diff options
Diffstat (limited to 'patches/source/grub')
| -rw-r--r-- | patches/source/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch | 45 | ||||
| -rw-r--r-- | patches/source/grub/doinst.sh | 16 | ||||
| -rw-r--r-- | patches/source/grub/etc.default.grub | 28 | ||||
| -rwxr-xr-x | patches/source/grub/grub.SlackBuild | 195 | ||||
| -rw-r--r-- | patches/source/grub/grub.dejavusansmono.gfxterm.font.diff | 43 | ||||
| -rw-r--r-- | patches/source/grub/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff | 75 | ||||
| -rw-r--r-- | patches/source/grub/initrd_naming.patch | 13 | ||||
| -rw-r--r-- | patches/source/grub/slack-desc | 19 | ||||
| -rw-r--r-- | patches/source/grub/txtHRnXiHYUrM.txt | 49 |
9 files changed, 483 insertions, 0 deletions
diff --git a/patches/source/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/patches/source/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch new file mode 100644 index 000000000..5701b5475 --- /dev/null +++ b/patches/source/grub/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch @@ -0,0 +1,45 @@ +From 88c9657960a6c5d3673a25c266781e876c181add Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert <hecmargi@upv.es> +Date: Fri, 13 Nov 2015 16:21:09 +0100 +Subject: [PATCH] Fix security issue when reading username and password + + This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es> +Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es> +--- + grub-core/lib/crypto.c | 2 +- + grub-core/normal/auth.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 010e550..524a3d8 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -468,7 +468,7 @@ grub_password_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + continue; +diff --git a/grub-core/normal/auth.c b/grub-core/normal/auth.c +index c6bd96e..5782ec5 100644 +--- a/grub-core/normal/auth.c ++++ b/grub-core/normal/auth.c +@@ -172,7 +172,7 @@ grub_username_get (char buf[], unsigned buf_size) + break; + } + +- if (key == '\b') ++ if (key == '\b' && cur_len) + { + cur_len--; + grub_printf ("\b"); +-- +1.9.1 + diff --git a/patches/source/grub/doinst.sh b/patches/source/grub/doinst.sh new file mode 100644 index 000000000..20b6c34e2 --- /dev/null +++ b/patches/source/grub/doinst.sh @@ -0,0 +1,16 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/grub.d/40_custom.new +rm -f etc/grub.d/40_custom.new +config etc/default/grub.new diff --git a/patches/source/grub/etc.default.grub b/patches/source/grub/etc.default.grub new file mode 100644 index 000000000..f612a35a7 --- /dev/null +++ b/patches/source/grub/etc.default.grub @@ -0,0 +1,28 @@ +# If you change this file, run grub-mkconfig -o /boot/grub/grub.cfg +# afterwards to update /boot/grub/grub.cfg. + +GRUB_DEFAULT=0 +#GRUB_HIDDEN_TIMEOUT=0 +GRUB_HIDDEN_TIMEOUT_QUIET=false +GRUB_TIMEOUT=10 +GRUB_DISTRIBUTOR=$( sed 's/Slackware /Slackware-/' /etc/slackware-version ) +GRUB_CMDLINE_LINUX_DEFAULT="" +GRUB_CMDLINE_LINUX="" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +#GRUB_GFXMODE=640x480 +#GRUB_GFXMODE=1024x768x32 + +# Font used on the graphical terminal: +#GRUB_FONT=/usr/share/grub/dejavusansmono.pf2 + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entrys +#GRUB_DISABLE_LINUX_RECOVERY="true" diff --git a/patches/source/grub/grub.SlackBuild b/patches/source/grub/grub.SlackBuild new file mode 100755 index 000000000..641ea5f7d --- /dev/null +++ b/patches/source/grub/grub.SlackBuild @@ -0,0 +1,195 @@ +#!/bin/sh + +# Copyright 2013 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +PKGNAM=grub +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-3_slack14.1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i486 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mcpu=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2" + EFI_FLAGS=" --with-platform=efi --target=x86_64 --program-prefix= " + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1 +cd $PKGNAM-$VERSION + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# Use /boot/initrd.gz as a valid initrd name: +zcat $CWD/initrd_naming.patch | patch -p1 --verbose || exit 1 + +# Patch for recent glibc: +zcat $CWD/txtHRnXiHYUrM.txt.gz | patch -p0 --verbose || exit 1 + +# Support DejaVuSansMono font (dejavusansmono.pf2) by default: +zcat $CWD/grub.dejavusansmono.gfxterm.font.diff.gz | patch -p1 --verbose || exit 1 + +# Terminate EFI several times. This is a workaround for broken UEFI firmware. +zcat $CWD/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff.gz | patch -p1 --verbose || exit 1 + +# Fix security issue when reading username and password: +zcat $CWD/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch.gz | patch -p1 --verbose || exit 1 + +for i in 1 2 ; do + # Skip to regular build if EFI support is not requested: + if [ i = 1 -a -z "$EFI_FLAGS" ]; then + continue; + fi + + # Configure: + CFLAGS="$SLKCFLAGS" \ + ./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --infodir=/usr/info \ + --mandir=/usr/man \ + --disable-werror \ + $EFI_FLAGS + + # Build and install: + make clean + make $NUMJOBS || make || exit 1 + make install DESTDIR=$PKG || exit 1 + + # Clear $EFI_FLAGS for a regular build: + unset EFI_FLAGS +done + +# Preserve the contents of /etc/grub.d/40_custom: +mv $PKG/etc/grub.d/40_custom $PKG/etc/grub.d/40_custom.new + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +mkdir -p $PKG/etc/default +cat $CWD/etc.default.grub > $PKG/etc/default/grub.new + +# Add fonts, if found on the system: +FONT_SIZE=${FONT_SIZE:-19} +if [ -r /usr/share/fonts/TTF/unifont.ttf ]; then + $PKG/usr/bin/grub-mkfont -o $PKG/usr/share/grub/unifont.pf2 -abv \ + -s $FONT_SIZE /usr/share/fonts/TTF/unifont.ttf +fi +if [ -r /usr/share/fonts/TTF/DejaVuSansMono.ttf ]; then + $PKG/usr/bin/grub-mkfont -o $PKG/usr/share/grub/dejavusansmono.pf2 -abv \ + -s $FONT_SIZE /usr/share/fonts/TTF/DejaVuSansMono.ttf +fi + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS BUGS COPYING* INSTALL NEWS README* THANKS TODO \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# Compress and if needed symlink the man pages: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +# Compress info files, if any: +if [ -d $PKG/usr/info ]; then + ( cd $PKG/usr/info + rm -f dir + gzip -9 * + ) +fi + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/grub/grub.dejavusansmono.gfxterm.font.diff b/patches/source/grub/grub.dejavusansmono.gfxterm.font.diff new file mode 100644 index 000000000..53c21ba8e --- /dev/null +++ b/patches/source/grub/grub.dejavusansmono.gfxterm.font.diff @@ -0,0 +1,43 @@ +--- ./util/grub.d/00_header.in.orig 2012-05-03 18:04:39.000000000 -0500 ++++ ./util/grub.d/00_header.in 2013-09-17 01:43:37.870841064 -0500 +@@ -143,7 +143,7 @@ + EOF + else + for dir in "${pkgdatadir}" "`echo '/@bootdirname@/@grubdirname@' | sed "s,//*,/,g"`" /usr/share/grub ; do +- for basename in unicode unifont ascii; do ++ for basename in unicode unifont dejavusansmono ascii; do + path="${dir}/${basename}.pf2" + if is_path_readable_by_grub "${path}" > /dev/null ; then + font_path="${path}" +@@ -156,7 +156,7 @@ + if [ -n "${font_path}" ] ; then + cat << EOF + if [ x\$feature_default_font_path = xy ] ; then +- font=unicode ++ font=dejavusansmono + else + EOF + # Make the font accessible +@@ -169,7 +169,7 @@ + EOF + else + cat << EOF +-if loadfont unicode ; then ++if loadfont dejavusansmono ; then + EOF + fi + fi +--- ./util/grub-install.in.orig 2012-06-26 16:31:03.000000000 -0500 ++++ ./util/grub-install.in 2013-09-17 01:42:02.678834196 -0500 +@@ -552,6 +552,11 @@ + cp "${pkgdatadir}"/themes/starfield/* "${grubdir}"/themes/starfield + fi + ++if test -f "${pkgdatadir}"/dejavusansmono.pf2; then ++ mkdir -p "${grubdir}"/fonts ++ cp "${pkgdatadir}"/dejavusansmono.pf2 "${grubdir}"/fonts ++fi ++ + if test -f "${pkgdatadir}"/unicode.pf2; then + mkdir -p "${grubdir}"/fonts + cp "${pkgdatadir}"/unicode.pf2 "${grubdir}"/fonts diff --git a/patches/source/grub/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff b/patches/source/grub/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff new file mode 100644 index 000000000..d45528488 --- /dev/null +++ b/patches/source/grub/grub.e75fdee420a7ad95e9a465c9699adc2e2e970440.terminate.efi.several.times.diff @@ -0,0 +1,75 @@ +From e75fdee420a7ad95e9a465c9699adc2e2e970440 Mon Sep 17 00:00:00 2001 +From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com> +Date: Tue, 26 Mar 2013 10:34:56 +0000 +Subject: * grub-core/kern/efi/mm.c (grub_efi_finish_boot_services): + + Try terminating EFI services several times due to quirks in some + implementations. +--- +(limited to 'grub-core/kern/efi/mm.c') + +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index 351317b..77c9384 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -160,27 +160,41 @@ grub_efi_finish_boot_services (grub_efi_uintn_t *outbuf_size, void *outbuf, + apple, sizeof (apple)) == 0); + #endif + +- if (grub_efi_get_memory_map (&finish_mmap_size, finish_mmap_buf, &finish_key, +- &finish_desc_size, &finish_desc_version) < 0) +- return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map"); ++ while (1) ++ { ++ if (grub_efi_get_memory_map (&finish_mmap_size, finish_mmap_buf, &finish_key, ++ &finish_desc_size, &finish_desc_version) < 0) ++ return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map"); + +- if (outbuf && *outbuf_size < finish_mmap_size) +- return grub_error (GRUB_ERR_IO, "memory map buffer is too small"); ++ if (outbuf && *outbuf_size < finish_mmap_size) ++ return grub_error (GRUB_ERR_IO, "memory map buffer is too small"); + +- finish_mmap_buf = grub_malloc (finish_mmap_size); +- if (!finish_mmap_buf) +- return grub_errno; ++ finish_mmap_buf = grub_malloc (finish_mmap_size); ++ if (!finish_mmap_buf) ++ return grub_errno; + +- if (grub_efi_get_memory_map (&finish_mmap_size, finish_mmap_buf, &finish_key, +- &finish_desc_size, &finish_desc_version) <= 0) +- return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map"); ++ if (grub_efi_get_memory_map (&finish_mmap_size, finish_mmap_buf, &finish_key, ++ &finish_desc_size, &finish_desc_version) <= 0) ++ { ++ grub_free (finish_mmap_buf); ++ return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map"); ++ } + +- b = grub_efi_system_table->boot_services; +- status = efi_call_2 (b->exit_boot_services, grub_efi_image_handle, +- finish_key); +- if (status != GRUB_EFI_SUCCESS) +- return grub_error (GRUB_ERR_IO, "couldn't terminate EFI services"); ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_2 (b->exit_boot_services, grub_efi_image_handle, ++ finish_key); ++ if (status == GRUB_EFI_SUCCESS) ++ break; + ++ if (status != GRUB_EFI_INVALID_PARAMETER) ++ { ++ grub_free (finish_mmap_buf); ++ return grub_error (GRUB_ERR_IO, "couldn't terminate EFI services"); ++ } ++ ++ grub_free (finish_mmap_buf); ++ grub_printf ("Trying to terminate EFI services again\n"); ++ } + grub_efi_is_finished = 1; + if (outbuf_size) + *outbuf_size = finish_mmap_size; +-- +cgit v0.9.0.2 + diff --git a/patches/source/grub/initrd_naming.patch b/patches/source/grub/initrd_naming.patch new file mode 100644 index 000000000..6b62778b0 --- /dev/null +++ b/patches/source/grub/initrd_naming.patch @@ -0,0 +1,13 @@ +diff -Naur grub-2.00.orig/util/grub.d/10_linux.in grub-2.00/util/grub.d/10_linux.in +--- grub-2.00.orig/util/grub.d/10_linux.in 2012-04-18 23:24:38.000000000 +0200 ++++ grub-2.00/util/grub.d/10_linux.in 2012-06-30 07:53:03.765625589 +0200 +@@ -198,7 +198,8 @@ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ +- "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \ ++ "initrd.gz"; do + if test -e "${dirname}/${i}" ; then + initrd="$i" + break diff --git a/patches/source/grub/slack-desc b/patches/source/grub/slack-desc new file mode 100644 index 000000000..a8159e64e --- /dev/null +++ b/patches/source/grub/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +grub: GRUB (the GRand Unified Bootloader) +grub: +grub: GNU GRUB is a multiboot boot loader. +grub: +grub: Website: http://www.gnu.org/software/grub/ +grub: +grub: +grub: +grub: +grub: +grub: diff --git a/patches/source/grub/txtHRnXiHYUrM.txt b/patches/source/grub/txtHRnXiHYUrM.txt new file mode 100644 index 000000000..b67251f1c --- /dev/null +++ b/patches/source/grub/txtHRnXiHYUrM.txt @@ -0,0 +1,49 @@ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: address@hidden +# target_branch: http://bzr.savannah.gnu.org/r/grub/trunk/grub/ +# testament_sha1: 1c14caf607a0200c0f6c4357baa520d6d5a0297b +# timestamp: 2012-07-04 17:30:47 +0200 +# base_revision_id: address@hidden +# +# Begin patch +=== modified file 'grub-core/gnulib/stdio.in.h' +--- grub-core/gnulib/stdio.in.h 2010-09-20 10:35:33 +0000 ++++ grub-core/gnulib/stdio.in.h 2012-07-04 15:18:15 +0000 +@@ -140,8 +140,10 @@ + /* It is very rare that the developer ever has full control of stdin, + so any use of gets warrants an unconditional warning. Assume it is + always declared, since it is required by C89. */ ++#if defined gets + #undef gets + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); ++#endif + + #if @GNULIB_FOPEN@ + # if @REPLACE_FOPEN@ + +# Begin bundle +IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWaToPesAAfhfgAAQ2Pf/91s2 +2kq////wUAUNaebQdnLC2nS7GCUQQJiaT0xMVPAFPSHqeSPUekDT1DxIMkmp4CMjQKYIZTQaBkAA +AAlCBJmmkGEGqP1QDQBkyeoyAAHMAmAmRgBGJiYTCYIaYmmAkhETaU2jKeiaaMo00ybTRAMhoAZE +8tJd05M/VpkKqZr1UWlZidFLnZHIFGBpA6iFmCP+enOp6RDhNhWZylIRZ+P1Oc1VUs/HzCkLPAxt +XwunBn7vOjjziSdUxqx9ub8/jEdn54odK76GXxknCKa3994J9cFbmU0TjYVx4PuSkX45S7lsu6fB +11tpevByhSKUFgynati1fZO2qnwXbsOnRj3eSMVDcR01oxGDH70eZVV8eHKuG/16A8oZX4GRA3HY +WkgOtgkaVTSP2e+4fqq+AdFSyaWzqIMSbODi0FMCs5i4tK754ns80FDKZDi7pJaux5hYGJNNqZJP +zqB04nTwgmOMnWmSaSehwVSt8isXiDIhjFH3WwPkYZoYudtHD1+dli7GkDvrkbPDnlQzcO42UIST +ZBHIlFlQKJxbulrJVwmiKz1E4kmKcvEYpUpWUIESBoc5sXKigHQ1wWB1DoXUYiExOCWCbUEDIz2X +B0mZugsLQzU7eyo5iF2J3SEDscqwFBNGo+8Ls4birmk8x/MQ3O7kfHfekQWJbuJUC5O1osgKvlDY +HaYcZFabX2SSVlVC06WUWBiM+xtOEiAk+vIHJhu4hU5zOaC7UMuUKogM8IIrIP2RuFu6UXzmu6CE +b0KkW+dLcUWvCemnZbAq4967czYKS2OjhUyjmIskEaKwNQQvWngeNMePErVz/fXjStE+PWKVRVXn +OefXfA5O8TDavj6OOyu79pepI9rcDfrmZdffAht1uGQNDMfM2MuwQon23kn00U6rilRZzBWI7an9 +r1YNKrA7PHvE0dMjOj49RZHkOLjYjhfgemY9+IYMMacxhAYnRVZBHcNG1jejWHLdmKD5e7Q/DwM+ +o8NN1T4cVciq3yGD/Yk4hXYQpFALHFoUHjMZUxk+rbkak6tSdY6Ukgasy2OCsE6LyS+GJiEZE5Y9 +9YC3sznc2z5s9SLjlLQkVO4EI39Hi177Ba51BYWkaaO3QuL1V+xn8M92bnq+oFjESvXvXs/LGspc +ftjWvcipQN+TJtvzlXlJzZ58oLZxRLQrIJCRLY28qKLY9g4tKxzyI2rydlUlTbtztcOv6tS41I9p +DZdILnAmv2yXiI8O0yJhUpubNtN6frcf0hLBMEzLZEc55HAGOONL0RzW3h1ostOibFK8hC4mg1Rd +UzNgmFEbwqV/23fvbpnnCloMFq0is6wj8G67yyY0FgLQY6x+fRLWEicxF4UCjhmqJnXx7IRG6S3g +bbqtsYeWBBaJBT4AhDyHMJvvLlSGr8Y5hrQoN11iyQm72Nmp1IQ1CjmeUNoHHBybqbKXo87gTSky +xTqMvhw55hsy6lPPBngJJFQTZHr4yYWBHRwj1BZ4lhQdmR5PbUqECl+1EOivQsYqELAwpwFvcvug +4CbjkVYIDKqMVFC1rY3A6yWDFaxCbY4ickntghlpplCdtpl/NKNQZwH1JMqLaTwaOmUVSDoLh1NJ +toHJWULox5WMMVOgRQ5mpxVvixydLNaFbQaDtvYvvzSIJvsLLzgyaK3CqqMy02jpRbS4YDWsJtBo +A2QEyiKmT5i9Z6YW9BV/giVaTrhSp1GNpiaC9jXVDSx2AHUDgCsYj04hhF59vBUI0Hq0eO+H/F3J +FOFCQpOg96w= |