From owner-freebsd-announce@FreeBSD.ORG Tue Jun 9 22:39:37 2015 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 32FFCE7; Tue, 9 Jun 2015 22:39:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F9DA177A; Tue, 9 Jun 2015 22:39:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t59MdawI011838; Tue, 9 Jun 2015 22:39:36 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t59MdaKR011836; Tue, 9 Jun 2015 22:39:36 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 9 Jun 2015 22:39:36 GMT Message-Id: <201506092239.t59MdaKR011836@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:06.file X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 22:39:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:06.file Errata Notice The FreeBSD Project Topic: Version and security update of file(1) and libmagic(3) Category: contrib Module: file Announced: 2015-06-09 Affects: All supported versions of FreeBSD. Corrected: 2015-01-23 18:48:59 UTC (stable/10, 10.1-STABLE) 2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11) 2015-01-23 18:50:36 UTC (stable/9, 9.3-STABLE) 2015-06-09 22:13:53 UTC (releng/9.3, 9.3-RELEASE-p15) 2015-05-09 23:53:25 UTC (stable/8, 8.4-STABLE) 2015-06-09 22:13:53 UTC (releng/8.4, 8.4-RELEASE-p29) CVE Name: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-9620, CVE-2014-9621, CVE-2014-9653 For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. II. Problem Description There are a number of denial of service issues when handling complex files, for instance Portable Executable (PE) files and ELF files parsing code with libmagic(3) and in turn file(1). III. Impact An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can cause the application to crash or consume excessive CPU resources, resulting in a denial-of-service. IV. Workaround System administrators who run file(1) and libmagic(3) against untrusted files, for instance when running with a mail server's mail scanner, are advised to configure the scanner in a way so that they do not call file(1) or libmagic(3) to conduct deep inspection of input files. Most of these scanners does not really need the in-depth analysis and the file type determined by libmagic is already sufficient. V. Solution This errata replaces the base system file(1) and libmagic(3) with the version 5.22. Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch # fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch.asc # gpg --verify file-10.1.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch # fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch.asc # gpg --verify file-9.3.patch.asc [FreeBSD 8.4] # fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch # fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch.asc # gpg --verify file-8.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r283135 releng/8.4/ r284194 stable/9/ r277593 releng/9.3/ r284194 stable/10/ r277592 releng/10.1/ r284193 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:06.file.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD) iQIcBAEBCgAGBQJVd2aEAAoJEO1n7NZdz2rnEVQP/2OPfepmvG2/vYrH3bKDHPRi 12QFfE3Ylr8ctoDQRCBazdxhzLEMxdP3g9icJ0ZbnDWVmFtM9BwDfCrkcYmI6uCt 0E1usrqHs6qthm4i1UAwRu4v71LM2yllHCaLt/XWxWDXsbI/vA5wkZgfgZK8kZWW PAiBUuI1bM4pegi+yymgMRoHquoyB0x2jNBKywnb9KT7m8Br9uYnJrCajI6G9HUy /eQKtefOVQat0trIoOwXS7cIZhLWJlVAKUinBjb2IGHxkWOrUhgXlPCpB4efS0pG IqEv2gvHpxllgmf+4leqNXYT8R1EUu+3OE6SbN7jV+RwgPc0TNUxC4Bkb6r1LoSH BRf5FMuVDYAlDKDz4j8NY0v84PpD9d37w7SSBZPiR+Fwn5xs0F4PjsU2c+tPEnVD Sn1vYkafvC+KXsuJtmd4sqb1zLRdpOGDxruA0VtOKATA1sDa1QZIBTB7w7iZ03f5 umCpU8p5mo7a9AroavUEZkcpu4w5BptAsgYoBdOeKHhStBtPlXiGpML8zLhj1qnL hGF6RY2QrhD35C7OIer1ji0F2pEKkFfaeAqkvIXmYJaH+KQeIrEdt+ki2GStW1m9 OdL79RMreVGE1DuX/2puBxKcMsQR+fas4L4uGi46MDXXMeV0LKJHiAT2twJlDOL/ mc3UcOeMcAfOkINcpGuD =8/lF -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Jun 9 22:39:39 2015 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D4D07E8; Tue, 9 Jun 2015 22:39:39 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5B68177B; Tue, 9 Jun 2015 22:39:39 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t59MddIV011851; Tue, 9 Jun 2015 22:39:39 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t59MddQF011849; Tue, 9 Jun 2015 22:39:39 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 9 Jun 2015 22:39:39 GMT Message-Id: <201506092239.t59MddQF011849@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:07.zfs X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2015 22:39:39 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:07.zfs Errata Notice The FreeBSD Project Topic: ZFS Reliability Improvements Category: contrib Module: zfs Announced: 2015-06-09 Affects: FreeBSD 10.1 and later Corrected: 2014-12-05 00:32:33 UTC (stable/10, 10.1-STABLE) 2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ZFS is one of several filesystems available on FreeBSD. ZFS on FreeBSD supports TRIM/UNMAP which helps flash based storage medium to maintain peek performance. ZFS uses different layers of disk cache to speed up read and write operations, and supports second level ARC (L2ARC) which can be used as a second layer cache, which provides storage for less frequently accessed data that would not fit into RAM but still accessed often, providing optimal cost for performance. ZFS supports compression in L2ARC data which optimizes its space efficiency. II. Problem Description When the ZFS filesystem on a file backed pool is used with TRIM support enabled, which is the default, ZIO_TYPE_FREE requests where incorrectly processed as a write request. When the ZFS filesystem is using L2ARC and when L2ARC compression is used, the compression buffer are not properly released sometimes. III. Impact The first problem will panic the system when it happens. The second problem will exhibit as a memory leak, which would lead to performance degradation and eventually a memory overflow, which would lead to a panic. IV. Workaround The first issue can be mitigated by disabling TRIM for ZFS using the loader option vfs.zfs.trim.enabled=0. The second issue can be mitigated by disabling L2ARC. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch # fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch.asc # gpg --verify zfs.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r275492 releng/10.1/ r284193 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:07.zfs.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD) iQIcBAEBCgAGBQJVd2mmAAoJEO1n7NZdz2rnNCQQAJzkz6y4TkdJ5Qn+cj5Z/VdV LTgFnETzhHTck4TwE6xw+iRRRkwFnIC6srCJZt+ueMp1DPILTOK0WivFn1HLsHlN nhnCjhhqpOsHyuYGPyH3ca0S5ObA9F+yE7uMtIbacYTgQHCx1lmjasNY6c1zc39v 6DkdP+qejMa4X2Fro7Glf6aHN+nV6hNTrXEbOlncf3sKqVdGoW6xZ0E+JCBELYnl ojVUTbnrNmdj/syIDoo2Wrl0h7xTaIc9rjAtDqKJ45F2z7E156PRYf3/0SaRJOdU w+NFr0YU87Ho5o+X5YkovpGi1Da+nTBSXkkkwGe+1eRrsbvFG5Imi0c100ZMxG9L TXq8Ny/fIb6IIJftrwIDlTqLiB2vmiZB4NNh9BrpxAvII3dON0uUexvpp4I6mABE s4VeSgYLGIOTq8wEVVtoPWNVfAEjMZfn7v9nkviItdY4sX8S+crxiHeFeVc8Uko5 bBH8ddXL6x55DG9qzWK/owaN7oSbbVSVPRAxghpdppAAeE8SUPANRn/RE0pZCx/a dquTVZlIR87BLFCK5KURi2B1PH7QmzZXzMFHDyOfKQtkOmnqeZqlYbaVM6zZ54ZP a11CmVKPu/pyviO49OBH/SFDkzVuwoqsqR7NfqZd4mj9kIbqxAxjxgxi3n3bA96l YNNoIXxML3p8aRyS3UOZ =7KJF -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Fri Jun 12 07:43:30 2015 Return-Path: Delivered-To: freebsd-announce@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 29E9075; Fri, 12 Jun 2015 07:43:30 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B5F01939; Fri, 12 Jun 2015 07:43:30 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t5C7hT6k035879; Fri, 12 Jun 2015 07:43:29 GMT (envelope-from security-advisories@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t5C7hTIh035877; Fri, 12 Jun 2015 07:43:29 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 12 Jun 2015 07:43:29 GMT Message-Id: <201506120743.t5C7hTIh035877@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-15:10.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jun 2015 07:43:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam [CVE-2015-4000]. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. [CVE-2015-1788] X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. [CVE-2015-1789] The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. [CVE-2015-1790] When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. [CVE-2015-1792] If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur, potentially leading to a double free of the ticket data. [CVE-2015-1791] The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl. III. Impact A man-in-the-middle attacker may be able to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. [CVE-2015-4000]. On FreeBSD 10.1, the patch contains a countermeasure for clients by rejecting handshakes with DH parameters shorter than 768 bits. An attacker who is able to use a certificate to authenticate with a remote system perform denial of service against any system which processes public keys, certificate requests or certificates. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. An attacker can use the CVE-2015-1789 issue by using specifically crafted certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. An attacker who can create specifically crafted malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. [CVE-2015-1790]. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. An attacker can perform denial of service against any system which verifies signedData messages using the CMS code. [CVE-2015-1792] An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc # gpg --verify openssl-10.1.patch.asc [FreeBSD 9.3 and 8.4] # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc # gpg --verify openssl-8.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all deamons using the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD) iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE-----