libgnutls-devel-3.7.3-150400.4.44.1<>,fIp9| ,-q kJXt&{JR%r4Kf"&1~w4UbM!6">[ h!xұHxOˇAr|6X%ES 2,5lNs^x h+G@ȮAZF` (ՉԐmfגƵ=8U_X]?4W`A$X{ yD@͕߆ VvMi<s0hҺ!d >B?d & O 28?   * >  ````̈́,(_8h9:>@?HFPGdHdIdXdYt\]ʸ^m- bn?cndoieonfoqlosuovwPxPyPzl|Clibgnutls-devel3.7.3150400.4.44.1Development package for the GnuTLS C APIFiles needed for software development using gnutls.fIh03-ch2dJSUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Development/Libraries/C and C++https://www.gnutls.org/linuxx86_64 ALL_ARGS=(--info-dir=/usr/share/info /usr/share/info/gnutls.info.gz) if test -x /sbin/install-info ; then /sbin/install-info "${ALL_ARGS[@]}" || : fi ; test -n "$FIRST_ARG" || FIRST_ARG=$1 if test -x /sbin/install-info ; then if [ "$FIRST_ARG" = 0 ]; then /sbin/install-info --quiet --delete --info-dir=/usr/share/info /usr/share/info/gnutls.info.gz || : fi ; fi ;h$, ,(:QS1|  !| cEZ %0!7@@H%M#boi;wbC+'CvC '&XJw I =.D;L$@=742525<6"f 0G4x|xO\n1J%n}}kv%TMM#/q~q8#od?A33NO'KJ(tG:BkXZww3jB%q5_X5PmoSRDuY|?[X_=Dm9#;. |}~qLCJHe!]\x,z' D1^8/,2!P)SS91\kvgg|P[-P=N`+St$P'/zm,R#l=3].}r@Y=~{]q9 qVPp1LsC=J(U'T ^>q(855F&D*y^D2y5&Vs4|C $qXEZf Z8 CjfBlf,MaLL !4#Qo .W#[5\k!1U KQ<^R}( wcE";- +m2!h Z=_c\}R)@E\)KKa ntHKd^7Y/QN1Z1KE\+cY^ L^6=1z?L.|{ Jt!<; ++bV&zH3&* 5fd5'`9px _xfN 6 )N}$Ww7|9{s@$VO RZ"kK O2a'N4)&>)/.+k"9k__U(Jl5!&'"&a^V+B.?$!!+%F>Q @ OX@{]FUZbjM;_DsidQ x=j||`^<Mn<kbHXwmA큤AA큤A큤fGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfGfG8a4318ffe545312bd3649618070b1d8085a386e4591c3a2d4c246ca855ce48693bc18e4946450bcdfa4c3d9531d3ab89b9cdf23488840a76f899f55433cbb4ba276f0cb32523e1cb71dd2332bba065e35dd115a305e4f40ad12cd11d8e254a9ee7dece82e75be914decb9f4054c1f55d8a797cff23bfc20f8105c5024a330c79802625bd2ac347478f59bc3eb984781a300ae0d97f434af870ac27d9b1d99873cebcdacd8ae0a2441fa41f26a645de9bc3f752f12b35f6bdad1a29164a2d749c9d3c6747bbe067dcea3d66b83488b1c394b3ebeb1dac00c79a966a948df3400c5c65dc9de3d4e94d73e467cf3d0418668b1eecf98e32ad45d0b4d2a8c07f11d0d0e16f0d60e1d5345a930f6bb6576c95ec84fbe30fc8230fdff51ae033ac9aa5fc48a2cb3a6c3be97b3ae4aaf1045aebfcb7d0b1207f27c7b56382c560d300e3924b3031afb63b68396ded9f2d52277af2c8595af243c9e38f1447d852553dd5e09c13b897141d0e50f07c10c0b2aad50bfce5872018850899b9e0a07930fc6607b0f8143a8a63cbc89dc4808d83da8c38a865df35995344c133aae69532af4fda539bd3a14136ff2f452652ba48708267c7875da2bdfb35e1abdf7b2d71d19492431648ef8fe1c4d593bb506d5cda3c4821a28eb20d4a0486cc01b607f146b478fd8352536f5be6464e779e2be8a4fa889288a7773589caab4a5fee9c1371f8e779578205efc3b99041f59394e9e92402200e2feb759d1ecebded02f86eb5173cc4c8c1e85fe9a3dc991e4340daf88cf826609ca8b06e37faf8d2e479e2bbfa322703c511560119ecfc58fb3526700f249a0bc14238a007e2de6511997b9aeb96190117e20a73f657a6a49de4911a8cb962f5674510772e0213997f79f79caf06667d98847a2e125fa9031268f0d4cc831fcc1bb0e5168449b901c41568df83256fc598d83f1b64c0cd17bbc58c7a5fa91d08eee7e7778935f475e2975ea5307775fe7db9f7aa86c70467a7bc139699d2564a9194c60b4cd477208aae100b516595f93074551ddd3fea9bad64f8f8f65cf0aeea93105b34e71dd8e0d2f845982fe21adccdba673e47b126ac659b90e9eacebd2618df31b8da7cdbd5bd74f8641a98347cfbc1df0092c5acf404a46b452794d6314988af79093bfffaed4ac57e5e3817e5e61792201dccc9b26e15907f1b5f151533e71c222abd68ac4d30eaee92ded9a12a068daa9dc5c266a3c8d98215a908a32b131d5c5fea84e767b9288b255856ea9097ea4cd91f1f4592def953540afdf78d67d590608bb5647dc7dc484a250c3d1c715831d2a1ec9f39af90e98af606d39ea6baea49e288f727a0b9c168fcd9dd8a3be07c6af5a7e5bdf5375bb275e3492e9fc8ecaa4ec463627c2d8c8f6cfa0d96c778b219a4498fa6d831d5e9335522dde01cdbca0bed460ac184c2bfb8e36975d54aed08c5d4d8e38060e71cf88472118f351941a80320fc8fd26f3bcb227fbe033e0611ba2f2d5da7c1275334fcb994035e80ac6918260321135215ca9bccdabc25668c2a25b26f0bf584edd004e8184ca003faafcb347c865f6cf9794cbf48c933858af0c814000890f567990ab59880ec426d9a98f2306ec8707602eacd37f60767b99a37e48c502558fbb73d9ce11896a8f3bfbaf644c407e29224268008e71272f11c91afb8c2430853eafcc384a9086e1b55314becfd872fd2b3c99909c49ec9a29d0656c65fc96b491357faf03c5c15abe40b7a8d3970a6275a1b621808440b376194c4291593cc07e171c87aac3dbde019346b6c99eca70789b3a3a4a129b5da7e708f5a4f9e0052987bce55bb28cc12587cc49d14c453674cbf3e7b4109bc94177c7c3b57922d23987175d29d71b33dd6108e3a4d049a7429ce1051ab72e6634841727da48bb2f73b45c3063fa2490480341de92139353b3c425c8916f76a8d91b3d35110dabfa19a7d21e2c452eaba4278818dac7dbdd7c279f5d65a7ad6e8d302f21687e36781efcf303d170f15c2e233108b1e52dd067194e93871006f6fd989c6ef7f6490854a4b664fe55dc5dd28b13ae7f3c2dc67bea03002c2fce84e129128f38e8bc52813b8ae2eba04dca0cfbe82c65b7900f8903814b72bddfde01d0b4883f9288fe55829acda89653217a9024c3df18138a0e67b6e74ae2e4af12985bcbb0e07c7fbf38342be9b0a5e4192440f703f6349b325a8f764db03f26a26a4d386ec36ec6d8a8c88045100f4f975d8c2dbe3ece5a3fcc65c4f0954b8474753463d0c74b62180c8796b4f0760048dc153a2026c430c7c67f74b68103b066759b894c3e62f83203d125f83f8b4a6f30a8939a776ddabc43c84f955d142c35d3ecacdad5d26426bfa29c9d4b92167ffdf2c3b16ffb888616d91d935e4b1c6fa088f1b2e48ca9cce03927ca176ce6ec937483a3fb2a7bdf660b546e445af4b8aa8a242ae1b316dd4abf17e1475ce7af2b64ea59b66de4ee91573a216495a1253bd38df3f770130f0cec42250331ecaf2b798cbdfb8162c36c3784098af709d00c7d6e72231ad1335fae4b71c65c22459e5041943aa8fe10c41282d84be1e86ea4df7d027ddd06edb0473cfa7bf802125dab2e2055530bb4b27155d7d89771d2f481ce9705f0d6469426a015609b08236752a9d2615cf4ca38fb6b177f0354972eb843ef3e5516f7bec816c81428f9d3c7c4f0a7b95f955596677f841d2e2be385481ff82d50f768d1d8c047074494c53279181c66bc7536072b65a61832cf89e9c12dde2f482599a0085bda55136ee3705df1a0bc9e813ee4bc36ad082ca1660ea0392b59f7862777a68cf362c2bd33dbfb66ef083f0c036a0949e855e1eff6bc7b677ffda5e22614649deb23dba6066b378b227959e4c603298a68f11b6476bf63556d656c7a4e82513c7f5fa2c83295e98d3fc9b92e4bff729adec27c6b3277cca9fe33b89084ec5900cd5d4f143d403dc26a2045df521b6a4d21366d428fc03bb8c06581bfb515c740ca943e6d915c7d42ff2ea763c66a6d782674a57de7694e7c02164aec06713df0e0daa3611b11234f694b5fcd97247a71781d542ab0bbdf84bc5357bcee24ea62bd1aa414d7d112ae4b3e5247a7ee359f847289375765ca6a82eb10ffc7c37af007ae7eaac5f51cad535cee69a1cc3db57d60feab7501430cdb36ba78869e0c567d5b6055b8fd9fa8ce2de691f32247f3c877f5e9f1312b13f029367cbd72e96238799fd07ca3470033edf78b6f84fe31e6996e5d48b901bd74cf86a91ee5fc785fe9d76da3b2ce917d8cd69fb1477fe666e942786970278d7423317fac3fca05384e901dda82d635f86289500feaf76cde11bb03763f23650d44d34817434bec83fd34cb1f7c23d2675052d82a3f70420d2df247e899ed71f6085f4017bb1e3fbd9dd77673a7fbee8289c69091ee6282ff6b5316d54f0367f5e91613c26454cb48df1504700afe0da27d9416d73fba0bf6773f7e66f7b113e48b17745a82e6b432a19899483b4f3e67e900181e755987531bc90d9ab3354df066fc1fd2b76ddb649f45ba5b2e54f7936840eee4c66bbf14a259edaa53f4f0a411014e1e37465683fd5ab4d5b505989d0786d0081dbc293b09aab980588b0c695a6049545017ccc8ddd553011a67facbb99ae56190eaa1bd6e24b9cd4d92d112817f1905c4f7e70ffe8d54f2a9eb6d8f39a16139f00eac5550f3ab253bda518a6cdbebda9700f997db78589a5d1d26eecf8eba3840441c71c46f7783c5e3a6fa8bada1a04953422d02a54ffb392b148e5b61dcea1df3e5632c37e46decfcf6091e83566b13301219b95e22313f83277fd4351442e459248e90fba90fec18e738004447e29ee3bf828b07f4c5552b641377221b5c669689b6cb4f5e963a2e0a6d920764513a79a56dfb429fc93c78c374a3c7748c5a12e397455f6da01d73923ef044c29b3ade0bf4724a26070de966400d9cd20e3ce51c2b3c1a8791654a3b5a43a7af12f8a40f3420864ee7b0f5ba3d2dc471b1f41c3bbee1698f825464d9334585b84a2f360b0ea0025b32a60d1bd022b8594259557fa7a6c19b2a95b58d40dcde58b840b9bc6c9fa0fd176e79cc05e77081fd83611d7202ed8e2baa052844591ebe033a84369708f137f8487fb7ebfc04758fb1071a3db45124e22cbfb0ec9828f1f414b08fb9f0b29864a3f1f402eb8ec3d8c6fe6bb3f42b40ce8b722cd572eead8593b49b07a812ba5add59f29862dcd9afb7ef1d3e9f0db3ca0650cad2d06f628ac632ef0e51d8eefc92fa1a091bc61323f3acff3f629579880e9f8dde6045807d8ca684511379616c142269635738fcd0259cb079b2e6d0a9b4ffe19558d877a5daaf93a9aa4eb0b2c2b65ba05447299de5bffa6ea653e25eef001e6c036c7187cd20fff62517b3d649cce657a7f8f8376daa9ba8b3acb9b19a1ddcd943e03bc389e2eb44fb040d4d078618846cddcc95e53e6fd47b20b5ffd8eb323336de86dc584dec7a45d1d6ac8b9003f472dfb24128b6104b6802aa5d5fbad50ad369fedc08bdbf8ee74dfdfb48389f532cf301aa583ddf2e8ca77add247265541f87c73d3c2915b11f3df304f0358f83e97382545a02896a446ebfb6e7244cf2b2f8c064151b30625557fcf1db93e479620dc59667e3001ebe83c29688dd6b95f102ac24429ae811e93f860c0af6447bbe1c557813228ca91034d47ecee1a8a8c7fad262663a44eb8919ced11b59df32fbde03e78f644bccc411f04bc059f1d8e2255ec1ff26650b1b5afe1b9de2d978ab4b7e3bff3559b2ee4a94f228622cb83c9b0435c71b0b2ea661969f30ff191ffd770bd9d4a343c54952cccec99eede29621781a54078fafd94512f460c8a3bf2ffa3efc27ee41c021bb363013fcc22ef4c4239d2e279fc231883ab31e9a4993a0abfcfd822828a20ffd2a4cb4bddaacc6145d8cf6fd50fab229f75d4828f6039583c31475ed0f243ce1f93357032920113320d08f8ecc39e6d36dd4c0aef0e10f54d744ca8e9795ba19350235c3afb63b8d60ac506f483dd373097af511d88bbc936d2958eebe9c2e535a0d17615f761a8a352beeb22df5e15f6daf7db3585988fe35b17370429d996a8d642d83adb806b11a469c7d47fdd09a4cba02b0f5dd97f08541fbcd5ef08bceabea12f2ff10489e5c01246874eb0190b3a444b2e126a3da8488757f09f3755c51f56e73e1addb7cf7b2bf99ce2dc45038e6dbc6e61cdc1b054959ddd85d8df1057324f61561eda426e489de9072b7f1391c1a75184a96e2fd18248eb513f977fb47ec7aa84878207c0d845e8bf5100779bcc428651d9799034df561058ecdd1d7328244e7dcf599036857f9d3b94659f2c825998d39fb4b36a2af77bd3c1d4c0be73df576d924a3454c07f9b9b31285a2aa1678b35f484c53b3df370fc8e269463fd07531255ae7f8afa6f76e3b1ff3d3cf26a5a45c8ce98259da4d9748e54a76b48d6f7f3da68db155ddca0bc131fef31a51ccf6abf2578b706f684d1cf0fee027ecd1a511908bdc6db98633235340d0d75b519f6c96f506d460e98b15292fe22a6b8f6ae5594f28d44901f451c3d92e30121fa81ecb7ec0f50bf9bc78ba5a9751315d010d0094deaf7557ca2b7ead1f285dca1bc204e9d79b45d6404350c40054aa5e085e4177ea7fc99c284b879a88b1a4adf9ea9910bb73ca02891aa3b3dead0fa1ade0a73003d78eb522b914f5be805a1c519b34c1826f0db7ad15cf4e522811678541512ee1c3d73addd44daf4fcbd3a798ab196ead67119bb6186b6fe2a4bd11f3b56d2c1c9c9d3f65c3c4460ec02f6f41b4cf2ffdee59b8035cd1b84bb602500bddfdeecad435a98b4cf9346cc7c92acfccfe27fc040f186a9ed943925d2eeb4614fe9228a06b6d40ecc2d7c121e855d220f60074234adc4363fc06daf493fd3b482e8a6cd9250ce27e0bf50dc233c01f2269f4d3a05657705ac387e1281cb8154b4382c77b5feaef7d9d7f4c6499500f406a657f113d0cc09d438aa264c17e5e35055684713a2140b49dc90612e6df8b14f45c423236ba5581abfbb4bfbb220cf5b203e43e8d451f4026be51253faeff94eae6b9ebfa42c8af53df6840ea15774cf3a687ba2e68f20fd4da7dbddeb9139a56c757aa3ff26f5955a53728d12f8250bd1d6f11b362a19debf325af6a78dfe5b2e85ae203c6588ce1c32862de5b899c5975d6dfdb2ba4dd9adaf5b128f228bd04b1cf8dd8c03228cabf761036799bcf89a69fd6ea907d61e92462ab2b5793be99b5b6bc1d7b6d7796bef540cb6cbb0ffdd557acf075cca9bd86edfe284497317302894ac94daeee8ec77e33778de4d3d70dc1356f7925b6ec51b7fb5ff3bc514701f99c604854b598b10d2dd545b4040efd90fb4982b0b86eb6f0878303b99c57ec66fcbd428ca9fbd026256682e632c661cc79b9d70c7b22e683a34d58a9860dbb03f45c9488d1a6280d2c5d08214f42b559c3567eec8d79028431183d36c261f2a15ec260f13e9475d1bd21fd3bf284e763a0fc4d24384b42a1f89b39c245d49355199fae370527fe9e3f0af8e06ff21298d016f1b057d04bedc08af8310fa4852176889210a19267d1d25330d6b244a6caa8daba1a1477784d57dd58d15564cd378f6243c9ca78d83bb55bc71262fc3b02d5f41d44d7503cbb17200f853a95740f6ae79b724991641fe239284124f20df93fd951fe52839e30757cb6e12abc0d3292e971c060dd157a6eff731aad6dd01d618f9c895194ba2c7664ff74d5a09190fed18fb38b4aa74def33cdd1fd5b34a6f0120fdcaa3c5723cf6f530a3ce01f3e8dc2ad163528063f827c62e1e04fb6efd305878f79caacd0481414b327607c8ad5b8c0cd90aeb3452e1b409558dda3396516d44f7d37b3cf8d65660c4afcd802adc1fff75c6ef053e34be0da581499a67914ce472f0d06e2e34c4c67aef7a29bb41b017c58f2f7b2ba250a8e1760a1920a4a1271ea73631857d90323a06e74466ab0b5e1dacf0a91dd81a36470ccabdc56bcd7d8914be79f20b58d4c0dd74099703cb57c7ed900b9030b9bfc6d79d3524cd5738ca44894761074960bf7be77914a90bded2d13bfe7591bd45f8f6a0d31499462e2ca2c5eb77efe0a18283dea0221e286c2bad27c33e17ac5fede4dcb609b938eac09afba56d405a9e27b018160d89efb9b970dc0d4967616d676ae046de1a29951df08341f24be59b66ec5fd85b7a3ec05045d8c48909e0bd6ba970b8d26e4bd97090627df20bc8b5f2ac9189aa2b3ba13abedf61f7a01cd5ae108df56a43c93638aebf5c65090ca6bff7b3f8d806c4d20f268469bef46910e7e892440e6ddc1e09647552489e332a12f583636ad2c4bbc4e9303aaabfdde28b9c34234a181a5cc041cb591a81338107e31b6e4769ab80670322678547fd4bbe4b362da8d990dfd424ba2bd4b5396337ad6bf39b467c3d45afb4f0b16476d4cd5904714c06a0dbe66ec5bfd68e8fcc87d6a666a7f0d58e6527994dac424d160b549cd90db0cb9c90776922d7a9d4e8c0055324b3c06788584263ae6d628220116f09ef2aaaa39af666e25188b0f997aaa84168c3f3afe8b709688974322706a321c558d7518a607b88a74ffb3bd1b05367cd083153e0a4c69691687b72acdb823cf75539e290d1f807b952998a041f4472a3a681faabccd8d22dbea03992a238ba40cae9870effb699173b4e66e7c1deb05569d93b0a293be27e35a4e68e46e502b96b2703d5e3edfd4c5db8deb6c75c7382093499449e946534ee5cecd972068c1f9f2858f34e2bf3e1d0df36505c62778cbfed364d28a8e64777269a44c4f5c706c864643de8d953cee411e381d430bc1680693c78b874ce85f91415297eef5d96a21b6322f461000a843f5ed16b108f7b694f68c8793fd64a154db374419fd7ca03e5bdcbd5f70471b0ba649b6db83b3d29dffbecd26862964e2ebddfc9a16869dd732bc592320c27994b4ea99bd0e16bbdb783927da5b6646831c6a23a1f455e9df99d147e90c54d4e08b567552d9ebdebda8f6148fff8bf1daea7aa53cf564e9748ca74edb777d7211fabc37bab4fc3aab151202638d141fd8d037a43e263775cbebe553f35f69712ece5868a123effa877781ad002d6e95471c970ce5787113f346f58d0997990f70fdd367a98a5c3e735b53a7d654a56a911b5bf2062395f5baa5a7e8f5ab31cd2955a10b2ddbb8d9ad6883b51970e45b932ca2b8f3c45975773a1e1f90ebdcb65ffbb4e408e797dc169266384694a1be88deec5cfa0361de251f08ba61ae3dc020bc5c5861d48991ba953a9c2e28f3833735f33b2c1428b70658747a5e315532ff6d1f7b3d9499d0a87fe5ee7455dd593510ffeb874a96b766a0b60d072379f315b0ec22784cdcac92ead578bf44d549b6cc429f2064c9d6f54d280ce0f305d63b6465189ddcb6a9a5eaaa6d86b7c2751eb8fe2f059068a0d8346189833da0c584f8c200991705dfed1b43742b0c344c2baf3d91dc2f647308e8406d7a03c108281604f3c7c07a08bf0c55f8da89c9b49b185b076e07119548fdbf65336b2bf5b58e78f680ea82404ac70c554d9690edfb1721ac93238e934d173e36b5ea5bb5f5a409fb6ee17f8aa221231620a6fff1ac97c58e88be0bf1955480efa33733bf55bcd8a6577a3c38750eb04b8af1bb9fd316e5d66d492306c4c82bac2e8a50aef44c1369683daafa3f5a717f21a8aaf5ab37a77f86d41167e925953d4e5f3cbaa308af20b41d450278f8712889663d4f883541dc8573b23e686ed5b814fa1252c5597b1aac26de62a3cd655169806b65efc4774d527095b7a048a670f629cd8e0fd2b8d2f3839a075742ad09dd7dcf7b5b028be2423f2b3bb4733e9bd204e3ccec90add878c2b4533fb1027f9a70ffbb69fd9a0ff897e21fd783c40769fd83d1f6114451f0b4c0f3e27e6bf58195b3aed25efa5f5f1d5b758f44ff32b9220ce4eb3204f6d99dea8e1ca396033b4f144f3569159ea2e2ff37cf04738cfab813e9fe0f4d1522c3b11997f0c0ddff232685fcd14f4429c333786a6b7da355df1913b55a8f31e4ab78b6960bbae98c676dffcfa22c6137f71a1031ef31fc9a3d16ab341084e73e6b6db8fca53410285ccc2cc2b351524a8f7e24d256d7d4452ab82a686463741225c07871843be8bafd6dc4b2b73e9584ce3759a587b1ca3868168bbf9922328357f87bb901e23492376c5e4db72381cff13c52bf85cf74e05af1393fac60df6b21bbbff1ed0b164f05fc5529307e50b93b6ab4b00cfbfdfcc85e243712bd461d03deb6743b8075a316c5204ad78cc8081caa0e3f6da9496025cfb6e21b2409de4beea17d80d36495f6ef642ca1cbd37b01e52c748e4b00f037fc596c5f407cb1be2d6e56f56418d1752df7552693929d9cba294e7de5dee13fa000d75a1bb7073742f25512a67f1eabb5ef5363015757a0f8ba530cb3a3bf7611bebb01ba88b3609df79400eddf03799d920852111268bf50e5dadbff06b09cceca33f6b4adfcc5bcdcefa4424a1f0591c0044718186b365fdfd26773b0f0d015f2c095ee28384750cb4d3f2595ee18a50a324cdde899424916c6424fda0ff893f5eb8190b49581d0b0f0c94978575fda2e3cd3c4e39fdbc77565e5570005da1ce5dee610f44c18f497eb7665c80cd96f42ac85715d8f59300f6b8c86a92a296d5393519f02bd11a384ad1b93d02429f6b1d2b0f0c7b9218d57ea7db8031d70b54028ac7bbe333ddc295f10086662c1fcf47f349453964b8b4567cc061b69d5eb04a44c6854d3e728832bbae36b8ec864c90306bd28566017ed035bf01464b3fb425dbd580b15a247b019b1f02adcc5b1f1c8ccee6ed8a2da641affbb345c3a2326579141bbf410d658383387903fceb108edb87506d6b88c6856637b5bcffe0b6da9307ac29071662eeb31c3d72b773336f7f3236e966acd05e773cd3e56750f9b16f499ade40037eb4d8d03897ae109f990bca4b441017f5792e3c6b882c230761b55c86c77740ea530bfc583efaf3d086b77a6c277115d421cb0330333cc9a542170a2caf3ce49942fe8f51fed0d0ec995257f5ff00bb3ee2ee64911abbc4d88f034578aaeb0b4b8304627034327c733647ef053562447c681fa24a97284c50ab3d95b0d8ad1067b19c0f9d418aaf3d29b562e15c474ce8fa617e7d3438d120163cf37df2297fe04c9196705aa7136dc39862a86224a56821b6acddfedf7e42ea27dee10e8063cde70677ac1d8c55e389b69d3ba046e8c4a8cefa601fea1cfedf3845164275711dc211e6b0b035dbfd1c02c33bc9463d47ec527baf8d4a5574a440df69dfb9de0892588ef2b2f1e158f30a8dbbe5e7bcd25956bf5f7e0681d4514bc896c7034e717bb162a070df9417297d88c69345ae24d3fe3e690a4e7f1f961c7ff2e1ba22390f53a7572ce13d9ea2d21f9e7023ceaec9746874dbb18dc38336d6a15e9c05404222eb8241714bb44d6224a7200e438568f106c53d9a27f9e6a371d13a0be43d847c4d370da21cd905d95e6a63f70fa3ea383259e752d5ce608efec7e53033bcaad32eb2b868a849c690f8eb2ce25bbd6fc1e1ab3846c51c36f819dddc7d23d4df854bc915d9a6b62ded5ca9966517998adc2417912089407e975911a47bf534247a36ba2724cebb00d639c77ca39b63f394ebba85cefb6252b988ff4a7c31054415cbe7ba0cea0ed5eb824cc5e0d7c821f3d57dd76d0e1aa367ac0ecc61395adc336b79b810a67c0982a876f85e0e280fb170f5964dc332b6a82c44c99635db932af433f9073386cd8a42214f89ce5e0186f08f60c0dd88c2932d66229ffc3f43c320a78fb456e699515208020c839f659bbad9d4e116b8ed9ae4df2bdc579603b0fc381f755d62807d6496dac15e5dfcd4d9d3523d322c6c76088ac73405503df868213f2b5636bbd520ab00664da2d0ca6ee4a7783ad330f146bbe77569b3c1441e0f80c1bcaf10f810f84ca5acae58a49b8893c2bc68d8c5f6723baf970fd322a8125899619ac4d535f6d4bd5361227ceb49b7c37f75a53a4838e869e7b1f3d1f375f5de80fd2b3a8fd4b5d8398ba7846574e75b75f285dfee0080f741377c0c707fd8e72440716e6cdde0a385c5dd4d3b5fc905ccf9c63a7463896fe64ea76eba8e5767ed3364f63f62c8752123142ff42d5af1d39fb36527cb3f07e175d139ff300c5fbc13aac8e988650ec3d6749ab0d4369e2c413fd2a598acfcdf57822d7a321bdcb08d4af5712fe10a2e3ae7c760b17b1c945048796b6d7243cf95f47eda3ea3cdd3e572fad28625aa31b4ec2502230e3802f2fc1b91a8b7e2aeaef21d6b0b31e47871d651faca5cb98de369be3dd97b26a78fadbed63abc88f832d911a4a034d59811125aa7b1c98b51994ee08f4b76ff09db4515310a38db1fd7151e9b06ea24e38e3f32f352d8a1ad7b59822816f641c4a4435dc994a87564d63e5fbe82257ec81ca4813bb85cda4065930b43462721f106b3ffaee386d1dccc6a946a5769399e59b4c2d300b1b759277fec9c77ce12839ee0677b9736c1aa256b1678845d20518415c3a7ae13fb7ee5741e9dc5564b1d8216dcd10951923b64217eb2538183429bd82cffefbc16a1f7249e2d70d379e356fc1845a46fde2640acbab8e11553e4bd47fd979218b343a24f79cb28b33ff14749996609bb23e79b0dce6e21580d40f3dd88e172471c67fef4de1c41bf9ddacdc0a1b46c0d330954f5db605e4b44548f23b2ee67166faadc1936d73aa44546e93d4cd8cd301147d62a58e10f5e6ffb9c1764af2cfdc6ec1d0ca9da2248bc9f051bd2e059f7b53349367a50ada1c650eb4b41f3b88a76fd17aaf20400ee76ab6678a9b0293bb236f32d8373c9cb3027c7702216f082e58164b106c3ba098816060b3bd373b4adfa762392de2ab7d493379be41fae57ecaf245aba7118fcd171e0c0ddff2b3435bce3edb88097a7c1cce3eabea67c4bcfb64cd01198cf7a4abfa72689ea4165b9d716025d5ebb6f2425ef4481f4451ab33b0ade0a77a867247227ef7718c91a2573ccf150b5918da5559f989f5b882b288d8f6807f1fe5dce295a3eb03f6614075900087643e1ef386aa21d9f6228d50a36525ebc12aee95653bac484e6eba022b504afc64391cf17ca7c3fe30699e5f94b832eeebc637559f3fad3c1dd98b4466f493621b695eaa9a6a101d632779c5cd7e8efa335cd9bb165bfc6407fdbd2fc642b185fa411d7cbc0c7663822b122b619951b0fc843c60d14c0f02ffca1a7e7672621f41bf8a79e66367ec631f62051f83f9f5daa85fc5179a925d607466992590f1d7ccc2cacdd98a1f557c5ecab536d1b9fb6b6432d5ff460389b12631e6ddd5517c45638f961a7f91af80d837fa20b83cf4c1db95006a190d3c3584d4df7622ebd2d68fbf8af8ad0855571d109bdba028738c06f348385ab0e9f44c200ec029ce9c89fb4157b4fe88798d7d9335175b8982d9922f2d51a781f2f217087a3c66643dc35b9c0112caed19b1fff791e2807fc4cf0d38a900beb82ccb1c5ef0e71656b944e10e51ac8ca5e36922085788559022c97a794ea368133ada920be3be2a2da62c934dc201ae481ae629b229beca990f2158919e6f2f8bda4d30fadbae121b6aec10b5c3e9e40329cde1aca36b1e1bcee039535ff1be40faff10e861e6d1ab7257453f012e7b7d702f6e9661fd98b421f9e9186a429c0001645a540fb7a3282dce40bf0066ebd038217454cacc32bf97ff84c6a512e3da1859356e7c77d2eebd17481460eb807c6e7c6c4f38e34f56abdf0d15c618d20738a555640b27ddc99a40e7997e7700e483b50723d7c54c16793d0b2269a3e346f14a69e548596c5f78a98844609a8ca3794c0ce9fea4514fdaba4595790e7469e3df5d629a6783d6f6ac83f1b6e187191926d775f1068601da4ca9c4815597029aabe575d31bdb7abc0685ac401da63b32bc772106deb79b774a4a498bc5221f933c3b871d4a52d4feefa9b6ca82b6c6e28f1bad3737d2ce478ba8a42fa77fad55c8e2e55f2e7a23ac8a1db89484861289231346ee10aec61d35c134590a2fc134c6443c67d840de0372c937404815c0fe86f03daaa89e81b02d7eab0ce1810a2915f7d1174566b36d3687f8ca465c7fe09db7cfaeef47ce94d1ca9cba0187aed5fc28ab2ba99a06f107306de5f7575e48ec777acb47bd3826d2daff0ddcd46634d67c543ea25423754f08cd80809498df61b4972ab1e31672de47fbdf249db0297e87fa3480b9112f667b3060141550222c7d5ae9c72a25bc6c0fa6cd405f90f9c2cb3ce28faaed56b7b34b74685c3ae881c42c2f81ac15f4030d2a36e9ece18961e19ef3df2b7c50121ca8b3640ed4836febb3a4801c59a8efc44119c4a4539b32d2d42abb010a8e7633dc60ec5b8ba5ce4875b4a354703710be931fbb2e5f41a9ec63b3084abaf3c2a38a821bf3cea8ae4b97bb324508f1ff02560dbfb96ff43e9dea3d3fe378d8cec5dbcc971f88310d4fb880840ff99aef093e6756f0e6b10333840f22524b5c041384bdf3c788686dbbb36cb776ae275052cbb03e7e5531046ba90f9992fdefde3eb96c669681a3ebd17d852413f66740d5b32897045425e5ba65e25610a09647e13c86fbe8bfeed94e5429f86cfed4576ec00c30ead54baf25da90fc6b58fc2a0b1aa3597faa6ef0c0e1118f4f124c46028fe9b5eab90a39fac3adc02205d803cd930cdf4ae1204fea63bd60914e4b21364e4c1a3f5038c6126fdb2f6e3c2205d580beb214b5a4b7bfe3fef8f10e62dcd85509c7675fc4553aec671720509caf17d61bb5966d3fac4743497dd44adf01520152374988eec60f0cc1e2aeb8255461477a97ef961cfa538fbad100fb264fd984ab4e4af2d18268ab7c249ff71523ae6d2d590a67a732335d60ca03f2c7aba0e11f9be8922b2177304f36c97558c9d00efbe733de571381d2b8b966471cff6ee76deb1034ec3c9fc6c972fc42a264556807d75d79c518a2febc5899f08c023a1cfaa8ec4f82888b3a7db9e8732f0ebfc23881690e3cd9452abf3dce90a6394b6dd103f88fe45e3e610a02be1aad397e91ea7531e1377fd0a808fff28ed3834ea6b8a76670074de3c2d91fd334a3c31d8428966ae8ff6a4bd194fe4420494f6e96ed87034431f969b075a62ac637d0bf6379452395f0a866fdee9a1ce3787f8780ab66190c187ee7c0affeeb9a9e506dc77bb4e09b700fafc1a4ab25b9dd2e80b244e821f5e61ff50727350b64cf5031ecf2f0e1a6032c478d68579b9a484a4c13dd59aa0f86f0e7d64091096b5c0714250c96debaeb80b3e67ee672246280cfadda59c5dd59dbf46906465872c3d3ff139fa2ca041be2faa27f0a4a5a80421daf869799ca8fdec5212a1c7e0f7499b7230547154d96120b3735ed3be0f64955e0bf051d42e2d3f688ed3de08090cc8c05fee409bbbefb3042a4302c729751c5653934e39c63d8d496f9168e54917bec34284baacf40d54d001006ed365b72c822c785711233d5ad35f949cb104b139983e0543c5fce6c358ceb1e305c3ffa50c8648d90b670f1c137789ef43c4d38d54db97e713a807230715be6c605d2befa4931033a61f924d62131bea06210d60f47df5b551ee5e6f3f435c9521270d86246b82dc42eb4ce80da0bc3d3262490da5130dcb34bb06a651c919842d6415c5a8eaaa626082b9843593c0696a787edf5a9971963e5132a42e5f7b55ae5398ba5047a7692bd7ad00c58a1caf2ad8a4cab23d2241192df3ce0d61061ee71c698d01a26ee0863a2f09bee508a97b69d78405910ce3cdb81c5dc8d76fde59a67161c1787d52b28865fb1d6b8fde04c5c26a036fbbb872ece6e7889a2c613d75ca8b59f69a323290a7f764e1d4126cdedb9267202414e2a0f0ae40b0bdf7faa7e9c988bb132350af86c4abe75f5ca2ed8f564c0187b9995783d93db1c49d9c663fbe83895614a20f47c1b908705210f31321a51fd9d93caa60a8a6db28c87ffe16dd6bbf4d1aac37fdf64d0b0da771b97116d3dc4a86de6805dc170df0a2a6377a35f9d886ec312e4619b11f2d871d16a4690cff6e6bb5c3bb2f8e64819fd5a108ba8fd65c32e5baa8abbc2bf35603dc0e5f4a70365570d777ca39b8579ffdf0c83951a208df5b0c5191c10a78c2991f41683633b684ed71550c099c03a788732c8e0c63023a9f2945f4c86bfceb5547f115402a4a7d5b14bb6621ccd68637691f70ca3ac1c34fc27dc377065c543c73866d5ee1e1f3f98fa5b2e4d0e9ab9d16a3ac592e8bb3ee593d17ada03514a78b20d4cfea5997b30c7872b8454974f34608d0bd1f6e6327d9bfeb935669cbcb8b62ddb692f76f0c031b99a7e3f344310f08d0fd4c96d4dcb6810db48a5784aa56284b4540f5fe358fe5ee5d77d2ad7308b29663acc00866a0aa07e2e5cc1e1f9214039b2904492bd6be1731ebd9aa4376255a92f25fd33a8a3dfa21c5b407b446ec758a36d5ef49b6685b37bc1c2e5659f6445dbc6d2658074115ea452182a6c92c9e9b2f5feeac541b6af6074a0622cb597f60a3dffce645c0e08e9a91e5d34255ff8b789e12c003a605e8da55e9d44d0ef8989b38d420a5a61f86e348fd21e3c5b1f9356ec8668c6c01b37fe538e02508f58cec9eb5881671c04b4941610a7c49fd0878d2ffd30ee16ed3a51d5c03e6c1e6fdc9e3a93ca030afac87f86db395f98540cb25817c0750fbd323cca44722a3a78b993fc90a07ca09761ce3b1945aa4552195761f0368289a1c657c4ae4e56b29807c86f660d8caa44ac0adabdc0a07389563a4ea5d535d710811baeaf5b22e32d62a5e3d4ba1e41aecdd98ff95e0f04aa182969a54e18042d53bd193eff327f09e8279b4f3fd6f5c6a0d70f16af4b307bc91df6c334b580d8fd56509ab1e3924dd17a12a37e3412c38ad1e8f2df6e835479749ad3622016b8d85d30f10ab1560f039672bf98b73b1f33b0d257bd70deaf8a2b025bd12203b7ecfaad1ffd7100ade4d17a752fdc2e417013af5a01df3be3bb1ce4c017370b7b9175f9a4e141ec4480f52e5d16c393f3251d1ef9f18be945a19ebac04ad730b273f55a0384867e8c929808d2fe314204d35dff0cf99445d67f1d2926769dac2fa54d4e9dcef92772a873c104b877a09b2a21d70496ffbdb2e07b46c50e8268df21f42f049b9b002e470d21533359da27467b3ead5fd16568e57cf234ea265a785af3d39ba9770f2559b0d3ce1e3851d71b927df0a2a96a27ec8336047fecdcbfec8b466c364e9960c47ad747404d9795f38ef67b85f71dbe456e39f9c3db961637af82734158e76c813431750c156dcbbd58ed35068c32198cd500dcbc7e71d6cba60ba37fef3e309ad783f958bcf47e081a077091c2672699047e8f0aa79e5d2a670b888fb1106f81a13431aa13e67158115bffcb94cc504095fa2e256653570f5f79e9363d32de0bfb7758e4c6c041d4766c5d342c2ea224507ada7695f6c42d4ee4df7059d4757878bc526f115988b975c51b3a31ee2cf308e9d5216dd9dca78558489c09bfbb4b4d82b2256226d2547577fc831c8b718154244ac1c425d0487199a48513f9dc81d03cf635aa9b106d80094ac28bda33e6a11f9a57122f93295fee86addd25df35368acca2a70512e14e42bd021c916b94aa1fb2f5e801387e4393503fbd8c416c9c0561dc7f0edcd83e2ec8c3b006e5b1e719aad8972dfbc7ecf01bdc55682e606cf9abb1bb8ea400c8f45a8304b4b9d80f44c2a247891549d9713c12d5d127c8843287052383b14cfef6e94294111ca095eec495cbc1a9905f0b49f6ae8c1d0c29e0caeeceb0f5040d2f2b1a7f115eeee2cf8cb452673a688c939c66798dcb8425cd691ba3e94b3f79e84b72221ed8ba93cc41cd521ee3bc65d8c277ef0984566bbfa86a8d97939a04189b406fa174f76199cbcb3bd6c7ad27790092376c0b5dc659e9328e3076b8452ec164d56432bb22afc185989576bf29abdd2345bbc40db0deb126d10604706f7d37a03b6a8b2cdb23b42a5f49a2e3adeca6b866aa5bddc48d815524ba7a0d30da01e2d08d655fe53558c5b2d24752c2d75b982a21d6af9d115aa3341724c999c2d397ec725e361fdfb9cd5bd38705fddc175fe2442e4f1e2077a6d4b02a9a8cc11089cdad7c5b6af55189633dfee5c05d6ab12a7cdac70a5099b3639a8f29159c59cea2343e724d11501114c3ec29b098599b1f3d2bb9fc150116f858f138f4c6f358f9ed72e8d52922eb68b3bdc691af838562fbefbd9987cb188a8f219e99dc24292e0303cdb807f86b3c2702ac0a0594ea9ae7d260e4812568bc9e7ab02441b366f962d71b2b5b507347c199dc3e3330ebda6579c9441eb9dd185635f2e38bf512d59a6da4f74b4c26624234054ae5a644ebdad604f9df26a51e870542bc2e66d437bc9d461a52ab83d12d4cdcc716e4b14b6c9c161b972895a13f6bce43c086e96f29dcf4a9de113dac8c5f5d9ebb8944229f7aba636d916ef02f45cb9a37af57e31b0263648598de8b382bd90237a45fdac6e09b6e99394451cc8fb15f8b6a99c9cb9a5b19218111e9dc3c659ba261f2470e713af919c2ef2f2f50f35065aeed83324b00dd32efd4bff32bb1878e8e0a4513c3e1e4792034ae1c8dc3ddafa15a4676ada3184324755ab69af6c9dd27a80b5ffa795bfc701db13d810d49215fa25ecb874b136cc2e2342d7e8aa4b2bb1a7694ae79552c1325a1bbeb03233574bb8f14fbd1a03f85644e46c7da1acbccecd2dec338fd0ce61ecb71aa39c80ed6105eac27d6ea5f54603329b34ac9b9e9307ff098a1afc2ce314fb817dec6ba53f6fcfdea19381ff1b9e8d046d66a759525abcbd23772f76f98409ce0537bd3eecf4ea38ffe0b966fa6ae4bd13888e98a0f81687cf9726d8f80a25beedcb1efab2efa417f382c12e27415b5842957facc160333f1a8b1fa4d7da6e1c2a4a0a835cf5c97e6d2d5ec70015c638524a8d36ef1bf1728c577950374304d5c96aa8273b1034644d018cd2928961ec06bf368f58133ee9a2aaeda72bf191665a6b6894b39dda5c995ea5d95969769ac0d9e0355624c553240989387ae013d55dc071e4745e01cc329b19b5bcbb03bfbcacbde673c89358fdbfe62f2e76d47e6c855d379ca62e75749b8726df5d018b33f29482f90f370fc161222c66b771222eb528252a98a405b1105f19f6820fbd399b048f0309e5c182fb35f15acb99d11fe1dd0ecfd4b19730d040e2cc1ea6760f55082efcbf4883f9cb4c52812c1ce675643a830223fa7929d9facd35816b4acfc400ea89f8094d11350f87e07c4720e86d464e496ed3f873fed1003d7070d45c9fa2befe0964aff857e9a36842df11614107835e5d443f594b9adfc89d495c1e8f1d03056ea7137326711fe1af0fa179153cce6b2d33f71289e70d50fd911433cd401e0e8106a97d7ed18eeaba9ea8fc47ead11418740ce8e31a8595d94c3f40907e237973c66fdbe435d7818026df70095f5fc27fec204152087815ef037e55df405a7a05642a68bd89a27553bd7a5676a4c161b585e62c04efe38a2ddf143d1a6278e63b05ce950adb881000233f1b04fc890a636e423c14d062e1cb45343c9cf1a36b1713670377de4611d8f283b261e65e12955b4df30537834c6ed604e6df0af60452a79cf8f1b1eea4e9d3abf7915aad3c4378652afc35ace51a2017f9d9374ca54911538b618c8cc844bbce1269c6232bee59f9d844af251a7cc0ccfaef6cab67416cd2265cee91af20c1f7f09fea6f0d382f5293ef69d28ab219c2d359c597cb0a0150690bafe0614a6e48375bdfe5544497189f9f7e90931f54e9bc3e32e4aab13b685f1b7813b55459bc050b957d531e931ce0eef1da61696b32c413e7dd3cd2788490b005fc7f7b822390e98dfb8fdaf264c169f55ce2a9b637db1bca4e73c531bf128be6300e3bec08e938b81a4c9063e7102d2919cd0550a251136e1792bde90d23de60db07ddaf40541c4ab7672246a31fe4052bca66855eeb63ca9c573509d5645dd9bcf702e61c7b34bd522e2650fe5b990a29d4a6e29e1e23a269ac891d8f2ae141eff0cc67faf938e8391c451f89e76e9547cbb9cfc6af53b3bf8bcf96b6227bc9dcd15167c56b0088c7a611b9ef80914de3f9c11e51147f1abb04d5d3b2a034352e6d7af3c97b4d15361f0d9e54ec095f8e856f9f340bfac94caf62fbf2d2bdd227c58273bd92edcf80c79ba729b34ffb696dac27b4c0cbcd20dff95ff167c68c8301a7cffeaa829e2a3f0392bbdcd3a9165910a287d151fb639b08dd5357ae854a3bd07236e8c98a2581aca9d3d0c9bce72d47f9cdb72d7a1e1a5c4149231c4fbf9a0d202544f45367a4be1bb3b3279f97e1ac75db4cb535f68d0816e5c033131638e6e90edc52682fb09048e955eabd73d77eeab014baf40fdb1479cd6a6b906ed5740b3359e80f7123b5ab5e08ed5b18e3e80ab5675ab376c97b97845087ae757459169580625690c290f02eb46b266efb018f02d80d60ef405bb152eb5b99289ce77e520af155c66d26d523dbb6a28548145a8e04bc8be385250bf056e72c3782da53f3088856baecb76dec385bd3706f700eac873dce9a4031d33f7ac8e61d9d6f17f0bfa9feafe573e6e830bd415c51715ffa3222dac0fc770d7e1716f0acdacb55b0b2aad274416d1081204a4febcbd658ae05079f3b671e3c9fd3b488e420ce6bf8b157b01b04cb9e1a0ef3925b621b5191a190ee2c54461fec3a7617c36159b4b452defeefe16bf04a8804f4c068cc71500cd2fa5cd9694d520b6e8f70340ee72a9e1e042519fd2bbba8ae4cf7dff12866a5a81217a85c29c1415727f74f98783053e27d185d21ee04faa11b4b8b72110cb10a16845237eeba0925668710a2da63259ff8002abf31ba8d811316a7b560165af72a4f1404d05c9f3affcc6b3cb22d1e0ef4df3ade11bb61da7f9603be21ecbf2cf6a32ca556a9afaadd68caa662d7296ce8a93351bc50fa6e635f04d1b3a6ea086aa327b31c4bfbcc0be84761672d8cc0e65988dafbfc2203839ea31d7995c498d638549475a778c7c905a098e8bbab590c1bf94deee4ce447466c9325a7e8e7940f3ad5e39a2e0bf96cbe9c2cc2314ca344fdaeeacd3f5dbcdb7b52d74fde734f2c17b3f402eba5b18a81b81b13b4c58e93c1397d605beb4a16d6a1f72ad970c1557aca30384f71b81031dff528301a1b7eb7dd177d58696bc3449611a544683aa81469deaf5fe87cf7e0d5096cf1c7992fc89387472d1fcc41958dbaf98f8337ca1836769eb3caa42c0fb764b9137e350cdc359767119e9f82e3232785d8817bc02fd18e62f4275c406a46d6d74f652d22c36a61a1752a99ef298ab0b8355f38347e9eb8510757294c0759455277a0217a81223dbe239432836cecff4f272e39ff2bacd2c95df3ec6919e76f4a3c9303935e346b7821c29ac908465e007249ba4955b11ed1f438a6ae0810a905b1465c57d3d7050b70c5e02a24f43b97f9414c2dae294aba841ff4da539bd878e0faaebf03619d18ffd6dc4aaa975aee5d48bbf8ec6155b4671f6dfddbb6b01a239ba4a8ab9f8a71ada003e0d91eed46bc86efcd35355cfa371729c872e5e10033b04d30de7fad32b7094a7b0308d77fb4fa972ba0559aa52d59859cf20571dc5e43e6d9c4b6ed93bca582093ceaabb7299d7d394d75ce35ce8c036f7b5451e94f32b3ed8798496885791dc0d7c3c890f2126822515860404818d227ecc12f3a877073037823efe7b78cff5ff7961da936be38df134300510860f3882c5ca41e67802e04af424e479f012aa0c80d502294e3b81841dbe06ef6118c81c88ad6550a03ea946cb8d574a89d7b24db282c3f2c96e86cbddab4e0b946e1b20667531ef7c40fc32dbc105f47fded31cf1431a17d1e78734aaa461e36eb211c23f04c60f5aee70f136263df2fa8837f42ae8f9cb5b15506c5d0d2f8ad93bfefe2307682510b913a050166f69abee5b0b034007aed1a86a6e9ae587cf0033083304309125622bd79251979b565f3992fb05e2edece759142a2201eb55b34b0ab62b4217d2973e92f44fff4d6f37d6f0d5b40706112988a48bc81e9b7c7a52ae147a82793a7624552887072d8f079b3e2be867d3f6871172ab61577450333374a2d86b7b1fd4471a130f9accb10cd5e5fcd6be3990fec33ff7a7e11774389ef16fff11da532ffea1d4339c73fff420abfdeb5cc0648bce8e1780e5a03c163046c71f4db83f069302bf41b2b036c041f4e00ccd120f0b5ec683ccccfbcbe5dd928fbc6b6de0fd4f98d66e9080ac1463ea8be57bf81f90efcbc8147d3d2f99ff311410086a39a0b3dc75c993855b760c39e7f91d93ae85c9ec373358db3575067c93067e117a1876d6ff55f37e93cd5e9466d81ce76a6cada9c692640f0192715ad5671596b4e141b4a04017e1ef2a88ee6c59e9fa5296903e3b37dc83920f3217b2f6ccb11dc470ea4c0d6b03d9220a7ea2d7dc675565a1c86439c4221f3b43ffe55505e18a539fcb3b5b54e21b3a583d5392b5eb0e82a325898853ab8cd5c1deea5060c159e0ed6df1abfc246481aa0a7fb419c8ceb0cf5aae8a045be7a85b946f82dfa3945fd265e300f15af8a6c4679991ef087c3b5b55761b641d8725e9fea6c8dc2f4f037ba808895c9a4dabceed1ea9837a50c4baa0ab99ec1083e850a00094e8351c2a3a9e32ba852f92adc2d03cfba2b1ad8ce1c6c2e9ddc78f8b5f68d9d466d81c82f61759f348b42f63ad3cbdf672ac3396d1049338d320971632ec04d93864b544c2b31fafbc33733185c21b2ba65adc574561f351adcca1d9cd1fba81866dab67b9833ba983cfd421b2a8045c152252846050d55bebb9c99197c407fc4debaf1ffeee61eb681e4cc11315748881cd240d440f2c72b5d90d25ad78b30036be7b62ba0d529622862167137b2712708a0796bc8df5bb9b2043b38fbecd1cabb2141a0c0a29cdacf2e5af41d521864199ad5f6caecd31766006a46707ba5a9d207cafcb2dbb966b1f1bfa5a6c784f1c5f975edaea481b6275421664bdda98afdbc0bc50d2c108f24942b89e18dfbab398757c2747c4f4ebe3f8a92f5540a4acaba72edeeb96bc0352c8d322dbc57b0891389c648fbce4ec454b02c0bbcbea133ccbc92004604a163b5c1679e7fe1d39ef4640267eac4c27b35ea04648ef0030de334af38e8f2cd3f55d94137d34b5cc776c55c6aae5831c9c807ef6089ec01a86d634ad2f62e5a760833a39db68ef9670e02151400b7b30faae992df36f8c2037297cdde80a5f433e449c604d5d25aecd1451ccb993c4fab807d1034998f03d0f308a3292a577b9e971dcf5ac619c58d10d0fcef4ae7dcfd8b434c63f656526837694c10f0362545c38c011de1b843a7cc16da2d14366f0f7d989ccb76e764d112f9aa3d05ef32a38a0556d6bc5a2a3cb4af271eeaf6ed8df634a976f3db38d52853608d06367fe3182d5b32d0fbabacb8f2c537f5ef1319319f820e63d68597fd3287fd8df3023be9c6a7e1f88848f76736227047da18aac3f743d4fd5bb130e2dca0f99145abc72412e2535f73fde27aaa7c0f6b763a3ecc1689faf3a973f5debcba05d2e42ae6609fffe9c954467150cf0970e6a23b16e9d1a371e8701d73e22013cb4a80a7fefc43d4bead203e243696550b3b5941e08acb5830c9e24d135c714d5795e9b0baa2a26938896f31aec3f31199e35e5f942f00ae6c511d40295d5039eb352d4433171878d9c38029d93b43432c45d6309f402dec628deb52637d3f979048f5d607eae40b7119dddd614cf2ba001c7902a9b93699b084e9691abbdfecc96c795ad290f903705466ef9871c9a038d335077bdb478071b900a08b1459851cfd24348790733f6823b25805b5d78ef423cd47fbe84cd68e469d17440e84b72ce05d23e70a713741e47146d32d3c2f9f416546c2ccb0b348ac82dbfcda5788478c64dbccffc9398270ad6a9df00d57286f013c7e02c1ba246d185be9c42b08c2bb52b16826c4d0eb372b5f489de5ef6bf14817c2e47f39617c38712e946c0c6a224ac0276317bdc7871970640255def53be067ab2013df8f0a4483cb365235f19a35c452aaa89a95ddff8ecc804edd4721a50bf9a0509eb17dfc2d4ce6267312d2b6caafaaab487e5fb4c3e2fb56ca64e233f21aba3850b2e81e9e2c05dd4792b88eee06572b9b4f84ea40af3fb3ca35c6d28a2e4247ddadffbc0efdccc57a36f17f97666fe4ffb9bf5d8210b678faf1843fedd12faf7f3d48b54b76b1a6e1635d4ed7d3b4a30bf316ea3766461ac41bab9a807159d81253396699bb2a6e5e605876daf6f415d53a1d26b8ad3812470317655e448d0e374cb4cc6593e7463389002da795a97f70f1439f597aa331ef47cbc7090be7f69c45da41777950567b233560a34c7b4dc4a5b546c050ef29e098d754ab563271301eb95a4e6ed4dc60f096009f6c0045c3dda4e7100a527d95df9c3637644c261c904a4b772bd21b7e329d0eff38c814cdf0f765506a20582ca23002f21d2f8752b82f87eee0ae3bf6501204adb6b537f0c04def5b071ab21b49174b0080cd6701e4ccf3ad3b1da4772eb933b8412e8b466f071d2e0fda8cc6c9f154cba1353baad83e39e1765f51d68df3a5b196857d6b9e9bbce5699228d26e9d23352eefb5165c7922fbc25d33d2ffbe0c97a50063f8b2c43b7ded9ae64907b0005532c63aed914e45acbf8d6248741fbb570f03225e034e6fdf3802e3356feb187eca7367bf49d70260b06eb9f2127cea9ef7f98d97f3e85aa1e6207e364de58e8edd04f1e5d126ac1b6553afb1db88c1e3c8aee16e603375cfc7762f8423cb4b1d242daf3e8aaa8b53cf63ee98e5e23005bf462194ce905acc85b18809f2ef73e099add1f4f46dc2318e0c804b24ca719a8c603fd55c69bf676056098261b4258de4ddd2ae9601755fb9620dd8b3a797f568cd719260285316ce0d0ea16a11ac74a98247518aa610465e8ee3cb104bc49ccfae27814e822089c94609cae2f59f5b7310c0093e54f002080c0f13d5322a3927fc56135c80d1de1f6c7c63d1630428166d550d0cd63f9ed74d79977af6d89b8054fc3692d1216431a199e5fe2cc4ea2e486f350897d81354c997166c0da4a484d8cce8283bcf877cd12dae373d96d3f159233246f156ba9cf53e9cda5ac3258f5cde03dad11f2edef46632615adf5965f216f2bf2fa3ed31a120a60c4fb08603d0226f445e5f0c0ea9f8a4481a1750b5d6e092ab3987f2dca0e01972affd959fc68c41a48a23809c154c9e3ce5f453a5753e3a635f91ba01fb3c0f996724a2fc7db2fb19445b499073a2f663ff1b716670182c601bbcb450af70a1b0761e7102f20a0d4c3f837505153eef1e2a57bcecd93ca8ccd4ef81f635d7836d2770266aa94a5dea30cc9bcf4019e04bf9bf8147cd8424f0231bb49fc9b98feb4871fe73a5c29e1b156742d4615d479739ac65bfe7e59ab09292680a7abf958b18f7d2f5b6593c4a752263f5076c322adcfab6c02e298392006fb55880bde80fe85e920feeb4de7c227a974ee08c3d1b262ba84f55b879137fb3e3ec6ae9a9380903d3f7634b25933aa71d687015a557270ff30a107898dd2a6031ee41b16f9c43a0451ffa31a3d9c50c568d2374af8784e70da42c608798c81643afb2cc7bfbe811cdbe497252a67e03b95c5016009af9bf6e91fb351222e4b6576bc3419f935ba32fc7a021c16690544b13332a5e748b911129ee8dec784d9b6f68ff207c1160559b5b5769b4b12bdd0389a02fbf6931b22f25dfb5e512d1730f70051ddc46ebaf9de8be44c9a060c61fccc77ccbe8e35a583fe8bdee3dd02109134b05f4736ff45a25ff09b46891cdc2bf2aeda2c10a2f68cfd380b711fd733e5ed745f6378b0bb6f8e21dd90a72aa2d49c308f22d4454aea7ed9b2cbf4d2f0f78c6b67e3cdb79a8295dbe19a46e818180bf51ad2054aa2e16914af40439e0147c9e1d427152d37848b0fbd32fb6bc6025b862ce2614963e2d8e87c471aa1a4c9de60173624ad5d38297b4cbf2bd7f34542a71d17e339c3f46294625a5e689051250f7d575e0e52ea011e701399c23a893bc5e7cd8d50327dde95574d71d4410faae69287d4448dd235f26b6676812c08bef8c835afafc54699808c3721e1b60cde96e0655fe7b6847a9ee8a7b908cefac1a559cb51347a079ba9b060dc462ba330f64483b144271a2340402e9af2860d0d17074eee3c58b007caab0fa3bef8aacd19f9c74411b079d01ded5e037859d87e1b661ee4b266d1ea56c516a914be52fc065d7ce567e7402454efb4285d6965587c88ad876963b7f16693f4a55087b319c7743fe515f6b1b9b11a9c18f27ed247973f508f27b11cf7c2c9bc16078981d7a34c0d5e4d3f58e4d6974edf8c86cb2f53d497aff500f2230343d33468f7de1251a6c8e8467fac7d891802139e7fa587801d2c89c124b109adc0dd19735b4522cc492a9e498c611952406ba636eff37b5dbe5461eb5a68ec5d063399b67247ec3efb229677b242e883d1983b5db54d88d8113f261d57822031e856a3a45acbe1cf1614cb2a63461e8ddd12d7e2320a001ecf15ac6d7daf528f1a8797a305c223fc56af3d3f6f9d1febef0a327d88fdbda5d09f5c247ae0e161e3aa9060994751dad0178ca19646b21d98165a1a78fcc13d970f0bbbbeb45f545d43663a866d60cda05237dfbf67c7807107e4ed1e286aec7bfc673f6a70c2a2cba70d65b0fa1c2a9d73d751ca2a7e249d722164bfa6a0c12b41b2f9fc9141caab68a8dbc6dd725213fcd794b533a07b686472e2f2833e5e9b77e9fe7f0903437c7271611db37320a417bbb30ad3c8ffec403a676ed2e87f7a1bb85dbcfbbd7d2bca732eb848853e45a3bab617972b82f05ec6ae974f82f19ab7dbc274f882e9df430bddecd9a662f322f2600556eae17a4e9eb2684b27b75e128ce4f873bddee033aceea72fcf68176c94ae54efd362df6d2f1835abc9cc73a5ff72cf9d7789b4c9e4df91a20f3fe19da2352c252086e0b0b6190881a3878464bfcb3d38d114d17f5c493c18c3139aa96bd8a40ff328e203b24de4a4228bd46542fe644b1007b4ea77a1e562afc444f1dfd3a2c39f88cc1698a2e9c847ef9a113669615e86f32249cde5687f17bb60ff0f45d76591ee4246872710e0829c84e6db60f4e967ad56bef3e07abd3ff4d152e7da68e7c5631381649918f2fd498f476927337855edc1902c900424f26f2c0486440c759507547ad604765090067f1344a2c8beb87f7a6e5dd66872fd4df97c17ce74ef59e5f91336f5b5abb4beaf7f5760c325402aa19517e9b30bf00990bd04a6c9d9badd99ba586a0afddd44675ef6c6fd71f1c94920d8ad26e70b154970b84bc8183d8c84278c6fdafa703de961ebcf35af61e36cedd870095669ba1a73db5b321ebf6b4999793a65ec31d2fa6f6a4276c64a3c9bddd9cb2eae37de38ab606329002cf1eeeb45b88164c1ae5c084164899415bd07aaff6fcd22186d99474062708b95ee0fa9d6595c8bab98c17adc4c0d5ab1099904053c4b9bde98e74f2ffe68f8882bf1936310cf1ef47896c78ddf2d4ed8927d1b17684f2c5409a575234dd7b4f4f3d12a8c6322a9c55a861d2161bc15d82e927877399a2f0f9b41963239ad326709e0a2fc602f70a1d8e706eb161fd6419204ad8a2b5a3fb75ee128f5bd1141cfcce9b5448aff68696f106a66c61d6a4f8d126f1eecb9e231e7ef8ce331461f6ba31f4cb73e8a05869dfe29b069cef0a9c1c8e484c545ca48a5707d116bc4e3cfb1520a721830c9dd01962e64ffbb22ea3e229d1349731f22b26983957652fec8f080d7626918e1b490b833826d63e6b3ff20191b8510525e0cb2dcabc55b975e6e82870de18bc98d4b2639b455b1b88191657cd58fb531eb70fe5194eb8656be3f37a2312b483d121f2c7570ebd0229e3de11df78941c81a7bab08eda44fbfd33fcaecb7f520c1fb847f310eddb5d7cf7f99fbadee5401a160658fc332e2b824d0de5ada1aa743f1f06644174d5cc6e11366fd8b9d1789ac5b9523235782635f7f9a8edd54aa82e0e7f68d454023a30aea585a10918e7521b7516140ad0dd374c60fe608b94f188efa7a64057cb70f7c9fcbc2693607a9e34678371c86ea885f33f22877053a4e8a210e4c97f4e7c260e61ac961d47049283a422d06ba69a6e651e419e8dd4653848dcdf9e137dc21d3b7ac8da6a8dfa65f944357361d997b85583478b7cddc52da15d2bd31dc1406aa5cd997e8405b1ab20106f9ce4a2c146228fc8ea3f9077b0131ca9232d1ed70ab5ebc853410287556d5cca728ed9fffd837db1b37f304fd5d0f62950fbc06c09caa1371fcb1f7694637cb08be807688af60638b209f25cf7938c1e793c91dca14bbd58c53130a1231a3b5fa8717cee61e4be4a2001c83ae220a94437bba0e2057c188b2013ae983707af363debd17ae17ef1c84398dbd16ab74a7b3d0be60b5383f0028e1f097c201d3e897e82bc2bd7f69932a2d1f03395f6faeda3dba0186515359cb1912e10936602f089e4589c32496b0ebfeaaaa0b94d41164d52702a5093fe06c7c850d7cf5af138f6cb9a2084d77ded71a5f88235d1443ebb1eac0dbe56486954ce0e21e0ebfccf9979770b57b6cdaf6433d3acc98cd7515031b794213007f0f1696b00f63bde77a56c3cd81e250916982a38b21bde3c32698c0fcbc43b512239ac6612c123d157fb3ba5c9108ee0054a7ea396291273a4c08ae49ae3c8479c6d5547debaca54c1d776d19120474eec6ebccaa2abfcf25bca64c3070d796669872fd51c3be334fc0ea297736df42d1d2bb5782f1030a3dece0e9c23f87cc769697db127414769f8842919a8cc469fb73fa6bb9b8eb6c270af96aa64712e9456840797fcb708f58f5cf38b81c16040a669c912f4083aac2660c612f737aa690c3de4faad07793b22bd689469d476534f0025ae6b3144d2f8e82839cf5a90fde44738f179fca8b4041dd34fb423bd4b63c83c50a16235f54e404dcad88682a27fff8c16e498ede0dc6725d420a46bb66aff82a6532db7c5da0fee774c2737e186eacb6f558f905722fd779a01cbf93051f03f83081ded99f1bfd8de2ba8822e8d7d23935352c2bc8fee6c5e540040743b74c091d0a69da83f5630787ce582d17ecba586dd59bf0be30fb3ce3f79a662272a72447ef7d5c49b649497af6148428879eba1b21241141834ac9271571a9ccd2a6238ad27a22c65c7717079997367cf1a9f8ec50789cec66baa673725ee34a9b2e8a97f3c60b59dab2cb8e14271a5df2dbaaf698476a85a60e5d39cbb69ebf6a87418c5a190f38f3a481457a4091d26a589d278dfd61e95bbe1241be7fc7958c9f53a6943d145a481d3cf9e072215236f6d26c1b949a5a1986574f33ed8015bb687d8f548f137c7367fc527b777d5a81ab7de8c2e2cc5d1986421aa0aae647a7aca4766bc3a781fc58984fe059592ee864dae3d3803ddefadcedf06a162bc43d01cdc589b3c21ae78488802851d149750baeec1cbf17b286be0d339de142726469f1314c352c57b71c2ac6c7108b82a8e48ee8feef8b7d28087f414939579c4d67aad401a31d33f71215144b45b99b3a46628e4c3854b6b6dd45745696c71ff6a7935fadc5becc0274f479a2941a20e45ccecf6ce442002f6ee2eed2cb9887f6e2e189f8532ba774a933b198273c3621eaaf6bd2ed288bf666804101eb86aff0632fff4afa84af52cb7f41002e3c316aa7c7de23d6c05b030be914c115979a9385687da45d301cc583e618cf4e3a29c83cdbb6207378579aa0ddad71fdcba3c1154215c05618d0e5061c09054a9992e59db4d1d314ce04660a6a1d39fd5e2ed02c81256792528e11559864385bf11aa74f17b08631dc6272f4b848da0e0e96215294b3c9f705bbce83fa4901a042f8515ef3368976a30a57fcf0611f873c767c76deaf27a5a5fe4accfdacf90695d9d38f053b9b2ab3a95dc3a9706ccc26b9693d89be2dff2c6455568fc37644423559356e1a90de208b54c616129bea52675fbaf95c4391513dd7f035cb972abc2e398f01cb45c285dd0ba5521012402a5abf3094f256cd25916fe180626d390e3410532d43790f771922afb1053a36f3f0b626560d3fd11affa225b49d4385e4c27dac211cdd2428b81a963e309f27da30deac4257abcb6b2f8e02243d905f12246abb0d8103ba69fa6b00ff0d2d475267af8d3b9b311d43602d1ba5e56ad65d2ce60391a780bcf8b92c60246a6d509a8db4f45622918f4695cf28f50aaa9f6fce4eebee11299d527969110bb3a6dc6e642fee3f2d2142d10676ded699e3d682c8e9389ed673140bc7840c492d5fdb738e6ebd432bb4b0c73792e90afa5544affdd4fdf204a743356a1191d4eb7946d6e8ed45e01cd2f5bf0d7d9258c6d908df060759e313fa3c68dd8493c1c7472c3e7fb5db16aef1b188fe57cc736f53f9364e18407cf4026bb25e7518cbffb96295b061757dcbe6ba27759a1e5b8088448fafe47df2bb1230372907d5025e2a74af14cc4e952ff8b3d6d11dc5f7489eb3a082ac57e8438495561deaaba9b02eb556c200541632981db7a1a5d776aaabe3a061a4e5d4c8c71bf9202d74954f49292e059ca071d32c50ce3b6bac4f9f21220c0cb04e41edbf9af18603f205ce29ad7557ba6808ea6fdfa7c913b5578de9b3801bb162aa97efa6897939a19f6a043604b8b1aa0f206c5aef1487db9d18896accbc1ef729f09734250f052193f6b0bd8c9908e7ec6d348862f805db7ccd2759915215c65b4d58d21318e7fcb7dd04abccf16c625161b8a9b90aab82be9544ab31df953d5c89795f96b0d50e908308915cf4daa673c2129f6cc13cf3f1c42f334cc31460e0a1038ef649e40362c0ed3a30c98672cc280bb498194c703db0d1490c9fcb9ca231401244d52b98f2373bfc2c4f3d330ec77145bb95fd9e9c28712a62922852cb6fa483528150c2c45de4b96dedb464db758dc7393149bb5fc4bdf938a95f8a3a95b19fa35790b95c468cac93063235c61135e5268b818ef101409d91b3383a564264ad7f047ac419d47c59c1a429b3dc07b0776e75343abc96e43a701023139fe6a5450b5ddd56857cae912bf0d8944fc21ea01b9f4d3d9ffbc05e15e381004abfb27218bdad870e8310bfaea0bdabd4ea5ba5e35846b43f5e84688c7e8271eeae05119c5e029bf73bc5389e0bc72420ec5d92543c4e36eceac8acadf2e5569e3942af997ac859897443184910f41e466dd7bc1d357ce0476f967232f7542a74049a78b4ed58237c6c5f1781b3a521902ab2af33a2db250d6da7df52c44e5a0c0ab2bb6c2d0d365b10a24ada15ac4c8da08c73cc6cd41342fec4b1136b3bed62ce4a248780038118b94a03b863524301d52bf71453ff1dc08e5b4bb350bd084b27c7fe2fd3acea9e22c1a7a3f68303e5a834252c582dea8e19f99418a26b31b035755057eee13923c33102abefa2536cb40bcb2bb6ee3901b253acff4b811235e202ca463f487f8414cd4fcc44596dba2f7d1b8237892fa91a6ca9e43b454c61f320a30bb87aa37bf561637f19c2d5662b3def6eaa4c79eef1116c327b593c22914593b94c0b995cd47620ea70df2f4e82f0b0bc3b85261525668caa3fdd1f7e9d24d5c8351557599268518ef49675a7bd89e9dd17b7a614b9e46176c1f354f1f463e41650bc6df61c798723c0a7f9522d0e302b003ddf58da86028a27a2ce2eb8c23f3f583bc710b21abb41b5fac9e043862820a8690d719606b94819543ffb6b3f7ab1c25a96ce26b57a8f4420af3c2a7cc9180b15baf513ba86f2cc4a0372ee6bd06aa51c790f2b0ad8c76742364b66974dc74ca1bc9089aea12dcb472eec3c8f8032354cc251f9626ee01e80d210ff8fc2b17f415a5c28ba0a7e44b5c956a34fe4fe2a05afc6b802e1dbe51aa0d332c24340bc358216945d34c61cf3699b373033504b6bd60b2823c50b366538a398515e20269789dbcec4f0a86db633b8808be2b493f7ccd7ba0831d6511e53b93168539481167cacb7a60fb4bdc8836f2980a8b5a18ff14ae9c6197edb41b12e562a744bca1417ac4d6b9fb18852a2f20877fe49d46074a530039326dbff34dc4c8d84ce7bb295222cbde9151e514fa13dd4e2f0a5496d0f8a2ee57abeac84809c1532eff31a237bc16b7d2d9d89b81856e8cc14402c081220cd95a24b383f3449f9ae4f5443e2d0022c8a4ac2fd4002075de8e886b880ea7413e0d2d94df2824c0e80e460e847b4ce9efd11d6d2e327be0670359cd3e08289216d2d442feb73361f2f193de23e496ecd8812fe8298cd7fb52ab7d463c17b7f415584dee485bb85134359c9570801c2867e573b3e3bba13f2e8637d94f8b00d7c29273961ec4fe0abc335caf0bd8ed9030640137a8689e69f557f8e8eec42f9da88d22a7a1cf3c2badd64662c191bd122d8a529126905ceb5c34b0bc6f3590ad2657b96442fbe25865c56e2866268ef34d0ed55131ac95c8c7c4867e3ec0805595518c3cdb5baab6dc91bea4b95c7352e81cf26b5bfdf7b601438bb3d6193f7b1415eae87ff705a5e49ffe6b3d77d207210bbe5f1451f49d5882bb994ed629234793ea83a48529b7c1963bd7e447b5122cbcad2be92383d36dbd3b7f19c21ffc69266ee8e2ff7055704f7e8dffb970f89ffcae04aa9545b04506c816c42e900404b5005e245ab41915f803c1bf2b7d8224f821362bcd3fa0dfd88448db75f4cd329c4fb7ebdc3dc76d8a753324b271cdf8afa4c96c81d66c78770e4049623681af0eefcec939355b2a2afb09d3e19b685dd201a567f2c312d6355547e732b6934e2792a2fc439609288eabc1022825d8f3d7d23b7cf9bae9811ef519471212998ffd066533171bec50d7a626ee1a751abf08a1ac28c34c402028fb105d1856739e57cc11184cb7bdcbd042fbbb0b2839999f336f2cd783e8a2a6c1039f89822eda55764d20b16de4b07a5687828b871c25e0bcda7699a57bb9b0db7d0e13e0d4e43aa88c150304f318fd0d5eb73d5e9d459123f648265942f4bd0adf6f73fa3def11f943ed82b9c1e568253021bbab34c09bc419df41ddab27c3cb955af556b0298c72cf0c0f7d86622820cef357733b69279111c1a9db908b55bbd85c6a09f9126b213d1de37829a7d185dd049061866831e18a4e292b6bda22f4cb3faf2ce701684a094379596d1402fa1a1865551c36e86846d20280fd5fe06865c01b0440c462414a7db9bfb9db8d04ba150c7e8607c84f154341f3cfb5b7cb8804e2f0fcd0a4b470426f995656e0e80674c2d9eded91cb775eb708480a27bbfcd317fc4d8c0542351bf5cb6883e13580e906ffe4b350e3c2793f0167f9d4c1190f4ce9685ce8362705ac2dcebbebf09bc85e6c34c42b22ac018aad9c8978d54085408b8e5a7913afa00702814233954c3348b09949e9eecc2264d5891cd5eb8bd19e0c082924c2132d2b153f76f507f1389157f587125624389908adea5fc8af8d235de56fb703b7806c0a6e3ae538e15f728ec7142f6d437dad06f8f97a1b2574a90ff6829ad4abfeae225552e1250b4b50230b3cbee19d0a5bed8f5017398f2ef0be1883bb3dabb800baf935ef0760e2361c1221b88b6c4e54fd548f4c400c6ebc8a713d5150287de8542309de3862e2555c955cfee801c192d1f0b1c2cc70bb9aac6324ac6787c6e505fed7c9558e0d377fea96dfd1dde339bbd628d4f8c555334549a70a4566f56a13d37382bc8906e603013aff8f1b45e1578f556c13807817baf61aa22137ba3cbd34a4d3073490d3933ac830622b6ecac8d69c730882217a38e2b21765b1b06d9862d1f605550c9791621897228dec8988b2a9b389b3c44e0c110f838366851c84f4b77d100161e725c6de62d5cb8a25f5743406d6a577c106eec7a402ee518f5c82e2e7ef750c52dde00bd7e8171eaa2bb4be944d90e2d722e53d96e8d2077d54653958dddd6338dd728738e61b488caf93f288d3daf344389f0e313bbf25b4497c4e2db2db21f79461a0d4d56d5b815eaad6d32f815dd0dab5e46a5340efe5b23d51b1c74b58d599c2fd044a6f0c08708fa5311bb78ab06f109a91538baefd1847261685b06de6db10b7f2290246e86315c6f18348b802ed92800cc299e6129e5fa6f61f3ad46c790987e34e9613e36efbcec8a648d635d5aecd1016f13a9e26d94b40d1cce5162b2328dfe692d712a032bbca711d91a20562b4f362cd325356c4195026a0499b84bcc6a38a3a3d6b6b4d59b6456e1e36eeba289fdc1b8a87dc70ba1f4327ae5b9455526d92e7e0001baf2b024bd6fe9d98d8734eb7fe4f8de81140e9af7262c108dfdee8da2d093dd1331c844693ba856be40b03dc2b61002e31f6f8805f2efdfefcd02e53aa5280a6d6997b8f676fdde5b2c92cd401626fcd696e963987c91b10a9b1ba48a2f3655bc8c640a8b629de32e08fb4c0d12696a915cf96f5de302423cfe8b55d062079e3e0afcf18b6768672bfd8b72b2d38132b0ae62f90e096eea5ee2c20b4c8900a0c9e911f8d93a0b77ca96e5803c4c4c1eda258ad997925ab063bf2a6bbc0c91acef5d840500464cf4d0062031fb9358ada6d0dbcdbcd9b5e926db9ce47b5610ad45b152c6de03b981da621a286967a95de01fa7e2c1ae9900b9e8deb85c4917eeb0a76f3938531d721b4bc68933e1744ce2b3f98aaad7067968401c21e0728ffadc8e133b610b5a64ce4c3518a0922cdb5b28953b5f37f7dee4a7fff6f384c7d9cadbbcca544f0fab337b9e993ab6027d481b7afd1e871ea6327bb3fbce8e1a4737b932349faa7ec014c432a58c3c9fb2ee4a92e71fcf63f7f8532636bd08039ea0a4f9486c52505ae5ab826e1529ad7ba83cf3771954153b409cf7792957c9c68899755a918fd68d3c9595660b2c9ef82e75219777db2783a7fbbb6ce6b05944271b5d50c19e6b8623bcc4a39b063783c4223842cf4515ca11a9fa9151861c6160fb3bd637973273070ec61481619734240dc35929464c287320af318383e470a3dc3ffba09b69e5340aee55f802458c63c5520181853ce5393d328922293d452daa3d8ea2a28281b174bcb088bd273ee955aaf2a12c50dabab3ff58dcbd553077051503049ec9403be2d9b7e92b15929f394ac992826250d3483091199045f5849098854745b731c39e8c2cb684917e62314126b35effbe856cbb9f481bc8db095189d52a56fb53fc2c5fbc6a028394e51d820f777536118fabc45f25404526f041c3f16a6f0b1e1bf79727f582f64bd5edf8e6c813f9fa10a87c201cb25dbb614c3d76231e1735806e9ccfe58d0d993ef5910e362e8aa480b4e951268c4ad672d2bdf8fa603ada9c62a2656137e3a5e7145e85279412b5f2d9ca3568783e89ae38c852fc37c5f44c0784575beed11fa89d3c34d774926d67a1883a8c93ca200d214b54bc3debe2dcb14ea708a38980f1f6923ff1c95b25e4847147f03d1d75f47ba4b54b7d4f906b291ff0259368b69554165a400575ed2a2790d142fe32df50d4715f3cd38e0aaaadb9b5cf8193576d99fe74fcf7ae001e6d887804fa1bb35319703272fbd81d42376eca87fa0683872ef5910a2a22568828133ac6ed7ec9c1b1ad5ba0d48cebba51f71d7a9655ba07636f236d4838c41649f7031dfa9bc317c084eb91a1c13575c09ae3331f50a72328a8f572d7fc694aaa2b2b48fbbbc58ce72fb52a9afd569be26b003707d87ce4e3d2c0020cae2dfd434c293b1e447a2442f95dffbe25c4ff47f88042b3d3ca2539d7338864b6e1f0fde8ed0c92a97815bd25aff4771e3715bbfce6443ffc3e4a8d74279c9e0b6c04e38dfc85a7c12bba2b8e101b33a900d2058d3f255ff9e30939598247c4f02b4987e0eebee4c975281389189cea90cd29de8551f984a39edf4dac2fb9ed3d98007bb299783427b7a73c3f5576541caf39ce1b3be1bbe871c8b2d87d8a6c38159d2d3d4e0292d6b2b17b2dff6537399608e16a206757c62aba918e78a0f3461319cfaa9cc7de038d185ab7ba1d187ad1331164505e8165f15f601339b78bd4b84dbdfe5c42676eaf4e0059b7da90760b8344871180ae18a25556f7ed47ed77ad788725e31c4525c49dd6561095b5a70a87fca166d1ceb295cc92afecfa21bf641b1555bd84f356bc4a149ccde1688b6144c9faf864313438588c15d97daa776e104b665fed240c98d4f4b4ca59017bfae232fc08cacf422768932d434452e50b168d30fdba36e9abb215abc4fb99348d48aecdd55ef44cf4fa1f6fbddf5ea124328e792f59249cf571c54081e5a10bac9a2496387824de945fb5053c884b98f2fed77aea954cb2b494037f19b6b0ec110cb42c7d1ec3cf20484401a1f9f55ff9fe62e284d3d1f227dcd4908b11b3e04fdddd45dd787deb35aaf33c67ea49530d70e6f04bd4a1e9a8d6080f062573ba26052d51301bfc6315269e03944c560a8b551a3022914fe68e11a4142da6fcddcede80918adf1c015491c08acb10a1159bc36bfc6dab3e1b0d1e395de33d3f72acf605f4540cceb85cebe52932bd9cc1871539e7854493b726e3f0252d8bb1798cfbd441b380c0688f1270e2f8b4c32f70df83e662dcacaa96ee9f07757c389f3a29a0f2228385726e54dbe13ef59a3a79fc8ea3be7847dc2b3b2b43ee1a8cb52c637438a297a5c015ab57d96558477381361077432f2ba419e1c799a172ad3c215cb07e7f92cca6edd283d776fada58b612166218aae0028bd637a85dc02b3918d4c85de1981b579211094788eafdf2d72c5ea3adc492b32fac1e25d040650ed5880eb80d70f1297bc346a5c7bf0eb4e2e8a3b5e91eddcba110793dc269aa622059ca8e58cba96026cc635999bb46951ff76a07161ec3d2f198d7ef8f5387249a2eae1f9da2c4f52fc314e79a991e5189c9ace7366fdcd6eaa9792d0a8a732c329ff90c1d0d258023bfd9d0a9399c78c127091618423a928aa5a01831e24aaa1a258c7c1e6a8fc0d858a3345985cec142463cf2e789d1b5e2cf61a166f834a003a2d72b28e259e50c02f6b393f8817e11380f509c9ac81cd206b2bea89727cc991aa6f2cfac28d2c64f4504d7a5847b88339050cbb4a5cf94ea4c04e4629c758ea78fd5599bfde2d86854dfb382d02d29fc92569b66a8facf665c224e91ad93e1278f9ab211ddf6854a773530477b7bb29bf765707e720d894973e6a4e03b05f81dad88aedd38c2fb74e11e1301a7b5b5cf0517fd327b7e55cd9aec08b51c6931b655a83f1d181ff12dfb469bd466696e2fc46b76a11c393098e92c5854d6ce499ad77c6f244d24e138e9fa238cb361b27a4f07d04d6fce3efb41989cbed78ca377f9c38a912d28ba81832f58b58bd39a5e1b0b639838557c6d8c1c29b0f319027f688430d6b9cca07c52915830ed1659f7bbdc0e8045dfa43e55593393bedee698c3ac888f1f851aded58c3305b6d539af9fc7cc6cddbb1b11e39efab2b43ab3f6d00b7feaec005185b0c299286e3c47b983e814d97a3c3be0e729b6d75f7902d40427b07498b482d45807005f0b621cd536e092aa3d1a87bd1330c534996903148204d00bd2e3bc949fc96b4a1358b3e71bc5e00cd011d98d00553a0bbc7d51396a8c875f714520638a5fe0ee9bce6e9d1f2834d7ea8f57d3d36bdc4d098d4a5cdb541224fa5811622a5f1b88d14adfe80cb62cb90b146d2f338b46ff60ec78783d97fef5807299b63a4cbf76599e4afbe41aeb45a924cff3395cdd193848875a62ae4c9c81c7dd4ee5083095356307ffabad1ae08b9653d1e3e3488e3b2bb96e77edf68925e49945fb9a118ba7fb13f10538a3b65baf0f042c992455324d691195358efc5ef3f6f190117658eb420ec6258a912a037a3ab9276c1602bdfe76eb58e4cc4739e623e3b1b7d1d92f424fe290e935550005912be5a5da545effb964bb5f90b3e32b11cbfeb9fb12acaca9e8b68c917249077203a91426f69306b3d4c597910a64e17be6822087dfa00d420cef18224db306faa0b87a56b39ad57d3604b0d42d8aa858f7fcb3812200fc1df1f54bc6ba01facfec15f4844a10951333ea2de0f9c414328b540d4162308c7007738767983667ffd7ce0bca5c3ca68d45be76bce89aef5e98bf2c6cf6673ea120a7849fde5e08998bc30e1830ceb6f9574e77f61c9d7b0359ec5f53fcbf1558fcad0502e0c1f553c6a081c0fadaf4751d2cf49cb5a89f0f94d45dd7c5630ac4e0a5b9f79d18a3b3c6c63d4e3cd257a4b01d4efb20cae52c1e0f200644f872e796f538bba8bf97e3d289a4a0e890e1d642fcf95eb62534dd3aaac8502ee0fd80906938fec03b4afe4bd9f24697100d5febe4acaba9b8494ca93719b24b1c156089b666d846bdda6a0f2e17b51b21b35353c8a5df0916e2f5dc431c59e579f0627af0723508d7ead362a09720ec7a631a33d0ed149ae3468290fa23c2cd093a538bffa07bb717f8a7dc08a148ef5f35be714ffa2aace7c4875d447c6579e77d7c8ce9916113b2eaac8be2efbc5f8e8c8e28021a17e6ddc0397a391824ffee1487eb54e59e39cabde53d395e8bee49844d0a3ad9566773bc7fe56c251cf61b983c06db1e7a4a342f03250896f38b8d557c2e7a51e91c6c66bcb1a648d461981607b9f027949f9fd3bf0291338e0823afe1e982c6eee693bcd32bcdefff2e3c554c43144c07d76aa7c8427d21d0ca24a11e72ae2e2dff18f9956b10c522a0f627cbaf822b990a68435059ba3aa4aa18f72127e511f693fcfa48527e385051b5e6e058f4805927975819a252b74159a921e18b82afc0ec3f30af083ca828b48307800f142dfd542392dcb881a5c142b28f9e47a0c96673dafcf2016fdad3005db7e7ceeb52181121f7de5810dceac30b07615ba99c94dfc7b3a6ae70601d0f2a6fc6df152ae5ee4ba7d81f05589ac2a8991d05e2441b0c1cd8a1799491825e5499ccf3f88e5b98eb01451ac5ab8b8308940827202843ba99822c1489a61b7fe2eda64d7e2943c921f6b0ec450ccb4c2c400400f9dbebaeaae68706b8758a27f7419013d07b0efad1e3a5ab8a19e4e881999524891a22f1f32a40d7f663aaac96a663ab8aa8c4644f38c9c9cadc67965f06b893e6a11d21298cb4172587d874332473f2b338ca2ae73178ef79ec91c643a71c82c975b6e81410eb38f4edaa5f86460ceeb22ef15e7649486c116ddd296deff433176e61b8066ee7e1b2f19bb45aee80a1462b1bf3b416041026aa2750721da88cd3d0c203f4bc9244ed96529b8a87b85ec957e8a3071daf135c28de5ec26a9c9266a902102bfa6e243db0416daa1e65e83e923dfaed38fdee2a8a1e114a5c3722be8f940cbbfa378a3b2ef6c613a8e0fa9f478b03829c93b6cc9e9c5bfb19197d5df82549d49d436e858cf117c82c8938d2526e4389337c641f25c3d5278f6bdbf82509fe8be30e7b19705951bfd17a5d12a375dacbed3d9d22e6025ddbaab2813d51bad3c9b897310f1809dd8fc6fe885644af4cdbc001affd03c3c50200b59b053656d7a67a5b4d2311553c04f9c3153567a6e00d2912edc26ad9aa2a99d7ee1749e35e89600604aa53f2f4f27cf24a4edaed8d48a98865c9eb7bfd9112f502065686484a548cbb271aa86e7ceb0526ddd71ac08a6722ce6f6e3dc9a14b93ba9ba20d7b08995fd5cd16e214fa31ba51a86b7e5821b4de7c0fd6f07704c4947a0af7b7fee666a2c7f5f82827caa7dd92ae1a1351ac2bc339accaf4c460c58432cb4b841ab96f3e53fcbe0e693f79a16b9dd7aa5299cbf644badb9f996c4bd6183e5af2152d59d487cb92ade4290b6afe4990ae7a044fddab6a395cf23f88477ea4d6a8edd3f1e5fb8415a38b550e9013d9caf749d50a9c0d713a2c7c2cc8e952960ac347cf07c87a3192dc47228d37abb29d45805df3a47069510e61fdafde074537e7357d49efb32542c5847d073daeb8f549db3e5b3927f67f06a29a51186bbb1fc4b13e33b82b722d9e0c89062e504dcba66d0249087fd4d08b247fee030928904d9a63b1fc6d379b2707168e926adda07cf54a11ef8501beb1eb831909bb4b37107d921dbbd6177715691f08348a950117b23fb8b744992ae7bf72fc4f262fdd41f7143702519287376fa7bccaaa0615ea16b54287f5b93895dfcee12bd5acb4e5c8d2ab3f3b24b6f88e44ee294f7c29b03957179b14ff8dcee47f0af2bed526c324ce348c81b1009a18a993c94e8ec91ca0ac021aa30ba5f09e83a4bc0d17b838b0d52e9e308b48cc8b5873b79e92b4060a37a2bfdda81bb15209a2fcebe4d0a1a75532a2f3cf5102badcf0006056c67ba71d7957be1437f55d6bceb4ae45b8fcf40fbe17757c82d1c34851c40973fb23d34850bcce9e3e332f23b10d2bf81454c8d058a3fc8f12d9a83b6bca5a20aa16464450ad010349ec7191a18a7f34d1c322e51f87d13533ae92c8d8770426d4755698d73e9a92868edcccd4deff3128513251b6328d55be49a6b19e83dd89a8c42ea0157e08ae7aae98080323e52e5cb9f269e18961e9ed3a926dd174e78fa7a9d98a47ab3ff5f6366b891c36cfd16e149b3f6a217621b29ecf742123bcb99d077f6600d96edf9c8411605514c014cb20a2bbe69a64a66681b63461fcde0894b85a3af01c8e0691bc89e63b006dcdd08053d812973a406791e453d7e37a2b4960abd78500f5752122dccbb99e2c52d06efcfdc877c35f595ca9f9d07c5d64a30049367fd9f4a73bd9cfe7657cb5f42b3722cc99245fde207c253499e850ac7a76717f6119e2887b19925a743f382346f2913454cf69db68bce0f384deea13d8ac05d985de55977dcdf2136b3c25d2676e079e0fa4342d6f9fe5d78afca482b74150d01eacd151eb8f5ce400cb90826a93c55b63f2cd7b37e56d8b5c72f2d669b250960e2b0759bbe31c9f8d34370141ae96e68b3d319d8a69dca7036eb716888a8825b5086e03ab2bef1caf13965072f4c44f37399302899e20b60e892e7404dd86c84416eb106a0ef9b3acde88ba2abb9e18496aabf4d9f551228e767ecd7bdd5ca10e62a55f2c936a7affbcf289079851e4b02280d89ef3a1dfb6c9a143f17c1156879c7c411be330308dc772f662db31565c6ec41d625c6eef305f885040601f290192755c50c9cf8509681869f0eba7f9bb39c9a922857e1efb65c7bdad09d3dae3b30a4c65fae79e3240f0fb492afef3884f414253268f3579f7373bf0866d0b85fb07d5586749ae0d217a6b256f13f064055a922c766a8f8e92186951ae53ac1eb25ee99f6318787e4e1892665ed1a011edf4219ef9aab6746568acd2c5b4c82e174c8568ac2f8ae70c9e5c7479481c1713c9d3da1e9a8308584862bb6e2c8a100c82389159ac4cac84561a414f3d2a4c7bc9bb5137947475e8be24c26fbac13234c805e4e15e71c8f111a56da3428daa254a87cd3fd083abf482345ef434176c0fe72f69a2de36da04558e111315d02804cbd19352f0b4c45ba3f89340713bc009d551452c679e64f2c4ee7182f36369d9db468fe46a6694a3d7d129db364ff8da704cb31833f2468265b9a0e3c11ea6a2a9d6fe8a4eaef833b3f7804d80a9ff4b96121c96e62158069226c829122fdab48df9fe608acfaa14b24ed0e5862ab8abd365e9ffe47db1ea53e3b07fdc6d615c8a70a84822ca17f8cc397dbac309e058c48e0a1e21deed95a802fc52ec5d6f81cee40041fbbfe01c050f0419752ffd423916ca9f6234b63f9f49de9416d454d641019cb73819d9bcc880f7546d8132688cfa159b2c36ea46f11e32aa7f292e8567e96e23cbef1a2c765af0432e61df7ca5b6f9c7d2fab04de64af4849e11ccfafd8d730c7e43a6a798aee1425739c526bd3efeacdedabbeceeb2abf9d5ff2279dcd0f9c6942c2a67558dd4510f6afabcb5917829d285f2344f259b365bc37f617302c7038225f6c810722c82cce81dbfbfffd0224eb7f3775b692cf0ddd51bf2f75c4d91b2f4d90b4b94f0870c1b6ff4e2d6170c67f3e569f313dc8a2fb169c7fc99d5eea083bc89866ec0ed0c6281e1b867f9967a0170af2c0ebc50c406a5e02ddafa500e274a0f1ccf50db006c1c882154cbb3283ce8b99e49c4e15374c40d8450970a4762fd55b8e8990f51e2026eedd97c970ae7d0c83e2f862439147900077095d2b5caf6a04c08ef20d7b49f7f5cb806f6ca245f9a9a65b085369777256dc683ba018740c53d2ec8cf8fc7f9c2eb8a3aa1024bb9430a673061c1c23c961bc11e0490f26329b1f6ac43a5419ce8394f0b1725a805a8d5a1312426f5c7b002d9120a815eb7d7f21edecb9aeaa781762613cd4fb2a3097051c0ef630d84c19e9cb4cb5c6129ad1714ddfa14055d6bf0e6208b10c7644ba1e42170ea7ab4ae8ff0d9f9f8b092db89bd448c48630f6a5bb91c52d79df8d7625d0708e65a615e6f3fdb45ddcc367413d2345c3be0359dbc9309fa85123d7920db9e207178a7e09a04f6a0ee49fe6243a6f16195017a226d6eead1c9f989bdfae8de51038c5ff938d64306fb631e21f5043ef598125fb22f06fecc52fecfc5dfb534734492803f9fbfca6765fcb6357d012707764379c270bb1b94b40fce3b9494729ad7765c9dcf32e92f6d764ccf75cf13796e6346f16c56fbb09cca6897cbed4770940d26f2c13fae328d38146bbfc5fa2ab027be583dc39f0c978d45a046d642299ebbe5a9373d5850ea5261536bd8528a58dfef6f1577b613037de4dd5742100ccfebaedf3e78196b75e4773e0a1d15ac2805da4c10a0285ca85ead803f00438a8d0180f8403014826f02684609367f023fd6699bb285694828e8e7d449ddb9b8aebc7921fa2f926feb12df7d10ea08a6eaa95e91f63a7267030b2d54ed41b60c209315d8436985dcdae1a8c5a4ad56a619045c0808553fb4ea9af144a38abdc652a46aefee7a478fc600c401340c864d7786c3a15e55ade3e961790051bdb8f992a418c684db953d6c746b67ce6f674ba790857689d9e5c69e1e1edb8894b8d08fef7f24aeb57834ad37e2c721a45194aecb1a077b144148a2438f01501eb6f9ef58ab31ec91c4f47f98172b7e4c8255459fd3a62a0f3a68fd3bd0b90f94616ebc7c65f568947bd0d225e2eda33bc323a1cf14653d7a0b4d3af5daee3f88d864ff72f0dbb3db722c48bcd5a49f4c87386e154cf03b173b581edb2525f94f73953d5c8dbaf5b9443cb6bb24c9fb12e902dde45f5eee5b81cb9062465c912ca7d17936dca1a0abfff8a90aefefd55cc9cfb23e8f18c9b7ea6ff017e0d5f7ab87ffb6682ad6044fde3164eb377baa74efbb1e72ef83db17de0b4052b6e2bbbfce71715cd70b09c1833aaf73decd584888a5f07b6fc2b4f38f79395d625c22343d3705ccf05af20fea17de458d2cf4eb94b4c98d7b074d2ca13634a1a77896ecb27c693b41deedc27f57acab274ac161b265dfcd3c19ed417767d07885724412848411f901b766e3d991602c48d154179a23065e0403edb13685448cdcfe0942e7a4971cdf5911c7d24fae2b33f2df19ad2e5be60218cb9562753bcf20684d68de91d47987ed07e1a00c3d1cb1f8d41dd49c8b88866a3a875e64e9d167452443d2469af879b5ae59746fd5e17f3707e036584dc315487c243d6d5a911d73f19bc2d0302dfca8a083fd7aa2fcb5193afeeac507dc35feb16a0328ddbae9e6d353b0dbc1a33e113f6662df27e98f7b36e88f80959454d91cf600d590d78117bb9708dd11e3a1b09b8ae67fa134a3d7e95f4b08cfb4675a7986d747c2f654eb009b10b6feb180bcd270c5a897adfc9787b40a50418268358099df1c53e12a22fc259144ca46ed896cf4eeba366bbd46dcb588c5b5606489816478cec9205bc84e226301ae5c78c76fd016cb646102b0d054153778b350cea4ec1be2d5dc45b1211a01a4f2e5f02bf6dc0b9e0461121833719684bfd34389d0a41e5900afb0ceabaf45edaa3992be25f869107b044707317b44e69576e8747a5262b7ada271681dd65d591b70b35267919db781ace165b30321e781169dbd8fdb2ada37c91b813cd40efbb0280833737c662cd827f5524a70cd71526c18708f83dc7ffa776e68ecc610262383d70520b8dd3d7687e5b7296fa4c3cbe5975ecf7a996ace0c9754d675f8c47f4651e290dc4c21703999e73e04f3b05eb74556a094fe4ca59ac938e3b2ca8331fc5ec5bfe31b616f321f44f5fe54c2c40e1ef6b86ae6b271eef69d86ed82bfe8b7fc815d54cfc04662b761411623625069930c0330e9cdda1cb5414d01aa12a7afe154d039a0ecc8ce1a0d16000585bf0f0cae199dbdbfd960fc2d8b926a94577d70d145f0e1e00b4b98a9f30818a850fe1e9c920e121ce8a5add6d22fcc0d4c6998319b63096b87c0dff95e776b88aeee98ef76d02a14ea78473f349d89e09f548fd1831bb808397ff790b3434fe912b09011f1973e5846ac6541644331f4fc73f7ef9d78532a2aee6b937a70a937ca71ebe06540d900ea610d2b7884e2a781a1bf16de5f32872caf4ce09cf2389e7b72c6b56d75f34f642df0ee2748a804f62387877f1188bf76473f1c9651be4f0f5d66582b409d82dba43b244899e787b694a4cadd03aecb3459d0d9fafbebb2f2188ac7cc6a8c9929019a9f2a1fbeefc4a021b85f531520e8941b1d8cb7964bd1623fd91f58474664d591caabeaa1c71bf42a37404b571e81df58e745774c6a1ec4674cd6deb0592fc8d3e88994438109d1287361efeb51c0de3fe70095a032d457026e1122570687a13c3b83c3b00534c6e7ba1c8a0bdee24787d2e8f44d01c6838a65ed1a355d47f15f1295328922c9055233632fbe4aa99c351ae5b6422b899a8996777dde7740eafe708d2de261346590ce6090840f2352b4c4ade155754385b6922fa2a944e66124a87aa2958fbd3e940347a6e845a49f4b9a8491d0f23fdbed200af8da7e2b94afb79131c8b6d95940cbbe74e6022b8235e5759e5fdef80fce8687e38b839677b3e84d9c1b8b27d11b69bba8d479bd3c1c58180f5aa725ee24b7af930e50e2ed2efc6f5e1fec5a6702112020ae426fe224c17a32509e0bed834e1f1db5709a8d9bb3a5a3aec32abe6e3ceebbd35b24a86b7d28118ed15d9d6b5f1370fde7dcf3d2e7d837938f3dff5c7434090d34f928278123bf02ba374f9edd528de955fec36672111e75cc9f647c4202db8917af5bca180a060c5792a2a8eb0045102966558c41efee006faf2eb6266b839cb73e35399427ba7486c99d7a71be990598937db0c419bb0cff1ea837ce0ade09ac54eb3833146aff3a42e6ca403504e03809c716ba8674e99b4f99d00b9cfc2c04d76804f207479d912ac43da10cca0f2ff2c849792db864efe574515a3a223069280d6215493c63f25b920dc800446d6a1a55a479bdc89b6c4118c603ada3113e911c891f7d8f5625c206c2b34f340b640610ff00b23dae218bde88a72eee7642688fd16c4a2bc682f1ca09ed370588f871f61bfc74a0aaa1ac21a57ce7eeb086655b1d97061673184cc734302d230479ff2e12ee0ba6e065c4997d17ebe080a60ed4a009dcb12d438efdb9d81488af2c14d0dd2508925ba2ef768cb56b44c5b543d45c862340b6aad09eb36d4a2b85585386b409a4e8a5b2172038470240ba37d8730de3f64a463b2cd2fcc5f36e5cfc667718f4a74312209eb83c923dea34cb13e3c557bc0f8b59b7546186d6998f625f29b2b32b6a917c36d6cdbf956071915cd188e2608e71deefbc12583325e95d69d8caa62ac417f20320366f7eba010186aa5b63886c44cc87fe8e05ecc037f20f22d94ab53bc330621ba0e627bf80f22e7de01695f465e5e5d51b181d74c45187b19c64e299f90493ae49455311dd01fe6755332a8159345ae3e9e2a8652027c346ef89e2c309c1c5e7846d2cde1b14fd00a8c21410176b9d87b9af93c77b4d07ef9cfa8fcad8cb42f1bb5917ed5fa7d67bdf4e63e9b8968d1e744208254998c13c8f82e18b0428a5e7b11bdeca5c4e49c4e29b707e3d4a2c897af974496219bc6c4a7759eee11876921a6a98a14fed1db30a7e0201fd90806f6a19cf785bbf05b2194fc912a205ce7e7d576c92e2cfe362bee29cc21fc5f5dd49fad2ce9c5dd9b02f46a220af8c617d80dd1b6bf0885f85d23d57fd3e56ad23808a75293697ac7f3d737a3131731f9e3c183b434d5b0a0aca9ac8012600f2e4d8d64d31e6f2b5f7c56d2d5f4d912b96748b98990cd58529bc75fca09557e4298165bf77383560ea0e43f67432209416f2d8c177f492698caa9c03c0d53d539180fea057bf2f16c94958c4598fe832b5edaa9ebe975dcbd092307e887c4803323fb35da224953082f8a56cb359c1fb25304f024a88575805f216dce7b90ec1611c6822c7a1de6d8980671bb86040c7eef77f37a12763961a611db8ce7584df9a20b873aa1b7395e3142fc189c76981386e96ac83b7e264195e2011d48a7371d80466a42bf82fc4d102d65ccf516d56d4999c32410c13750650cd61c5b1345fd67a88b2e775afea470e0c8d467972b05c6e54795b1d739680735cb2a06896c9849f2196acfc10a623994b365a08c3b6bbcd6a017a5649b40926d7a066b90bd4e7700856fd9402a515ce127a926c0103c70060b1ce4dd55aabb5057f06a7aec096f8015eb48d8059fe70e8f3f0d6cdf16d0a745e274e84077af0adb1f4a7f90896e1d6ff824a5b744bc670ca5c32f5f158b229d07ea0b030423a1e12caf3239c0300a6039e84b89c076a5b6c701734a66d12bcc4d64db05a83fe321f90ae6cd2fc6ed912feb69c5090428626d99c719977dc57012dd0a08ce94ef0619460396135b3f19b3d9c9f5d152287a344d9c2a6156dfeccba72f0e85e6d9a6464104e77e007b6691570ed7d2511c8e0f32c73c39e84f829a6628a17bffd01e0540b4885ded60f0802183f946bced72ef8cd6ec41630509c8034be61f7aebc4cd8340629f1fd4de1e5e24abab211a54e6cc7a812f2d6aa6039c8b515600da8f49ee87a7635b2f0efe2ac26894181f077b86b20d55d1203cd92a9071b2f00caf65b8f4e53888524419c7d1f49c3345b559008453756bbf36221ef7d45cc36263f30fe5b223e667c944675c6e7f8cb5397aa349a1b501bfece86572129b527fdfb08805e371df9c7f45f461fcea7641b3d01c7df4ae2363cc14ef521b9a64049525d075e1ff50be934710a557af5e0bfb4e239c5e7e20feba166465fb6153f91611da6a64b3c9b68af5d9dbd27e1f1f56ab2a9379747b3c10bea061956a99089ec67c3aab475e3dacc8bc225161dd369e24e959dbe0167cd5521f490ac6fa1ddbd4dcc8153a830d4011c784a318c01c49ef39760cb9c33d55e677fd595dfa3954e077d25f048f87738c5c396cb50925b046bab75414fb01d3795053138631b4be375f7bb1925f115b5c0a5426cfadb65aec89a5b2086a7844909b2b13119dc1a56d9fa67dd1b62157854fbb2d540dfccba92aa3f2467e0386f22662bca981801d923aefa6f265b3e44b6109b5f4b8b16eb31a7321894fb68514928dd5068633ab0be6ffc9668ed7d1f549ebe571c2edcb5a18dc8d83fa3baa3da095ddd06a7f34390abc0c3a1020f36bbd124544806ea13f3b61041fde2e304332363da4889c3ae1170fcdfeaa9bfcfbb199b93c92f50917371b29f838b61fe74a07ad3b7d965e2fb1ac1968f76443a765bb0c2f7076bb4c10ba7bd62f839a40c4e4d2f43aa412fcb969e30e3e2e8b182c3105bd4bbadce8e281248214e0403983e9910455b31e4a803ad14e4383c4bcdfcafd33bb3082ea6018cd4c2be8d37dbda519fc504a172504d1b7bb88f795b5070d8c834e4fc29780b6cec40dcb8225c1339ef76a985d948d1c99d8d4660619d475feca0683fe8f65a3f4b1077e9778e327297740510d0dbdffc649627d1d9de205bb4ac09b91df9d4d74a5cba5e1e10decb3c826e1d288473e4b4116a25491416930162dd981319645d92cb6c20d3a8b78697c64759e6d075fbd1de821d1dcdcf55f55d83a218e4a1503143a21aeaa135c1f4af09c335c425e68fedbdd53d55bf37f019797d3338ef1e7b3c3d41568985eb032c395faf9bc50390df99a18fe4f5c75e739403158e050e5be9e280f8aa50feeccc13b14f33b0cd88e8a4ceaa9eeb98bb7c0985d86e10b9a9edef76a8c188f16c6763a8850a5f2287fcaf65f2cf21a46f1a03cbb82ec7cc4d55ffd4124fbb1b7db565a18fdf9c1b93840925bfecd324ea62e3f6a4b8fd32a0ca0db6be5893f851c0a54da44df90d731354d4400d1d63bc875fa4c52bb8c721b9692db4ae284650b539c4df898118f6756c341614383854f1e4fc1d42eb075ee965656a95f86e8b36df47d8eb102924f17fd49bfaccb97e02ad4c03d59891e05ac386118e0d3b614659ad293a7a8e77e0aeae38ea2348cea318f271370b6ee9e4a1f92aa6d48ca162ebddced15b634c13e1fd990607bdbdc57868801955ad258b1b6ebef25ae34b6c48c95852b3f19921f0a65c45587a8eaeb244d545eea20abcead57c530bc5d6ead17871c50604dd2c7e761ded455af77cbbf716fd0945a9ece80fe16963d5773dfd58ad03a1db7f1cb38ebd251059c96ee8ed9a52dbdb448074e379f7b27fd6c63786627a46d36524e5a73b8f18fed0164c7e0c0c09dba9a17a06f32f4a7ad776758cae9be96cfa09c979f7f2f8feb8593496448a2ac903d544d8b2e6f7c30290b934e02af02ffb769b5925fcb8d7c35e95ae85d7064fae2a46637071055612a0907cbb4ff3957ec16bd70782561ac8c5168a58cdb99e33163cd5627d20d3fd7f7704d58c769193341da052292950002b5c49b9d3483867302f164304f7175876607f3cccd4ef012628f626e191d3c63215bf93b85aa5d7e88d3762d4cb8b017447c0cd94c3c1f02cebb72cdf6929f5d29ad8e5610f90d07edd81196adcec5210a88ca989df664371eb24f5895e2787529196eb56eeea4dafd27ec05d63f6682fe86b2e40282bab469a9e2945e6a0ee3102ce7367cdd9287c37b9a4be2a24ab66a07421dfce95568a36ead2871624446311f9b9e180bbfe466a0bff49238bdd1754e5efb3c2685b19cadffce06a63af35152d3727d2f7b5d175c11e9a8f523dbd802550add5e227af1c95a04f1ca8d0e9a9c204e27587f692ce79b10e36742f21c6f9ecac17418e903837dc158e1732928631c93105f207eaf7952407d1f521e68847348f05e27aae7dcb1a53584c8246a511b3671d9a1acb76d9f28ee576703969fded5737a6e18beb7bbbf39a81a0df312751d929841fd3497be55544ede540657be09722d16794a0c0e7d6ce8e8a0ad7f0647c16ed15d9c515bd5bc0d6330b888c0798731a7254f7ce75e469789b03efbfb9412c4fe6162ba225128858a75a1cb864d39bd1c2288e12257c2749dfbd042e5802153958d29d01cac32709569ccc8a0189f952cbef982edf54f89f9634f4cb6f1d4220baac161a2c5903ba80d40a8c23b74b63d90ce87e55d8f31cbd274ef74c34066a3b93f6be9686fa22661bdfd36a191972d2b9d0ff20dfc7d0a0b081a241a0bfb6ea6c07cd76ff26e80cac16f4051130697fc8cb9190383a33775f60eb4e1f6518714156f08ae4436437079b8425f5eb75dbd36d6f4964e6c4234217e12101a42cce2ea79dfc027b4a7c9837b19650cf9c00d16a1519e350e870cf02af751b14bdf0cafde3035c1e562c32b655071eb8e9d2016fb6b05ee9cba0da6b31dcc7475538b1b36e6b4e64a4a40bb57cd5d4d0d250bd3e88ed6e1fb5e85d0c2e6fa5bc9cf00857764bc797a923495a9d5453bc3a69ae3f81ee77eb852134a2b3cca24fd50cc964ef5d2bac9bcfa65df8272fab3d81767a565fbaf20ebbeebda20281c16f9b09e2650000579c00b77097445a41eb7ce4ff49eac7ddee7ecbe760cbe37cff8b91134db10f9b9a0e10e619f79e794d32ae554c3bd73656c2ff37e504a6a277ab541aea114989ee76f8d0c29785168e511d73de58a54482ee37e4f47807c72b09a111f1696cecbc1ab3b84e5d48e73621ece8a54ef36dd91c6bff5869540ca198542c31032ce9d1abf84893de62abf9984ff9ee0ea7fcc5d81de85f980a85d8636f63f2763c921f5e5ade2b4b6e949bfd9f1e543c20000ef6fd8ea2f8b811a13434860a3b36dffb727162d4fd571c7ce40bc9e60927aaadbf9eab5b79d481b433c0bac2d7776ff8b6df47cad8bcde1d53f4eb090e9b4df9888244ce57404d0e0f4e1bca5743c381e91327726af71451e91970d216fc627571a58fa92313d67d6c25829afd154c43cb454015de7935d76ed50530aaaad409ec219ca0b6818158c9103d1c9f93814cd961ddff077825c40639b47bd364febe8b7a96af903298bfe49ff170b237bff032b8c1ca37793ecbcc761fd4267aab5a4195ae37980f414a2162ecaa7cd5cd4ad01618bc4a8af3ad0575e985314c67bd5b66d0edd708825e784bbedb2c2b61bf58a8212dd91fb91c5cb6a9e61987e31929ccca4fe482889d859596d650f3e47ea22949d8d968b121112ad6e025bb9e32e45aef62a0f3044c113c8a9419f44cc5dca3b0ac440c34aca0101b853e31bd4e09dc3ebc72964dcdbcb3a40f773f5a09fede0853cf54fc8ba92508c643b0a4a942cd68ebcbba1f911d62599775a407fc2236a06d8c5019dac11a27192296126881fc48f33047cc7dac4a57ada63223efa39b50b409b3340e4ffea8a2d1603172f87c25c0ab2ac334095f013fc3f5a5564fc92688071760c21fffce0db262fe116f692452179e3201ba5de09449520c3cf2abb7f909d820baf1ad9753c07ee185fdc539ed999b1a358c225d10859e286687e5d4d7bac607dc24915f5b26d5063a69fed8b8449a3abc6ef331283ab9fd7115c4bacfd5e427efaffe4d120e487c9b2a9aea3f4d6b9636c1a457dec82dd13921c3f93bf2bdb1b92e824a5eb8efc09911077b1690adb1644a30e977632c1533c34eab3e01ae924a3a8aa60e9d350e9058b895daedec650eb96b7c87fdae5d683f054c1f32923e1232fd3d0cb47e9b8c700ae63195467ec927117131a79a2d215e66299348dfa2a8ca215ded103e6f06a7cb27fb841e6a73bb20c5d199008a9c9084f88537d1738bc4471184038e6b303beb947314eef58269cf42a7838ae94a290e9086c592bbd529f4c5c6f0f85e1a234b1602731b0822209925f989f8ded93c0d139542923ac52cb9102c747772d0a47696891cf7bc9531e738d9ddb2da4a652fd78273b13f43c6deb9992bf52032c4fd357d60580bc8185ec0c5b4c6c88b7d7e823596d1214f3701230de8a4a75efa44ed74161e44ccd22989318f7ee763b2b0b55cd47d44df81f3f81ecd1cdd82f355bd486896a619cca23bd0802625458bf07755baefbba46f75be35425f917d79e86e7c02eace189096e7ad79ac331adc74848c4f5c53193457b13de501d10519acf0f10ec843f9e2af104edd0371c2fd0d5328448fcdd71d6e79f72b3117d526a22ac893aae20524c2de2fe2fde13f3771eee9129463f9e0c7db3bd704383a67823116b6a487240196e6bca630fd8d0b01b5c0ee67e77c0cc3901fa4e320e8c133e79ad1d54364aa7bc428082061a4fc6ab9d0f39038527f465f1d8925fad19e8864dbc6eabf03afbbf349eabe1a0953395efa59f694777617a5a3d9440f08c75200a3496a1a3a6a324a794b4727fbf6748171df9b7ef56f8b208731df943ef2b2a53dd8216c62d1b26fb67207c84aad62831cb5a206249082dacc5d3848fcdb4d67ec3e8db029a834ae01c2105e132643a8d6177b192e9e9e133e1bfafca88b4837f89f39d68ca529d8eda3339db27ba1ecce3b9296af466ef28a038fa5eedc5b32e734837de3450c14c7d89d07afc3a546ebe1e6effee0ca0ce1047e44dc8c1558565c142a7b83b4407a67a6837ae59317bcf03780575dec7b4c58c2c006c62ef460778804e06fffc248bf1484b5e1da293f74856e4daab75020892d5dbb9134bf90f2ed7be3d8004ed5ec964657ff588556eaeefd221cbbca345c5dc30816a2fc47d234fbc02b7a9564ae03827745de76e75627743593fc519d26135a3782a4c20a15c109a500c6ae1ca5e3721953454ebe0b68bef4d4864c7c047715a85a60d2ad85d1dc639798ce45b86829ba21cc6bdf0e395892f6ced9eb9351071a6b0f6e45e56da044d8d6258b3addc4f22db629c595195dc47ff51884d58f27258bef85ed4ab407d99fb18ecfc0a1e5746886d949cebba82caa4e28c9fe7821a6d7dc3a6e92186958831a18ca090d6181823302fb0c712057a98aff7437d63c971b1e66fd51137ceb36df40165bc62da77d8a6bb807ee7ad1863ec5b39f86ee070bf6f65fbf6a60b13986a223e1f2d57e862a200c9d2ff6c1f04d19652ce2c45b9642ffe07a5efcd6976a27e548186bf0cc16e96abe1294f610f6c85ba3116d77316dd513c984af95e645b3142a05bc874f068a2f2ad95dc3933b9a9b6a9ae109ada65c1f14a9b4820c8bbd9f0acffe6a0033933f3de69936e4fcf11e316abe8ab00c97b7d97cbec82147054ba7b9d3af71595ec4e9b5449c2b4c0221e96db998713ce55da009c00c607a943a198192513aec1b3ff970eadd2ceb67d770bcb460365ddaded39e9e29bc55c7e0bd98d2318a3e2d7a8e89da87200bce4d877b5309dfb63e4cb237c9b4078163ed6270de3e5e70c125b174561cbef5c855d400bbd808b44214ab11ce5f36f89f47b8df2e244b05cde9ca4d63aefc8518df3beda9fde7fb92ca09969fac001db753cddc7f6dff8147ecd0c8ec3cf3e1971f54278cdb9bc2be54abe64c407d2e71dee28a60fa60c1c43699cfc8b4667e27fd36ba66a02918fbed5f750e63c57cd0e7a089fac5cb9adf2354176c98e9c3c14301a6338922f328cdfd2b799c8a1ce1843728358f51df9b5a4783e0fb115e9c4a0b327c2d95c071a6a0b6f6b10dc7b06e0eedb99f12d49ba8d16b1f20d926e8080580ace77731538e6b801bf3f8950a870132dd83f2efba4607704c6f9d10daef4a77122c14721171eeb8d9ebf14304e4b5cde84aa751e0e0e2c38aa33b9387945d505b42c455d8267674fcf3754a04ad35dd648567102777a6c44acfd2c79b0aa0082cc233bb1d96bc1eeeda26e379878f866462f9f6f7ee224fd0203c7fb34ae3a48ba84ba3ad716c1a49cb63550176494438e138116017dcdc0cd7c1f8515502a547353f41cc0426676724d0f1f96ac98bda2ea4534b0db0e105b7681a7c4af0c741e8a1e1c4d35181cd678570310855a42a2a86a49b05335138e51fabbc90433eed6b528946fd36d39579331579d49ca44275b21f3a5214926a69999f2f60eb0d503e30b43574df802c0d639b5fc227b10796008e10cb90f85bcba4ecde143f388c22e4942ea23ddf2d9efcacebc2e8350c39f17526dc7d249b17d42e87a82f83f8d2360e604eccce26e41094852bbd1492c369b07bd401367f8e3a91780de66dc53c0174d3a9714bb68860bca146147c57e25ef9f19bd96bafc0667facf39e9134516f931e3946eb11b8f59c18a6ae3d88cb3f8f928448f0cf76248fdbdc7847498a29e07b2868750513d4737a4c3db07107c09b92aedf75870d572d8c3935f9e6fafdfc0fdcca1f4e5d50a7c744f77c0c25bbe8a478fac0780ca9ba7f77a72f7d08d4afb44a08a0ef2028fb839390a391984d6cb42e7f14bab6cc24c19065dc1b782f47e9f04c4824f693de83817e45e85b8cb97da05494be26e4eaa51c6d9c60e3fb5ab37edf3efe3e7ad155c854ce9a845d3134bfce0b859cf49cf87abd553f97b3889349f514e8b683fca9c3a284bcdf424d31e95426174c3fab6bc55d7fd416592e434568441fd7a379bf39b2d4c628c88d48bb1ac820553bceb97da9a987033f12a0a4d1f4f77368d6bd0c35e16288e3011b984861549446b71f313db1a0ff39d11621ec1311eb030cb2173480ddf6d1a4aa5c04fff5efe24aa31315f16b1f4c31a091496e8abf51e42941a3b116843db4e05ce288848b40bfb53f937a35b74dd83b3b5da9e84575883167e6b1da1a3b05d85085c94c8897c86a35800f231e772d5b6b3b90584626b33f9d8b9da38e06f564c2bbcce21cd3d324a5a54dbe711e3fc56d1b1a8c5cca9004951c1973840c70a378a3e7da0226ebf63b6493a5e40a469f0956e66e3cefa84eeb4c8f48f81e8193cb372bb780f25661f166ead9f2c42b51bd2440b001f4435e57aad54dee9f75327c78960e0b0ba638d5042235806c130c0dee8616727e5dcb1ed40e561f34cc5102d534137c90fffffc09166e2e85a33506f68277cfdc3fa1f3b32bd5b8c3fb98642789fdcb37edc8f0bc439f433aeeb0bff14d664040d351cf2e357c6f6806f43a7b85246053813be768122016db7d661441b881480290fb1f5c4d45843fd2f4b3c7b52ed999972cdf4b6fba45d52495a536d4a9ff4bd3fe61bc44bb6e71e08de1e604807b885ca1354694c375f6b85057eee761288b1a07a588083d6bee3ee20fa0c758a7297cfe852e0444e3f1f8330418f0d0c0152adbeca3e2fdc0955b03e79b9330cac3f2f0f7cc3cb883c31083dc67cf5a0264a2e8ebfc9e850cacf2e6b017a92997d7e3484354c31e23c9b3dabe51e92fa4c5cf0ab8456b9611b30377c8d7480c9376bbbc29948ee57debe112af4b753686abd30254c66d7a76fd0aa42275edd8699f96a6725de4b8c41f4e0c912ac6a8a0e3666d3472fadcb2fc9a097d0614048d12cc529e94e79df56f07b3bac9e2c5b4926402b9ff5f2f22d90d6c08b4a30f68d5fb3b636b5071807ce0b7fd6c7cb2ef9e2a41ef15cf7d99762938c419228593d1973b6d89d7244b9e7a6a43ee857772b338b8bdbd5800a84b577a42cc9592e7db3d384a5fa9386cac72216cf8954c2cab587ef68583b8e0d423d913be2af18cf8de32ab8957d86d02ed6dfb9c424d27a0c8a46dc858b4afd853075211771c9bb6bd7614e2f93567a179ad5d6fab238d74f92cee1f211b4129db3ca6570bbf52c8a410d7785d398d76cb6e76b62a7c3d0353759bc7be617ea99522e97d39058cadad0ddb5ae9843998a6845ad026874f22eb0164ec27499aefa132222331d283ba017f96a46bd1e1d8c53655ddc30ebcfb021160e5ae9c9c77c349d00e530fc9f71e9e10392506f648c81702601aa7944a3aa90ab05353625b1f2b758aabfba7afec30b4ad7be5761354c49f1c71cabdb1550599224aa775883e7eccdfcc73d86e549da483752bbe8491a9d60bf07d691c763b98db2597ddc615e4fa4b6b957ae0bed7e2381f63e5c5fe12a5db1b4c3e3c3d45ed8838b5e3f894d629d9392b9ba41b69fcd7c77d203d63359657d595dbd1870c425361856c5c318b743130bb2620ff349fd998f9b149e4fdddb5ccd5588612ce45c34142b26d06e8bea7184a3e6e0d4e2a14664a65e68a0b687a5cbee042aa1abc2e8f04a1aa9be10aa30f62b4abd73fdf8b276ba0fba647de5d6876a824aff8f1f4c9ad840ed2e0d8374c1e2e0903c72daa963a672043d7b9aff82b6f605ba7ece52d5458a345fb11348bcfc9694d2a74d48f8be946584b0bdce31d5d3b819e0fcbe15e5e5ba28c1f01826750d8c5dab587c4fd9b4d639c5c3223f5c1cecadc482a8ce22d164a263ac176c56e984e195ed3a21cfecfb72bfe5144e948eaf3fcb37ff8adb04eee5fceacf74bf31d0ef5ac6fc274faf322d2311b83f3d8c0157aa03ea1483d414c1283b296f83cb98a726d83908a532b5f6c1d58910d3d7f9ecd96c6aa1a41f4dee06a171a2fd484c655bca3709d5d1bde07b2f66d93982782f540f3eec4bcda4d271d25eeca331a7e7591c5e14d833e38bdda6cea1109255a2dbf9a7ab3fea4b9ff46c2254c86cac54560430ce6ac747077a15f51fb4ce8fa754e92f4fe6b9a1eee28e1ee6ef0636e5066b959478cf23704b1e2213c520b0e31d18613a27f8fe3f094b009bd615da275e21249e84a965a47e6ec338b027cd8adb54f1298ee0a0776bb1f09b946554f178da4a8c523f28e480fd975c4290972c2aac4c7c1967bd7942fb457005c964e4094b6993bc138163d533840d3173bfbf4c077b2431d88334fbe335feba623b663564e57988d86ff006b6a7e2ce39927bd3e86809cd2e19af5de8c9d449f73f31d4372c7646e4136c13ae7dfb97a913cfb11d2685f0add77691750459b952ddd3bb93ce1b6907208b9e3fa5f773943e949f363211b05b461a72b4f37fe3e9203dcef296b204e1f8274eb26a55bfe3c4d1b287bc21d3b76972ebd3b927ad432861661c0a52225ca86aa4a9415c187802eb6ba46fb954cd9442dced2fac068829d314bb788284b8296ccc117120779932e92ad1ba8bdd623bc297e12c09d12d09cc353f367c3831e389b2e17c0bf1a490b80cf0b6bb9c113c7e43b1459871557e445c30cee5313e95430348f56f8769e8f51fcf37a51795dff1cca3aec64e0f76873511bef4378cf228efd7b8682deb8da26577bf7a779c663be780911f70a9fc6fbd748e6d60f0ff22de8af76c7ec9f52f904edbce87fd5700eead5925664a12503d7aa6d16a55bfced5d6459daa036b6bbca7df57795aa0eb96313715ba04b06e21cbecd2fe2c6aae40b5b0b16099b7eea00036b7fb8e2f64ee96715a95a728e53f24f5de09d314b3530d35af786f5c8c287990f9f41dfedde2e9bc9b655f9c43943d8497e4d11104b85c5d0ea48276b21f9d89ab01a75adc952a47e19d614224b7db33297cd8a94d9bc12cca777dbf95a43c320b838b865222c1fddd0d8ced45f5833f06109cb6b9e21638e2623fa2c85421c599a18703c880792f0012b03faf48959e93aae08d7ea29575178022e15a4276db242f425d798d40a072063472dbedca1af7fa87cbb7176ef4157980f0f6e47c6422d0c99d5a20163eea0f65f0d8351692780184ba8c626fc9fb43f4df025f11b793bf9baacd62a0db6ee89cb05bfccec3bfd2b5d71b4683509a3b92f0d15bf2913648df51f5c1ea7bc4d102669bdbc14da1d2e7258163b0bfad6b00b7ef18899bcd3e9d29ac1c09fa0d861f1758b063295c908346f1485c5e3db1b5d110f20b6f461c3ca4026ab9d6fc244d46c5bdcda77e9c7440b51ee9bef75f08ac0c790fdda2e28496c4cf1ee3b57f032427ec7cf2797ad62dfefeb80ef98ded5a97d1c24398b1eb294d47b29b4f0adac5a64fa6a2f855344eb838a581953dd335fe7a4ea2627cbec14117de926e0ed62834075376395e1b09bbc5473168e370c7d132eea296a857b054435df940fda5c0e236b1c1e0ac2cfc07c1c09c9f33b328d9e2f923ee15f8b95828b45f6071045adff928dbe9e091978fb538cb4cc43b8a106e4b908ed3f9368ed56226c365c4540a446653ea31f15755940dbfe835942c8b7d992e269175f6eaf5b8e59d9434f4314b5dc43a4a85a1704d523cda2930e76bd548a51c0239ec128af34b9b6e22fad08df5ff1098726d0f6901deabc0f5594beaf87cfc9c5327e5bd933456415e20eb55c5ae56e1e09085b702dbe3a089ceac078ceb2c3d93920e963a71654787c856efc2127d9cd1098575d704d46f7554426956364e5a663eabc95e9666ae714678ea13b9870e5709fa34b03bec9ee1080a159f958b307d4fc41942c561e4f5b09e883d4dc5b7039dbf3f337614d64d839b97ac832df1458306323000a3072f337dacf384d7c22149db8dbd2ba7bb95b7074c7fe68babbb3b38ea1ce49da885daef811f72c3433bdc2e811f5369c9daf9d7828f53f5c7e9b25d269c3ac096b72c5b31b203b97aa1467a73397606a23409d74686f481bf4634ab8ce1c0b1e54cce4cc934b1152a147caf36df8a1ef71767623c63958104ea33c9a94bb2534c28d6e6f3dfe3ec8eea5b56438bd14571d792abae249404837c2ed4cbb77e5e1799c7f16655ce044bb366981b1c17c7c3499e147d3ddbf73980f04c630d799b27f803213e5cf8434a1750194ca28980150a42810510f9239c8486f728725999de368f1b647e0eb807c5b00811f101c8771f498d950d537c91c36d79753d5019bc1122d02daaab3c54dc56766d9bfb628e5dfc7c1dd02cb584c37f498672b6461447270403dcff96b6fb24ee0cb2fa9libgnutls.so.30.31.0../doc/packages/libgnutls-devel/gnutls-client-server-use-case.png.gz../doc/packages/libgnutls-devel/gnutls-crypto-layers.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-sequence.png.gz../doc/packages/libgnutls-devel/gnutls-handshake-state.png.gz../doc/packages/libgnutls-devel/gnutls-internals.png.gz../doc/packages/libgnutls-devel/gnutls-layers.png.gz../doc/packages/libgnutls-devel/gnutls-logo.png.gz../doc/packages/libgnutls-devel/gnutls-modauth.png.gz../doc/packages/libgnutls-devel/gnutls-x509.png.gz../doc/packages/libgnutls-devel/pkcs11-vision.png.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootgnutls-3.7.3-150400.4.44.1.src.rpmgnutls-devellibgnutls-devellibgnutls-devel(x86-64)pkgconfig(gnutls) @@@@@@    /bin/sh/bin/sh/usr/bin/pkg-configcrypto-policiesglibc-develgnutlsinfolibgnutls30pkgconfig(hogweed)pkgconfig(libidn2)pkgconfig(libtasn1)pkgconfig(nettle)pkgconfig(p11-kit-1)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.7.33.7.33.0.4-14.6.0-14.0-15.2-14.14.3f@f@ee@e@e_>d'@c>@c@ccccʂ@c<@cWc@c=qc6@c6@bbb@b>by@by@b?@b4t@aaaZ@a@a*@a@ah`@``!@``OL@`OL@`KW`#`#`!'`U___E@_d@_cO__[@__[@_Wr@^y^(@^@^@^>@^@^k@^^^^@^x^x^9\]N@]@]@]A\P\\\N\+@\,[1[ā@[ā@[[["@[}P@[`O@Z@ZZ@Z@Z@Z`@Z@ZZz@Y@YX@Y@YzYYf@Y_wY[@Y9<@Y3@YY@Y@YYX@Xs{@XVz@XVz@WW@Wu WV@WcW VŲ@VHVU@UUHUHU<@U*^@UU@U@U ]@T@T@TcKpmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comotto.hollmann@suse.comotto.hollmann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comrichard.costa@suse.comrichard.costa@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comdimstar@opensuse.orgpmonreal@suse.compmonreal@suse.compmonreal@suse.comrpm@fthiessen.debwiedemann@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.comvcizek@suse.comdimstar@opensuse.orgvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comabergmann@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comvcizek@suse.comjsikes@suse.comjsikes@suse.commimi.vx@gmail.comandreas.stieger@gmx.deandreas.stieger@gmx.devcizek@suse.comandreas.stieger@gmx.devcizek@suse.comjsikes@suse.dejengelh@inai.dejsikes@suse.dejsikes@suse.devcizek@suse.comjbrielmaier@suse.devcizek@suse.comtchvatal@suse.comschwab@suse.delhenriques@suse.comvcizek@suse.comvcizek@suse.comschwab@suse.devcizek@suse.comjengelh@inai.devcizek@suse.comvcizek@suse.comro@suse.demeissner@suse.comkbabioch@suse.comfvogt@suse.comvcizek@suse.comastieger@suse.comvcizek@suse.comastieger@suse.comdimstar@opensuse.orgastieger@suse.comjengelh@inai.detchvatal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.combwiedemann@suse.comvcizek@suse.comvcizek@suse.comastieger@suse.commeissner@suse.comastieger@suse.comastieger@suse.comecsos@opensuse.orgastieger@suse.comvcizek@suse.commeissner@suse.comsleep_walker@opensuse.orgmeissner@suse.commrueckert@suse.demeissner@suse.comidonmez@suse.comastieger@suse.comvcizek@suse.comdmueller@suse.commeissner@suse.comschwab@linux-m68k.orgmeissner@suse.commeissner@suse.comastieger@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.commeissner@suse.com- Security fix: [bsc#1221747, CVE-2024-28835] * gnutls: certtool crash when verifying a certificate chain * Add gnutls-CVE-2024-28835.patch- Security fix: [bsc#1221746, CVE-2024-28834] * gnutls: side-channel in the deterministic ECDSA * Add gnutls-CVE-2024-28834.patch- jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread. [bsc#1221242] * Add gnutls-FIPS-jitterentropy-deinit-threads.patch- Security fix: [bsc#1218862, CVE-2024-0567] * gnutls: rejects certificate chain with distributed trust * Cockpit (which uses gnuTLS) rejects certificate chain with distributed trust. * Add gnutls-CVE-2024-0567.patch- Security fix: [bsc#1218865, CVE-2024-0553] * Incomplete fix for CVE-2023-5981. * The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. * Add gnutls-CVE-2024-0553.patch- Security fix: [bsc#1217277, CVE-2023-5981] * Fix timing side-channel inside RSA-PSK key exchange. * auth/rsa_psk: side-step potential side-channel * Add curl-CVE-2023-5981.patch- FIPS: PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. * Add gnutls-FIPS-pbkdf2-additional-requirements.patch- libgnutls: Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a * Add gnutls-increase-TLS-PSK-username-limit.patch- FIPS: Fix pct_test() return code in case of error [bsc#1207183] * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] * Add gnutls-FIPS-jitterentropy-threadsafe.patch- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Rebase patches with the version submitted upstream. * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch- Security Fix: [bsc#1208143, CVE-2023-0361] * Bleichenbacher oracle in TLS RSA key exchange * Add gnutls-CVE-2023-0361.patch- FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] * Add gnutls-FIPS-140-3-references.patch- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch- Fix AVX CPU feature detection for OSXSAVE [bsc#1203299] * Fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virutal systems. * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1282 * Add gnutls-clear-AVX-bits-if-it-cannot-be-queried-XSAVE.patch- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch- FIPS: Make XTS key check failure not fatal [bsc#1203779] * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch- FIPS: Zeroize the calculated hmac and new_hmac in the check_binary_integrity() function. [bsc#1191021] * Add gnutls-FIPS-Zeroize-check_binary_integrity.patch- FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). * Adapt the pbkdf2 selftest and the regression tests accordingly. * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy * Add gnutls-FIPS-jitterentropy.patch- Security fix: [bsc#1202020, CVE-2022-2509] * Fixed double free during verification of pkcs7 signatures * Add gnutls-CVE-2022-2509.patch- FIPS: * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] - gnutls_fips140_run_self_tests now properly releases fips_context- FIPS: * Add gnutls_ECDSA_signing.patch [bsc#1190698] - Check minimum keylength for symmetric key generation - Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] - Provides interface for running library self tests on-demand - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598- FIPS: Make sure zeroization is performed in all API functions * Add gnutls-zeroization-API-functions.patch [bsc#1191021] * Upsream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1573- FIPS: Add missing requirements for the SLI [bsc#1190698] * Remove 3DES from FIPS approved algorithms: - gnutls-Remove-3DES-from-FIPS-approved-algos.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1570 * DRBG service (gnutls_rnd) should be considered approved: - gnutls-Add-missing-FIPS-service-indicator-transitions.patch - gnutls-Add-missing-FIPS-service-indicator-transitions-tests.patch - gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569- FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] * Add gnutls-FIPS-Mark-HKDF-and-AES-GCM-as-approved-when-used-in-TLS.patch * Upstream issue: https://gitlab.com/gnutls/gnutls/issues/1311- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch * Upstream: https://gitlab.com/gnutls/gnutls/merge_requests/1561 - Enable to run the regression tests also in FIPS mode.- Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Add gnutls-FIPS-disable-failing-tests.patch * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - disable-psk-file-test.patch- FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch- FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch- Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans).- Add crypto-policies support in SLE-15-SP4 [jsc#SLE-20287]- Account for the libnettle soname bump [jsc#SLE-19765]- Update to 3.7.2 in SLE-15-SP4: [jsc#SLE-19765, jsc#SLE-18139] - Add gnutls-temporarily_disable_broken_guile_reauth_test.patch - Rebased patches: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch * gnutls-fips_mode_enabled.patch - Remove patches merged upstream: * gnutls-CVE-2020-11501.patch * gnutls-CVE-2020-13777.patch * gnutls-CVE-2020-24659.patch * gnutls-CVE-2021-20231.patch * gnutls-CVE-2021-20232.patch * gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch * gnutls-fips_XTS_key_check.patch * 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch * 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch * 0003-x509-trigger-fallback-verification-path-when-cert-is.patch * 0004-tests-add-test-case-for-certificate-chain-supersedin.patch * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch * 0001-Vendor-in-XTS-functionality-from-Nettle.patch * 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch * gnutls-3.6.7-fix-FTBFS-2024.patch * gnutls-3.6.7-reproducible-date.patch- Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579) - Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218)- Security fix: [bsc#1183456, CVE-2021-20232] * A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. - Add gnutls-CVE-2021-20232.patch- Security fix: [bsc#1183457, CVE-2021-20231] * A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. - Add gnutls-CVE-2021-20231.patch- Update to 3.7.1: [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] * Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. * Fixed a regression in handling duplicated certs in a chain. * Fixed sending of session ID in TLS 1.3 middlebox compatibility mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions. * Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode. * Added padlock acceleration for AES-192-CBC. - Remove patches upstream: * gnutls-gnutls-cli-debug.patch * gnutls-ignore-duplicate-certificates.patch * gnutls-test-fixes.patch- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] * Don't unset system priority settings in gnutls-cli-debug.sh * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 - Add gnutls-gnutls-cli-debug.patch- Fix: Test certificates in tests/testpkcs11-certs have expired * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 - Add gnutls-test-fixes.patch- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 - Add gnutls-ignore-duplicate-certificates.patch- Update to 3.7.0 * Depend on nettle 3.6 * Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains * Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification * OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension * Added a new set of API to enable QUIC implementation * The crypto implementation override APIs deprecated in 3.6.9 are now no-op * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support * Support for padlock has been fixed to make it work with Zhaoxin CPU * The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes - Remove patch fixed upstream: * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - Fix threading bug in libgnutls [bsc#1173434] * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch- Escape rpm command %%expand when used in comment.- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch- FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch- Fix heap buffer overflow in handshake with no_renegotiation alert sent * CVE-2020-24659 (bsc#1176181) - add gnutls-CVE-2020-24659.patch- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - add patches * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch - drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- Update to 3.6.15 * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. [GNUTLS-SA-2020-09-04, CVSS: medium] * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now indicates that with a false return value (!1306). * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked accordingly to SP800-56A rev 3 (!1295, !1299). * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than the size of the internal base64 blob (#1025). * libgnutls: Certificate verification failue due to OCSP must-stapling is not honered is now correctly marked with the GNUTLS_CERT_INVALID flag * libgnutls: The audit log message for weak hashes is no longer printed twice * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is disabled in the priority string. Previously, even when TLS 1.2 is explicitly disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is enabled (#1054). - drop upstreamed patches: * gnutls-detect_nettle_so.patch * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666) * add gnutls-detect_nettle_so.patch- Fix a memory leak that could lead to a DoS attack against Samba servers (bsc#1172663) * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch - Temporarily disable broken guile reauth test (bsc#1171565) * add gnutls-temporarily_disable_broken_guile_reauth_test.patch- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction) The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) * add patches: + gnutls-CVE-2020-13777.patch - Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * add patches: + 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch + 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch + 0003-x509-trigger-fallback-verification-path-when-cert-is.patch + 0004-tests-add-test-case-for-certificate-chain-supersedin.patch- Update to 3.6.14 * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) [GNUTLS-SA-2020-06-03, CVSS: high] * libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). * libgnutls: Added support for AES-SIV ciphers (#463). * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). * libgnutls: No longer use internal symbols exported from Nettle (!1235) * API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added - Add key D605848ED7E69871: public key "Daiki Ueno " to the keyring - Drop gnutls-fips_correct_nettle_soversion.patch (upstream)- Add RSA 4096 key generation support in FIPS mode (bsc#1171422) * add gnutls-3.6.7-fips-rsa-4096.patch- Don't check for /etc/system-fips which we don't have (bsc#1169992) * add gnutls-fips_mode_enabled.patch- Backport AES XTS support (bsc#1168835) * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch * add gnutls-fips_XTS_key_check.patch- Use correct nettle .so version when looking for a FIPS checksum (bsc#1166635) * add gnutls-fips_correct_nettle_soversion.patch- Update to 3.6.13 * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support) The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol (#960) [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345) * libgnutls: Added new APIs to access KDF algorithms (#813). * libgnutls: Added new callback gnutls_keylog_func that enables a custom logging functionality. * libgnutls: Added support for non-null terminated usernames in PSK negotiation (#586). * gnutls-cli-debug: Improved support for old servers that only support SSL 3.0.- Fix zero random value in DTLS client hello (CVE-2020-11501, bsc#1168345) * add gnutls-CVE-2020-11501.patch- Split off FIPS checksums into a separate libgnutls30-hmac subpackage (bsc#1152692) * update baselibs.conf- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue * No longer truncate output IV if input is shorter than block size. * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test * Added Diffie Hellman public key verification test. * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch- gnutls 3.6.12 * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) to identify sessions that client request OCSP status request (#829). * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 signature algorithm (RFC 8032) under TLS (#86). * libgnutls: Added the default-priority-string option to system configuration; it allows overriding the compiled-in default-priority-string. * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-07). By default this ciphersuite is disabled. It can be enabled by adding +GOST to priority string. In the future this priority string may enable other GOST ciphersuites as well. Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. * libgnutls: added priority shortcuts for different GOST categories like CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. * libgnutls: Reject certificates with invalid time fields. That is we reject certificates with invalid characters in Time fields, or invalid time formatting To continue accepting the invalid form compile with --disable-strict-der-time * libgnutls: Reject certificates which contain duplicate extensions. We were previously printing warnings when printing such a certificate, but that is not always sufficient to flag such certificates as invalid. Instead we now refuse to import them (#887). * libgnutls: If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level prior to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). * libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. * libgnutls: The stapled OCSP certificate verification adheres to the convention used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. * libgnutls: On client side only send OCSP staples if they have been requested by the server, and on server side always advertise that we support OCSP stapling * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible with gnutls_ocsp_req_t but const. * certtool: Added the --verify-profile option to set a certificate verification profile. Use '--verify-profile low' for certificate verification to apply the 'NORMAL' verification profile. * certtool: The add_extension template option is considered even when generating a certificate from a certificate request.- gnutls 3.6.11.1: * libgnutls: Corrected issue with TLS 1.2 session ticket handling as client during resumption * libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to the empty string. This is a behavioral change of the API but it conforms to the RFC4648 expectations * libgnutls: Fixed AES-CFB8 implementation, when input is shorter than the block size. Fix backported from nettle. * certtool: CRL distribution points will be set in CA certificates even when non self-signed * gnutls-cli/serv: added raw public-key handling capabilities (RFC7250). Key material can be set via the --rawpkkeyfile and - -rawpkfile flags.- gnutls 3.6.10: * Add support for deterministic ECDSA/DSA (RFC6979) * Add functions for in-place encryption/decryption of data buffers * server now selects the highest TLS protocol version, if TLS 1.3 is enabled and the client advertises an older protocol version first * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode and MAC generation based on GOST 28147-89 (IMIT) * certtool: when outputting an encrypted private key do not insert the textual description of it- Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)- gnutls 3.6.9: * add support for copying digest or MAC contexts * Mark the crypto implementation override APIs as deprecated * Add support for AES-GMAC, as a separate to GCM, MAC algorithm * Add support for Generalname registeredID * The priority configuration was enhanced to allow more elaborate system-wide configuration of the library - includes changes from 3.6.8: * Add support for AES-XTS cipher * Fix calculation of Streebog digests * During Diffie-Hellman operations in TLS, verify that the peer's public key is on the right subgroup (y^q=1 mod p), when q is available (under TLS 1.3 and under earlier versions when RFC7919 parameters are used). * Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion * certtool: allow the digital signature key usage flag in CA certificates * gnutls-cli/serv: add the --keymatexport and --keymatexportsize options. These allow testing the RFC5705 using these tools - drop patches to re-enable tests: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- Explicitly require libnettle 3.4.1 (bsc#1134856) * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order to fix CVE-2018-16868, the new implementation makes use of a new rsa_sec_decrypt() function introduced in libnettle 3.4.1 * libnettle was recently updated to the 3.4.1 version but we need to add explicit dependency on it to prevent missing symbol errors with the older versions- Restored autoreconf in build. - Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch since the version requirements of required libraries are once again automatically determined. - Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a better patch name for handling the '--with-guile-site-dir=' problem in 3.6.7.- Trim useless %if..%endif guards that do not affect the build. - Fix language errors in description again.- Update gnutls to 3.6.7 * * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). * * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) * * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. * * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. * * libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). * * libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). * * gnutls-cli: Added option --logfile to redirect informational messages output. - Disabled dane support since dane is not shipped with SLE-15 - Changed configure script to hardware guile site directory since command-line option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix compilation issues on PPC - Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868)- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). * * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). * Removed patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch * Added Patches: * * disable failing psk-file test (race condition): disable-psk-file-test.patch * * Patch configure script to accept specific versions of autotools and guile that are present in SUSE-SLE15. (A bug prevents configure from accepting a range of compatible versions. Upstream's solution is to hardwire for the most current versions.) gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch * Modified: * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - drop no longer needed gnutls-enbale-guile-2.2.patch - refresh disable-psk-file-test.patch- Update to 3.6.5 * * libgnutls: Provide the option of transparent re-handshake/reauthentication when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). * * libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) * * libgnutls: The priority functions will ignore and not enable TLS1.3 if requested with legacy TLS versions enabled but not TLS1.2. That is because if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). * * libgnutls: Change RSA decryption to use a new side-channel silent function. This addresses a security issue where memory access patterns as well as timing on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher attacks. Side-channel resistant code is slower due to the need to mask access and timings. When used in TLS the new functions cause RSA based handshakes to be between 13% and 28% slower on average (Numbers are indicative, the tests where performed on a relatively modern Intel CPU, results vary depending on the CPU and architecture used). This change makes nettle 3.4.1 the minimum requirement of gnutls (#630). [CVSS: medium] * * libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. * * libgnutls: Added support for EdDSA under PKCS#11 (#417) * * libgnutls: Added support for AES-CFB8 cipher (#357) * * libgnutls: Added support for AES-CMAC MAC (#351) * * libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D S-BOXes). They are fixed now. * * libgnutls: Added support for GOST key unmasking and unwrapped GOST private keys parsing, as specified in R 50.1.112-2016. * * gnutls-serv: It applies the default settings when no --priority option is given, using gnutls_set_default_priority(). * * p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin option (#561) * * certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. - minimum required libnettle is now 3.4.1 - refresh * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- search for guile-2.2 during configure, part of boo#1117121 add patches: * gnutls-enbale-guile-2.2.patch: search for guile-2.2 refresh patches: * disable-psk-file-test.patch: disable psk-file in Makefile.am- Temporarily disable failing psk-file test (race condition) * add disable-psk-file-test.patch- Version update to 3.6.4 (bsc#1111757): * * libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. * * libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where no certificates were returned, or the callbacks were set to NULL (see #528). * * libgnutls: gnutls_handshake() on server returns early on handshake when no certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START is specified. * * libgnutls: Added session ticket key rotation on server side with TOTP. The key set with gnutls_session_ticket_enable_server() is used as a master key to generate time-based keys for tickets. The rotation relates to the gnutls_db_set_cache_expiration() period. * * libgnutls: The 'record size limit' extension is added and preferred to the 'max record size' extension when possible. * * libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier (#569) * * libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import and export GOST parameters in the "native" little endian format used for these curves. This is an intentional incompatible change with 3.6.3. * * libgnutls: Added support for seperately negotiating client and server certificate types as defined in RFC7250. This mechanism must be explicitly enabled via the GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). - Drop upstreamed patch: * gnutls-3.6.3-backport-upstream-fixes.patch- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch test/Makefile.in as autoreconf does not work- Backport of upstream fixes (boo#1108450) * gnutls-3.6.3-backport-upstream-fixes.patch Fixes taken from upstream commits: * * 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function") * * 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks") * * 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello") The patch was taken from https://github.com/weechat/weechat/issues/1231- Security update Improve mitigations against Lucky 13 class of attacks * "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) * add patches: 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch- Update to 3.6.3 Fixes security issues: CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790 (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002) Other Changes: * * libgnutls: Introduced support for draft-ietf-tls-tls13-28 * * libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or earlier and TLS 1.3. * * Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. * * Provide a uniform cipher list across supported TLS protocols * * The SSL 3.0 protocol is disabled on compile-time by default. * * libgnutls: Introduced function to switch the current FIPS140-2 operational mode * * libgnutls: Introduced low-level function to assist applications attempting client hello extension parsing, prior to GnuTLS' parsing of the message. * * libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no modifications to the certificate. * * libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups which are preferred by the server. * * Improved counter-measures for TLS CBC record padding. * * Introduced the %FORCE_ETM priority string option. This option prevents the negotiation of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. * * libgnutls: gnutls_privkey_import_ext4() was enhanced with the GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. * * libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API change for these functions which make them err towards safety. * * libgnutls: improved aarch64 cpu features detection by using getauxval(). * * certtool: It is now possible to specify certificate and serial CRL numbers greater than 2**63-2 as a hex-encoded string both when prompted and in a template file. Default certificate serial numbers are now fully random. - don't run autoreconf to avoid pulling in gtk-doc- Require pkgconfig(autoopts) for building- Simplify the DANE support %ifdef condition * build with DANE on openSUSE only- Adjust RPM groups. Drop %if..%endif guards that are idempotent.- build without DANE support on SLE-15, as it doesn't have unbound (bsc#1086428)- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch the dtls-resume test still keeps randomly failing on PPC- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch patch does not apply any more and apparently the build suceeds even if the formerly flaky testcase is run (bsc#1086579)- gnutls.keyring: Nikos key refreshed to be unexpired- GnuTLS 3.6.2: * libgnutls: When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of insufficient security level. * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data MTU calculation now, it correctly accounts for the fixed overhead due to padding (as 1 byte), while at the same time considers the rest of the padding as part of data MTU. * libgnutls: Address issue of loading of all PKCS#11 modules on startup on systems with a PKCS#11 trust store (as opposed to a file trust store). Introduced a multi-stage initialization which loads the trust modules, and other modules are deferred for the first pure PKCS#11 request. * libgnutls: The SRP authentication will reject any parameters outside RFC5054. This protects any client from potential MitM due to insecure parameters. That also brings SRP in par with the RFC7919 changes to Diffie-Hellman. * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters for SRP authentication. * libgnutls: Addressed issue in the accelerated code affecting interoperability with versions of nettle >= 3.4. * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by Vitezslav Cizek). * srptool: the --create-conf option no longer includes 1024-bit parameters. * p11tool: Fixed the deletion of objects in batch mode. - Dropped gnutls-check_aes_keysize.patch as it is included upstream now.- Use %license (boo#1082318)- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) * add gnutls-check_aes_keysize.patch- GnuTLS 3.6.1: * Fix interoperability issue with openssl when safe renegotiation was used * gnutls_x509_crl_sign, gnutls_x509_crt_sign, gnutls_x509_crq_sign, were modified to sign with a better algorithm than SHA1. They will now sign with an algorithm that corresponds to the security level of the signer's key. * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal the function to auto-detect an appropriate hash algorithm to use. * Remove support for signature algorithms using SHA2-224 in TLS. TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm in TLS 1.2 * Refuse to use client certificates containing disallowed algorithms for a session, reverting a change on 3.5.5 * Refuse to resume a session which had a different SNI advertised That improves RFC6066 support in server side. * p11tool: Mark all generated objects as sensitive by default. * p11tool: added options --sign-params and --hash. This allows testing signature with multiple algorithms, including RSA-PSS.- Disable flaky dtls_resume test on Power * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch- GnuTLS 3.6.0: * Introduce a lock-free random generator which operates per- thread and eliminates random-generator related bottlenecks in multi-threaded operation. * Replace the Salsa20 random generator with one based on CHACHA. The goal is to reduce code needed in cache (CHACHA is also used for TLS), and the number of primitives used by the library. That does not affect the AES-DRBG random generator used in FIPS140-2 mode. * Add support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange * Add support for Ed25519 signing in certificates and TLS key exchange following draft-ietf-tls-rfc4492bis-17 * Enable X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. * Add support for Diffie-Hellman group negotiation following RFC7919. * Introduce various sanity checks on certificate import * Introduce gnutls_x509_crt_set_flags(). This function can set flags in the crt structure. The only flag supported at the moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity checks on import. * PKIX certificates with unknown critical extensions are rejected on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS * Refuse to generate a certificate with an illegal version, or an illegal serial number. That is, gnutls_x509_crt_set_version() and gnutls_x509_crt_set_serial(), will fail on input considered to be invalid in RFC5280. * Call to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused * Add support for PKCS#12 files with no salt (zero length) in their password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. * libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. * Add new callback setting function to gnutls_privkey_t for external keys. The new function (gnutls_privkey_import_ext4), allows signing in addition to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. * Introduce the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These allows enabling all broken and SHA1-based signature algorithms in certificate verification, respectively. * 3DES-CBC is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+3DES-CBC". * SHA1 was marked as insecure for signing certificates. Verification of certificates signed with SHA1 is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. Other uses of SHA1 are still allowed. * RIPEMD160 was marked as insecure for certificate signatures. Verification of certificates signed with RIPEMD160 hash algorithm is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. * No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. These curves were rarely used for that purpose, provide no advantage over x25519 and were deprecated by TLS 1.3. * Remove support for DEFLATE, or any other compression method. * OpenPGP authentication was removed; the resulting library is ABI compatible, with the openpgp related functions being stubs that fail on invocation. Drop gnutls-broken-openpgp-tests.patch, no longer required. * Remove support for libidn (i.e., IDNA2003); gnutls can now be compiled only with libidn2 which provides IDNA2008. * certtool: The option '--load-ca-certificate' can now accept PKCS#11 URLs in addition to files. * certtool: The option '--load-crl' can now be used when generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). * certtool: Keys with provable RSA and DSA parameters are now only read and exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. This removes support for the previous a non-standard key format. * certtool: Added support for generating, printing and handling RSA-PSS and Ed25519 keys and certificates. * certtool: the parameters --rsa, --dsa and --ecdsa to - -generate-privkey are now deprecated, replaced by the - -key-type option. * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were replaced by the --generate-privkey option. * psktool: Generate 256-bit keys by default. * gnutls-server: Increase request buffer size to 16kb, and added the --alpn and --alpn-fatal options, allowing testing of ALPN negotiation. * Enables FIPS 140-2 mode during build- Buildrequire iproute2: the test suite calls /usr/bin/ss and as such we have to ensure to pull it in.- GnuTLS 3.5.15: * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode * certtool: Keys with provable RSA and DSA parameters are now only exported in PKCS#8 form- RPM group fix. Diversification of summaries. - Avoid aims and future plans in description. Say what it does now.- Drop the deprecated openssl compat ; discussed and suggested by vcizek - Cleanup a bit with spec-cleaner- GnuTLS 3.5.14: * Handle specially HSMs which request explicit authentication * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs * do not set leading zeros when copying integers on HSMs * Fix issue discovering certain OCSP signers, and improved the discovery of OCSP signer in the case where the Subject Public Key identifier field matches * ensure OCSP responses are saved with --save-ocsp even if certificate verification fails.- GnuTLS 3.5.13: * libgnutls: fixed issue with AES-GCM in-place encryption and decryption in aarch64 * libgnutls: no longer parse the ResponseID field of the status response TLS extension. The field is not used by GnuTLS nor is made available to calling applications. That addresses a null pointer dereference on server side caused by packets containing the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 * libgnutls: tolerate certificates which do not have strict DER time encoding. It is possible using 3rd party tools to generate certificates with time fields that do not conform to DER requirements. Since 3.4.x these certificates were rejected and cannot be used with GnuTLS, however that caused problems with existing private certificate infrastructures, which were relying on such certificates. Tolerate reading and using these certificates. * minitasn1: updated to libtasn1 4.11. * certtool: allow multiple certificates to be used in --p7-sign with the --load-certificate option- GnuTLS 3.5.12: * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses against DNS fields of certificate (CN or DNSname). The previous behavior was to tolerate some misconfigured servers, but that was non-standard and skipped any IP constraints present in higher level certificates. * libgnutls: when converting to IDNA2008, fallback to IDNA2003 (i.e., transitional encoding) if the domain cannot be converted. That provides maximum compatibility with browsers like firefox that perform the same conversion. * libgnutls: fix issue in RSA-PSK client callback which resulted in no username being sent to the peer * libgnutls: fix regression causing stapled extensions in trust modules not to be considered. * certtool: introduced the email_protection_key option. This option was introduced in documentation for certtool without an implementation of it. It is a shortcut for option 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. * certtool: made printing of key ID and key PIN consistent between certificates, public keys, and private keys. That is the private key printing now uses the same format as the rest. * gnutls-cli: introduced the --sni-hostname option. This allows overriding the hostname advertised to the peer.- skip trust-store tests to avoid build cycle with ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch- GnuTLS 3.5.11: * gnutls.pc: do not include libtool options into Libs.private. * libgnutls: Fixed issue when rehandshaking without a client certificate in a session which initially used one * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access. That allows PKCS#11 operations such as signing to be performed with the same object from multiple threads. * libgnutls: when disabling OpenPGP authentication, the resulting library is ABI compatible (will openpgp related functions being stubs that fail on invocation).- call gzip -n to make build fully reproducible- update to 3.5.10 * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173 * gnutls.pc: do not include libidn2 in Requires.private * libgnutls: optimized access to subject alternative names (SANs) in parsed certificates * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469 when printing certificate information. * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify() flags can be set from the gnutls_certificate_verify_flags enumeration. This allows the functions to pass the same flags available for certificates to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or GNUTLS_VERIFY_ALLOW_BROKEN). * libgnutls: gnutls_store_commitment() can accept flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate in applications which use SHA1 for example, after SHA1 is deprecated. * certtool: No longer ignore the 'add_critical_extension' template option if the 'add_extension' option is not present. * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream) - drop gnutls-3.5.9-pkgconfig.patch (upstream) - remove unknown --disable-srp flag (bsc#901857)- disable the deprecated OpenPGP authentication support * see https://gitlab.com/gnutls/gnutls/issues/102 - add gnutls-broken-openpgp-tests.patch- GnuTLS 3.5.9: * libgnutls: OpenPGP references removed, functionality deprecated * libgnutls: Improve detection of AVX support * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 * p11tool: re-use ID from corresponding objects when writing certificates. * API and ABI modifications: gnutls_idna_map: Added gnutls_idna_reverse_map: Added - prevent pkgconfig issues due to libidn2 when building with GnuTLS add gnutls-3.5.9-pkgconfig.patch- Version 3.5.8 (released 2016-01-09) * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* functions will not leave the verification profiles field to an undefined state. The last call will take precedence. * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned by PKCS#8 decryption functions when an invalid key is provided. This addresses regression on decrypting certain PKCS#8 keys. * libgnutls: Introduced option to override the default priority string used by the library. The intention is to allow support of system-wide priority strings (as set with --with-system-priority-file). The configure option is --with-default-priority-string. * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. This prevents crashes when decrypting malformed PKCS#8 keys. * libgnutls: Fix crash on the loading of malformed private keys with certain parameters set to zero. * libgnutls: Fix double free in certificate information printing. If the PKIX extension proxy was set with a policy language set but no policy specified, that could lead to a double free. * libgnutls: Addressed memory leaks in client and server side error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks in X.509 certificate printing error paths (issues found using oss-fuzz project) * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. (issues found using oss-fuzz project) - security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2- GnuTLS 3.5.7, the next stable branch, with the following highlights: * SHA3 as a certificate signature algorithm * X25519 (formerly curve25519) for ephemeral EC diffie-hellman key exchange * TLS false start * New APIs to access the Shawe-Taylor-based provable RSA and DSA parameter generation * Prevent the change of identity on rehandshakes by default- GnuTLS 3.4.17: * libgnutls: Introduced time and constraints checks in the end certificate in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() functions. * libgnutls: Set limits on the maximum number of alerts handled. That is, applications using gnutls could be tricked into an busy loop if the peer sends continuously alert messages. Applications which set a maximum handshake time (via gnutls_handshake_set_timeout) will eventually recover but others may remain in a busy loops indefinitely. This is related but not identical to CVE-2016-8610, due to the difference in alert handling of the libraries (gnutls delegates that handling to applications). boo#1005879 * libgnutls: Enhanced the PKCS#7 parser to allow decoding old (pre-rfc5652) structures with arbitrary encapsulated content. * libgnutls: Backported cipher priorities order from 3.5.x branch That adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings. * certtool: When exporting a CRQ in DER format ensure no text data are intermixed. * API and ABI modifications: gnutls_pkcs7_get_embedded_data_oid: Added - includes changes from 3.4.16: * libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key() failures due to key mismatch. This prevents leaks or double freeing on such failures. * libgnutls: Increased the maximum size of the handshake message hash. This will allow the library to cope better with larger packets, as the ones offered by current TLS 1.3 drafts. * libgnutls: Allow to use client certificates despite them containing disallowed algorithms for a session. That allows for example a client to use DSA-SHA1 due to his old DSA certificate, without requiring him to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). * guile: Backported all improvements from 3.5.x branch. * guile: Update code to the I/O port API of Guile >= 2.1.4 This makes sure the GnuTLS bindings will work with the forthcoming 2.2 stable series of Guile, of which 2.1 is a preview.- GnuTLS 3.4.15: * libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. * libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain. * libgnutls: Added support for decrypting PKCS#8 files which use the HMAC-SHA256 as PRF. * libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. - fix build error for 13.2, 42.1 and 42.2- GnuTLS 3.4.14: * libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2, boo#988276) * libgnutls: Fixed DTLS handshake packet reconstruction. * libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER - drop upstreamed 0001-tests-use-datefudge-in-name-constraints-test.patch- Fix a problem with expired test certificate by using datefudge (boo#987139) * add 0001-tests-use-datefudge-in-name-constraints-test.patch- Version 3.4.13 (released 2016-06-06) * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with NSS instead of using a separate variable; in addition append any keys to the file instead of overwriting it. * libgnutls: use secure_getenv() where available to obtain environment variables. Addresses GNUTLS-SA-2016-1. - Version 3.4.12 (released 2016-05-20) * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that operation could fail on certain PKCS#11 modules. * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS name of the certificates if the provided names are NULL. * libgnutls: when receiving SNI names, only save and expose to application the supported DNS names. * libgnutls: when importing the certificate names at the gnutls_certificate_set* functions, only consider the CN as a fallback if DNS names are provided via the alternative name extension. * gnutls-cli: on OCSP verification do not fail if we have a single valid reply. Report and reproducer by Thomas Klute. * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to log session keys in client side. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark.- enabled guile support - removed duplicates- Updated to 3.4.11 * Version 3.4.11 (released 2016-04-11) * * libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported by Fridolin Pokorny. * * libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Corrected behavior of ALPN extension parsing during session resumption. Report and patches by Yuriy M. Kaminskiy. * * libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set() which caused it not to accept non-null- terminated hostnames. Reported by Tim Ruehsen. * * libgnutls: Corrected printing of the IP Adress name constraints. * * ocsptool: use HTTP/1.0 for requests. This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. * * certtool: do not require a CA for OCSP signing tag. This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. * Version 3.4.10 (released 2016-03-03) * * libgnutls: Eliminated issues preventing buffers more than 2^32 bytes to be used with hashing functions. * * libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import(). * * libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches by Jan Vcelak. * * libgnutls: Several fixes to prevent relying on undefined behavior of C (found with libubsan). * Version 3.4.9 (released 2016-02-03) * * libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate the last commonly supported protocol, rather than the first. Reported by Remi Denis-Courmont (#63). * * libgnutls: Tolerate empty DN fields in informational output functions. * * libgnutls: Corrected regression causes by incorrect fix in gnutls_x509_ext_export_key_usage() at 3.4.8 release.- follow the work in the unbound package and use the libunbound-devel symbol for the buildrequires. we override it for the distro build with libunbound-devel-mini to avoid build loops.- reenable dane support, require unbound-devel bsc#964346 - split out libgnutls-dane-devel to try to avoid build cycle.- Update to 3.4.8 All changes since 3.4.4: * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when used with PKCS #11 keys. * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import their public keys from either a public key object or a certificate. That is, because private keys do not contain all the required parameters for a direct import. * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 tokens. * libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage() * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to draft-ietf-tls-chacha20-poly1305-02. * libgnutls: Several fixes in PKCS #7 signing which improve compatibility with the MacOSX tools. * libgnutls: The max-record extension not negotiated on DTLS. This resolves issue with the max-record being negotiated but ignored. * certtool: Added the --p7-include-cert and --p7-show-data options. * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 ciphersuites. This solves an interoperability issue with openssl. * libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info(). * libgnutls: On a rehandshake allow switching from anonymous to ECDHE and DHE ciphersuites. * libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128 from using arbitrary key sizes. * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping the implicit global initialization. * gnutls.pc: Don't include libtool specific options to link flags. * tools: Better support for FTP AUTH TLS negotiation * libgnutls: Added new simple verification functions. That avoids the need to install a callback to perform certificate verification. See doc/examples/ex-client-x509.c for usage. * libgnutls: Introduced the security parameter 'future' which is at the 256-bit level of security, and 'ultra' was aligned to its documented size at 192-bits. * libgnutls: When writing a certificate into a PKCS #11 token, ensure that CKA_SERIAL_NUMBER and CKA_ISSUER are written. * libgnutls: Allow the presence of legacy ciphers and key exchanges in priority strings and consider them a no-op. * libgnutls: Handle the extended master secret as a mandatory extension. That fixes incompatibility issues with Chromium (#45). * libgnutls: Added the ability to copy a public key into a PKCS #11 token. * tools: Added support for LDAP and XMPP negotiation for STARTTLS. * p11tool: Allow writing a public key into a PKCS #11 token. * certtool: Key generation security level was switched to HIGH. That is, by default the tool generates 3072 bit keys for RSA and DSA. * libgnutls: When re-importing CRLs to a trust list ensure that there no duplicate entries. * certtool: Removed any arbitrary limits imposed on input file sizes and maximum number of certificates imported. * certtool: Allow specifying fixed dates on CRL generation. * gnutls-cli-debug: Added check for inappropriate fallback support (RFC7507).- Update to 3.4.4 This update contains a fix for a denial of service vulnerability: * Allow the parsing of very long DNs. Also fixes double free in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 Other changes: * Add high level API (gnutls_prf_rfc5705) to access the PRF as specified by RFC5705. * Link to trousers (TPM library) dynamically when this functionality is requested. (disabled in SUSE package) * Fix issue with server side sending the status request extension even when not requested. * Add support for RFC7507 by introducing the %FALLBACK_SCSV priority string option. * gnutls_pkcs11_privkey_generate2() will store the generated public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is specified. * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. * API and ABI modifications: gnutls_prf_rfc5705: Added gnutls_hex_encode2: Added gnutls_hex_decode2: Added - build with autogen for libopts compatibility - fix failures in test suite, add upstream commits 0001-certtool-lifted-limits-on-file-size-to-load.patch 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch- update to 3.4.3 * * libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. * * libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). * * libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. * * libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. * * libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. * * libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. * * p11tool: Added --list-token-urls option, and print the token module name in list-tokens. * * libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * * libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. * * libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * * libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. * * certtool: Added options to generate PKCS #7 bundles and signed structures. - includes changes from 3.4.2: * DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. * Correct regression with Camellia-256-GCM cipher. * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. * Enhance the PKCS #7 API to allow signing and verification of structures. Move API to gnutls/pkcs7.h header. * certtool: Added options to generate PKCS #7 bundles and signed structures.- disable testsuite run against valgrind on aarch64- Updated to 3.4.1 (released 2015-05-03) * * libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. * * libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. * * libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. * * libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. * * libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 * * libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. * * certtool: It can generate SHA256 key IDs. * * gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. * * API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added - gnutls-fix-double-mans.patch: fixed upstream- Disable buggy valgrind on armv7l- updated to 3.4.0 (released 2015-04-08) * * libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. * * libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". * * libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. * * libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. * * libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). * * libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". * * libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". * * libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. * * libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. * * libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. * * libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. * * libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). * * libgnutls: Depend on nettle 3.1. * * libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. * * libgnutls: Use pthread_atfork() to detect fork when available. * * libgnutls: The gnutls_handshake() process will enforce a timeout by default. * * libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. * * libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. * * libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. * * libgnutls: Added helper functions to obtain information on PKCS #8 structures. * * libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. * * libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). * * libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). * * libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). * * libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. * * libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. * * libgnutls-openssl: it is no longer built by default. * * certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. * * certtool: --key-info option will print PKCS #8 encryption information when available. * * certtool: Added the --key-id and --fingerprint options. * * certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). * * certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. * * certtool: it will print the A-label (ACE) names in addition to UTF-8. * * p11tool: added options --set-id and --set-label. * * gnutls-cli: added options --priority-list and --save-cert. * * guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. * * guile: Remove RSA parameters and related procedures. This API had been deprecated. * * guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.- updated to 3.3.13 (released 2015-03-30) * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. * * libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. * * libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). * * libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. * * libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 - new main library major version .so.30 - requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1 - Now need to configure --enable-openssl-compatibility (might go away) - added gnutls-fix-double-mans.patch: avoid double installing manpages - dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed anymore - install_info_delete moved from %postun to %preun- for DANE support, use bcond_with - for tpm support, same - note p11-kit >= 0.20.7 requirement - note libtasn1 3.9 requirement (built-in lib used otherwise)- disable trousers and unbound again for now, as it causes too long build cycles.- added unbound-devel (for DANE) and trousers-devel (for TPM support) - removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff - libgnutls-dane0 new library added - updated to 3.3.13 (released 2015-02-25) * * libgnutls: Enable AESNI in GCM on x86 * * libgnutls: Fixes in DTLS message handling * * libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. * * gnutls-cli: Fixes in OCSP verification. - Version 3.3.12 (released 2015-01-17) * * libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html * * libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. * * libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. * * libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 * * libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 * * libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. * * libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. * * libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. * * certtool: --pubkey-info will also attempt to load a public key from stdin. * * gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. - Version 3.3.11 (released 2014-12-11) * * libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. * * libgnutls: Corrected parsing issue with OCSP responses. - Version 3.3.10 (released 2014-11-10) * * libgnutls: Refuse to import v1 or v2 certificates that contain extensions. * * libgnutls: Fixes in usage of PKCS #11 token callback * * libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. * * libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. * * libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. * * certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. - Version 3.3.9 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. * * libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls-dane: Do not require the CA on a ca match to be direct CA. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details. * * certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. - Version 3.3.8 (released 2014-09-18) * * libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. * * libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. * * libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. * * libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. * * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. * * libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. * * libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). * * libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. * * libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. * * libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. * * libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. * * p11tool: when listing tokens, list their type as well. * * p11tool: when listing objects from a trust module print any attached extensions on certificates. - Version 3.3.7 (released 2014-08-24) * * libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. * * libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. * * libgnutls: bundle replacements of inet_pton and inet_aton if not available. * * libgnutls: initialize parameters variable on PKCS #8 decryption. * * libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. * * libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. * * libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. * * libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. * * p11tool: Added --info parameter. * * certtool: Added --mark-wrap parameter. * * danetool: --check will attempt to retrieve the server's certificate chain and verify against it. * * danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. * * danetool: Added openssl linking exception, to allow linking with libunbound. - Version 3.3.6 (released 2014-07-23) * * libgnutls: Use inet_ntop to print IP addresses when available * * libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. * * libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. * * libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. * * libgnutls: fixed PKCS #11 private key operations after a fork. * * libgnutls: fixed PKCS #11 ECDSA key generation. * * libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 * * libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. * * p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. * * p11tool: ask for label when one isn't provided. * * p11tool: added --batch parameter to disable any interactivity. * * p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. * * certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. - Version 3.3.5 (released 2014-06-26) * * libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. * * libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. * * libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. * * libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. * * libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. * * certtool: option --to-p12 will now consider --load-ca-certificate * * certtol: Added option to specify the PKCS #12 friendly name on command line. * * p11tool: Allow marking a certificate copied to a token as a CA. - Version 3.3.4 (released 2014-05-31) * * libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. - Version 3.3.3 (released 2014-05-30) * * libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. * * libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. * * libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. * * libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. * * libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 * * gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. * * gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. * * certtool: Allow multiple organizations and organizational unit names to be specified in a template. * * certtool: Warn when invalid configuration options are set to a template. * * ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. - Version 3.3.2 (released 2014-05-06) * * libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. * * libgnutls: Corrected file descriptor leak on random generator initialization. * * libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. * * libgnutls: Avoid deinitialization if initialization has failed. * * libgnutls: null-terminate othername alternative names. * * libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. * * libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. * * libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. * * libgnutls-guile: Fixed compilation issue. * * certtool: Allow exporting a CRL on DER format. * * certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. - Version 3.3.1 (released 2014-04-19) * * libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. * * libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. * * libgnutls: Several small bug fixes found by coverity. * * libgnutls: The conditionally available self-test functions were moved to self-test.h. * * libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. * * libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. * * libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. * * libgnutls: Corrected the *get_*_othername_oid() functions. - Version 3.3.0 (released 2014-04-10) * * libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. * * libgnutls: static libraries are not built by default. * * libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. * * libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. * * libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). * * libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. * * libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. * * libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). * * libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. * * libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. * * libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). * * libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). * * libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. * * libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. * * libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. * * libgnutls: Depend on p11-kit 0.20.0 or later. * * libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. * * libgnutls: The experimental xssl library is removed from the gnutls distribution. * * libgnutls: Reduced the number of gnulib modules used in the main library. * * libgnutls: Added priority string %DISABLE_WILDCARDS. * * libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). * * certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). * * certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. * * certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. * * libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT).- build with PIE for commandline tools- Updated to 3.2.21 (released 2014-12-11) - libgnutls: Corrected regression introduced in 3.2.19 related to session renegotiation. Reported by Dan Winship. - libgnutls: Corrected parsing issue with OCSP responses.- Updated to 3.2.20 (released 2014-11-10) * * libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. (CVE-2014-8564 bnc#904603) - Updated to 3.2.19 (released 2014-10-13) * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. * * libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. * * libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. * * guile: new 'set-session-server-name!' procedure; see the manual for details./bin/sh/bin/shh03-ch2d 1712671219  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.7.3-150400.4.44.13.7.3-150400.4.44.13.7.3-150400.4.44.13.7.3 gnutlsabstract.hcompat.hcrypto.hdtls.hgnutls.hocsp.hopenpgp.hpkcs11.hpkcs12.hpkcs7.hself-test.hsocket.hsystem-keys.htpm.hurls.hx509-ext.hx509.hlibgnutls.sognutls.pclibgnutls-develexamplesex-alert.cex-cert-select-pkcs11.cex-cert-select.cex-client-anon.cex-client-dtls.cex-client-psk.cex-client-resume.cex-client-srp.cex-client-x509-3.1.cex-client-x509.cex-crq.cex-ocsp-client.cex-pkcs11-list.cex-pkcs12.cex-serv-anon.cex-serv-dtls.cex-serv-psk.cex-serv-srp.cex-serv-x509.cex-session-info.cex-verify-ssh.cex-verify.cex-x509-info.cexamples.hprint-ciphersuites.ctcp.cudp.cverify.cgnutls-client-server-use-case.png.gzgnutls-crypto-layers.png.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.htmlpkcs11-vision.png.gzreferenceapi-index-full.htmlgnutls-abstract.htmlgnutls-crypto.htmlgnutls-dtls.htmlgnutls-gnutls.htmlgnutls-ocsp.htmlgnutls-openpgp.htmlgnutls-pkcs11.htmlgnutls-pkcs12.htmlgnutls-tpm.htmlgnutls-x509.htmlgnutls.devhelp2home.png.gzindex.htmlintro.htmlleft-insensitive.png.gzleft.png.gzright-insensitive.png.gzright.png.gzstyle.cssup-insensitive.png.gzup.png.gzgnutls-client-server-use-case.png.gzgnutls-crypto-layers.png.gzgnutls-guile.info.gzgnutls-handshake-sequence.png.gzgnutls-handshake-state.png.gzgnutls-internals.png.gzgnutls-layers.png.gzgnutls-logo.png.gzgnutls-modauth.png.gzgnutls-x509.png.gzgnutls.info-1.gzgnutls.info-2.gzgnutls.info-3.gzgnutls.info-4.gzgnutls.info-5.gzgnutls.info-6.gzgnutls.info-7.gzgnutls.info.gzpkcs11-vision.png.gzdane_cert_type_name.3.gzdane_cert_usage_name.3.gzdane_match_type_name.3.gzdane_query_data.3.gzdane_query_deinit.3.gzdane_query_entries.3.gzdane_query_status.3.gzdane_query_tlsa.3.gzdane_query_to_raw_tlsa.3.gzdane_raw_tlsa.3.gzdane_state_deinit.3.gzdane_state_init.3.gzdane_state_set_dlv_file.3.gzdane_strerror.3.gzdane_verification_status_print.3.gzdane_verify_crt.3.gzdane_verify_crt_raw.3.gzdane_verify_session_crt.3.gzgnutls_aead_cipher_decrypt.3.gzgnutls_aead_cipher_decryptv2.3.gzgnutls_aead_cipher_deinit.3.gzgnutls_aead_cipher_encrypt.3.gzgnutls_aead_cipher_encryptv.3.gzgnutls_aead_cipher_encryptv2.3.gzgnutls_aead_cipher_init.3.gzgnutls_alert_get.3.gzgnutls_alert_get_name.3.gzgnutls_alert_get_strname.3.gzgnutls_alert_send.3.gzgnutls_alert_send_appropriate.3.gzgnutls_alert_set_read_function.3.gzgnutls_alpn_get_selected_protocol.3.gzgnutls_alpn_set_protocols.3.gzgnutls_anon_allocate_client_credentials.3.gzgnutls_anon_allocate_server_credentials.3.gzgnutls_anon_free_client_credentials.3.gzgnutls_anon_free_server_credentials.3.gzgnutls_anon_set_params_function.3.gzgnutls_anon_set_server_dh_params.3.gzgnutls_anon_set_server_known_dh_params.3.gzgnutls_anon_set_server_params_function.3.gzgnutls_anti_replay_deinit.3.gzgnutls_anti_replay_enable.3.gzgnutls_anti_replay_init.3.gzgnutls_anti_replay_set_add_function.3.gzgnutls_anti_replay_set_ptr.3.gzgnutls_anti_replay_set_window.3.gzgnutls_auth_client_get_type.3.gzgnutls_auth_get_type.3.gzgnutls_auth_server_get_type.3.gzgnutls_base64_decode2.3.gzgnutls_base64_encode2.3.gzgnutls_buffer_append_data.3.gzgnutls_bye.3.gzgnutls_certificate_activation_time_peers.3.gzgnutls_certificate_allocate_credentials.3.gzgnutls_certificate_client_get_request_status.3.gzgnutls_certificate_expiration_time_peers.3.gzgnutls_certificate_free_ca_names.3.gzgnutls_certificate_free_cas.3.gzgnutls_certificate_free_credentials.3.gzgnutls_certificate_free_crls.3.gzgnutls_certificate_free_keys.3.gzgnutls_certificate_get_crt_raw.3.gzgnutls_certificate_get_issuer.3.gzgnutls_certificate_get_ocsp_expiration.3.gzgnutls_certificate_get_ours.3.gzgnutls_certificate_get_peers.3.gzgnutls_certificate_get_peers_subkey_id.3.gzgnutls_certificate_get_trust_list.3.gzgnutls_certificate_get_verify_flags.3.gzgnutls_certificate_get_x509_crt.3.gzgnutls_certificate_get_x509_key.3.gzgnutls_certificate_send_x509_rdn_sequence.3.gzgnutls_certificate_server_set_request.3.gzgnutls_certificate_set_dh_params.3.gzgnutls_certificate_set_flags.3.gzgnutls_certificate_set_key.3.gzgnutls_certificate_set_known_dh_params.3.gzgnutls_certificate_set_ocsp_status_request_file.3.gzgnutls_certificate_set_ocsp_status_request_file2.3.gzgnutls_certificate_set_ocsp_status_request_function.3.gzgnutls_certificate_set_ocsp_status_request_function2.3.gzgnutls_certificate_set_ocsp_status_request_mem.3.gzgnutls_certificate_set_params_function.3.gzgnutls_certificate_set_pin_function.3.gzgnutls_certificate_set_rawpk_key_file.3.gzgnutls_certificate_set_rawpk_key_mem.3.gzgnutls_certificate_set_retrieve_function.3.gzgnutls_certificate_set_retrieve_function2.3.gzgnutls_certificate_set_retrieve_function3.3.gzgnutls_certificate_set_trust_list.3.gzgnutls_certificate_set_verify_flags.3.gzgnutls_certificate_set_verify_function.3.gzgnutls_certificate_set_verify_limits.3.gzgnutls_certificate_set_x509_crl.3.gzgnutls_certificate_set_x509_crl_file.3.gzgnutls_certificate_set_x509_crl_mem.3.gzgnutls_certificate_set_x509_key.3.gzgnutls_certificate_set_x509_key_file.3.gzgnutls_certificate_set_x509_key_file2.3.gzgnutls_certificate_set_x509_key_mem.3.gzgnutls_certificate_set_x509_key_mem2.3.gzgnutls_certificate_set_x509_simple_pkcs12_file.3.gzgnutls_certificate_set_x509_simple_pkcs12_mem.3.gzgnutls_certificate_set_x509_system_trust.3.gzgnutls_certificate_set_x509_trust.3.gzgnutls_certificate_set_x509_trust_dir.3.gzgnutls_certificate_set_x509_trust_file.3.gzgnutls_certificate_set_x509_trust_mem.3.gzgnutls_certificate_type_get.3.gzgnutls_certificate_type_get2.3.gzgnutls_certificate_type_get_id.3.gzgnutls_certificate_type_get_name.3.gzgnutls_certificate_type_list.3.gzgnutls_certificate_verification_profile_get_id.3.gzgnutls_certificate_verification_profile_get_name.3.gzgnutls_certificate_verification_status_print.3.gzgnutls_certificate_verify_peers.3.gzgnutls_certificate_verify_peers2.3.gzgnutls_certificate_verify_peers3.3.gzgnutls_check_version.3.gzgnutls_cipher_add_auth.3.gzgnutls_cipher_decrypt.3.gzgnutls_cipher_decrypt2.3.gzgnutls_cipher_deinit.3.gzgnutls_cipher_encrypt.3.gzgnutls_cipher_encrypt2.3.gzgnutls_cipher_get.3.gzgnutls_cipher_get_block_size.3.gzgnutls_cipher_get_id.3.gzgnutls_cipher_get_iv_size.3.gzgnutls_cipher_get_key_size.3.gzgnutls_cipher_get_name.3.gzgnutls_cipher_get_tag_size.3.gzgnutls_cipher_init.3.gzgnutls_cipher_list.3.gzgnutls_cipher_set_iv.3.gzgnutls_cipher_suite_get_name.3.gzgnutls_cipher_suite_info.3.gzgnutls_cipher_tag.3.gzgnutls_compression_get.3.gzgnutls_compression_get_id.3.gzgnutls_compression_get_name.3.gzgnutls_compression_list.3.gzgnutls_credentials_clear.3.gzgnutls_credentials_get.3.gzgnutls_credentials_set.3.gzgnutls_crypto_register_aead_cipher.3.gzgnutls_crypto_register_cipher.3.gzgnutls_crypto_register_digest.3.gzgnutls_crypto_register_mac.3.gzgnutls_db_check_entry.3.gzgnutls_db_check_entry_expire_time.3.gzgnutls_db_check_entry_time.3.gzgnutls_db_get_default_cache_expiration.3.gzgnutls_db_get_ptr.3.gzgnutls_db_remove_session.3.gzgnutls_db_set_cache_expiration.3.gzgnutls_db_set_ptr.3.gzgnutls_db_set_remove_function.3.gzgnutls_db_set_retrieve_function.3.gzgnutls_db_set_store_function.3.gzgnutls_decode_ber_digest_info.3.gzgnutls_decode_gost_rs_value.3.gzgnutls_decode_rs_value.3.gzgnutls_deinit.3.gzgnutls_dh_get_group.3.gzgnutls_dh_get_peers_public_bits.3.gzgnutls_dh_get_prime_bits.3.gzgnutls_dh_get_pubkey.3.gzgnutls_dh_get_secret_bits.3.gzgnutls_dh_params_cpy.3.gzgnutls_dh_params_deinit.3.gzgnutls_dh_params_export2_pkcs3.3.gzgnutls_dh_params_export_pkcs3.3.gzgnutls_dh_params_export_raw.3.gzgnutls_dh_params_generate2.3.gzgnutls_dh_params_import_dsa.3.gzgnutls_dh_params_import_pkcs3.3.gzgnutls_dh_params_import_raw.3.gzgnutls_dh_params_import_raw2.3.gzgnutls_dh_params_import_raw3.3.gzgnutls_dh_params_init.3.gzgnutls_dh_set_prime_bits.3.gzgnutls_digest_get_id.3.gzgnutls_digest_get_name.3.gzgnutls_digest_get_oid.3.gzgnutls_digest_list.3.gzgnutls_digest_set_secure.3.gzgnutls_dtls_cookie_send.3.gzgnutls_dtls_cookie_verify.3.gzgnutls_dtls_get_data_mtu.3.gzgnutls_dtls_get_mtu.3.gzgnutls_dtls_get_timeout.3.gzgnutls_dtls_prestate_set.3.gzgnutls_dtls_set_data_mtu.3.gzgnutls_dtls_set_mtu.3.gzgnutls_dtls_set_timeouts.3.gzgnutls_early_cipher_get.3.gzgnutls_early_prf_hash_get.3.gzgnutls_ecc_curve_get.3.gzgnutls_ecc_curve_get_id.3.gzgnutls_ecc_curve_get_name.3.gzgnutls_ecc_curve_get_oid.3.gzgnutls_ecc_curve_get_pk.3.gzgnutls_ecc_curve_get_size.3.gzgnutls_ecc_curve_list.3.gzgnutls_ecc_curve_set_enabled.3.gzgnutls_encode_ber_digest_info.3.gzgnutls_encode_gost_rs_value.3.gzgnutls_encode_rs_value.3.gzgnutls_error_is_fatal.3.gzgnutls_error_to_alert.3.gzgnutls_est_record_overhead_size.3.gzgnutls_ext_get_current_msg.3.gzgnutls_ext_get_data.3.gzgnutls_ext_get_name.3.gzgnutls_ext_get_name2.3.gzgnutls_ext_raw_parse.3.gzgnutls_ext_register.3.gzgnutls_ext_set_data.3.gzgnutls_fingerprint.3.gzgnutls_fips140_context_deinit.3.gzgnutls_fips140_context_init.3.gzgnutls_fips140_get_operation_state.3.gzgnutls_fips140_mode_enabled.3.gzgnutls_fips140_pop_context.3.gzgnutls_fips140_push_context.3.gzgnutls_fips140_run_self_tests.3.gzgnutls_fips140_set_mode.3.gzgnutls_get_library_config.3.gzgnutls_get_system_config_file.3.gzgnutls_global_deinit.3.gzgnutls_global_init.3.gzgnutls_global_set_audit_log_function.3.gzgnutls_global_set_log_function.3.gzgnutls_global_set_log_level.3.gzgnutls_global_set_mem_functions.3.gzgnutls_global_set_mutex.3.gzgnutls_global_set_time_function.3.gzgnutls_gost_paramset_get_name.3.gzgnutls_gost_paramset_get_oid.3.gzgnutls_group_get.3.gzgnutls_group_get_id.3.gzgnutls_group_get_name.3.gzgnutls_group_list.3.gzgnutls_handshake.3.gzgnutls_handshake_description_get_name.3.gzgnutls_handshake_get_last_in.3.gzgnutls_handshake_get_last_out.3.gzgnutls_handshake_set_hook_function.3.gzgnutls_handshake_set_max_packet_length.3.gzgnutls_handshake_set_post_client_hello_function.3.gzgnutls_handshake_set_private_extensions.3.gzgnutls_handshake_set_random.3.gzgnutls_handshake_set_read_function.3.gzgnutls_handshake_set_secret_function.3.gzgnutls_handshake_set_timeout.3.gzgnutls_handshake_write.3.gzgnutls_hash.3.gzgnutls_hash_copy.3.gzgnutls_hash_deinit.3.gzgnutls_hash_fast.3.gzgnutls_hash_get_len.3.gzgnutls_hash_init.3.gzgnutls_hash_output.3.gzgnutls_heartbeat_allowed.3.gzgnutls_heartbeat_enable.3.gzgnutls_heartbeat_get_timeout.3.gzgnutls_heartbeat_ping.3.gzgnutls_heartbeat_pong.3.gzgnutls_heartbeat_set_timeouts.3.gzgnutls_hex2bin.3.gzgnutls_hex_decode.3.gzgnutls_hex_decode2.3.gzgnutls_hex_encode.3.gzgnutls_hex_encode2.3.gzgnutls_hkdf_expand.3.gzgnutls_hkdf_extract.3.gzgnutls_hmac.3.gzgnutls_hmac_copy.3.gzgnutls_hmac_deinit.3.gzgnutls_hmac_fast.3.gzgnutls_hmac_get_key_size.3.gzgnutls_hmac_get_len.3.gzgnutls_hmac_init.3.gzgnutls_hmac_output.3.gzgnutls_hmac_set_nonce.3.gzgnutls_idna_map.3.gzgnutls_idna_reverse_map.3.gzgnutls_init.3.gzgnutls_key_generate.3.gzgnutls_kx_get.3.gzgnutls_kx_get_id.3.gzgnutls_kx_get_name.3.gzgnutls_kx_list.3.gzgnutls_load_file.3.gzgnutls_mac_get.3.gzgnutls_mac_get_id.3.gzgnutls_mac_get_key_size.3.gzgnutls_mac_get_name.3.gzgnutls_mac_get_nonce_size.3.gzgnutls_mac_list.3.gzgnutls_memcmp.3.gzgnutls_memset.3.gzgnutls_ocsp_req_add_cert.3.gzgnutls_ocsp_req_add_cert_id.3.gzgnutls_ocsp_req_deinit.3.gzgnutls_ocsp_req_export.3.gzgnutls_ocsp_req_get_cert_id.3.gzgnutls_ocsp_req_get_extension.3.gzgnutls_ocsp_req_get_nonce.3.gzgnutls_ocsp_req_get_version.3.gzgnutls_ocsp_req_import.3.gzgnutls_ocsp_req_init.3.gzgnutls_ocsp_req_print.3.gzgnutls_ocsp_req_randomize_nonce.3.gzgnutls_ocsp_req_set_extension.3.gzgnutls_ocsp_req_set_nonce.3.gzgnutls_ocsp_resp_check_crt.3.gzgnutls_ocsp_resp_deinit.3.gzgnutls_ocsp_resp_export.3.gzgnutls_ocsp_resp_export2.3.gzgnutls_ocsp_resp_get_certs.3.gzgnutls_ocsp_resp_get_extension.3.gzgnutls_ocsp_resp_get_nonce.3.gzgnutls_ocsp_resp_get_produced.3.gzgnutls_ocsp_resp_get_responder.3.gzgnutls_ocsp_resp_get_responder2.3.gzgnutls_ocsp_resp_get_responder_raw_id.3.gzgnutls_ocsp_resp_get_response.3.gzgnutls_ocsp_resp_get_signature.3.gzgnutls_ocsp_resp_get_signature_algorithm.3.gzgnutls_ocsp_resp_get_single.3.gzgnutls_ocsp_resp_get_status.3.gzgnutls_ocsp_resp_get_version.3.gzgnutls_ocsp_resp_import.3.gzgnutls_ocsp_resp_import2.3.gzgnutls_ocsp_resp_init.3.gzgnutls_ocsp_resp_list_import2.3.gzgnutls_ocsp_resp_print.3.gzgnutls_ocsp_resp_verify.3.gzgnutls_ocsp_resp_verify_direct.3.gzgnutls_ocsp_status_request_enable_client.3.gzgnutls_ocsp_status_request_get.3.gzgnutls_ocsp_status_request_get2.3.gzgnutls_ocsp_status_request_is_checked.3.gzgnutls_oid_to_digest.3.gzgnutls_oid_to_ecc_curve.3.gzgnutls_oid_to_gost_paramset.3.gzgnutls_oid_to_mac.3.gzgnutls_oid_to_pk.3.gzgnutls_oid_to_sign.3.gzgnutls_openpgp_privkey_sign_hash.3.gzgnutls_openpgp_send_cert.3.gzgnutls_packet_deinit.3.gzgnutls_packet_get.3.gzgnutls_pbkdf2.3.gzgnutls_pcert_deinit.3.gzgnutls_pcert_export_openpgp.3.gzgnutls_pcert_export_x509.3.gzgnutls_pcert_import_openpgp.3.gzgnutls_pcert_import_openpgp_raw.3.gzgnutls_pcert_import_rawpk.3.gzgnutls_pcert_import_rawpk_raw.3.gzgnutls_pcert_import_x509.3.gzgnutls_pcert_import_x509_list.3.gzgnutls_pcert_import_x509_raw.3.gzgnutls_pcert_list_import_x509_file.3.gzgnutls_pcert_list_import_x509_raw.3.gzgnutls_pem_base64_decode.3.gzgnutls_pem_base64_decode2.3.gzgnutls_pem_base64_encode.3.gzgnutls_pem_base64_encode2.3.gzgnutls_perror.3.gzgnutls_pk_algorithm_get_name.3.gzgnutls_pk_bits_to_sec_param.3.gzgnutls_pk_get_id.3.gzgnutls_pk_get_name.3.gzgnutls_pk_get_oid.3.gzgnutls_pk_list.3.gzgnutls_pk_to_sign.3.gzgnutls_pkcs11_add_provider.3.gzgnutls_pkcs11_copy_attached_extension.3.gzgnutls_pkcs11_copy_pubkey.3.gzgnutls_pkcs11_copy_secret_key.3.gzgnutls_pkcs11_copy_x509_crt.3.gzgnutls_pkcs11_copy_x509_crt2.3.gzgnutls_pkcs11_copy_x509_privkey.3.gzgnutls_pkcs11_copy_x509_privkey2.3.gzgnutls_pkcs11_crt_is_known.3.gzgnutls_pkcs11_deinit.3.gzgnutls_pkcs11_delete_url.3.gzgnutls_pkcs11_get_pin_function.3.gzgnutls_pkcs11_get_raw_issuer.3.gzgnutls_pkcs11_get_raw_issuer_by_dn.3.gzgnutls_pkcs11_get_raw_issuer_by_subject_key_id.3.gzgnutls_pkcs11_init.3.gzgnutls_pkcs11_obj_deinit.3.gzgnutls_pkcs11_obj_export.3.gzgnutls_pkcs11_obj_export2.3.gzgnutls_pkcs11_obj_export3.3.gzgnutls_pkcs11_obj_export_url.3.gzgnutls_pkcs11_obj_flags_get_str.3.gzgnutls_pkcs11_obj_get_exts.3.gzgnutls_pkcs11_obj_get_flags.3.gzgnutls_pkcs11_obj_get_info.3.gzgnutls_pkcs11_obj_get_ptr.3.gzgnutls_pkcs11_obj_get_type.3.gzgnutls_pkcs11_obj_import_url.3.gzgnutls_pkcs11_obj_init.3.gzgnutls_pkcs11_obj_list_import_url3.3.gzgnutls_pkcs11_obj_list_import_url4.3.gzgnutls_pkcs11_obj_set_info.3.gzgnutls_pkcs11_obj_set_pin_function.3.gzgnutls_pkcs11_privkey_cpy.3.gzgnutls_pkcs11_privkey_deinit.3.gzgnutls_pkcs11_privkey_export_pubkey.3.gzgnutls_pkcs11_privkey_export_url.3.gzgnutls_pkcs11_privkey_generate.3.gzgnutls_pkcs11_privkey_generate2.3.gzgnutls_pkcs11_privkey_generate3.3.gzgnutls_pkcs11_privkey_get_info.3.gzgnutls_pkcs11_privkey_get_pk_algorithm.3.gzgnutls_pkcs11_privkey_import_url.3.gzgnutls_pkcs11_privkey_init.3.gzgnutls_pkcs11_privkey_set_pin_function.3.gzgnutls_pkcs11_privkey_status.3.gzgnutls_pkcs11_reinit.3.gzgnutls_pkcs11_set_pin_function.3.gzgnutls_pkcs11_set_token_function.3.gzgnutls_pkcs11_token_check_mechanism.3.gzgnutls_pkcs11_token_get_flags.3.gzgnutls_pkcs11_token_get_info.3.gzgnutls_pkcs11_token_get_mechanism.3.gzgnutls_pkcs11_token_get_ptr.3.gzgnutls_pkcs11_token_get_random.3.gzgnutls_pkcs11_token_get_url.3.gzgnutls_pkcs11_token_init.3.gzgnutls_pkcs11_token_set_pin.3.gzgnutls_pkcs11_type_get_name.3.gzgnutls_pkcs12_bag_decrypt.3.gzgnutls_pkcs12_bag_deinit.3.gzgnutls_pkcs12_bag_enc_info.3.gzgnutls_pkcs12_bag_encrypt.3.gzgnutls_pkcs12_bag_get_count.3.gzgnutls_pkcs12_bag_get_data.3.gzgnutls_pkcs12_bag_get_friendly_name.3.gzgnutls_pkcs12_bag_get_key_id.3.gzgnutls_pkcs12_bag_get_type.3.gzgnutls_pkcs12_bag_init.3.gzgnutls_pkcs12_bag_set_crl.3.gzgnutls_pkcs12_bag_set_crt.3.gzgnutls_pkcs12_bag_set_data.3.gzgnutls_pkcs12_bag_set_friendly_name.3.gzgnutls_pkcs12_bag_set_key_id.3.gzgnutls_pkcs12_bag_set_privkey.3.gzgnutls_pkcs12_deinit.3.gzgnutls_pkcs12_export.3.gzgnutls_pkcs12_export2.3.gzgnutls_pkcs12_generate_mac.3.gzgnutls_pkcs12_generate_mac2.3.gzgnutls_pkcs12_get_bag.3.gzgnutls_pkcs12_import.3.gzgnutls_pkcs12_init.3.gzgnutls_pkcs12_mac_info.3.gzgnutls_pkcs12_set_bag.3.gzgnutls_pkcs12_simple_parse.3.gzgnutls_pkcs12_verify_mac.3.gzgnutls_pkcs7_add_attr.3.gzgnutls_pkcs7_attrs_deinit.3.gzgnutls_pkcs7_deinit.3.gzgnutls_pkcs7_delete_crl.3.gzgnutls_pkcs7_delete_crt.3.gzgnutls_pkcs7_export.3.gzgnutls_pkcs7_export2.3.gzgnutls_pkcs7_get_attr.3.gzgnutls_pkcs7_get_crl_count.3.gzgnutls_pkcs7_get_crl_raw.3.gzgnutls_pkcs7_get_crl_raw2.3.gzgnutls_pkcs7_get_crt_count.3.gzgnutls_pkcs7_get_crt_raw.3.gzgnutls_pkcs7_get_crt_raw2.3.gzgnutls_pkcs7_get_embedded_data.3.gzgnutls_pkcs7_get_embedded_data_oid.3.gzgnutls_pkcs7_get_signature_count.3.gzgnutls_pkcs7_get_signature_info.3.gzgnutls_pkcs7_import.3.gzgnutls_pkcs7_init.3.gzgnutls_pkcs7_print.3.gzgnutls_pkcs7_print_signature_info.3.gzgnutls_pkcs7_set_crl.3.gzgnutls_pkcs7_set_crl_raw.3.gzgnutls_pkcs7_set_crt.3.gzgnutls_pkcs7_set_crt_raw.3.gzgnutls_pkcs7_sign.3.gzgnutls_pkcs7_signature_info_deinit.3.gzgnutls_pkcs7_verify.3.gzgnutls_pkcs7_verify_direct.3.gzgnutls_pkcs8_info.3.gzgnutls_pkcs_schema_get_name.3.gzgnutls_pkcs_schema_get_oid.3.gzgnutls_prf.3.gzgnutls_prf_early.3.gzgnutls_prf_hash_get.3.gzgnutls_prf_raw.3.gzgnutls_prf_rfc5705.3.gzgnutls_priority_certificate_type_list.3.gzgnutls_priority_certificate_type_list2.3.gzgnutls_priority_cipher_list.3.gzgnutls_priority_compression_list.3.gzgnutls_priority_deinit.3.gzgnutls_priority_ecc_curve_list.3.gzgnutls_priority_get_cipher_suite_index.3.gzgnutls_priority_group_list.3.gzgnutls_priority_init.3.gzgnutls_priority_init2.3.gzgnutls_priority_kx_list.3.gzgnutls_priority_mac_list.3.gzgnutls_priority_protocol_list.3.gzgnutls_priority_set.3.gzgnutls_priority_set_direct.3.gzgnutls_priority_sign_list.3.gzgnutls_priority_string_list.3.gzgnutls_privkey_decrypt_data.3.gzgnutls_privkey_decrypt_data2.3.gzgnutls_privkey_deinit.3.gzgnutls_privkey_export_dsa_raw.3.gzgnutls_privkey_export_dsa_raw2.3.gzgnutls_privkey_export_ecc_raw.3.gzgnutls_privkey_export_ecc_raw2.3.gzgnutls_privkey_export_gost_raw2.3.gzgnutls_privkey_export_openpgp.3.gzgnutls_privkey_export_pkcs11.3.gzgnutls_privkey_export_rsa_raw.3.gzgnutls_privkey_export_rsa_raw2.3.gzgnutls_privkey_export_x509.3.gzgnutls_privkey_generate.3.gzgnutls_privkey_generate2.3.gzgnutls_privkey_get_pk_algorithm.3.gzgnutls_privkey_get_seed.3.gzgnutls_privkey_get_spki.3.gzgnutls_privkey_get_type.3.gzgnutls_privkey_import_dsa_raw.3.gzgnutls_privkey_import_ecc_raw.3.gzgnutls_privkey_import_ext.3.gzgnutls_privkey_import_ext2.3.gzgnutls_privkey_import_ext3.3.gzgnutls_privkey_import_ext4.3.gzgnutls_privkey_import_gost_raw.3.gzgnutls_privkey_import_openpgp.3.gzgnutls_privkey_import_openpgp_raw.3.gzgnutls_privkey_import_pkcs11.3.gzgnutls_privkey_import_pkcs11_url.3.gzgnutls_privkey_import_rsa_raw.3.gzgnutls_privkey_import_tpm_raw.3.gzgnutls_privkey_import_tpm_url.3.gzgnutls_privkey_import_url.3.gzgnutls_privkey_import_x509.3.gzgnutls_privkey_import_x509_raw.3.gzgnutls_privkey_init.3.gzgnutls_privkey_set_flags.3.gzgnutls_privkey_set_pin_function.3.gzgnutls_privkey_set_spki.3.gzgnutls_privkey_sign_data.3.gzgnutls_privkey_sign_data2.3.gzgnutls_privkey_sign_hash.3.gzgnutls_privkey_sign_hash2.3.gzgnutls_privkey_status.3.gzgnutls_privkey_verify_params.3.gzgnutls_privkey_verify_seed.3.gzgnutls_protocol_get_id.3.gzgnutls_protocol_get_name.3.gzgnutls_protocol_get_version.3.gzgnutls_protocol_list.3.gzgnutls_protocol_set_enabled.3.gzgnutls_psk_allocate_client_credentials.3.gzgnutls_psk_allocate_server_credentials.3.gzgnutls_psk_client_get_hint.3.gzgnutls_psk_free_client_credentials.3.gzgnutls_psk_free_server_credentials.3.gzgnutls_psk_server_get_username.3.gzgnutls_psk_server_get_username2.3.gzgnutls_psk_set_client_credentials.3.gzgnutls_psk_set_client_credentials2.3.gzgnutls_psk_set_client_credentials_function.3.gzgnutls_psk_set_client_credentials_function2.3.gzgnutls_psk_set_params_function.3.gzgnutls_psk_set_server_credentials_file.3.gzgnutls_psk_set_server_credentials_function.3.gzgnutls_psk_set_server_credentials_function2.3.gzgnutls_psk_set_server_credentials_hint.3.gzgnutls_psk_set_server_dh_params.3.gzgnutls_psk_set_server_known_dh_params.3.gzgnutls_psk_set_server_params_function.3.gzgnutls_pubkey_deinit.3.gzgnutls_pubkey_encrypt_data.3.gzgnutls_pubkey_export.3.gzgnutls_pubkey_export2.3.gzgnutls_pubkey_export_dsa_raw.3.gzgnutls_pubkey_export_dsa_raw2.3.gzgnutls_pubkey_export_ecc_raw.3.gzgnutls_pubkey_export_ecc_raw2.3.gzgnutls_pubkey_export_ecc_x962.3.gzgnutls_pubkey_export_gost_raw2.3.gzgnutls_pubkey_export_rsa_raw.3.gzgnutls_pubkey_export_rsa_raw2.3.gzgnutls_pubkey_get_key_id.3.gzgnutls_pubkey_get_key_usage.3.gzgnutls_pubkey_get_openpgp_key_id.3.gzgnutls_pubkey_get_pk_algorithm.3.gzgnutls_pubkey_get_preferred_hash_algorithm.3.gzgnutls_pubkey_get_spki.3.gzgnutls_pubkey_import.3.gzgnutls_pubkey_import_dsa_raw.3.gzgnutls_pubkey_import_ecc_raw.3.gzgnutls_pubkey_import_ecc_x962.3.gzgnutls_pubkey_import_gost_raw.3.gzgnutls_pubkey_import_openpgp.3.gzgnutls_pubkey_import_openpgp_raw.3.gzgnutls_pubkey_import_pkcs11.3.gzgnutls_pubkey_import_privkey.3.gzgnutls_pubkey_import_rsa_raw.3.gzgnutls_pubkey_import_tpm_raw.3.gzgnutls_pubkey_import_tpm_url.3.gzgnutls_pubkey_import_url.3.gzgnutls_pubkey_import_x509.3.gzgnutls_pubkey_import_x509_crq.3.gzgnutls_pubkey_import_x509_raw.3.gzgnutls_pubkey_init.3.gzgnutls_pubkey_print.3.gzgnutls_pubkey_set_key_usage.3.gzgnutls_pubkey_set_pin_function.3.gzgnutls_pubkey_set_spki.3.gzgnutls_pubkey_verify_data2.3.gzgnutls_pubkey_verify_hash2.3.gzgnutls_pubkey_verify_params.3.gzgnutls_random_art.3.gzgnutls_range_split.3.gzgnutls_reauth.3.gzgnutls_record_can_use_length_hiding.3.gzgnutls_record_check_corked.3.gzgnutls_record_check_pending.3.gzgnutls_record_cork.3.gzgnutls_record_disable_padding.3.gzgnutls_record_discard_queued.3.gzgnutls_record_get_direction.3.gzgnutls_record_get_discarded.3.gzgnutls_record_get_max_early_data_size.3.gzgnutls_record_get_max_size.3.gzgnutls_record_get_state.3.gzgnutls_record_overhead_size.3.gzgnutls_record_recv.3.gzgnutls_record_recv_early_data.3.gzgnutls_record_recv_packet.3.gzgnutls_record_recv_seq.3.gzgnutls_record_send.3.gzgnutls_record_send2.3.gzgnutls_record_send_early_data.3.gzgnutls_record_send_range.3.gzgnutls_record_set_max_early_data_size.3.gzgnutls_record_set_max_recv_size.3.gzgnutls_record_set_max_size.3.gzgnutls_record_set_state.3.gzgnutls_record_set_timeout.3.gzgnutls_record_uncork.3.gzgnutls_register_custom_url.3.gzgnutls_rehandshake.3.gzgnutls_rnd.3.gzgnutls_rnd_refresh.3.gzgnutls_safe_renegotiation_status.3.gzgnutls_sec_param_get_name.3.gzgnutls_sec_param_to_pk_bits.3.gzgnutls_sec_param_to_symmetric_bits.3.gzgnutls_server_name_get.3.gzgnutls_server_name_set.3.gzgnutls_session_channel_binding.3.gzgnutls_session_enable_compatibility_mode.3.gzgnutls_session_etm_status.3.gzgnutls_session_ext_master_secret_status.3.gzgnutls_session_ext_register.3.gzgnutls_session_force_valid.3.gzgnutls_session_get_data.3.gzgnutls_session_get_data2.3.gzgnutls_session_get_desc.3.gzgnutls_session_get_flags.3.gzgnutls_session_get_id.3.gzgnutls_session_get_id2.3.gzgnutls_session_get_keylog_function.3.gzgnutls_session_get_master_secret.3.gzgnutls_session_get_ptr.3.gzgnutls_session_get_random.3.gzgnutls_session_get_verify_cert_status.3.gzgnutls_session_is_resumed.3.gzgnutls_session_key_update.3.gzgnutls_session_resumption_requested.3.gzgnutls_session_set_data.3.gzgnutls_session_set_id.3.gzgnutls_session_set_keylog_function.3.gzgnutls_session_set_premaster.3.gzgnutls_session_set_ptr.3.gzgnutls_session_set_verify_cert.3.gzgnutls_session_set_verify_cert2.3.gzgnutls_session_set_verify_function.3.gzgnutls_session_set_verify_output_function.3.gzgnutls_session_supplemental_register.3.gzgnutls_session_ticket_enable_client.3.gzgnutls_session_ticket_enable_server.3.gzgnutls_session_ticket_key_generate.3.gzgnutls_session_ticket_send.3.gzgnutls_set_default_priority.3.gzgnutls_set_default_priority_append.3.gzgnutls_sign_algorithm_get.3.gzgnutls_sign_algorithm_get_client.3.gzgnutls_sign_algorithm_get_requested.3.gzgnutls_sign_get_hash_algorithm.3.gzgnutls_sign_get_id.3.gzgnutls_sign_get_name.3.gzgnutls_sign_get_oid.3.gzgnutls_sign_get_pk_algorithm.3.gzgnutls_sign_is_secure.3.gzgnutls_sign_is_secure2.3.gzgnutls_sign_list.3.gzgnutls_sign_set_secure.3.gzgnutls_sign_set_secure_for_certs.3.gzgnutls_sign_supports_pk_algorithm.3.gzgnutls_srp_allocate_client_credentials.3.gzgnutls_srp_allocate_server_credentials.3.gzgnutls_srp_base64_decode.3.gzgnutls_srp_base64_decode2.3.gzgnutls_srp_base64_encode.3.gzgnutls_srp_base64_encode2.3.gzgnutls_srp_free_client_credentials.3.gzgnutls_srp_free_server_credentials.3.gzgnutls_srp_server_get_username.3.gzgnutls_srp_set_client_credentials.3.gzgnutls_srp_set_client_credentials_function.3.gzgnutls_srp_set_prime_bits.3.gzgnutls_srp_set_server_credentials_file.3.gzgnutls_srp_set_server_credentials_function.3.gzgnutls_srp_set_server_fake_salt_seed.3.gzgnutls_srp_verifier.3.gzgnutls_srtp_get_keys.3.gzgnutls_srtp_get_mki.3.gzgnutls_srtp_get_profile_id.3.gzgnutls_srtp_get_profile_name.3.gzgnutls_srtp_get_selected_profile.3.gzgnutls_srtp_set_mki.3.gzgnutls_srtp_set_profile.3.gzgnutls_srtp_set_profile_direct.3.gzgnutls_store_commitment.3.gzgnutls_store_pubkey.3.gzgnutls_strerror.3.gzgnutls_strerror_name.3.gzgnutls_subject_alt_names_deinit.3.gzgnutls_subject_alt_names_get.3.gzgnutls_subject_alt_names_init.3.gzgnutls_subject_alt_names_set.3.gzgnutls_supplemental_get_name.3.gzgnutls_supplemental_recv.3.gzgnutls_supplemental_register.3.gzgnutls_supplemental_send.3.gzgnutls_system_key_add_x509.3.gzgnutls_system_key_delete.3.gzgnutls_system_key_iter_deinit.3.gzgnutls_system_key_iter_get_info.3.gzgnutls_system_recv_timeout.3.gzgnutls_tdb_deinit.3.gzgnutls_tdb_init.3.gzgnutls_tdb_set_store_commitment_func.3.gzgnutls_tdb_set_store_func.3.gzgnutls_tdb_set_verify_func.3.gzgnutls_tpm_get_registered.3.gzgnutls_tpm_key_list_deinit.3.gzgnutls_tpm_key_list_get_url.3.gzgnutls_tpm_privkey_delete.3.gzgnutls_tpm_privkey_generate.3.gzgnutls_transport_get_int.3.gzgnutls_transport_get_int2.3.gzgnutls_transport_get_ptr.3.gzgnutls_transport_get_ptr2.3.gzgnutls_transport_is_ktls_enabled.3.gzgnutls_transport_set_errno.3.gzgnutls_transport_set_errno_function.3.gzgnutls_transport_set_fastopen.3.gzgnutls_transport_set_int.3.gzgnutls_transport_set_int2.3.gzgnutls_transport_set_ptr.3.gzgnutls_transport_set_ptr2.3.gzgnutls_transport_set_pull_function.3.gzgnutls_transport_set_pull_timeout_function.3.gzgnutls_transport_set_push_function.3.gzgnutls_transport_set_vec_push_function.3.gzgnutls_url_is_supported.3.gzgnutls_utf8_password_normalize.3.gzgnutls_verify_stored_pubkey.3.gzgnutls_x509_aia_deinit.3.gzgnutls_x509_aia_get.3.gzgnutls_x509_aia_init.3.gzgnutls_x509_aia_set.3.gzgnutls_x509_aki_deinit.3.gzgnutls_x509_aki_get_cert_issuer.3.gzgnutls_x509_aki_get_id.3.gzgnutls_x509_aki_init.3.gzgnutls_x509_aki_set_cert_issuer.3.gzgnutls_x509_aki_set_id.3.gzgnutls_x509_cidr_to_rfc5280.3.gzgnutls_x509_crl_check_issuer.3.gzgnutls_x509_crl_deinit.3.gzgnutls_x509_crl_dist_points_deinit.3.gzgnutls_x509_crl_dist_points_get.3.gzgnutls_x509_crl_dist_points_init.3.gzgnutls_x509_crl_dist_points_set.3.gzgnutls_x509_crl_export.3.gzgnutls_x509_crl_export2.3.gzgnutls_x509_crl_get_authority_key_gn_serial.3.gzgnutls_x509_crl_get_authority_key_id.3.gzgnutls_x509_crl_get_crt_count.3.gzgnutls_x509_crl_get_crt_serial.3.gzgnutls_x509_crl_get_dn_oid.3.gzgnutls_x509_crl_get_extension_data.3.gzgnutls_x509_crl_get_extension_data2.3.gzgnutls_x509_crl_get_extension_info.3.gzgnutls_x509_crl_get_extension_oid.3.gzgnutls_x509_crl_get_issuer_dn.3.gzgnutls_x509_crl_get_issuer_dn2.3.gzgnutls_x509_crl_get_issuer_dn3.3.gzgnutls_x509_crl_get_issuer_dn_by_oid.3.gzgnutls_x509_crl_get_next_update.3.gzgnutls_x509_crl_get_number.3.gzgnutls_x509_crl_get_raw_issuer_dn.3.gzgnutls_x509_crl_get_signature.3.gzgnutls_x509_crl_get_signature_algorithm.3.gzgnutls_x509_crl_get_signature_oid.3.gzgnutls_x509_crl_get_this_update.3.gzgnutls_x509_crl_get_version.3.gzgnutls_x509_crl_import.3.gzgnutls_x509_crl_init.3.gzgnutls_x509_crl_iter_crt_serial.3.gzgnutls_x509_crl_iter_deinit.3.gzgnutls_x509_crl_list_import.3.gzgnutls_x509_crl_list_import2.3.gzgnutls_x509_crl_print.3.gzgnutls_x509_crl_privkey_sign.3.gzgnutls_x509_crl_set_authority_key_id.3.gzgnutls_x509_crl_set_crt.3.gzgnutls_x509_crl_set_crt_serial.3.gzgnutls_x509_crl_set_next_update.3.gzgnutls_x509_crl_set_number.3.gzgnutls_x509_crl_set_this_update.3.gzgnutls_x509_crl_set_version.3.gzgnutls_x509_crl_sign.3.gzgnutls_x509_crl_sign2.3.gzgnutls_x509_crl_verify.3.gzgnutls_x509_crq_deinit.3.gzgnutls_x509_crq_export.3.gzgnutls_x509_crq_export2.3.gzgnutls_x509_crq_get_attribute_by_oid.3.gzgnutls_x509_crq_get_attribute_data.3.gzgnutls_x509_crq_get_attribute_info.3.gzgnutls_x509_crq_get_basic_constraints.3.gzgnutls_x509_crq_get_challenge_password.3.gzgnutls_x509_crq_get_dn.3.gzgnutls_x509_crq_get_dn2.3.gzgnutls_x509_crq_get_dn3.3.gzgnutls_x509_crq_get_dn_by_oid.3.gzgnutls_x509_crq_get_dn_oid.3.gzgnutls_x509_crq_get_extension_by_oid.3.gzgnutls_x509_crq_get_extension_by_oid2.3.gzgnutls_x509_crq_get_extension_data.3.gzgnutls_x509_crq_get_extension_data2.3.gzgnutls_x509_crq_get_extension_info.3.gzgnutls_x509_crq_get_key_id.3.gzgnutls_x509_crq_get_key_purpose_oid.3.gzgnutls_x509_crq_get_key_rsa_raw.3.gzgnutls_x509_crq_get_key_usage.3.gzgnutls_x509_crq_get_pk_algorithm.3.gzgnutls_x509_crq_get_pk_oid.3.gzgnutls_x509_crq_get_private_key_usage_period.3.gzgnutls_x509_crq_get_signature_algorithm.3.gzgnutls_x509_crq_get_signature_oid.3.gzgnutls_x509_crq_get_spki.3.gzgnutls_x509_crq_get_subject_alt_name.3.gzgnutls_x509_crq_get_subject_alt_othername_oid.3.gzgnutls_x509_crq_get_tlsfeatures.3.gzgnutls_x509_crq_get_version.3.gzgnutls_x509_crq_import.3.gzgnutls_x509_crq_init.3.gzgnutls_x509_crq_print.3.gzgnutls_x509_crq_privkey_sign.3.gzgnutls_x509_crq_set_attribute_by_oid.3.gzgnutls_x509_crq_set_basic_constraints.3.gzgnutls_x509_crq_set_challenge_password.3.gzgnutls_x509_crq_set_dn.3.gzgnutls_x509_crq_set_dn_by_oid.3.gzgnutls_x509_crq_set_extension_by_oid.3.gzgnutls_x509_crq_set_key.3.gzgnutls_x509_crq_set_key_purpose_oid.3.gzgnutls_x509_crq_set_key_rsa_raw.3.gzgnutls_x509_crq_set_key_usage.3.gzgnutls_x509_crq_set_private_key_usage_period.3.gzgnutls_x509_crq_set_pubkey.3.gzgnutls_x509_crq_set_spki.3.gzgnutls_x509_crq_set_subject_alt_name.3.gzgnutls_x509_crq_set_subject_alt_othername.3.gzgnutls_x509_crq_set_tlsfeatures.3.gzgnutls_x509_crq_set_version.3.gzgnutls_x509_crq_sign.3.gzgnutls_x509_crq_sign2.3.gzgnutls_x509_crq_verify.3.gzgnutls_x509_crt_check_email.3.gzgnutls_x509_crt_check_hostname.3.gzgnutls_x509_crt_check_hostname2.3.gzgnutls_x509_crt_check_ip.3.gzgnutls_x509_crt_check_issuer.3.gzgnutls_x509_crt_check_key_purpose.3.gzgnutls_x509_crt_check_revocation.3.gzgnutls_x509_crt_cpy_crl_dist_points.3.gzgnutls_x509_crt_deinit.3.gzgnutls_x509_crt_equals.3.gzgnutls_x509_crt_equals2.3.gzgnutls_x509_crt_export.3.gzgnutls_x509_crt_export2.3.gzgnutls_x509_crt_get_activation_time.3.gzgnutls_x509_crt_get_authority_info_access.3.gzgnutls_x509_crt_get_authority_key_gn_serial.3.gzgnutls_x509_crt_get_authority_key_id.3.gzgnutls_x509_crt_get_basic_constraints.3.gzgnutls_x509_crt_get_ca_status.3.gzgnutls_x509_crt_get_crl_dist_points.3.gzgnutls_x509_crt_get_dn.3.gzgnutls_x509_crt_get_dn2.3.gzgnutls_x509_crt_get_dn3.3.gzgnutls_x509_crt_get_dn_by_oid.3.gzgnutls_x509_crt_get_dn_oid.3.gzgnutls_x509_crt_get_expiration_time.3.gzgnutls_x509_crt_get_extension_by_oid.3.gzgnutls_x509_crt_get_extension_by_oid2.3.gzgnutls_x509_crt_get_extension_data.3.gzgnutls_x509_crt_get_extension_data2.3.gzgnutls_x509_crt_get_extension_info.3.gzgnutls_x509_crt_get_extension_oid.3.gzgnutls_x509_crt_get_fingerprint.3.gzgnutls_x509_crt_get_inhibit_anypolicy.3.gzgnutls_x509_crt_get_issuer.3.gzgnutls_x509_crt_get_issuer_alt_name.3.gzgnutls_x509_crt_get_issuer_alt_name2.3.gzgnutls_x509_crt_get_issuer_alt_othername_oid.3.gzgnutls_x509_crt_get_issuer_dn.3.gzgnutls_x509_crt_get_issuer_dn2.3.gzgnutls_x509_crt_get_issuer_dn3.3.gzgnutls_x509_crt_get_issuer_dn_by_oid.3.gzgnutls_x509_crt_get_issuer_dn_oid.3.gzgnutls_x509_crt_get_issuer_unique_id.3.gzgnutls_x509_crt_get_key_id.3.gzgnutls_x509_crt_get_key_purpose_oid.3.gzgnutls_x509_crt_get_key_usage.3.gzgnutls_x509_crt_get_name_constraints.3.gzgnutls_x509_crt_get_pk_algorithm.3.gzgnutls_x509_crt_get_pk_dsa_raw.3.gzgnutls_x509_crt_get_pk_ecc_raw.3.gzgnutls_x509_crt_get_pk_gost_raw.3.gzgnutls_x509_crt_get_pk_oid.3.gzgnutls_x509_crt_get_pk_rsa_raw.3.gzgnutls_x509_crt_get_policy.3.gzgnutls_x509_crt_get_preferred_hash_algorithm.3.gzgnutls_x509_crt_get_private_key_usage_period.3.gzgnutls_x509_crt_get_proxy.3.gzgnutls_x509_crt_get_raw_dn.3.gzgnutls_x509_crt_get_raw_issuer_dn.3.gzgnutls_x509_crt_get_serial.3.gzgnutls_x509_crt_get_signature.3.gzgnutls_x509_crt_get_signature_algorithm.3.gzgnutls_x509_crt_get_signature_oid.3.gzgnutls_x509_crt_get_spki.3.gzgnutls_x509_crt_get_subject.3.gzgnutls_x509_crt_get_subject_alt_name.3.gzgnutls_x509_crt_get_subject_alt_name2.3.gzgnutls_x509_crt_get_subject_alt_othername_oid.3.gzgnutls_x509_crt_get_subject_key_id.3.gzgnutls_x509_crt_get_subject_unique_id.3.gzgnutls_x509_crt_get_tlsfeatures.3.gzgnutls_x509_crt_get_version.3.gzgnutls_x509_crt_import.3.gzgnutls_x509_crt_import_pkcs11.3.gzgnutls_x509_crt_import_url.3.gzgnutls_x509_crt_init.3.gzgnutls_x509_crt_list_import.3.gzgnutls_x509_crt_list_import2.3.gzgnutls_x509_crt_list_import_pkcs11.3.gzgnutls_x509_crt_list_import_url.3.gzgnutls_x509_crt_list_verify.3.gzgnutls_x509_crt_print.3.gzgnutls_x509_crt_privkey_sign.3.gzgnutls_x509_crt_set_activation_time.3.gzgnutls_x509_crt_set_authority_info_access.3.gzgnutls_x509_crt_set_authority_key_id.3.gzgnutls_x509_crt_set_basic_constraints.3.gzgnutls_x509_crt_set_ca_status.3.gzgnutls_x509_crt_set_crl_dist_points.3.gzgnutls_x509_crt_set_crl_dist_points2.3.gzgnutls_x509_crt_set_crq.3.gzgnutls_x509_crt_set_crq_extension_by_oid.3.gzgnutls_x509_crt_set_crq_extensions.3.gzgnutls_x509_crt_set_dn.3.gzgnutls_x509_crt_set_dn_by_oid.3.gzgnutls_x509_crt_set_expiration_time.3.gzgnutls_x509_crt_set_extension_by_oid.3.gzgnutls_x509_crt_set_flags.3.gzgnutls_x509_crt_set_inhibit_anypolicy.3.gzgnutls_x509_crt_set_issuer_alt_name.3.gzgnutls_x509_crt_set_issuer_alt_othername.3.gzgnutls_x509_crt_set_issuer_dn.3.gzgnutls_x509_crt_set_issuer_dn_by_oid.3.gzgnutls_x509_crt_set_issuer_unique_id.3.gzgnutls_x509_crt_set_key.3.gzgnutls_x509_crt_set_key_purpose_oid.3.gzgnutls_x509_crt_set_key_usage.3.gzgnutls_x509_crt_set_name_constraints.3.gzgnutls_x509_crt_set_pin_function.3.gzgnutls_x509_crt_set_policy.3.gzgnutls_x509_crt_set_private_key_usage_period.3.gzgnutls_x509_crt_set_proxy.3.gzgnutls_x509_crt_set_proxy_dn.3.gzgnutls_x509_crt_set_pubkey.3.gzgnutls_x509_crt_set_serial.3.gzgnutls_x509_crt_set_spki.3.gzgnutls_x509_crt_set_subject_alt_name.3.gzgnutls_x509_crt_set_subject_alt_othername.3.gzgnutls_x509_crt_set_subject_alternative_name.3.gzgnutls_x509_crt_set_subject_key_id.3.gzgnutls_x509_crt_set_subject_unique_id.3.gzgnutls_x509_crt_set_tlsfeatures.3.gzgnutls_x509_crt_set_version.3.gzgnutls_x509_crt_sign.3.gzgnutls_x509_crt_sign2.3.gzgnutls_x509_crt_verify.3.gzgnutls_x509_crt_verify_data2.3.gzgnutls_x509_ct_sct_get.3.gzgnutls_x509_ct_sct_get_version.3.gzgnutls_x509_dn_deinit.3.gzgnutls_x509_dn_export.3.gzgnutls_x509_dn_export2.3.gzgnutls_x509_dn_get_rdn_ava.3.gzgnutls_x509_dn_get_str.3.gzgnutls_x509_dn_get_str2.3.gzgnutls_x509_dn_import.3.gzgnutls_x509_dn_init.3.gzgnutls_x509_dn_oid_known.3.gzgnutls_x509_dn_oid_name.3.gzgnutls_x509_dn_set_str.3.gzgnutls_x509_ext_ct_export_scts.3.gzgnutls_x509_ext_ct_import_scts.3.gzgnutls_x509_ext_ct_scts_deinit.3.gzgnutls_x509_ext_ct_scts_init.3.gzgnutls_x509_ext_deinit.3.gzgnutls_x509_ext_export_aia.3.gzgnutls_x509_ext_export_authority_key_id.3.gzgnutls_x509_ext_export_basic_constraints.3.gzgnutls_x509_ext_export_crl_dist_points.3.gzgnutls_x509_ext_export_inhibit_anypolicy.3.gzgnutls_x509_ext_export_key_purposes.3.gzgnutls_x509_ext_export_key_usage.3.gzgnutls_x509_ext_export_name_constraints.3.gzgnutls_x509_ext_export_policies.3.gzgnutls_x509_ext_export_private_key_usage_period.3.gzgnutls_x509_ext_export_proxy.3.gzgnutls_x509_ext_export_subject_alt_names.3.gzgnutls_x509_ext_export_subject_key_id.3.gzgnutls_x509_ext_export_tlsfeatures.3.gzgnutls_x509_ext_import_aia.3.gzgnutls_x509_ext_import_authority_key_id.3.gzgnutls_x509_ext_import_basic_constraints.3.gzgnutls_x509_ext_import_crl_dist_points.3.gzgnutls_x509_ext_import_inhibit_anypolicy.3.gzgnutls_x509_ext_import_key_purposes.3.gzgnutls_x509_ext_import_key_usage.3.gzgnutls_x509_ext_import_name_constraints.3.gzgnutls_x509_ext_import_policies.3.gzgnutls_x509_ext_import_private_key_usage_period.3.gzgnutls_x509_ext_import_proxy.3.gzgnutls_x509_ext_import_subject_alt_names.3.gzgnutls_x509_ext_import_subject_key_id.3.gzgnutls_x509_ext_import_tlsfeatures.3.gzgnutls_x509_ext_print.3.gzgnutls_x509_key_purpose_deinit.3.gzgnutls_x509_key_purpose_get.3.gzgnutls_x509_key_purpose_init.3.gzgnutls_x509_key_purpose_set.3.gzgnutls_x509_name_constraints_add_excluded.3.gzgnutls_x509_name_constraints_add_permitted.3.gzgnutls_x509_name_constraints_check.3.gzgnutls_x509_name_constraints_check_crt.3.gzgnutls_x509_name_constraints_deinit.3.gzgnutls_x509_name_constraints_get_excluded.3.gzgnutls_x509_name_constraints_get_permitted.3.gzgnutls_x509_name_constraints_init.3.gzgnutls_x509_othername_to_virtual.3.gzgnutls_x509_policies_deinit.3.gzgnutls_x509_policies_get.3.gzgnutls_x509_policies_init.3.gzgnutls_x509_policies_set.3.gzgnutls_x509_policy_release.3.gzgnutls_x509_privkey_cpy.3.gzgnutls_x509_privkey_deinit.3.gzgnutls_x509_privkey_export.3.gzgnutls_x509_privkey_export2.3.gzgnutls_x509_privkey_export2_pkcs8.3.gzgnutls_x509_privkey_export_dsa_raw.3.gzgnutls_x509_privkey_export_ecc_raw.3.gzgnutls_x509_privkey_export_gost_raw.3.gzgnutls_x509_privkey_export_pkcs8.3.gzgnutls_x509_privkey_export_rsa_raw.3.gzgnutls_x509_privkey_export_rsa_raw2.3.gzgnutls_x509_privkey_fix.3.gzgnutls_x509_privkey_generate.3.gzgnutls_x509_privkey_generate2.3.gzgnutls_x509_privkey_get_key_id.3.gzgnutls_x509_privkey_get_pk_algorithm.3.gzgnutls_x509_privkey_get_pk_algorithm2.3.gzgnutls_x509_privkey_get_seed.3.gzgnutls_x509_privkey_get_spki.3.gzgnutls_x509_privkey_import.3.gzgnutls_x509_privkey_import2.3.gzgnutls_x509_privkey_import_dsa_raw.3.gzgnutls_x509_privkey_import_ecc_raw.3.gzgnutls_x509_privkey_import_gost_raw.3.gzgnutls_x509_privkey_import_openssl.3.gzgnutls_x509_privkey_import_pkcs8.3.gzgnutls_x509_privkey_import_rsa_raw.3.gzgnutls_x509_privkey_import_rsa_raw2.3.gzgnutls_x509_privkey_init.3.gzgnutls_x509_privkey_sec_param.3.gzgnutls_x509_privkey_set_flags.3.gzgnutls_x509_privkey_set_pin_function.3.gzgnutls_x509_privkey_set_spki.3.gzgnutls_x509_privkey_sign_data.3.gzgnutls_x509_privkey_sign_hash.3.gzgnutls_x509_privkey_verify_params.3.gzgnutls_x509_privkey_verify_seed.3.gzgnutls_x509_rdn_get.3.gzgnutls_x509_rdn_get2.3.gzgnutls_x509_rdn_get_by_oid.3.gzgnutls_x509_rdn_get_oid.3.gzgnutls_x509_spki_deinit.3.gzgnutls_x509_spki_get_rsa_pss_params.3.gzgnutls_x509_spki_init.3.gzgnutls_x509_spki_set_rsa_pss_params.3.gzgnutls_x509_tlsfeatures_add.3.gzgnutls_x509_tlsfeatures_check_crt.3.gzgnutls_x509_tlsfeatures_deinit.3.gzgnutls_x509_tlsfeatures_get.3.gzgnutls_x509_tlsfeatures_init.3.gzgnutls_x509_trust_list_add_cas.3.gzgnutls_x509_trust_list_add_crls.3.gzgnutls_x509_trust_list_add_named_crt.3.gzgnutls_x509_trust_list_add_system_trust.3.gzgnutls_x509_trust_list_add_trust_dir.3.gzgnutls_x509_trust_list_add_trust_file.3.gzgnutls_x509_trust_list_add_trust_mem.3.gzgnutls_x509_trust_list_deinit.3.gzgnutls_x509_trust_list_get_issuer.3.gzgnutls_x509_trust_list_get_issuer_by_dn.3.gzgnutls_x509_trust_list_get_issuer_by_subject_key_id.3.gzgnutls_x509_trust_list_get_ptr.3.gzgnutls_x509_trust_list_init.3.gzgnutls_x509_trust_list_iter_deinit.3.gzgnutls_x509_trust_list_iter_get_ca.3.gzgnutls_x509_trust_list_remove_cas.3.gzgnutls_x509_trust_list_remove_trust_file.3.gzgnutls_x509_trust_list_remove_trust_mem.3.gzgnutls_x509_trust_list_set_getissuer_function.3.gzgnutls_x509_trust_list_set_ptr.3.gzgnutls_x509_trust_list_verify_crt.3.gzgnutls_x509_trust_list_verify_crt2.3.gzgnutls_x509_trust_list_verify_named_crt.3.gz/usr/include//usr/include/gnutls//usr/lib64//usr/lib64/pkgconfig//usr/share/doc/packages//usr/share/doc/packages/libgnutls-devel//usr/share/doc/packages/libgnutls-devel/examples//usr/share/doc/packages/libgnutls-devel/reference//usr/share/info//usr/share/man/man3/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:33311/SUSE_SLE-15-SP4_Update/3c77a940cf59bc4bac5ba96d54903ca2-gnutls.SUSE_SLE-15-SP4_Updatedrpmxz5x86_64-suse-linux directoryC source, ASCII textC source, ASCII text, with very long linespkgconfig filePNG image data, 315 x 245, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 423 x 353, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 472 x 321, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 501 x 205, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 633 x 395, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 492 x 242, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 313 x 286, 1-bit grayscale, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 628 x 346, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)PNG image data, 331 x 401, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII text, with very long linesPNG image data, 572 x 334, 8-bit/color RGB, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, UTF-8 Unicode textHTML document, UTF-8 Unicode text, with very long linesXML 1.0 document, UTF-8 Unicode textPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced (gzip compressed data, max compression, from Unix)HTML document, ASCII textassembler source, ASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)PRR RR R R ik ce~utf-8ce78096ee6ce51247a678fc128ebf46fc364390ca7a2ace968cf512b009402e8?7zXZ !t/%]"k%+BBjg#x={.d=~Ǚ)颻裸a%;Y HBD=ZSʼn2p5seF|^Md3)M!M1{I'c6DYP* ;,v{wzU.2>9VE OY,Jif7cXj]2j",Ȋ% ͩhs48ZJ9k"O}p1Q|/;قfk-E,5sԏ9E'`nY-PКѡ;KrH6;u J} &I 4,FYu6֦ #J-U:Lݟ.ZRI=WMsQe'KTؿ;INo ";8\S C^ҊkIt6;5u0QCMOW7i]A:de\'ÔǪx)w`*=C@ |ò-)^7^|g3e::Ajʗ?)qJ63i=(7ʞ򍂬>2,8ӭX0ud>Egby"9w~nj-ɜC΍ ~{Zc5g4ذ#l.QbB?KX߀|*nݐy C8e>7LyB䕿qv U;%>%B0󾰉>('SEp$;k3XϷ*w];?SW)ubz؆v¹Ց?8;-|Jl|D*ǔXCȊ )v.a9 J(XEY&+s$j^]e6.4^jMY)v( st&, ;ՈFTN2a &U[V*1Pkzr&|h'F&@H/,7roAvt|Ah.籷Z5mv{XcS6_H4ѼMmT:)pP ynkS@"3r7iKq.Z!@@ puQGN^v t쳌܅dg U Yfta$xEv%ahmrxj XG{ǡ6dF TtZCOHV>Z`ޢ9 ڡ;\LI8]q{5..LC'%k4`DL˃3Rbz %U-+LdvE Z8C_UPz9Bay_vT'J똈Z^~٤rJ"߻2yy:vVYvy23q)N:Lԋ|1FO G^Fbu6M!W:^h>9pRst$<. : xR0oӈDͬȈ"ߡ.H~U?ة/1]oX_܁`~ZoMt't*smɕa3P&,?O^t|Z-=vNԪ Ek|.Tz#,j阎uhUXuDV7#`E$QNر] /ӲkH"ɝn&6Ba wK%XzƳA ŝ<]q`#H3YQI$K@8%4t9iGCly|p5q/xS f)Xb$`-i>b+)4%C{j&l{QabfvijJDž)@Hϐt4\/Xh2^> S{epΉ ^i5 bN}8u ' @&<2e#d;\Ȼgtٵ(#W<ل@Tu]YU>aa!IY5!O>yoX#mgͯbJ#-) Vf1N 1JdǻJps RVNIH389TXѥ%Z;`@DFEKS$J< |6x$V!̠ŭ Ǡb{w]|M+̝܊K5dAթI Dq"#2ygWהddXK٪!Z1Ǿϑ>Roǿ H^ePȨ2 1 {}ߑP?h"&(sj3$<zT[YduI3:JF]]٬oF6Y2~_p lӤ0rU@o%1~HpF cu_+u ')jĽA ̒s>\#~J d~ +J\φ8!VPC U[g/HAʲ+![IlR f((O}Fk ;,9dQs5+LǪ,"3@| % 4ŶA.z; 7Ԍ~n@΁Eoh!Y6}lxwjjM~Hož,?T*)+/q؎FŸ(7v,^@TfV^^5'<;äM]bwce+\'9^?L„s%# uTEϒZIY"w!F^?,a3'jC"6$rADph\Ӥ|u 4cB43zC]O1^]wdoj4fC/U "",87db3ObMY܁ i3)ykH{ *90?m}*$H H s*G~V +ԓbji߱$r~lrNY]-zyTv:X&ӏq|/Ż\WV aE~l%)!M->ގR8ڙ$|<쳁aH:܃ ;F7iޛ!͸V}i[9m)P^;)f5fI=Fľ6kvjpV;R7CKC1xNANuN!D(>z0@g1ژۭ:$0al}]ȪX0SwnW3v~X 9o7T"*fCbL؍ZAlc r>MF4 JС$e\D`-Dkz`S.dY.վ*:v7M!M#&XRi#1DaaϠYp{e>";QzGlZw:GS-Ӷ|0\͙5.} uXdJ3+慨2E/ٽ9̚Y]&<%/W}&g֕BLz|:grN9 tP^eut70-`Ef _G%M \&/`.+h˺ZC(SJlŘNbZdM\M`j8ȁ>j%֫nBDGcE;tUE#H%uywQb*5|k> s7K5^䭖u&2#QЯ^2hwTK"۔BBW-?3nO_,yj`CMN͎?, Y\$9Yf"󽪮mC?LݯSwX::9cCiwc|/D>o"l;9"()5\Gq쪰0d 9!yE XKvcX!u/mC3If TEB| IYjC~VךOHmL\Zt6@f(ITېsJQԔнV1+XsvMKd۰u|N .jՈ̮R¼LAOә*4Gްo@ GLP#&{!Mx[qjtMţma޵XPɘ^I )&x-o z)Kr YZ