import CS php-8.0.30-2.el9
This commit is contained in:
parent
a5ae9ae2a4
commit
31339ecef6
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1 @@
|
||||
SOURCES/php-8.0.27.tar.xz
|
||||
SOURCES/php-keyring.gpg
|
||||
SOURCES/php-8.0.30.tar.xz
|
||||
|
@ -1,2 +1 @@
|
||||
ac46d5e81f142f65130407d073997f549f316b4f SOURCES/php-8.0.27.tar.xz
|
||||
84a18625778745667413034f693446ea76846714 SOURCES/php-keyring.gpg
|
||||
f6d5137d6ce3e52b6d8a582e2990913f2807add4 SOURCES/php-8.0.30.tar.xz
|
||||
|
@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
|
||||
than embedding a copy. Discussed upstream but was not desired.
|
||||
|
||||
History:
|
||||
r22: fix possible buffer overflow
|
||||
r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
|
||||
r20: adapt for timelib 2020.03 (in 8.0.10RC1)
|
||||
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
|
||||
@ -454,7 +455,7 @@ index e9bd0f136d..c04ff01adc 100644
|
||||
+ size_t n;
|
||||
+ char *data, *p;
|
||||
+
|
||||
+ data = malloc(3 * sysdb->index_size + 7);
|
||||
+ data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1);
|
||||
+
|
||||
+ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
|
||||
+
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJKBAABCAA0FiEELBbHZdvlSgiBMPG8S5tfYAtV87QFAmO0V3EWHGNhcnVzb2dh
|
||||
YnJpZWxAcGhwLm5ldAAKCRBLm19gC1XztIS+D/4oSpkmnwIJgZVkb3eGrwdOwTzu
|
||||
dDg1cT/eO89AuKmEsVYCDxOGyWIUBunZkZ5sEWbvlNPM4xxxA1EN6DoNMgZal1UN
|
||||
hSdx19IbmMBYAquINikasBQEvMhCJMUNqRvvLmGRndbDk8DusrIEyxv65clpt3xx
|
||||
r7rzYs+06+i2MCUxI53nRX3Hl6MQ208Wx/SefKu2LrZ+5Sylz/fFpYP1kre21f+4
|
||||
Zpig5wR8WS0KyzPO7rPdYq8+SQ88pYrlxSGIbgC1WLDSODWJ2aqSfshinVkOBlMh
|
||||
XdbNv9hBidQT+B0YaTLCm0SrFCpTfBcW4+4WBucjQjhwYtfC+3ldMY/tdzPBIYWI
|
||||
yLfTcpsRViv1Jn4liwFsGIlFPy9CaE3e/IOQaxgh/SAeGwMVQEAkysmTNWCS7/BW
|
||||
uJ/+TeEGoYkLIwbP4AIOk2YXDlr9BwaUHLqITFVgqZLEhXC2elFsPd/9B1MgGwMO
|
||||
1ZcjMoULgPnMkoGhKhuCUuxug4yjBxBVROreNhtXvfmTt24GUkR65Aqm6w8S4OPO
|
||||
kG3aqhSxTAOHQCbMl4PyOkUBUbVIpByiJSMOz+PAAb7SHMc3suw3MEGZTMoLD1Gh
|
||||
JgCjjh0KyMEJtN8nILI85xOQeuv6zG/szwNcZWXrC6+PTndMXOACLyS0dNCevFNz
|
||||
DCp3Qv9kRIty3xvUKg==
|
||||
=Rb0u
|
||||
-----END PGP SIGNATURE-----
|
16
SOURCES/php-8.0.30.tar.xz.asc
Normal file
16
SOURCES/php-8.0.30.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmTL4VIACgkQ+cOdwLlp
|
||||
hUQzrQ//cGopLQ71fiXCM+IYoT7RITJWWeh81fuDpL7bqZblaLRjpoI5I7iUoD10
|
||||
seJMLrzRxh72A3yY5GoF+LVBFc8J4MsOTJLXpIVWYheOY+BVLDhQHOFSZpT3JDN5
|
||||
UH6q21WS6wobwj3fFzJzHSSo8GDeSQ60D1Vq5t5ZVWb6uvmzf/cctcjlWB/Zp/X+
|
||||
hFS6HzrxqM/LBd1IocnTJoLJ2SFCyOS6n9yRJGOW4M3bSqtaTwv1Rd4kTybO0cnF
|
||||
7bJ71+RAQJZIRG9sOHF3ZtPx08kR5NKR3Ev/9YmlrBWMXMOZs3NvM1UB7zcJ8Qok
|
||||
CbYrVsyoEk8La8oCV6Jm2jjD73XY7QIWKBuZMerTP9Y+FTP2m699gXeoamuizriY
|
||||
vWF3j0to67mUY9wWq+4ahfVFdX043mWs2pzvjYTcFcKX0MxFOKMILnAN70a7dKGh
|
||||
D45B0PdCezJvRjsbO9ynfBmCuBzWGWeQDIM9UlJatu8ND4dS+dWp6FPqgZY8wQke
|
||||
8/P6FZlZ9wBsKvfWyA/xLr3fN71u+C3CLgTIOzYhI12FDyb6Cbxy8cq8ruGF4D5x
|
||||
CaSvaOSAXKIPmOhtLgwk2V5jcLlj45cNyFm9PTvqLo3urJFSDXdLJ2Rns5+xjMX9
|
||||
tMiJS4N8UvvhhVDSJr2/qvmh6inhsTRHuUdR8dacapnW0AgsN88=
|
||||
=Gqmv
|
||||
-----END PGP SIGNATURE-----
|
67
SOURCES/php-cve-2024-11233.patch
Normal file
67
SOURCES/php-cve-2024-11233.patch
Normal file
File diff suppressed because one or more lines are too long
118
SOURCES/php-cve-2024-11234.patch
Normal file
118
SOURCES/php-cve-2024-11234.patch
Normal file
@ -0,0 +1,118 @@
|
||||
From bc1f192102dd8cbda028e40aa31604c4885d387c Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Zelenka <bukka@php.net>
|
||||
Date: Fri, 8 Nov 2024 23:43:47 +0100
|
||||
Subject: [PATCH 3/8] Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF
|
||||
injection
|
||||
|
||||
(cherry picked from commit 426a6d4539ebee34879ac5de857036bb6ff0e732)
|
||||
---
|
||||
ext/standard/http_fopen_wrapper.c | 18 ++++++++----
|
||||
.../tests/http/ghsa-c5f2-jwm7-mmq2.phpt | 28 +++++++++++++++++++
|
||||
2 files changed, 40 insertions(+), 6 deletions(-)
|
||||
create mode 100644 ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
|
||||
|
||||
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
|
||||
index 45677c396ac..6859a4e5181 100644
|
||||
--- a/ext/standard/http_fopen_wrapper.c
|
||||
+++ b/ext/standard/http_fopen_wrapper.c
|
||||
@@ -184,6 +184,11 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ /* Should we send the entire path in the request line, default to no. */
|
||||
+ if (context && (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
|
||||
+ request_fulluri = zend_is_true(tmpzval);
|
||||
+ }
|
||||
+
|
||||
use_ssl = resource->scheme && (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
|
||||
/* choose default ports */
|
||||
if (use_ssl && resource->port == 0)
|
||||
@@ -203,6 +208,13 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
|
||||
}
|
||||
}
|
||||
|
||||
+ if (request_fulluri && (strchr(path, '\n') != NULL || strchr(path, '\r') != NULL)) {
|
||||
+ php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper full URI path does not allow CR or LF characters");
|
||||
+ php_url_free(resource);
|
||||
+ zend_string_release(transport_string);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
|
||||
double d = zval_get_double(tmpzval);
|
||||
#ifndef PHP_WIN32
|
||||
@@ -383,12 +395,6 @@ finish:
|
||||
smart_str_appends(&req_buf, "GET ");
|
||||
}
|
||||
|
||||
- /* Should we send the entire path in the request line, default to no. */
|
||||
- if (!request_fulluri && context &&
|
||||
- (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
|
||||
- request_fulluri = zend_is_true(tmpzval);
|
||||
- }
|
||||
-
|
||||
if (request_fulluri) {
|
||||
/* Ask for everything */
|
||||
smart_str_appends(&req_buf, path);
|
||||
diff --git a/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..e7dd194dbbe
|
||||
--- /dev/null
|
||||
+++ b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
|
||||
@@ -0,0 +1,28 @@
|
||||
+--TEST--
|
||||
+GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs)
|
||||
+--INI--
|
||||
+allow_url_fopen=1
|
||||
+--CONFLICTS--
|
||||
+server
|
||||
+--FILE--
|
||||
+<?php
|
||||
+$serverCode = <<<'CODE'
|
||||
+echo $_SERVER['REQUEST_URI'];
|
||||
+CODE;
|
||||
+
|
||||
+include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc";
|
||||
+php_cli_server_start($serverCode, null, []);
|
||||
+
|
||||
+$host = PHP_CLI_SERVER_ADDRESS;
|
||||
+$userinput = "index.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index2.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index.php";
|
||||
+$context = stream_context_create(['http' => ['proxy' => 'tcp://' . $host, 'request_fulluri' => true]]);
|
||||
+echo file_get_contents("http://$host/$userinput", false, $context);
|
||||
+?>
|
||||
+--EXPECTF--
|
||||
+Warning: file_get_contents(http://localhost:%d/index.php HTTP/1.1
|
||||
+Host: localhost:%d
|
||||
+
|
||||
+GET /index2.php HTTP/1.1
|
||||
+Host: localhost:%d
|
||||
+
|
||||
+GET /index.php): Failed to open stream: HTTP wrapper full URI path does not allow CR or LF characters in %s on line %d
|
||||
--
|
||||
2.47.0
|
||||
|
||||
From 8d130e16fbfda7d154fedfa0f1ff1d5ad5e26815 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Fri, 22 Nov 2024 09:41:12 +0100
|
||||
Subject: [PATCH 8/8] fix transport_string release
|
||||
|
||||
---
|
||||
ext/standard/http_fopen_wrapper.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
|
||||
index 6859a4e5181..40e6f3dd4c3 100644
|
||||
--- a/ext/standard/http_fopen_wrapper.c
|
||||
+++ b/ext/standard/http_fopen_wrapper.c
|
||||
@@ -211,7 +211,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
|
||||
if (request_fulluri && (strchr(path, '\n') != NULL || strchr(path, '\r') != NULL)) {
|
||||
php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper full URI path does not allow CR or LF characters");
|
||||
php_url_free(resource);
|
||||
- zend_string_release(transport_string);
|
||||
+ efree(transport_string);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
--
|
||||
2.47.0
|
||||
|
117
SOURCES/php-cve-2024-11236.patch
Normal file
117
SOURCES/php-cve-2024-11236.patch
Normal file
@ -0,0 +1,117 @@
|
||||
From 5d9e54065ed18c51e4f25d8900635f90810c7394 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Thu, 24 Oct 2024 22:02:17 +0200
|
||||
Subject: [PATCH 1/8] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib
|
||||
quoter causing OOB writes
|
||||
|
||||
(cherry picked from commit d9baa9fed8c3ba692a36b388c0c7762e5102e2e0)
|
||||
---
|
||||
ext/pdo_dblib/dblib_driver.c | 8 ++++++-
|
||||
ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt | 24 ++++++++++++++++++++
|
||||
2 files changed, 31 insertions(+), 1 deletion(-)
|
||||
create mode 100644 ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
|
||||
|
||||
diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
|
||||
index 7f160a402f7..d7d0901ea1a 100644
|
||||
--- a/ext/pdo_dblib/dblib_driver.c
|
||||
+++ b/ext/pdo_dblib/dblib_driver.c
|
||||
@@ -152,6 +152,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
|
||||
|
||||
size_t i;
|
||||
char * q;
|
||||
+ size_t extralen = 0;
|
||||
*quotedlen = 0;
|
||||
|
||||
if (H->assume_national_character_set_strings) {
|
||||
@@ -166,7 +167,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
|
||||
|
||||
/* Detect quoted length, adding extra char for doubled single quotes */
|
||||
for (i = 0; i < unquotedlen; i++) {
|
||||
- if (unquoted[i] == '\'') ++*quotedlen;
|
||||
+ if (unquoted[i] == '\'') ++extralen;
|
||||
++*quotedlen;
|
||||
}
|
||||
|
||||
@@ -174,6 +175,11 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
|
||||
if (use_national_character_set) {
|
||||
++*quotedlen; /* N prefix */
|
||||
}
|
||||
+ if (UNEXPECTED(*quotedlen > ZSTR_MAX_LEN - extralen)) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ *quotedlen += extralen;
|
||||
q = *quoted = emalloc(*quotedlen + 1); /* Add byte for terminal null */
|
||||
if (use_national_character_set) {
|
||||
*q++ = 'N';
|
||||
diff --git a/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..431c61951ee
|
||||
--- /dev/null
|
||||
+++ b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
|
||||
@@ -0,0 +1,24 @@
|
||||
+--TEST--
|
||||
+GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes)
|
||||
+--EXTENSIONS--
|
||||
+pdo_dblib
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+if (PHP_INT_SIZE != 4) die("skip for 32bit platforms only");
|
||||
+if (PHP_OS_FAMILY === "Windows") die("skip not for Windows because the virtual address space for application is only 2GiB");
|
||||
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
|
||||
+require __DIR__ . '/config.inc';
|
||||
+getDbConnection();
|
||||
+?>
|
||||
+--INI--
|
||||
+memory_limit=-1
|
||||
+--FILE--
|
||||
+<?php
|
||||
+
|
||||
+require __DIR__ . '/config.inc';
|
||||
+$db = getDbConnection();
|
||||
+var_dump($db->quote(str_repeat("'", 2147483646)));
|
||||
+
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+bool(false)
|
||||
--
|
||||
2.47.0
|
||||
|
||||
From b4f73be75dbdde970a18cc7a636898b10400fb3f Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Thu, 24 Oct 2024 22:02:36 +0200
|
||||
Subject: [PATCH 2/8] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird
|
||||
quoter causing OOB writes
|
||||
|
||||
(cherry picked from commit 69c5f68fdc3deed9ebce2cc44b4bf5e0c47cd28f)
|
||||
---
|
||||
ext/pdo_firebird/firebird_driver.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c
|
||||
index e0a424c56ab..fb697978503 100644
|
||||
--- a/ext/pdo_firebird/firebird_driver.c
|
||||
+++ b/ext/pdo_firebird/firebird_driver.c
|
||||
@@ -663,7 +663,7 @@ free_statement:
|
||||
static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, /* {{{ */
|
||||
char **quoted, size_t *quotedlen, enum pdo_param_type paramtype)
|
||||
{
|
||||
- int qcount = 0;
|
||||
+ size_t qcount = 0;
|
||||
char const *co, *l, *r;
|
||||
char *c;
|
||||
|
||||
@@ -678,6 +678,10 @@ static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t u
|
||||
/* count the number of ' characters */
|
||||
for (co = unquoted; (co = strchr(co,'\'')); qcount++, co++);
|
||||
|
||||
+ if (UNEXPECTED(unquotedlen + 2 > ZSTR_MAX_LEN - qcount)) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
*quotedlen = unquotedlen + qcount + 2;
|
||||
*quoted = c = emalloc(*quotedlen+1);
|
||||
*c++ = '\'';
|
||||
--
|
||||
2.47.0
|
||||
|
191
SOURCES/php-cve-2024-2756.patch
Normal file
191
SOURCES/php-cve-2024-2756.patch
Normal file
@ -0,0 +1,191 @@
|
||||
From 2e07a3acd7a6b53c55325b94bed97748d7697b53 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Sun, 17 Mar 2024 21:04:47 +0100
|
||||
Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass
|
||||
due to partial CVE-2022-31629 fix
|
||||
|
||||
The check happened too early as later code paths may perform more
|
||||
mangling rules. Move the check downwards right before adding the actual
|
||||
variable.
|
||||
|
||||
(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53)
|
||||
---
|
||||
ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++
|
||||
main/php_variables.c | 41 +++++++++-----
|
||||
2 files changed, 90 insertions(+), 14 deletions(-)
|
||||
create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
|
||||
|
||||
diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..77fcb680894
|
||||
--- /dev/null
|
||||
+++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
|
||||
@@ -0,0 +1,63 @@
|
||||
+--TEST--
|
||||
+ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix)
|
||||
+--COOKIE--
|
||||
+..Host-test=ignore_1;
|
||||
+._Host-test=ignore_2;
|
||||
+.[Host-test=ignore_3;
|
||||
+_.Host-test=ignore_4;
|
||||
+__Host-test=ignore_5;
|
||||
+_[Host-test=ignore_6;
|
||||
+[.Host-test=ignore_7;
|
||||
+[_Host-test=ignore_8;
|
||||
+[[Host-test=ignore_9;
|
||||
+..Host-test[]=ignore_10;
|
||||
+._Host-test[]=ignore_11;
|
||||
+.[Host-test[]=ignore_12;
|
||||
+_.Host-test[]=ignore_13;
|
||||
+__Host-test[]=legitimate_14;
|
||||
+_[Host-test[]=legitimate_15;
|
||||
+[.Host-test[]=ignore_16;
|
||||
+[_Host-test[]=ignore_17;
|
||||
+[[Host-test[]=ignore_18;
|
||||
+..Secure-test=ignore_1;
|
||||
+._Secure-test=ignore_2;
|
||||
+.[Secure-test=ignore_3;
|
||||
+_.Secure-test=ignore_4;
|
||||
+__Secure-test=ignore_5;
|
||||
+_[Secure-test=ignore_6;
|
||||
+[.Secure-test=ignore_7;
|
||||
+[_Secure-test=ignore_8;
|
||||
+[[Secure-test=ignore_9;
|
||||
+..Secure-test[]=ignore_10;
|
||||
+._Secure-test[]=ignore_11;
|
||||
+.[Secure-test[]=ignore_12;
|
||||
+_.Secure-test[]=ignore_13;
|
||||
+__Secure-test[]=legitimate_14;
|
||||
+_[Secure-test[]=legitimate_15;
|
||||
+[.Secure-test[]=ignore_16;
|
||||
+[_Secure-test[]=ignore_17;
|
||||
+[[Secure-test[]=ignore_18;
|
||||
+--FILE--
|
||||
+<?php
|
||||
+var_dump($_COOKIE);
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+array(3) {
|
||||
+ ["__Host-test"]=>
|
||||
+ array(1) {
|
||||
+ [0]=>
|
||||
+ string(13) "legitimate_14"
|
||||
+ }
|
||||
+ ["_"]=>
|
||||
+ array(2) {
|
||||
+ ["Host-test["]=>
|
||||
+ string(13) "legitimate_15"
|
||||
+ ["Secure-test["]=>
|
||||
+ string(13) "legitimate_15"
|
||||
+ }
|
||||
+ ["__Secure-test"]=>
|
||||
+ array(1) {
|
||||
+ [0]=>
|
||||
+ string(13) "legitimate_14"
|
||||
+ }
|
||||
+}
|
||||
diff --git a/main/php_variables.c b/main/php_variables.c
|
||||
index 27a9ad089e7..dc888bdfc64 100644
|
||||
--- a/main/php_variables.c
|
||||
+++ b/main/php_variables.c
|
||||
@@ -54,6 +54,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz
|
||||
zend_string_release_ex(key, 0);
|
||||
}
|
||||
|
||||
+/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host-
|
||||
+ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
|
||||
+static bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name)
|
||||
+{
|
||||
+ if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) {
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+ if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
|
||||
{
|
||||
char *p = NULL;
|
||||
@@ -104,20 +119,6 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
|
||||
}
|
||||
var_len = p - var;
|
||||
|
||||
- /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
|
||||
- if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
|
||||
- zval_ptr_dtor_nogc(val);
|
||||
- free_alloca(var_orig, use_heap);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
|
||||
- if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
|
||||
- zval_ptr_dtor_nogc(val);
|
||||
- free_alloca(var_orig, use_heap);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
if (var_len==0) { /* empty variable name, or variable name with a space in it */
|
||||
zval_ptr_dtor_nogc(val);
|
||||
free_alloca(var_orig, use_heap);
|
||||
@@ -221,6 +222,12 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
+ if (php_is_forbidden_variable_name(index, index_len, var_name)) {
|
||||
+ zval_ptr_dtor_nogc(val);
|
||||
+ free_alloca(var_orig, use_heap);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
|
||||
if (!gpc_element_p) {
|
||||
zval tmp;
|
||||
@@ -258,6 +265,12 @@ plain_var:
|
||||
zval_ptr_dtor_nogc(val);
|
||||
}
|
||||
} else {
|
||||
+ if (php_is_forbidden_variable_name(index, index_len, var_name)) {
|
||||
+ zval_ptr_dtor_nogc(val);
|
||||
+ free_alloca(var_orig, use_heap);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
zend_ulong idx;
|
||||
|
||||
/*
|
||||
--
|
||||
2.44.0
|
||||
|
||||
From 366cc249b7d54707572beb7096e8f6c65ee79719 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Wed, 10 Apr 2024 08:59:32 +0200
|
||||
Subject: [PATCH 2/4] NEWS
|
||||
|
||||
---
|
||||
NEWS | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 8147a7e517c..14fda3a58b9 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -1,5 +1,12 @@
|
||||
PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
+
|
||||
+Backported from 8.1.28
|
||||
+
|
||||
+- Standard:
|
||||
+ . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
|
||||
+ partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
|
||||
+
|
||||
03 Aug 2023, PHP 8.0.30
|
||||
|
||||
- Libxml:
|
||||
--
|
||||
2.44.0
|
||||
|
77
SOURCES/php-cve-2024-3096.patch
Normal file
77
SOURCES/php-cve-2024-3096.patch
Normal file
@ -0,0 +1,77 @@
|
||||
From 81794c73068d9a44bf109bbcc9793e7b56a1c051 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Zelenka <bukka@php.net>
|
||||
Date: Fri, 29 Mar 2024 15:27:59 +0000
|
||||
Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can
|
||||
erroneously return true
|
||||
|
||||
Disallow null character in bcrypt password
|
||||
|
||||
(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826)
|
||||
---
|
||||
ext/standard/password.c | 5 +++++
|
||||
ext/standard/tests/password/password_bcrypt_errors.phpt | 7 +++++++
|
||||
2 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/ext/standard/password.c b/ext/standard/password.c
|
||||
index fb29e7bbba4..40117983f70 100644
|
||||
--- a/ext/standard/password.c
|
||||
+++ b/ext/standard/password.c
|
||||
@@ -184,6 +184,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
|
||||
zval *zcost;
|
||||
zend_long cost = PHP_PASSWORD_BCRYPT_COST;
|
||||
|
||||
+ if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
|
||||
+ zend_value_error("Bcrypt password must not contain null character");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
|
||||
cost = zval_get_long(zcost);
|
||||
}
|
||||
diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
|
||||
index 10c3483f5a8..5d823cba021 100644
|
||||
--- a/ext/standard/tests/password/password_bcrypt_errors.phpt
|
||||
+++ b/ext/standard/tests/password/password_bcrypt_errors.phpt
|
||||
@@ -14,7 +14,14 @@ try {
|
||||
} catch (ValueError $exception) {
|
||||
echo $exception->getMessage() . "\n";
|
||||
}
|
||||
+
|
||||
+try {
|
||||
+ var_dump(password_hash("null\0password", PASSWORD_BCRYPT));
|
||||
+} catch (ValueError $e) {
|
||||
+ echo $e->getMessage(), "\n";
|
||||
+}
|
||||
?>
|
||||
--EXPECT--
|
||||
Invalid bcrypt cost parameter specified: 3
|
||||
Invalid bcrypt cost parameter specified: 32
|
||||
+Bcrypt password must not contain null character
|
||||
--
|
||||
2.44.0
|
||||
|
||||
From 24f77904ee2259d722559f129f96a1f145a2367b Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Wed, 10 Apr 2024 09:01:09 +0200
|
||||
Subject: [PATCH 4/4] NEWS
|
||||
|
||||
---
|
||||
NEWS | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 14fda3a58b9..8b4801d707e 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -6,6 +6,8 @@ Backported from 8.1.28
|
||||
- Standard:
|
||||
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
|
||||
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
|
||||
+ . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
|
||||
+ opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
|
||||
|
||||
03 Aug 2023, PHP 8.0.30
|
||||
|
||||
--
|
||||
2.44.0
|
||||
|
177
SOURCES/php-cve-2024-5458.patch
Normal file
177
SOURCES/php-cve-2024-5458.patch
Normal file
@ -0,0 +1,177 @@
|
||||
From 4066610b47e22c24cbee91be434a94357056a479 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Wed, 22 May 2024 22:25:02 +0200
|
||||
Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w
|
||||
|
||||
We should not early-out with success status if we found an ipv6
|
||||
hostname, we should keep checking the rest of the conditions.
|
||||
Because integrating the if-check of the ipv6 hostname in the
|
||||
"Validate domain" if-check made the code hard to read, I extracted the
|
||||
condition out to a separate function. This also required to make
|
||||
a few pointers const in order to have some clean code.
|
||||
---
|
||||
ext/filter/logical_filters.c | 35 ++++++++++---------
|
||||
ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++
|
||||
2 files changed, 61 insertions(+), 15 deletions(-)
|
||||
create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
|
||||
|
||||
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
|
||||
index ad011568aac..300c6e2809c 100644
|
||||
--- a/ext/filter/logical_filters.c
|
||||
+++ b/ext/filter/logical_filters.c
|
||||
@@ -89,7 +89,7 @@
|
||||
#define FORMAT_IPV4 4
|
||||
#define FORMAT_IPV6 6
|
||||
|
||||
-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]);
|
||||
+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]);
|
||||
|
||||
static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */
|
||||
zend_long ctx_value;
|
||||
@@ -572,6 +572,14 @@ static int is_userinfo_valid(zend_string *str)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l)
|
||||
+{
|
||||
+ const char *e = s + l;
|
||||
+ const char *t = e - 1;
|
||||
+
|
||||
+ return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL);
|
||||
+}
|
||||
+
|
||||
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||
{
|
||||
php_url *url;
|
||||
@@ -592,7 +600,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||
|
||||
if (url->scheme != NULL &&
|
||||
(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
|
||||
- char *e, *s, *t;
|
||||
+ const char *s;
|
||||
size_t l;
|
||||
|
||||
if (url->host == NULL) {
|
||||
@@ -601,17 +609,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||
|
||||
s = ZSTR_VAL(url->host);
|
||||
l = ZSTR_LEN(url->host);
|
||||
- e = s + l;
|
||||
- t = e - 1;
|
||||
-
|
||||
- /* An IPv6 enclosed by square brackets is a valid hostname */
|
||||
- if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) {
|
||||
- php_url_free(url);
|
||||
- return;
|
||||
- }
|
||||
|
||||
- // Validate domain
|
||||
- if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
|
||||
+ if (
|
||||
+ /* An IPv6 enclosed by square brackets is a valid hostname.*/
|
||||
+ !php_filter_is_valid_ipv6_hostname(s, l) &&
|
||||
+ /* Validate domain.
|
||||
+ * This includes a loose check for an IPv4 address. */
|
||||
+ !_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)
|
||||
+ ) {
|
||||
php_url_free(url);
|
||||
RETURN_VALIDATION_FAILED
|
||||
}
|
||||
@@ -745,15 +750,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */
|
||||
+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */
|
||||
{
|
||||
int compressed_pos = -1;
|
||||
int blocks = 0;
|
||||
int num, n, i;
|
||||
char *ipv4;
|
||||
- char *end;
|
||||
+ const char *end;
|
||||
int ip4elm[4];
|
||||
- char *s = str;
|
||||
+ const char *s = str;
|
||||
|
||||
if (!memchr(str, ':', str_len)) {
|
||||
return 0;
|
||||
diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..0092408ee5a
|
||||
--- /dev/null
|
||||
+++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
|
||||
@@ -0,0 +1,41 @@
|
||||
+--TEST--
|
||||
+GHSA-w8qr-v226-r27w
|
||||
+--EXTENSIONS--
|
||||
+filter
|
||||
+--FILE--
|
||||
+<?php
|
||||
+
|
||||
+function test(string $input) {
|
||||
+ var_dump(filter_var($input, FILTER_VALIDATE_URL));
|
||||
+}
|
||||
+
|
||||
+echo "--- These ones should fail ---\n";
|
||||
+test("http://t[est@127.0.0.1");
|
||||
+test("http://t[est@[::1]");
|
||||
+test("http://t[est@[::1");
|
||||
+test("http://t[est@::1]");
|
||||
+test("http://php.net\\@aliyun.com/aaa.do");
|
||||
+test("http://test[@2001:db8:3333:4444:5555:6666:1.2.3.4]");
|
||||
+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4]");
|
||||
+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4");
|
||||
+
|
||||
+echo "--- These ones should work ---\n";
|
||||
+test("http://test@127.0.0.1");
|
||||
+test("http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]");
|
||||
+test("http://test@[::1]");
|
||||
+
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+--- These ones should fail ---
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+bool(false)
|
||||
+--- These ones should work ---
|
||||
+string(21) "http://test@127.0.0.1"
|
||||
+string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]"
|
||||
+string(17) "http://test@[::1]"
|
||||
--
|
||||
2.45.1
|
||||
|
||||
From a1ff81b786bd519597e770795be114f5171f0648 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Tue, 4 Jun 2024 16:48:08 +0200
|
||||
Subject: [PATCH 2/2] NEWS
|
||||
|
||||
---
|
||||
NEWS | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 1300609f189..7a9b6bdae18 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -1,6 +1,12 @@
|
||||
PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
|
||||
+Backported from 8.1.29
|
||||
+
|
||||
+- Filter:
|
||||
+ . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
|
||||
+ (CVE-2024-5458) (nielsdos)
|
||||
+
|
||||
Backported from 8.1.28
|
||||
|
||||
- Standard:
|
||||
--
|
||||
2.45.1
|
||||
|
188
SOURCES/php-cve-2024-8925.patch
Normal file
188
SOURCES/php-cve-2024-8925.patch
Normal file
@ -0,0 +1,188 @@
|
||||
From 2b0daf421c162376892832588eccdfa9a286ed09 Mon Sep 17 00:00:00 2001
|
||||
From: Arnaud Le Blanc <arnaud.lb@gmail.com>
|
||||
Date: Mon, 9 Sep 2024 15:22:07 +0200
|
||||
Subject: [PATCH 3/8] Fix GHSA-9pqp-7h25-4f32
|
||||
|
||||
multipart/form-data boundaries larger than the read buffer result in erroneous
|
||||
parsing, which violates data integrity.
|
||||
|
||||
Limit boundary size, as allowed by RFC 1521:
|
||||
|
||||
Encapsulation boundaries [...] must be no longer than 70 characters, not
|
||||
counting the two leading hyphens.
|
||||
|
||||
We correctly parse payloads with boundaries of length up to
|
||||
FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.
|
||||
|
||||
(cherry picked from commit 19b49258d0c5a61398d395d8afde1123e8d161e0)
|
||||
---
|
||||
main/rfc1867.c | 7 ++
|
||||
tests/basic/GHSA-9pqp-7h25-4f32.inc | 3 +
|
||||
tests/basic/GHSA-9pqp-7h25-4f32.phpt | 100 +++++++++++++++++++++++++++
|
||||
3 files changed, 110 insertions(+)
|
||||
create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.inc
|
||||
create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
|
||||
diff --git a/main/rfc1867.c b/main/rfc1867.c
|
||||
index 3086e8da3db..eafe6a67d2e 100644
|
||||
--- a/main/rfc1867.c
|
||||
+++ b/main/rfc1867.c
|
||||
@@ -752,6 +752,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
|
||||
boundary_len = boundary_end-boundary;
|
||||
}
|
||||
|
||||
+ /* Boundaries larger than FILLUNIT-strlen("\r\n--") characters lead to
|
||||
+ * erroneous parsing */
|
||||
+ if (boundary_len > FILLUNIT-strlen("\r\n--")) {
|
||||
+ sapi_module.sapi_error(E_WARNING, "Boundary too large in multipart/form-data POST data");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* Initialize the buffer */
|
||||
if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) {
|
||||
sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer");
|
||||
diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.inc b/tests/basic/GHSA-9pqp-7h25-4f32.inc
|
||||
new file mode 100644
|
||||
index 00000000000..adf72a361a2
|
||||
--- /dev/null
|
||||
+++ b/tests/basic/GHSA-9pqp-7h25-4f32.inc
|
||||
@@ -0,0 +1,3 @@
|
||||
+<?php
|
||||
+print "Hello world\n";
|
||||
+var_dump($_POST);
|
||||
diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..af819163705
|
||||
--- /dev/null
|
||||
+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
@@ -0,0 +1,100 @@
|
||||
+--TEST--
|
||||
+GHSA-9pqp-7h25-4f32
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
|
||||
+ die("skip php-cgi not available");
|
||||
+}
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+
|
||||
+const FILLUNIT = 5 * 1024;
|
||||
+
|
||||
+function test($boundaryLen) {
|
||||
+ printf("Boundary len: %d\n", $boundaryLen);
|
||||
+
|
||||
+ $cmd = [
|
||||
+ getenv('TEST_PHP_CGI_EXECUTABLE'),
|
||||
+ '-C',
|
||||
+ '-n',
|
||||
+ __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
|
||||
+ ];
|
||||
+
|
||||
+ $boundary = str_repeat('A', $boundaryLen);
|
||||
+ $body = ""
|
||||
+ . "--$boundary\r\n"
|
||||
+ . "Content-Disposition: form-data; name=\"koko\"\r\n"
|
||||
+ . "\r\n"
|
||||
+ . "BBB\r\n--" . substr($boundary, 0, -1) . "CCC\r\n"
|
||||
+ . "--$boundary--\r\n"
|
||||
+ ;
|
||||
+
|
||||
+ $env = array_merge($_ENV, [
|
||||
+ 'REDIRECT_STATUS' => '1',
|
||||
+ 'CONTENT_TYPE' => "multipart/form-data; boundary=$boundary",
|
||||
+ 'CONTENT_LENGTH' => strlen($body),
|
||||
+ 'REQUEST_METHOD' => 'POST',
|
||||
+ 'SCRIPT_FILENAME' => __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
|
||||
+ ]);
|
||||
+
|
||||
+ $spec = [
|
||||
+ 0 => ['pipe', 'r'],
|
||||
+ 1 => STDOUT,
|
||||
+ 2 => STDOUT,
|
||||
+ ];
|
||||
+
|
||||
+ $pipes = [];
|
||||
+
|
||||
+ print "Starting...\n";
|
||||
+
|
||||
+ $handle = proc_open($cmd, $spec, $pipes, getcwd(), $env);
|
||||
+
|
||||
+ fwrite($pipes[0], $body);
|
||||
+
|
||||
+ $status = proc_close($handle);
|
||||
+
|
||||
+ print "\n";
|
||||
+}
|
||||
+
|
||||
+for ($offset = -1; $offset <= 1; $offset++) {
|
||||
+ test(FILLUNIT - strlen("\r\n--") + $offset);
|
||||
+}
|
||||
+
|
||||
+?>
|
||||
+--EXPECTF--
|
||||
+Boundary len: 5115
|
||||
+Starting...
|
||||
+X-Powered-By: %s
|
||||
+Content-type: text/html; charset=UTF-8
|
||||
+
|
||||
+Hello world
|
||||
+array(1) {
|
||||
+ ["koko"]=>
|
||||
+ string(5124) "BBB
|
||||
+--AAA%sCCC"
|
||||
+}
|
||||
+
|
||||
+Boundary len: 5116
|
||||
+Starting...
|
||||
+X-Powered-By: %s
|
||||
+Content-type: text/html; charset=UTF-8
|
||||
+
|
||||
+Hello world
|
||||
+array(1) {
|
||||
+ ["koko"]=>
|
||||
+ string(5125) "BBB
|
||||
+--AAA%sCCC"
|
||||
+}
|
||||
+
|
||||
+Boundary len: 5117
|
||||
+Starting...
|
||||
+X-Powered-By: %s
|
||||
+Content-type: text/html; charset=UTF-8
|
||||
+
|
||||
+<br />
|
||||
+<b>Warning</b>: Boundary too large in multipart/form-data POST data in <b>Unknown</b> on line <b>0</b><br />
|
||||
+Hello world
|
||||
+array(0) {
|
||||
+}
|
||||
+
|
||||
--
|
||||
2.46.1
|
||||
|
||||
From c75683864f6e4188439e8ca2adbb05824918be12 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Zelenka <bukka@php.net>
|
||||
Date: Mon, 23 Sep 2024 18:54:31 +0100
|
||||
Subject: [PATCH 7/8] Skip GHSA-9pqp-7h25-4f32 test on Windows
|
||||
|
||||
(cherry picked from commit c70e25630832fa10d421328eed2b8e1a36af7a64)
|
||||
---
|
||||
tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
index af819163705..29bcb6557d5 100644
|
||||
--- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
|
||||
@@ -5,6 +5,9 @@ GHSA-9pqp-7h25-4f32
|
||||
if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
|
||||
die("skip php-cgi not available");
|
||||
}
|
||||
+if (substr(PHP_OS, 0, 3) == 'WIN') {
|
||||
+ die("skip not for Windows in CI - probably resource issue");
|
||||
+}
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
--
|
||||
2.46.1
|
||||
|
209
SOURCES/php-cve-2024-8926.patch
Normal file
209
SOURCES/php-cve-2024-8926.patch
Normal file
@ -0,0 +1,209 @@
|
||||
From 9f95e17cc0a9a79da82157e34e3effe1bc395037 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Ehrhardt <github@ehrhardt.nl>
|
||||
Date: Wed, 5 Jun 2024 20:44:46 +0200
|
||||
Subject: [PATCH 1/8] Fix GHSA-3qgc-jrrr-25jv
|
||||
|
||||
---
|
||||
sapi/cgi/cgi_main.c | 23 ++++++++++++++-
|
||||
sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt | 38 +++++++++++++++++++++++++
|
||||
2 files changed, 60 insertions(+), 1 deletion(-)
|
||||
create mode 100644 sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
|
||||
|
||||
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
|
||||
index 0d52941c5a1..0d3b54ed8b8 100644
|
||||
--- a/sapi/cgi/cgi_main.c
|
||||
+++ b/sapi/cgi/cgi_main.c
|
||||
@@ -1798,8 +1798,13 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
+ /* Apache CGI will pass the query string to the command line if it doesn't contain a '='.
|
||||
+ * This can create an issue where a malicious request can pass command line arguments to
|
||||
+ * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
|
||||
+ * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
|
||||
+ * Therefore, this code only prevents passing arguments if the query string starts with a '-'.
|
||||
+ * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
|
||||
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
|
||||
- /* we've got query string that has no = - apache CGI will pass it to command line */
|
||||
unsigned char *p;
|
||||
decoded_query_string = strdup(query_string);
|
||||
php_url_decode(decoded_query_string, strlen(decoded_query_string));
|
||||
@@ -1809,6 +1814,22 @@ int main(int argc, char *argv[])
|
||||
if(*p == '-') {
|
||||
skip_getopt = 1;
|
||||
}
|
||||
+
|
||||
+ /* On Windows we have to take into account the "best fit" mapping behaviour. */
|
||||
+#ifdef PHP_WIN32
|
||||
+ if (*p >= 0x80) {
|
||||
+ wchar_t wide_buf[1];
|
||||
+ wide_buf[0] = *p;
|
||||
+ char char_buf[4];
|
||||
+ size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
|
||||
+ size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
|
||||
+ if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
|
||||
+ || char_buf[0] == '-') {
|
||||
+ skip_getopt = 1;
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
free(decoded_query_string);
|
||||
}
|
||||
|
||||
diff --git a/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..fd2fcdfbf89
|
||||
--- /dev/null
|
||||
+++ b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
|
||||
@@ -0,0 +1,38 @@
|
||||
+--TEST--
|
||||
+GHSA-3qgc-jrrr-25jv
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+include 'skipif.inc';
|
||||
+if (PHP_OS_FAMILY !== "Windows") die("skip Only for Windows");
|
||||
+
|
||||
+$codepage = trim(shell_exec("powershell Get-ItemPropertyValue HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage ACP"));
|
||||
+if ($codepage !== '932' && $codepage !== '936' && $codepage !== '950') die("skip Wrong codepage");
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+include 'include.inc';
|
||||
+
|
||||
+$filename = __DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php";
|
||||
+$script = '<?php echo "hello "; echo "world"; ?>';
|
||||
+file_put_contents($filename, $script);
|
||||
+
|
||||
+$php = get_cgi_path();
|
||||
+reset_env_vars();
|
||||
+
|
||||
+putenv("SERVER_NAME=Test");
|
||||
+putenv("SCRIPT_FILENAME=$filename");
|
||||
+putenv("QUERY_STRING=%ads");
|
||||
+putenv("REDIRECT_STATUS=1");
|
||||
+
|
||||
+passthru("$php -s");
|
||||
+
|
||||
+?>
|
||||
+--CLEAN--
|
||||
+<?php
|
||||
+@unlink(__DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php");
|
||||
+?>
|
||||
+--EXPECTF--
|
||||
+X-Powered-By: PHP/%s
|
||||
+Content-type: %s
|
||||
+
|
||||
+hello world
|
||||
--
|
||||
2.46.1
|
||||
|
||||
From dc40d2d7960dd35f0178ff52c1f8590b7b1a08b2 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Ehrhardt <github@ehrhardt.nl>
|
||||
Date: Sun, 9 Jun 2024 20:10:36 +0200
|
||||
Subject: [PATCH 2/8] NEWS: Add backports from 8.1.29
|
||||
|
||||
---
|
||||
NEWS | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 7a9b6bdae18..79133f558af 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -3,10 +3,18 @@ PHP NEWS
|
||||
|
||||
Backported from 8.1.29
|
||||
|
||||
+- CGI:
|
||||
+ . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
|
||||
+ in PHP-CGI). (CVE-2024-4577) (nielsdos)
|
||||
+
|
||||
- Filter:
|
||||
. Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
|
||||
(CVE-2024-5458) (nielsdos)
|
||||
|
||||
+- Standard:
|
||||
+ . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
|
||||
+ (CVE-2024-5585) (nielsdos)
|
||||
+
|
||||
Backported from 8.1.28
|
||||
|
||||
- Standard:
|
||||
--
|
||||
2.46.1
|
||||
|
||||
From 2d2552e092b6ff32cd823692d512f126ee629842 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Fri, 14 Jun 2024 19:49:22 +0200
|
||||
Subject: [PATCH 4/8] Fix GHSA-p99j-rfp4-xqvq
|
||||
|
||||
It's no use trying to work around whatever the operating system and Apache
|
||||
do because we'll be fighting that until eternity.
|
||||
Change the skip_getopt condition such that when we're running in
|
||||
CGI or FastCGI mode we always skip the argument parsing.
|
||||
This is a BC break, but this seems to be the only way to get rid of this
|
||||
class of issues.
|
||||
|
||||
(cherry picked from commit abcfd980bfa03298792fd3aba051c78d52f10642)
|
||||
---
|
||||
sapi/cgi/cgi_main.c | 26 ++++++++------------------
|
||||
1 file changed, 8 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
|
||||
index 0d3b54ed8b8..6e148874e4f 100644
|
||||
--- a/sapi/cgi/cgi_main.c
|
||||
+++ b/sapi/cgi/cgi_main.c
|
||||
@@ -1748,7 +1748,6 @@ int main(int argc, char *argv[])
|
||||
int status = 0;
|
||||
#endif
|
||||
char *query_string;
|
||||
- char *decoded_query_string;
|
||||
int skip_getopt = 0;
|
||||
|
||||
#if defined(SIGPIPE) && defined(SIG_IGN)
|
||||
@@ -1803,10 +1802,15 @@ int main(int argc, char *argv[])
|
||||
* the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
|
||||
* but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
|
||||
* Therefore, this code only prevents passing arguments if the query string starts with a '-'.
|
||||
- * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
|
||||
+ * Similarly, scripts spawned in subprocesses on Windows may have the same issue.
|
||||
+ * However, Windows has lots of conversion rules and command line parsing rules that
|
||||
+ * are too difficult and dangerous to reliably emulate. */
|
||||
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
|
||||
+#ifdef PHP_WIN32
|
||||
+ skip_getopt = cgi || fastcgi;
|
||||
+#else
|
||||
unsigned char *p;
|
||||
- decoded_query_string = strdup(query_string);
|
||||
+ char *decoded_query_string = strdup(query_string);
|
||||
php_url_decode(decoded_query_string, strlen(decoded_query_string));
|
||||
for (p = (unsigned char *)decoded_query_string; *p && *p <= ' '; p++) {
|
||||
/* skip all leading spaces */
|
||||
@@ -1815,22 +1819,8 @@ int main(int argc, char *argv[])
|
||||
skip_getopt = 1;
|
||||
}
|
||||
|
||||
- /* On Windows we have to take into account the "best fit" mapping behaviour. */
|
||||
-#ifdef PHP_WIN32
|
||||
- if (*p >= 0x80) {
|
||||
- wchar_t wide_buf[1];
|
||||
- wide_buf[0] = *p;
|
||||
- char char_buf[4];
|
||||
- size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
|
||||
- size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
|
||||
- if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
|
||||
- || char_buf[0] == '-') {
|
||||
- skip_getopt = 1;
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
free(decoded_query_string);
|
||||
+#endif
|
||||
}
|
||||
|
||||
while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
|
||||
--
|
||||
2.46.1
|
||||
|
56
SOURCES/php-cve-2024-8927.patch
Normal file
56
SOURCES/php-cve-2024-8927.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From 8aa748ee0657cdee8d883ba50d04b68bc450f686 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Tue, 18 Jun 2024 21:28:26 +0200
|
||||
Subject: [PATCH 5/8] Fix GHSA-94p6-54jq-9mwp
|
||||
|
||||
Apache only generates REDIRECT_STATUS, so explicitly check for that
|
||||
if the server name is Apache, don't allow other variable names.
|
||||
Furthermore, redirect.so and Netscape no longer exist, so
|
||||
remove those entries as we can't check their server name anymore.
|
||||
|
||||
We now also check for the configuration override *first* such that it
|
||||
always take precedence. This would allow for a mitigation path if
|
||||
something like this happens in the future.
|
||||
|
||||
(cherry picked from commit 48808d98f4fc2a05193cdcc1aedd6c66816450f1)
|
||||
---
|
||||
sapi/cgi/cgi_main.c | 23 +++++++++++------------
|
||||
1 file changed, 11 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
|
||||
index 6e148874e4f..5879d0e0f93 100644
|
||||
--- a/sapi/cgi/cgi_main.c
|
||||
+++ b/sapi/cgi/cgi_main.c
|
||||
@@ -1910,18 +1910,17 @@ int main(int argc, char *argv[])
|
||||
|
||||
/* check force_cgi after startup, so we have proper output */
|
||||
if (cgi && CGIG(force_redirect)) {
|
||||
- /* Apache will generate REDIRECT_STATUS,
|
||||
- * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS.
|
||||
- * redirect.so and installation instructions available from
|
||||
- * http://www.koehntopp.de/php.
|
||||
- * -- kk@netuse.de
|
||||
- */
|
||||
- if (!getenv("REDIRECT_STATUS") &&
|
||||
- !getenv ("HTTP_REDIRECT_STATUS") &&
|
||||
- /* this is to allow a different env var to be configured
|
||||
- * in case some server does something different than above */
|
||||
- (!CGIG(redirect_status_env) || !getenv(CGIG(redirect_status_env)))
|
||||
- ) {
|
||||
+ /* This is to allow a different environment variable to be configured
|
||||
+ * in case the we cannot auto-detect which environment variable to use.
|
||||
+ * Checking this first to allow user overrides in case the environment
|
||||
+ * variable can be set by an untrusted party. */
|
||||
+ const char *redirect_status_env = CGIG(redirect_status_env);
|
||||
+ if (!redirect_status_env) {
|
||||
+ /* Apache will generate REDIRECT_STATUS. */
|
||||
+ redirect_status_env = "REDIRECT_STATUS";
|
||||
+ }
|
||||
+
|
||||
+ if (!getenv(redirect_status_env)) {
|
||||
zend_try {
|
||||
SG(sapi_headers).http_response_code = 400;
|
||||
PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
|
||||
--
|
||||
2.46.1
|
||||
|
2301
SOURCES/php-cve-2024-8929.patch
Normal file
2301
SOURCES/php-cve-2024-8929.patch
Normal file
File diff suppressed because it is too large
Load Diff
130
SOURCES/php-cve-2024-8932.patch
Normal file
130
SOURCES/php-cve-2024-8932.patch
Normal file
@ -0,0 +1,130 @@
|
||||
From 9f367d847989b339c33369737daf573e30bab5f1 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Thu, 26 Sep 2024 22:22:27 +0200
|
||||
Subject: [PATCH 4/8] Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape
|
||||
|
||||
(cherry picked from commit f9ecf90070a11dad09ca7671a712f81cc2a7d52f)
|
||||
---
|
||||
ext/ldap/ldap.c | 20 ++++++++++++++--
|
||||
ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt | 28 ++++++++++++++++++++++
|
||||
ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt | 29 +++++++++++++++++++++++
|
||||
3 files changed, 75 insertions(+), 2 deletions(-)
|
||||
create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
|
||||
create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
|
||||
|
||||
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
|
||||
index c4dfe0c5b07..6661310d055 100644
|
||||
--- a/ext/ldap/ldap.c
|
||||
+++ b/ext/ldap/ldap.c
|
||||
@@ -3760,13 +3760,23 @@ static zend_string* php_ldap_do_escape(const zend_bool *map, const char *value,
|
||||
zend_string *ret;
|
||||
|
||||
for (i = 0; i < valuelen; i++) {
|
||||
- len += (map[(unsigned char) value[i]]) ? 3 : 1;
|
||||
+ size_t addend = (map[(unsigned char) value[i]]) ? 3 : 1;
|
||||
+ if (len > ZSTR_MAX_LEN - addend) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ len += addend;
|
||||
}
|
||||
/* Per RFC 4514, a leading and trailing space must be escaped */
|
||||
if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
|
||||
+ if (len > ZSTR_MAX_LEN - 2) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
len += 2;
|
||||
}
|
||||
if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
|
||||
+ if (len > ZSTR_MAX_LEN - 2) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
len += 2;
|
||||
}
|
||||
|
||||
@@ -3833,7 +3843,13 @@ PHP_FUNCTION(ldap_escape)
|
||||
php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
|
||||
}
|
||||
|
||||
- RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
|
||||
+ zend_string *result = php_ldap_do_escape(map, value, valuelen, flags);
|
||||
+ if (UNEXPECTED(!result)) {
|
||||
+ zend_argument_value_error(1, "is too long");
|
||||
+ RETURN_THROWS();
|
||||
+ }
|
||||
+
|
||||
+ RETURN_NEW_STR(result);
|
||||
}
|
||||
|
||||
#ifdef STR_TRANSLATION
|
||||
diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..8e2c4fb160d
|
||||
--- /dev/null
|
||||
+++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
|
||||
@@ -0,0 +1,28 @@
|
||||
+--TEST--
|
||||
+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
|
||||
+--EXTENSIONS--
|
||||
+ldap
|
||||
+--INI--
|
||||
+memory_limit=-1
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
|
||||
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+try {
|
||||
+ ldap_escape(' '.str_repeat("#", 1431655758), "", LDAP_ESCAPE_DN);
|
||||
+} catch (ValueError $e) {
|
||||
+ echo $e->getMessage(), "\n";
|
||||
+}
|
||||
+
|
||||
+try {
|
||||
+ ldap_escape(str_repeat("#", 1431655758).' ', "", LDAP_ESCAPE_DN);
|
||||
+} catch (ValueError $e) {
|
||||
+ echo $e->getMessage(), "\n";
|
||||
+}
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+ldap_escape(): Argument #1 ($value) is too long
|
||||
+ldap_escape(): Argument #1 ($value) is too long
|
||||
diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..a69597084be
|
||||
--- /dev/null
|
||||
+++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
|
||||
@@ -0,0 +1,29 @@
|
||||
+--TEST--
|
||||
+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
|
||||
+--EXTENSIONS--
|
||||
+ldap
|
||||
+--INI--
|
||||
+memory_limit=-1
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
|
||||
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+try {
|
||||
+ ldap_escape(str_repeat("*", 1431655759), "", LDAP_ESCAPE_FILTER);
|
||||
+} catch (ValueError $e) {
|
||||
+ echo $e->getMessage(), "\n";
|
||||
+}
|
||||
+
|
||||
+// would allocate a string of length 2
|
||||
+try {
|
||||
+ ldap_escape(str_repeat("*", 1431655766), "", LDAP_ESCAPE_FILTER);
|
||||
+} catch (ValueError $e) {
|
||||
+ echo $e->getMessage(), "\n";
|
||||
+}
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+ldap_escape(): Argument #1 ($value) is too long
|
||||
+ldap_escape(): Argument #1 ($value) is too long
|
||||
--
|
||||
2.47.0
|
||||
|
177
SOURCES/php-cve-2024-9026.patch
Normal file
177
SOURCES/php-cve-2024-9026.patch
Normal file
@ -0,0 +1,177 @@
|
||||
From 22f4d3504d7613ce78bb96aa53cbfe7d672fa036 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Zelenka <bukka@php.net>
|
||||
Date: Thu, 12 Sep 2024 13:11:11 +0100
|
||||
Subject: [PATCH 6/8] Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be
|
||||
altered
|
||||
|
||||
(cherry picked from commit 1f8e16172c7961045c2b0f34ba7613e3f21cdee8)
|
||||
---
|
||||
sapi/fpm/fpm/fpm_stdio.c | 2 +-
|
||||
.../log-bwp-msg-flush-split-sep-pos-end.phpt | 47 +++++++++++++++++++
|
||||
...log-bwp-msg-flush-split-sep-pos-start.phpt | 47 +++++++++++++++++++
|
||||
3 files changed, 95 insertions(+), 1 deletion(-)
|
||||
create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
|
||||
create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
|
||||
|
||||
diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c
|
||||
index d75f9158cda..7983d6217b2 100644
|
||||
--- a/sapi/fpm/fpm/fpm_stdio.c
|
||||
+++ b/sapi/fpm/fpm/fpm_stdio.c
|
||||
@@ -228,7 +228,7 @@ stdio_read:
|
||||
if ((sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos) <= in_buf &&
|
||||
!memcmp(buf, &FPM_STDIO_CMD_FLUSH[cmd_pos], sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos)) {
|
||||
zlog_stream_finish(log_stream);
|
||||
- start = cmd_pos;
|
||||
+ start = sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos;
|
||||
} else {
|
||||
zlog_stream_str(log_stream, &FPM_STDIO_CMD_FLUSH[0], cmd_pos);
|
||||
}
|
||||
diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..52826320080
|
||||
--- /dev/null
|
||||
+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
|
||||
@@ -0,0 +1,47 @@
|
||||
+--TEST--
|
||||
+FPM: Buffered worker output plain log with msg with flush split position towards separator end
|
||||
+--SKIPIF--
|
||||
+<?php include "skipif.inc"; ?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+
|
||||
+require_once "tester.inc";
|
||||
+
|
||||
+$cfg = <<<EOT
|
||||
+[global]
|
||||
+error_log = {{FILE:LOG}}
|
||||
+[unconfined]
|
||||
+listen = {{ADDR}}
|
||||
+pm = dynamic
|
||||
+pm.max_children = 5
|
||||
+pm.start_servers = 1
|
||||
+pm.min_spare_servers = 1
|
||||
+pm.max_spare_servers = 3
|
||||
+catch_workers_output = yes
|
||||
+decorate_workers_output = no
|
||||
+EOT;
|
||||
+
|
||||
+$code = <<<EOT
|
||||
+<?php
|
||||
+file_put_contents('php://stderr', str_repeat('a', 1013) . "Quarkslab\0fscf\0Quarkslab");
|
||||
+EOT;
|
||||
+
|
||||
+$tester = new FPM\Tester($cfg, $code);
|
||||
+$tester->start();
|
||||
+$tester->expectLogStartNotices();
|
||||
+$tester->request()->expectEmptyBody();
|
||||
+$tester->expectLogLine(str_repeat('a', 1013) . "Quarkslab", decorated: false);
|
||||
+$tester->expectLogLine("Quarkslab", decorated: false);
|
||||
+$tester->terminate();
|
||||
+$tester->expectLogTerminatingNotices();
|
||||
+$tester->close();
|
||||
+
|
||||
+?>
|
||||
+Done
|
||||
+--EXPECT--
|
||||
+Done
|
||||
+--CLEAN--
|
||||
+<?php
|
||||
+require_once "tester.inc";
|
||||
+FPM\Tester::clean();
|
||||
+?>
|
||||
diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..34905938553
|
||||
--- /dev/null
|
||||
+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
|
||||
@@ -0,0 +1,47 @@
|
||||
+--TEST--
|
||||
+FPM: Buffered worker output plain log with msg with flush split position towards separator start
|
||||
+--SKIPIF--
|
||||
+<?php include "skipif.inc"; ?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+
|
||||
+require_once "tester.inc";
|
||||
+
|
||||
+$cfg = <<<EOT
|
||||
+[global]
|
||||
+error_log = {{FILE:LOG}}
|
||||
+[unconfined]
|
||||
+listen = {{ADDR}}
|
||||
+pm = dynamic
|
||||
+pm.max_children = 5
|
||||
+pm.start_servers = 1
|
||||
+pm.min_spare_servers = 1
|
||||
+pm.max_spare_servers = 3
|
||||
+catch_workers_output = yes
|
||||
+decorate_workers_output = no
|
||||
+EOT;
|
||||
+
|
||||
+$code = <<<EOT
|
||||
+<?php
|
||||
+file_put_contents('php://stderr', str_repeat('a', 1009) . "Quarkslab\0fscf\0Quarkslab");
|
||||
+EOT;
|
||||
+
|
||||
+$tester = new FPM\Tester($cfg, $code);
|
||||
+$tester->start();
|
||||
+$tester->expectLogStartNotices();
|
||||
+$tester->request()->expectEmptyBody();
|
||||
+$tester->expectLogLine(str_repeat('a', 1009) . "Quarkslab", decorated: false);
|
||||
+$tester->expectLogLine("Quarkslab", decorated: false);
|
||||
+$tester->terminate();
|
||||
+$tester->expectLogTerminatingNotices();
|
||||
+$tester->close();
|
||||
+
|
||||
+?>
|
||||
+Done
|
||||
+--EXPECT--
|
||||
+Done
|
||||
+--CLEAN--
|
||||
+<?php
|
||||
+require_once "tester.inc";
|
||||
+FPM\Tester::clean();
|
||||
+?>
|
||||
--
|
||||
2.46.1
|
||||
|
||||
From af3fb385e7b328ab89db26ec712d89c7096f0743 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Thu, 26 Sep 2024 11:50:54 +0200
|
||||
Subject: [PATCH 8/8] NEWS for 8.1.30 backports
|
||||
|
||||
---
|
||||
NEWS | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index 79133f558af..bad0a719aae 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -1,6 +1,23 @@
|
||||
PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
|
||||
+Backported from 8.1.30
|
||||
+
|
||||
+- CGI:
|
||||
+ . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
|
||||
+ Vulnerability). (CVE-2024-8926) (nielsdos)
|
||||
+ . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
|
||||
+ bypassable due to the environment variable collision). (CVE-2024-8927)
|
||||
+ (nielsdos)
|
||||
+
|
||||
+- FPM:
|
||||
+ . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
|
||||
+ (CVE-2024-9026) (Jakub Zelenka)
|
||||
+
|
||||
+- SAPI:
|
||||
+ . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
|
||||
+ (CVE-2024-8925) (Arnaud)
|
||||
+
|
||||
Backported from 8.1.29
|
||||
|
||||
- CGI:
|
||||
--
|
||||
2.46.1
|
||||
|
133
SOURCES/php-ghsa-4w77-75f9-2c8w.patch
Normal file
133
SOURCES/php-ghsa-4w77-75f9-2c8w.patch
Normal file
@ -0,0 +1,133 @@
|
||||
From 462092a48aa0dbad24d9fa8a4a9d418faa14d309 Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Sat, 9 Nov 2024 15:29:52 +0100
|
||||
Subject: [PATCH 6/8] Fix GHSA-4w77-75f9-2c8w
|
||||
|
||||
(cherry picked from commit 7dd336ae838bbf2c62dc47e3c900d657d3534c02)
|
||||
---
|
||||
sapi/cli/php_cli_server.c | 6 +---
|
||||
sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt | 41 +++++++++++++++++++++++++
|
||||
2 files changed, 42 insertions(+), 5 deletions(-)
|
||||
create mode 100644 sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
|
||||
|
||||
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
|
||||
index 295448f1211..5104318a634 100644
|
||||
--- a/sapi/cli/php_cli_server.c
|
||||
+++ b/sapi/cli/php_cli_server.c
|
||||
@@ -1863,8 +1863,6 @@ static size_t php_cli_server_client_send_through(php_cli_server_client *client,
|
||||
|
||||
static void php_cli_server_client_populate_request_info(const php_cli_server_client *client, sapi_request_info *request_info) /* {{{ */
|
||||
{
|
||||
- char *val;
|
||||
-
|
||||
request_info->request_method = php_http_method_str(client->request.request_method);
|
||||
request_info->proto_num = client->request.protocol_version;
|
||||
request_info->request_uri = client->request.request_uri;
|
||||
@@ -1872,9 +1870,7 @@ static void php_cli_server_client_populate_request_info(const php_cli_server_cli
|
||||
request_info->query_string = client->request.query_string;
|
||||
request_info->content_length = client->request.content_len;
|
||||
request_info->auth_user = request_info->auth_password = request_info->auth_digest = NULL;
|
||||
- if (NULL != (val = zend_hash_str_find_ptr(&client->request.headers, "content-type", sizeof("content-type")-1))) {
|
||||
- request_info->content_type = val;
|
||||
- }
|
||||
+ request_info->content_type = zend_hash_str_find_ptr(&client->request.headers, "content-type", sizeof("content-type")-1);
|
||||
} /* }}} */
|
||||
|
||||
static void destroy_request_info(sapi_request_info *request_info) /* {{{ */
|
||||
diff --git a/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt b/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
|
||||
new file mode 100644
|
||||
index 00000000000..2c8aeff12d5
|
||||
--- /dev/null
|
||||
+++ b/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
|
||||
@@ -0,0 +1,41 @@
|
||||
+--TEST--
|
||||
+GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface)
|
||||
+--INI--
|
||||
+allow_url_fopen=1
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+include "skipif.inc";
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+include "php_cli_server.inc";
|
||||
+
|
||||
+$serverCode = <<<'CODE'
|
||||
+var_dump(file_get_contents('php://input'));
|
||||
+CODE;
|
||||
+
|
||||
+php_cli_server_start($serverCode, null, []);
|
||||
+
|
||||
+$options = [
|
||||
+ "http" => [
|
||||
+ "method" => "POST",
|
||||
+ "header" => "Content-Type: application/x-www-form-urlencoded",
|
||||
+ "content" => "AAAAA",
|
||||
+ ],
|
||||
+];
|
||||
+$context = stream_context_create($options);
|
||||
+
|
||||
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", context: $context);
|
||||
+
|
||||
+$options = [
|
||||
+ "http" => [
|
||||
+ "method" => "POST",
|
||||
+ ],
|
||||
+];
|
||||
+$context = stream_context_create($options);
|
||||
+
|
||||
+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", context: $context);
|
||||
+?>
|
||||
+--EXPECT--
|
||||
+string(5) "AAAAA"
|
||||
+string(0) ""
|
||||
--
|
||||
2.47.0
|
||||
|
||||
From 22bdb43da0ecd6e72d63b63aa6c1f3a25d1bca3a Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <remi@remirepo.net>
|
||||
Date: Fri, 22 Nov 2024 08:58:10 +0100
|
||||
Subject: [PATCH 7/8] NEWS for 8.1.31 backports
|
||||
|
||||
---
|
||||
NEWS | 24 ++++++++++++++++++++++++
|
||||
1 file changed, 24 insertions(+)
|
||||
|
||||
diff --git a/NEWS b/NEWS
|
||||
index bad0a719aae..0f82a65a44b 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -1,6 +1,30 @@
|
||||
PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
|
||||
+Backported from 8.1.31
|
||||
+
|
||||
+- CLI:
|
||||
+ . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
|
||||
+ Processing in CLI SAPI Interface). (nielsdos)
|
||||
+
|
||||
+- LDAP:
|
||||
+ . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
|
||||
+ (nielsdos)
|
||||
+
|
||||
+- PDO DBLIB:
|
||||
+ . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
|
||||
+ OOB writes). (CVE-2024-11236) (nielsdos)
|
||||
+
|
||||
+- PDO Firebird:
|
||||
+ . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
|
||||
+ causing OOB writes). (CVE-2024-11236) (nielsdos)
|
||||
+
|
||||
+- Streams:
|
||||
+ . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
|
||||
+ might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
|
||||
+ . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
|
||||
+ convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)
|
||||
+
|
||||
Backported from 8.1.30
|
||||
|
||||
- CGI:
|
||||
--
|
||||
2.47.0
|
||||
|
597
SOURCES/php-keyring.gpg
Normal file
597
SOURCES/php-keyring.gpg
Normal file
@ -0,0 +1,597 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFjxRtoBEADkS6+Q7afwYDPFnqJXuyF2ZIvXysDBrpr/xbre4jVeiC/HIELa
|
||||
QedOJqO1V+BgnTRkfhor+Yq3mZ1un+6zJIiFcm5Kp7sPZjh15JF96PsA4e2Eh5eC
|
||||
eJzjXHj1nAKXfn5+CgpYEyL30r1/ACkmo9TKIiUxIDZRkZvxjY4UKeo+EoJo0Viu
|
||||
tV8mvSTgxaz9gzPhZ5OJR8zECT8j3T8d+tBD8wWxxmGZ0veOu/MBew1C/BDr8RqT
|
||||
CXDywUbyNuSsdb3a5aLuIuLekSJVSCcFwPIje1WrX4FyC42+elOp0SXpjWzdb08N
|
||||
XX4DEY8zVyVXI1ScSpTbslffcFkY60NJhjpP7t856L9vTLRfHIM9BIdSYH/ar5mE
|
||||
Q0vyJbiNfkx5tIMnEmnIYbmnjjmcPZDKZ4PyQEUEWF3DqNOOAWhk9HUMFEkANkd1
|
||||
vEcNNQxgD2eOJM6egfUv9KtuAEcRX2iDu3gIyE+55x92VVoEJDu5M+Q6PYGUIMh7
|
||||
nz2gS3lnlpG2vquQpqDS9UogsZ8L4NsukdP2ixRFnD9qaTOemqRYwIptOX6wvrtR
|
||||
7PmWOnnRZ5OcpK5/qyK9iCLY7bbHDViBoV0uLEHNPTDHjrALJrqS+dH1glYid/82
|
||||
OvKE3KREjRpMOW83nNfQcqkMi9fhH8WUkz6OD6JemvB/s/CwBS2w3+9LAQARAQAB
|
||||
tB5TYXJhIEdvbGVtb24gPHBvbGxpdGFAcGhwLm5ldD6JAj4EEwECACgCGwMGCwkI
|
||||
BwMCBhUIAgkKCwQWAgMBAh4BAheABQJY/TOeBQkNNFUtAAoJENvbOXRw0SFy1xYP
|
||||
/jQeNv4WUPK3M0Hl3EvEnOeODxePysU0khvgnw/mRtQu7BOwRdbB0HWv8Kx0HXL7
|
||||
XI4l2myHRZbd9PrBlG4YFYjZqWmqQ9WGlLBxDpSJNeROpTgKjhxA2hOl1xH2Et5k
|
||||
bRcZzpJJ9zuD3rqkq80S3u/UAB/QzYfJWKnQBTXi/3psZNAVTRp3/4sEn1kCfEnl
|
||||
NUYPih/NqdXE0frlKeITOAmatD2cjYcJlc/ETLil8Sq1nIgiE/++KZalbcXcRSHV
|
||||
ZSd/L+fNlMDIh6k9pjcE562oiyyMHKed/pAX7o1BqlKqSwxjQoNskpICVFkyMv+P
|
||||
7cIPyOxJa8kaGyyHND+8i1GzvwcPhLYeOWDwmiXBs4Ea8Z7KWxhi19zlxMrEfAcf
|
||||
FIomcRoxfzcnSY3FVJYIoEySK/IBiivqeunyeDA2JG1vLSZIV5hNicUihp4hnhX4
|
||||
Z1gElN+C68P49SZseFzxvzwMq5RIUbWVwIh2+Wj51/UrULgoM4qNkgejDLYFyTxb
|
||||
LfXq+Tk91UXdpepBHvE9KFVqh4MbIlyx9TAzOizqLdZlnPRwLb3rWBLsv7XbCTeY
|
||||
tp4jVU8Q35hnvGFy+GsSROJv04mJW+whyz+zxOEMPiVbVA5um3ZbSj5oou87M9Li
|
||||
JtrUOqNfyyqddLC8L5LgwwlYKqP+W6Q4LMf/Whoj3FFCuQINBFjxRtoBEACk8wfJ
|
||||
qP03Hz6PX8br3jEUllSngdD/28K2C4RVOOr71u4FJRcEMR98SbPnCNIUt4KdedO1
|
||||
DJpYac1XvIaVBbLxEcBjRMWNhBgZbxoQzPjFTWHQ/UwHZPiiwQkL55fN1ejBEacD
|
||||
V8B1JwqjcBbii6zItLUV/gxGH7Jce/f7KBM7vWlaP+xHpmd+iPK1swK5wNQzDL83
|
||||
b7NPyj58fqlmh54Fr+jcpuUjynaYfjtJsgwc4CScdai7FclctLMg8Y8DW7/bkqf1
|
||||
BQy9Dik82IWSN4wgVM1eWSGx+PzPlshGH/C8B53U353NcRhjFp3zX31wQhsJrA7J
|
||||
p+10S3HbXGrr3aVGMMq3dqSBGp38iKJUmJ3zyVvby5Mk4+8FFmMk3gVuQE52pW4E
|
||||
OlSVQNQC8yzYsgaG/4N0M8DRpbfPhT5wiD/Qcb7MUXTE96dzs/KcyPJju/aq4cJ6
|
||||
DgpbJmM6OZwnx5HYwa58RgOwAVBbsxYOa6oS+Fj02eaiUETwfPHtqF9juCcM5D0m
|
||||
cLZRT1I4zK60qPb6ZDzuFguXg8hm/djjh2YlDFCNKqCZHktCISTWX5u1cyF5j+UL
|
||||
3fsKcAAcyiHZV9UH8tr6v0i0P19Uje2ZHk9utJggYSSM0uyqGhmiyd8su2FqitBl
|
||||
tvTo00Kc8sv4AcDmCng8SVO0og1wiJZdiHJI7QARAQABiQIfBBgBAgAJBQJY8Uba
|
||||
AhsMAAoJENvbOXRw0SFydu4QALeYG2PPMEOQtMV6jOVT51U0Yo0yl94RJoQCOCCT
|
||||
/JkUyIDczHmtcVABrpitX3tFl4vacJM3uKWKbzbM7qO2+Hd0u6rxO+o8WUGRMZp5
|
||||
IgcbagDOHs0vorVN2Yo0Tl8RoqW91MCvlRFA+8snmKjWfTYj8jxbhIUEtVrIU+5L
|
||||
DEgDP+T6PvpaVeXfLYItieCsZgib3qPz5mM49jDH84XG5F19kx0QtVGJs7n8FrcA
|
||||
GcQl/iMrm7dRrRuh9394ongIum0uld287Zlg9q12iJiir3w04Npy43G12RXq9TD9
|
||||
aRfbMhQ+HB5Dnvf42mfCfGvalSE0rg9mh1KeaiQUXxCzCf1D6a3H50rh1IDn363W
|
||||
n41/Hr0j4ntVjvEJxs9nUb8qod2HMOPLOFqwxck7ueGaeDN/GZ5zjPdIppYwE3Lb
|
||||
CM1ZFLkV+QhFef4zXwml1/AnGGFULgGYorwGCchizhU1wbZVcoUF74MtprnAsuPd
|
||||
Fxlw+4yCcFEeYVpMDQg/ZfZ28T1GruGHqLJqIVpOum48Ec+fjnHAZAH9dOs/qhBu
|
||||
CLE+5xUoVyP2lwt0MaHs5SLmxRKhcV6IWRJKTlZ9YdDXbVv5LisL/qDOTjRj7vOg
|
||||
CPRhklyA0JjFeyTDpSeAWXFZnab0nYBPWkxtdxxRruEeQPAYP1vl0O6ABMxRAI6o
|
||||
6zIImQINBFklYukBEAC9tCSjnoNs3ucOA9RPfKcuK87JD9jdet2UUsw4DHd/Hwmr
|
||||
t3T7WKoH1GwRp+ue5+vzXqdFRZ4gG+7tgvUsOtNb5rh22bTBsUIeGsvm/omJntXC
|
||||
FQhYcfjtk04p3qtgJ5PGjZahCRYg4aQ2tGp2Mb8auFuFPsHtOHLWQCL7vQShsN9m
|
||||
EkEzAQZnn9QYL+IvTQVSKsRy8XcHYZVk2uT2xQY2LvkAucWF0TrjU2LJ2IFdepc0
|
||||
+jz1xasBR0afT9YccHpQH5w8yOW+9o/n7BiMHfgT0sBMdKCfKVoQrQe0CsFnqc/+
|
||||
V4NsnHkyUrbfKiIFm+NOupIMpL6/A+Iky5YpjIIUHPuVL6VAY6wm463WI8FPk+Nt
|
||||
Gekm9jqISxirkYWsIEoZtCrycC8N0iUbGq8eLYdC9ewU5dagCdLGwnDvYjOvzH15
|
||||
6LTiE/Svrq2q0kBDAa7CTGRlT+2sgD89ol73QtAVUJst99lVHMmIL1cV4HUpvOlT
|
||||
JHRdsN6VhlPrw6ue+2vmYsF86bYni6vMH6KJnmiWa1wijYO0wiSphtTXAa0HE/HT
|
||||
V+hSb9bCRbyipwdqkEeaj8sKcx9+XyNxVOlUfo8pQZnLRTd61Fvj+sSTSEbo95a5
|
||||
gi0WDnyNtiafKEvLxal7VyatbAcCEcLDYAVHffNLg4fm4H35HN0YQpUt+SuVwQAR
|
||||
AQABtBpSZW1pIENvbGxldCA8cmVtaUBwaHAubmV0PokCPgQTAQIAKAUCWSVi6QIb
|
||||
AwUJDShogAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ3J/40+5a8n9OJQ/9
|
||||
HtuZ4BMPMDFGVPUZ9DP0d74DF/QcT0V101TrdIZ92R4up56Dv40djjQZc2W9BmpP
|
||||
VFr/v6qdjapdPH5vvmatnQDz/nIOfo1iwPWGzvmKnbDBQ4qJX7Jd6PdD/YorcD+0
|
||||
tOQNKLIGE9ZFQnS80iz9iaTGzvQKEQKEMugQSf3kG3NBEGqKQBsTTrBQOUJ3g8w6
|
||||
id2/qJtrDRbL9TuCU77Dpx9HUAnjj/Ixlvd4RQDa/BCYzGYJlCyTsaVW3qc7DIh/
|
||||
pRadqtswghSETtl6SSo9yHtoYOGTxXO6UikLEE8miOlaOPQrC9hCD+LSGc5QhNLB
|
||||
EKes0l79w9kw9qZ9Xfh4pw/hf1N4O3kPHyUg0q9QaX1XKtigjTUcpdf2Kq8LtlB6
|
||||
0p40eZE2dV3T11X+rcn33pFSXMeTJeaNKHXoeGcva/gyZVtvi8iJhqtw9QOUkxRD
|
||||
vGB+FEUId3Z1yAu7ZAz6qiUCgxK/VJ6/kBb+YYR8K4FHLmNOd5KoiTerKQu423uu
|
||||
MYlYfBHpVZ9YuEJQnTEpizFEeOgaixx5RDLnoPsd/x59VS9eaaKotTPbW/rEp7Sv
|
||||
bKj0dR5WMfGyd/OJrcWVZy8/Kh5Mc/4KOHD+JGAp0bE113TkEEoTZ8gNHFdLdv52
|
||||
V9eXUkeT5IxyThZBkUy6palDM8A5vaf6Eet8xOLy9XG5Ag0EWSVi6QEQAKujAODv
|
||||
sdbt5n1dO29Nj5htbmt6M2A7eOjt7yUj4UMtBaGOA08O0DVA8MJkvepMq9AJBXHZ
|
||||
Mi9Dycw3rxBHQDqHJJMwghu3RoQw1y5Wym7LiLhoWSU/wK0BrKOULBwh+kS6udKA
|
||||
4oWrV/gr0JGmfdL8dZjBF10kHCfCcjcjWtmIp2GRaoOKTlHCviNmRxzyqba7zE0Z
|
||||
c2maQ/4w98BI83GqD1bT8gF/5qwSI1hecBwt9oS7EbZ1ZiE8SSE8Gr6OR3p5UNHb
|
||||
zqxUWy8W4r3qulCLc6g1LPXP1V59cMxX9jQJ7lSdv0k8C6Lb6t9Wm8G63hNYgRCA
|
||||
mNW5EnqieTrx45K9vqoqfQK6Apfy0UoOquiuK7QClT3wBd7kmyKsCfV0bwRA/fV/
|
||||
sC1Rniu8PV7CRk9ryudUXycKq33pSkrOfZjFIQhCqdJkVc2MPbAuj2pOMutKwGKR
|
||||
q/Mt3O8nEfGqWaJPa36C6dhlPqjEGTIEk5P493DzM7fj5VVIWyUrI8Vm9FslSvzI
|
||||
LcONHMtKtRs2cRYA085NKDXGN7i5Am7L7ZONfqVs3V493ICwmALzeSULNLiMtX+E
|
||||
SQfdWCS3Hosnjbc6INDg9BRhFt5MEWJ/qchM3g4NQuukqtOYsiEUw8bCzepwJxXp
|
||||
lvNYu0yQDxvP+0RzjMozruVz3VoHeyf6rSWvABEBAAGJAiUEGAECAA8FAlklYukC
|
||||
GwwFCQ0oaIAACgkQ3J/40+5a8n/8gg//a75gXQ4csiDUTsUndb94EXqraffmMcT5
|
||||
oCzfcP+Mecbuv3G8oQZeLRchsW2i4QecnvPwrXAJcF8kJuN/KZLyeh21PWBy55wo
|
||||
/2nbwOvQockXpK5yVeuc3DmdTaxDnW9u3QpSwbvkEyoCpeHH6rZ1wjqn8Qi1k7nj
|
||||
C4qgXpRrLQdRsS5ULXpf3IM+vaxbQ5avVnNRu5zMA6M/0reL0RSjgMfnk+3AwLCt
|
||||
uMiy1aStCe8V7Y60/oauk+IZA1VJlSz2n3675YD7TkTZKkYIYZHTBw3ZPVJo08jd
|
||||
RUXtGJjpOyyWVjP7GMKvZuQVWqcFyc8QHHaIPDLkdi7B9YFPWqfwJPBfUXcdzjAX
|
||||
I7N4XsSEeMm8S8SC4FKCidioP/A+bamKcONHUuZ+AztvLh24ZTkqzA/sRRYpbMGU
|
||||
QzpcDbastuXG66s3e9pJa0R14011A4bofy6Ureh9q6TQNOkNegUUdjbGSd1bfNId
|
||||
QXRH0+LBV1oaY//v+aBjswy4hJ5oXmQj5jQKFitRCP9jzueyDdMJZ0j0Hhh4ItCz
|
||||
FV5zIKtWiy7pRp1DXq9LjoyWeeLfKu+HrEGjMwyTGJiMjcL7oCHeiV/a+fY92wpU
|
||||
rY1/mRVLqKqDIA6/iEL2DVf21U7rXY26xxvf4QFImZaYLwKQYLe8TOOjDA/I9bR1
|
||||
JJmh54yw10CZAg0EYIdBNgEQALohT1pcSlW4sk0DNfAvur1W3U+TEkevuQnKdSD/
|
||||
chKs50nLYRuiVrsZsR28tnr2j41uwvm+Y6ZPYAPSkQZ8yAT0pYnXbaIR83iGtZOH
|
||||
P6wdxV39Mpf0T3yD4dOmgka1hynqNjEbRhE/t2fXNKf0JrBUmkyyhLYbQlkH+raU
|
||||
gQug9EsyOJxEMER9qZM+Le/JiK5/i+8JxhjPcAQxiKu3l/usGtU6zcVUGjMSqs3Z
|
||||
89Fa8WBOeGxDwwSKrn8MyyfEWrbCCF4Ao8gBeFmIkWgoeyumIAA0SYZkFjaltbTm
|
||||
sFjVmYmmLXIKtKTnzZx0+jYJr42s0Q8n2ymgSKcC0Cmn+iuKslhuMpWJaqaHuZhj
|
||||
K/80BArAYETW6ne1IZWPSsobd/2x4u9iwCkd/SWERA3/KnML6lgOVJfNbFxDxuJ+
|
||||
LFvpe6VoSAHlc4fC6+lMroeg011kzjgWX4H94Bdp5svpWHQ/UQ3/YMGvgUY1vy+V
|
||||
d28bGzuslsnz5o2Zh40h2Dmpti5s2w7Z9TvLD2RMM1N6PrdCXVrQx3bB9nN7x1nL
|
||||
osn+0v/8gfck93SO9PXLQtUgqhhWsh+/TrOiVWmWqLvbN95zWSnDRVHp1P8vKEGX
|
||||
I26aokxEd1mVfilQKnHv2k6ieMc1M26GM48uXNqLSihYG2WgNl80agVFU00m/+Ea
|
||||
9Uz7ABEBAAG0G0JlbiBSYW1zZXkgPHJhbXNleUBwaHAubmV0PokCVAQTAQgAPgIb
|
||||
AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBDm2QTQ9jBBLKxRtw/nDncC5aYVE
|
||||
BQJihlmDBQkInT24AAoJEPnDncC5aYVE9GUP/R/QmyOxYIXhjOJGkF7wsKznajRW
|
||||
u00xRbbTofNroJcjcActcdd4KZjBTQukQLe+ywDq9q0yGs8qdvNVdoREnwkK7sfI
|
||||
c/umJhTmWdboljw07x+NPzn71xLsi8xDT113KlSegPSL6tfkSDqnv4KrHQJb4HYJ
|
||||
ex9whcnzW/KR015biH6DifHQfTRw4XqhecneiNCfdaNMTRb1DP4USrJAFIlIK8zw
|
||||
guJP0iYnKSeInWBAHgroUcrLucUAdBfoQdARHQonlklQ2y1qxh1m4qitH0MeUK6z
|
||||
XoTYAEgVMYJIN26gFaMoBRd19/1WH8p2h2IcecsaCFBPWpI1jbvz9h876cLC6N9h
|
||||
hZPZFfsZ4BBe4Iw53eEhlgBdm5aa6SRobthKI8q89DoKuw5ok/tEK/WY9QFzkTDh
|
||||
iQHdyfubopjVVpakaNYmJMF6SNlu7BfLv5yc/pHr7z5BA64WKUd4AJKWEtN7nu2L
|
||||
Al4jthv23UnJ8x1y0e/ZM1m5r9/leRQz4uFqXEBa8Y0/Ipp8OBnQWNajmOHqO44E
|
||||
4/BOXr09FYm12iC5L2V8TxL6HgU+nLRetgssFIWRr9NXhelITdfKOii6qrbLP6uQ
|
||||
rjFXnLnLqgKB72gSXCYdHLEnwtskkqKXtB4jzYm2OPh0TstfNRdjaS3wepurzSp4
|
||||
UmP42igZx4cGzNp8uQINBGCHQTYBEADY0/Oat2b8EDcNSKPJNdyrQlDQ+N2fyTbq
|
||||
1XPThTe5f3nRT1jepYqfsi/i4/6rza2AMvyxPO7AQSsHYlBYHxccqCH2Q90jCTu7
|
||||
iUJyU65Kx3aZC3U7VE4+jl81W5/b5qqjvZNRxLgDZDnvO7hBFh7b+jj7x1ABsHdw
|
||||
q+zXjmg2mJCBsD4ba5jQaPr+nirvhr/Y744mGpaVWRlg7d/LhL73GRy546DgCVej
|
||||
gd56vMsi2HBy2BKtjxIr2nd2yJn12+A5yenuagOVpye8F5Dy7ULFJ6iYe1/NpoVn
|
||||
yipv3m0hE4C0x1vIw8tiXR85cb0aGuYgjOgEyLCE9INmMQ0ZZd1JqZwK2IyWiy0n
|
||||
DNVJXqkzc3YjYZcrYiBb8dV7kvAf0E+UniIYTYtBU2rOWBM3aTT47Jh6ftss/tQ4
|
||||
e0HLeHZpvpWwJtkPHb1jGD/08icZH4XyVxIlEMhziuAZdBDTr7v7xSmqPrw49afW
|
||||
iXfROV01j94tFdvF48wDOIb3qIBBbsNddqMvHPTShq2wMHlnylVFM/0CJn/yxezB
|
||||
cuQfRVWeHg7lbzSt0HD29fBz7MlxoOSesmJCN+swoSy4nZ1nhWNHEaRh32Vn2H2q
|
||||
4ya0rZFEHk2fS6WWBMTh7cjinmklQVxAhB99d+EYCZ4SHu74Ats4LvAsdJwe5I9b
|
||||
lOIrYecwNwARAQABiQI8BBgBCAAmAhsMFiEEObZBND2MEEsrFG3D+cOdwLlphUQF
|
||||
AmKGWbwFCQidq28ACgkQ+cOdwLlphURJshAAkIdJ2xM7MV8PGs+eN2O0/BYpiCfO
|
||||
Oc42fwAiqYQzr9WT3FtB6oSh6ybaN+RRgIke1WC9HxIvjxXWatJnbs1U3iyjBmyH
|
||||
vMBxOCxsIm7hyyLI/QB7wB7sdRb4ZeObUeyXOoAKWilj3r2vOTuC+K9+W+uW5Hj2
|
||||
H2tnUKOva9F8RjokSkMiCpCVoGT1YWsWwKALcnQBio/GCyzARTCQ2uXHpHyAOdNr
|
||||
ohJBJWD2qT30Fk/jnOGCbw0FVb+eX5854zosi8xPWFUHrUmzQzFwoeq1ysg95Fp5
|
||||
LwCtorI0ilZlCngFL1ij0OA7IkpZWZfCRYrne26JeMmTXSA9CEy8U8Yhh8Z36JPo
|
||||
iff9sE08Dd3vmZAxhijjp0p7H0YpCu5qCG6ACIUKgoqwHV7bjkQ6+Znqs02Qi8wG
|
||||
+gMVOE6gmiw/SpIHE8EJMrtp3AOqC8hWdnqtJ8Mv1aTlfkLn7fXmeWy0Q+uzJXLA
|
||||
qnB3hZINXT5lI1jxjjydU7YlQiPHKGnJ/biBq+EwMcVQ3UirtjK2RvnFIdqcoChl
|
||||
ufsPyEo99VrB6yL+tEbxbSgNOwTNWEuVZ03LVPH+Wr1sjp/Ao/TexcLJuPgvjVkH
|
||||
xqMNnJL2kUnMvYnexp1vmocSL/bqr0Ghg5kqMl+rq/hwl/6JliC5ruBIp41Fg7D0
|
||||
Hwt0DeJiahaJT/6ZAg0EYGWinQEQAMQJ6RQqrrZgYJ6SIfzJPsC3zFd00C/UxLQo
|
||||
aaiAQHEPnEQgjnAPqkvspSE7MpmyAohbUzXVnDO+ycxznIkLz0yYjs/m1qVB6hTM
|
||||
w/PlD10ELoA6m3om/2E1vQQI78U3w3evBgVlGLzBIXWKLX7ZsBSm4xoPmD9mmisM
|
||||
sM0xhqQzVuGm0I81gvKkIlWHPB+TqUWBpvDwmIdCRuGis7810OBKaMmTQ/rdhg1T
|
||||
YZInZPfjeuW+oZ8Lqs4w3cfmyuDbbKQN8b1Qd2d9lJwkudI6KhIyH7uU0F1GeHIg
|
||||
i9hZJZZcnlDiqtcHZ5YYEUHEzD6rPAL0LoUFpS6dP4DFch8R4oBpW8XTjg2BzfwZ
|
||||
RCv1IuIgd6HhEUcuWj5QGMi6huCF/2WVDEoGs/K32Kyh+1Jg4OOOpuLP0/YqvsRO
|
||||
AMbdY80xppR2yMMtpTJPhs5aCykZ8ffHKEsh4VGvi+xFIwuOGElqXoALFPas8N+D
|
||||
5jXnJQR1/2zekei9YiM6jDXps0SIChBL6vG05cua6X5K+71YHHlDoUubb+tjiIHy
|
||||
FYtzEe1PPMiLl6XtAdqllLqUQvy+McHgdqNOIU+FxbWDWjDtZ5hlDdZ+sIlz3esG
|
||||
wl/zQQMdRdTsjcNuElOdl2pMmLlA8CvhJM+IkHVsIHponLtBqN0Ibrw+Sh1kX0sE
|
||||
cjkfrDSJABEBAAG0KFBhdHJpY2sgQWxsYWVydCA8cGF0cmlja2FsbGFlcnRAcGhw
|
||||
Lm5ldD6JAmUEEwEIADgWIQTx9pIjj7wWZuWlzNQZn53+9v+6/QUCYGWinQIbAwUL
|
||||
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAhCRAZn53+9v+6/RYhBPH2kiOPvBZm5aXM
|
||||
1Bmfnf72/7r9wugQAJuMXAsnTk2m4Esda1R66IaOx3hms49hTtoJ3XTkOP0z/Y89
|
||||
66mJ0Zp/tjhof74jRwN+Eo9R0Vc4WpuXdL6ZaOm6alc4hYsT+13bO1hNEXFP70OF
|
||||
3sithHac8wShdeutBdXGW/DcR8m7CXOsNWdQAlbYnCb3gt2zTp4DTrxmYVP4YptB
|
||||
sQBQtaTqHlO0K0UGoHEkqk5PbbOeuUvvBAyeSEvislOxeSCQakBXFVROKojd90Qb
|
||||
i6XFlNvZWzPgBHsrVRKuopgiNqfNAKz/n5ruhZcI4SKdni7zmv9CLiBO8P/qqzta
|
||||
9Wv52z669MgPRMfODJr7Q9pG6AZCAm99oKCUStX/adKGBnfu0mx/v0bIyK7YSWp/
|
||||
8l4ioiulBs04xeZ1S9T6nMEGry8k2qlErcGI59DAR08aOAbKs/42W70Eoxepx8pw
|
||||
S8KSyCfTCuF78bDdxXv3uutYb+A1AiHspu+esjJscgcXNRPYruQFBDUQ0aUzVrns
|
||||
bePX6i1ZXYkPUTSRs6Hu9K8sJQ+mr5dTEae28szDxfN9mPqlNGbsKc21CsXwOJhU
|
||||
IgU6a32gtZ7xq4g/A9DYHY1jSPhKi2q5JMbckQ2qzrl17zXhVISEcPTebQ0Qcu3Y
|
||||
S24+k/mAqIGCrlSnFtLOf6MPTtL8JpeW9fiuys2spb/pHhqmlCevbda8CUtLuQIN
|
||||
BGBlop0BEADLZJnHlI7dfEQ+thWKLLdLpd0MZBOugCqWjYdUfL89OY60W2C3Lrzg
|
||||
fewjiNLxBzwvqmgEYyQURtlV7o04LJVtyO1B2b7ZQYQoC6gu+KV5z+8w1EOs6G+M
|
||||
INda/QydjQk8ymChggGdHtWtGzTZ5K1js+e8wJgkF00n9YCxkkz+jJCK1L7w73vt
|
||||
YvS0qYea1UVxmGG+cBsfQ9GbweRl6TvSjlmLtl7m6h1cpGDQrnyyp/yrfONLby1t
|
||||
Q32lMhfH09XAPHpJWCfhv9dovgHHtb4Kroaj82UAZz2Je2Rn7SJiACLvezWEFTZM
|
||||
WClntlHqHIVtmasntzhzzgK6E1IH67DgWR3m82noLpmbYlHAOLmNBsOYRGdfOQG2
|
||||
8L25P3HrWV9APikwdPHg4/0tKLgNzhB6yO6dj5Hs/YRsJD0Jn9X+cCNasP5VTLOF
|
||||
sZD4J1i8jT8brlf/f367qOte3aFAPQq7OFYPvpFY/c0J0D6eb3FHCxfejVQL4YV4
|
||||
bg3HOUGynUeBGwHgyQJw/LY0LdCejokylQZr7Dj8H4l3b6x85UhJSKRoIin+c8aX
|
||||
iI7/2CJbFDAIv3sovyMsAhS+GyntxIpYmoAl0jrqRCr6CWCaFl1Tjh3xrJ+pRCSk
|
||||
TVq9OASHUqAb532B3Tt+DJzwrlf4qtQDFz7o7lPGXMnxYLW/KEa7QQARAQABiQJN
|
||||
BBgBCAAgFiEE8faSI4+8FmblpczUGZ+d/vb/uv0FAmBlop0CGwwAIQkQGZ+d/vb/
|
||||
uv0WIQTx9pIjj7wWZuWlzNQZn53+9v+6/ccvD/0RXb7doLc6YilekZcEqtvvCrgo
|
||||
/ZDbda1tjRbpQGyLy9J9whIdD7G7lSoGILSd8U18gCL7PZq96tGq75CDy89u0vI+
|
||||
IQ1WemRlfrBZb5qkSOGO2Yr/VYVxxjZbtYiM44aJyrehhA3MCvwzyP27iclH7N0X
|
||||
sXgJOF1p3AVEfuXHhAVSbR3tkLPe7osXKyDUgUCuvJIPLSglCqPHsm95Xch8PpUX
|
||||
JRemPpFnsPIlqDKu/vfIrDMZtnEFBog/afjA6sqmC8X2BTKF6Tiv8KKy0divkwsm
|
||||
dAq+We0vkkIMq1PMc2UkDLv8DujpF4TXMvBXO3AWoKPDNt6L7zMUdymto5TIIA9W
|
||||
sIbn+aGTfbfSflJlhlzJ53nyzl/x9ukFabwp7jjF6Vyh7KYMQE6ob16JWTo+AZY3
|
||||
mvKoUXw6jwGonaBjNkuR9Em/IyjXDx0tiKKaNPdVh8Tg8pcGNt3ssroEKWqLrUjW
|
||||
lrso/+QPeH2Gl5+NjQYSIcQOcYo/MGuiikA9GJu088+IgJ8bmTiFgMuq/ZLAuQ6g
|
||||
kpZBQXAN2hVIkV6H5IJwp8lbyf8GG0qBCk9Va03+PZjhZLu/fb9EzVmhyX95cENY
|
||||
NUE7QXQplsJZqchsBbjgQE38DWiZKT7uyRhZUCUD3h9ZIsYo63NrQNoA+xkz9tub
|
||||
+4cXQV6iJi/GqeBTcpkCDQRc/6jxARAA6399os7LWW0t8VwhEmjSj+1L14Ryh81Q
|
||||
PEM15P1DrUXagxeLu7FGmecm7r3/0CA3m6szhpIv9qZ8ifk1KZPYkKQUeFxJvfrt
|
||||
RfcfDew1Ynp4ansl4+jARv06GdOwkG7EiyVktSPyf0hGqLayeQhmqDl2cxPJuPO8
|
||||
JOSDISgk33rU94/QBWA2RRLSJtB3MZupY9Z6RvYMswyRbcYKWQlqZ09iZ4IDqeeO
|
||||
pl/YuIWECl/99bpEEoqFD9tNlpaY+mDy2ihT6RWe+4uefbSWfFEjxpGd+x1ccCKK
|
||||
qViYggEl0bw+S60RaS+5xEOG9wnuRrVRnVe9EbTYw2+xMdDsBaFl0qvLPY/66Bfe
|
||||
D+iZpA/dN2BrsOLLWk7CJ9yCgoHxL185GMLbQNy687bCeVUGDIBF56OKzGBA7bJi
|
||||
W6Z+XVkVX16li908TBnLy6DItYIqYFmSgGCAYviAmsq1v/dVOddpdAzDW4RfH5Fr
|
||||
BNopYM92FswF8NtDN+VstwWAUQA2IDX3fYwPimIV+xG8ebgVALy7nWkAdsFGPoZk
|
||||
UJa+x5Ln8WUOF37kMbNthd/uBelyeDZ2MU6/Eb+z54GOWijnw2l7bnlTysatJ88l
|
||||
0dezmN0OQ8Yn3SaDjMKNVs+kifqVlAhSip3/eIA4/3P3Bp/RWtakzN9nV/fUVWgc
|
||||
6hu6FzM6ozcAEQEAAbQlRGVyaWNrIFJldGhhbnMgPGdwZ0BkZXJpY2tyZXRoYW5z
|
||||
Lm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6l5AhsDBQkS
|
||||
zAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMSNQUP/2me0vxA
|
||||
BXrqn9uUr/09Cz+HWio7W3b901alD1amIKS4W8cKs1vNe5qHEQKH5Nd/LlYKuyKu
|
||||
agKWKrfLG7dguNAEVCya3zUqFiT71yh7BD8SvvUUTqgpTet4fHW8sr+rIYgvrXUV
|
||||
Prb4U5DvzVfMOBBO1QBFM1ZS6J7A8EeVmmyysYc36CPoYb/CB6yMe7G1pnE9tqoo
|
||||
A4hiHwfrb3t9TeSzKIbKTcuHtGgaxIosp/e3/eFZUi0zPVAQKLBA1rnUHejVb9cA
|
||||
RZQSIFpLBbUaGGBJSjNualoQOWPnHCuTy9yF6++B4ToLWLB5r9nQu70cdod21tLt
|
||||
p2BMpryKikpN6OIq5Kpj62uAGDu5b/lhhbQV5tp5gxabhIyfoCnLC6JMHwVsppIG
|
||||
1XsDtcM4IaFl3bl5Ol0+G0vuNru21e9ydGMHR153hPl5fszWCkWQhHXw728+vIZX
|
||||
4KI3uLbpJLDHWY8QGrwGpqPMcqObcepkskejpKZX2JtycoiOlntuMWfLLmL7S+Om
|
||||
YnFkOy8G0TctD45wLlfWtJDzRr2p7TDYcQ3oHf0OQMHAQ4qUJXLYyxlPja4PWiMV
|
||||
x5I9hLtXfJ4krKK/FJQDccFegBR8vhQVoQ0WFot/Vzo1qu488f0w0tAJDf16+w8W
|
||||
FhYnIbwfndGMgfu/nkAZ/NAkD/bAul9NGKBctCVEZXJpY2sgUmV0aGFucyAoUEhQ
|
||||
KSA8ZGVyaWNrQHBocC5uZXQ+iQJUBBMBCgA+FiEEWlKIB4H3VWCL+BX8kQ3rRvU+
|
||||
oxIFAlz/qWkCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkQ3r
|
||||
RvU+oxJxzhAAx8TGL+IaTYEzEICUk2wBTISoSMuoF5eZU4x3ZviA6yWG1OLn98uL
|
||||
eCGjGCMFp1/OFGZfCe/QAVj7/eBZzPnvVj7JkUrPt4EpU0XOpVan9cVh9Yzds62H
|
||||
Q19WRJOnMYO7xzZcempmUsZ5oAGivRsJ42UhvHi409T/ZpRdyOtiWXmdBXIRK9G3
|
||||
OuLBhchvFIhAbjfYbFD+gVzdGThU6xHXAfnLoFuyzYIpXzgrDYdmfkskLmTd4meK
|
||||
oFVwcBnPWXxUJz1HNxPCI/dY8DUmWjqnb4qBU+JnLq16UmvEG2TdxpKivcoJH5la
|
||||
IVnAEa2A3answ7WU5yF7n5b9PH9xFsPJpcUc7+rc2F3D6eY8WY+tSSzyKxuRYF7h
|
||||
FeRifwSSjOMDp50kgUR2f/5gGRD8rDSKTtGq9pVDXtIPt2xEnY/SH6O8Mmusmk8/
|
||||
bS61t6HPjEZBGOO9LrYbVBcHCZAHRzWuFTIadyh+q330fXlCYHaHAZiN55TEDocj
|
||||
1XxlhiLcyRGwDtMnc2IOjJUjyxAXwFwVqVOGCFtop33tj4TCKmMD+NSeLWmCmDLj
|
||||
81t4r9+O2A2A8AhEMBCC7m9N6DlDdGMeOyzdDTUTp9cdbnLRc2qJNk8Q3C4/FI82
|
||||
SoJtOE0buvA9Jfz5GEU+V/ZEuMj+YYRCz6t3iFISCjxWlUTIH5Gw5A20KERlcmlj
|
||||
ayBSZXRoYW5zIDxkZXJpY2tAZGVyaWNrcmV0aGFucy5ubD6JAlQEEwEKAD4WIQRa
|
||||
UogHgfdVYIv4FfyRDetG9T6jEgUCXP+o8QIbAwUJEswDAAULCQgHAgYVCgkICwIE
|
||||
FgIDAQIeAQIXgAAKCRCRDetG9T6jEo2yD/9PNspNKjiGq0u7CBxY4XrFXYNzGVUJ
|
||||
UQxnCZk5o+K1zpU5VCV8XjXBrehwSe/17hAakl+5j+qFt/prORPHdXPyKyI+SM/O
|
||||
muc+1AjOU3OPApwrpX0AsYMdDi5BtpXiJ8RGBNEsKJN+hCikpNkUXVlbluvcytCX
|
||||
/je4TbnJdRFFSJCdP1YXAzrVbXCVFWgTU5g5SwPEpDxs9Qzvgg35PG/U5QiFSTCN
|
||||
CokT1Hdf+S2a+h5nxSnqm2Vn80NyNBy9y4kBBCkU18NzR96cWxiccshR8qS+7Tg1
|
||||
EIBFFnheZkR2MQukfxCHliX40pGipyHE5Kf8huYgNRiHsfdYIfzYQx8lfvwRNq38
|
||||
QrMihIfcBZfl6z096J6Aj6XiA5VqcKDdD0gVw77KCkRyzBtGt6kSqStF9JYE9RjB
|
||||
b375qPsvCVhW/alpScnRtJzVytDT9xeqe5F0V6/GhNvnlgBo3I2p+33gDb5TQOFw
|
||||
oidV46lXlAYo0sAbXJPw9ZZrHE661HQ9T5CLtJ+cadITX3638Sc6XcsdbD+upU2V
|
||||
1piQ9gUvgCNdYGjcYMXTfe4l7x+6pthE0lb7u+q/nyzTozez0xoCWygMJlETQXKn
|
||||
s6EnhMi3phAuUnhso3fWAvwtOgHW9QaL+rx5npad3wGyRo9xqTmrE/El8FgALXY2
|
||||
XfggH/zQhIwNIbQxRGVyaWNrIFJldGhhbnMgKEdpdEh1YikgPGdpdGh1YkBkZXJp
|
||||
Y2tyZXRoYW5zLm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc
|
||||
/6lWAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMS
|
||||
jWUQALGWNAhYnuTTAIoKtwPsDab6kJV3TcBaiD5ezXXYX1WFEKMuLenYkCIzRuWO
|
||||
FkZR8Rr8iJj7viCPWV5bniicsKNq4Af8YIXq8Qnam30gSkHo+jGpzZYnDdFDajYa
|
||||
x7wVKMxUmPsC6RhfEk0JAFXhoqrFOrsuUw+bBC4LOvFzdufmS8klJq4krpYf1kp5
|
||||
CW6/DL38YRrmhq5djyiuA8iJPtylxcR+tXSmyGtgltCiHS4EdOOyG0hOsfkHPqIK
|
||||
d5Tb7J+pMGimCp/9YV1NINbFpWIG3pF6sopMLU5YHh0Wq7SgfDVmkuPxUaEChTVz
|
||||
S9y6k3DwhW7ZRpcSx9hDRwaHFw/eTuSdNH/7CpXKr0o/+zuvq+gpAHbPH1GfikoN
|
||||
B87lSdfUdM95QTveQjS+6IFbQR/5pCEAraZ97EP02A2o45nn2bV/gOvZRqqPuJZQ
|
||||
8rJ0ryqfxRWj/cRKrtt+k/n0dKQXJt/0g5s+IVgIHHoe5htzsXyjvxfpSL+vut8Y
|
||||
ftr8lyCzGqFUZaX5zpsgwpy4FMf93ttPYiQuG/pVD4dSxc347xL03rB+0F6YIv6S
|
||||
DKuA9Yy9bj2xRuJb5WmAlb67qwE7urGvgAkMXs3deVMWJ1oH5KB1t15mOU3Gund/
|
||||
q3WO21GQj7leALl4cV+oDXI+3z1idIMEWQWaoY2pT7PnUw5ruQINBFz/qPEBEACw
|
||||
WHa7KtEtx2KKghel9yLwLx44LRnuKWLjGNrHqjIy6RSWBcOKVUnewtlzr8ugAAE3
|
||||
qMXtGd3vCLpEtqDJ4RghBrV9YVLArr9ba4clmSgr1iDKZE4xjR71rkwEcrQA9Iqa
|
||||
faOQmTzj/MJoErYONat57CfArQs+Sd4SYJyLTZ+6HdSZVyM5tDooookToZaq/FHQ
|
||||
1gKtQVuIkM7229JaVo+4xQn8N+nQCsKvbl/9ATxXoxzsf2UxDsOOW+Mi9qAmSDdD
|
||||
pGIsWkFmvZnRPPnLXRkQiCcq703Zt/A5ake4JPLV3ZVvvzhvA37Qz8YE8Pud+jTL
|
||||
bvZ6eKh/X3XYkUGjtbDUPfY61HTbiLKcDYmEbtD9bPa9gePhNPXVcpVKd+r9UQJA
|
||||
+Oskt5zbNnOx1JCNIHKJ8s2ll62G4BcS76BnPSzCtGuDnW01xPj8Q5qEHwBcpKvW
|
||||
j4sRx6DSxhieeMm3FZ2ScCarz2vNY3smDJSc2lOWYlFgQwwzqAsxqA7Lb5VmYuSR
|
||||
KKEWB8XnQ2rcoAaUuCm8qU/zfa/yn97eZa9VKMMX9X7tcMAuYRD0fEmS9zjeX64h
|
||||
/+tZdQnUq2Jtthz4qInNs/lSSYhCTC5H9FZ9hFe5X7LiYnTws5o6TXejtXxItaYF
|
||||
/4Ltdsq/bT5gI/PNqP++iTQFjLDUUoG5S3U8/631+QARAQABiQI8BBgBCgAmFiEE
|
||||
WlKIB4H3VWCL+BX8kQ3rRvU+oxIFAlz/qPECGwwFCRLMAwAACgkQkQ3rRvU+oxIW
|
||||
mg/8CHGV74oqKrNf0ruUaHWfm1Lk++/CAp6uSZeMOkJST/4Nl5f2O3aPA7XVk4da
|
||||
vvHA3IrS053LM7xUUb0FnarKMlKg//3f6Jtvavege6zfG3qj/s6fS/8EgoZkS3sy
|
||||
wGHYzy299sgZKx7eF/pkVj/olgDQ/MpkM5scpDhY1rHjvhcR8sLM8O5DkOfyTaEi
|
||||
RuphMRF9G21pu3kIPf4C/4tMN0TmNBzd+9L6n4iQooVsxzAohjlIQl6DjnGM5U7I
|
||||
o3ufQqCuGOhJNdMPbuaH/ZtLxhnru1kZiHToPoGRDAW8YdjBnYIljW73RKPgMpkI
|
||||
iL56DXSsb87qKBLZ3aBkjZO2NxT3GUPbCAYQ/b5JQ0Oeu2wbfYDZ8lr+rATED/9Z
|
||||
6mrmPPgmVg+EmXpX3byBlfLvWuknZQgEFyZEiQUNWsPX1ML+VXUS9VkHYngZ6PDS
|
||||
PREP+rN/XwsNaCKg76Dx3Vcxq+0Nj9c6qEPoiC4eQGa7iSc7ylHsYlQ9qLrwSBXm
|
||||
OoGSnFkpToyEi33SA2FqZqLIvG1+z7sqiTiWbTdjZ8GShAwZDDnsbNUxue9YiYFN
|
||||
UwEkJhcxkApawGhNtWkbDtTrvRRAHZ58CMDMRvpaKfGcpF+RlyRumTlEChpi+vNX
|
||||
3Uyor2raD12YolIUGbjVdj3vYRkwdvoQ3cZJpZZLHyT9nDWZAg0EWxcHQgEQAJrY
|
||||
yC/KKIzplzkKtuc6jCpUT2LMovFvUHp+OdCMN+K1SgveBhxsHgK10fx9Ki1Uvo2W
|
||||
jhUAw1reQk/g06wiusJW0bZ2W5rKQKUPJH2JLEJcVdJAVdq2vGTdsVNkvia8O0XX
|
||||
zN0tGb2juyjX1HPXUJ5jRBsiPrppeK6+NEizQmj4WYBF6wfsEalJdQ8g7nSR4p9s
|
||||
HdotI+6ug6hxStcjK/wwFLRqpYwZQLDbRJVVMDAXIVLmmg8CP4VarIsF+PEv9ioC
|
||||
EaT2yynFVYShmbU2XmUJSlatXaHhS3/C6IkKtOWZdU2Z2Yg0OyAUssikXYDV8bNO
|
||||
dlSq+0gz+xwmglKGYwMxs1S+CtSnSwbuwmLvN2VMRWDCN4CLYRezmkNW03U2OXRx
|
||||
rME6qlk82VNcLjpJnc1AVWBF/Wi4K+sG32e+uoTa7vZD4p5YmfgMRwe3sa6KCNgb
|
||||
ufin5idIttHB/ZOZdyIMvxMqEBkjgCOHArLDFLMeMe364uBt7c2MLCPH6+v584Rd
|
||||
rOz+Yl8AvKg3+izX6lwXE2VrC/6fkXlW7Z0+gES8YmNd++si5JOjDGqQhJ6h/r9u
|
||||
ZVGLYk1LpgExgHxGhG1WXISIrGBd0kqFdkHYAIgTZ929grdv4tFpz4+rSBxTBlwd
|
||||
PCKselkX3b0S5hSqAGsyFL/UT+l7h5vlLvTJe6W5ABEBAAG0IUNocmlzdG9waCBN
|
||||
LiBCZWNrZXIgPGNtYkBwaHAubmV0PokCVAQTAQgAPhYhBMuvafFzoP6ktTf0cNZs
|
||||
lZMRi8y2BQJbFwdCAhsDBQkHhM4ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
|
||||
ENZslZMRi8y2o4MP/14vXeLNCNNtnhpbknRUVXrORcKZsDTyTHLx4BJvae9DsB0G
|
||||
lzGI4xlkWFXRW9o1/3xG/sHpg1hQ2o5qAKPN8IAJBRm+O/cbyYxX5Jowy1l+vipt
|
||||
93ZS9h+L2nEWk+hBT6hnf23u5po5JKPCEWgAqZxCnFivP5/STND9CZ5fXlTMXGYR
|
||||
mehI/uGQ1k8qXMLVCG75mMxIbtXVnl0NIoq/mnT8kNWs2y17EKrbhX6tKVdOzsQI
|
||||
SZ1CN0+SJeYrfCjvlVnCFQS/wG3OfmfsXIMtXR02sLffhai54jIM/DndaGrsNxay
|
||||
GqScMVMnhkU8Tk1M92fwph3JaMlT7mik+fndWkQZtKAuu9j7CNmFhd19UKPbx+Fp
|
||||
LIEccYyn0jh0Rngc8Js3ZhIAjaCNpSjJTIuWcNwRdks0hHSuvsK32C+YpakF1G7O
|
||||
WWFSSy/p7VGXNR6R/sZgn7oC0qd954BGyaMhxmM7fezhcFYCSNG5D+jG2Ri5KtcF
|
||||
Jcuw4tKXDxT1wg0pmk0tLH+ZNPw307Wdzrjqpz5TrYzLTiycxbl+uo4btKe742rl
|
||||
uSXVaqx5bVpx6o1i42lGevCjq/n6oBbM78n8gTc4vPrdPjRYONviTplNipLol47h
|
||||
rPG2yakoe0PqYKFLm7CzHbL64a3ZCK9K/XWth8OUJbDUGWRHnVZ5tpxQqYR2mQMu
|
||||
BE9mqaARCACFSqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvja
|
||||
DjWi9hcwp4E/lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18
|
||||
LMqhc4G+RU+LcNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1
|
||||
mTmFT9a0Q8SKr+mUrrJkuG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIc
|
||||
qP2yC4nLGR3MkubowxoEBYCZet18aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkf
|
||||
cJFADa8MzOL90zOxXwbGfbIZOlh5En8jAQCXlfnx2eQL3BSW/6XANa51dbWiEp1d
|
||||
1BAkpGKtZvlk0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN6Zdy2MxL1RRJCFbytLhl
|
||||
0ronC49BsGYVGshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVCkhUAhouH6xzZ
|
||||
QNLR+RU+QebYzXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSNoBeG
|
||||
BKWWLiOsPjvS72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xP
|
||||
yc6RsB84sfsk2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlD
|
||||
XnHxJ0HI1I/kOBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9
|
||||
d5ud4jTJRkQGvAP5pg76vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup4
|
||||
4Ck6ZTgdlmFYMLF1hR47PIZTDKEREuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/
|
||||
+Lp8lQO0GHLPB9glVhnC0db6l1Xpg1CMI8/RozBMcij30EgATggC/y2zbiqAFoS9
|
||||
FN9nXPbe4phStqABEyeZ+nXudt7PUYTjVgcrqo8bHZCisBobWC7OnKyUzxVxzUeu
|
||||
PkIfmZuzkLaMw2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ5QrdmE0/BbQy
|
||||
U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWlsLmNv
|
||||
bT6IegQTEQgAIgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
|
||||
L3lWvF2gS12XMwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0Mv
|
||||
pnvzOhv9IufvvsZEj3E7i3h+iD5648YMwfTFCij+tCtTdGFuaXNsYXYgTWFseXNo
|
||||
ZXYgKFBIUCBrZXkpIDxzdGFzQHBocC5uZXQ+iHoEExEIACIFAk9mqaACGwMGCwkI
|
||||
BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEC95VrxdoEtdhdsA/1qQb5RZbh6PlIVe
|
||||
HCFFC3fMvy56wJ1KC0knhphyZdcGAP9bQFhWGbxylFn7xmnbJ2bpa+0YfzRWwbgm
|
||||
eISoZItQ1bQ1U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2
|
||||
QHN1Z2FyY3JtLmNvbT6IegQTEQgAIgUCT2aqnQIbAwYLCQgHAwIGFQgCCQoLBBYC
|
||||
AwECHgECF4AACgkQL3lWvF2gS11roQD/S/f3M7YgChaM8SAt79iAPvLieplUBgYg
|
||||
uOJjHc16QA0A/Am0mjKmNq3W5P0uA/vB+liCEcMLdcZiOIsNI44eHj5PuQINBE9m
|
||||
qaAQCADfZPMpjZkkGZj3BY/7ApoLq4mwqzbh+CpLXwNn20tFNvSXfb8RdeXvVEb7
|
||||
Scx+W9qYpiaun2iXJgCVH8fgpZpR856ulT1q6uCG++CXubEvip/eJkZl93/84h04
|
||||
KQJwsgOrAh0Om3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTeySBVFdov6L4me
|
||||
pddfjekicKQqhL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/PginD
|
||||
11zp+6wtrWCm/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4
|
||||
HGRHZdBMJB4rHUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05b
|
||||
tZ/x01r67dHfaMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJA
|
||||
RXWUOO72+sScHP8KQmTl1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTik
|
||||
r2bZYukHDQ33XBPs4e6MbWKfsa9qaVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHB
|
||||
i9MI16oJIzzBPbGl2uoedjwiZ6QeQZnSuOVYZxU2d3lRA8PrtfFN1VSlpEm/VcAv
|
||||
tieHUYWHN0wOu+cp3Slr5XJVNjTjJhl28SlinMME54mKAGf2Ldr/dRwXiGEEGBEI
|
||||
AAkFAk9mqaACGwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQPzdfU847tqDK4
|
||||
zJjbmRv5vLLwoE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejwmQEN
|
||||
BFhJm64BCAC/9u6NdeqwFuJT5TNbKVrlVnmHihg96XSYGwl8UPiiYuO3JxXZaduB
|
||||
w0955FOc6X2cAoOJrRYv1zZO10nWS3n5CfjUn9rLZ1dnmL87+gZcOUfejBo2EmLI
|
||||
VM1yTsLZvigxIhjCUdiQDsUNhN0h1QMwprKAugyhtS4UI9DepsEt9KaqVQ4Jw1M6
|
||||
N0b/enkQYs+PHk5TbWUqwdvuGDVeZI2poBo2SL5igUfe2EAOZLZo0CY+tCsge1hu
|
||||
+fYxckEF4C8SltQqiXnk5Z/SvqhuRV0lvOYBshwun+6qgC5UJ8qHsfW7pK+Qewfx
|
||||
nsAsW6gbuKorluCiRg2hCIwK3fAJ0SLHABEBAAG0HUpvZSBXYXRraW5zIDxrcmFr
|
||||
am9lQHBocC5uZXQ+iQE3BBMBCAAhBQJYSZuuAhsDBQsJCAcDBRUKCQgLBRYCAwEA
|
||||
Ah4BAheAAAoJEPm6Ctoxy9ie5VAIALXzzB78e3Fe0J83zOfj7VBHRoIsljdnlOPi
|
||||
rIciZquOoeOOMpSdwgHA8sdlFxzspEDyN4X1YU2zJ5emE4x1bNSY8tI9h7Xflq6k
|
||||
GJ3zlYa5SQ9w97Z0Mnas0j7wbJGeajPmbb6ZFfWY83rowHUuIujql+RN0Av2MKxE
|
||||
XXeydOdZGImvzCoNltHWlmoHxI9+oerPOQ+04RxhFnCvwv5HyiN29O8sn08F92wX
|
||||
RrKzLcudXJeUZgQIVmv5spY84SMldv/lSr18s3lPlvQDafPjbzUs7Q6dJFiiGdW+
|
||||
sOW3MntJYAe9n8X2tly5owMs58N8BNThMJoLhtIm1MNZzoGnMBa5AQ0EWEmbrgEI
|
||||
AOF4kVuofaESBahVCR4jWl0wWbiv3RNOUb/7Vm1TXeH8kmkLkIPGdiDSrc/yENi9
|
||||
i9I/e+7fzV+NY4B0IzPewUfLUrbrUR43LRBhumNAkpDEaXYQnz+MGYIXj/2pWJoV
|
||||
s0tJMauspCJK9+iTbFPENE7nllQb0bI1FZ2nSgCdw3u47o7Dc3UKh0xWrC9G18BJ
|
||||
SZbPn9eUZ0ioDZaVCnxvJfS+MbSj9KJfG6xgngK/khSrMPiyBMXs1mSXI+pZSMFX
|
||||
TRl+U9vIN9qkdsP1vgin7CgwQa2V0MHPdQap7NszbpG0dduxRkvgM7uK2Y7QCviD
|
||||
q8eVbC8fqsAvRe+UDIXbA3sAEQEAAYkBHwQYAQgACQUCWEmbrgIbDAAKCRD5ugra
|
||||
McvYnoIuB/9cHKVJhmGe105G0XeYNVq+X0yzSugMfAwVGJOIY4bdkbxSOj67eAc1
|
||||
xTH6wbx7KHHhDfDVN/5KHxJSm+uJXE6hi62dY++syPdoqhv/1AMD0YKpx62Erm9z
|
||||
qJ3/k5pCPmzFLEniQ48bdZFxaVUZBvZ4c4cq7aE5kY/WfSN/WNOJ79zSo+vT2Rnt
|
||||
uFY24Rkplwo+aiq/gEdwKvuOzVDc07G+idozfWIYAWXRgiGDEgUgmPkNbpYLoM1M
|
||||
PKTTkBVMjYvEESdkiPjHHcBugV5kpsuyWm6jtbgR2Jt84gq8+qv9gVgkT0xo+Jf/
|
||||
9X7so8CXqtI9P1keQ51gXM3lQFXkp7FQuQENBFhJnJYBCAC/Q4RbdpAwRval9S6d
|
||||
oIVKvPu27haj4Irppgz4c0NKtnGY6MkYOXwMJmd1KGnV4kU+zJAXCj+4fo0nUnPw
|
||||
Ml+vkr6X3KtOOMr9Bb5T1wnj2YieYpA0oEf4Jnic8qQZKz6SV2aZxB/FgS+orOC1
|
||||
mDv1xmSPuHfCZuH2JtHA+4y+3XqYt0ZusS31vSsv63HiUqt0c33BMrTdgDmP0ynt
|
||||
DnS1Qb7cgwhMe6AVXHHNJDZSNbCWkwu1ASHfrTRUt1ijEUZocGBIEmMN+vdyU4Nd
|
||||
5aF/4fiQRoNOq3WLjknaKM+uAJ62AguDzuEkn3z6Ei2rlg3KN/9L3Mzi7D7gdVwh
|
||||
seytABEBAAGJAR8EGAEIAAkFAlhJnJYCGyAACgkQ+boK2jHL2J7hpgf9EDjp0U9F
|
||||
gpmW0JVKOshmkdJIoF0km4YBKn5KLjVTmPNP2js3gD4PMkfuXMUR2/uDQJvEpgL/
|
||||
DqbKqt8TgupxGsMmQ3mYgnaiVwDH0yNSz6rpzYSsvnZxaIyKjpp963RfQqAtg42P
|
||||
F3Dje8vlMT7lo7Pb8naUr+bu7PaIsPZL1Bl0lGMymAKS/AUZ6B1eUIy7Qg+/Qcl9
|
||||
5+f/4nnQuxTpA5kqcibAAWpM/xbxbpKoydbJZG0opxgai9hvy7hOf0Rlep7cdISu
|
||||
P5YcAdGWYSHq5t4RJplGLFlBD4hOAzkTi8KmtjriLEIp7fMG8QCYYge3O32KK6BS
|
||||
dWmgYjuINvO0LJkCDQRgXeS5ARAAznHoM4UlDvg6j6UEk0clROZhxPXQIaXsVLwJ
|
||||
sk92+ayaDoFF6SPv1cymtreNIJHHZIP7h2WzBk0ION377bGNXg99rr3iStKzJ7QS
|
||||
DZzmn+4w0WvUHSql1skCGzkjP8ssiLXOp9phQuK2R2jVNUMGQjxhGLeD04E5johY
|
||||
+jR38ljCFMyE2Gv+xJLhXFd7YqnrvBptnBpZRYGkNPf93YS825bLYIHeH9QO8++W
|
||||
qBpjMusb8Bc3N2QMta8V3ReUAqXbPrr1l5K6TSaURmSeHkfDuNizgyRKYERpOCwP
|
||||
o72bp1tILSTiCpgBn19iEpNvGqwkddvXcWoRxynn1EvEHNs0yuvyPwaf2TFXPzQt
|
||||
6LOibq0CQ/yn3+GpoTWgWEVg/jZ+30forWdxzwR9sn9J8y9HIMBrd+xm0Fxqkbx3
|
||||
MJqAAWPZt1mVQtSJnTkuk98zK1AuAE8g/6rVLOjbscldtgtYy0bRqrtmDHQMPrNR
|
||||
ulekN2NEq5UasNDW+FINIDMCmXVQlPttqhplSeOA+30q+wMiGZkqwuIuiKBfSNKX
|
||||
KWWHSCJoDgZ5kpsDiIp+f5NDqoN4GVmQJ9mFeqqVZ90Y1c/xpBZJpd9U53g4vmmS
|
||||
Ur5sqW7045Gh/8wC8CqXEiHVWWJZpVn1qaxvFGN1nN1yaus0WIxvWAHYGS8x/uwe
|
||||
8q/1UfMAEQEAAbQhU2VyZ2V5IFBhbnRlbGVldiA8c2VyZ2V5QHBocC5uZXQ+iQJX
|
||||
BBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEE5gkT5N8gmQfY
|
||||
4w2WZZqXyc8qeVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVqENhAAglRrXTkxTEFh
|
||||
e3KZwGzRUhszL/XX3xO2jmnFWoRHETLruTuTjYWTJSsHl41yY5lyYGuF8WYn3KKZ
|
||||
6CRIogJnenm9aHXh361wGqyooPx6gh17UxQXNAAxICHsPRKx4ygoqYN7gQMb0fJ3
|
||||
Qlf8Q5gCA3WRjO7oZJWL7ZOvI4Myt7c2Mg83rPnkCoY0HV3x4KdjKlfmnrrsvHLB
|
||||
VryVfwyQ01xTHg8AJvbQfHzKh2QzpRdY6ZfhW10tzXTfznnvC7Y2vseYkzDCOZVZ
|
||||
px6Xpsetlvjtsgh1HXeE18SOmn76Sl5xw47F2aGaC1NYmMFbQO1xiGUws381jLxb
|
||||
F7V6ftxrHzhRWbXl2JOF4KBft5vlUVA13JMnd9x3NlmQyHuDymFPko8VfRp/y7av
|
||||
V88D2/VIC6IurhUZyaPa+MwEynlOHtJivZmcsuTXZee7R17BHfq9kmoodJL9G19y
|
||||
8ViPGm+iVqTghVmPt51VFyauWh9xrbHb/11KpPjO+teiyLHQ2Wy2e/PUKxPZjhLw
|
||||
A57PcCI7fFxXHf/+ZO/zjP+X/xitPqfXb+dbkp7sqrV9tUrRuf2PosbtDLiu4yto
|
||||
EpkNB8KFNrs5VF7xciFoBB//kFIDNUKH5aLwY6fuXMCG+wiJdLKjw6EW2llgKrYI
|
||||
kSBXiP1HCLLNlqh1GPmyGW7YqUgPk7+0KFNlcmdleSBQYW50ZWxlZXYgPHNlcmdl
|
||||
eUBzLXBhbnRlbGVldi5ydT6JAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
|
||||
HgECF4AWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUCYmuyVgUJEO1yXAAKCRBlmpfJ
|
||||
zyp5Wni0D/93RGKQjWMUseorSyJDJ1Yn3VouznuwE6iBnyDuWeLmfRNCQr9Agx8u
|
||||
ADEO/DRuu8yuV0p4KAhh3bF1MPYfOe3bV06lSqRu8AwAUiUAvoOobuLCuu7aRZbv
|
||||
GXPiBrRnNnjY0xUnIjHZQmqHGPnoVlVbrhHsOyr3VXxDMSSC0ZN4K4as7F6ND2nj
|
||||
6o0Sv5cf8GBw1u9ueQC4myfEN8n/YfiznRGtKh9cbHUj+xuebdZAQqBrBW0/LDyz
|
||||
cxTLas7ok4EILEzDTnosDqz0VCMOMlUDjubL2dPmoIzhn9IpJRtIXkDAuyxihQMy
|
||||
iBbcVa1eoUoMB7e8tnwOUb0QUdM2Rui+W1JD9P/bcRenOh7ElYoQDqV9jMqXpebh
|
||||
w4J6qunhmzMxuNDKDpp2lnBayAja/rmS2NRXwJa9TZeLMoqlxd+vqwNnud0FXD6d
|
||||
p5b/SEfoo1rVFSDvsXKQBSmeTcFhETvqEKBjZKrlu1CuMfIzvHs5GLP5wumPnCdw
|
||||
Irj0u+mr5z+O/0gL28lSw2pss8rfJkjLJ8qoIIc+or6qlhPNdItdNwHxQow6JDU3
|
||||
dLs6QnC++FTeaRbL3iOet8Vop2yKALYD7xR3dfDX2IJMi25OvVeLP4dKJw/KRInd
|
||||
txMQylyjlwWc59QcOe8/2RQsckpVC0LOfQTBU3WPVV06l/JdqWoZi7QtU2VyZ2V5
|
||||
IFBhbnRlbGVldiA8c2VyZ2V5QHNlcmdleXBhbnRlbGVldi5jb20+iQJUBBMBCAA+
|
||||
AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE5gkT5N8gmQfY4w2WZZqXyc8q
|
||||
eVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVpUQxAAnDw/w62tH9B1uKqrtGWHqK7J
|
||||
kasiNvqW9bbF1Oai5+1VGXm8kWi5Ld5KvxN3pp8QdjH7Z9zlvWMxw1kHI3Mx7ZCj
|
||||
633lPNiWtd0xeb7rch1Ek5/Uasy+X7cfjuDmdB+XKrLJ8qYHZ5AQOXGthtrNw6p6
|
||||
bYWT+3tmId7zxBB4OR7xOxrB9XMje9xH6eMQCZbRUnRVbTQ62fMSI8PYlJ55dD2u
|
||||
mMRSrsuQLC07/U+soQD/PNqOX1tY6ok1KSquJfxgoymViIwYFEGlDw3ViEjYRtKq
|
||||
CvxlDaUf1n2iTHcmBbfWxvjRksfoNEV2Dlpp9zhFYGuSe39aZF4HIjnR2OBTERlh
|
||||
hoQw3H2lgU11WpP4jJVm6zzcFHrt+9VuKTJGWgx6tEahW85F+XjwnFKnjh2T8+aq
|
||||
4wEpDqw66e+Q+WYaOlHDBGjpgNxPPNy2UAmPs4fR/Z9+FFCKpWto7O6Z6vQG9LmD
|
||||
lXuRfk4qx96gMyK6X262pRpxA+pYC2yWsVN3lE7tdy/8YFHx9o6muJrwwUuIPqwa
|
||||
o+CdkHG3P3451BIp7bthzfEBiRKZDUhQI7ll0NA5o4nZe9dA83FWcvljHB5gDXl2
|
||||
ezEl17xsFFfkQuSq/z81QE5AsCVGPnHplNxP/r6fqFDhdTsbyEiihBdUB/aeuJMh
|
||||
NHszyeUrFc+J84ughPm5Ag0EYF3kuQEQAJA4YiAQSWtR5pdzAd8gw4Oyb1WwwAOg
|
||||
YvcOV3sptLKiHTOtt1Njv0UJc832V7IN3+GuumY6LdbdWsRWV1zcOqfffZGbROcZ
|
||||
NdEHKus35lAzOsq5ZmrZgiJrvppVka1u2Km2uw6YFieZuBVxk6dPDafJzSYiAmhu
|
||||
x35Ox7WSI8zK/eX32k2l7Iki2nbz9KNpJz9HLwSz1kCjFPPQAyPMYfNJpuqJrJ0m
|
||||
8tn5blHroEijaCsSanaKlglg+W69GKZN1MhvYFHKCVMkJgtoFFLPYNZLMnqv8Rpa
|
||||
03CfZe3OSNom8n60a2n1shOWYP75SiwX357EpCK1ftHOERY45bXkZuhIoOpVZl2z
|
||||
l230qKSMrxvSGJm4GObUV/2jL6TnlHG6sfVn7LqdTGGO7YeQf10lyUArEYNpNZzJ
|
||||
ex4KvTFa5pCgrl9SL1gZgIpa8ZQKnZXakgPvP2ScUMmqXQ7cPHnFdDSBRRtrQsaH
|
||||
ZyXJeUVWURrDuIDY0FWVuh6d5LaXAy7CZKTYZ7B/MivYZgb3v/ygX7ac29CNd1u2
|
||||
yTCaM+q4OdhQ2zvfTWZiyZfTfOZgjzSEr4WhxTiynMhaUTp7ntnohEfDi7/zNuJ/
|
||||
9p76dUlsJIb/ojOhSE9cghacV418QiEiTNaGJkzPXuVo99I2QL2HIMA/SmP0xs0m
|
||||
aNVvwT4riEIlABEBAAGJAjwEGAEIACYWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUC
|
||||
YF3kuQIbDAUJB4YfXAAKCRBlmpfJzyp5WupsD/9w/5GDNp5L6FyzDvCtKufWO7n9
|
||||
0hN8GdlR8g3f12iozn10BRMiuUamWCPpm7/8SOfPl6FZX/ct51M8lEQmgUWj7b02
|
||||
6cum/GNwEcPMU+cAWA1WmNMc5R44nRVTZwydTCjb8J+vFeKmXV9Xccxwfj61HmRu
|
||||
WFaBgksNWruGKhrmD9FbhOQHmPaT+nP5gu7EriwCe4s5Gs+iDYiFu4XCXET12NjX
|
||||
cgkcM0mN+lACO2VZynq76StXl6y4acEm2wYEuP6IfrHbvdKEG99nSUVU2Wf509fA
|
||||
kek7cb7LuaxbfEOG1ZFx4g2T7668/ZDgqNaXtw31zm9qETJRd6GeofjITQtyGb1U
|
||||
xGNFiutiORq33rhnTAb3CPgRaUPqa7+22VTlP42ZUC+gxH0Nk9njXNsYmD9XSsKK
|
||||
h+oXG/I9zonbPPMT3y8XjCD2QYAi8scESSFvAoUof0fb6PT/hzZhZLe0y8vgFUJu
|
||||
UFf4Jnb8CZ00t7Q7D1AQO1l9qTLGG0BA81skHa5kgIKRsOZ2h6s/oXIxiulbGFv2
|
||||
x+RUHjin1DxOBFT6SHF40BP/yc6yfLCZDyEw+CPHCKzKNg0nrLKzg75A6KLQucAs
|
||||
A9o8ys28FYxk4LZui1kyGpktFLIQBw5PbZ3XcYDw/Mnhc120ESQu7AaBXC3AUSax
|
||||
erq5RAYJplqOAGyLWJkCDQRgZSYzARAAtsGzvzyAM1UgKdpJOzF5s6F1UUj8hG54
|
||||
zeqpu+56877oIf23j2bnBupW1zMUbAo+BkvcS3BmaEkGYU/9hiXcvmlLe83+rMpq
|
||||
SVE3ID3RFZn+bk8Vp0JAYNAXZuofMcL4E2Va3X8Mu3+43wLBklysxJiXydi+ix5g
|
||||
DCNyPnLHT6igR0s4+oWI2WHMF0qdkwCEpKSiplfZKZGN2Sg6CQnQ2+UOm88uMSvg
|
||||
SO1xWyDC1ghJH6VGrBl5T6Ff/ar1lq90hrZyoxOVY6FYAOYqoDFMpsndi/c9wasv
|
||||
PpirZncV8l4NztKOvMRvaO6XI6Gr1W0VoqhPU6mXMGq/uNiqC+gXIVmJTL3mfUTu
|
||||
l/rpqvcBiY0dxvfTxHB7RelqJjFxoni6m1M/1ltBoqC9+75KijGWGdLciE4iWX+2
|
||||
ptieE4oMqvJJNRxuq5km10kjgXCF1r/mlZ50zNeByo7G3+o8fdVXf+eMg+4cqM8B
|
||||
LrW+Pgs/zt0fWd1eqfzn3JwEy1wnQ4NYWDY1qM+k2XJcRk6WSae03r6hAYakPLmv
|
||||
0Fxyches2t1RWFyOAtl7Wlel+nOx9kr0aYbJ51WRDFkgbGXnFvrvd9XmpkIs8+XZ
|
||||
llu4wrUKg/63Mm6qPj3rbM1vg67MYN8xfXTzNx/htV3OESC9SuD4Ua66Zfh8GbbD
|
||||
oFIiSzIK1z8AEQEAAbQjUGllcnJpY2sgQ2hhcnJvbiA8cGllcnJpY2tAcGhwLm5l
|
||||
dD6JAk4EEwEIADgWIQQRmMARdZNJel7FwZkoavH5iXRp3AUCYnCdvQIbAwULCQgH
|
||||
AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAoavH5iXRp3IY5D/4mMKbN8VdyPyiSkgTV
|
||||
B3Zu6GzLl1tapw2fzlzYeS9vE9D8vF03UshdE9hKQb0qtMokblaU1cBPGrKWWPqv
|
||||
x0sJbSAZx69YKfZAiJWfHsVgvATwfMgcqlpdGHqRnEEn8fKta0+VL3GKwXW/aHAn
|
||||
dJ6JLT5qJ2qqMoa8VqhT5CcHo7TJ3CfMXDw7dI5TiE/MOIPuRUEwyw2JXqM2GTqS
|
||||
pX1dz/PMPP/UHM2BMgT17TSSL6g69JhHNVcruYypQHNxFOBWqg5lP8iXutqS/SJ6
|
||||
FJEWfKX7gLyfdA/Zj051ttqyE1i/liVfLti8Q4eZX3+/tbQn68T3jtQiYyS/Tjq9
|
||||
/8t50t1B74FXCe8/wlScBpTazngJTxkDFY9kNScYgaCfwda9/ZF9TmhJ/rGoqpj+
|
||||
IH1nWHyU6kvLylngrr5/gNqgwmc0g4/n2twYcbWBgsTX8ATLSoxdRF89hK9fnJSF
|
||||
S6pXp3LRMrMrkiHg/sFuDkiEiK8At3s0eMFpyBgAmDJuiGotNtJPvNeMI6gAEjNK
|
||||
lMf08QXbygqhhzO1BFYPHXg8QwcUItXieX2hdkMySXmVLgBQ/IaSWAQIx4iO9uKI
|
||||
MklGlzbE7ZkSMLMrU7pnWBXJOu7N9aYsoLCx7rc/9C8deso8sbQvkzwu55rMyiTe
|
||||
14JvH6tFOVQrpjLMByXnhzFaq7kCDQRgZSYzARAA7Zul4lU0CKuVKTVF6Wrncrrj
|
||||
BI5BNYSO4cv4+Di/nb/F24yb97SjTh53CVHfnYsVwRwa4lmVJTWK3MbRDCW8T7OI
|
||||
8PQrmWnyuk57e5+nGyhhv0U5z8Lwy/ozhqftZ92gR7qQmguvUQXJT9Hr2DU/a86g
|
||||
MuDSHPQBSxAh8uKW3QUChM/QOukzVJW1ekYo4SFgo7vb71a0IMBPTNl1l0/0bpCZ
|
||||
Jp8MFopRkwpNv2fQUXM2clEunnQ9YKeuhQapaRBefNj5y/u6ALY8MGPDQWIF5EJk
|
||||
xML704+IY9VU7H/8oGXPDdkzYtrF+n32BWkiRXeMcXyk9AyHVHJCNtJvs8SzMHlW
|
||||
Tr2+pBVed/8Cgw//S3ygqfJr7360lI5a5CrTbSb28UI0QIYUU6RmhdIwzpkRFz5R
|
||||
5+a/wT7BcpV9uBSbdlrBZ2tjkbd4KLJtj5F8t6ea/1tVXasIEVRcQIles8xDwFKa
|
||||
WP1Hl8Bla21zLCG9aBbaT4G09AruLY96T1bHvO3FvW1JQXE5e11tyoZV7hMDoaOo
|
||||
3FCM6p6OrOObTzird7S/XqSBVhDeV/mOQceD7eKXnMGMT3r6rvfckyWDpbNLqnXn
|
||||
vU8zyLnSG3C8rGb0B/CfBHzObq6lEHAjplzyY3mkprXk3TpQp9duH3l3epudHWTn
|
||||
nuA6aGmSzscREVCYxucAEQEAAYkCNgQYAQgAIAIbDBYhBBGYwBF1k0l6XsXBmShq
|
||||
8fmJdGncBQJib+7rAAoJEChq8fmJdGncdxMP/RRqJrNUEM5Rg/8ZWkArMMhAzZZh
|
||||
ZbO37eOLLPUYHzBCQmU2/uXv54g1xhxYpGal9mI3myKNsxdIkTe4PfRJee4KG58R
|
||||
T6MSUx8/vWjTNDJNPusoRFnpCa8znjw6Mbe2ZJPzRmkEPrb0Cd5weGTqs/DOh2i4
|
||||
9ErH9IEE8Dqegl2fybJzcWPUFQkMXkIEhovpIFKt5HSdcWyGnuGaxhzjoHWuGCKP
|
||||
RztiIU2WNailldhRwLp6tVpYVWxmxT7l15MzigWXuYiuS4eG0ATuQHUxs4PJjL1K
|
||||
+g2kubxH54hhY3OaXT2olh4YLWpPcqZa0p0lXPRiUXb6pfJdJUwxpGxnUqcPvtA3
|
||||
tktM67OwNTi2mwE8WKGKFI3DHtkNG3y5hn/OuHhveTySu4DFAEFvlgDwJAhrPTR4
|
||||
uMuzB0hCcAIm82EpitV07aD1s8zZ0DIruHoZ2SWVVNTBlfreBP+dAgIG5U5HRdBU
|
||||
HPS4mUQBCHmmuahe4IHPtQi/6NHgypW9vliDd6TFGI6jje4gk0X/0jtJipEkX9Be
|
||||
FTQXD46DnUQp555g2lfDTf415ln5VfEGhkWvS7K09uQ49/NfENK+rLG6w8pWi61h
|
||||
CrmdfU0NU6TQBB/ZTwprTR1irAT1NRhR/k9glMuJDON41ieS2ZYv58KcXSCMmqGk
|
||||
vDUrjyK1dYOElF2LmQINBGMOFOMBEADgKtI+ygTCen92n3GGTQy/rqhbH1hss+qZ
|
||||
J5rYcp8Uv5rkEp85jEhrZF2nWUiiCc+WYF17t1C1pPxh8ceONbCGnV4hZxC+7VCL
|
||||
uFT6FHYE7D25zRtig8YnRWxahrpuqfk0W/yfajCbU+VbCRddmmLqzb0Ombj0EbEO
|
||||
47uRFRIk584dqYqfxYG8lxtxX1YSf4aUu+R/YoRd1M/I9Nq7w57nrIzYc2nFlwPA
|
||||
j77Oke8CBZpXFg5pKWOmaiOkh0jlFCNIrjyFC60WomjfOeoHsKyX6Z/Zr3HTewDR
|
||||
sFl5XkHjpZye8BZ+0i1ZAhAraNdWTi19Z5XJVoIVHs62a5tzfWpmbY7S4HHUKJfs
|
||||
91RLGinBXJ6IztmAvmgiwuH8nyA8fJKQ0B5v1+J5H2VdWd6QAuRZUa2LyEzVrPxk
|
||||
FL8XRoeOxAHRNHAj7k2Shz3vGdcgQ7AKvXjbnK3rYH9eAdEKL7lWJPoipAhB+H49
|
||||
dftxhH6fsLaLW2UdLbl1iiwHH5ndh2KAZBqEShJuTYSQ/M+0hBFK+9o3a9r2ly0x
|
||||
Dhs3gf13sfMD20em/ExSrdj08umqDpKUijpe4Skxv8jknGyik97vBwmbqswofu+/
|
||||
yPvrMpJz2haK2w/8IJCa6ItOmZ3Jk1w4qO5t8RynJ9MLvp6QfNPzmvJZ1U0cyml+
|
||||
QwdO77C/gwARAQABtCZHYWJyaWVsIENhcnVzbyA8Y2FydXNvZ2FicmllbEBwaHAu
|
||||
bmV0PokCVwQTAQgAQRYhBCwWx2Xb5UoIgTDxvEubX2ALVfO0BQJjDhTjAhsDBQkD
|
||||
wmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEEubX2ALVfO0Tf0P/ilP
|
||||
+QfJNlvRzT90nD7gL3elOKCL4FI5NOtU/8ehi92nWAtw/w1/dE6lprexO/uqdnEb
|
||||
gAlbwShZTwHHce4K/bT+ETAz2+NU50KqLfXcSn+SuXieSe//x5j2WZHyaOBFVoCg
|
||||
v1IW9TLxsmuymEnbD+tMAxfgQorjUChT0oZebjZxTl6shYan05TOFJq9Mqmmyfiu
|
||||
YGbq7D+d+Y2gYuK2Gay+KEb+1c3f1G5/lhh4cQGLVGMv03YTRVkArBb0psbkLzKW
|
||||
7t3D/zOttdCQ96a/pxai4Y10/ezWCYHKhWqsErdRTRr/XdTRpPjC638GpDlfGaq7
|
||||
1F9A4Qrd79DtfeQanZl7DDRSt4p+OjK9yx+NX8cM4DP1PGKnQ4J3UG/IZKXSV48t
|
||||
JKjnjNI8kDxqvl3DnTWN4qfX8hl2X0IP6HFHS6qnnH/TLZBdhwLovYZuRGRxSSmm
|
||||
jUdWN2emNqQbKKn3KUqY1G8H01vF8o0Y8LsHgyEaLHmGj08mCpHeXCGCQsz5jvXU
|
||||
j8k9WDB99SIQBLCWTteAZ3ruzRpx7zB/EPHeZNYznybaP4Es2O5BmA3HKdiGwY/c
|
||||
ufrIycqwaRPXAhjVxHcJTN2X1I+GWhFmNizQwWplDTJywcMVpklaZDQ/O6tER6IX
|
||||
p3bVRCJ3qTGUDdzUBcwo6FX4i2VcMPxwDCLyNlIbuQINBGMOFOMBEADIuvI9EXIv
|
||||
tY3yrixE3kqP7A+fSZ/QbYAE13L3gDcdd+CXOq+gy6nqs5l6vB0n0KpANbAUv5RC
|
||||
AIt/a4M06vzC4QyOSejeb3/b1/ELDoOdTvqN4QR1YusGvf/hyA5t3UY5GL4Tt1wG
|
||||
RBZYlbn8fMf9BcxX5tGSW7UUJ6raHTYKS8KxmnGTdE3Ata2s3oCpq35iLroRENzV
|
||||
1ugYIZZaLw9196aN0fAkFNn5cVUFv/hTJ4pdrydfERxXcxXHuMnwXW2m321Y48eu
|
||||
XzWDa2RzuTsmNXN27RoDQBydR+jK4cx8rcLsHJaBiFj+WpX6wEJPhoiCXa4Unrlj
|
||||
LNjbF13ojzec/cXkqVjVIrMwWF3QmcCSDfo1ELmMHD4CCiAqqPL1tHClJbKbrlix
|
||||
ybs03xuSTfxF1ZqhjWoUvThPG5JOA+hXMB4Ne/pJu1SMB+aiyOFJXGCdeE3cmW1v
|
||||
3cV5w8OgHhY/ual+8xWZwqUmYIWQB1GMAZP1p9E7XxixMbJI6/WQTBsdrceDTG2u
|
||||
djk76En4YGHAVYobzFPXYLv2KheU+yanLkXZnoz7gFB4IvuVaxwHZSdgnGoSaIoz
|
||||
FiCpNN8OtAFFdVI0O9RbzDqcnSktONqKnpeRWFCeEsyMZ6cuYoxbar2NjJ2IL+HN
|
||||
BBS5nfbZ04Pyj78fpGvJVAcpF+MZ7T5jmwARAQABiQI8BBgBCAAmFiEELBbHZdvl
|
||||
SgiBMPG8S5tfYAtV87QFAmMOFOMCGwwFCQPCZwAACgkQS5tfYAtV87TJ6RAAo0ms
|
||||
AmFVeSSPzxCYecFw3peIu15CAna3VidsZZ3W+c1Wf01hZiphPOLxUVXNr1VzaBos
|
||||
40xGJ0woIX3tC71tyzxinaUlYpZnE4h5otS0P+Qbm+NHqReDfcVnPoP89551hfH6
|
||||
epBUgmm00d5+FNbuTabMsIO3vBSk+Y+p7zbY9bkHFq5wB+JYz6vfxe/3frB1zvx6
|
||||
j0M6ehMrG1/YjA+z9L0+7etcUy/qvW1hSkdBtCbMEv9EGDzjhEjxP+wZSJ7kW2xh
|
||||
bFUzbM2rFGodb9sn7z9sX2Gf+lVwuXynHXm56Rc0Zrq4e2MlN09UQkjZT1BT4bEc
|
||||
K/oUZjqWcMgGMRoH8Zlw2v8qUMqTNBs07kC9+4ujSSz69TJM5R1Ryof7mucOeRzn
|
||||
SSqk2bMRefe8kkLAKsKb9xYyV0ComRJZUmxLDy3EMlzqjlVg0IXTT1Q0z5VdP9dB
|
||||
49oDQiz4DaAeqAz8PgttGz5b63JM231DUUxdrkuneb+jz7LCIeL6Kb95q+Uozij7
|
||||
nFajgP1ekqYyJ6WloxrPEGaW6syrXxGPcQwsDlDZ8c/uwTBtfRkLVuznVvjaVx8m
|
||||
6rQwdwE4JJFpr0tHJ7us7MEcYp21/S/1MD+mvG8XwPn8seRnTEQrGND+YkKIGvEi
|
||||
AooHYYZVpg1Aid5L6wwqjpnO1VYX95o4BIZ/9GyZAg0EXrb0LgEQAOX87ju0d9lq
|
||||
npjc/B8j3/jB79MPAkuoE/yMzPcAfyzl7ytYcgjBclqjU1YWR3hWdJKI0Qx59+Ss
|
||||
1anIJuOvTo0Saanj0YJSlDCFPUO5C7wuEqh4+EgacAiy23LUtunKVJ9MQ7t+TtKe
|
||||
RijI84KK58RcM4ukHHwbCb9ww1mEUjTlcJBJ/n70iNoTGKGCZ18IpyFvK8atSf1j
|
||||
t67k9hS2wS7VJNqw3Orm6xJDqGi3fMFtWg9ErxrtNkIMYmrO+ofRsilUcpUrEDyv
|
||||
2Q/FNviOVE9BXzVVJ7zxOCwjMNJ4ao6Ezk0NOZU36qv0Bg8B3IWN6axWMwUQvfh0
|
||||
SAzZUGxfzuraG86Rj1z21PJwJxQATIRhERfm118EAVxwP/xz0Nwrr044Hx0Wi8mX
|
||||
6qi0B5d1rf08VAUoJ/Bhr7Lfbpjbi0z4mvwZh+ydRrowDoff+g0IAamzRVmcFVFy
|
||||
OdLM2iM9z10Ds6dPvi6QVvTMZfrE3l1MIpFb+YuOeU5AQFbl0so2HaWP1TMb/0pQ
|
||||
jhXh9WwSOfwjG1QyEibs4CxSMbJ2TwPYLNo9QQZnBdPMPBUfa0Jkahw+NnztHjEN
|
||||
sHbsr/ic1Zvi7HuaUTCKzm1oGeiIqIBXtH8WrQsQlAWiJdEvu2YkKAyjxUOD9reL
|
||||
4a8NbGve1MeNC1T4onX5OqJ/dCsnnd19ABEBAAG0OEdhYnJpZWwgQ2FydXNvIChS
|
||||
ZWxlYXNlIE1hbmFnZXIpIDxjYXJ1c29nYWJyaWVsQHBocC5uZXQ+iQJUBBMBCAA+
|
||||
FiEEv93ShkKCT4EY73eQm2elwSIpEY8FAl629C4CGwMFCQeEzgAFCwkIBwIGFQoJ
|
||||
CAsCBBYCAwECHgECF4AACgkQm2elwSIpEY93YRAAorek8NdIxkegDBXSrVVR0wA3
|
||||
FsT7tMT25cVDHpV0NnGVoRYRQW65rjW7zPAKHe/oXk6MOuVbCg9Gr9znJa/KlQHs
|
||||
i0Hsv+6+w6rLpXw8aQfikfFgLIVOELY6/MoVcao2vEXvQ0gDPo3JKVA+W7lMrY+s
|
||||
LUyJcww9yI1181qBJRlAp5wwyKPiqNExHKlxRklMSR6vgJHocL7hSWcGPpSmKMqq
|
||||
5oZkwB73mhEktXAI6yEuAeOKEx7XarBfWeN4BCo9BHgpnslR5pjgzWjKbHK5k+XB
|
||||
S0ApKi4dDuzuDcodqhIhqUhrFj04LGznYfnLa7IVuupINVY+HX/OBd9+a7qEH+hF
|
||||
7IOGFwfjv5xOCfbdzDzp3v4G6mluzTmDxByNta/T30hFtWmKsqY5FP7ip1eN6//D
|
||||
vhZlQVcpbs8WEeivo8BRvbMBy6tW/hFMhWxEPrA+i9QqCRt0l5f29smtnJyCcZPi
|
||||
3AvtZI8qK+fgFgEinbz+NnOXY62JLJl/+GucSoWnx9rgOJb2ZEDcTFuN8JCo4YxP
|
||||
AvACSPib4CF03nnFhAuyP/qnPcDKwFGhLUT++3FIilEACZ/dSGEylGQqTSYDl/gy
|
||||
xCpHslnZt6f2T8ZMd4fuqyrNvWT6sTARjwX3VCCwHNPnM7ik9DWsgZM3gIFrtBwk
|
||||
fd9zeL2tgxgC25WWkJS5Ag0EXrb0LgEQAN1a0LLbJ+fKNIFqwxsjNM5X5YdyPQMk
|
||||
kM0mMZzLgZMz3yCSUFw/ZbfD6ZqRfpxugek39M2l8BRA8eWo0TiFAq2HdD9yXBfq
|
||||
iWc1DFL0ZkVgJtSM8czE4IX1EON7BRwin0BkOChn+PE0JWKdvrjyo6bZ995YFyNk
|
||||
A3GlUxSyoAhaivPFfrSoKBUSXSiZBk9KzdrS5k76ZlhE73Vej1S5XCz+Ssqj6X68
|
||||
3iDqTWlkXaUJ8EAnwv+b81zPmnjfxnAWYxa/Hi+vGWxDgDhP4El+XJSLjcEB5JWt
|
||||
0a1UkSKXigz7LkYib1s091mIkTPsNmtsh5c2opGMoWJdwbZvyqgM3VqrlCIkLdGi
|
||||
Thqvhh85kKkvgg1Bicg0d00vmWlzJ4MFhkbt0pTLY7hp+e+PF3gWey9inmqbiz52
|
||||
Xag8PQav7opOi1fb95Wvi/BkMZ6v5nmjxzQEe+HaF4UjZG1fFwVp3Hss2V2DvT2Q
|
||||
Azz/JV1Aj0aNFo37VAVebKqkdrxNCRQQg4p630kwEImRwJTYY8tVNUlVQPbdVwkY
|
||||
JvdhXjsVXApPoxBhU20S5qevxMiI/2FhEHHgm5PmokSaXiDgII7Gm4sUgoAreslv
|
||||
OmydpQeGKSOU5gZ1MQtvfBvdcQQfV1klnCTtYQMV/6lNUXEx9LlXzaQ3/Ah0LC0X
|
||||
SV+8B9zz/A0FABEBAAGJAjwEGAEIACYWIQS/3dKGQoJPgRjvd5CbZ6XBIikRjwUC
|
||||
Xrb0LgIbDAUJB4TOAAAKCRCbZ6XBIikRj1+vD/9KA9EvHdPNyDk8jU/dUvPYKqLc
|
||||
QTKA0cBpDcv9+N0bfVFijBtw8Hpyg+23Q0XxJuwpgL7N72HLxCJzrpfIyucc5j99
|
||||
+Wrh1wrbqdynkKJ9hM24lMhj2ZHaP42oN6At4unLFGh80a+YkJFjTxh9jORvtjXp
|
||||
Qjzq+j+8isQ5i71yT9WTzesJBhtrLMVQrgOND5E6AS/IuUEjOHt3INuG2HFJp0jR
|
||||
tdlBT9ZLB+zoTJIIMARUqZGZTgF+rehVIsTXed7fdWidMK9GKN9SU+cBWZ3vcb37
|
||||
lDph8bCmRb/aGlby5hBUy6KwrSXF/V6VsyqWiccXzt99Dq0BfuSE+VCKYjHToyw4
|
||||
j9gnlrZdH2NMwyUgicKbc8GLbxGS6tzYrSy2MD+BILQD+cnpGgAyD2kbcEm6ghGW
|
||||
LTTi11cotcr0uXCLiPZwWG28ychx9HxXvvNUNArvDSmP26uZqo/WZFYukaaFLltQ
|
||||
ocI5PEAkx2K4N+xb0y5Ht/8M+XNO/t/pAR+yHWNUpZUgbZ0dujm5hPdVA9U51cyH
|
||||
MCucOl0sN0+oO26re7e0ZTnImjF6HBzgN5LhDmccoT4rpOFJqrW77hOMhvIUkg5n
|
||||
4Sd63wbB88BKsPXF6mRUEPcHuvwLr5jAE8QSW6sLhphAbh57GXdFtudEaKvQbGW9
|
||||
yalYwuj7Yip5XJGttg==
|
||||
=jLhZ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,4 +1,4 @@
|
||||
# Fedora spec file for php
|
||||
# RHEL / Fedora spec file for php
|
||||
#
|
||||
# License: MIT
|
||||
# http://opensource.org/licenses/MIT
|
||||
@ -56,13 +56,13 @@
|
||||
%bcond_with imap
|
||||
%bcond_without lmdb
|
||||
|
||||
%global upver 8.0.27
|
||||
%global upver 8.0.30
|
||||
#global rcver RC1
|
||||
|
||||
Summary: PHP scripting language for creating dynamic web sites
|
||||
Name: php
|
||||
Version: %{upver}%{?rcver:~%{rcver}}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
# All files licensed under PHP version 3.01, except
|
||||
# Zend is licensed under Zend
|
||||
# TSRM is licensed under BSD
|
||||
@ -125,6 +125,19 @@ Patch51: php-8.0.13-crypt.patch
|
||||
# Upstream fixes (100+)
|
||||
|
||||
# Security fixes (200+)
|
||||
Patch200: php-cve-2024-2756.patch
|
||||
Patch201: php-cve-2024-3096.patch
|
||||
Patch202: php-cve-2024-5458.patch
|
||||
Patch203: php-cve-2024-8925.patch
|
||||
Patch204: php-cve-2024-8926.patch
|
||||
Patch205: php-cve-2024-8927.patch
|
||||
Patch206: php-cve-2024-9026.patch
|
||||
Patch207: php-cve-2024-11236.patch
|
||||
Patch208: php-cve-2024-11234.patch
|
||||
Patch209: php-cve-2024-8932.patch
|
||||
Patch210: php-cve-2024-11233.patch
|
||||
Patch211: php-ghsa-4w77-75f9-2c8w.patch
|
||||
Patch212: php-cve-2024-8929.patch
|
||||
|
||||
# Fixes for tests (300+)
|
||||
# Factory is droped from system tzdata
|
||||
@ -705,31 +718,44 @@ in pure PHP.
|
||||
|
||||
%setup -q -n php-%{upver}%{?rcver}
|
||||
|
||||
%patch1 -p1 -b .mpmcheck
|
||||
%patch5 -p1 -b .includedir
|
||||
%patch6 -p1 -b .embed
|
||||
%patch8 -p1 -b .libdb
|
||||
%patch9 -p1 -b .deprecated
|
||||
%patch -P1 -p1 -b .mpmcheck
|
||||
%patch -P5 -p1 -b .includedir
|
||||
%patch -P6 -p1 -b .embed
|
||||
%patch -P8 -p1 -b .libdb
|
||||
%patch -P9 -p1 -b .deprecated
|
||||
|
||||
%patch41 -p1 -b .syslib
|
||||
%patch42 -p1 -b .systzdata
|
||||
%patch43 -p1 -b .headers
|
||||
%patch -P41 -p1 -b .syslib
|
||||
%patch -P42 -p1 -b .systzdata
|
||||
%patch -P43 -p1 -b .headers
|
||||
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
|
||||
%patch45 -p1 -b .ldap_r
|
||||
%patch -P45 -p1 -b .ldap_r
|
||||
%endif
|
||||
%patch47 -p1 -b .phpinfo
|
||||
%patch48 -p1 -b .sha
|
||||
%patch49 -p1 -b .pharsha
|
||||
%patch50 -p1 -b .openssl3
|
||||
%patch -P47 -p1 -b .phpinfo
|
||||
%patch -P48 -p1 -b .sha
|
||||
%patch -P49 -p1 -b .pharsha
|
||||
%patch -P50 -p1 -b .openssl3
|
||||
rm ext/openssl/tests/p12_with_extra_certs.p12
|
||||
%patch51 -p1 -b .libxcrypt
|
||||
%patch -P51 -p1 -b .libxcrypt
|
||||
|
||||
# upstream patches
|
||||
|
||||
# security patches
|
||||
%patch -P200 -p1 -b .cve2756
|
||||
%patch -P201 -p1 -b .cve3096
|
||||
%patch -P202 -p1 -b .cve5458
|
||||
%patch -P203 -p1 -b .cve8925
|
||||
%patch -P204 -p1 -b .cve8926
|
||||
%patch -P205 -p1 -b .cve8927
|
||||
%patch -P206 -p1 -b .cve9026
|
||||
%patch -P207 -p1 -b .cve11236
|
||||
%patch -P208 -p1 -b .cve11234
|
||||
%patch -P209 -p1 -b .cve8932
|
||||
%patch -P210 -p1 -b .cve11233
|
||||
%patch -P211 -p1 -b .ghsa4w77
|
||||
%patch -P212 -p1 -b .cve8929
|
||||
|
||||
# Fixes for tests
|
||||
%patch300 -p1 -b .datetests
|
||||
%patch -P300 -p1 -b .datetests
|
||||
|
||||
|
||||
# Prevent %%doc confusion over LICENSE files
|
||||
@ -1535,6 +1561,30 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jan 21 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-2
|
||||
- Fix Leak partial content of the heap through heap buffer over-read
|
||||
CVE-2024-8929
|
||||
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
|
||||
CVE-2024-11234
|
||||
- Fix Single byte overread with convert.quoted-printable-decode filter
|
||||
CVE-2024-11233
|
||||
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
|
||||
CVE-2024-8927
|
||||
- Fix Logs from childrens may be altered
|
||||
CVE-2024-9026
|
||||
- Fix Erroneous parsing of multipart form data
|
||||
CVE-2024-8925
|
||||
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
|
||||
CVE-2024-5458
|
||||
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
|
||||
CVE-2024-2756
|
||||
- Fix password_verify can erroneously return true opening ATO risk
|
||||
CVE-2024-3096
|
||||
|
||||
* Fri Oct 6 2023 Remi Collet <rcollet@redhat.com> - 8.0.30-1
|
||||
- rebase to 8.0.30
|
||||
- Resolves: RHEL-11946
|
||||
|
||||
* Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 8.0.27-1
|
||||
- rebase to 8.0.27
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user