c37de891e9e568ab6803e362779c92dff019e6789b1cd2792b4dbc5d590077be3e491957fa1b1bf8c905bc18f742d0e926df79daaa75069d0cb7eb77618dca0a7c3c753e8ccb4e236d05357fc034dc7a8890b32a160371fcf03675ff9fe4455b8d4bb562216d6e1b808c56560d112220bd23347bbddb3cf18b2f75e046f64c3f4df2002f059d1990d90bd36f3672e00b318ec310995077fec7be6df7d55648b35d55b3ca491e24a2cfcdf4e80d990de9570d0863c7312d80c9f144440785ca7d54a9d58a8118c9cd426c84df62b47c3680a2063a44627c2bdf7eea64ef4fa330cce962794a6d1b9a92600f8275f9dd6f7f64a2e6dc02874698fd0fea7958f89e27f7ffc38bee73e614a6e76b9da9c1e73c155af3a7b726cad67aafbb231f2dc2d4169b8a9bfd247de450bcf97e3aa2113967039714e664f3dac1fe3ef905f5dbd3c7193c41cf65b96ecba1628cb847e31fa6664a623dad7f2a6f302d8b9f74cb58ba0d7c535995e13e105e20d15606e8057f3ee32c040e104e8ea323b89b0d65600636b0dba70b9c3cc0b225bcf872f42ee3dc5020431b9da886a8363dc27409fbcef61dc8b8d7261ef15c39ce2fd8daa912d81f055801a220b7bb6b031428f4affd9d72c165a00d30719ccc80aeae696d359bbb47d2d7d473f279325c5deb349bc80ce143e625668d2d54bd1700b7e2c0d6047c8461e0714adb4051388581958d8cf26c02c697ec4e5f8e094555dd9c16906fd07d313baca3bbc9e2527a29264371ac82e1c2e0e63b66009fee77b52b0da9d2aaf46b81c186c2f650891021b6502d691f606d54209f2e8ca381010ab488fd929c8f4893368c7f5fb45157bae58484d1f943f150af43ae320ef4f32aa9854debad7587a8193be8e715f4509c1d8638114db5626e54de4c83295610a29da659b80a1891223bc307fb73e6583688f6c908261f157a734747304aff718d97badda8b3abd348375e7c0703170c409cb8efebad0a679fa96bdd1ef94baed47e67e8ae90cb8dd8c1de04471450eb870bee2e891fabfc291473caeeb7c1e1283ebcd68eba7b622118929a3cbf4c456f246e8f634b146a821b23715c7bf0f375c93a0bcfb00e757b41bf3f07158a0ec2313971082a873e5eb15405b64a6e8f8dd409c89571355dd49482fe9109dc9354482385af3ecd8218551473b53aba8b06c1a8788cc7b4cc2a4023e896670a4770507f4ffbcd6b9c4db12dc6a5705a5f9b17b7089c8d7c3afcc395052c9708e8dfd0f758d130ea399d43121a2ea1fd76172fb0aa1f25461559b386d25a45a0dd2c411c8a8fd415921bb4074930cfe3fee0f83f091edf3f611b9e06a5e659bef110a8c7e6653b610b010acbb22dc1a03ca9f7572f0e64265df67d89e01996dd0f794744b14b95866816c1f0c4719eb4e3189a5ac9925fa42949556ebb0007e51aa6c2b7f7b376a725f752c39ade563c987e2c8c308209dee431dfbaa87f1bda7eff0a8409a1dd5a9b240d14c73e678ba5f9063fa6d80d4ef88b21b70a28d6c4231e887ca04b1b3a557e18b271ad58afbe8722941cf688c72216b231c2b119f2748b3a9103067a54891bc647a9235e38413bea4475361fe535888e6c28f96074b89a655083c3942daed51ef81a32804b68de53e29bb469ee4944b58aaccf6ff36921bbc54f416244570928b82dddc60b161abdd2184fa907cd6c8dde87a3229c235a0d8fa0c96eb055aab844454bc15ccffa830bc0248aef5ae088aba09216706ef79b317c6f06602ff43b2e21c33a4a4cf495fafa763f0621df0ab95adfd80235e88417e7bd7758ce0b2b3684b7cc515f0da4076caf9c3ed662bc92a996970675bd1c6c930576c89293f9e92dd6beee984b190a4372eee9e311c951701556f979ed8f0bd302102d313c9ac25f9f7a6f10bab5d5cbacd7e9ddc9387f39da679cbd28ff3d3243221ac5b8d2ae224c631c3708176d949414febb0ea881b049d56057d0201fbad69312cb9bb183e364d92bd9303d7e9ab7b3f02769abf66d05ce209c98b548490b0300eefdef5c1d8bcad2fe3daf4ce7a138ec3e9c47b4d0998709011c745e175522b06f0bf3cbc60aff12ad5defcda86d49f44b3bbe14b5087e74762b3f9854bfcc0017003765c5573a2b12367755452883d576d53a80cc4af1c460dfe07ab72475215de092934972b0bf0949541f36d12f632356434976e948cdec880f4901e0a26fb4c3c2cd6b206712e2f1a3d3314111f97c5d740bd40ca3bc3be14508675a78b11a939fcd3ac5b463e4f5354077a480550b6544d6847b5455f6578499cab2c3574d9141ad2a3412ca43ed1ce5b04d83928787ca4a89f0dfdd88ce45b8d8f9ef8131fa3f62bf91b4ca650c491a87e9bec1fea65ac69414cd93c4045da535e7bd5989ce0fd29d5f1c0ab059f49ec505072f7a3ec3f2c42bd95e7f9b032c5cdc97770b6984e1b19754e17256cbaccabe005eae0ec27df920f511161a430d97967200cb704c7bc0395c61b8e505cc0f42d4bc36a547a24af2f87f738fca6cc6fa1b71d26e554aa4338e951039a57191207f2d13183f35b09a6c62b5378ac0d5447209650cffbad7a8d3429d797f79304f9da0d6a2cb574137408d83e695ae26dbdbaabb6d6ff83ad84f49c7ee17d06682a0870df8c17f0e9f946477d4152a179a48dc1d128af87d6d2655b39210de043ab8d38a6954d59098887286914c72659ecb5763c7185aee20518f5bcad7ad64769337261bd654fae9ec3c8856dad946f6310fe5496be708344d0ee63e6accff7cc7255fc2bf3562a4fe406628117d710f1b8aa24ebdb2255fca6ca7bc3415c32599b8d5256cd91da4b277bf7dbb643bee6b922ebf195c6a40503c84671763fe45517085f94d9ab7639e7cfbc82cfb7dec2629388ddab2c5f9a9150c95825533f9321b238bd15d1d5ec972f8cceaab0291e767af1c0a902b33349e966ca601501bcc7ab843fd591a810b1b8ccd4c4103229377f2a67b90e83e743ab2c2cd0e03df892d4ca72f9865e78e213cbc176169aeb968a5b2998fa7c088dc60f5eb6df471b34a345873ec3fb9da4fcb0b0b78b17d04202a18f3ecb615031aa599978ec35c9dc21b1f95b815715243e0e8908eef1bd7c1533c563eeacb7e9e95f625dbb82b13bf0ba3e451a0d8d93a3fb4b2e37069d0b6e86b4064ad94919cc11089aa4cb8adf5b61f4bd1a9000b558ef222d88e302006323727fd7f9aceba64adeaf97bc5abcd1c3911bd4fa5e1afbb644ca49cc6815276b50aab7ff1e15f85763eb855b260956182bba53cd65836e95e9477523910bcc761e847c6c9b81403dca2953ceb717517a4612b7dd8234395676108a73d6c844ad7455a06bf4d2bf0b06822b73027d2869e541397f001d51566a8cdbb4a6b606bbdc2b61e3258c494913f73556daa3b58d5a57af9677cf6e36cd2a94a06d1480125f7f40c3535d1725471035cf152390b58c47661ddc9d1aeed43325c6d0584f0d0f9f285c130f8ca1fefe8df864ff6b2aae92b3a985c9f462c5872ff125cfa5ef4a42e8310902d7ce13a7a0eda5370b190950addd6647b254262bd6a8c696ebc4258a075174ca5bb55c524db00bf9d7e272441df11365cc6a9cfb0c9405a5cdc34646634d1ffeda20d740380eebab0c11b3a0294219a407f064625ccab57d23d446b84232283831c62cac4222f4a3978b73f6380333a0afb95e3ba1aaa3c19d8d4190ef8d35eb0ab482ee84b47919cf4b008c892e022a6e982824973f188fae731538df4d3b9d87b4e01f20a43b0874755aaeded2ac0d8a48f7a3a7416ff258b811859fb88c1ca741e25ba87cdf13703e432f660702ddb66b0a3542a03ee3d5d50bcc69a3dbd444d8db9197d9b460bc4ed282bb2e0c05042b9fb9db6a424a8ae9ecebfb4b259575bf1223eaa60148abf673db0ddd6983bc57f632281b6c92b035e6a00b784a187a16a8695742a694724a6b858e5c39c5dba64bbbc50f4e01f3f2fef769ddcafbb4291e4dfc2f575acbfc8c27637da4eb757249fbd457894e68f58f6eb582a5fb54c4bcc7d6829e5ecc209dd0237ee19539bdb928acefe75fca603744a32e2ae3512d3740219ea3cc4225b44aaf9ce9ae008eefbfa294a17e4ac5929dcc410fca9871c35b3fe1424562ae6e5e82f44b3f47b1b2a7e85df551f11186ae9c362dcf8e8a27a67560b19576de21f55cd7d68acb0bf8ac3279857cfe00c27120d2816eaa7d8b7a0aed79ef499a6e5ee52e1ce5687128378aa2d8c8ccff34e2f5b3f54765952b090c9a387b9835452a3842d6fa3e80216d49de9ad32663d1cbd7ac3265bd790ae52c2a3afd39dc413973c5c58700a7382b1ef573237b65f64949e161ed02a1ddf3d10782d24455671fbd23e8f2fe4b1c5547cf41304dab9ed9a74406fd0be71c63c305bdea4c559373683097b33884b4aabc88009971b92a0f87d07abf41f73592dce5d3d25349d6826bc200d57e10b94c3b3bcb3b0b0a23042a19a8660a4e1c2ad62301945a993346f1515a02365d088439926c92efe963ab530b03e97f861fc897cfa23460f81190837c569262c35e1d09c66f089757be528ad981d6c4d5d808c05552db585782cc79de26fdfde6a2fd57176a74f4d91e17ee7ba609ec0f0f674d057594f29a882036f2ce99c83abbda136f0ef2345844461a06b18402d104febd2a090680c48841cd571825fee66da6f270e091107ce59e40d25378b42c46c773103f0fc6d7d6f2f592eb859dc3776044f7969208b5a58d36d8749b659ecb14b817b586d6cee4217f305f3ab0b1d46cf9a211879b92ecc6dc7fe95505d922ee520a64b8f08825413a3e798856e72c929131ede77d58530cc6542d779b6288ce3ec717aaf93ac3832c0de82d1657961d3018a297fefae6e3c715d93c446919d2493a6a80da179e3b676ccdc643921f2850c9479098b248724a163a529b5491106d11292c07df8ef4c941c8e8b6490a7be6aa512f2c3890b4170f6b2322773920d28d0fd2ac8d19a7c91b07c513a61a3bff103ee4e86fadd0e9a9dcbc7ce5bc54bf262450a51eb78607dfbd9bb64ce52ce3152ed2071bd636f34a1a4578f1934c1dd800f7d131f8201362871832e1ec9855e736364b62b8e13ddee8ffa03ef291e254649144d5c3cd1e9b86145c5b8e993a79b0ed33e1ca791b55ff6dadf5b0c43dd088ff5ad5fd5ed9170b6b754b7edddffec836e265bfffa5b22421ea725b279688204d714063ff16549e3eb2ba96f032039b998d54113ab0d06ccadcb6747a68fbc60bcdd8a5fdc9584787428b49ffd8519e7f8364faeec48ef5c95dcca5b2c18d56b7cfafe82a2709dbacf6f0b8a718817acb05b649c86d6ccbd5888282c38dc0d5ad876c5fac49ae82c6f14e253fcb2a887745441b30f450fb1dbbf3ba310ef7afd68ec3f3bd39f05484a2d5316aa5a6c65f158f352d8f4ba4e3a8efcdebc15de6a0ddd0e26e65035935b1a2c07b759945db4870e732084711e330baef458c17aaa271bfa640c43f4a7ccc262289f6d1bbcdef5be0727bae78b09ae4a5ef22c2ba18b8ceb74986d0aa0e43fbea4e16f1fe8b4d6a0b6865d1b97c9a290d8d0ab7746ae36ab37bcef20603a066788611a21382634ce4b876323e1590942c08d8289199a215072845e20a29ae70a1648bfaf544b82a026e0fe1f0fadb84b916ee9745c0965af02a6b8c4bb68ccc6d377e0676c6dc64a36237ab7bed897ebddd2be42096774ee7154b179ce19f2c794427fb2a311f5ec103acb1ee67d1ca18f80ee0366ced0c4ce4461f3ce50b86fc61ff9225136eb1d19fa37c635aea20a6501c2f4d344df190cd93fe17a8e20d4bf118472f8b1b28e9d759cc9f486d01bf1550896cda679677d16c4bd33c62dc8ae85a9624aad0b28f000c6033596a5b5b3a6b2dd2b7b463d9feada67c903580c5f68c195838d100e00cc803cd7c7e3727537c32d1a20b193b46bb83f1d69fd138294ed7045d465502db14c53585e2c282a47375559d84d007c87e3e65db00f174c90724fe647874b51ea5473ecd9db459a83e45051d863b5aa7a81b8c0d6fae5ce6806a7767755b2cf30f20b9fb78f5a6efce51355c8175218b24960363995efada096ed3067add178d0e2c6c479490bcf2a168e3d32ba1299522073b7e9fcb3ac9787bcca15817608373f14b2b5a2cf3a0e988ccd954471164b14a44e912568a6177b20732d742d3aea509c76281773904bddb76201ca1a6e2cf5748a5281f27f2aa71638855a6d6e73fa8c726c89e8ba721ca25c3b696d2167e16e098e5aef45a512d311ea55719ab65cc0166291ca12c57b2c00b2149a4090be532514c38aac99a1792419990244ae10ae2da08146166b7c93f32d8a018d90a7b70ccc4528b4185c22df27e9fd95425f158a79c7628bb67132e5de27eceb8906d0e64118be3e38a990fdf0f855d21743e492e9615dc30f38f6c05cf2611f0d5703fa59e6909ee616f4d72f36fbf286b67f620b0de15f50dc3a70f5a8cb21d6eb3175d54e8d54f8d56de05f36e517320a34125746c0a20b7817aad289efc686de026a2e2f95a03d7672f6ce4b555dde6132e468f7ef570fcb07cc6d4aa0fcce5c6c0c61c1997b0af25cb19aea656ce3efea1d5b2a79986ef1802993de3130a4aa1b77340c2e5717866c99680589f6ebea8f25e509dedb89ff02e120eaac334c9d96dd57902080197f8cac0ad1c85e242367fe173fe08e34cdbb2edb3245d783459c2e3d7ce20ae27faff0f8ae62ae27b9d8bd6ec9349656502405cd61f6dad5aa8407c2ffd4bc53de7ed953929fd7d4804e9a80eb7544936ed9c48633369c532302dd6d3dfa952bc4f0f74e678055391276c36ff087b5213a0a62dd6461b4ace0bb59c04d283e5a283cc7277bc95e78be7373db7492aa862c6d56b15942edc04dd5b947ba46c8de651c88e33a1543aaceb043d1d461c3c0733a042997bf66da2f890eb33c1b0605f3f9e4cc93470caf47a1b0e5888f145f953f219589ee923c957a0d1e6b3d2e9506d40f15e0bf7ca301b577d729db85ccfda7694a42039f227ff389f2c3b69962dce6585899486d5c1b2b2e334a98bfcb71acb6cef031345bdf250f24e5ccfe652f2bafc8902238828cca7547ebbcee1c7c41a323ae8a9d5563ca5cb9b0ec6df832eafe0cdd2fb461720e440994083fbdfaddcf7e41f938396f3def11155c38eca5d87003fbe48ae2db1a71358964326a234100b141aa943d6f8bafc7bad39ecce1510d97c08bfe835842b0e23c40e2d2d39b4135dbfbbdd653be978db463a62eb8a73708448b54fd05570752a499131069da0fa9997a6fddb2a8446f634e14596ba78a612c611f44772f9a8ca77f90d2867c9089ba8ebf3e1923f88c5ae9ee62f1d73bd1199c2fbeaec3021c2b3de5a4db102842edf4b787294dc8900f6cf745d8a097bbc54e6ff431cb984443830f9aae7e51ba6c5a1f062847e03b2865a44debbb07cdbefa420ba24fb9f2a2eca50d3d19961b5baf0f9f9b1573b94d23c23d7343d990b2430127a94ced127fbb8ecb71d404e18b8630c10129589732919615952619660b90427979d59f28782c3ef3ea5706a24969812e61abb7d1e6f5f6d4911b330cc745959d7201a5c74ae7563838880ccddfa947f2c0441b3ed1b5e373a90329b43709ccdb129a9df33486b7c07bfd5libgnutls.so.30.23.2../doc/packages/libgnutls-devel/gnutls-client-server-use-case.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-sequence.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-state.png.gz../doc/packages/libgnutls-devel/gnutls-internals.png.gz../doc/packages/libgnutls-devel/gnutls-layers.png.gz../doc/packages/libgnutls-devel/gnutls-logo.png.gz../doc/packages/libgnutls-devel/gnutls-modauth.png.gz../doc/packages/libgnutls-devel/gnutls-x509.png.gz../doc/packages/libgnutls-devel/pkcs11-vision.png.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootgnutls-3.6.7-150200.14.22.1.src.rpmgnutls-devellibgnutls-devellibgnutls-devel(aarch-64)pkgconfig(gnutls) @@@@@    /bin/sh/bin/sh/usr/bin/pkg-configglibc-develinfolibgnutls30pkgconfig(hogweed)pkgconfig(libtasn1)pkgconfig(nettle)pkgconfig(p11-kit-1)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.6.73.0.4-14.6.0-14.0-15.2-14.14.1cn9@bb~``OL@`OL@__d@_cO__[@__[@^@^>@^@^k@^^@^x^x]@\P\\N\+@["@Z@ZZ@Z@Z@Z`@Z@ZZz@Y@YX@Y@YzYYf@Y_wY[@Y9<@Y3@YY@Y@YYX@Xs{@XVz@XVz@WW@Wu WV@WcW VŲ@VHVU@UUHUHU<@U*^@UU@U@U ]@T@T@TcKpmonreal@suse.compmonreal@suse.compmonreal@suse.combwiedemann@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comabergmann@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comjsikes@suse.comjsikes@suse.comvcizek@suse.comvcizek@suse.comjsikes@suse.dejsikes@suse.dejsikes@suse.devcizek@suse.comvcizek@suse.comjengelh@inai.devcizek@suse.comvcizek@suse.comro@suse.demeissner@suse.comkbabioch@suse.comfvogt@suse.comvcizek@suse.comastieger@suse.comvcizek@suse.comastieger@suse.comdimstar@opensuse.orgastieger@suse.comjengelh@inai.detchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.combwiedemann@suse.comvcizek@suse.comvcizek@suse.comastieger@suse.commeissner@suse.comastieger@suse.comastieger@suse.comecsos@opensuse.orgastieger@suse.comvcizek@suse.commeissner@suse.comsleep_walker@opensuse.orgmeissner@suse.commrueckert@suse.demeissner@suse.comidonmez@suse.comastieger@suse.comvcizek@suse.comdmueller@suse.commeissner@suse.comschwab@linux-m68k.orgmeissner@suse.commeissner@suse.comastieger@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.com- Validate input when calling fmemopen() [bsc#1204511] * Add gnutls-check-system_priority_buf-input.patch- Security fix: [bsc#1202020, CVE-2022-2509] * Fixed double free during verification of pkcs7 signatures * Add gnutls-CVE-2022-2509.patch- Security fix: [bsc#1196167, CVE-2021-4209] * Null pointer dereference in MD_UPDATE * Add gnutls-CVE-2021-4209.patch- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579) - Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218)- Security fix: [bsc#1183456, CVE-2021-20232] * A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. - Add gnutls-CVE-2021-20232.patch- Security fix: [bsc#1183457, CVE-2021-20231] * A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. - Add gnutls-CVE-2021-20231.patch- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch- FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch- Fix heap buffer overflow in handshake with no_renegotiation alert sent * CVE-2020-24659 (bsc#1176181) - add gnutls-CVE-2020-24659.patch- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - add patches * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch - drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction) The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) * add patches: + gnutls-CVE-2020-13777.patch - Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * add patches: + 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch + 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch + 0003-x509-trigger-fallback-verification-path-when-cert-is.patch + 0004-tests-add-test-case-for-certificate-chain-supersedin.patch- Add RSA 4096 key generation support in FIPS mode (bsc#1171422) * add gnutls-3.6.7-fips-rsa-4096.patch- Don't check for /etc/system-fips which we don't have (bsc#1169992) * add gnutls-fips_mode_enabled.patch- Backport AES XTS support (bsc#1168835) * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch * add gnutls-fips_XTS_key_check.patch- Fix zero random value in DTLS client hello (CVE-2020-11501, bsc#1168345) * add gnutls-CVE-2020-11501.patch- Split off FIPS checksums into a separate libgnutls30-hmac subpackage (bsc#1152692) * update baselibs.conf- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue * No longer truncate output IV if input is shorter than block size. * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test * Added Diffie Hellman public key verification test. * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)- Explicitly require libnettle 3.4.1 (bsc#1134856) * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order to fix CVE-2018-16868, the new implementation makes use of a new rsa_sec_decrypt() function introduced in libnettle 3.4.1 * libnettle was recently updated to the 3.4.1 version but we need to add explicit dependency on it to prevent missing symbol errors with the older versions- Restored autoreconf in build. - Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch since the version requirements of required libraries are once again automatically determined. - Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a better patch name for handling the '--with-guile-site-dir=' problem in 3.6.7.- Update gnutls to 3.6.7 * * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). * * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) * * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. * * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. * * libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). * * libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). * * gnutls-cli: Added option --logfile to redirect informational messages output. - Disabled dane support since dane is not shipped with SLE-15 - Changed configure script to hardware guile site directory since command-line option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix compilation issues on PPC - Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868)- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). * * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). * Removed patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch * Added Patches: * * disable failing psk-file test (race condition): disable-psk-file-test.patch * * Patch configure script to accept specific versions of autotools and guile that are present in SUSE-SLE15. (A bug prevents configure from accepting a range of compatible versions. Upstream's solution is to hardwire for the most current versions.) gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch * Modified: * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- Security update Improve mitigations against Lucky 13 class of attacks * "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) * add patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch- Simplify the DANE support %ifdef condition * build with DANE on openSUSE only- Adjust RPM groups. Drop %if..%endif guards that are idempotent.- build without DANE support on SLE-15, as it doesn't have unbound (bsc#1086428)- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch the dtls-resume test still keeps randomly failing on PPC- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch patch does not apply any more and apparently the build suceeds even if the formerly flaky testcase is run (bsc#1086579)- gnutls.keyring: Nikos key refreshed to be unexpired- GnuTLS 3.6.2: * libgnutls: When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data MTU calculation now, it correctly accounts for the fixed overhead due to padding (as 1 byte), while at the same time considers the rest of the padding as part of data MTU. * libgnutls: Address issue of loading of all PKCS#11 modules on startup on systems with a PKCS#11 trust store (as opposed to a file trust store). Introduced a multi-stage initialization which loads the trust modules, and other modules are deferred for the first pure PKCS#11 request. * libgnutls: The SRP authentication will reject any parameters outside RFC5054. This protects any client from potential MitM due to insecure parameters. That also brings SRP in par with the RFC7919 changes to Diffie-Hellman. * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters for SRP authentication. * libgnutls: Addressed issue in the accelerated code affecting interoperability with versions of nettle >= 3.4. * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by Vitezslav Cizek). * srptool: the --create-conf option no longer includes 1024-bit parameters. * p11tool: Fixed the deletion of objects in batch mode. - Dropped gnutls-check_aes_keysize.patch as it is included upstream now.- Use %license (boo#1082318)- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) * add gnutls-check_aes_keysize.patch- GnuTLS 3.6.1: * Fix interoperability issue with openssl when safe renegotiation was used * gnutls_x509_crl_sign, gnutls_x509_crt_sign, gnutls_x509_crq_sign, were modified to sign with a better algorithm than SHA1. They will now sign with an algorithm that corresponds to the security level of the signer's key. * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal the function to auto-detect an appropriate hash algorithm to use. * Remove support for signature algorithms using SHA2-224 in TLS. TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm in TLS 1.2 * Refuse to use client certificates containing disallowed algorithms for a session, reverting a change on 3.5.5 * Refuse to resume a session which had a different SNI advertised That improves RFC6066 support in server side. * p11tool: Mark all generated objects as sensitive by default. * p11tool: added options --sign-params and --hash. This allows testing signature with multiple algorithms, including RSA-PSS.- Disable flaky dtls_resume test on Power * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- GnuTLS 3.6.0: * Introduce a lock-free random generator which operates per- thread and eliminates random-generator related bottlenecks in multi-threaded operation. * Replace the Salsa20 random generator with one based on CHACHA. The goal is to reduce code needed in cache (CHACHA is also used for TLS), and the number of primitives used by the library. That does not affect the AES-DRBG random generator used in FIPS140-2 mode. * Add support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange * Add support for Ed25519 signing in certificates and TLS key exchange following draft-ietf-tls-rfc4492bis-17 * Enable X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. * Add support for Diffie-Hellman group negotiation following RFC7919. * Introduce various sanity checks on certificate import * Introduce gnutls_x509_crt_set_flags(). This function can set flags in the crt structure. The only flag supported at the moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity checks on import. * PKIX certificates with unknown critical extensions are rejected on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS * Refuse to generate a certificate with an illegal version, or an illegal serial number. That is, gnutls_x509_crt_set_version() and gnutls_x509_crt_set_serial(), will fail on input considered to be invalid in RFC5280. * Call to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused * Add support for PKCS#12 files with no salt (zero length) in their password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. * libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. * Add new callback setting function to gnutls_privkey_t for external keys. The new function (gnutls_privkey_import_ext4), allows signing in addition to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. * Introduce the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These allows enabling all broken and SHA1-based signature algorithms in certificate verification, respectively. * 3DES-CBC is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+3DES-CBC". * SHA1 was marked as insecure for signing certificates. Verification of certificates signed with SHA1 is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. Other uses of SHA1 are still allowed. * RIPEMD160 was marked as insecure for certificate signatures. Verification of certificates signed with RIPEMD160 hash algorithm is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. * No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. These curves were rarely used for that purpose, provide no advantage over x25519 and were deprecated by TLS 1.3. * Remove support for DEFLATE, or any other compression method. * OpenPGP authentication was removed; the resulting library is ABI compatible, with the openpgp related functions being stubs that fail on invocation. Drop gnutls-broken-openpgp-tests.patch, no longer required. * Remove support for libidn (i.e., IDNA2003); gnutls can now be compiled only with libidn2 which provides IDNA2008. * certtool: The option '--load-ca-certificate' can now accept PKCS#11 URLs in addition to files. * certtool: The option '--load-crl' can now be used when generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). * certtool: Keys with provable RSA and DSA parameters are now only read and exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. This removes support for the previous a non-standard key format. * certtool: Added support for generating, printing and handling RSA-PSS and Ed25519 keys and certificates. * certtool: the parameters --rsa, --dsa and --ecdsa to - -generate-privkey are now deprecated, replaced by the - -key-type option. * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were replaced by the --generate-privkey option. * psktool: Generate 256-bit keys by default. * gnutls-server: Increase request buffer size to 16kb, and added the --alpn and --alpn-fatal options, allowing testing of ALPN negotiation. * Enables FIPS 140-2 mode during build- Buildrequire iproute2: the test suite calls /usr/bin/ss and as such we have to ensure to pull it in.- GnuTLS 3.5.15: * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode * certtool: Keys with provable RSA and DSA parameters are now only exported in PKCS#8 form- RPM group fix. Diversification of summaries. - Avoid aims and future plans in description. Say what it does now.- Drop the deprecated openssl compat ; discussed and suggested by vcizek - Cleanup a bit with spec-cleaner- GnuTLS 3.5.14: * Handle specially HSMs which request explicit authentication * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs * do not set leading zeros when copying integers on HSMs * Fix issue discovering certain OCSP signers, and improved the discovery of OCSP signer in the case where the Subject Public Key identifier field matches * ensure OCSP responses are saved with --save-ocsp even if certificate verification fails.- GnuTLS 3.5.13: * libgnutls: fixed issue with AES-GCM in-place encryption and decryption in aarch64 * libgnutls: no longer parse the ResponseID field of the status response TLS extension. The field is not used by GnuTLS nor is made available to calling applications. That addresses a null pointer dereference on server side caused by packets containing the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 * libgnutls: tolerate certificates which do not have strict DER time encoding. It is possible using 3rd party tools to generate certificates with time fields that do not conform to DER requirements. Since 3.4.x these certificates were rejected and cannot be used with GnuTLS, however that caused problems with existing private certificate infrastructures, which were relying on such certificates. Tolerate reading and using these certificates. * minitasn1: updated to libtasn1 4.11. * certtool: allow multiple certificates to be used in --p7-sign with the --load-certificate option- GnuTLS 3.5.12: * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses against DNS fields of certificate (CN or DNSname). The previous behavior was to tolerate some misconfigured servers, but that was non-standard and skipped any IP constraints present in higher level certificates. * libgnutls: when converting to IDNA2008, fallback to IDNA2003 (i.e., transitional encoding) if the domain cannot be converted. That provides maximum compatibility with browsers like firefox that perform the same conversion. * libgnutls: fix issue in RSA-PSK client callback which resulted in no username being sent to the peer * libgnutls: fix regression causing stapled extensions in trust modules not to be considered. * certtool: introduced the email_protection_key option. This option was introduced in documentation for certtool without an implementation of it. It is a shortcut for option 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. * certtool: made printing of key ID and key PIN consistent between certificates, public keys, and private keys. That is the private key printing now uses the same format as the rest. * gnutls-cli: introduced the --sni-hostname option. This allows overriding the hostname advertised to the peer.- skip trust-store tests to avoid build cycle with ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch- GnuTLS 3.5.11: * gnutls.pc: do not include libtool options into Libs.private. * libgnutls: Fixed issue when rehandshaking without a client certificate in a session which initially used one * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access. That allows PKCS#11 operations such as signing to be performed with the same object from multiple threads. * libgnutls: when disabling OpenPGP authentication, the resulting library is ABI compatible (will openpgp related functions being stubs that fail on invocation).- call gzip -n to make build fully reproducible- update to 3.5.10 * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173 * gnutls.pc: do not include libidn2 in Requires.private * libgnutls: optimized access to subject alternative names (SANs) in parsed certificates * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469 when printing certificate information. * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify() flags can be set from the gnutls_certificate_verify_flags enumeration. This allows the functions to pass the same flags available for certificates to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or GNUTLS_VERIFY_ALLOW_BROKEN). * libgnutls: gnutls_store_commitment() can accept flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate in applications which use SHA1 for example, after SHA1 is deprecated. * certtool: No longer ignore the 'add_critical_extension' template option if the 'add_extension' option is not present. * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream) - drop gnutls-3.5.9-pkgconfig.patch (upstream) - remove unknown --disable-srp flag (bsc#901857)- disable the deprecated OpenPGP authentication support * see https://gitlab.com/gnutls/gnutls/issues/102 - add gnutls-broken-openpgp-tests.patch- GnuTLS 3.5.9: * libgnutls: OpenPGP references removed, functionality deprecated * libgnutls: Improve detection of AVX support * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 * p11tool: re-use ID from corresponding objects when writing certificates. * API and ABI modifications: gnutls_idna_map: Added gnutls_idna_reverse_map: Added - prevent pkgconfig issues due to libidn2 when building with GnuTLS add gnutls-3.5.9-pkgconfig.patch- Version 3.5.8 (released 2016-01-09) * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* functions will not leave the verification profiles field to an undefined state. The last call will take precedence. * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. * libgnutls: Introduced option to override the default priority string used by the library. The intention is to allow support of system-wide priority strings (as set with --with-system-priority-file). The configure option is --with-default-priority-string. * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. This prevents crashes when decrypting malformed PKCS#8 keys. * libgnutls: Fix crash on the loading of malformed private keys with certain parameters set to zero. * libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. * libgnutls: Addressed memory leaks in client and server side error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks in X.509 certificate printing error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) - security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2- GnuTLS 3.5.7, the next stable branch, with the following highlights: * SHA3 as a certificate signature algorithm * X25519 (formerly curve25519) for ephemeral EC diffie-hellman key exchange * TLS false start * New APIs to access the Shawe-Taylor-based provable RSA and DSA parameter generation * Prevent the change of identity on rehandshakes by default- GnuTLS 3.4.17: * libgnutls: Introduced time and constraints checks in the end certificate in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() functions. * libgnutls: Set limits on the maximum number of alerts handled. That is, applications using gnutls could be tricked into an busy loop if the peer sends continuously alert messages. Applications which set a maximum handshake time (via gnutls_handshake_set_timeout) will eventually recover but others may remain in a busy loops indefinitely. This is related but not identical to CVE-2016-8610, due to the difference in alert handling of the libraries (gnutls delegates that handling to applications). boo#1005879 * libgnutls: Enhanced the PKCS#7 parser to allow decoding old (pre-rfc5652) structures with arbitrary encapsulated content. * libgnutls: Backported cipher priorities order from 3.5.x branch That adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings. * certtool: When exporting a CRQ in DER format ensure no text data are intermixed. * API and ABI modifications: gnutls_pkcs7_get_embedded_data_oid: Added - includes changes from 3.4.16: * libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key() failures due to key mismatch. This prevents leaks or double freeing on such failures. * libgnutls: Increased the maximum size of the handshake message hash. This will allow the library to cope better with larger packets, as the ones offered by current TLS 1.3 drafts. * libgnutls: Allow to use client certificates despite them containing disallowed algorithms for a session. That allows for example a client to use DSA-SHA1 due to his old DSA certificate, without requiring him to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). * guile: Backported all improvements from 3.5.x branch. * guile: Update code to the I/O port API of Guile >= 2.1.4 This makes sure the GnuTLS bindings will work with the forthcoming 2.2 stable series of Guile, of which 2.1 is a preview.- GnuTLS 3.4.15: * libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. * libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain. * libgnutls: Added support for decrypting PKCS#8 files which use the HMAC-SHA256 as PRF. * libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. - fix build error for 13.2, 42.1 and 42.2- GnuTLS 3.4.14: * libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2, boo#988276) * libgnutls: Fixed DTLS handshake packet reconstruction. * libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER - drop upstreamed 0001-tests-use-datefudge-in-name-constraints-test.patch- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch- Version 3.4.13 (released 2016-06-06) * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with NSS instead of using a separate variable; in addition append any keys to the file instead of overwriting it. * libgnutls: use secure_getenv() where available to obtain environment variables. Addresses GNUTLS-SA-2016-1. - Version 3.4.12 (released 2016-05-20) * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that operation could fail on certain PKCS#11 modules. * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS name of the certificates if the provided names are NULL. * libgnutls: when receiving SNI names, only save and expose to application the supported DNS names. * libgnutls: when importing the certificate names at the gnutls_certificate_set* functions, only consider the CN as a fallback if DNS names are provided via the alternative name extension. * gnutls-cli: on OCSP verification do not fail if we have a single valid reply. Report and reproducer by Thomas Klute. * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to log session keys in client side. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark.- enabled guile support - removed duplicates- Updated to 3.4.11 * Version 3.4.11 (released 2016-04-11) * * libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported by Fridolin Pokorny. * * libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Corrected behavior of ALPN extension parsing during session resumption. Report and patches by Yuriy M. Kaminskiy. * * libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set() which caused it not to accept non-null- terminated hostnames. Reported by Tim Ruehsen. * * libgnutls: Corrected printing of the IP Adress name constraints. * * ocsptool: use HTTP/1.0 for requests. This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. * * certtool: do not require a CA for OCSP signing tag. This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. * Version 3.4.10 (released 2016-03-03) * * libgnutls: Eliminated issues preventing buffers more than 2^32 bytes to be used with hashing functions. * * libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import(). * * libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Several fixes to prevent relying on undefined behavior of C (found with libubsan). * Version 3.4.9 (released 2016-02-03) * * libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate the last commonly supported protocol, rather than the first. Reported by Remi Denis-Courmont (#63). * * libgnutls: Tolerate empty DN fields in informational output functions. * * libgnutls: Corrected regression causes by incorrect fix in gnutls_x509_ext_export_key_usage() at 3.4.8 release.- follow the work in the unbound package and use the libunbound-devel symbol for the buildrequires. we override it for the distro build with libunbound-devel-mini to avoid build loops.- reenable dane support, require unbound-devel bsc#964346 - split out libgnutls-dane-devel to try to avoid build cycle.- Update to 3.4.8 All changes since 3.4.4: * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when used with PKCS #11 keys. * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import their public keys from either a public key object or a certificate. That is, because private keys do not contain all the required parameters for a direct import. * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 tokens. * libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage() * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to draft-ietf-tls-chacha20-poly1305-02. * libgnutls: Several fixes in PKCS #7 signing which improve compatibility with the MacOSX tools. * libgnutls: The max-record extension not negotiated on DTLS. This resolves issue with the max-record being negotiated but ignored. * certtool: Added the --p7-include-cert and --p7-show-data options. * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 ciphersuites. This solves an interoperability issue with openssl. * libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info(). * libgnutls: On a rehandshake allow switching from anonymous to ECDHE and DHE ciphersuites. * libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128 from using arbitrary key sizes. * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping the implicit global initialization. * gnutls.pc: Don't include libtool specific options to link flags. * tools: Better support for FTP AUTH TLS negotiation * libgnutls: Added new simple verification functions. That avoids the need to install a callback to perform certificate verification. See doc/examples/ex-client-x509.c for usage. * libgnutls: Introduced the security parameter 'future' which is at the 256-bit level of security, and 'ultra' was aligned to its documented size at 192-bits. * libgnutls: When writing a certificate into a PKCS #11 token, ensure that CKA_SERIAL_NUMBER and CKA_ISSUER are written. * libgnutls: Allow the presence of legacy ciphers and key exchanges in priority strings and consider them a no-op. * libgnutls: Handle the extended master secret as a mandatory extension. That fixes incompatibility issues with Chromium (#45). * libgnutls: Added the ability to copy a public key into a PKCS #11 token. * tools: Added support for LDAP and XMPP negotiation for STARTTLS. * p11tool: Allow writing a public key into a PKCS #11 token. * certtool: Key generation security level was switched to HIGH. That is, by default the tool generates 3072 bit keys for RSA and DSA. * libgnutls: When re-importing CRLs to a trust list ensure that there no duplicate entries. * certtool: Removed any arbitrary limits imposed on input file sizes and maximum number of certificates imported. * certtool: Allow specifying fixed dates on CRL generation. * gnutls-cli-debug: Added check for inappropriate fallback support (RFC7507).- Update to 3.4.4 This update contains a fix for a denial of service vulnerability: * Allow the parsing of very long DNs. Also fixes double free in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 Other changes: * Add high level API (gnutls_prf_rfc5705) to access the PRF as specified by RFC5705. * Link to trousers (TPM library) dynamically when this functionality is requested. (disabled in SUSE package) * Fix issue with server side sending the status request extension even when not requested. * Add support for RFC7507 by introducing the %FALLBACK_SCSV priority string option. * gnutls_pkcs11_privkey_generate2() will store the generated public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is specified. * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. * API and ABI modifications: gnutls_prf_rfc5705: Added gnutls_hex_encode2: Added gnutls_hex_decode2: Added - build with autogen for libopts compatibility - fix failures in test suite, add upstream commits 0001-certtool-lifted-limits-on-file-size-to-load.patch 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch- update to 3.4.3 * * libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. * * libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). * * libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. * * libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. * * libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. * * libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. * * p11tool: Added --list-token-urls option, and print the token module name in list-tokens. * * libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * * libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. * * libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * * libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. * * certtool: Added options to generate PKCS #7 bundles and signed structures. - includes changes from 3.4.2: * DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * Correct regression with Camellia-256-GCM cipher. * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * Enhance the PKCS #7 API to allow signing and verification of structures. Move API to gnutls/pkcs7.h header. * certtool: Added options to generate PKCS #7 bundles and signed structures.- disable testsuite run against valgrind on aarch64- Updated to 3.4.1 (released 2015-05-03) * * libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. * * libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. * * libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. * * libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. * * libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 * * libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. * * certtool: It can generate SHA256 key IDs. * * gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. * * API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added - gnutls-fix-double-mans.patch: fixed upstream- Disable buggy valgrind on armv7l- updated to 3.4.0 (released 2015-04-08) * * libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. * * libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". * * libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. * * libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. * * libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). * * libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". * * libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". * * libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. * * libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. * * libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. * * libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. * * libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). * * libgnutls: Depend on nettle 3.1. * * libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. * * libgnutls: Use pthread_atfork() to detect fork when available. * * libgnutls: The gnutls_handshake() process will enforce a timeout by default. * * libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. * * libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. * * libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. * * libgnutls: Added helper functions to obtain information on PKCS #8 structures. * * libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. * * libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). * * libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). * * libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). * * libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. * * libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. * * libgnutls-openssl: it is no longer built by default. * * certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. * * certtool: --key-info option will print PKCS #8 encryption information when available. * * certtool: Added the --key-id and --fingerprint options. * * certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). * * certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. * * certtool: it will print the A-label (ACE) names in addition to UTF-8. * * p11tool: added options --set-id and --set-label. * * gnutls-cli: added options --priority-list and --save-cert. * * guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. * * guile: Remove RSA parameters and related procedures. This API had been deprecated. * * guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.- updated to 3.3.13 (released 2015-03-30) * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. * * libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. * * libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). * * libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. * * libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 - new main library major version .so.30 - requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1 - Now need to configure --enable-openssl-compatibility (might go away) - added gnutls-fix-double-mans.patch: avoid double installing manpages - dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed anymore - install_info_delete moved from %postun to %preun- for DANE support, use bcond_with - for tpm support, same - note p11-kit >= 0.20.7 requirement - note libtasn1 3.9 requirement (built-in lib used otherwise)- disable trousers and unbound again for now, as it causes too long build cycles.- added unbound-devel (for DANE) and trousers-devel (for TPM support) - removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff - libgnutls-dane0 new library added - updated to 3.3.13 (released 2015-02-25) * * libgnutls: Enable AESNI in GCM on x86 * * libgnutls: Fixes in DTLS message handling * * libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. * * gnutls-cli: Fixes in OCSP verification. - Version 3.3.12 (released 2015-01-17) * * libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html * * libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. * * libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. * * libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 * * libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 * * libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. * * libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. * * libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. * * certtool: --pubkey-info will also attempt to load a public key from stdin. * * gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. - Version 3.3.11 (released 2014-12-11) * * libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. * * libgnutls: Corrected parsing issue with OCSP responses. - Version 3.3.10 (released 2014-11-10) * * libgnutls: Refuse to import v1 or v2 certificates that contain extensions. * * libgnutls: Fixes in usage of PKCS #11 token callback * * libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. * * libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. * * libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. * * certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. - Version 3.3.9 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. * * libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls-dane: Do not require the CA on a ca match to be direct CA. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details. * * certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. - Version 3.3.8 (released 2014-09-18) * * libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. * * libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. * * libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. * * libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. * * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. * * libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. * * libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). * * libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. * * libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. * * libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. * * libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. * * p11tool: when listing tokens, list their type as well. * * p11tool: when listing objects from a trust module print any attached extensions on certificates. - Version 3.3.7 (released 2014-08-24) * * libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. * * libgnutls: bundle replacements of inet_pton and inet_aton if not available. * * libgnutls: initialize parameters variable on PKCS #8 decryption. * * libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. * * libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. * * libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. * * libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. * * p11tool: Added --info parameter. * * certtool: Added --mark-wrap parameter. * * danetool: --check will attempt to retrieve the server's certificate chain and verify against it. * * danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. * * danetool: Added openssl linking exception, to allow linking with libunbound. - Version 3.3.6 (released 2014-07-23) * * libgnutls: Use inet_ntop to print IP addresses when available * * libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. * * libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. * * libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. * * libgnutls: fixed PKCS #11 private key operations after a fork. * * libgnutls: fixed PKCS #11 ECDSA key generation. * * libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 * * libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. * * p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. * * p11tool: ask for label when one isn't provided. * * p11tool: added --batch parameter to disable any interactivity. * * p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. * * certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. - Version 3.3.5 (released 2014-06-26) * * libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. * * libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. * * libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. * * libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. * * libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. * * certtool: option --to-p12 will now consider --load-ca-certificate * * certtol: Added option to specify the PKCS #12 friendly name on command line. * * p11tool: Allow marking a certificate copied to a token as a CA. - Version 3.3.4 (released 2014-05-31) * * libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. - Version 3.3.3 (released 2014-05-30) * * libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. * * libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. * * libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. * * libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. * * libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 * * gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. * * gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. * * certtool: Allow multiple organizations and organizational unit names to be specified in a template. * * certtool: Warn when invalid configuration options are set to a template. * * ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.3.2 (released 2014-05-06) * * libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. * * libgnutls: Corrected file descriptor leak on random generator initialization. * * libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. * * libgnutls: Avoid deinitialization if initialization has failed. * * libgnutls: null-terminate othername alternative names. * * libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. * * libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. * * libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. * * libgnutls-guile: Fixed compilation issue. * * certtool: Allow exporting a CRL on DER format. * * certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. - Version 3.3.1 (released 2014-04-19) * * libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. * * libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. * * libgnutls: Several small bug fixes found by coverity. * * libgnutls: The conditionally available self-test functions were moved to self-test.h. * * libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. * * libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. * * libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. * * libgnutls: Corrected the *get_*_othername_oid() functions. - Version 3.3.0 (released 2014-04-10) * * libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. * * libgnutls: static libraries are not built by default. * * libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. * * libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. * * libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). * * libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. * * libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. * * libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). * * libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. * * libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. * * libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). * * libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). * * libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. * * libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. * * libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. * * libgnutls: Depend on p11-kit 0.20.0 or later. * * libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. * * libgnutls: The experimental xssl library is removed from the gnutls distribution. * * libgnutls: Reduced the number of gnulib modules used in the main library. * * libgnutls: Added priority string %DISABLE_WILDCARDS. * * libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). * * certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). * * certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. * * certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. * * libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT).- build with PIE for commandline tools- Updated to 3.2.21 (released 2014-12-11) - libgnutls: Corrected regression introduced in 3.2.19 related to session renegotiation. Reported by Dan Winship. - libgnutls: Corrected parsing issue with OCSP responses.- Updated to 3.2.20 (released 2014-11-10) * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. (CVE-2014-8564 bnc#904603) - Updated to 3.2.19 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details./bin/sh/bin/shibs-centriq-6 1669963350  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.6.7-150200.14.22.13.6.7-150200.14.22.13.6.7-150200.14.22.13.6.7 gnutlsabstract.hcompat.hcrypto.hdtls.hgnutls.hocsp.hopenpgp.hpkcs11.hpkcs12.hpkcs7.hself-test.hsocket.hsystem-keys.htpm.hurls.hx509-ext.hx509.hlibgnutls.sognutls.pclibgnutls-develexamplesex-alert.cex-cert-select-pkcs11.cex-cert-select.cex-client-anon.cex-client-dtls.cex-client-psk.cex-client-resume.cex-client-srp.cex-client-x509-3.1.cex-client-x509.cex-crq.cex-ocsp-client.cex-pkcs11-list.cex-pkcs12.cex-serv-anon.cex-serv-dtls.cex-serv-psk.cex-serv-srp.cex-serv-x509.cex-session-info.cex-verify-ssh.cex-verify.cex-x509-info.cexamples.hprint-ciphersuites.ctcp.cudp.cverify.cgnutls-client-server-use-case.png.gzgnutls-crypto-layers.png.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.htmlgnutls.pdfpkcs11-vision.png.gzreferenceapi-index-full.htmlgnutls.devhelp2home.png.gzindex.htmlintro.htmlleft-insensitive.png.gzleft.png.gzright-insensitive.png.gzright.png.gzstyle.cssup-insensitive.png.gzup.png.gzgnutls-client-server-use-case.png.gzgnutls-guile.info.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.info-1.gzgnutls.info-2.gzgnutls.info-3.gzgnutls.info-4.gzgnutls.info-5.gzgnutls.info-6.gzgnutls.info-7.gzgnutls.info.gzpkcs11-vision.png.gzdane_cert_type_name.3.gzdane_cert_usage_name.3.gzdane_match_type_name.3.gzdane_query_data.3.gzdane_query_deinit.3.gzdane_query_entries.3.gzdane_query_status.3.gzdane_query_tlsa.3.gzdane_query_to_raw_tlsa.3.gzdane_raw_tlsa.3.gzdane_state_deinit.3.gzdane_state_init.3.gzdane_state_set_dlv_file.3.gzdane_strerror.3.gzdane_verification_status_print.3.gzdane_verify_crt.3.gzdane_verify_crt_raw.3.gzdane_verify_session_crt.3.gzgnutls_aead_cipher_decrypt.3.gzgnutls_aead_cipher_deinit.3.gzgnutls_aead_cipher_encrypt.3.gzgnutls_aead_cipher_encryptv.3.gzgnutls_aead_cipher_init.3.gzgnutls_alert_get.3.gzgnutls_alert_get_name.3.gzgnutls_alert_get_strname.3.gzgnutls_alert_send.3.gzgnutls_alert_send_appropriate.3.gzgnutls_alpn_get_selected_protocol.3.gzgnutls_alpn_set_protocols.3.gzgnutls_anon_allocate_client_credentials.3.gzgnutls_anon_allocate_server_credentials.3.gzgnutls_anon_free_client_credentials.3.gzgnutls_anon_free_server_credentials.3.gzgnutls_anon_set_params_function.3.gzgnutls_anon_set_server_dh_params.3.gzgnutls_anon_set_server_known_dh_params.3.gzgnutls_anon_set_server_params_function.3.gzgnutls_anti_replay_deinit.3.gzgnutls_anti_replay_enable.3.gzgnutls_anti_replay_init.3.gzgnutls_anti_replay_set_add_function.3.gzgnutls_anti_replay_set_ptr.3.gzgnutls_anti_replay_set_window.3.gzgnutls_auth_client_get_type.3.gzgnutls_auth_get_type.3.gzgnutls_auth_server_get_type.3.gzgnutls_base64_decode2.3.gzgnutls_base64_encode2.3.gzgnutls_buffer_append_data.3.gzgnutls_bye.3.gzgnutls_certificate_activation_time_peers.3.gzgnutls_certificate_allocate_credentials.3.gzgnutls_certificate_client_get_request_status.3.gzgnutls_certificate_expiration_time_peers.3.gzgnutls_certificate_free_ca_names.3.gzgnutls_certificate_free_cas.3.gzgnutls_certificate_free_credentials.3.gzgnutls_certificate_free_crls.3.gzgnutls_certificate_free_keys.3.gzgnutls_certificate_get_crt_raw.3.gzgnutls_certificate_get_issuer.3.gzgnutls_certificate_get_ocsp_expiration.3.gzgnutls_certificate_get_ours.3.gzgnutls_certificate_get_peers.3.gzgnutls_certificate_get_peers_subkey_id.3.gzgnutls_certificate_get_trust_list.3.gzgnutls_certificate_get_verify_flags.3.gzgnutls_certificate_get_x509_crt.3.gzgnutls_certificate_get_x509_key.3.gzgnutls_certificate_send_x509_rdn_sequence.3.gzgnutls_certificate_server_set_request.3.gzgnutls_certificate_set_dh_params.3.gzgnutls_certificate_set_flags.3.gzgnutls_certificate_set_key.3.gzgnutls_certificate_set_known_dh_params.3.gzgnutls_certificate_set_ocsp_status_request_file.3.gzgnutls_certificate_set_ocsp_status_request_file2.3.gzgnutls_certificate_set_ocsp_status_request_function.3.gzgnutls_certificate_set_ocsp_status_request_function2.3.gzgnutls_certificate_set_ocsp_status_request_mem.3.gzgnutls_certificate_set_params_function.3.gzgnutls_certificate_set_pin_function.3.gzgnutls_certificate_set_rawpk_key_file.3.gzgnutls_certificate_set_rawpk_key_mem.3.gzgnutls_certificate_set_retrieve_function.3.gzgnutls_certificate_set_retrieve_function2.3.gzgnutls_certificate_set_retrieve_function3.3.gzgnutls_certificate_set_trust_list.3.gzgnutls_certificate_set_verify_flags.3.gzgnutls_certificate_set_verify_function.3.gzgnutls_certificate_set_verify_limits.3.gzgnutls_certificate_set_x509_crl.3.gzgnutls_certificate_set_x509_crl_file.3.gzgnutls_certificate_set_x509_crl_mem.3.gzgnutls_certificate_set_x509_key.3.gzgnutls_certificate_set_x509_key_file.3.gzgnutls_certificate_set_x509_key_file2.3.gzgnutls_certificate_set_x509_key_mem.3.gzgnutls_certificate_set_x509_key_mem2.3.gzgnutls_certificate_set_x509_simple_pkcs12_file.3.gzgnutls_certificate_set_x509_simple_pkcs12_mem.3.gzgnutls_certificate_set_x509_system_trust.3.gzgnutls_certificate_set_x509_trust.3.gzgnutls_certificate_set_x509_trust_dir.3.gzgnutls_certificate_set_x509_trust_file.3.gzgnutls_certificate_set_x509_trust_mem.3.gzgnutls_certificate_type_get.3.gzgnutls_certificate_type_get2.3.gzgnutls_certificate_type_get_id.3.gzgnutls_certificate_type_get_name.3.gzgnutls_certificate_type_list.3.gzgnutls_certificate_verification_status_print.3.gzgnutls_certificate_verify_peers.3.gzgnutls_certificate_verify_peers2.3.gzgnutls_certificate_verify_peers3.3.gzgnutls_check_version.3.gzgnutls_cipher_add_auth.3.gzgnutls_cipher_decrypt.3.gzgnutls_cipher_decrypt2.3.gzgnutls_cipher_deinit.3.gzgnutls_cipher_encrypt.3.gzgnutls_cipher_encrypt2.3.gzgnutls_cipher_get.3.gzgnutls_cipher_get_block_size.3.gzgnutls_cipher_get_id.3.gzgnutls_cipher_get_iv_size.3.gzgnutls_cipher_get_key_size.3.gzgnutls_cipher_get_name.3.gzgnutls_cipher_get_tag_size.3.gzgnutls_cipher_init.3.gzgnutls_cipher_list.3.gzgnutls_cipher_set_iv.3.gzgnutls_cipher_suite_get_name.3.gzgnutls_cipher_suite_info.3.gzgnutls_cipher_tag.3.gzgnutls_compression_get.3.gzgnutls_compression_get_id.3.gzgnutls_compression_get_name.3.gzgnutls_compression_list.3.gzgnutls_credentials_clear.3.gzgnutls_credentials_get.3.gzgnutls_credentials_set.3.gzgnutls_crypto_register_aead_cipher.3.gzgnutls_crypto_register_cipher.3.gzgnutls_crypto_register_digest.3.gzgnutls_crypto_register_mac.3.gzgnutls_db_check_entry.3.gzgnutls_db_check_entry_expire_time.3.gzgnutls_db_check_entry_time.3.gzgnutls_db_get_default_cache_expiration.3.gzgnutls_db_get_ptr.3.gzgnutls_db_remove_session.3.gzgnutls_db_set_cache_expiration.3.gzgnutls_db_set_ptr.3.gzgnutls_db_set_remove_function.3.gzgnutls_db_set_retrieve_function.3.gzgnutls_db_set_store_function.3.gzgnutls_decode_ber_digest_info.3.gzgnutls_decode_gost_rs_value.3.gzgnutls_decode_rs_value.3.gzgnutls_deinit.3.gzgnutls_dh_get_group.3.gzgnutls_dh_get_peers_public_bits.3.gzgnutls_dh_get_prime_bits.3.gzgnutls_dh_get_pubkey.3.gzgnutls_dh_get_secret_bits.3.gzgnutls_dh_params_cpy.3.gzgnutls_dh_params_deinit.3.gzgnutls_dh_params_export2_pkcs3.3.gzgnutls_dh_params_export_pkcs3.3.gzgnutls_dh_params_export_raw.3.gzgnutls_dh_params_generate2.3.gzgnutls_dh_params_import_dsa.3.gzgnutls_dh_params_import_pkcs3.3.gzgnutls_dh_params_import_raw.3.gzgnutls_dh_params_import_raw2.3.gzgnutls_dh_params_import_raw3.3.gzgnutls_dh_params_init.3.gzgnutls_dh_set_prime_bits.3.gzgnutls_digest_get_id.3.gzgnutls_digest_get_name.3.gzgnutls_digest_get_oid.3.gzgnutls_digest_list.3.gzgnutls_dtls_cookie_send.3.gzgnutls_dtls_cookie_verify.3.gzgnutls_dtls_get_data_mtu.3.gzgnutls_dtls_get_mtu.3.gzgnutls_dtls_get_timeout.3.gzgnutls_dtls_prestate_set.3.gzgnutls_dtls_set_data_mtu.3.gzgnutls_dtls_set_mtu.3.gzgnutls_dtls_set_timeouts.3.gzgnutls_ecc_curve_get.3.gzgnutls_ecc_curve_get_id.3.gzgnutls_ecc_curve_get_name.3.gzgnutls_ecc_curve_get_oid.3.gzgnutls_ecc_curve_get_pk.3.gzgnutls_ecc_curve_get_size.3.gzgnutls_ecc_curve_list.3.gzgnutls_encode_ber_digest_info.3.gzgnutls_encode_gost_rs_value.3.gzgnutls_encode_rs_value.3.gzgnutls_error_is_fatal.3.gzgnutls_error_to_alert.3.gzgnutls_est_record_overhead_size.3.gzgnutls_ext_get_current_msg.3.gzgnutls_ext_get_data.3.gzgnutls_ext_get_name.3.gzgnutls_ext_raw_parse.3.gzgnutls_ext_register.3.gzgnutls_ext_set_data.3.gzgnutls_fingerprint.3.gzgnutls_fips140_mode_enabled.3.gzgnutls_fips140_set_mode.3.gzgnutls_global_deinit.3.gzgnutls_global_init.3.gzgnutls_global_set_audit_log_function.3.gzgnutls_global_set_log_function.3.gzgnutls_global_set_log_level.3.gzgnutls_global_set_mem_functions.3.gzgnutls_global_set_mutex.3.gzgnutls_global_set_time_function.3.gzgnutls_gost_paramset_get_name.3.gzgnutls_gost_paramset_get_oid.3.gzgnutls_group_get.3.gzgnutls_group_get_id.3.gzgnutls_group_get_name.3.gzgnutls_group_list.3.gzgnutls_handshake.3.gzgnutls_handshake_description_get_name.3.gzgnutls_handshake_get_last_in.3.gzgnutls_handshake_get_last_out.3.gzgnutls_handshake_set_hook_function.3.gzgnutls_handshake_set_max_packet_length.3.gzgnutls_handshake_set_post_client_hello_function.3.gzgnutls_handshake_set_private_extensions.3.gzgnutls_handshake_set_random.3.gzgnutls_handshake_set_timeout.3.gzgnutls_hash.3.gzgnutls_hash_deinit.3.gzgnutls_hash_fast.3.gzgnutls_hash_get_len.3.gzgnutls_hash_init.3.gzgnutls_hash_output.3.gzgnutls_heartbeat_allowed.3.gzgnutls_heartbeat_enable.3.gzgnutls_heartbeat_get_timeout.3.gzgnutls_heartbeat_ping.3.gzgnutls_heartbeat_pong.3.gzgnutls_heartbeat_set_timeouts.3.gzgnutls_hex2bin.3.gzgnutls_hex_decode.3.gzgnutls_hex_decode2.3.gzgnutls_hex_encode.3.gzgnutls_hex_encode2.3.gzgnutls_hmac.3.gzgnutls_hmac_deinit.3.gzgnutls_hmac_fast.3.gzgnutls_hmac_get_len.3.gzgnutls_hmac_init.3.gzgnutls_hmac_output.3.gzgnutls_hmac_set_nonce.3.gzgnutls_idna_map.3.gzgnutls_idna_reverse_map.3.gzgnutls_init.3.gzgnutls_key_generate.3.gzgnutls_kx_get.3.gzgnutls_kx_get_id.3.gzgnutls_kx_get_name.3.gzgnutls_kx_list.3.gzgnutls_load_file.3.gzgnutls_mac_get.3.gzgnutls_mac_get_id.3.gzgnutls_mac_get_key_size.3.gzgnutls_mac_get_name.3.gzgnutls_mac_get_nonce_size.3.gzgnutls_mac_list.3.gzgnutls_memcmp.3.gzgnutls_memset.3.gzgnutls_ocsp_req_add_cert.3.gzgnutls_ocsp_req_add_cert_id.3.gzgnutls_ocsp_req_deinit.3.gzgnutls_ocsp_req_export.3.gzgnutls_ocsp_req_get_cert_id.3.gzgnutls_ocsp_req_get_extension.3.gzgnutls_ocsp_req_get_nonce.3.gzgnutls_ocsp_req_get_version.3.gzgnutls_ocsp_req_import.3.gzgnutls_ocsp_req_init.3.gzgnutls_ocsp_req_print.3.gzgnutls_ocsp_req_randomize_nonce.3.gzgnutls_ocsp_req_set_extension.3.gzgnutls_ocsp_req_set_nonce.3.gzgnutls_ocsp_resp_check_crt.3.gzgnutls_ocsp_resp_deinit.3.gzgnutls_ocsp_resp_export.3.gzgnutls_ocsp_resp_export2.3.gzgnutls_ocsp_resp_get_certs.3.gzgnutls_ocsp_resp_get_extension.3.gzgnutls_ocsp_resp_get_nonce.3.gzgnutls_ocsp_resp_get_produced.3.gzgnutls_ocsp_resp_get_responder.3.gzgnutls_ocsp_resp_get_responder2.3.gzgnutls_ocsp_resp_get_responder_raw_id.3.gzgnutls_ocsp_resp_get_response.3.gzgnutls_ocsp_resp_get_signature.3.gzgnutls_ocsp_resp_get_signature_algorithm.3.gzgnutls_ocsp_resp_get_single.3.gzgnutls_ocsp_resp_get_status.3.gzgnutls_ocsp_resp_get_version.3.gzgnutls_ocsp_resp_import.3.gzgnutls_ocsp_resp_import2.3.gzgnutls_ocsp_resp_init.3.gzgnutls_ocsp_resp_list_import2.3.gzgnutls_ocsp_resp_print.3.gzgnutls_ocsp_resp_verify.3.gzgnutls_ocsp_resp_verify_direct.3.gzgnutls_ocsp_status_request_enable_client.3.gzgnutls_ocsp_status_request_get.3.gzgnutls_ocsp_status_request_get2.3.gzgnutls_ocsp_status_request_is_checked.3.gzgnutls_oid_to_digest.3.gzgnutls_oid_to_ecc_curve.3.gzgnutls_oid_to_gost_paramset.3.gzgnutls_oid_to_mac.3.gzgnutls_oid_to_pk.3.gzgnutls_oid_to_sign.3.gzgnutls_openpgp_privkey_sign_hash.3.gzgnutls_openpgp_send_cert.3.gzgnutls_packet_deinit.3.gzgnutls_packet_get.3.gzgnutls_pcert_deinit.3.gzgnutls_pcert_export_openpgp.3.gzgnutls_pcert_export_x509.3.gzgnutls_pcert_import_openpgp.3.gzgnutls_pcert_import_openpgp_raw.3.gzgnutls_pcert_import_rawpk.3.gzgnutls_pcert_import_rawpk_raw.3.gzgnutls_pcert_import_x509.3.gzgnutls_pcert_import_x509_list.3.gzgnutls_pcert_import_x509_raw.3.gzgnutls_pcert_list_import_x509_file.3.gzgnutls_pcert_list_import_x509_raw.3.gzgnutls_pem_base64_decode.3.gzgnutls_pem_base64_decode2.3.gzgnutls_pem_base64_encode.3.gzgnutls_pem_base64_encode2.3.gzgnutls_perror.3.gzgnutls_pk_algorithm_get_name.3.gzgnutls_pk_bits_to_sec_param.3.gzgnutls_pk_get_id.3.gzgnutls_pk_get_name.3.gzgnutls_pk_get_oid.3.gzgnutls_pk_list.3.gzgnutls_pk_to_sign.3.gzgnutls_pkcs11_add_provider.3.gzgnutls_pkcs11_copy_attached_extension.3.gzgnutls_pkcs11_copy_pubkey.3.gzgnutls_pkcs11_copy_secret_key.3.gzgnutls_pkcs11_copy_x509_crt.3.gzgnutls_pkcs11_copy_x509_crt2.3.gzgnutls_pkcs11_copy_x509_privkey.3.gzgnutls_pkcs11_copy_x509_privkey2.3.gzgnutls_pkcs11_crt_is_known.3.gzgnutls_pkcs11_deinit.3.gzgnutls_pkcs11_delete_url.3.gzgnutls_pkcs11_get_pin_function.3.gzgnutls_pkcs11_get_raw_issuer.3.gzgnutls_pkcs11_get_raw_issuer_by_dn.3.gzgnutls_pkcs11_get_raw_issuer_by_subject_key_id.3.gzgnutls_pkcs11_init.3.gzgnutls_pkcs11_obj_deinit.3.gzgnutls_pkcs11_obj_export.3.gzgnutls_pkcs11_obj_export2.3.gzgnutls_pkcs11_obj_export3.3.gzgnutls_pkcs11_obj_export_url.3.gzgnutls_pkcs11_obj_flags_get_str.3.gzgnutls_pkcs11_obj_get_exts.3.gzgnutls_pkcs11_obj_get_flags.3.gzgnutls_pkcs11_obj_get_info.3.gzgnutls_pkcs11_obj_get_ptr.3.gzgnutls_pkcs11_obj_get_type.3.gzgnutls_pkcs11_obj_import_url.3.gzgnutls_pkcs11_obj_init.3.gzgnutls_pkcs11_obj_list_import_url3.3.gzgnutls_pkcs11_obj_list_import_url4.3.gzgnutls_pkcs11_obj_set_info.3.gzgnutls_pkcs11_obj_set_pin_function.3.gzgnutls_pkcs11_privkey_cpy.3.gzgnutls_pkcs11_privkey_deinit.3.gzgnutls_pkcs11_privkey_export_pubkey.3.gzgnutls_pkcs11_privkey_export_url.3.gzgnutls_pkcs11_privkey_generate.3.gzgnutls_pkcs11_privkey_generate2.3.gzgnutls_pkcs11_privkey_generate3.3.gzgnutls_pkcs11_privkey_get_info.3.gzgnutls_pkcs11_privkey_get_pk_algorithm.3.gzgnutls_pkcs11_privkey_import_url.3.gzgnutls_pkcs11_privkey_init.3.gzgnutls_pkcs11_privkey_set_pin_function.3.gzgnutls_pkcs11_privkey_status.3.gzgnutls_pkcs11_reinit.3.gzgnutls_pkcs11_set_pin_function.3.gzgnutls_pkcs11_set_token_function.3.gzgnutls_pkcs11_token_check_mechanism.3.gzgnutls_pkcs11_token_get_flags.3.gzgnutls_pkcs11_token_get_info.3.gzgnutls_pkcs11_token_get_mechanism.3.gzgnutls_pkcs11_token_get_ptr.3.gzgnutls_pkcs11_token_get_random.3.gzgnutls_pkcs11_token_get_url.3.gzgnutls_pkcs11_token_init.3.gzgnutls_pkcs11_token_set_pin.3.gzgnutls_pkcs11_type_get_name.3.gzgnutls_pkcs12_bag_decrypt.3.gzgnutls_pkcs12_bag_deinit.3.gzgnutls_pkcs12_bag_enc_info.3.gzgnutls_pkcs12_bag_encrypt.3.gzgnutls_pkcs12_bag_get_count.3.gzgnutls_pkcs12_bag_get_data.3.gzgnutls_pkcs12_bag_get_friendly_name.3.gzgnutls_pkcs12_bag_get_key_id.3.gzgnutls_pkcs12_bag_get_type.3.gzgnutls_pkcs12_bag_init.3.gzgnutls_pkcs12_bag_set_crl.3.gzgnutls_pkcs12_bag_set_crt.3.gzgnutls_pkcs12_bag_set_data.3.gzgnutls_pkcs12_bag_set_friendly_name.3.gzgnutls_pkcs12_bag_set_key_id.3.gzgnutls_pkcs12_bag_set_privkey.3.gzgnutls_pkcs12_deinit.3.gzgnutls_pkcs12_export.3.gzgnutls_pkcs12_export2.3.gzgnutls_pkcs12_generate_mac.3.gzgnutls_pkcs12_generate_mac2.3.gzgnutls_pkcs12_get_bag.3.gzgnutls_pkcs12_import.3.gzgnutls_pkcs12_init.3.gzgnutls_pkcs12_mac_info.3.gzgnutls_pkcs12_set_bag.3.gzgnutls_pkcs12_simple_parse.3.gzgnutls_pkcs12_verify_mac.3.gzgnutls_pkcs7_add_attr.3.gzgnutls_pkcs7_attrs_deinit.3.gzgnutls_pkcs7_deinit.3.gzgnutls_pkcs7_delete_crl.3.gzgnutls_pkcs7_delete_crt.3.gzgnutls_pkcs7_export.3.gzgnutls_pkcs7_export2.3.gzgnutls_pkcs7_get_attr.3.gzgnutls_pkcs7_get_crl_count.3.gzgnutls_pkcs7_get_crl_raw.3.gzgnutls_pkcs7_get_crl_raw2.3.gzgnutls_pkcs7_get_crt_count.3.gzgnutls_pkcs7_get_crt_raw.3.gzgnutls_pkcs7_get_crt_raw2.3.gzgnutls_pkcs7_get_embedded_data.3.gzgnutls_pkcs7_get_embedded_data_oid.3.gzgnutls_pkcs7_get_signature_count.3.gzgnutls_pkcs7_get_signature_info.3.gzgnutls_pkcs7_import.3.gzgnutls_pkcs7_init.3.gzgnutls_pkcs7_print.3.gzgnutls_pkcs7_set_crl.3.gzgnutls_pkcs7_set_crl_raw.3.gzgnutls_pkcs7_set_crt.3.gzgnutls_pkcs7_set_crt_raw.3.gzgnutls_pkcs7_sign.3.gzgnutls_pkcs7_signature_info_deinit.3.gzgnutls_pkcs7_verify.3.gzgnutls_pkcs7_verify_direct.3.gzgnutls_pkcs8_info.3.gzgnutls_pkcs_schema_get_name.3.gzgnutls_pkcs_schema_get_oid.3.gzgnutls_prf.3.gzgnutls_prf_raw.3.gzgnutls_prf_rfc5705.3.gzgnutls_priority_certificate_type_list.3.gzgnutls_priority_certificate_type_list2.3.gzgnutls_priority_cipher_list.3.gzgnutls_priority_compression_list.3.gzgnutls_priority_deinit.3.gzgnutls_priority_ecc_curve_list.3.gzgnutls_priority_get_cipher_suite_index.3.gzgnutls_priority_group_list.3.gzgnutls_priority_init.3.gzgnutls_priority_init2.3.gzgnutls_priority_kx_list.3.gzgnutls_priority_mac_list.3.gzgnutls_priority_protocol_list.3.gzgnutls_priority_set.3.gzgnutls_priority_set_direct.3.gzgnutls_priority_sign_list.3.gzgnutls_priority_string_list.3.gzgnutls_privkey_decrypt_data.3.gzgnutls_privkey_decrypt_data2.3.gzgnutls_privkey_deinit.3.gzgnutls_privkey_export_dsa_raw.3.gzgnutls_privkey_export_dsa_raw2.3.gzgnutls_privkey_export_ecc_raw.3.gzgnutls_privkey_export_ecc_raw2.3.gzgnutls_privkey_export_gost_raw2.3.gzgnutls_privkey_export_openpgp.3.gzgnutls_privkey_export_pkcs11.3.gzgnutls_privkey_export_rsa_raw.3.gzgnutls_privkey_export_rsa_raw2.3.gzgnutls_privkey_export_x509.3.gzgnutls_privkey_generate.3.gzgnutls_privkey_generate2.3.gzgnutls_privkey_get_pk_algorithm.3.gzgnutls_privkey_get_seed.3.gzgnutls_privkey_get_spki.3.gzgnutls_privkey_get_type.3.gzgnutls_privkey_import_dsa_raw.3.gzgnutls_privkey_import_ecc_raw.3.gzgnutls_privkey_import_ext.3.gzgnutls_privkey_import_ext2.3.gzgnutls_privkey_import_ext3.3.gzgnutls_privkey_import_ext4.3.gzgnutls_privkey_import_gost_raw.3.gzgnutls_privkey_import_openpgp.3.gzgnutls_privkey_import_openpgp_raw.3.gzgnutls_privkey_import_pkcs11.3.gzgnutls_privkey_import_pkcs11_url.3.gzgnutls_privkey_import_rsa_raw.3.gzgnutls_privkey_import_tpm_raw.3.gzgnutls_privkey_import_tpm_url.3.gzgnutls_privkey_import_url.3.gzgnutls_privkey_import_x509.3.gzgnutls_privkey_import_x509_raw.3.gzgnutls_privkey_init.3.gzgnutls_privkey_set_flags.3.gzgnutls_privkey_set_pin_function.3.gzgnutls_privkey_set_spki.3.gzgnutls_privkey_sign_data.3.gzgnutls_privkey_sign_data2.3.gzgnutls_privkey_sign_hash.3.gzgnutls_privkey_sign_hash2.3.gzgnutls_privkey_status.3.gzgnutls_privkey_verify_params.3.gzgnutls_privkey_verify_seed.3.gzgnutls_protocol_get_id.3.gzgnutls_protocol_get_name.3.gzgnutls_protocol_get_version.3.gzgnutls_protocol_list.3.gzgnutls_psk_allocate_client_credentials.3.gzgnutls_psk_allocate_server_credentials.3.gzgnutls_psk_client_get_hint.3.gzgnutls_psk_free_client_credentials.3.gzgnutls_psk_free_server_credentials.3.gzgnutls_psk_server_get_username.3.gzgnutls_psk_set_client_credentials.3.gzgnutls_psk_set_client_credentials_function.3.gzgnutls_psk_set_params_function.3.gzgnutls_psk_set_server_credentials_file.3.gzgnutls_psk_set_server_credentials_function.3.gzgnutls_psk_set_server_credentials_hint.3.gzgnutls_psk_set_server_dh_params.3.gzgnutls_psk_set_server_known_dh_params.3.gzgnutls_psk_set_server_params_function.3.gzgnutls_pubkey_deinit.3.gzgnutls_pubkey_encrypt_data.3.gzgnutls_pubkey_export.3.gzgnutls_pubkey_export2.3.gzgnutls_pubkey_export_dsa_raw.3.gzgnutls_pubkey_export_dsa_raw2.3.gzgnutls_pubkey_export_ecc_raw.3.gzgnutls_pubkey_export_ecc_raw2.3.gzgnutls_pubkey_export_ecc_x962.3.gzgnutls_pubkey_export_gost_raw2.3.gzgnutls_pubkey_export_rsa_raw.3.gzgnutls_pubkey_export_rsa_raw2.3.gzgnutls_pubkey_get_key_id.3.gzgnutls_pubkey_get_key_usage.3.gzgnutls_pubkey_get_openpgp_key_id.3.gzgnutls_pubkey_get_pk_algorithm.3.gzgnutls_pubkey_get_preferred_hash_algorithm.3.gzgnutls_pubkey_get_spki.3.gzgnutls_pubkey_import.3.gzgnutls_pubkey_import_dsa_raw.3.gzgnutls_pubkey_import_ecc_raw.3.gzgnutls_pubkey_import_ecc_x962.3.gzgnutls_pubkey_import_gost_raw.3.gzgnutls_pubkey_import_openpgp.3.gzgnutls_pubkey_import_openpgp_raw.3.gzgnutls_pubkey_import_pkcs11.3.gzgnutls_pubkey_import_privkey.3.gzgnutls_pubkey_import_rsa_raw.3.gzgnutls_pubkey_import_tpm_raw.3.gzgnutls_pubkey_import_tpm_url.3.gzgnutls_pubkey_import_url.3.gzgnutls_pubkey_import_x509.3.gzgnutls_pubkey_import_x509_crq.3.gzgnutls_pubkey_import_x509_raw.3.gzgnutls_pubkey_init.3.gzgnutls_pubkey_print.3.gzgnutls_pubkey_set_key_usage.3.gzgnutls_pubkey_set_pin_function.3.gzgnutls_pubkey_set_spki.3.gzgnutls_pubkey_verify_data2.3.gzgnutls_pubkey_verify_hash2.3.gzgnutls_pubkey_verify_params.3.gzgnutls_random_art.3.gzgnutls_range_split.3.gzgnutls_reauth.3.gzgnutls_record_can_use_length_hiding.3.gzgnutls_record_check_corked.3.gzgnutls_record_check_pending.3.gzgnutls_record_cork.3.gzgnutls_record_disable_padding.3.gzgnutls_record_discard_queued.3.gzgnutls_record_get_direction.3.gzgnutls_record_get_discarded.3.gzgnutls_record_get_max_early_data_size.3.gzgnutls_record_get_max_size.3.gzgnutls_record_get_state.3.gzgnutls_record_overhead_size.3.gzgnutls_record_recv.3.gzgnutls_record_recv_early_data.3.gzgnutls_record_recv_packet.3.gzgnutls_record_recv_seq.3.gzgnutls_record_send.3.gzgnutls_record_send2.3.gzgnutls_record_send_early_data.3.gzgnutls_record_send_range.3.gzgnutls_record_set_max_early_data_size.3.gzgnutls_record_set_max_size.3.gzgnutls_record_set_state.3.gzgnutls_record_set_timeout.3.gzgnutls_record_uncork.3.gzgnutls_register_custom_url.3.gzgnutls_rehandshake.3.gzgnutls_rnd.3.gzgnutls_rnd_refresh.3.gzgnutls_safe_renegotiation_status.3.gzgnutls_sec_param_get_name.3.gzgnutls_sec_param_to_pk_bits.3.gzgnutls_sec_param_to_symmetric_bits.3.gzgnutls_server_name_get.3.gzgnutls_server_name_set.3.gzgnutls_session_channel_binding.3.gzgnutls_session_enable_compatibility_mode.3.gzgnutls_session_etm_status.3.gzgnutls_session_ext_master_secret_status.3.gzgnutls_session_ext_register.3.gzgnutls_session_force_valid.3.gzgnutls_session_get_data.3.gzgnutls_session_get_data2.3.gzgnutls_session_get_desc.3.gzgnutls_session_get_flags.3.gzgnutls_session_get_id.3.gzgnutls_session_get_id2.3.gzgnutls_session_get_master_secret.3.gzgnutls_session_get_ptr.3.gzgnutls_session_get_random.3.gzgnutls_session_get_verify_cert_status.3.gzgnutls_session_is_resumed.3.gzgnutls_session_key_update.3.gzgnutls_session_resumption_requested.3.gzgnutls_session_set_data.3.gzgnutls_session_set_id.3.gzgnutls_session_set_premaster.3.gzgnutls_session_set_ptr.3.gzgnutls_session_set_verify_cert.3.gzgnutls_session_set_verify_cert2.3.gzgnutls_session_set_verify_function.3.gzgnutls_session_supplemental_register.3.gzgnutls_session_ticket_enable_client.3.gzgnutls_session_ticket_enable_server.3.gzgnutls_session_ticket_key_generate.3.gzgnutls_session_ticket_send.3.gzgnutls_set_default_priority.3.gzgnutls_set_default_priority_append.3.gzgnutls_sign_algorithm_get.3.gzgnutls_sign_algorithm_get_client.3.gzgnutls_sign_algorithm_get_requested.3.gzgnutls_sign_get_hash_algorithm.3.gzgnutls_sign_get_id.3.gzgnutls_sign_get_name.3.gzgnutls_sign_get_oid.3.gzgnutls_sign_get_pk_algorithm.3.gzgnutls_sign_is_secure.3.gzgnutls_sign_is_secure2.3.gzgnutls_sign_list.3.gzgnutls_sign_supports_pk_algorithm.3.gzgnutls_srp_allocate_client_credentials.3.gzgnutls_srp_allocate_server_credentials.3.gzgnutls_srp_base64_decode.3.gzgnutls_srp_base64_decode2.3.gzgnutls_srp_base64_encode.3.gzgnutls_srp_base64_encode2.3.gzgnutls_srp_free_client_credentials.3.gzgnutls_srp_free_server_credentials.3.gzgnutls_srp_server_get_username.3.gzgnutls_srp_set_client_credentials.3.gzgnutls_srp_set_client_credentials_function.3.gzgnutls_srp_set_prime_bits.3.gzgnutls_srp_set_server_credentials_file.3.gzgnutls_srp_set_server_credentials_function.3.gzgnutls_srp_set_server_fake_salt_seed.3.gzgnutls_srp_verifier.3.gzgnutls_srtp_get_keys.3.gzgnutls_srtp_get_mki.3.gzgnutls_srtp_get_profile_id.3.gzgnutls_srtp_get_profile_name.3.gzgnutls_srtp_get_selected_profile.3.gzgnutls_srtp_set_mki.3.gzgnutls_srtp_set_profile.3.gzgnutls_srtp_set_profile_direct.3.gzgnutls_store_commitment.3.gzgnutls_store_pubkey.3.gzgnutls_strerror.3.gzgnutls_strerror_name.3.gzgnutls_subject_alt_names_deinit.3.gzgnutls_subject_alt_names_get.3.gzgnutls_subject_alt_names_init.3.gzgnutls_subject_alt_names_set.3.gzgnutls_supplemental_get_name.3.gzgnutls_supplemental_recv.3.gzgnutls_supplemental_register.3.gzgnutls_supplemental_send.3.gzgnutls_system_key_add_x509.3.gzgnutls_system_key_delete.3.gzgnutls_system_key_iter_deinit.3.gzgnutls_system_key_iter_get_info.3.gzgnutls_system_recv_timeout.3.gzgnutls_tdb_deinit.3.gzgnutls_tdb_init.3.gzgnutls_tdb_set_store_commitment_func.3.gzgnutls_tdb_set_store_func.3.gzgnutls_tdb_set_verify_func.3.gzgnutls_tpm_get_registered.3.gzgnutls_tpm_key_list_deinit.3.gzgnutls_tpm_key_list_get_url.3.gzgnutls_tpm_privkey_delete.3.gzgnutls_tpm_privkey_generate.3.gzgnutls_transport_get_int.3.gzgnutls_transport_get_int2.3.gzgnutls_transport_get_ptr.3.gzgnutls_transport_get_ptr2.3.gzgnutls_transport_set_errno.3.gzgnutls_transport_set_errno_function.3.gzgnutls_transport_set_fastopen.3.gzgnutls_transport_set_int.3.gzgnutls_transport_set_int2.3.gzgnutls_transport_set_ptr.3.gzgnutls_transport_set_ptr2.3.gzgnutls_transport_set_pull_function.3.gzgnutls_transport_set_pull_timeout_function.3.gzgnutls_transport_set_push_function.3.gzgnutls_transport_set_vec_push_function.3.gzgnutls_url_is_supported.3.gzgnutls_utf8_password_normalize.3.gzgnutls_verify_stored_pubkey.3.gzgnutls_x509_aia_deinit.3.gzgnutls_x509_aia_get.3.gzgnutls_x509_aia_init.3.gzgnutls_x509_aia_set.3.gzgnutls_x509_aki_deinit.3.gzgnutls_x509_aki_get_cert_issuer.3.gzgnutls_x509_aki_get_id.3.gzgnutls_x509_aki_init.3.gzgnutls_x509_aki_set_cert_issuer.3.gzgnutls_x509_aki_set_id.3.gzgnutls_x509_cidr_to_rfc5280.3.gzgnutls_x509_crl_check_issuer.3.gzgnutls_x509_crl_deinit.3.gzgnutls_x509_crl_dist_points_deinit.3.gzgnutls_x509_crl_dist_points_get.3.gzgnutls_x509_crl_dist_points_init.3.gzgnutls_x509_crl_dist_points_set.3.gzgnutls_x509_crl_export.3.gzgnutls_x509_crl_export2.3.gzgnutls_x509_crl_get_authority_key_gn_serial.3.gzgnutls_x509_crl_get_authority_key_id.3.gzgnutls_x509_crl_get_crt_count.3.gzgnutls_x509_crl_get_crt_serial.3.gzgnutls_x509_crl_get_dn_oid.3.gzgnutls_x509_crl_get_extension_data.3.gzgnutls_x509_crl_get_extension_data2.3.gzgnutls_x509_crl_get_extension_info.3.gzgnutls_x509_crl_get_extension_oid.3.gzgnutls_x509_crl_get_issuer_dn.3.gzgnutls_x509_crl_get_issuer_dn2.3.gzgnutls_x509_crl_get_issuer_dn3.3.gzgnutls_x509_crl_get_issuer_dn_by_oid.3.gzgnutls_x509_crl_get_next_update.3.gzgnutls_x509_crl_get_number.3.gzgnutls_x509_crl_get_raw_issuer_dn.3.gzgnutls_x509_crl_get_signature.3.gzgnutls_x509_crl_get_signature_algorithm.3.gzgnutls_x509_crl_get_signature_oid.3.gzgnutls_x509_crl_get_this_update.3.gzgnutls_x509_crl_get_version.3.gzgnutls_x509_crl_import.3.gzgnutls_x509_crl_init.3.gzgnutls_x509_crl_iter_crt_serial.3.gzgnutls_x509_crl_iter_deinit.3.gzgnutls_x509_crl_list_import.3.gzgnutls_x509_crl_list_import2.3.gzgnutls_x509_crl_print.3.gzgnutls_x509_crl_privkey_sign.3.gzgnutls_x509_crl_set_authority_key_id.3.gzgnutls_x509_crl_set_crt.3.gzgnutls_x509_crl_set_crt_serial.3.gzgnutls_x509_crl_set_next_update.3.gzgnutls_x509_crl_set_number.3.gzgnutls_x509_crl_set_this_update.3.gzgnutls_x509_crl_set_version.3.gzgnutls_x509_crl_sign.3.gzgnutls_x509_crl_sign2.3.gzgnutls_x509_crl_verify.3.gzgnutls_x509_crq_deinit.3.gzgnutls_x509_crq_export.3.gzgnutls_x509_crq_export2.3.gzgnutls_x509_crq_get_attribute_by_oid.3.gzgnutls_x509_crq_get_attribute_data.3.gzgnutls_x509_crq_get_attribute_info.3.gzgnutls_x509_crq_get_basic_constraints.3.gzgnutls_x509_crq_get_challenge_password.3.gzgnutls_x509_crq_get_dn.3.gzgnutls_x509_crq_get_dn2.3.gzgnutls_x509_crq_get_dn3.3.gzgnutls_x509_crq_get_dn_by_oid.3.gzgnutls_x509_crq_get_dn_oid.3.gzgnutls_x509_crq_get_extension_by_oid.3.gzgnutls_x509_crq_get_extension_by_oid2.3.gzgnutls_x509_crq_get_extension_data.3.gzgnutls_x509_crq_get_extension_data2.3.gzgnutls_x509_crq_get_extension_info.3.gzgnutls_x509_crq_get_key_id.3.gzgnutls_x509_crq_get_key_purpose_oid.3.gzgnutls_x509_crq_get_key_rsa_raw.3.gzgnutls_x509_crq_get_key_usage.3.gzgnutls_x509_crq_get_pk_algorithm.3.gzgnutls_x509_crq_get_pk_oid.3.gzgnutls_x509_crq_get_private_key_usage_period.3.gzgnutls_x509_crq_get_signature_algorithm.3.gzgnutls_x509_crq_get_signature_oid.3.gzgnutls_x509_crq_get_spki.3.gzgnutls_x509_crq_get_subject_alt_name.3.gzgnutls_x509_crq_get_subject_alt_othername_oid.3.gzgnutls_x509_crq_get_tlsfeatures.3.gzgnutls_x509_crq_get_version.3.gzgnutls_x509_crq_import.3.gzgnutls_x509_crq_init.3.gzgnutls_x509_crq_print.3.gzgnutls_x509_crq_privkey_sign.3.gzgnutls_x509_crq_set_attribute_by_oid.3.gzgnutls_x509_crq_set_basic_constraints.3.gzgnutls_x509_crq_set_challenge_password.3.gzgnutls_x509_crq_set_dn.3.gzgnutls_x509_crq_set_dn_by_oid.3.gzgnutls_x509_crq_set_extension_by_oid.3.gzgnutls_x509_crq_set_key.3.gzgnutls_x509_crq_set_key_purpose_oid.3.gzgnutls_x509_crq_set_key_rsa_raw.3.gzgnutls_x509_crq_set_key_usage.3.gzgnutls_x509_crq_set_private_key_usage_period.3.gzgnutls_x509_crq_set_pubkey.3.gzgnutls_x509_crq_set_spki.3.gzgnutls_x509_crq_set_subject_alt_name.3.gzgnutls_x509_crq_set_subject_alt_othername.3.gzgnutls_x509_crq_set_tlsfeatures.3.gzgnutls_x509_crq_set_version.3.gzgnutls_x509_crq_sign.3.gzgnutls_x509_crq_sign2.3.gzgnutls_x509_crq_verify.3.gzgnutls_x509_crt_check_email.3.gzgnutls_x509_crt_check_hostname.3.gzgnutls_x509_crt_check_hostname2.3.gzgnutls_x509_crt_check_ip.3.gzgnutls_x509_crt_check_issuer.3.gzgnutls_x509_crt_check_key_purpose.3.gzgnutls_x509_crt_check_revocation.3.gzgnutls_x509_crt_cpy_crl_dist_points.3.gzgnutls_x509_crt_deinit.3.gzgnutls_x509_crt_equals.3.gzgnutls_x509_crt_equals2.3.gzgnutls_x509_crt_export.3.gzgnutls_x509_crt_export2.3.gzgnutls_x509_crt_get_activation_time.3.gzgnutls_x509_crt_get_authority_info_access.3.gzgnutls_x509_crt_get_authority_key_gn_serial.3.gzgnutls_x509_crt_get_authority_key_id.3.gzgnutls_x509_crt_get_basic_constraints.3.gzgnutls_x509_crt_get_ca_status.3.gzgnutls_x509_crt_get_crl_dist_points.3.gzgnutls_x509_crt_get_dn.3.gzgnutls_x509_crt_get_dn2.3.gzgnutls_x509_crt_get_dn3.3.gzgnutls_x509_crt_get_dn_by_oid.3.gzgnutls_x509_crt_get_dn_oid.3.gzgnutls_x509_crt_get_expiration_time.3.gzgnutls_x509_crt_get_extension_by_oid.3.gzgnutls_x509_crt_get_extension_by_oid2.3.gzgnutls_x509_crt_get_extension_data.3.gzgnutls_x509_crt_get_extension_data2.3.gzgnutls_x509_crt_get_extension_info.3.gzgnutls_x509_crt_get_extension_oid.3.gzgnutls_x509_crt_get_fingerprint.3.gzgnutls_x509_crt_get_inhibit_anypolicy.3.gzgnutls_x509_crt_get_issuer.3.gzgnutls_x509_crt_get_issuer_alt_name.3.gzgnutls_x509_crt_get_issuer_alt_name2.3.gzgnutls_x509_crt_get_issuer_alt_othername_oid.3.gzgnutls_x509_crt_get_issuer_dn.3.gzgnutls_x509_crt_get_issuer_dn2.3.gzgnutls_x509_crt_get_issuer_dn3.3.gzgnutls_x509_crt_get_issuer_dn_by_oid.3.gzgnutls_x509_crt_get_issuer_dn_oid.3.gzgnutls_x509_crt_get_issuer_unique_id.3.gzgnutls_x509_crt_get_key_id.3.gzgnutls_x509_crt_get_key_purpose_oid.3.gzgnutls_x509_crt_get_key_usage.3.gzgnutls_x509_crt_get_name_constraints.3.gzgnutls_x509_crt_get_pk_algorithm.3.gzgnutls_x509_crt_get_pk_dsa_raw.3.gzgnutls_x509_crt_get_pk_ecc_raw.3.gzgnutls_x509_crt_get_pk_gost_raw.3.gzgnutls_x509_crt_get_pk_oid.3.gzgnutls_x509_crt_get_pk_rsa_raw.3.gzgnutls_x509_crt_get_policy.3.gzgnutls_x509_crt_get_preferred_hash_algorithm.3.gzgnutls_x509_crt_get_private_key_usage_period.3.gzgnutls_x509_crt_get_proxy.3.gzgnutls_x509_crt_get_raw_dn.3.gzgnutls_x509_crt_get_raw_issuer_dn.3.gzgnutls_x509_crt_get_serial.3.gzgnutls_x509_crt_get_signature.3.gzgnutls_x509_crt_get_signature_algorithm.3.gzgnutls_x509_crt_get_signature_oid.3.gzgnutls_x509_crt_get_spki.3.gzgnutls_x509_crt_get_subject.3.gzgnutls_x509_crt_get_subject_alt_name.3.gzgnutls_x509_crt_get_subject_alt_name2.3.gzgnutls_x509_crt_get_subject_alt_othername_oid.3.gzgnutls_x509_crt_get_subject_key_id.3.gzgnutls_x509_crt_get_subject_unique_id.3.gzgnutls_x509_crt_get_tlsfeatures.3.gzgnutls_x509_crt_get_version.3.gzgnutls_x509_crt_import.3.gzgnutls_x509_crt_import_pkcs11.3.gzgnutls_x509_crt_import_url.3.gzgnutls_x509_crt_init.3.gzgnutls_x509_crt_list_import.3.gzgnutls_x509_crt_list_import2.3.gzgnutls_x509_crt_list_import_pkcs11.3.gzgnutls_x509_crt_list_import_url.3.gzgnutls_x509_crt_list_verify.3.gzgnutls_x509_crt_print.3.gzgnutls_x509_crt_privkey_sign.3.gzgnutls_x509_crt_set_activation_time.3.gzgnutls_x509_crt_set_authority_info_access.3.gzgnutls_x509_crt_set_authority_key_id.3.gzgnutls_x509_crt_set_basic_constraints.3.gzgnutls_x509_crt_set_ca_status.3.gzgnutls_x509_crt_set_crl_dist_points.3.gzgnutls_x509_crt_set_crl_dist_points2.3.gzgnutls_x509_crt_set_crq.3.gzgnutls_x509_crt_set_crq_extension_by_oid.3.gzgnutls_x509_crt_set_crq_extensions.3.gzgnutls_x509_crt_set_dn.3.gzgnutls_x509_crt_set_dn_by_oid.3.gzgnutls_x509_crt_set_expiration_time.3.gzgnutls_x509_crt_set_extension_by_oid.3.gzgnutls_x509_crt_set_flags.3.gzgnutls_x509_crt_set_inhibit_anypolicy.3.gzgnutls_x509_crt_set_issuer_alt_name.3.gzgnutls_x509_crt_set_issuer_alt_othername.3.gzgnutls_x509_crt_set_issuer_dn.3.gzgnutls_x509_crt_set_issuer_dn_by_oid.3.gzgnutls_x509_crt_set_issuer_unique_id.3.gzgnutls_x509_crt_set_key.3.gzgnutls_x509_crt_set_key_purpose_oid.3.gzgnutls_x509_crt_set_key_usage.3.gzgnutls_x509_crt_set_name_constraints.3.gzgnutls_x509_crt_set_pin_function.3.gzgnutls_x509_crt_set_policy.3.gzgnutls_x509_crt_set_private_key_usage_period.3.gzgnutls_x509_crt_set_proxy.3.gzgnutls_x509_crt_set_proxy_dn.3.gzgnutls_x509_crt_set_pubkey.3.gzgnutls_x509_crt_set_serial.3.gzgnutls_x509_crt_set_spki.3.gzgnutls_x509_crt_set_subject_alt_name.3.gzgnutls_x509_crt_set_subject_alt_othername.3.gzgnutls_x509_crt_set_subject_alternative_name.3.gzgnutls_x509_crt_set_subject_key_id.3.gzgnutls_x509_crt_set_subject_unique_id.3.gzgnutls_x509_crt_set_tlsfeatures.3.gzgnutls_x509_crt_set_version.3.gzgnutls_x509_crt_sign.3.gzgnutls_x509_crt_sign2.3.gzgnutls_x509_crt_verify.3.gzgnutls_x509_crt_verify_data2.3.gzgnutls_x509_dn_deinit.3.gzgnutls_x509_dn_export.3.gzgnutls_x509_dn_export2.3.gzgnutls_x509_dn_get_rdn_ava.3.gzgnutls_x509_dn_get_str.3.gzgnutls_x509_dn_get_str2.3.gzgnutls_x509_dn_import.3.gzgnutls_x509_dn_init.3.gzgnutls_x509_dn_oid_known.3.gzgnutls_x509_dn_oid_name.3.gzgnutls_x509_dn_set_str.3.gzgnutls_x509_ext_deinit.3.gzgnutls_x509_ext_export_aia.3.gzgnutls_x509_ext_export_authority_key_id.3.gzgnutls_x509_ext_export_basic_constraints.3.gzgnutls_x509_ext_export_crl_dist_points.3.gzgnutls_x509_ext_export_inhibit_anypolicy.3.gzgnutls_x509_ext_export_key_purposes.3.gzgnutls_x509_ext_export_key_usage.3.gzgnutls_x509_ext_export_name_constraints.3.gzgnutls_x509_ext_export_policies.3.gzgnutls_x509_ext_export_private_key_usage_period.3.gzgnutls_x509_ext_export_proxy.3.gzgnutls_x509_ext_export_subject_alt_names.3.gzgnutls_x509_ext_export_subject_key_id.3.gzgnutls_x509_ext_export_tlsfeatures.3.gzgnutls_x509_ext_import_aia.3.gzgnutls_x509_ext_import_authority_key_id.3.gzgnutls_x509_ext_import_basic_constraints.3.gzgnutls_x509_ext_import_crl_dist_points.3.gzgnutls_x509_ext_import_inhibit_anypolicy.3.gzgnutls_x509_ext_import_key_purposes.3.gzgnutls_x509_ext_import_key_usage.3.gzgnutls_x509_ext_import_name_constraints.3.gzgnutls_x509_ext_import_policies.3.gzgnutls_x509_ext_import_private_key_usage_period.3.gzgnutls_x509_ext_import_proxy.3.gzgnutls_x509_ext_import_subject_alt_names.3.gzgnutls_x509_ext_import_subject_key_id.3.gzgnutls_x509_ext_import_tlsfeatures.3.gzgnutls_x509_ext_print.3.gzgnutls_x509_key_purpose_deinit.3.gzgnutls_x509_key_purpose_get.3.gzgnutls_x509_key_purpose_init.3.gzgnutls_x509_key_purpose_set.3.gzgnutls_x509_name_constraints_add_excluded.3.gzgnutls_x509_name_constraints_add_permitted.3.gzgnutls_x509_name_constraints_check.3.gzgnutls_x509_name_constraints_check_crt.3.gzgnutls_x509_name_constraints_deinit.3.gzgnutls_x509_name_constraints_get_excluded.3.gzgnutls_x509_name_constraints_get_permitted.3.gzgnutls_x509_name_constraints_init.3.gzgnutls_x509_othername_to_virtual.3.gzgnutls_x509_policies_deinit.3.gzgnutls_x509_policies_get.3.gzgnutls_x509_policies_init.3.gzgnutls_x509_policies_set.3.gzgnutls_x509_policy_release.3.gzgnutls_x509_privkey_cpy.3.gzgnutls_x509_privkey_deinit.3.gzgnutls_x509_privkey_export.3.gzgnutls_x509_privkey_export2.3.gzgnutls_x509_privkey_export2_pkcs8.3.gzgnutls_x509_privkey_export_dsa_raw.3.gzgnutls_x509_privkey_export_ecc_raw.3.gzgnutls_x509_privkey_export_gost_raw.3.gzgnutls_x509_privkey_export_pkcs8.3.gzgnutls_x509_privkey_export_rsa_raw.3.gzgnutls_x509_privkey_export_rsa_raw2.3.gzgnutls_x509_privkey_fix.3.gzgnutls_x509_privkey_generate.3.gzgnutls_x509_privkey_generate2.3.gzgnutls_x509_privkey_get_key_id.3.gzgnutls_x509_privkey_get_pk_algorithm.3.gzgnutls_x509_privkey_get_pk_algorithm2.3.gzgnutls_x509_privkey_get_seed.3.gzgnutls_x509_privkey_get_spki.3.gzgnutls_x509_privkey_import.3.gzgnutls_x509_privkey_import2.3.gzgnutls_x509_privkey_import_dsa_raw.3.gzgnutls_x509_privkey_import_ecc_raw.3.gzgnutls_x509_privkey_import_gost_raw.3.gzgnutls_x509_privkey_import_openssl.3.gzgnutls_x509_privkey_import_pkcs8.3.gzgnutls_x509_privkey_import_rsa_raw.3.gzgnutls_x509_privkey_import_rsa_raw2.3.gzgnutls_x509_privkey_init.3.gzgnutls_x509_privkey_sec_param.3.gzgnutls_x509_privkey_set_flags.3.gzgnutls_x509_privkey_set_pin_function.3.gzgnutls_x509_privkey_set_spki.3.gzgnutls_x509_privkey_sign_data.3.gzgnutls_x509_privkey_sign_hash.3.gzgnutls_x509_privkey_verify_params.3.gzgnutls_x509_privkey_verify_seed.3.gzgnutls_x509_rdn_get.3.gzgnutls_x509_rdn_get2.3.gzgnutls_x509_rdn_get_by_oid.3.gzgnutls_x509_rdn_get_oid.3.gzgnutls_x509_spki_deinit.3.gzgnutls_x509_spki_get_rsa_pss_params.3.gzgnutls_x509_spki_init.3.gzgnutls_x509_spki_set_rsa_pss_params.3.gzgnutls_x509_tlsfeatures_add.3.gzgnutls_x509_tlsfeatures_check_crt.3.gzgnutls_x509_tlsfeatures_deinit.3.gzgnutls_x509_tlsfeatures_get.3.gzgnutls_x509_tlsfeatures_init.3.gzgnutls_x509_trust_list_add_cas.3.gzgnutls_x509_trust_list_add_crls.3.gzgnutls_x509_trust_list_add_named_crt.3.gzgnutls_x509_trust_list_add_system_trust.3.gzgnutls_x509_trust_list_add_trust_dir.3.gzgnutls_x509_trust_list_add_trust_file.3.gzgnutls_x509_trust_list_add_trust_mem.3.gzgnutls_x509_trust_list_deinit.3.gzgnutls_x509_trust_list_get_issuer.3.gzgnutls_x509_trust_list_get_issuer_by_dn.3.gzgnutls_x509_trust_list_get_issuer_by_subject_key_id.3.gzgnutls_x509_trust_list_init.3.gzgnutls_x509_trust_list_iter_deinit.3.gzgnutls_x509_trust_list_iter_get_ca.3.gzgnutls_x509_trust_list_remove_cas.3.gzgnutls_x509_trust_list_remove_trust_file.3.gzgnutls_x509_trust_list_remove_trust_mem.3.gzgnutls_x509_trust_list_verify_crt.3.gzgnutls_x509_trust_list_verify_crt2.3.gzgnutls_x509_trust_list_verify_named_crt.3.gz/usr/include//usr/include/gnutls//usr/lib64//usr/lib64/pkgconfig//usr/share/doc/packages//usr/share/doc/packages/libgnutls-devel//usr/share/doc/packages/libgnutls-devel/examples//usr/share/doc/packages/libgnutls-devel/reference//usr/share/info//usr/share/man/man3/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:27026/SUSE_SLE-15-SP2_Update/c7e81a90150debade7e9b927dca74a83-gnutls.SUSE_SLE-15-SP2_Updatedrpmxz5aarch64-suse-linux directoryC source, ASCII textC source, ASCII text, with very long linespkgconfig filePNG image data, 315 x 245, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 423 x 353, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 472 x 321, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 501 x 205, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 633 x 395, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 492 x 242, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 313 x 286, 1-bit grayscale, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 628 x 346, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 331 x 401, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII text, with very long linesPNG image data, 572 x 334, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII textXML 1.0 document, ASCII textPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced (gzip compressed data, max compression, from Unix)assembler source, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)PRRRRR / !y哽utf-81595d400b8d2844494e783269c8f3a972b1207eb8199dc69a63046cb6fbeb7a8?7zXZ !t/$]"k%fkBBjg#x=yXO-~dҝq@)lŌsSnqZ܂8[ {^-{}t:@̩ 紞WO-``lb 3? aP\HaLu,ۇ `*7nVG FC54&@M8 ݃5F^Y\ `ctKaVr T} riÊ)lP]zu@l0zBsP WLqśp>WzjR[܆+Vtn/9Kq00u?=X"CI!4TxN @#1j#)#G9_헁׈X%Zβ#qNPmh帨(F7kqUgmjwAM'O$1x,PFQH AT,%Mkْbho Ԅ/@Jvu;_bBM#sQ)mQ#V*>5qFSuP#$ROq[_ 旊~ٸb~!]e`V&^gD %M_6i_[͎Yu>5&lLw1u>z5gjb?ggyٜolˋ_tSͧ?wWfnl9b#:N‘%l˦{` rZ#lPtQm xL/@9qRHxzgu҄#EC6x 2yc0j:j!m'C~ N̥U oME"f:Rm-jT"mZJ<5eiDBWY:\-Z ӗ`i\j̿Y09 O^%,?BiB9.s=-7:)%QtO 'b΄Ωq!`5 H9;uֳAzF6[q$Hz! ߨF )&C;;Y9%wZ1TFᓘGS#*{=^2SO-~hh 7({IN;.χ,^\;R=VYeŴ7C5]VTa1_HTuXg<3!75p=m-&%wom.=/7n_cG;/5iU ?%+8b`\588OlWo'ꄔ CY]z"Xd0$_!FqdQ, DV<&KRoR!;uM߂:=nh{frQ?1{aI鮴yT0=e!b%,Tu־J~!]e5tc"VSi~9:qF6dͿ #k2#$Tj%6 n8x=#dRȁM!ZC p%!:PD4F3O>Qel{X'23a7^Bώ̤{G9oF;2voaEH$ۦ/q9$ j~ف3;j6Pjٽ`uw f/-=-)}`dLE~$H2 J jؼ/,m-pک4-7&Zʂ0 ZmQ끖jCcK=ǚǴF]8ćVbGAS'LKiULd^&4\G]jp&QC71%MB[XwSng\t|.fsuל< \{cy/eތ"ۻpQi"٦YL;m]"ȠJ-R=F̄O/%{t0rAkX~qVt qGZJ] Pr*`'%1a%CWE^ږ6i1웶l@9 [){֘Hv؁A=탼 s,/T+ַʭdU_=c޳9!4k'bC'Z\q"kAJE-/)QJa-޴{"ĞD* -g[xy1Y4E_%RP~h]E~n@7!wg.R^#1.J]0!2u+R\ڟګ4 L վޟsí=vz#3@Uҫ=sáu i?a e {_tP'9$_q~)f/)9xSƻVQJJ8J1/Y'M G.Ѥeӂ@n+ Ft.ViD8["*ᎯnL}??ԖfhW7R70 {JIy]$UC8>/\=+=ψ= 8)IlAH.΃2`I7q¶Sa-'/4hWߚ=ez o(͓!k=9Ʃ[NjѠd~Ȓr&F He!LI,w,g5\ ǧYV(_]aշ|fi>8CBeG SH֭Img6؏'w&AE)c:k6PÝSǕeQXr1UL;8_{CJ5\38U j= 0 M05|ui'7f77EPԒ&'*p K4,!$en#/4nf0pbX;`PhzMk˅tmO(ⷫH[h.F~!8*ښEq2z1T.QZ'q1;nވO8z$oƕ~e)]9!(}}t>]}5 qp\r25P.̍V `#-2_h #r9{ƔשݏJn)Ujx#SJ}O*Wbk\ecUV_(N ~+ޔAJrqMJo!b$/W]gaZ0؇YN'OQ!O}baĜ.q`hܼgȭSv#>Lt•&3j|ϡ'oY57'FaJ5hcTDT&owNFqA7^Hs}mЖ7 &]@~Y3y]l$.W'(ρ)yA@vdΛ[XеB~ȍSdi#+1ͱFX#9jys}L#rט Zmʨ'k FǴWa]x6\w ڵl 9ʣ'}&%rC".pEvWoe8ဌ0&1ʜO!H.K:oEAL$i N 2M#EoUW^YlZÁZш~]ʠ;FAvvU8ThG l)\+9ؑ2s 8AFd݈feRKuXexNk l){]4y̤y>~)e{I@Y ld@턞y)h0 ^A,7=?EJHԼ*/= 2$h&O+ꖬH#gs3C9!Ri۟(=&hPg SOy2ܻʙf3r wE4:p')cWT(I޵5 YZ