diff options
33 files changed, 3724 insertions, 711 deletions
@@ -1,3 +1,4 @@ +clog package-*.xml *.tgz *.tar.gz @@ -1,11 +1,10 @@ SRCDIR := $(shell pwd) NAME := $(shell basename $(SRCDIR)) -INCL1 := $(shell php-config --includes) -INCL2 := -I $(shell php-config --include-dir)/sapi/embed +INCL := $(shell php-config --includes) LIBE := -lphp7 LIBS := -lphp7 $(shell php-config --libs) include ../../common/Makefile tembed: tembed.c - gcc -Wall $(INCL1) $(INCL2) tembed.c $(LIBE) -o tembed + gcc -Wall $(INCL) tembed.c $(LIBS) -o tembed @@ -1,25 +1,18 @@ -===== 7.3.13 (2019-12-19) +===== 7.3.33-13 (2024-04-11) -$ grep -r 'Tests failed' /var/lib/mock/{fc,el}*/build.log +$ grep -r 'Tests failed' /var/lib/mock/*/build.log -/var/lib/mock/el6i/build.log:Tests failed : 1 -/var/lib/mock/el6x/build.log:Tests failed : 0 -/var/lib/mock/el7x/build.log:Tests failed : 1 -/var/lib/mock/el8x73/build.log:Tests failed : 14 -/var/lib/mock/fc29i/build.log:Tests failed : 0 -/var/lib/mock/fc29x/build.log:Tests failed : 0 -/var/lib/mock/fc30i/build.log:Tests failed : 0 -/var/lib/mock/fc30x/build.log:Tests failed : 0 -/var/lib/mock/fc31x/build.log:Tests failed : 0 +/var/lib/mock/el7x73/build.log:Tests failed : 2 +/var/lib/mock/el8a73/build.log:Tests failed : 14 +/var/lib/mock/el8x73/build.log:Tests failed : 15 -el6i: - 1 Bug #64438 proc_open hangs with stdin/out with 4097+ bytes [ext/standard/tests/streams/proc_open_bug64438.phpt] +x86_64: + 3 Zend/tests/bug74093.phpt el7x: - 1 php://input is empty when enable_post_data_reading=Off [tests/basic/bug67198.phpt] + 5 ext/openssl/tests/openssl_x509_checkpurpose_basic.phpt el8x: - 5 buildroot issue with openssl under investigation - + 2 buildroot issue with strict openssl policy (fixed in 7.4) 1 proc_open give erratic test results :( 2 test issue @@ -18,4 +18,8 @@ %__php %{_bindir}/php %__ztsphp %{_bindir}/zts-php +%__phpize %{_bindir}/phpize +%__ztsphpize %{_bindir}/zts-phpize +%__phpconfig %{_bindir}/php-config +%__ztsphpconfig %{_bindir}/zts-php-config diff --git a/php-5.6.3-embed.patch b/php-5.6.3-embed.patch index d9c04f6..38eea1d 100644 --- a/php-5.6.3-embed.patch +++ b/php-5.6.3-embed.patch @@ -18,7 +18,7 @@ diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in php_cgi_binary=NONE configure_options="@CONFIGURE_OPTIONS@" -php_sapis="@PHP_INSTALLED_SAPIS@" -+php_sapis="apache2handler embed fpm @PHP_INSTALLED_SAPIS@" ++php_sapis="apache2handler embed fpm phpdbg @PHP_INSTALLED_SAPIS@" # Set php_cli_binary and php_cgi_binary if available for sapi in $php_sapis; do diff --git a/php-5.6.3-phpinfo.patch b/php-5.6.3-phpinfo.patch deleted file mode 100644 index 086be15..0000000 --- a/php-5.6.3-phpinfo.patch +++ /dev/null @@ -1,29 +0,0 @@ - -Drop "Configure Command" from phpinfo as it doesn't -provide any useful information. -The available extensions are not related to this command. - -diff -up php-7.0.0RC1/ext/standard/info.c.phpinfo php-7.0.0RC1/ext/standard/info.c ---- php-7.0.0RC1/ext/standard/info.c.phpinfo 2015-08-18 23:39:24.000000000 +0200 -+++ php-7.0.0RC1/ext/standard/info.c 2015-08-22 07:56:18.344761928 +0200 -@@ -870,9 +870,6 @@ PHPAPI void php_print_info(int flag) - #ifdef ARCHITECTURE - php_info_print_table_row(2, "Architecture", ARCHITECTURE); - #endif --#ifdef CONFIGURE_COMMAND -- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); --#endif - - if (sapi_module.pretty_name) { - php_info_print_table_row(2, "Server API", sapi_module.pretty_name ); -diff -up php-7.0.0RC1/ext/standard/tests/general_functions/phpinfo.phpt.phpinfo php-7.0.0RC1/ext/standard/tests/general_functions/phpinfo.phpt ---- php-7.0.0RC1/ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2015-08-18 23:39:22.000000000 +0200 -+++ php-7.0.0RC1/ext/standard/tests/general_functions/phpinfo.phpt 2015-08-22 07:56:18.344761928 +0200 -@@ -20,7 +20,6 @@ PHP Version => %s - - System => %s - Build Date => %s%a --Configure Command => %s - Server API => Command Line Interface - Virtual Directory Support => %s - Configuration File (php.ini) Path => %s diff --git a/php-7.2.0-oci8conf.patch b/php-7.2.0-oci8conf.patch index 0ad16a1..d026575 100644 --- a/php-7.2.0-oci8conf.patch +++ b/php-7.2.0-oci8conf.patch @@ -10,26 +10,4 @@ diff -up ./ext/ldap/php_ldap.h.remi-oci8 ./ext/ldap/php_ldap.h extern zend_module_entry ldap_module_entry; #define ldap_module_ptr &ldap_module_entry -diff -up ./ext/oci8/config.m4.remi-oci8 ./ext/oci8/config.m4 ---- ./ext/oci8/config.m4.remi-oci8 2017-06-20 15:45:39.000000000 +0200 -+++ ./ext/oci8/config.m4 2017-06-20 16:55:01.640203868 +0200 -@@ -372,6 +372,7 @@ if test "$PHP_OCI8" != "no"; then - - dnl Header directory for Instant Client SDK RPM install - OCISDKRPMINC=`echo "$PHP_OCI8_INSTANT_CLIENT" | $PHP_OCI8_SED -e 's!^/usr/lib/oracle/\(.*\)/client\('${PHP_OCI8_IC_LIBDIR_SUFFIX}'\)*/lib[/]*$!/usr/include/oracle/\1/client\2!'` -+ OCISDKRPMINC=`echo "$PHP_OCI8_INSTANT_CLIENT" | $PHP_OCI8_SED -e 's!^/usr/\(lib64\|lib\)/oracle/\(.*\)/\(client64\|client\)/lib[/]*$!/usr/include/oracle/\2/\3!'` - - dnl Header directory for Instant Client SDK zip file install - OCISDKZIPINC=$PHP_OCI8_INSTANT_CLIENT/sdk/include -diff -up ./ext/pdo_oci/config.m4.remi-oci8 ./ext/pdo_oci/config.m4 ---- ./ext/pdo_oci/config.m4.remi-oci8 2017-06-20 16:55:01.640203868 +0200 -+++ ./ext/pdo_oci/config.m4 2017-06-20 17:16:03.053538358 +0200 -@@ -93,7 +93,7 @@ if test "$PHP_PDO_OCI" != "no"; then - - AC_MSG_CHECKING([for oci.h]) - dnl Header directory for Instant Client SDK RPM install -- OCISDKRPMINC=`echo "$PDO_OCI_LIB_DIR" | $PHP_PDO_OCI_SED -e 's!^\(.*\)/lib/oracle/\(.*\)/\('${PDO_OCI_CLIENT_DIR}'\)/lib[/]*$!\1/include/oracle/\2/\3!'` -+ OCISDKRPMINC=`echo "$PDO_OCI_LIB_DIR" | $PHP_PDO_OCI_SED -e 's!^\(.*\)/\(lib64\|lib\)/oracle/\(.*\)/\('${PDO_OCI_CLIENT_DIR}'\)/lib[/]*$!\1/include/oracle/\3/\4!'` - - dnl Header directory for manual installation - OCISDKMANINC=`echo "$PDO_OCI_LIB_DIR" | $PHP_PDO_OCI_SED -e 's!^\(.*\)/lib[/]*$!\1/include!'` + diff --git a/php-7.2.4-fixheader.patch b/php-7.2.4-fixheader.patch deleted file mode 100644 index 52a4121..0000000 --- a/php-7.2.4-fixheader.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up php-7.2.4RC1/configure.ac.fixheader php-7.2.4RC1/configure.ac ---- php-7.2.4RC1/configure.ac.fixheader 2018-03-13 12:42:47.594623100 +0100 -+++ php-7.2.4RC1/configure.ac 2018-03-13 12:43:35.591871825 +0100 -@@ -1275,7 +1275,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` - fi - AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) - --PHP_UNAME=`uname -a | xargs` -+PHP_UNAME=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) - PHP_OS=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) diff --git a/php-7.3.20-fixheader.patch b/php-7.3.20-fixheader.patch new file mode 100644 index 0000000..6bbdfbd --- /dev/null +++ b/php-7.3.20-fixheader.patch @@ -0,0 +1,13 @@ +diff -up ./configure.ac.fixheader ./configure.ac +--- ./configure.ac.fixheader 2020-07-06 16:04:56.069183751 +0200 ++++ ./configure.ac 2020-07-06 16:05:52.044046238 +0200 +@@ -1350,7 +1350,8 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` + fi + AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) + +-PHP_UNAME=`uname -a | xargs` ++UNAME=`uname -a | xargs` ++PHP_UNAME=${PHP_UNAME:-$UNAME} + AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) + PHP_OS=`uname | xargs` + AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) diff --git a/php-7.3.20-phpinfo.patch b/php-7.3.20-phpinfo.patch new file mode 100644 index 0000000..8118732 --- /dev/null +++ b/php-7.3.20-phpinfo.patch @@ -0,0 +1,76 @@ + +Drop "Configure Command" from phpinfo as it doesn't +provide any useful information. +The available extensions are not related to this command. + +diff -up a/ext/standard/info.c.phpinfo v/ext/standard/info.c +--- a/ext/standard/info.c.phpinfo 2015-08-18 23:39:24.000000000 +0200 ++++ b/ext/standard/info.c 2015-08-22 07:56:18.344761928 +0200 +@@ -829,9 +829,6 @@ PHPAPI void php_print_info(int flag) + #ifdef ARCHITECTURE + php_info_print_table_row(2, "Architecture", ARCHITECTURE); + #endif +-#ifdef CONFIGURE_COMMAND +- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); +-#endif + + if (sapi_module.pretty_name) { + php_info_print_table_row(2, "Server API", sapi_module.pretty_name ); +diff -up a/ext/standard/tests/general_functions/phpinfo.phpt.phpinfo b/ext/standard/tests/general_functions/phpinfo.phpt +--- a/ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2015-08-18 23:39:22.000000000 +0200 ++++ b/ext/standard/tests/general_functions/phpinfo.phpt 2015-08-22 07:56:18.344761928 +0200 +@@ -20,7 +20,6 @@ PHP Version => %s + + System => %s + Build Date => %s%a +-Configure Command => %s + Server API => Command Line Interface + Virtual Directory Support => %s + Configuration File (php.ini) Path => %s + + +Backported from 8.0: + +From ad0d2e438fddc089917e71e5d8909d145db9da8a Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Fri, 3 Jul 2020 10:08:09 +0200 +Subject: [PATCH] display info about system used to build and its provider + +--- + configure.ac | 5 +++++ + ext/standard/info.c | 6 ++++++ + 2 files changed, 11 insertions(+) + +diff --git a/configure.ac b/configure.ac +index d9e6329314a3..77f12a55569a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1355,6 +1355,11 @@ PHP_UNAME=${PHP_UNAME:-$UNAME} + AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) + PHP_OS=`uname | xargs` + AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) ++PHP_BUILD_SYSTEM=${PHP_BUILD_SYSTEM:-$PHP_UNAME} ++AC_DEFINE_UNQUOTED(PHP_BUILD_SYSTEM,"$PHP_BUILD_SYSTEM",[builder uname output]) ++if test -n "${PHP_BUILD_PROVIDER}"; then ++ AC_DEFINE_UNQUOTED(PHP_BUILD_PROVIDER,"$PHP_BUILD_PROVIDER",[build provider]) ++fi + + PHP_SUBST_OLD(PHP_INSTALLED_SAPIS) + +diff --git a/ext/standard/info.c b/ext/standard/info.c +index 262e95ae2731..f652efd23657 100644 +--- a/ext/standard/info.c ++++ b/ext/standard/info.c +@@ -823,6 +823,12 @@ PHPAPI ZEND_COLD void php_print_info(int flag) + php_info_print_table_start(); + php_info_print_table_row(2, "System", ZSTR_VAL(php_uname)); + php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__); ++#ifdef PHP_BUILD_SYSTEM ++ php_info_print_table_row(2, "Build System", PHP_BUILD_SYSTEM); ++#endif ++#ifdef PHP_BUILD_PROVIDER ++ php_info_print_table_row(2, "Build Provider", PHP_BUILD_PROVIDER); ++#endif + #ifdef COMPILER + php_info_print_table_row(2, "Compiler", COMPILER); + #endif diff --git a/php-7.3.24-fpm.patch b/php-7.3.24-fpm.patch new file mode 100644 index 0000000..1165970 --- /dev/null +++ b/php-7.3.24-fpm.patch @@ -0,0 +1,219 @@ +Fix for https://bugs.php.net/74083 master PHP-fpm is stopped on multiple reloads +backported for 7.4 from + +From ae5154c6c6af7ba7c592f8af006b7cadd0d66d6e Mon Sep 17 00:00:00 2001 +From: Maksim Nikulin <mnikulin@plesk.com> +Date: Wed, 24 Jul 2019 16:50:57 +0700 +Subject: [PATCH] Block signals during fpm master initialization + +From e37bd5dcc2e8f269c6031d86429311c8cf243060 Mon Sep 17 00:00:00 2001 +From: Maksim Nikulin <mnikulin@plesk.com> +Date: Mon, 21 Oct 2019 14:23:29 +0700 +Subject: [PATCH] Do not let PHP-FPM children miss SIGTERM, SIGQUIT + + +diff -up ./sapi/fpm/fpm/fpm_children.c.fpmsig ./sapi/fpm/fpm/fpm_children.c +--- ./sapi/fpm/fpm/fpm_children.c.fpmsig 2020-10-23 10:36:31.423925856 +0200 ++++ ./sapi/fpm/fpm/fpm_children.c 2020-10-23 10:36:38.872900642 +0200 +@@ -404,6 +404,11 @@ int fpm_children_make(struct fpm_worker_ + return 2; + } + ++ zlog(ZLOG_DEBUG, "blocking signals before child birth"); ++ if (0 > fpm_signals_child_block()) { ++ zlog(ZLOG_WARNING, "child may miss signals"); ++ } ++ + pid = fork(); + + switch (pid) { +@@ -415,12 +420,16 @@ int fpm_children_make(struct fpm_worker_ + return 0; + + case -1 : ++ zlog(ZLOG_DEBUG, "unblocking signals"); ++ fpm_signals_unblock(); + zlog(ZLOG_SYSERROR, "fork() failed"); + + fpm_resources_discard(child); + return 2; + + default : ++ zlog(ZLOG_DEBUG, "unblocking signals, child born"); ++ fpm_signals_unblock(); + child->pid = pid; + fpm_clock_get(&child->started); + fpm_parent_resources_use(child); +diff -up ./sapi/fpm/fpm/fpm_main.c.fpmsig ./sapi/fpm/fpm/fpm_main.c +--- ./sapi/fpm/fpm/fpm_main.c.fpmsig 2020-10-13 11:27:02.000000000 +0200 ++++ ./sapi/fpm/fpm/fpm_main.c 2020-10-23 10:36:38.873900639 +0200 +@@ -90,6 +90,7 @@ int __riscosify_control = __RISCOSIFY_ST + #include "fpm.h" + #include "fpm_request.h" + #include "fpm_status.h" ++#include "fpm_signals.h" + #include "fpm_conf.h" + #include "fpm_php.h" + #include "fpm_log.h" +@@ -1584,6 +1585,11 @@ int main(int argc, char *argv[]) + closes it. in apache|apxs mode apache + does that for us! thies@thieso.net + 20000419 */ ++ ++ if (0 > fpm_signals_init_mask() || 0 > fpm_signals_block()) { ++ zlog(ZLOG_WARNING, "Could die in the case of too early reload signal"); ++ } ++ zlog(ZLOG_DEBUG, "Blocked some signals"); + #endif + #endif + +diff -up ./sapi/fpm/fpm/fpm_process_ctl.c.fpmsig ./sapi/fpm/fpm/fpm_process_ctl.c +--- ./sapi/fpm/fpm/fpm_process_ctl.c.fpmsig 2020-10-13 11:27:02.000000000 +0200 ++++ ./sapi/fpm/fpm/fpm_process_ctl.c 2020-10-23 10:36:11.921991864 +0200 +@@ -77,6 +77,10 @@ static void fpm_pctl_exit() /* {{{ */ + + static void fpm_pctl_exec() /* {{{ */ + { ++ zlog(ZLOG_DEBUG, "Blocking some signals before reexec"); ++ if (0 > fpm_signals_block()) { ++ zlog(ZLOG_WARNING, "concurrent reloads may be unstable"); ++ } + + zlog(ZLOG_NOTICE, "reloading: execvp(\"%s\", {\"%s\"" + "%s%s%s" "%s%s%s" "%s%s%s" "%s%s%s" "%s%s%s" +diff -up ./sapi/fpm/fpm/fpm_signals.c.fpmsig ./sapi/fpm/fpm/fpm_signals.c +--- ./sapi/fpm/fpm/fpm_signals.c.fpmsig 2020-10-13 11:27:02.000000000 +0200 ++++ ./sapi/fpm/fpm/fpm_signals.c 2020-10-23 10:36:38.873900639 +0200 +@@ -19,6 +19,8 @@ + #include "zlog.h" + + static int sp[2]; ++static sigset_t block_sigset; ++static sigset_t child_block_sigset; + + const char *fpm_signal_names[NSIG + 1] = { + #ifdef SIGHUP +@@ -165,8 +167,11 @@ static void sig_handler(int signo) /* {{ + int saved_errno; + + if (fpm_globals.parent_pid != getpid()) { +- /* prevent a signal race condition when child process +- have not set up it's own signal handler yet */ ++ /* Avoid using of signal handlers from the master process in a worker ++ before the child sets up its own signal handlers. ++ Normally it is prevented by the sigprocmask() calls ++ around fork(). This execution branch is a last resort trap ++ that has no protection against #76601. */ + return; + } + +@@ -210,6 +215,11 @@ int fpm_signals_init_main() /* {{{ */ + zlog(ZLOG_SYSERROR, "failed to init signals: sigaction()"); + return -1; + } ++ ++ zlog(ZLOG_DEBUG, "Unblocking all signals"); ++ if (0 > fpm_signals_unblock()) { ++ return -1; ++ } + return 0; + } + /* }}} */ +@@ -241,6 +251,10 @@ int fpm_signals_init_child() /* {{{ */ + } + + zend_signal_init(); ++ ++ if (0 > fpm_signals_unblock()) { ++ return -1; ++ } + return 0; + } + /* }}} */ +@@ -250,3 +264,72 @@ int fpm_signals_get_fd() /* {{{ */ + return sp[0]; + } + /* }}} */ ++ ++int fpm_signals_init_mask() /* {{{ */ ++{ ++ /* Subset of signals from fpm_signals_init_main() and fpm_got_signal() ++ blocked to avoid unexpected death during early init ++ or during reload just after execvp() or fork */ ++ int init_signal_array[] = { SIGUSR1, SIGUSR2, SIGCHLD }; ++ size_t size = sizeof(init_signal_array)/sizeof(init_signal_array[0]); ++ size_t i = 0; ++ if (0 > sigemptyset(&block_sigset) || ++ 0 > sigemptyset(&child_block_sigset)) { ++ zlog(ZLOG_SYSERROR, "failed to prepare signal block mask: sigemptyset()"); ++ return -1; ++ } ++ for (i = 0; i < size; ++i) { ++ int sig_i = init_signal_array[i]; ++ if (0 > sigaddset(&block_sigset, sig_i) || ++ 0 > sigaddset(&child_block_sigset, sig_i)) { ++ if (sig_i <= NSIG && fpm_signal_names[sig_i] != NULL) { ++ zlog(ZLOG_SYSERROR, "failed to prepare signal block mask: sigaddset(%s)", ++ fpm_signal_names[sig_i]); ++ } else { ++ zlog(ZLOG_SYSERROR, "failed to prepare signal block mask: sigaddset(%d)", sig_i); ++ } ++ return -1; ++ } ++ } ++ if (0 > sigaddset(&child_block_sigset, SIGTERM) || ++ 0 > sigaddset(&child_block_sigset, SIGQUIT)) { ++ zlog(ZLOG_SYSERROR, "failed to prepare child signal block mask: sigaddset()"); ++ return -1; ++ } ++ return 0; ++} ++/* }}} */ ++ ++int fpm_signals_block() /* {{{ */ ++{ ++ if (0 > sigprocmask(SIG_BLOCK, &block_sigset, NULL)) { ++ zlog(ZLOG_SYSERROR, "failed to block signals"); ++ return -1; ++ } ++ return 0; ++} ++/* }}} */ ++ ++int fpm_signals_child_block() /* {{{ */ ++{ ++ if (0 > sigprocmask(SIG_BLOCK, &child_block_sigset, NULL)) { ++ zlog(ZLOG_SYSERROR, "failed to block child signals"); ++ return -1; ++ } ++ return 0; ++} ++/* }}} */ ++ ++int fpm_signals_unblock() /* {{{ */ ++{ ++ /* Ensure that during reload after upgrade all signals are unblocked. ++ block_sigset could have different value before execve() */ ++ sigset_t all_signals; ++ sigfillset(&all_signals); ++ if (0 > sigprocmask(SIG_UNBLOCK, &all_signals, NULL)) { ++ zlog(ZLOG_SYSERROR, "failed to unblock signals"); ++ return -1; ++ } ++ return 0; ++} ++/* }}} */ +diff -up ./sapi/fpm/fpm/fpm_signals.h.fpmsig ./sapi/fpm/fpm/fpm_signals.h +--- ./sapi/fpm/fpm/fpm_signals.h.fpmsig 2020-10-13 11:27:02.000000000 +0200 ++++ ./sapi/fpm/fpm/fpm_signals.h 2020-10-23 10:36:38.873900639 +0200 +@@ -8,6 +8,10 @@ + int fpm_signals_init_main(); + int fpm_signals_init_child(); + int fpm_signals_get_fd(); ++int fpm_signals_init_mask(); ++int fpm_signals_block(); ++int fpm_signals_child_block(); ++int fpm_signals_unblock(); + + extern const char *fpm_signal_names[NSIG + 1]; + diff --git a/php-7.3.3-systzdata-v18.patch b/php-7.3.3-systzdata-v19.patch index eac3cc3..17a01fe 100644 --- a/php-7.3.3-systzdata-v18.patch +++ b/php-7.3.3-systzdata-v19.patch @@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather than embedding a copy. Discussed upstream but was not desired. History: +r19: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi r18: adapt for autotool change in 7.3.3RC1 r17: adapt for timelib 2018.01 (in 7.3.2RC1) r16: adapt for timelib 2017.06 (in 7.2.3RC1) @@ -29,10 +30,11 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up php-7.3.3RC1/ext/date/config0.m4.systzdata php-7.3.3RC1/ext/date/config0.m4 ---- php-7.3.3RC1/ext/date/config0.m4.systzdata 2019-02-19 14:57:51.314601701 +0100 -+++ php-7.3.3RC1/ext/date/config0.m4 2019-02-19 14:58:29.050812587 +0100 -@@ -9,6 +9,19 @@ io.h +diff --git a/ext/date/config0.m4 b/ext/date/config0.m4 +index 20e4164aaa..a61243646d 100644 +--- a/ext/date/config0.m4 ++++ b/ext/date/config0.m4 +@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h]) dnl Check for strtoll, atoll AC_CHECK_FUNCS(strtoll atoll) @@ -52,10 +54,11 @@ diff -up php-7.3.3RC1/ext/date/config0.m4.systzdata php-7.3.3RC1/ext/date/config PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1" timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c" -diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/lib/parse_tz.c ---- php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata 2019-02-19 12:18:27.000000000 +0100 -+++ php-7.3.3RC1/ext/date/lib/parse_tz.c 2019-02-19 14:57:20.397428931 +0100 -@@ -25,8 +25,21 @@ +diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c +index 020da3135e..12e68ef043 100644 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c +@@ -26,8 +26,21 @@ #include "timelib.h" #include "timelib_private.h" @@ -77,7 +80,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -87,6 +100,11 @@ static int read_php_preamble(const unsig +@@ -88,6 +101,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz) { uint32_t version; @@ -89,7 +92,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -411,7 +429,429 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -412,7 +430,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz) } } @@ -320,6 +323,44 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li +} + + ++/* Retrieve tzdata version. */ ++static void retrieve_zone_version(timelib_tzdb *db) ++{ ++ static char buf[30]; ++ char path[PATH_MAX]; ++ FILE *fp; ++ ++ strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path)); ++ ++ fp = fopen(path, "r"); ++ if (fp) { ++ if (fgets(buf, sizeof(buf), fp)) { ++ if (!memcmp(buf, "# version ", 10) && ++ isdigit(buf[10]) && ++ isdigit(buf[11]) && ++ isdigit(buf[12]) && ++ isdigit(buf[13]) && ++ islower(buf[14])) { ++ if (buf[14] >= 't') { /* 2022t = 2022.20 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 't' + '0'; ++ buf[15] = '2'; ++ } else if (buf[14] >= 'j') { /* 2022j = 2022.10 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 'j' + '0'; ++ buf[15] = '1'; ++ } else { /* 2022a = 2022.1 */ ++ buf[16] = 0; ++ buf[15] = buf[14] - 'a' + '1'; ++ } ++ buf[14] = '.'; ++ db->version = buf+10; ++ } ++ } ++ fclose(fp); ++ } ++} ++ +/* Create the zone identifier index by trawling the filesystem. */ +static void create_zone_index(timelib_tzdb *db) +{ @@ -411,7 +452,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li + size_t n; + char *data, *p; + -+ data = malloc(3 * sysdb->index_size + 7); ++ data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1); + + p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); + @@ -520,7 +561,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li { int left = 0, right = tzdb->index_size - 1; -@@ -437,9 +877,48 @@ static int seek_to_tz_position(const uns +@@ -438,9 +916,49 @@ static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const return 0; } @@ -557,6 +598,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li + tmp->version = "0.system"; + tmp->data = NULL; + create_zone_index(tmp); ++ retrieve_zone_version(tmp); + system_location_table = create_location_table(); + fake_data_segment(tmp, system_location_table); + timezonedb_system = tmp; @@ -569,7 +611,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li } const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count) -@@ -451,7 +930,30 @@ const timelib_tzdb_index_entry *timelib_ +@@ -452,7 +970,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_ int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; @@ -601,7 +643,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li } static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -493,12 +995,14 @@ static timelib_tzinfo* timelib_tzinfo_ct +@@ -494,12 +1035,14 @@ static timelib_tzinfo* timelib_tzinfo_ctor(char *name) timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code) { const unsigned char *tzf; @@ -617,7 +659,7 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li tmp = timelib_tzinfo_ctor(timezone); version = read_preamble(&tzf, tmp, &type); -@@ -537,11 +1041,36 @@ timelib_tzinfo *timelib_parse_tzfile(cha +@@ -534,11 +1077,36 @@ timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, i } skip_posix_string(&tzf, tmp); @@ -654,3 +696,19 @@ diff -up php-7.3.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.3.3RC1/ext/date/li } else { *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; tmp = NULL; +diff --git a/ext/date/php_date.c b/ext/date/php_date.c +index e1a427c5ca..465906fa2b 100644 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -951,7 +951,11 @@ PHP_MINFO_FUNCTION(date) + php_info_print_table_row(2, "date/time support", "enabled"); + php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION); + php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version); ++#ifdef HAVE_SYSTEM_TZDATA ++ php_info_print_table_row(2, "Timezone Database", "system"); ++#else + php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal"); ++#endif + php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb)); + php_info_print_table_end(); + diff --git a/php-bug80682.patch b/php-bug80682.patch new file mode 100644 index 0000000..38f908b --- /dev/null +++ b/php-bug80682.patch @@ -0,0 +1,30 @@ +From 067f7e4150d8f9bddf6b198c9c7826565ee549b0 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@php.net> +Date: Thu, 28 Jan 2021 16:24:39 +0100 +Subject: [PATCH] Fix #80682 opcache doesn't honour pcre.jit option + +--- + ext/opcache/zend_accelerator_blacklist.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/ext/opcache/zend_accelerator_blacklist.c b/ext/opcache/zend_accelerator_blacklist.c +index 889fcabd7988..5c6bd76821a5 100644 +--- a/ext/opcache/zend_accelerator_blacklist.c ++++ b/ext/opcache/zend_accelerator_blacklist.c +@@ -185,10 +185,12 @@ static void zend_accel_blacklist_update_regexp(zend_blacklist *blacklist) + return; + } + #ifdef HAVE_PCRE_JIT_SUPPORT +- if (0 > pcre2_jit_compile(it->re, PCRE2_JIT_COMPLETE)) { +- /* Don't return here, even JIT could fail to compile, the pattern is still usable. */ +- pcre2_get_error_message(errnumber, pcre_error, sizeof(pcre_error)); +- zend_accel_error(ACCEL_LOG_WARNING, "Blacklist JIT compilation failed, %s\n", pcre_error); ++ if (PCRE_G(jit)) { ++ if (0 > pcre2_jit_compile(it->re, PCRE2_JIT_COMPLETE)) { ++ /* Don't return here, even JIT could fail to compile, the pattern is still usable. */ ++ pcre2_get_error_message(errnumber, pcre_error, sizeof(pcre_error)); ++ zend_accel_error(ACCEL_LOG_WARNING, "Blacklist JIT compilation failed, %s\n", pcre_error); ++ } + } + #endif + /* prepare for the next iteration */ diff --git a/php-bug80783.patch b/php-bug80783.patch new file mode 100644 index 0000000..2da9928 --- /dev/null +++ b/php-bug80783.patch @@ -0,0 +1,185 @@ +From bccca0b53aa60a62e2988c750fc73c02d109e642 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Thu, 25 Feb 2021 14:38:42 +0100 +Subject: [PATCH] Fix #80783: PDO ODBC truncates BLOB records at every 256th + byte + +It is not guaranteed, that the driver inserts only a single NUL byte at +the end of the buffer. Apparently, there is no way to find out the +actual data length in the buffer after calling `SQLGetData()`, so we +adjust after the next `SQLGetData()` call. + +We also prevent PDO::ODBC_ATTR_ASSUME_UTF8 from fetching garbage, by +fetching all chunks with the same C type. + +Closes GH-6716. +--- + NEWS | 4 ++++ + ext/pdo_odbc/odbc_stmt.c | 14 +++++++++++-- + ext/pdo_odbc/tests/bug80783.phpt | 32 ++++++++++++++++++++++++++++++ + ext/pdo_odbc/tests/bug80783a.phpt | 33 +++++++++++++++++++++++++++++++ + 4 files changed, 81 insertions(+), 2 deletions(-) + create mode 100644 ext/pdo_odbc/tests/bug80783.phpt + create mode 100644 ext/pdo_odbc/tests/bug80783a.phpt + +diff --git a/ext/pdo_odbc/odbc_stmt.c b/ext/pdo_odbc/odbc_stmt.c +index 18abc475b9eb..7ce0bebdca0d 100644 +--- a/ext/pdo_odbc/odbc_stmt.c ++++ b/ext/pdo_odbc/odbc_stmt.c +@@ -652,6 +652,7 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + + /* if it is a column containing "long" data, perform late binding now */ + if (C->is_long) { ++ SQLLEN orig_fetched_len = SQL_NULL_DATA; + zend_ulong used = 0; + char *buf; + RETCODE rc; +@@ -662,6 +663,7 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + + rc = SQLGetData(S->stmt, colno+1, C->is_unicode ? SQL_C_BINARY : SQL_C_CHAR, C->data, + 256, &C->fetched_len); ++ orig_fetched_len = C->fetched_len; + + if (rc == SQL_SUCCESS) { + /* all the data fit into our little buffer; +@@ -673,7 +675,8 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + /* this is a 'long column' + + read the column in 255 byte blocks until the end of the column is reached, reassembling those blocks +- in order into the output buffer ++ in order into the output buffer; 255 bytes are an optimistic assumption, since the driver may assert ++ more or less NUL bytes at the end; we cater to that later, if actual length information is available + + this loop has to work whether or not SQLGetData() provides the total column length. + calling SQLDescribeCol() or other, specifically to get the column length, then doing a single read +@@ -687,7 +690,14 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + do { + C->fetched_len = 0; + /* read block. 256 bytes => 255 bytes are actually read, the last 1 is NULL */ +- rc = SQLGetData(S->stmt, colno+1, SQL_C_CHAR, buf2, 256, &C->fetched_len); ++ rc = SQLGetData(S->stmt, colno+1, C->is_unicode ? SQL_C_BINARY : SQL_C_CHAR, buf2, 256, &C->fetched_len); ++ ++ /* adjust `used` in case we have length info from the driver */ ++ if (orig_fetched_len >= 0 && C->fetched_len >= 0) { ++ SQLLEN fixed_used = orig_fetched_len - C->fetched_len; ++ ZEND_ASSERT(fixed_used <= used + 1); ++ used = fixed_used; ++ } + + /* resize output buffer and reassemble block */ + if (rc==SQL_SUCCESS_WITH_INFO) { +diff --git a/ext/pdo_odbc/tests/bug80783.phpt b/ext/pdo_odbc/tests/bug80783.phpt +new file mode 100644 +index 000000000000..9794c25a30ec +--- /dev/null ++++ b/ext/pdo_odbc/tests/bug80783.phpt +@@ -0,0 +1,32 @@ ++--TEST-- ++Bug #80783 (PDO ODBC truncates BLOB records at every 256th byte) ++--SKIPIF-- ++<?php ++if (!extension_loaded('pdo_odbc')) die('skip pdo_odbc extension not available'); ++require 'ext/pdo/tests/pdo_test.inc'; ++PDOTest::skip(); ++?> ++--FILE-- ++<?php ++require 'ext/pdo/tests/pdo_test.inc'; ++$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); ++$db->exec("CREATE TABLE bug80783 (name IMAGE)"); ++ ++$string = str_repeat("0123456789", 50); ++$db->exec("INSERT INTO bug80783 VALUES('$string')"); ++ ++$stmt = $db->prepare("SELECT name FROM bug80783"); ++$stmt->bindColumn(1, $data, PDO::PARAM_LOB); ++$stmt->execute(); ++$stmt->fetch(PDO::FETCH_BOUND); ++ ++var_dump($data === bin2hex($string)); ++?> ++--CLEAN-- ++<?php ++require 'ext/pdo/tests/pdo_test.inc'; ++$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); ++$db->exec("DROP TABLE bug80783"); ++?> ++--EXPECT-- ++bool(true) +diff --git a/ext/pdo_odbc/tests/bug80783a.phpt b/ext/pdo_odbc/tests/bug80783a.phpt +new file mode 100644 +index 000000000000..f9e123ae5426 +--- /dev/null ++++ b/ext/pdo_odbc/tests/bug80783a.phpt +@@ -0,0 +1,33 @@ ++--TEST-- ++Bug #80783 (PDO ODBC truncates BLOB records at every 256th byte) ++--SKIPIF-- ++<?php ++if (!extension_loaded('pdo_odbc')) die('skip pdo_odbc extension not available'); ++require 'ext/pdo/tests/pdo_test.inc'; ++PDOTest::skip(); ++?> ++--FILE-- ++<?php ++require 'ext/pdo/tests/pdo_test.inc'; ++$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); ++$db->exec("CREATE TABLE bug80783a (name NVARCHAR(MAX))"); ++ ++$string = str_repeat("0123456789", 50); ++$db->exec("INSERT INTO bug80783a VALUES('$string')"); ++ ++$stmt = $db->prepare("SELECT name FROM bug80783a"); ++$stmt->setAttribute(PDO::ODBC_ATTR_ASSUME_UTF8, true); ++$stmt->bindColumn(1, $data, PDO::PARAM_STR); ++$stmt->execute(); ++$stmt->fetch(PDO::FETCH_BOUND); ++ ++var_dump($data === $string); ++?> ++--CLEAN-- ++<?php ++require 'ext/pdo/tests/pdo_test.inc'; ++$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); ++$db->exec("DROP TABLE bug80783a"); ++?> ++--EXPECT-- ++bool(true) +From 25f5a1b2e15344e75d69a7140631d467e8b3f966 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 8 Apr 2021 11:04:33 +0200 +Subject: [PATCH] Improve fix for #80783 + +--- + ext/pdo_odbc/odbc_stmt.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/ext/pdo_odbc/odbc_stmt.c b/ext/pdo_odbc/odbc_stmt.c +index 7ce0bebdca0d..368648c36ae2 100644 +--- a/ext/pdo_odbc/odbc_stmt.c ++++ b/ext/pdo_odbc/odbc_stmt.c +@@ -665,13 +665,13 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + 256, &C->fetched_len); + orig_fetched_len = C->fetched_len; + +- if (rc == SQL_SUCCESS) { ++ if (rc == SQL_SUCCESS && C->fetched_len < 256) { + /* all the data fit into our little buffer; + * jump down to the generic bound data case */ + goto in_data; + } + +- if (rc == SQL_SUCCESS_WITH_INFO) { ++ if (rc == SQL_SUCCESS_WITH_INFO || rc == SQL_SUCCESS) { + /* this is a 'long column' + + read the column in 255 byte blocks until the end of the column is reached, reassembling those blocks +@@ -700,7 +700,7 @@ static int odbc_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, zend_ulong + } + + /* resize output buffer and reassemble block */ +- if (rc==SQL_SUCCESS_WITH_INFO) { ++ if (rc==SQL_SUCCESS_WITH_INFO || (rc==SQL_SUCCESS && C->fetched_len > 255)) { + /* point 5, in section "Retrieving Data with SQLGetData" in http://msdn.microsoft.com/en-us/library/windows/desktop/ms715441(v=vs.85).aspx + states that if SQL_SUCCESS_WITH_INFO, fetched_len will be > 255 (greater than buf2's size) + (if a driver fails to follow that and wrote less than 255 bytes to buf2, this will AV or read garbage into buf) */ diff --git a/php-bug81719.patch b/php-bug81719.patch new file mode 100644 index 0000000..c40e1ba --- /dev/null +++ b/php-bug81719.patch @@ -0,0 +1,60 @@ +From 9433de72e291db518357fe55531cc15432d43ec4 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <smalyshev@gmail.com> +Date: Mon, 6 Jun 2022 00:56:51 -0600 +Subject: [PATCH 2/3] Fix bug #81719: mysqlnd/pdo password buffer overflow + +(cherry picked from commit 58006537fc5f133ae8549efe5118cde418b3ace9) +--- + ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c +index 6459fe4964..1aee62c64e 100644 +--- a/ext/mysqlnd/mysqlnd_wireprotocol.c ++++ b/ext/mysqlnd/mysqlnd_wireprotocol.c +@@ -768,7 +768,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet) + MYSQLND_VIO * vio = conn->vio; + MYSQLND_STATS * stats = conn->stats; + MYSQLND_CONNECTION_STATE * connection_state = &conn->state; +- zend_uchar * buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len); ++ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE; ++ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size); + zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */ + + DBG_ENTER("php_mysqlnd_change_auth_response_write"); +-- +2.35.3 + +From f451082baf14ee9ea86cdd19870e906adb368f02 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 7 Jun 2022 09:57:15 +0200 +Subject: [PATCH 3/3] NEWS + +--- + NEWS | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/NEWS b/NEWS +index ffbe82d7aa..fd227bd33a 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,16 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ++ ++Backported from 7.4.30 ++ ++- mysqlnd: ++ . Fixed bug #81719: mysqlnd/pdo password buffer overflow. ++ (CVE-2022-31626) (c dot fol at ambionics dot io) ++ ++- pgsql ++ . Fixed bug #81720: Uninitialized array in pg_query_params(). ++ (CVE-2022-31625) (cmb) ++ + 18 Nov 2021, PHP 7.3.33 + + - XML: +-- +2.35.3 + diff --git a/php-bug81720.patch b/php-bug81720.patch new file mode 100644 index 0000000..8580d7a --- /dev/null +++ b/php-bug81720.patch @@ -0,0 +1,76 @@ +From 6f979c832c861fb32e2dbad5e0cc29edcee7c500 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Tue, 17 May 2022 12:59:23 +0200 +Subject: [PATCH 1/3] Fix #81720: Uninitialized array in pg_query_params() + leading to RCE + +We must not free parameters which we haven't initialized yet. + +We also fix the not directly related issue, that we checked for the +wrong value being `NULL`, potentially causing a segfault. + +(cherry picked from commit 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab) +--- + ext/pgsql/pgsql.c | 4 ++-- + ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++ + 2 files changed, 29 insertions(+), 2 deletions(-) + create mode 100644 ext/pgsql/tests/bug81720.phpt + +diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c +index 27462bc336..1dd892d359 100644 +--- a/ext/pgsql/pgsql.c ++++ b/ext/pgsql/pgsql.c +@@ -1994,7 +1994,7 @@ PHP_FUNCTION(pg_query_params) + if (Z_TYPE(tmp_val) != IS_STRING) { + php_error_docref(NULL, E_WARNING,"Error converting parameter"); + zval_ptr_dtor(&tmp_val); +- _php_pgsql_free_params(params, num_params); ++ _php_pgsql_free_params(params, i); + RETURN_FALSE; + } + params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val)); +@@ -5179,7 +5179,7 @@ PHP_FUNCTION(pg_send_execute) + if (Z_TYPE(tmp_val) != IS_STRING) { + php_error_docref(NULL, E_WARNING,"Error converting parameter"); + zval_ptr_dtor(&tmp_val); +- _php_pgsql_free_params(params, num_params); ++ _php_pgsql_free_params(params, i); + RETURN_FALSE; + } + params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val)); +diff --git a/ext/pgsql/tests/bug81720.phpt b/ext/pgsql/tests/bug81720.phpt +new file mode 100644 +index 0000000000..d79f1fcdd6 +--- /dev/null ++++ b/ext/pgsql/tests/bug81720.phpt +@@ -0,0 +1,27 @@ ++--TEST-- ++Bug #81720 (Uninitialized array in pg_query_params() leading to RCE) ++--SKIPIF-- ++<?php include("skipif.inc"); ?> ++--FILE-- ++<?php ++include('config.inc'); ++ ++$conn = pg_connect($conn_str); ++ ++try { ++ pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]); ++} catch (Throwable $ex) { ++ echo $ex->getMessage(), PHP_EOL; ++} ++ ++try { ++ pg_send_prepare($conn, "my_query", 'SELECT $1, $2'); ++ pg_get_result($conn); ++ pg_send_execute($conn, "my_query", [1, new stdClass()]); ++} catch (Throwable $ex) { ++ echo $ex->getMessage(), PHP_EOL; ++} ++?> ++--EXPECT-- ++Object of class stdClass could not be converted to string ++Object of class stdClass could not be converted to string +-- +2.35.3 + diff --git a/php-bug81726.patch b/php-bug81726.patch new file mode 100644 index 0000000..fd43dac --- /dev/null +++ b/php-bug81726.patch @@ -0,0 +1,179 @@ +From 96fda78bcddd1d793cf2d0ee463dbb49621b577f Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Mon, 25 Jul 2022 15:58:59 +0200 +Subject: [PATCH] Fix #81726: phar wrapper: DOS when using quine gzip file + +The phar wrapper needs to uncompress the file; the uncompressed file +might be compressed, so the wrapper implementation loops. This raises +potential DOS issues regarding too deep or even infinite recursion (the +latter are called compressed file quines[1]). We avoid that by +introducing a recursion limit; we choose the somewhat arbitrary limit +`3`. + +This issue has been reported by real_as3617 and gPayl0ad. + +[1] <https://honno.dev/gzip-quine/> + +(cherry picked from commit 404e8bdb68350931176a5bdc86fc417b34fb583d) +--- + NEWS | 2 ++ + ext/phar/phar.c | 16 +++++++++++----- + ext/phar/tests/bug81726.gz | Bin 0 -> 204 bytes + ext/phar/tests/bug81726.phpt | 14 ++++++++++++++ + 4 files changed, 27 insertions(+), 5 deletions(-) + create mode 100644 ext/phar/tests/bug81726.gz + create mode 100644 ext/phar/tests/bug81726.phpt + +diff --git a/NEWS b/NEWS +index 87b67643f3..fe4cb9c484 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,8 @@ PHP NEWS + Backported from 7.4.31 + + - Core: ++ . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. ++ (CVE-2022-31628). (cmb) + . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. (CVE-2022-31629). (Derick) + +diff --git a/ext/phar/phar.c b/ext/phar/phar.c +index 44e40d98d1..9360658cd7 100644 +--- a/ext/phar/phar.c ++++ b/ext/phar/phar.c +@@ -1593,7 +1593,8 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + const char zip_magic[] = "PK\x03\x04"; + const char gz_magic[] = "\x1f\x8b\x08"; + const char bz_magic[] = "BZh"; +- char *pos, test = '\0'; ++ char *pos; ++ int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion + const int window_size = 1024; + char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */ + const zend_long readsize = sizeof(buffer) - sizeof(token); +@@ -1621,8 +1622,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (truncated entry)") + } + +- if (!test) { +- test = '\1'; ++ if (recursion_count) { + pos = buffer+tokenlen; + if (!memcmp(pos, gz_magic, 3)) { + char err = 0; +@@ -1682,7 +1682,10 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + compression = PHAR_FILE_COMPRESSED_GZ; + + /* now, start over */ +- test = '\0'; ++ if (!--recursion_count) { ++ MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\""); ++ break; ++ } + continue; + } else if (!memcmp(pos, bz_magic, 3)) { + php_stream_filter *filter; +@@ -1720,7 +1723,10 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + compression = PHAR_FILE_COMPRESSED_BZ2; + + /* now, start over */ +- test = '\0'; ++ if (!--recursion_count) { ++ MAPPHAR_ALLOC_FAIL("unable to decompress bzipped phar archive \"%s\""); ++ break; ++ } + continue; + } + +From 535c3f592d020a3a43f4ce3577e505d64297b6e8 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Tue, 27 Sep 2022 17:43:40 +0200 +Subject: [PATCH] Fix regression introduced by fixing bug 81726 + +When a tar phar is created, `phar_open_from_fp()` is also called, but +since the file has just been created, none of the format checks can +succeed, so we continue to loop, but must not check again for the +format. Therefore, we bring back the old `test` variable. + +Closes GH-9620. + +(cherry picked from commit 432bf196d59bcb661fcf9cb7029cea9b43f490af) +--- + ext/phar/phar.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/ext/phar/phar.c b/ext/phar/phar.c +index 9360658cd7..1437525245 100644 +--- a/ext/phar/phar.c ++++ b/ext/phar/phar.c +@@ -1593,7 +1593,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + const char zip_magic[] = "PK\x03\x04"; + const char gz_magic[] = "\x1f\x8b\x08"; + const char bz_magic[] = "BZh"; +- char *pos; ++ char *pos, test = '\0'; + int recursion_count = 3; // arbitrary limit to avoid too deep or even infinite recursion + const int window_size = 1024; + char buffer[1024 + sizeof(token)]; /* a 1024 byte window + the size of the halt_compiler token (moving window) */ +@@ -1622,7 +1622,8 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + MAPPHAR_ALLOC_FAIL("internal corruption of phar \"%s\" (truncated entry)") + } + +- if (recursion_count) { ++ if (!test && recursion_count) { ++ test = '\1'; + pos = buffer+tokenlen; + if (!memcmp(pos, gz_magic, 3)) { + char err = 0; +@@ -1682,6 +1683,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + compression = PHAR_FILE_COMPRESSED_GZ; + + /* now, start over */ ++ test = '\0'; + if (!--recursion_count) { + MAPPHAR_ALLOC_FAIL("unable to decompress gzipped phar archive \"%s\""); + break; +@@ -1723,6 +1725,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, size_t fname_len, char + compression = PHAR_FILE_COMPRESSED_BZ2; + + /* now, start over */ ++ test = '\0'; + if (!--recursion_count) { + MAPPHAR_ALLOC_FAIL("unable to decompress bzipped phar archive \"%s\""); + break; +-- +2.37.3 + +From 9d32d284b25f5df75780911a47b3c23cbaac1761 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Fri, 30 Sep 2022 09:22:14 +0200 +Subject: [PATCH] fix NEWS + +--- + NEWS | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/NEWS b/NEWS +index fe4cb9c484..b7a19aea19 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,14 +1,16 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + +-Backported from 7.4.31 ++Backported from 7.4.32 + + - Core: +- . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. +- (CVE-2022-31628). (cmb) + . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. (CVE-2022-31629). (Derick) + ++- Phar: ++ . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. ++ (CVE-2022-31628). (cmb) ++ + Backported from 7.4.30 + + - mysqlnd: diff --git a/php-bug81727.patch b/php-bug81727.patch new file mode 100644 index 0000000..381a9e8 --- /dev/null +++ b/php-bug81727.patch @@ -0,0 +1,77 @@ +From 8b300e157e92b0e945ad813d608f076b5323d721 Mon Sep 17 00:00:00 2001 +From: Derick Rethans <github@derickrethans.nl> +Date: Fri, 9 Sep 2022 16:54:03 +0100 +Subject: [PATCH] Fix #81727: Don't mangle HTTP variable names that clash with + ones that have a specific semantic meaning. + +(cherry picked from commit 0611be4e82887cee0de6c4cbae320d34eec946ca) +--- + NEWS | 6 ++++++ + ext/standard/tests/bug81727.phpt | 15 +++++++++++++++ + main/php_variables.c | 14 ++++++++++++++ + 3 files changed, 35 insertions(+) + create mode 100644 ext/standard/tests/bug81727.phpt + +diff --git a/NEWS b/NEWS +index fd227bd33a..87b67643f3 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 7.4.31 ++ ++- Core: ++ . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones ++ that have a specific semantic meaning. (CVE-2022-31629). (Derick) ++ + Backported from 7.4.30 + + - mysqlnd: +diff --git a/ext/standard/tests/bug81727.phpt b/ext/standard/tests/bug81727.phpt +new file mode 100644 +index 0000000000..71a9cb46c8 +--- /dev/null ++++ b/ext/standard/tests/bug81727.phpt +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #81727: $_COOKIE name starting with ..Host/..Secure should be discarded ++--COOKIE-- ++..Host-test=ignore; __Host-test=correct; . Secure-test=ignore; . Elephpant=Awesome; ++--FILE-- ++<?php ++var_dump($_COOKIE); ++?> ++--EXPECT-- ++array(2) { ++ ["__Host-test"]=> ++ string(7) "correct" ++ ["__Elephpant"]=> ++ string(7) "Awesome" ++} +diff --git a/main/php_variables.c b/main/php_variables.c +index ca015352d2..f2d0c3bd98 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -115,6 +115,20 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars + } + var_len = p - var; + ++ /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */ ++ if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ ++ /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */ ++ if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ + if (var_len==0) { /* empty variable name, or variable name with a space in it */ + zval_ptr_dtor_nogc(val); + free_alloca(var_orig, use_heap); diff --git a/php-bug81738.patch b/php-bug81738.patch new file mode 100644 index 0000000..0c6aaa8 --- /dev/null +++ b/php-bug81738.patch @@ -0,0 +1,128 @@ +From de4517ad607df8d4cb3735228b39e4a48f95556c Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <smalyshev@gmail.com> +Date: Thu, 20 Oct 2022 23:57:35 -0600 +Subject: [PATCH] Fix bug #81738 (buffer overflow in hash_update() on long + parameter) + +--- + NEWS | 6 ++++++ + ext/hash/sha3/generic32lc/KeccakSponge.inc | 14 ++++++++------ + ext/hash/sha3/generic64lc/KeccakSponge.inc | 14 ++++++++------ + 3 files changed, 22 insertions(+), 12 deletions(-) + +diff --git a/NEWS b/NEWS +index b7a19aea19..ce48558ad1 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 7.4.33 ++ ++- Hash: ++ . Fixed bug #81738: buffer overflow in hash_update() on long parameter. ++ (CVE-2022-37454) (nicky at mouha dot be) ++ + Backported from 7.4.32 + + - Core: +diff --git a/ext/hash/sha3/generic32lc/KeccakSponge.inc b/ext/hash/sha3/generic32lc/KeccakSponge.inc +index 42a15aac6d..f8c42ff788 100644 +--- a/ext/hash/sha3/generic32lc/KeccakSponge.inc ++++ b/ext/hash/sha3/generic32lc/KeccakSponge.inc +@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + if ((rateInBytes % (SnP_width/200)) == 0) { +@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); +diff --git a/ext/hash/sha3/generic64lc/KeccakSponge.inc b/ext/hash/sha3/generic64lc/KeccakSponge.inc +index 42a15aac6d..f8c42ff788 100644 +--- a/ext/hash/sha3/generic64lc/KeccakSponge.inc ++++ b/ext/hash/sha3/generic64lc/KeccakSponge.inc +@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + if ((rateInBytes % (SnP_width/200)) == 0) { +@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); +-- +2.37.3 + diff --git a/php-bug81740.patch b/php-bug81740.patch new file mode 100644 index 0000000..73bc74a --- /dev/null +++ b/php-bug81740.patch @@ -0,0 +1,86 @@ +From 5a0e763a3dcf5ae22dbd6d35757255d6c33dbdde Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Mon, 31 Oct 2022 17:20:23 +0100 +Subject: [PATCH 1/2] Fix #81740: PDO::quote() may return unquoted string + +`sqlite3_snprintf()` expects its first parameter to be `int`; we need +to avoid overflow. + +(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba) +(cherry picked from commit 7cb160efe19d3dfb8b92629805733ea186b55050) +--- + ext/pdo_sqlite/sqlite_driver.c | 3 +++ + ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ + 2 files changed, 20 insertions(+) + create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt + +diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c +index a0f3e104f2..77720c618f 100644 +--- a/ext/pdo_sqlite/sqlite_driver.c ++++ b/ext/pdo_sqlite/sqlite_driver.c +@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t + /* NB: doesn't handle binary strings... use prepared stmts for that */ + static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) + { ++ if (unquotedlen > (INT_MAX - 3) / 2) { ++ return 0; ++ } + *quoted = safe_emalloc(2, unquotedlen, 3); + sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); + *quotedlen = strlen(*quoted); +diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt +new file mode 100644 +index 0000000000..99fb07c304 +--- /dev/null ++++ b/ext/pdo_sqlite/tests/bug81740.phpt +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #81740 (PDO::quote() may return unquoted string) ++--SKIPIF-- ++<?php ++if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; ++if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); ++?> ++--INI-- ++memory_limit=-1 ++--FILE-- ++<?php ++$pdo = new PDO("sqlite::memory:"); ++$string = str_repeat("a", 0x80000000); ++var_dump($pdo->quote($string)); ++?> ++--EXPECT-- ++bool(false) +-- +2.38.1 + +From 144d79977c7e2a410a705f550dbc8ee754dd1cb3 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Mon, 19 Dec 2022 09:24:02 +0100 +Subject: [PATCH 2/2] NEWS + +(cherry picked from commit 7328f3a0344806b846bd05657bdce96e47810bf0) +--- + NEWS | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/NEWS b/NEWS +index ce48558ad1..4de34f7876 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.0.27 ++ ++- PDO/SQLite: ++ . Fixed bug #81740 (PDO::quote() may return unquoted string). ++ (CVE-2022-31631) (cmb) ++ + Backported from 7.4.33 + + - Hash: +-- +2.38.1 + diff --git a/php-bug81744.patch b/php-bug81744.patch new file mode 100644 index 0000000..e11afe1 --- /dev/null +++ b/php-bug81744.patch @@ -0,0 +1,190 @@ +From e78b2696c7baf48e5d0898420368555ff4b99830 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> +Date: Mon, 23 Jan 2023 21:15:24 +0100 +Subject: [PATCH 1/8] crypt: Fix validation of malformed BCrypt hashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +PHP’s implementation of crypt_blowfish differs from the upstream Openwall +version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt +by including a `$` character within the characters that represent the salt. + +Hashes that are affected by the “PHP Hack” may erroneously validate any +password as valid when used with `password_verify` and when comparing the +return value of `crypt()` against the input. + +The PHP Hack exists since the first version of PHP’s own crypt_blowfish +implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5. + +No clear reason is given for the PHP Hack’s existence. This commit removes it, +because BCrypt hashes containing a `$` character in their salt are not valid +BCrypt hashes. + +(cherry picked from commit c840f71524067aa474c00c3eacfb83bd860bfc8a) +(cherry picked from commit 7437aaae38cf4b3357e7580f9e22fd4a403b6c23) +--- + ext/standard/crypt_blowfish.c | 8 -- + .../tests/crypt/bcrypt_salt_dollar.phpt | 82 +++++++++++++++++++ + 2 files changed, 82 insertions(+), 8 deletions(-) + create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt + +diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c +index c1f945f29e..aa7e1bc2e6 100644 +--- a/ext/standard/crypt_blowfish.c ++++ b/ext/standard/crypt_blowfish.c +@@ -376,7 +376,6 @@ static unsigned char BF_atoi64[0x60] = { + #define BF_safe_atoi64(dst, src) \ + { \ + tmp = (unsigned char)(src); \ +- if (tmp == '$') break; /* PHP hack */ \ + if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ + tmp = BF_atoi64[tmp]; \ + if (tmp > 63) return -1; \ +@@ -404,13 +403,6 @@ static int BF_decode(BF_word *dst, const char *src, int size) + *dptr++ = ((c3 & 0x03) << 6) | c4; + } while (dptr < end); + +- if (end - dptr == size) { +- return -1; +- } +- +- while (dptr < end) /* PHP hack */ +- *dptr++ = 0; +- + return 0; + } + +diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +new file mode 100644 +index 0000000000..32e335f4b0 +--- /dev/null ++++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +@@ -0,0 +1,82 @@ ++--TEST-- ++bcrypt correctly rejects salts containing $ ++--FILE-- ++<?php ++for ($i = 0; $i < 23; $i++) { ++ $salt = '$2y$04$' . str_repeat('0', $i) . '$'; ++ $result = crypt("foo", $salt); ++ var_dump($salt); ++ var_dump($result); ++ var_dump($result === $salt); ++} ++?> ++--EXPECT-- ++string(8) "$2y$04$$" ++string(2) "*0" ++bool(false) ++string(9) "$2y$04$0$" ++string(2) "*0" ++bool(false) ++string(10) "$2y$04$00$" ++string(2) "*0" ++bool(false) ++string(11) "$2y$04$000$" ++string(2) "*0" ++bool(false) ++string(12) "$2y$04$0000$" ++string(2) "*0" ++bool(false) ++string(13) "$2y$04$00000$" ++string(2) "*0" ++bool(false) ++string(14) "$2y$04$000000$" ++string(2) "*0" ++bool(false) ++string(15) "$2y$04$0000000$" ++string(2) "*0" ++bool(false) ++string(16) "$2y$04$00000000$" ++string(2) "*0" ++bool(false) ++string(17) "$2y$04$000000000$" ++string(2) "*0" ++bool(false) ++string(18) "$2y$04$0000000000$" ++string(2) "*0" ++bool(false) ++string(19) "$2y$04$00000000000$" ++string(2) "*0" ++bool(false) ++string(20) "$2y$04$000000000000$" ++string(2) "*0" ++bool(false) ++string(21) "$2y$04$0000000000000$" ++string(2) "*0" ++bool(false) ++string(22) "$2y$04$00000000000000$" ++string(2) "*0" ++bool(false) ++string(23) "$2y$04$000000000000000$" ++string(2) "*0" ++bool(false) ++string(24) "$2y$04$0000000000000000$" ++string(2) "*0" ++bool(false) ++string(25) "$2y$04$00000000000000000$" ++string(2) "*0" ++bool(false) ++string(26) "$2y$04$000000000000000000$" ++string(2) "*0" ++bool(false) ++string(27) "$2y$04$0000000000000000000$" ++string(2) "*0" ++bool(false) ++string(28) "$2y$04$00000000000000000000$" ++string(2) "*0" ++bool(false) ++string(29) "$2y$04$000000000000000000000$" ++string(2) "*0" ++bool(false) ++string(30) "$2y$04$0000000000000000000000$" ++string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K" ++bool(false) +-- +2.39.1 + +From ae619b4ba0b325650d09447a48e18c578d52c681 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> +Date: Mon, 23 Jan 2023 22:13:57 +0100 +Subject: [PATCH 2/8] crypt: Fix possible buffer overread in php_crypt() + +(cherry picked from commit a92acbad873a05470af1a47cb785a18eadd827b5) +(cherry picked from commit ed0281b588a6840cb95f3134a4e68847a3be5bb7) +--- + ext/standard/crypt.c | 1 + + ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++ + 2 files changed, 9 insertions(+) + create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt + +diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c +index fec04ec584..9787b92f57 100644 +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -154,6 +154,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch + } else if ( + salt[0] == '$' && + salt[1] == '2' && ++ salt[2] != 0 && + salt[3] == '$') { + char output[PHP_MAX_SALT_LEN + 1]; + +diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt +new file mode 100644 +index 0000000000..085bc8a239 +--- /dev/null ++++ b/ext/standard/tests/password/password_bcrypt_short.phpt +@@ -0,0 +1,8 @@ ++--TEST-- ++Test that password_hash() does not overread buffers when a short hash is passed ++--FILE-- ++<?php ++var_dump(password_verify("foo", '$2')); ++?> ++--EXPECT-- ++bool(false) +-- +2.39.1 + diff --git a/php-bug81746.patch b/php-bug81746.patch new file mode 100644 index 0000000..06f6dbb --- /dev/null +++ b/php-bug81746.patch @@ -0,0 +1,100 @@ +From 31090aae8ff1f150cb822e69e0871af166d463c5 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 27 Jan 2023 19:28:27 +0100 +Subject: [PATCH 3/8] Fix array overrun when appending slash to paths + +Fix it by extending the array sizes by one character. As the input is +limited to the maximum path length, there will always be place to append +the slash. As the php_check_specific_open_basedir() simply uses the +strings to compare against each other, no new failures related to too +long paths are introduced. +We'll let the DOM and XML case handle a potentially too long path in the +library code. + +(cherry picked from commit ec10b28d64decbc54aa1e585dce580f0bd7a5953) +(cherry picked from commit 887cd0710ad856a0d22c329b6ea6c71ebd8621ae) +--- + ext/dom/document.c | 2 +- + ext/xmlreader/php_xmlreader.c | 2 +- + main/fopen_wrappers.c | 6 +++--- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/ext/dom/document.c b/ext/dom/document.c +index 0e15e7a110..3f34e5370d 100644 +--- a/ext/dom/document.c ++++ b/ext/dom/document.c +@@ -1357,7 +1357,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so + int validate, recover, resolve_externals, keep_blanks, substitute_ent; + int resolved_path_len; + int old_error_reporting = 0; +- char *directory=NULL, resolved_path[MAXPATHLEN]; ++ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; + + if (id != NULL) { + intern = Z_DOMOBJ_P(id); +diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c +index 4d4e7348c9..e03273709f 100644 +--- a/ext/xmlreader/php_xmlreader.c ++++ b/ext/xmlreader/php_xmlreader.c +@@ -1029,7 +1029,7 @@ PHP_METHOD(xmlreader, XML) + xmlreader_object *intern = NULL; + char *source, *uri = NULL, *encoding = NULL; + int resolved_path_len, ret = 0; +- char *directory=NULL, resolved_path[MAXPATHLEN]; ++ char *directory=NULL, resolved_path[MAXPATHLEN + 1]; + xmlParserInputBufferPtr inputbfr; + xmlTextReaderPtr reader; + +diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c +index 1509c006d7..4b15f052ef 100644 +--- a/main/fopen_wrappers.c ++++ b/main/fopen_wrappers.c +@@ -133,10 +133,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir) + */ + PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path) + { +- char resolved_name[MAXPATHLEN]; +- char resolved_basedir[MAXPATHLEN]; ++ char resolved_name[MAXPATHLEN + 1]; ++ char resolved_basedir[MAXPATHLEN + 1]; + char local_open_basedir[MAXPATHLEN]; +- char path_tmp[MAXPATHLEN]; ++ char path_tmp[MAXPATHLEN + 1]; + char *path_file; + size_t resolved_basedir_len; + size_t resolved_name_len; +-- +2.39.1 + +From f251242c25493685d7030588f99c17193d3f667d Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Mon, 13 Feb 2023 11:46:47 +0100 +Subject: [PATCH 4/8] NEWS + +(cherry picked from commit 614468ce4056c0ef93aae09532dcffdf65b594b5) +--- + NEWS | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/NEWS b/NEWS +index 4de34f7876..80d589e4d9 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,14 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.0.28 ++ ++- Core: ++ . Fixed bug #81744 (Password_verify() always return true with some hash). ++ (CVE-2023-0567). (Tim Düsterhus) ++ . Fixed bug #81746 (1-byte array overrun in common path resolve code). ++ (CVE-2023-0568). (Niels Dossche) ++ + Backported from 8.0.27 + + - PDO/SQLite: +-- +2.39.1 + diff --git a/php-cve-2023-0662.patch b/php-cve-2023-0662.patch new file mode 100644 index 0000000..fea49a2 --- /dev/null +++ b/php-cve-2023-0662.patch @@ -0,0 +1,148 @@ +From 49bef9efd65ab7456210f8c23b74fdd0f3a8292a Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Thu, 19 Jan 2023 14:11:18 +0000 +Subject: [PATCH 5/8] Fix repeated warning for file uploads limit exceeding + +(cherry picked from commit 3a2fdef1ae38881110006616ee1f0534b082ca45) +--- + main/rfc1867.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/main/rfc1867.c b/main/rfc1867.c +index 3f91fe6fb4..bf28334a34 100644 +--- a/main/rfc1867.c ++++ b/main/rfc1867.c +@@ -930,7 +930,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + skip_upload = 1; + } else if (upload_cnt <= 0) { + skip_upload = 1; +- sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded"); ++ if (upload_cnt == 0) { ++ --upload_cnt; ++ sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded"); ++ } + } + + /* Return with an error if the posted data is garbled */ +-- +2.39.1 + +From d380b11cb9b73e154dc79955a73139cc6f26dd71 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Thu, 19 Jan 2023 14:31:25 +0000 +Subject: [PATCH 6/8] Introduce max_multipart_body_parts INI + +This fixes GHSA-54hq-v5wp-fqgv DOS vulnerabality by limitting number of +parsed multipart body parts as currently all parts were always parsed. + +(cherry picked from commit 8ec78d28d20c82c75c4747f44c52601cfdb22516) +--- + main/main.c | 1 + + main/rfc1867.c | 11 +++++++++++ + 2 files changed, 12 insertions(+) + +diff --git a/main/main.c b/main/main.c +index f20a786743..c3939b3cb5 100644 +--- a/main/main.c ++++ b/main/main.c +@@ -782,6 +782,7 @@ PHP_INI_BEGIN() + PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) ++ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) + + STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) +diff --git a/main/rfc1867.c b/main/rfc1867.c +index bf28334a34..d33809514e 100644 +--- a/main/rfc1867.c ++++ b/main/rfc1867.c +@@ -702,6 +702,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + void *event_extra_data = NULL; + unsigned int llen = 0; + int upload_cnt = INI_INT("max_file_uploads"); ++ int body_parts_cnt = INI_INT("max_multipart_body_parts"); + const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding(); + php_rfc1867_getword_t getword; + php_rfc1867_getword_conf_t getword_conf; +@@ -723,6 +724,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + return; + } + ++ if (body_parts_cnt < 0) { ++ body_parts_cnt = PG(max_input_vars) + upload_cnt; ++ } ++ int body_parts_limit = body_parts_cnt; ++ + /* Get the boundary */ + boundary = strstr(content_type_dup, "boundary"); + if (!boundary) { +@@ -807,6 +813,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + char *pair = NULL; + int end = 0; + ++ if (--body_parts_cnt < 0) { ++ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit); ++ goto fileupload_done; ++ } ++ + while (isspace(*cd)) { + ++cd; + } +-- +2.39.1 + +From 981935217e6d7112ffa1e7a467bed446faa4ffbd Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 14 Feb 2023 09:14:47 +0100 +Subject: [PATCH 7/8] NEWS + +(cherry picked from commit 472db3ee3a00ac00d36019eee0b3b7362334481c) +--- + NEWS | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/NEWS b/NEWS +index 80d589e4d9..45743bf7f0 100644 +--- a/NEWS ++++ b/NEWS +@@ -9,6 +9,10 @@ Backported from 8.0.28 + . Fixed bug #81746 (1-byte array overrun in common path resolve code). + (CVE-2023-0568). (Niels Dossche) + ++- FPM: ++ . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart ++ request body). (CVE-2023-0662) (Jakub Zelenka) ++ + Backported from 8.0.27 + + - PDO/SQLite: +-- +2.39.1 + +From 3cdb8167a4a86dc371321542f272cd220807482e Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 14 Feb 2023 11:47:22 +0100 +Subject: [PATCH 8/8] fix NEWS, not FPM specific + +(cherry picked from commit c04f310440a906fc4ca885f4ecf6e3e4cd36edc7) +--- + NEWS | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/NEWS b/NEWS +index 45743bf7f0..a9d7871ba3 100644 +--- a/NEWS ++++ b/NEWS +@@ -8,8 +8,6 @@ Backported from 8.0.28 + (CVE-2023-0567). (Tim Düsterhus) + . Fixed bug #81746 (1-byte array overrun in common path resolve code). + (CVE-2023-0568). (Niels Dossche) +- +-- FPM: + . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart + request body). (CVE-2023-0662) (Jakub Zelenka) + +-- +2.39.1 + diff --git a/php-cve-2023-3247.patch b/php-cve-2023-3247.patch new file mode 100644 index 0000000..497b53e --- /dev/null +++ b/php-cve-2023-3247.patch @@ -0,0 +1,150 @@ +From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sun, 16 Apr 2023 15:05:03 +0200 +Subject: [PATCH] Fix missing randomness check and insufficient random bytes + for SOAP HTTP Digest +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If php_random_bytes_throw fails, the nonce will be uninitialized, but +still sent to the server. The client nonce is intended to protect +against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1], +and bullet point 2 below. + +Tim pointed out that even though it's the MD5 of the nonce that gets sent, +enumerating 31 bits is trivial. So we have still a stack information leak +of 31 bits. + +Furthermore, Tim found the following issues: +* The small size of cnonce might cause the server to erroneously reject + a request due to a repeated (cnonce, nc) pair. As per the birthday + problem 31 bits of randomness will return a duplication with 50% + chance after less than 55000 requests and nc always starts counting at 1. +* The cnonce is intended to protect the client and password against a + malicious server that returns a constant server nonce where the server + precomputed a rainbow table between passwords and correct client response. + As storage is fairly cheap, a server could precompute the client responses + for (a subset of) client nonces and still have a chance of reversing the + client response with the same probability as the cnonce duplication. + + Precomputing the rainbow table for all 2^31 cnonces increases the rainbow + table size by factor 2 billion, which is infeasible. But precomputing it + for 2^14 cnonces only increases the table size by factor 16k and the server + would still have a 10% chance of successfully reversing a password with a + single client request. + +This patch fixes the issues by increasing the nonce size, and checking +the return value of php_random_bytes_throw(). In the process we also get +rid of the MD5 hashing of the nonce. + +[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616 + +Co-authored-by: Tim Düsterhus <timwolla@php.net> +(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a) +--- + NEWS | 6 ++++++ + ext/soap/php_http.c | 21 +++++++++++++-------- + 2 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/NEWS b/NEWS +index 3f8739eae7..7c07635cad 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.0.29 ++ ++- Soap: ++ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random ++ bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) ++ + Backported from 8.0.28 + + - Core: +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index ee3dcbdc9a..e3a9afdbe9 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr, + if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) { + if (Z_TYPE_P(digest) == IS_ARRAY) { + char HA1[33], HA2[33], response[33], cnonce[33], nc[9]; +- zend_long nonce; ++ unsigned char nonce[16]; + PHP_MD5_CTX md5ctx; + unsigned char hash[16]; + +- php_random_bytes_throw(&nonce, sizeof(nonce)); +- nonce &= 0x7fffffff; ++ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) { ++ ZEND_ASSERT(EG(exception)); ++ php_stream_close(stream); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1); ++ smart_str_free(&soap_headers_z); ++ smart_str_free(&soap_headers); ++ return FALSE; ++ } + +- PHP_MD5Init(&md5ctx); +- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce); +- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce)); +- PHP_MD5Final(hash, &md5ctx); +- make_digest(cnonce, hash); ++ php_hash_bin2hex(cnonce, nonce, sizeof(nonce)); ++ cnonce[32] = 0; + + if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL && + Z_TYPE_P(tmp) == IS_LONG) { +From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 6 Jun 2023 18:05:22 +0200 +Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex + +--- + ext/soap/php_http.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index e3a9afdbe9..912b8e341d 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -22,6 +22,7 @@ + #include "ext/standard/base64.h" + #include "ext/standard/md5.h" + #include "ext/standard/php_random.h" ++#include "ext/hash/php_hash.h" + + static char *get_http_header_value_nodup(char *headers, char *type, size_t *len); + static char *get_http_header_value(char *headers, char *type); +From ec8afe8e559342b61a0498dcab8ce59dc6319d3e Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 15 Jun 2023 08:47:55 +0200 +Subject: [PATCH] add cve + +(cherry picked from commit f3021d66d7bb42d2578530cc94f9bde47e58eb10) +--- + NEWS | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 7ccc61e6e4..1950d841a5 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,7 +5,8 @@ Backported from 8.0.29 + + - Soap: + . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random +- bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) ++ bytes in HTTP Digest authentication for SOAP). ++ (CVE-2023-3247) (nielsdos, timwolla) + + Backported from 8.0.28 + +-- +2.40.1 + diff --git a/php-cve-2023-3823.patch b/php-cve-2023-3823.patch new file mode 100644 index 0000000..604438c --- /dev/null +++ b/php-cve-2023-3823.patch @@ -0,0 +1,90 @@ +From 3f14261065e4c0552afa9cb16411475050a41c2c Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Mon, 10 Jul 2023 13:25:34 +0200 +Subject: [PATCH 1/4] Fix buffer mismanagement in phar_dir_read() + +Fixes GHSA-jqcx-ccgc-xwhv. + +(cherry picked from commit 80316123f3e9dcce8ac419bd9dd43546e2ccb5ef) +(cherry picked from commit c398fe98c044c8e7c23135acdc38d4ef7bedc983) +--- + ext/phar/dirstream.c | 15 ++++++++------ + ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt | 27 +++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 6 deletions(-) + create mode 100644 ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt + +diff --git a/ext/phar/dirstream.c b/ext/phar/dirstream.c +index 70e696a167..b60af236ef 100644 +--- a/ext/phar/dirstream.c ++++ b/ext/phar/dirstream.c +@@ -92,25 +92,28 @@ static int phar_dir_seek(php_stream *stream, zend_off_t offset, int whence, zend + */ + static size_t phar_dir_read(php_stream *stream, char *buf, size_t count) /* {{{ */ + { +- size_t to_read; + HashTable *data = (HashTable *)stream->abstract; + zend_string *str_key; + zend_ulong unused; + ++ if (count != sizeof(php_stream_dirent)) { ++ return -1; ++ } ++ + if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key(data, &str_key, &unused)) { + return 0; + } + + zend_hash_move_forward(data); +- to_read = MIN(ZSTR_LEN(str_key), count); + +- if (to_read == 0 || count < ZSTR_LEN(str_key)) { ++ php_stream_dirent *dirent = (php_stream_dirent *) buf; ++ ++ if (sizeof(dirent->d_name) <= ZSTR_LEN(str_key)) { + return 0; + } + +- memset(buf, 0, sizeof(php_stream_dirent)); +- memcpy(((php_stream_dirent *) buf)->d_name, ZSTR_VAL(str_key), to_read); +- ((php_stream_dirent *) buf)->d_name[to_read + 1] = '\0'; ++ memset(dirent, 0, sizeof(php_stream_dirent)); ++ PHP_STRLCPY(dirent->d_name, ZSTR_VAL(str_key), sizeof(dirent->d_name), ZSTR_LEN(str_key)); + + return sizeof(php_stream_dirent); + } +diff --git a/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt b/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt +new file mode 100644 +index 0000000000..4e12f05fb6 +--- /dev/null ++++ b/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt +@@ -0,0 +1,27 @@ ++--TEST-- ++GHSA-jqcx-ccgc-xwhv (Buffer overflow and overread in phar_dir_read()) ++--SKIPIF-- ++<?php if (!extension_loaded("phar")) die("skip"); ?> ++--INI-- ++phar.readonly=0 ++--FILE-- ++<?php ++$phar = new Phar(__DIR__. '/GHSA-jqcx-ccgc-xwhv.phar'); ++$phar->startBuffering(); ++$phar->addFromString(str_repeat('A', PHP_MAXPATHLEN - 1), 'This is the content of file 1.'); ++$phar->addFromString(str_repeat('B', PHP_MAXPATHLEN - 1).'C', 'This is the content of file 2.'); ++$phar->stopBuffering(); ++ ++$handle = opendir('phar://' . __DIR__ . '/GHSA-jqcx-ccgc-xwhv.phar'); ++var_dump(strlen(readdir($handle))); ++// Must not be a string of length PHP_MAXPATHLEN+1 ++var_dump(readdir($handle)); ++closedir($handle); ++?> ++--CLEAN-- ++<?php ++unlink(__DIR__. '/GHSA-jqcx-ccgc-xwhv.phar'); ++?> ++--EXPECTF-- ++int(%d) ++bool(false) +-- +2.41.0 + diff --git a/php-cve-2023-3824.patch b/php-cve-2023-3824.patch new file mode 100644 index 0000000..8eea6f1 --- /dev/null +++ b/php-cve-2023-3824.patch @@ -0,0 +1,647 @@ +From 4fb61f06b1aff89a4d7e548c37ffa5bf573270c3 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sat, 15 Jul 2023 17:33:52 +0200 +Subject: [PATCH 2/4] Sanitize libxml2 globals before parsing + +Fixes GHSA-3qrf-m4j2-pcrr. + +To parse a document with libxml2, you first need to create a parsing context. +The parsing context contains parsing options (e.g. XML_NOENT to substitute +entities) that the application (in this case PHP) can set. +Unfortunately, libxml2 also supports providing default set options. +For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT +option will be added to the parsing options every time you create a parsing +context **even if the application never requested XML_NOENT**. + +Third party extensions can override these globals, in particular the +substitute entity global. This causes entity substitution to be +unexpectedly active. + +Fix it by setting the parsing options to a sane known value. +For API calls that depend on global state we introduce +PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS(). +For other APIs that work directly with a context we introduce +php_libxml_sanitize_parse_ctxt_options(). + +(cherry picked from commit c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975) +(cherry picked from commit b3758bd21223b97c042cae7bd26a66cde081ea98) +--- + ext/dom/document.c | 15 ++++++++ + ext/dom/documentfragment.c | 2 ++ + ...xml_global_state_entity_loader_bypass.phpt | 36 +++++++++++++++++++ + ext/libxml/php_libxml.h | 36 +++++++++++++++++++ + ext/simplexml/simplexml.c | 6 ++++ + ...xml_global_state_entity_loader_bypass.phpt | 36 +++++++++++++++++++ + ext/soap/php_xml.c | 2 ++ + ext/xml/compat.c | 2 ++ + ext/xmlreader/php_xmlreader.c | 9 +++++ + ...xml_global_state_entity_loader_bypass.phpt | 35 ++++++++++++++++++ + ext/xsl/xsltprocessor.c | 9 +++-- + 11 files changed, 183 insertions(+), 5 deletions(-) + create mode 100644 ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt + create mode 100644 ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt + create mode 100644 ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt + +diff --git a/ext/dom/document.c b/ext/dom/document.c +index 3f34e5370d..238b1381cc 100644 +--- a/ext/dom/document.c ++++ b/ext/dom/document.c +@@ -1436,6 +1436,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so + options |= XML_PARSE_NOBLANKS; + } + ++ php_libxml_sanitize_parse_ctxt_options(ctxt); + xmlCtxtUseOptions(ctxt, options); + + ctxt->recovery = recover; +@@ -1733,7 +1734,9 @@ PHP_FUNCTION(dom_document_xinclude) + + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); + ++ PHP_LIBXML_SANITIZE_GLOBALS(xinclude); + err = xmlXIncludeProcessFlags(docp, (int)flags); ++ PHP_LIBXML_RESTORE_GLOBALS(xinclude); + + /* XML_XINCLUDE_START and XML_XINCLUDE_END nodes need to be removed as these + are added via xmlXIncludeProcess to mark beginning and ending of xincluded document +@@ -1772,6 +1775,7 @@ PHP_FUNCTION(dom_document_validate) + + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); + ++ PHP_LIBXML_SANITIZE_GLOBALS(validate); + cvp = xmlNewValidCtxt(); + + cvp->userData = NULL; +@@ -1783,6 +1787,7 @@ PHP_FUNCTION(dom_document_validate) + } else { + RETVAL_FALSE; + } ++ PHP_LIBXML_RESTORE_GLOBALS(validate); + + xmlFreeValidCtxt(cvp); + +@@ -1816,14 +1821,18 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type + + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); + ++ PHP_LIBXML_SANITIZE_GLOBALS(new_parser_ctxt); ++ + switch (type) { + case DOM_LOAD_FILE: + if (CHECK_NULL_PATH(source, source_len)) { ++ PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt); + php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); + RETURN_FALSE; + } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN); + if (!valid_file) { ++ PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt); + php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); + RETURN_FALSE; + } +@@ -1844,6 +1853,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type + parser); + sptr = xmlSchemaParse(parser); + xmlSchemaFreeParserCtxt(parser); ++ PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt); + if (!sptr) { + php_error_docref(NULL, E_WARNING, "Invalid Schema"); + RETURN_FALSE; +@@ -1864,11 +1874,13 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type + } + #endif + ++ PHP_LIBXML_SANITIZE_GLOBALS(validate); + xmlSchemaSetValidOptions(vptr, valid_opts); + xmlSchemaSetValidErrors(vptr, php_libxml_error_handler, php_libxml_error_handler, vptr); + is_valid = xmlSchemaValidateDoc(vptr, docp); + xmlSchemaFree(sptr); + xmlSchemaFreeValidCtxt(vptr); ++ PHP_LIBXML_RESTORE_GLOBALS(validate); + + if (is_valid == 0) { + RETURN_TRUE; +@@ -1938,12 +1950,14 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ + return; + } + ++ PHP_LIBXML_SANITIZE_GLOBALS(parse); + xmlRelaxNGSetParserErrors(parser, + (xmlRelaxNGValidityErrorFunc) php_libxml_error_handler, + (xmlRelaxNGValidityWarningFunc) php_libxml_error_handler, + parser); + sptr = xmlRelaxNGParse(parser); + xmlRelaxNGFreeParserCtxt(parser); ++ PHP_LIBXML_RESTORE_GLOBALS(parse); + if (!sptr) { + php_error_docref(NULL, E_WARNING, "Invalid RelaxNG"); + RETURN_FALSE; +@@ -2042,6 +2056,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ + ctxt->sax->error = php_libxml_ctx_error; + ctxt->sax->warning = php_libxml_ctx_warning; + } ++ php_libxml_sanitize_parse_ctxt_options(ctxt); + if (options) { + htmlCtxtUseOptions(ctxt, (int)options); + } +diff --git a/ext/dom/documentfragment.c b/ext/dom/documentfragment.c +index 0c289565a2..f12d191ddf 100644 +--- a/ext/dom/documentfragment.c ++++ b/ext/dom/documentfragment.c +@@ -132,7 +132,9 @@ PHP_METHOD(domdocumentfragment, appendXML) { + } + + if (data) { ++ PHP_LIBXML_SANITIZE_GLOBALS(parse); + err = xmlParseBalancedChunkMemory(nodep->doc, NULL, NULL, 0, (xmlChar *) data, &lst); ++ PHP_LIBXML_RESTORE_GLOBALS(parse); + if (err != 0) { + RETURN_FALSE; + } +diff --git a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt +new file mode 100644 +index 0000000000..b28afd4694 +--- /dev/null ++++ b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -0,0 +1,36 @@ ++--TEST-- ++GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) ++--SKIPIF-- ++<?php ++if (!extension_loaded('libxml')) die('skip libxml extension not available'); ++if (!extension_loaded('dom')) die('skip dom extension not available'); ++if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++?> ++--FILE-- ++<?php ++ ++$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; ++ ++libxml_use_internal_errors(true); ++ ++function parseXML($xml) { ++ $doc = new DOMDocument(); ++ @$doc->loadXML($xml); ++ $doc->createDocumentFragment()->appendXML("&bork;"); ++ foreach (libxml_get_errors() as $error) { ++ var_dump(trim($error->message)); ++ } ++} ++ ++parseXML($xml); ++zend_test_override_libxml_global_state(); ++parseXML($xml); ++ ++echo "Done\n"; ++ ++?> ++--EXPECT-- ++string(25) "Entity 'bork' not defined" ++string(25) "Entity 'bork' not defined" ++string(25) "Entity 'bork' not defined" ++Done +diff --git a/ext/libxml/php_libxml.h b/ext/libxml/php_libxml.h +index 7cc7271db2..bb2ef2d606 100644 +--- a/ext/libxml/php_libxml.h ++++ b/ext/libxml/php_libxml.h +@@ -120,6 +120,42 @@ PHP_LIBXML_API void php_libxml_shutdown(void); + ZEND_TSRMLS_CACHE_EXTERN() + #endif + ++/* Other extension may override the global state options, these global options ++ * are copied initially to ctxt->options. Set the options to a known good value. ++ * See libxml2 globals.c and parserInternals.c. ++ * The unique_name argument allows multiple sanitizes and restores within the ++ * same function, even nested is necessary. */ ++#define PHP_LIBXML_SANITIZE_GLOBALS(unique_name) \ ++ int xml_old_loadsubset_##unique_name = xmlLoadExtDtdDefaultValue; \ ++ xmlLoadExtDtdDefaultValue = 0; \ ++ int xml_old_validate_##unique_name = xmlDoValidityCheckingDefaultValue; \ ++ xmlDoValidityCheckingDefaultValue = 0; \ ++ int xml_old_pedantic_##unique_name = xmlPedanticParserDefault(0); \ ++ int xml_old_substitute_##unique_name = xmlSubstituteEntitiesDefault(0); \ ++ int xml_old_linenrs_##unique_name = xmlLineNumbersDefault(0); \ ++ int xml_old_blanks_##unique_name = xmlKeepBlanksDefault(1); ++ ++#define PHP_LIBXML_RESTORE_GLOBALS(unique_name) \ ++ xmlLoadExtDtdDefaultValue = xml_old_loadsubset_##unique_name; \ ++ xmlDoValidityCheckingDefaultValue = xml_old_validate_##unique_name; \ ++ (void) xmlPedanticParserDefault(xml_old_pedantic_##unique_name); \ ++ (void) xmlSubstituteEntitiesDefault(xml_old_substitute_##unique_name); \ ++ (void) xmlLineNumbersDefault(xml_old_linenrs_##unique_name); \ ++ (void) xmlKeepBlanksDefault(xml_old_blanks_##unique_name); ++ ++/* Alternative for above, working directly on the context and not setting globals. ++ * Generally faster because no locking is involved, and this has the advantage that it sets the options to a known good value. */ ++static zend_always_inline void php_libxml_sanitize_parse_ctxt_options(xmlParserCtxtPtr ctxt) ++{ ++ ctxt->loadsubset = 0; ++ ctxt->validate = 0; ++ ctxt->pedantic = 0; ++ ctxt->replaceEntities = 0; ++ ctxt->linenumbers = 0; ++ ctxt->keepBlanks = 1; ++ ctxt->options = 0; ++} ++ + #else /* HAVE_LIBXML */ + #define libxml_module_ptr NULL + #endif +diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c +index ab394b5c83..de718ced93 100644 +--- a/ext/simplexml/simplexml.c ++++ b/ext/simplexml/simplexml.c +@@ -2175,7 +2175,9 @@ PHP_FUNCTION(simplexml_load_file) + RETURN_FALSE; + } + ++ PHP_LIBXML_SANITIZE_GLOBALS(read_file); + docp = xmlReadFile(filename, NULL, (int)options); ++ PHP_LIBXML_RESTORE_GLOBALS(read_file); + + if (!docp) { + RETURN_FALSE; +@@ -2229,7 +2231,9 @@ PHP_FUNCTION(simplexml_load_string) + RETURN_FALSE; + } + ++ PHP_LIBXML_SANITIZE_GLOBALS(read_memory); + docp = xmlReadMemory(data, (int)data_len, NULL, NULL, (int)options); ++ PHP_LIBXML_RESTORE_GLOBALS(read_memory); + + if (!docp) { + RETURN_FALSE; +@@ -2279,7 +2283,9 @@ SXE_METHOD(__construct) + return; + } + ++ PHP_LIBXML_SANITIZE_GLOBALS(read_file_or_memory); + docp = is_url ? xmlReadFile(data, NULL, (int)options) : xmlReadMemory(data, (int)data_len, NULL, NULL, (int)options); ++ PHP_LIBXML_RESTORE_GLOBALS(read_file_or_memory); + + if (!docp) { + ((php_libxml_node_object *)sxe)->document = NULL; +diff --git a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt +new file mode 100644 +index 0000000000..2152e01232 +--- /dev/null ++++ b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -0,0 +1,36 @@ ++--TEST-- ++GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) ++--SKIPIF-- ++<?php ++if (!extension_loaded('libxml')) die('skip libxml extension not available'); ++if (!extension_loaded('simplexml')) die('skip simplexml extension not available'); ++if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++?> ++--FILE-- ++<?php ++ ++$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; ++ ++libxml_use_internal_errors(true); ++zend_test_override_libxml_global_state(); ++ ++echo "--- String test ---\n"; ++simplexml_load_string($xml); ++echo "--- Constructor test ---\n"; ++new SimpleXMLElement($xml); ++echo "--- File test ---\n"; ++file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); ++simplexml_load_file("libxml_global_state_entity_loader_bypass.tmp"); ++ ++echo "Done\n"; ++ ++?> ++--CLEAN-- ++<?php ++@unlink("libxml_global_state_entity_loader_bypass.tmp"); ++?> ++--EXPECT-- ++--- String test --- ++--- Constructor test --- ++--- File test --- ++Done +diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c +index a1ab525de3..7ebfbc2f71 100644 +--- a/ext/soap/php_xml.c ++++ b/ext/soap/php_xml.c +@@ -93,6 +93,7 @@ xmlDocPtr soap_xmlParseFile(const char *filename) + if (ctxt) { + zend_bool old; + ++ php_libxml_sanitize_parse_ctxt_options(ctxt); + ctxt->keepBlanks = 0; + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; + ctxt->sax->comment = soap_Comment; +@@ -143,6 +144,7 @@ xmlDocPtr soap_xmlParseMemory(const void *buf, size_t buf_size) + if (ctxt) { + zend_bool old; + ++ php_libxml_sanitize_parse_ctxt_options(ctxt); + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; + ctxt->sax->comment = soap_Comment; + ctxt->sax->warning = NULL; +diff --git a/ext/xml/compat.c b/ext/xml/compat.c +index 450bb1b52c..82dff1f75a 100644 +--- a/ext/xml/compat.c ++++ b/ext/xml/compat.c +@@ -19,6 +19,7 @@ + #include "php.h" + #if defined(HAVE_LIBXML) && (defined(HAVE_XML) || defined(HAVE_XMLRPC)) && !defined(HAVE_LIBEXPAT) + #include "expat_compat.h" ++#include "ext/libxml/php_libxml.h" + + typedef struct _php_xml_ns { + xmlNsPtr nsptr; +@@ -476,6 +477,7 @@ XML_ParserCreate_MM(const XML_Char *encoding, const XML_Memory_Handling_Suite *m + parser->parser->charset = XML_CHAR_ENCODING_NONE; + #endif + ++ php_libxml_sanitize_parse_ctxt_options(parser->parser); + #if LIBXML_VERSION >= 20703 + xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX); + #endif +diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c +index e03273709f..ee219aea36 100644 +--- a/ext/xmlreader/php_xmlreader.c ++++ b/ext/xmlreader/php_xmlreader.c +@@ -290,6 +290,7 @@ static xmlRelaxNGPtr _xmlreader_get_relaxNG(char *source, size_t source_len, siz + return NULL; + } + ++ PHP_LIBXML_SANITIZE_GLOBALS(parse); + if (error_func || warn_func) { + xmlRelaxNGSetParserErrors(parser, + (xmlRelaxNGValidityErrorFunc) error_func, +@@ -298,6 +299,7 @@ static xmlRelaxNGPtr _xmlreader_get_relaxNG(char *source, size_t source_len, siz + } + sptr = xmlRelaxNGParse(parser); + xmlRelaxNGFreeParserCtxt(parser); ++ PHP_LIBXML_RESTORE_GLOBALS(parse); + + return sptr; + } +@@ -870,7 +872,9 @@ PHP_METHOD(xmlreader, open) + valid_file = _xmlreader_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + + if (valid_file) { ++ PHP_LIBXML_SANITIZE_GLOBALS(reader_for_file); + reader = xmlReaderForFile(valid_file, encoding, options); ++ PHP_LIBXML_RESTORE_GLOBALS(reader_for_file); + } + + if (reader == NULL) { +@@ -948,7 +952,9 @@ PHP_METHOD(xmlreader, setSchema) + + intern = Z_XMLREADER_P(id); + if (intern && intern->ptr) { ++ PHP_LIBXML_SANITIZE_GLOBALS(schema); + retval = xmlTextReaderSchemaValidate(intern->ptr, source); ++ PHP_LIBXML_RESTORE_GLOBALS(schema); + + if (retval == 0) { + RETURN_TRUE; +@@ -1068,6 +1074,7 @@ PHP_METHOD(xmlreader, XML) + } + uri = (char *) xmlCanonicPath((const xmlChar *) resolved_path); + } ++ PHP_LIBXML_SANITIZE_GLOBALS(text_reader); + reader = xmlNewTextReader(inputbfr, uri); + + if (reader != NULL) { +@@ -1088,9 +1095,11 @@ PHP_METHOD(xmlreader, XML) + xmlFree(uri); + } + ++ PHP_LIBXML_RESTORE_GLOBALS(text_reader); + return; + } + } ++ PHP_LIBXML_RESTORE_GLOBALS(text_reader); + } + + if (uri) { +diff --git a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt +new file mode 100644 +index 0000000000..e9ffb04c2b +--- /dev/null ++++ b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -0,0 +1,35 @@ ++--TEST-- ++GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) ++--SKIPIF-- ++<?php ++if (!extension_loaded('libxml')) die('skip libxml extension not available'); ++if (!extension_loaded('xmlreader')) die('skip xmlreader extension not available'); ++if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++?> ++--FILE-- ++<?php ++ ++$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>"; ++ ++libxml_use_internal_errors(true); ++zend_test_override_libxml_global_state(); ++ ++echo "--- String test ---\n"; ++$reader = XMLReader::xml($xml); ++$reader->read(); ++echo "--- File test ---\n"; ++file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); ++$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); ++$reader->read(); ++ ++echo "Done\n"; ++ ++?> ++--CLEAN-- ++<?php ++@unlink("libxml_global_state_entity_loader_bypass.tmp"); ++?> ++--EXPECT-- ++--- String test --- ++--- File test --- ++Done +diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c +index 182aab68d6..af72dab248 100644 +--- a/ext/xsl/xsltprocessor.c ++++ b/ext/xsl/xsltprocessor.c +@@ -395,7 +395,7 @@ PHP_FUNCTION(xsl_xsltprocessor_import_stylesheet) + xmlDoc *doc = NULL, *newdoc = NULL; + xsltStylesheetPtr sheetp, oldsheetp; + xsl_object *intern; +- int prevSubstValue, prevExtDtdValue, clone_docu = 0; ++ int clone_docu = 0; + xmlNode *nodep = NULL; + zval *cloneDocu, member, rv; + +@@ -417,13 +417,12 @@ PHP_FUNCTION(xsl_xsltprocessor_import_stylesheet) + stylesheet document otherwise the node proxies will be a mess */ + newdoc = xmlCopyDoc(doc, 1); + xmlNodeSetBase((xmlNodePtr) newdoc, (xmlChar *)doc->URL); +- prevSubstValue = xmlSubstituteEntitiesDefault(1); +- prevExtDtdValue = xmlLoadExtDtdDefaultValue; ++ PHP_LIBXML_SANITIZE_GLOBALS(parse); ++ xmlSubstituteEntitiesDefault(1); + xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS; + + sheetp = xsltParseStylesheetDoc(newdoc); +- xmlSubstituteEntitiesDefault(prevSubstValue); +- xmlLoadExtDtdDefaultValue = prevExtDtdValue; ++ PHP_LIBXML_RESTORE_GLOBALS(parse); + + if (!sheetp) { + xmlFreeDoc(newdoc); +-- +2.41.0 + +From 79a97d0e2b93c40c3728d587046266989c5acc42 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 1 Aug 2023 07:37:25 +0200 +Subject: [PATCH 3/4] backport zend_test changes + (zend_test_override_libxml_global_state) + +(cherry picked from commit 24e669e790e6aebd219c9a9fa19017455c8646b4) +--- + ...xml_global_state_entity_loader_bypass.phpt | 1 + + ...xml_global_state_entity_loader_bypass.phpt | 1 + + ...xml_global_state_entity_loader_bypass.phpt | 5 +++-- + ext/zend_test/test.c | 22 +++++++++++++++++++ + 4 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt +index b28afd4694..7fc2a249ac 100644 +--- a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt ++++ b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) + if (!extension_loaded('libxml')) die('skip libxml extension not available'); + if (!extension_loaded('dom')) die('skip dom extension not available'); + if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); + ?> + --FILE-- + <?php +diff --git a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt +index 2152e01232..54f9d4941e 100644 +--- a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt ++++ b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) + if (!extension_loaded('libxml')) die('skip libxml extension not available'); + if (!extension_loaded('simplexml')) die('skip simplexml extension not available'); + if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); + ?> + --FILE-- + <?php +diff --git a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt +index e9ffb04c2b..b0120b325e 100644 +--- a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt ++++ b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt +@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass) + if (!extension_loaded('libxml')) die('skip libxml extension not available'); + if (!extension_loaded('xmlreader')) die('skip xmlreader extension not available'); + if (!extension_loaded('zend-test')) die('skip zend-test extension not available'); ++if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows'); + ?> + --FILE-- + <?php +@@ -15,11 +16,11 @@ libxml_use_internal_errors(true); + zend_test_override_libxml_global_state(); + + echo "--- String test ---\n"; +-$reader = XMLReader::xml($xml); ++$reader = @XMLReader::xml($xml); + $reader->read(); + echo "--- File test ---\n"; + file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml); +-$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); ++$reader = @XMLReader::open("libxml_global_state_entity_loader_bypass.tmp"); + $reader->read(); + + echo "Done\n"; +diff --git a/ext/zend_test/test.c b/ext/zend_test/test.c +index 87dcc90220..7f605773b7 100644 +--- a/ext/zend_test/test.c ++++ b/ext/zend_test/test.c +@@ -25,6 +25,11 @@ + #include "ext/standard/info.h" + #include "php_test.h" + ++#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) ++# include <libxml/globals.h> ++# include <libxml/parser.h> ++#endif ++ + static zend_class_entry *zend_test_interface; + static zend_class_entry *zend_test_class; + static zend_class_entry *zend_test_child_class; +@@ -48,6 +53,20 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_zend_leak_variable, 0, 0, 1) + ZEND_ARG_INFO(0, variable) + ZEND_END_ARG_INFO() + ++#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) ++static ZEND_FUNCTION(zend_test_override_libxml_global_state) ++{ ++ ZEND_PARSE_PARAMETERS_NONE(); ++ ++ xmlLoadExtDtdDefaultValue = 1; ++ xmlDoValidityCheckingDefaultValue = 1; ++ (void) xmlPedanticParserDefault(1); ++ (void) xmlSubstituteEntitiesDefault(1); ++ (void) xmlLineNumbersDefault(1); ++ (void) xmlKeepBlanksDefault(0); ++} ++#endif ++ + ZEND_FUNCTION(zend_test_func) + { + /* dummy */ +@@ -266,6 +285,9 @@ static const zend_function_entry zend_test_functions[] = { + ZEND_FE(zend_terminate_string, arginfo_zend_terminate_string) + ZEND_FE(zend_leak_bytes, NULL) + ZEND_FE(zend_leak_variable, arginfo_zend_leak_variable) ++#if defined(HAVE_LIBXML) && !defined(PHP_WIN32) ++ ZEND_FE(zend_test_override_libxml_global_state, NULL) ++#endif + ZEND_FE_END + }; + +-- +2.41.0 + +From 3cf7c2b10e577136b267f2d90bfdff6743271c5c Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Tue, 1 Aug 2023 07:22:33 +0200 +Subject: [PATCH 4/4] NEWS + +(cherry picked from commit ef1d507acf7be23d7624dc3c891683b2218feb51) +--- + NEWS | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/NEWS b/NEWS +index 1950d841a5..05d9ca8f4c 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,16 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.0.30 ++ ++- Libxml: ++ . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading ++ in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) ++ ++- Phar: ++ . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). ++ (CVE-2023-3824) (nielsdos) ++ + Backported from 8.0.29 + + - Soap: +-- +2.41.0 + diff --git a/php-cve-2024-2756.patch b/php-cve-2024-2756.patch new file mode 100644 index 0000000..a8607d9 --- /dev/null +++ b/php-cve-2024-2756.patch @@ -0,0 +1,195 @@ +From 46b570a1e4aeb4a414898fcc09503ac388d16256 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sun, 17 Mar 2024 21:04:47 +0100 +Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass + due to partial CVE-2022-31629 fix + +The check happened too early as later code paths may perform more +mangling rules. Move the check downwards right before adding the actual +variable. + +(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53) +(cherry picked from commit 2e07a3acd7a6b53c55325b94bed97748d7697b53) +(cherry picked from commit a6c1c62a25ac23b08a86af11d68f0e2eaafc102b) +--- + ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++ + main/php_variables.c | 41 +++++++++----- + 2 files changed, 90 insertions(+), 14 deletions(-) + create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt + +diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt +new file mode 100644 +index 0000000000..77fcb68089 +--- /dev/null ++++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt +@@ -0,0 +1,63 @@ ++--TEST-- ++ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix) ++--COOKIE-- ++..Host-test=ignore_1; ++._Host-test=ignore_2; ++.[Host-test=ignore_3; ++_.Host-test=ignore_4; ++__Host-test=ignore_5; ++_[Host-test=ignore_6; ++[.Host-test=ignore_7; ++[_Host-test=ignore_8; ++[[Host-test=ignore_9; ++..Host-test[]=ignore_10; ++._Host-test[]=ignore_11; ++.[Host-test[]=ignore_12; ++_.Host-test[]=ignore_13; ++__Host-test[]=legitimate_14; ++_[Host-test[]=legitimate_15; ++[.Host-test[]=ignore_16; ++[_Host-test[]=ignore_17; ++[[Host-test[]=ignore_18; ++..Secure-test=ignore_1; ++._Secure-test=ignore_2; ++.[Secure-test=ignore_3; ++_.Secure-test=ignore_4; ++__Secure-test=ignore_5; ++_[Secure-test=ignore_6; ++[.Secure-test=ignore_7; ++[_Secure-test=ignore_8; ++[[Secure-test=ignore_9; ++..Secure-test[]=ignore_10; ++._Secure-test[]=ignore_11; ++.[Secure-test[]=ignore_12; ++_.Secure-test[]=ignore_13; ++__Secure-test[]=legitimate_14; ++_[Secure-test[]=legitimate_15; ++[.Secure-test[]=ignore_16; ++[_Secure-test[]=ignore_17; ++[[Secure-test[]=ignore_18; ++--FILE-- ++<?php ++var_dump($_COOKIE); ++?> ++--EXPECT-- ++array(3) { ++ ["__Host-test"]=> ++ array(1) { ++ [0]=> ++ string(13) "legitimate_14" ++ } ++ ["_"]=> ++ array(2) { ++ ["Host-test["]=> ++ string(13) "legitimate_15" ++ ["Secure-test["]=> ++ string(13) "legitimate_15" ++ } ++ ["__Secure-test"]=> ++ array(1) { ++ [0]=> ++ string(13) "legitimate_14" ++ } ++} +diff --git a/main/php_variables.c b/main/php_variables.c +index f2d0c3bd98..d0ebd50ec8 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -65,6 +65,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz + zend_string_release_ex(key, 0); + } + ++/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- ++ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */ ++static zend_bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name) ++{ ++ if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) { ++ return 1; ++ } ++ ++ if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) { ++ return 1; ++ } ++ ++ return 0; ++} ++ + PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array) + { + char *p = NULL; +@@ -115,20 +130,6 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars + } + var_len = p - var; + +- /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */ +- if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) { +- zval_ptr_dtor_nogc(val); +- free_alloca(var_orig, use_heap); +- return; +- } +- +- /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */ +- if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) { +- zval_ptr_dtor_nogc(val); +- free_alloca(var_orig, use_heap); +- return; +- } +- + if (var_len==0) { /* empty variable name, or variable name with a space in it */ + zval_ptr_dtor_nogc(val); + free_alloca(var_orig, use_heap); +@@ -226,6 +227,12 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars + return; + } + } else { ++ if (php_is_forbidden_variable_name(index, index_len, var_name)) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ + gpc_element_p = zend_symtable_str_find(symtable1, index, index_len); + if (!gpc_element_p) { + zval tmp; +@@ -263,6 +270,12 @@ plain_var: + zval_ptr_dtor_nogc(val); + } + } else { ++ if (php_is_forbidden_variable_name(index, index_len, var_name)) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ + zend_ulong idx; + + /* +-- +2.44.0 + +From 8642473b624f809b768180b104c013f74e3a99a0 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Wed, 10 Apr 2024 08:59:32 +0200 +Subject: [PATCH 2/4] NEWS + +(cherry picked from commit 366cc249b7d54707572beb7096e8f6c65ee79719) +(cherry picked from commit dcdd49ef3bfbd8ccc778850d6a0f9b98adf625d4) +--- + NEWS | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/NEWS b/NEWS +index 05d9ca8f4c..e26f978213 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,6 +1,12 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + ++Backported from 8.1.28 ++ ++- Standard: ++ . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to ++ partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) ++ + Backported from 8.0.30 + + - Libxml: +-- +2.44.0 + diff --git a/php-cve-2024-3096.patch b/php-cve-2024-3096.patch new file mode 100644 index 0000000..7b2cc15 --- /dev/null +++ b/php-cve-2024-3096.patch @@ -0,0 +1,83 @@ +From 747100905eceffb1f67096b437001e42900eb6bb Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <bukka@php.net> +Date: Fri, 29 Mar 2024 15:27:59 +0000 +Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can + erroneously return true + +Disallow null character in bcrypt password + +(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826) +(cherry picked from commit 81794c73068d9a44bf109bbcc9793e7b56a1c051) +(cherry picked from commit 4a7ceb9d6427f8d368f1a8739267b1f8310ec201) +--- + ext/standard/password.c | 5 +++++ + ext/standard/tests/password/password_bcrypt_errors.phpt | 6 ++++++ + 2 files changed, 11 insertions(+) + +diff --git a/ext/standard/password.c b/ext/standard/password.c +index 5cf0d397f5..79454e0a1e 100644 +--- a/ext/standard/password.c ++++ b/ext/standard/password.c +@@ -467,6 +467,11 @@ PHP_FUNCTION(password_hash) + cost = zval_get_long(option_buffer); + } + ++ if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) { ++ php_error_docref(NULL, E_WARNING, "Bcrypt password must not contain null character"); ++ RETURN_NULL(); ++ } ++ + if (cost < 4 || cost > 31) { + php_error_docref(NULL, E_WARNING, "Invalid bcrypt cost parameter specified: " ZEND_LONG_FMT, cost); + RETURN_NULL(); +diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt +index a0826080e6..f95b72670a 100644 +--- a/ext/standard/tests/password/password_bcrypt_errors.phpt ++++ b/ext/standard/tests/password/password_bcrypt_errors.phpt +@@ -16,6 +16,8 @@ var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => 123))); + + var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => "foo"))); + ++var_dump(password_hash("null\0password", PASSWORD_BCRYPT)); ++ + ?> + --EXPECTF-- + Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d +@@ -41,3 +43,7 @@ NULL + + Warning: password_hash(): Invalid bcrypt cost parameter specified: 0 in %s on line %d + NULL ++ ++Warning: password_hash(): Bcrypt password must not contain null character in %s on line %d ++NULL ++ +-- +2.44.0 + +From fbeed182bb0b0c4c453e064198b5cc3814a10de0 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Wed, 10 Apr 2024 09:01:09 +0200 +Subject: [PATCH 4/4] NEWS + +(cherry picked from commit 24f77904ee2259d722559f129f96a1f145a2367b) +(cherry picked from commit 027bdbc636632be49ecfad8d4191509faacb34ac) +--- + NEWS | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/NEWS b/NEWS +index e26f978213..6ad89d2e8e 100644 +--- a/NEWS ++++ b/NEWS +@@ -6,6 +6,8 @@ Backported from 8.1.28 + - Standard: + . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to + partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) ++ . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, ++ opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) + + Backported from 8.0.30 + +-- +2.44.0 + diff --git a/php-keyring.gpg b/php-keyring.gpg index 986f7f4..f06ffb0 100644 --- a/php-keyring.gpg +++ b/php-keyring.gpg @@ -1,521 +1,539 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFklYukBEAC9tCSjnoNs3ucOA9RPfKcuK87JD9jdet2UUsw4DHd/Hwmrt3T7 -WKoH1GwRp+ue5+vzXqdFRZ4gG+7tgvUsOtNb5rh22bTBsUIeGsvm/omJntXCFQhY -cfjtk04p3qtgJ5PGjZahCRYg4aQ2tGp2Mb8auFuFPsHtOHLWQCL7vQShsN9mEkEz -AQZnn9QYL+IvTQVSKsRy8XcHYZVk2uT2xQY2LvkAucWF0TrjU2LJ2IFdepc0+jz1 -xasBR0afT9YccHpQH5w8yOW+9o/n7BiMHfgT0sBMdKCfKVoQrQe0CsFnqc/+V4Ns -nHkyUrbfKiIFm+NOupIMpL6/A+Iky5YpjIIUHPuVL6VAY6wm463WI8FPk+NtGekm -9jqISxirkYWsIEoZtCrycC8N0iUbGq8eLYdC9ewU5dagCdLGwnDvYjOvzH156LTi -E/Svrq2q0kBDAa7CTGRlT+2sgD89ol73QtAVUJst99lVHMmIL1cV4HUpvOlTJHRd -sN6VhlPrw6ue+2vmYsF86bYni6vMH6KJnmiWa1wijYO0wiSphtTXAa0HE/HTV+hS -b9bCRbyipwdqkEeaj8sKcx9+XyNxVOlUfo8pQZnLRTd61Fvj+sSTSEbo95a5gi0W -DnyNtiafKEvLxal7VyatbAcCEcLDYAVHffNLg4fm4H35HN0YQpUt+SuVwQARAQAB -tBpSZW1pIENvbGxldCA8cmVtaUBwaHAubmV0PokCPgQTAQIAKAUCWSVi6QIbAwUJ -DShogAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ3J/40+5a8n9OJQ/9HtuZ -4BMPMDFGVPUZ9DP0d74DF/QcT0V101TrdIZ92R4up56Dv40djjQZc2W9BmpPVFr/ -v6qdjapdPH5vvmatnQDz/nIOfo1iwPWGzvmKnbDBQ4qJX7Jd6PdD/YorcD+0tOQN -KLIGE9ZFQnS80iz9iaTGzvQKEQKEMugQSf3kG3NBEGqKQBsTTrBQOUJ3g8w6id2/ -qJtrDRbL9TuCU77Dpx9HUAnjj/Ixlvd4RQDa/BCYzGYJlCyTsaVW3qc7DIh/pRad -qtswghSETtl6SSo9yHtoYOGTxXO6UikLEE8miOlaOPQrC9hCD+LSGc5QhNLBEKes -0l79w9kw9qZ9Xfh4pw/hf1N4O3kPHyUg0q9QaX1XKtigjTUcpdf2Kq8LtlB60p40 -eZE2dV3T11X+rcn33pFSXMeTJeaNKHXoeGcva/gyZVtvi8iJhqtw9QOUkxRDvGB+ -FEUId3Z1yAu7ZAz6qiUCgxK/VJ6/kBb+YYR8K4FHLmNOd5KoiTerKQu423uuMYlY -fBHpVZ9YuEJQnTEpizFEeOgaixx5RDLnoPsd/x59VS9eaaKotTPbW/rEp7SvbKj0 -dR5WMfGyd/OJrcWVZy8/Kh5Mc/4KOHD+JGAp0bE113TkEEoTZ8gNHFdLdv52V9eX -UkeT5IxyThZBkUy6palDM8A5vaf6Eet8xOLy9XG5Ag0EWSVi6QEQAKujAODvsdbt -5n1dO29Nj5htbmt6M2A7eOjt7yUj4UMtBaGOA08O0DVA8MJkvepMq9AJBXHZMi9D -ycw3rxBHQDqHJJMwghu3RoQw1y5Wym7LiLhoWSU/wK0BrKOULBwh+kS6udKA4oWr -V/gr0JGmfdL8dZjBF10kHCfCcjcjWtmIp2GRaoOKTlHCviNmRxzyqba7zE0Zc2ma -Q/4w98BI83GqD1bT8gF/5qwSI1hecBwt9oS7EbZ1ZiE8SSE8Gr6OR3p5UNHbzqxU -Wy8W4r3qulCLc6g1LPXP1V59cMxX9jQJ7lSdv0k8C6Lb6t9Wm8G63hNYgRCAmNW5 -EnqieTrx45K9vqoqfQK6Apfy0UoOquiuK7QClT3wBd7kmyKsCfV0bwRA/fV/sC1R -niu8PV7CRk9ryudUXycKq33pSkrOfZjFIQhCqdJkVc2MPbAuj2pOMutKwGKRq/Mt -3O8nEfGqWaJPa36C6dhlPqjEGTIEk5P493DzM7fj5VVIWyUrI8Vm9FslSvzILcON -HMtKtRs2cRYA085NKDXGN7i5Am7L7ZONfqVs3V493ICwmALzeSULNLiMtX+ESQfd -WCS3Hosnjbc6INDg9BRhFt5MEWJ/qchM3g4NQuukqtOYsiEUw8bCzepwJxXplvNY -u0yQDxvP+0RzjMozruVz3VoHeyf6rSWvABEBAAGJAiUEGAECAA8FAlklYukCGwwF -CQ0oaIAACgkQ3J/40+5a8n/8gg//a75gXQ4csiDUTsUndb94EXqraffmMcT5oCzf -cP+Mecbuv3G8oQZeLRchsW2i4QecnvPwrXAJcF8kJuN/KZLyeh21PWBy55wo/2nb -wOvQockXpK5yVeuc3DmdTaxDnW9u3QpSwbvkEyoCpeHH6rZ1wjqn8Qi1k7njC4qg -XpRrLQdRsS5ULXpf3IM+vaxbQ5avVnNRu5zMA6M/0reL0RSjgMfnk+3AwLCtuMiy -1aStCe8V7Y60/oauk+IZA1VJlSz2n3675YD7TkTZKkYIYZHTBw3ZPVJo08jdRUXt -GJjpOyyWVjP7GMKvZuQVWqcFyc8QHHaIPDLkdi7B9YFPWqfwJPBfUXcdzjAXI7N4 -XsSEeMm8S8SC4FKCidioP/A+bamKcONHUuZ+AztvLh24ZTkqzA/sRRYpbMGUQzpc -DbastuXG66s3e9pJa0R14011A4bofy6Ureh9q6TQNOkNegUUdjbGSd1bfNIdQXRH -0+LBV1oaY//v+aBjswy4hJ5oXmQj5jQKFitRCP9jzueyDdMJZ0j0Hhh4ItCzFV5z -IKtWiy7pRp1DXq9LjoyWeeLfKu+HrEGjMwyTGJiMjcL7oCHeiV/a+fY92wpUrY1/ -mRVLqKqDIA6/iEL2DVf21U7rXY26xxvf4QFImZaYLwKQYLe8TOOjDA/I9bR1JJmh -54yw10CZAy4ET2apoBEIAIVKpwaY26eSNBC7df7JedOYV4SS8zgldlM4F1HxoR68 -0aaYUR/K+NoONaL2FzCngT+Vi0L4/tWxWMzU5Jf16rSML+UYvRnJFd6T6Y3LSfkf -U1K5Ol/1jXwsyqFzgb5FT4tw2Jn0rQMm44680s/Fbs4dmC7FvfB0o9c1VraPJF8k -Aqba5okkxPWZOYVP1rRDxIqv6ZSusmS4bQfajpLOsq3xbCiKe3V6HrvNWwlom1AV -yGcRmeVrAhyo/bILicsZHcyS5ujDGgQFgJl63XxodVVFu+kbZC2hvwu7nGuwZuZf -KZOQdN2m+R9wkUANrwzM4v3TM7FfBsZ9shk6WHkSfyMBAJeV+fHZ5AvcFJb/pcA1 -rnV1taISnV3UECSkYq1m+WTRB/4z1YCL71pcx7fE/mSvG2CdE1R/ZY3pl3LYzEvV -FEkIVvK0uGXSuicLj0GwZhUayF0QfzGEFuIg4kq5Vn8NOX1sSbs/1zsILuInJUKS -FQCGi4frHNlA0tH5FT5B5tjNfKlV+X31CTsR0yav9YBkIcu69qfKp6kLkQGxrdWc -B9B6ZI2gF4YEpZYuI6w+O9Lvb7LXPhFQwB9cefiX+wUy3zO3v/vgCYk/Bmq5XjWn -iY87XZXj7E/JzpGwHzix+yTZBWK9TzDwCS8ZB5iNejPsjBqj3n59a15XNnfopFC9 -RyQ/ykaMeUNecfEnQcjUj+Q4FlKPBHBR/R13vfLp6s+FsuT6B/410jcf0oYkHMbn -+tXJYrBR5D13m53iNMlGRAa8A/mmDvq8Rr12iBul7hbln7QF9uIlKdCZBZIeJl12 -P+3fem1u6njgKTplOB2WYVgwsXWFHjs8hlMMoRES4pgZyL++ryydm8Qk/1gLD9O2 -Idwx2swpxj/4unyVA7QYcs8H2CVWGcLR1vqXVemDUIwjz9GjMExyKPfQSABOCAL/ -LbNuKoAWhL0U32dc9t7imFK2oAETJ5n6de523s9RhONWByuqjxsdkKKwGhtYLs6c -rJTPFXHNR64+Qh+Zm7OQtozDYxxB2/DCw29DQPNos/fRzVeyb/sQhglw5anOVUnl -Ct2YTT8FtDJTdGFuaXNsYXYgTWFseXNoZXYgKFBIUCBrZXkpIDxzbWFseXNoZXZA -Z21haWwuY29tPoh6BBMRCAAiBQJPZqq0AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe -AQIXgAAKCRAveVa8XaBLXZczAP0e5EiiVLAgrvu7wRjjrXLa7qxtffqfn+6j8sNC -7GiLewD/Qy+me/M6G/0i5+++xkSPcTuLeH6IPnrjxgzB9MUKKP60K1N0YW5pc2xh -diBNYWx5c2hldiAoUEhQIGtleSkgPHN0YXNAcGhwLm5ldD6IegQTEQgAIgUCT2ap -oAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQL3lWvF2gS12F2wD/WpBv -lFluHo+UhV4cIUULd8y/LnrAnUoLSSeGmHJl1wYA/1tAWFYZvHKUWfvGadsnZulr -7Rh/NFbBuCZ4hKhki1DVtDVTdGFuaXNsYXYgTWFseXNoZXYgKFBIUCBrZXkpIDxz -bWFseXNoZXZAc3VnYXJjcm0uY29tPoh6BBMRCAAiBQJPZqqdAhsDBgsJCAcDAgYV -CAIJCgsEFgIDAQIeAQIXgAAKCRAveVa8XaBLXWuhAP9L9/cztiAKFozxIC3v2IA+ -8uJ6mVQGBiC44mMdzXpADQD8CbSaMqY2rdbk/S4D+8H6WIIRwwt1xmI4iw0jjh4e -Pk+5Ag0ET2apoBAIAN9k8ymNmSQZmPcFj/sCmguribCrNuH4KktfA2fbS0U29Jd9 -vxF15e9URvtJzH5b2pimJq6faJcmAJUfx+ClmlHznq6VPWrq4Ib74Je5sS+Kn94m -RmX3f/ziHTgpAnCyA6sCHQ6bc549Gfw+v777Qs1LQQvy5f9gd5M4Y6eeZOphN7JI -FUV2i/oviZ6l11+N6SJwpCqEvuZmH/G6rb0mKNPS401fy/i8NZAO7l2UBx1364He -BxcwP8+CKcPXXOn7rC2tYKb/7IGqm8PBdBfk8ZSfC9tF+XsDLcybCaheJ5xkyDR3 -BNJzt7SWEHgcZEdl0EwkHisdRUZ3Oq6Mr9y06+sAAwUH/RS1vvpB7qwIyUfFUCZ4 -T99ujs+LTlu1n/HTWvrt0d9oxI/SuIIonszQ5b6MBe2737P8FWdiKxbrtZZ/GXZx -Lm1kOCIeAkBFdZQ47vb6xJwc/wpCZOXXPXqDIpvBjdKbIGTByk4vfmeFRY0vL3ez -I+hjqxlROKSvZtli6QcNDfdcE+zh7oxtYp+xr2ppWaeU4XeTlSoKGO618doRrhDt -U/jAEimmEcGL0wjXqgkjPME9saXa6h52PCJnpB5BmdK45VhnFTZ3eVEDw+u18U3V -VKWkSb9VwC+2J4dRhYc3TA675yndKWvlclU2NOMmGXbxKWKcwwTniYoAZ/Yt2v91 -HBeIYQQYEQgACQUCT2apoAIbDAAKCRAveVa8XaBLXboRAP9VV3cWCMsqCUKVFA/N -19Tzju2oMrjMmNuZG/m8svCgTQD7ButCzuNUZTc2tLQAiXm9SZ7CmnYErNKR6nLb -edaZ6PCZAg0EXP+o8QEQAOt/faLOy1ltLfFcIRJo0o/tS9eEcofNUDxDNeT9Q61F -2oMXi7uxRpnnJu69/9AgN5urM4aSL/amfIn5NSmT2JCkFHhcSb367UX3Hw3sNWJ6 -eGp7JePowEb9OhnTsJBuxIslZLUj8n9IRqi2snkIZqg5dnMTybjzvCTkgyEoJN96 -1PeP0AVgNkUS0ibQdzGbqWPWekb2DLMMkW3GClkJamdPYmeCA6nnjqZf2LiFhApf -/fW6RBKKhQ/bTZaWmPpg8tooU+kVnvuLnn20lnxRI8aRnfsdXHAiiqlYmIIBJdG8 -PkutEWkvucRDhvcJ7ka1UZ1XvRG02MNvsTHQ7AWhZdKryz2P+ugX3g/omaQP3Tdg -a7Diy1pOwifcgoKB8S9fORjC20DcuvO2wnlVBgyAReejisxgQO2yYlumfl1ZFV9e -pYvdPEwZy8ugyLWCKmBZkoBggGL4gJrKtb/3VTnXaXQMw1uEXx+RawTaKWDPdhbM -BfDbQzflbLcFgFEANiA1932MD4piFfsRvHm4FQC8u51pAHbBRj6GZFCWvseS5/Fl -Dhd+5DGzbYXf7gXpcng2djFOvxG/s+eBjloo58Npe255U8rGrSfPJdHXs5jdDkPG -J90mg4zCjVbPpIn6lZQIUoqd/3iAOP9z9waf0VrWpMzfZ1f31FVoHOobuhczOqM3 -ABEBAAG0JURlcmljayBSZXRoYW5zIDxncGdAZGVyaWNrcmV0aGFucy5ubD6JAlQE -EwEKAD4WIQRaUogHgfdVYIv4FfyRDetG9T6jEgUCXP+peQIbAwUJEswDAAULCQgH -AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCRDetG9T6jEjUFD/9pntL8QAV66p/blK/9 -PQs/h1oqO1t2/dNWpQ9WpiCkuFvHCrNbzXuahxECh+TXfy5WCrsirmoCliq3yxu3 -YLjQBFQsmt81KhYk+9coewQ/Er71FE6oKU3reHx1vLK/qyGIL611FT62+FOQ781X -zDgQTtUARTNWUuiewPBHlZpssrGHN+gj6GG/wgesjHuxtaZxPbaqKAOIYh8H6297 -fU3ksyiGyk3Lh7RoGsSKLKf3t/3hWVItMz1QECiwQNa51B3o1W/XAEWUEiBaSwW1 -GhhgSUozbmpaEDlj5xwrk8vchevvgeE6C1iwea/Z0Lu9HHaHdtbS7adgTKa8iopK -TejiKuSqY+trgBg7uW/5YYW0FebaeYMWm4SMn6ApywuiTB8FbKaSBtV7A7XDOCGh -Zd25eTpdPhtL7ja7ttXvcnRjB0ded4T5eX7M1gpFkIR18O9vPryGV+CiN7i26SSw -x1mPEBq8BqajzHKjm3HqZLJHo6SmV9ibcnKIjpZ7bjFnyy5i+0vjpmJxZDsvBtE3 -LQ+OcC5X1rSQ80a9qe0w2HEN6B39DkDBwEOKlCVy2MsZT42uD1ojFceSPYS7V3ye -JKyivxSUA3HBXoAUfL4UFaENFhaLf1c6NaruPPH9MNLQCQ39evsPFhYWJyG8H53R -jIH7v55AGfzQJA/2wLpfTRigXLQlRGVyaWNrIFJldGhhbnMgKFBIUCkgPGRlcmlj -a0BwaHAubmV0PokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6lp -AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMScc4Q -AMfExi/iGk2BMxCAlJNsAUyEqEjLqBeXmVOMd2b4gOslhtTi5/fLi3ghoxgjBadf -zhRmXwnv0AFY+/3gWcz571Y+yZFKz7eBKVNFzqVWp/XFYfWM3bOth0NfVkSTpzGD -u8c2XHpqZlLGeaABor0bCeNlIbx4uNPU/2aUXcjrYll5nQVyESvRtzriwYXIbxSI -QG432GxQ/oFc3Rk4VOsR1wH5y6Bbss2CKV84Kw2HZn5LJC5k3eJniqBVcHAZz1l8 -VCc9RzcTwiP3WPA1Jlo6p2+KgVPiZy6telJrxBtk3caSor3KCR+ZWiFZwBGtgN2p -7MO1lOche5+W/Tx/cRbDyaXFHO/q3Nhdw+nmPFmPrUks8isbkWBe4RXkYn8Ekozj -A6edJIFEdn/+YBkQ/Kw0ik7RqvaVQ17SD7dsRJ2P0h+jvDJrrJpPP20utbehz4xG -QRjjvS62G1QXBwmQB0c1rhUyGncofqt99H15QmB2hwGYjeeUxA6HI9V8ZYYi3MkR -sA7TJ3NiDoyVI8sQF8BcFalThghbaKd97Y+EwipjA/jUni1pgpgy4/NbeK/fjtgN -gPAIRDAQgu5vTeg5Q3RjHjss3Q01E6fXHW5y0XNqiTZPENwuPxSPNkqCbThNG7rw -PSX8+RhFPlf2RLjI/mGEQs+rd4hSEgo8VpVEyB+RsOQNtChEZXJpY2sgUmV0aGFu -cyA8ZGVyaWNrQGRlcmlja3JldGhhbnMubmw+iQJUBBMBCgA+FiEEWlKIB4H3VWCL -+BX8kQ3rRvU+oxIFAlz/qPECGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC -F4AACgkQkQ3rRvU+oxKNsg//TzbKTSo4hqtLuwgcWOF6xV2DcxlVCVEMZwmZOaPi -tc6VOVQlfF41wa3ocEnv9e4QGpJfuY/qhbf6azkTx3Vz8isiPkjPzprnPtQIzlNz -jwKcK6V9ALGDHQ4uQbaV4ifERgTRLCiTfoQopKTZFF1ZW5br3MrQl/43uE25yXUR -RUiQnT9WFwM61W1wlRVoE1OYOUsDxKQ8bPUM74IN+Txv1OUIhUkwjQqJE9R3X/kt -mvoeZ8Up6ptlZ/NDcjQcvcuJAQQpFNfDc0fenFsYnHLIUfKkvu04NRCARRZ4XmZE -djELpH8Qh5Yl+NKRoqchxOSn/IbmIDUYh7H3WCH82EMfJX78ETat/EKzIoSH3AWX -5es9PeiegI+l4gOVanCg3Q9IFcO+ygpEcswbRrepEqkrRfSWBPUYwW9++aj7LwlY -Vv2paUnJ0bSc1crQ0/cXqnuRdFevxoTb55YAaNyNqft94A2+U0DhcKInVeOpV5QG -KNLAG1yT8PWWaxxOutR0PU+Qi7SfnGnSE19+t/EnOl3LHWw/rqVNldaYkPYFL4Aj -XWBo3GDF033uJe8fuqbYRNJW+7vqv58s06M3s9MaAlsoDCZRE0Fyp7OhJ4TIt6YQ -LlJ4bKN31gL8LToB1vUGi/q8eZ6Wnd8BskaPcak5qxPxJfBYAC12Nl34IB/80ISM -DSG0MURlcmljayBSZXRoYW5zIChHaXRIdWIpIDxnaXRodWJAZGVyaWNrcmV0aGFu -cy5ubD6JAlQEEwEKAD4WIQRaUogHgfdVYIv4FfyRDetG9T6jEgUCXP+pVgIbAwUJ -EswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCRDetG9T6jEo1lEACxljQI -WJ7k0wCKCrcD7A2m+pCVd03AWog+Xs112F9VhRCjLi3p2JAiM0bljhZGUfEa/IiY -+74gj1leW54onLCjauAH/GCF6vEJ2pt9IEpB6Poxqc2WJw3RQ2o2Gse8FSjMVJj7 -AukYXxJNCQBV4aKqxTq7LlMPmwQuCzrxc3bn5kvJJSauJK6WH9ZKeQluvwy9/GEa -5oauXY8orgPIiT7cpcXEfrV0pshrYJbQoh0uBHTjshtITrH5Bz6iCneU2+yfqTBo -pgqf/WFdTSDWxaViBt6RerKKTC1OWB4dFqu0oHw1ZpLj8VGhAoU1c0vcupNw8IVu -2UaXEsfYQ0cGhxcP3k7knTR/+wqVyq9KP/s7r6voKQB2zx9Rn4pKDQfO5UnX1HTP -eUE73kI0vuiBW0Ef+aQhAK2mfexD9NgNqOOZ59m1f4Dr2Uaqj7iWUPKydK8qn8UV -o/3ESq7bfpP59HSkFybf9IObPiFYCBx6HuYbc7F8o78X6Ui/r7rfGH7a/Jcgsxqh -VGWl+c6bIMKcuBTH/d7bT2IkLhv6VQ+HUsXN+O8S9N6wftBemCL+kgyrgPWMvW49 -sUbiW+VpgJW+u6sBO7qxr4AJDF7N3XlTFidaB+SgdbdeZjlNxrp3f6t1jttRkI+5 -XgC5eHFfqA1yPt89YnSDBFkFmqGNqU+z51MOa7kCDQRc/6jxARAAsFh2uyrRLcdi -ioIXpfci8C8eOC0Z7ili4xjax6oyMukUlgXDilVJ3sLZc6/LoAABN6jF7Rnd7wi6 -RLagyeEYIQa1fWFSwK6/W2uHJZkoK9YgymROMY0e9a5MBHK0APSKmn2jkJk84/zC -aBK2DjWreewnwK0LPkneEmCci02fuh3UmVcjObQ6KKKJE6GWqvxR0NYCrUFbiJDO -9tvSWlaPuMUJ/Dfp0ArCr25f/QE8V6Mc7H9lMQ7DjlvjIvagJkg3Q6RiLFpBZr2Z -0Tz5y10ZEIgnKu9N2bfwOWpHuCTy1d2Vb784bwN+0M/GBPD7nfo0y272eniof191 -2JFBo7Ww1D32OtR024iynA2JhG7Q/Wz2vYHj4TT11XKVSnfq/VECQPjrJLec2zZz -sdSQjSByifLNpZethuAXEu+gZz0swrRrg51tNcT4/EOahB8AXKSr1o+LEceg0sYY -nnjJtxWdknAmq89rzWN7JgyUnNpTlmJRYEMMM6gLMagOy2+VZmLkkSihFgfF50Nq -3KAGlLgpvKlP832v8p/e3mWvVSjDF/V+7XDALmEQ9HxJkvc43l+uIf/rWXUJ1Kti -bbYc+KiJzbP5UkmIQkwuR/RWfYRXuV+y4mJ08LOaOk13o7V8SLWmBf+C7XbKv20+ -YCPzzaj/vok0BYyw1FKBuUt1PP+t9fkAEQEAAYkCPAQYAQoAJhYhBFpSiAeB91Vg -i/gV/JEN60b1PqMSBQJc/6jxAhsMBQkSzAMAAAoJEJEN60b1PqMSFpoP/Ahxle+K -KiqzX9K7lGh1n5tS5PvvwgKerkmXjDpCUk/+DZeX9jt2jwO11ZOHWr7xwNyK0tOd -yzO8VFG9BZ2qyjJSoP/93+ibb2r3oHus3xt6o/7On0v/BIKGZEt7MsBh2M8tvfbI -GSse3hf6ZFY/6JYA0PzKZDObHKQ4WNax474XEfLCzPDuQ5Dn8k2hIkbqYTERfRtt -abt5CD3+Av+LTDdE5jQc3fvS+p+IkKKFbMcwKIY5SEJeg45xjOVOyKN7n0Kgrhjo -STXTD27mh/2bS8YZ67tZGYh06D6BkQwFvGHYwZ2CJY1u90Sj4DKZCIi+eg10rG/O -6igS2d2gZI2TtjcU9xlD2wgGEP2+SUNDnrtsG32A2fJa/qwExA//Wepq5jz4JlYP -hJl6V928gZXy71rpJ2UIBBcmRIkFDVrD19TC/lV1EvVZB2J4Gejw0j0RD/qzf18L -DWgioO+g8d1XMavtDY/XOqhD6IguHkBmu4knO8pR7GJUPai68EgV5jqBkpxZKU6M -hIt90gNhamaiyLxtfs+7Kok4lm03Y2fBkoQMGQw57GzVMbnvWImBTVMBJCYXMZAK -WsBoTbVpGw7U670UQB2efAjAzEb6WinxnKRfkZckbpk5RAoaYvrzV91MqK9q2g9d -mKJSFBm41XY972EZMHb6EN3GSaWWSx8k/Zw1mQINBFsXB0IBEACa2MgvyiiM6Zc5 -CrbnOowqVE9izKLxb1B6fjnQjDfitUoL3gYcbB4CtdH8fSotVL6Nlo4VAMNa3kJP -4NOsIrrCVtG2dluaykClDyR9iSxCXFXSQFXatrxk3bFTZL4mvDtF18zdLRm9o7so -19Rz11CeY0QbIj66aXiuvjRIs0Jo+FmAResH7BGpSXUPIO50keKfbB3aLSPuroOo -cUrXIyv8MBS0aqWMGUCw20SVVTAwFyFS5poPAj+FWqyLBfjxL/YqAhGk9sspxVWE -oZm1Nl5lCUpWrV2h4Ut/wuiJCrTlmXVNmdmINDsgFLLIpF2A1fGzTnZUqvtIM/sc -JoJShmMDMbNUvgrUp0sG7sJi7zdlTEVgwjeAi2EXs5pDVtN1Njl0cazBOqpZPNlT -XC46SZ3NQFVgRf1ouCvrBt9nvrqE2u72Q+KeWJn4DEcHt7GuigjYG7n4p+YnSLbR -wf2TmXciDL8TKhAZI4AjhwKywxSzHjHt+uLgbe3NjCwjx+vr+fOEXazs/mJfALyo -N/os1+pcFxNlawv+n5F5Vu2dPoBEvGJjXfvrIuSTowxqkISeof6/bmVRi2JNS6YB -MYB8RoRtVlyEiKxgXdJKhXZB2ACIE2fdvYK3b+LRac+Pq0gcUwZcHTwirHpZF929 -EuYUqgBrMhS/1E/pe4eb5S70yXuluQARAQABtCFDaHJpc3RvcGggTS4gQmVja2Vy -IDxjbWJAcGhwLm5ldD6JAlQEEwEIAD4WIQTLr2nxc6D+pLU39HDWbJWTEYvMtgUC -WxcHQgIbAwUJB4TOAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDWbJWTEYvM -tqODD/9eL13izQjTbZ4aW5J0VFV6zkXCmbA08kxy8eASb2nvQ7AdBpcxiOMZZFhV -0VvaNf98Rv7B6YNYUNqOagCjzfCACQUZvjv3G8mMV+SaMMtZfr4qbfd2UvYfi9px -FpPoQU+oZ39t7uaaOSSjwhFoAKmcQpxYrz+f0kzQ/QmeX15UzFxmEZnoSP7hkNZP -KlzC1Qhu+ZjMSG7V1Z5dDSKKv5p0/JDVrNstexCq24V+rSlXTs7ECEmdQjdPkiXm -K3wo75VZwhUEv8Btzn5n7FyDLV0dNrC334WoueIyDPw53Whq7DcWshqknDFTJ4ZF -PE5NTPdn8KYdyWjJU+5opPn53VpEGbSgLrvY+wjZhYXdfVCj28fhaSyBHHGMp9I4 -dEZ4HPCbN2YSAI2gjaUoyUyLlnDcEXZLNIR0rr7Ct9gvmKWpBdRuzllhUksv6e1R -lzUekf7GYJ+6AtKnfeeARsmjIcZjO33s4XBWAkjRuQ/oxtkYuSrXBSXLsOLSlw8U -9cINKZpNLSx/mTT8N9O1nc646qc+U62My04snMW5frqOG7Snu+Nq5bkl1WqseW1a -ceqNYuNpRnrwo6v5+qAWzO/J/IE3OLz63T40WDjb4k6ZTYqS6JeO4azxtsmpKHtD -6mChS5uwsx2y+uGt2QivSv11rYfDlCWw1BlkR51WebacUKmEdrkCDQRbFwdCARAA -w1s9IysYcuwET/Ct/LwcGoyRk28IrsolDZv0oQloZrvyYBAkKCiWu4Hfw6c2YI5A -P+30xRqxf/wB/AitpF//Uw55C7I7E9FpZuujDrTMs+B2JE4yRxxakFIMqFYVNsRQ -KdrJ1YGS3Ve8kqM/vrd7fZUrvH1FM6nX9O7n1/gOB184COv9gPsc7275FmP49fFx -NjBNd8YgV4rXWRqlSyw9NovzmmkB2ItTxGpXy51rTAT7uaEHftlU7em2LBDj4wjm -H118O1E7xrTlzhxOcLdJmQdvMgb/KGY7DaWt+hR1vdDvvChgZq8+V+XNDLopQJ63 -xnRWlNXJ0hXhshBnX7Bthc8Dy/b3yFV9eH/dic3KaX8JTo5v78zjYzhNvxmwDmgh -vaaT9+8nxprEn7S7uDKQbKkpCgf0JRp3MD/bcMPrMHtew1jCprZugtLkm93W02/0 -DXc1hBM+WWAFOAKvGNUnPEEZakoES5gbL331+L0LIO9K9JIadwK4v7XAQJFp55JD -oNcTwdPwxhITsxCAoYyJrS4ISJGF3lViXH3EeHz6xHLN+1fD0dFlirOIDRCsu5wX -pXAeBHz4xFxGI4gFws8xeQmqGOLqG+UV7bzqdtF7+vrYTyhQIbg3T1y8Thi2Cef7 -oZO5RJRIU2kOz6sUbAnFg7X+DmRITpdWoNht0xF8f/EAEQEAAYkCPAQYAQgAJhYh -BMuvafFzoP6ktTf0cNZslZMRi8y2BQJbFwdCAhsMBQkHhM4AAAoJENZslZMRi8y2 -cAcP/jrIdbwgB4hVGpENlT18x3tcGG2Ty2zfvGrPDv6Rf1Og88DuEClMY8GzKyBb -NrdDrnJXRYCVIzR8UJiknXquMfjTYXGXoKG2PAiBHbFrF5XuI2bpKgz/vN8Wx9M+ -gFmSNxrkbzQlYNyjeEUSBQjpgZHX5ohjF2atLUIBVmBWfqN0exT7dHmdVZt+E4hu -c0XMmX1qlmbZqMPcj2AnFdF32+x/OR939zOcbXq/S18W39F13T55VsGcO4rjYDI4 -LY1G1oonRPykVQsRFBswEcO5FddhGBEgNd89T2BWOZ9nr2l8NIwpAySrQSf9h45C -+67jQ5CjrUf9f/A+m/8rih2UF5i5yd+/dcjrTZx9OuJQCw3smVqK25Uk8m5QWZgr -MNiyqtDslxMz5GOisD1iNKFznNjko3GExCGlzDmAArm0NQHkqJfXEFO86yLAkaAz -eoSOhDUlbLpLfAU0biJx8RSMK5rHdNETLBHbUY355r76SweGHlu2iAqIxEOEvUXn -OR4W420uy3DRlQY4MIeRLgNKkFrY3fHDot0h5Srvae74E2osLoWh95JujbbsuMVE -rrgwO/1hysVjmkdiU2UPkH1FB/iQHzP0FGCu5SQB+7+A2gq2hBSTQztqgPxygrHL -hbzBVymcn9yJd96JnwVe5d1BrxFlxcfDDG/GBGqVB8MsufmjmQINBFjxRtoBEADk -S6+Q7afwYDPFnqJXuyF2ZIvXysDBrpr/xbre4jVeiC/HIELaQedOJqO1V+BgnTRk -fhor+Yq3mZ1un+6zJIiFcm5Kp7sPZjh15JF96PsA4e2Eh5eCeJzjXHj1nAKXfn5+ -CgpYEyL30r1/ACkmo9TKIiUxIDZRkZvxjY4UKeo+EoJo0ViutV8mvSTgxaz9gzPh -Z5OJR8zECT8j3T8d+tBD8wWxxmGZ0veOu/MBew1C/BDr8RqTCXDywUbyNuSsdb3a -5aLuIuLekSJVSCcFwPIje1WrX4FyC42+elOp0SXpjWzdb08NXX4DEY8zVyVXI1Sc -SpTbslffcFkY60NJhjpP7t856L9vTLRfHIM9BIdSYH/ar5mEQ0vyJbiNfkx5tIMn -EmnIYbmnjjmcPZDKZ4PyQEUEWF3DqNOOAWhk9HUMFEkANkd1vEcNNQxgD2eOJM6e -gfUv9KtuAEcRX2iDu3gIyE+55x92VVoEJDu5M+Q6PYGUIMh7nz2gS3lnlpG2vquQ -pqDS9UogsZ8L4NsukdP2ixRFnD9qaTOemqRYwIptOX6wvrtR7PmWOnnRZ5OcpK5/ -qyK9iCLY7bbHDViBoV0uLEHNPTDHjrALJrqS+dH1glYid/82OvKE3KREjRpMOW83 -nNfQcqkMi9fhH8WUkz6OD6JemvB/s/CwBS2w3+9LAQARAQABtB5TYXJhIEdvbGVt -b24gPHBvbGxpdGFAcGhwLm5ldD6JAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheABQJY/TOeBQkNNFUtAAoJENvbOXRw0SFy1xYP/jQeNv4WUPK3M0Hl -3EvEnOeODxePysU0khvgnw/mRtQu7BOwRdbB0HWv8Kx0HXL7XI4l2myHRZbd9PrB -lG4YFYjZqWmqQ9WGlLBxDpSJNeROpTgKjhxA2hOl1xH2Et5kbRcZzpJJ9zuD3rqk -q80S3u/UAB/QzYfJWKnQBTXi/3psZNAVTRp3/4sEn1kCfEnlNUYPih/NqdXE0frl -KeITOAmatD2cjYcJlc/ETLil8Sq1nIgiE/++KZalbcXcRSHVZSd/L+fNlMDIh6k9 -pjcE562oiyyMHKed/pAX7o1BqlKqSwxjQoNskpICVFkyMv+P7cIPyOxJa8kaGyyH -ND+8i1GzvwcPhLYeOWDwmiXBs4Ea8Z7KWxhi19zlxMrEfAcfFIomcRoxfzcnSY3F -VJYIoEySK/IBiivqeunyeDA2JG1vLSZIV5hNicUihp4hnhX4Z1gElN+C68P49SZs -eFzxvzwMq5RIUbWVwIh2+Wj51/UrULgoM4qNkgejDLYFyTxbLfXq+Tk91UXdpepB -HvE9KFVqh4MbIlyx9TAzOizqLdZlnPRwLb3rWBLsv7XbCTeYtp4jVU8Q35hnvGFy -+GsSROJv04mJW+whyz+zxOEMPiVbVA5um3ZbSj5oou87M9LiJtrUOqNfyyqddLC8 -L5LgwwlYKqP+W6Q4LMf/Whoj3FFCuQINBFjxRtoBEACk8wfJqP03Hz6PX8br3jEU -llSngdD/28K2C4RVOOr71u4FJRcEMR98SbPnCNIUt4KdedO1DJpYac1XvIaVBbLx -EcBjRMWNhBgZbxoQzPjFTWHQ/UwHZPiiwQkL55fN1ejBEacDV8B1JwqjcBbii6zI -tLUV/gxGH7Jce/f7KBM7vWlaP+xHpmd+iPK1swK5wNQzDL83b7NPyj58fqlmh54F -r+jcpuUjynaYfjtJsgwc4CScdai7FclctLMg8Y8DW7/bkqf1BQy9Dik82IWSN4wg -VM1eWSGx+PzPlshGH/C8B53U353NcRhjFp3zX31wQhsJrA7Jp+10S3HbXGrr3aVG -MMq3dqSBGp38iKJUmJ3zyVvby5Mk4+8FFmMk3gVuQE52pW4EOlSVQNQC8yzYsgaG -/4N0M8DRpbfPhT5wiD/Qcb7MUXTE96dzs/KcyPJju/aq4cJ6DgpbJmM6OZwnx5HY -wa58RgOwAVBbsxYOa6oS+Fj02eaiUETwfPHtqF9juCcM5D0mcLZRT1I4zK60qPb6 -ZDzuFguXg8hm/djjh2YlDFCNKqCZHktCISTWX5u1cyF5j+UL3fsKcAAcyiHZV9UH -8tr6v0i0P19Uje2ZHk9utJggYSSM0uyqGhmiyd8su2FqitBltvTo00Kc8sv4AcDm -Cng8SVO0og1wiJZdiHJI7QARAQABiQIfBBgBAgAJBQJY8UbaAhsMAAoJENvbOXRw -0SFydu4QALeYG2PPMEOQtMV6jOVT51U0Yo0yl94RJoQCOCCT/JkUyIDczHmtcVAB -rpitX3tFl4vacJM3uKWKbzbM7qO2+Hd0u6rxO+o8WUGRMZp5IgcbagDOHs0vorVN -2Yo0Tl8RoqW91MCvlRFA+8snmKjWfTYj8jxbhIUEtVrIU+5LDEgDP+T6PvpaVeXf -LYItieCsZgib3qPz5mM49jDH84XG5F19kx0QtVGJs7n8FrcAGcQl/iMrm7dRrRuh -9394ongIum0uld287Zlg9q12iJiir3w04Npy43G12RXq9TD9aRfbMhQ+HB5Dnvf4 -2mfCfGvalSE0rg9mh1KeaiQUXxCzCf1D6a3H50rh1IDn363Wn41/Hr0j4ntVjvEJ -xs9nUb8qod2HMOPLOFqwxck7ueGaeDN/GZ5zjPdIppYwE3LbCM1ZFLkV+QhFef4z -Xwml1/AnGGFULgGYorwGCchizhU1wbZVcoUF74MtprnAsuPdFxlw+4yCcFEeYVpM -DQg/ZfZ28T1GruGHqLJqIVpOum48Ec+fjnHAZAH9dOs/qhBuCLE+5xUoVyP2lwt0 -MaHs5SLmxRKhcV6IWRJKTlZ9YdDXbVv5LisL/qDOTjRj7vOgCPRhklyA0JjFeyTD -pSeAWXFZnab0nYBPWkxtdxxRruEeQPAYP1vl0O6ABMxRAI6o6zIImQINBFzu5noB -EACvjtOopc8qTQVT7N6DCGRLF6tupjmPPb2yaM+Fkl42RpI1vR1JX9t9f6xNOTup -jmG+0ZRTEz91kyVvrcFvO91TO1fwLF8m1uVQi9S7ilO0Z+E8/my5ZmoJzOLURPJu -OL0T0lBch3ubwag8AUgEkSiDmDepiX5jYrO3C3ht4J9BcJrFG4XkdTjkpnS8TS+C -3xEo6SE9uJN86fyqp5LAUGxY/grREEDuFHO3zLZpSYnmOgPqOtY9msbXir+ocLPD -Np37qmL7FVwcOfKi7tu6lIJ/GggoMC5vw+RhV/yNdHY/8kwN6zGYvgEw6yP9E+LX -cu92Hfn9oUG0O4GtVWre6KZ1i4C4nNkbYkUGgGTfdRmGxtSTE0e86B5tLaw/bcYV -UGwmYs0LaG3Xvj0VZmQzFwdkdbiYjZIRGZBU82erX9M0u+mgiW91uyB2E0UYSJOX -q/lDhXabxajgijwTGkN9UCCCMex5FxcmXIcr8VEfPGsW4SKIsCkG5OKm4eZnBhQg -OssMvjXJahWgcBYFU6zUjm00pNkljLJyPTNXxnEiUY6KEd/4Kz77NAboWuaIcdXB -dUIxoopYbK+R6nKBORDU6HpJJPXLt1n6787B7/DRssEux/BOHsTAZRshrXWzlaEM -cUkIpFTxmnmGlrmrKnkguKvsMOBtZWrKtL/HxnUQE40qkQARAQABtBpQZXRlciBL -b2tvdCA8cGV0a0BwaHAubmV0PokCVAQTAQgAPhYhBEJnCn/k0EQcjkYyNJ5P3AdK -TvAtBQJc7uZ6AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJ5P -3AdKTvAtohAP/Ah/BsbHj9D5dJAbf6L2r2XHmlr3+0taAdDBhN85yQaNNuhU4w3s -9ws5zUrQ//66HKyNfdJ6cQxS0tXcFB6HBDT4sSKvi7QBNel5cLP9WZEPclmBbaWs -J0VWl7ZVEq6iiTCPDF4AYQt25dXldL2jAXdSmfm1fZDKEqkwqt8sRb8+k/Pq4XxW -ukzOleaADroHvfL3sMP98FcuLKsRwFsgO4nDQ7JAWrgUEac0hxtuRS0YXTJgdiCJ -bNvln4T7GPyaFhbt9VRdPpb2ZRzz1zfPBPeu0VsvYKp2lXM6fV/fMqu4U6AnpwRo -X844csj/ByX9Bt5OcH7Qgp8ye+/0r5bwHTqW7xksuiJqlA/mTk2vqJnpr+X75DQk -3JxSVIXNSjpiqQ2B29Q8zm1WlCButofWqFXg7u3PHSzOUff1zSjMtbmgo2YF6QHT -V0gXem/FCJ8tgnqyrdHdPrVmf4w8bnEDntxPVoixp4nPn+tPARNtSsMKzdjR0+9i -b7R8tS5H0eeQ5Wc6jWQGgztl5vfH8c2kuHtRqHp2mlb8w6RSdj/fN8bUjyASsdb2 -JS6hRlTH5AA1mT7kkogbH4d+wMkbvWDePThw5rD62h8yr+zwFuwBgf+bX3nDr1LF -JeiHjSHQvV2qtRgOec0Y4uIWHkwYgV4+MVApYqbnAwLPt49Xy6A7CqK6uQINBFzu -5noBEACzhdeTwLpWCnudeGoiH2wCFOk4ChYIFe8gVocgciOzyiZM+rXU/uXjhgiz -nVOFhIRq8n0HLu7pKm65vQ7hpcOYIRsbX4cs5PGbqwFfa3z25uxvnsP/Gf7Z6jt2 -GoC6GCX1kQkho2gBFaJm2+dzeiSZMVexzf3zQntSPvNFnI/G8WVvvZquv0QXtzjt -XwFo5Eve06EHjHXLSGrnvY1/yPazS29MnMqpvq1ri6Nyoy1a1tneK8QVMFeHwAJt -hcBQbpeurywgcRAivTJY5teCdaJaPER8lEHDMpJiCNcX8QuFlCiTFIi9EAHUhBsr -/pM2h0LSGrji3em6VWi/FAomZdEoPjFv63KXqJ8vt3eFClqUQ7/Za04q4AtY3MO+ -pwF90GGb+sBcQ9MQYf82j2ukwk/KtIHhZmDAgNDyX0RGUcIeok/+4ju088JDdTIT -FGbw/KdFW4It/KS+NE0Ti8GfC4TY42dBsnOr4txOY89TmoL1YzO8ZS5pu0NWJRWE -F7HNyPAH5t/Sumh7tK+KAEHHZcEV8i19qL2HoWbzk8nTqorcLQNugbPSJqbofQra -6d3Cf4SaxLh0up1BS6TnGzMQgm8pCuIxVysHEx28dWj2+0+aBOK7f8K6NpDXRRh1 -oYtNWwxQopg5chi5vLQz07+aTXenfaaIrYeWnExvwjK+gBuYiwARAQABiQI8BBgB -CAAmFiEEQmcKf+TQRByORjI0nk/cB0pO8C0FAlzu5noCGwwFCQPCZwAACgkQnk/c -B0pO8C0paw/+NBJsS1lbLm0n1qUSLcigrgZSPN1ho6mW9ZdjUfoFI9TmMwTdMcoQ -Df1F6WGQ3cTWYEzY8sjZMQ5P6uHtHCTBCje0feWeL8eW6qw7geaB+W1qGMZGTMrD -HANsf5LguBNaJV+4BhB4Ds+sW8/thhmcaI3wE4+jdvr5DQcvcJysa1znI6+/dKHM -nYdUmIxHDEd9RYZtsnpwh3+f3GNOFkEVZLCXLvOq97wBoJgDAhwj6MUehzzRNfB4 -95f89HyUf3VLFkko/FMIJSY0By8k2FUphPKBV6E5gNOOHxzdxD/QWZwgJzfv0cRI -hZhhOLYjuGdNy9jTNTxFSqndoRpsxUUCXj0KoR+J49S71ozNlNlr47AxwwVLIUg8 -o8wyX2P0b9BY+Q1vtqyWiT999YlDLX823ltMSL1OGzzSEsC702/jC8/ny6IHrVmn -zJq7o1kL5rYWCF+iPLFRtG9HZRjfx0nKiFiZm+yT8z8zlRncRVJqIzgp9DOQqQxe -wl4epKmioE5oWENbaaj5eN7kJ0G+n4EU5mF0HS5J0axk46/i1Bf0++Y5bsvekZv4 -Yn8tFwHa02vQx5fIdUHdmuLtYB5BlNgfZReZzk7rTaqNLf5ivzp5qJpJuYY0yTiQ -EvZZQMLITKOGj5C91t61HK29RbUT1AfbrZBZfnRqRirVSPAcupRO8nyZAg0EVy1L -sQEQANlewP7JpS4IOAzmokMEiazH/VNq5BLn8st4xDCQjX85NLCoLlZ59UOOP1YL -crnotu6H7wwIzwUOJpC54h0APBoP4SdZG7We0r8ZuwGrhongaVHlT/EQQKYNfWpT -E/+MsVnSiGR2lBlZ4SnyZVt5GsJxWDrGHYxnELEgqBGSlf180bLSqRxKhWv0+4L2 -DXGYtwyNXPna6A/KNd5Il5IVa8qYFZRpVhl2gLT52QYbg6Vjq4VLge/HIdTm0+gx -HYxqeoyKONvqXzK1a3hJQgo8q8pJrgkI/hQQj7WFaWxixvGaGUVNQxVdrKGswHdb -ewh12vFRqR4obJVsuyxQnc2yLShTpSqhsgrjhl/nAmPiYHQ7qDOQwDC9tOhVXihg -Xh8M4ChUejyU133QEi7UOlSysU3wBoejQWS9cTxTSB39T5e63q2cLH6k99oSzY6n -4PltenyG4B3Zg77sxycVioMXS2QC/CGOgG8VYaxhpXlBYKiVOriwIggxSjCYMbv9 -ZQEyd2uWJkUI+cj/64a0y2daVzNDSvwVz5SdVc/CG7HGXzEa8QQLWu9Om7ApgAWI -HEN0AbbHn6MxfrXoShw1NJ5ewbgnQHRP7O/au0oXbXOSIWDrcgYvfwRed/dVl3hr -bwqIRJRydml5whhnec138zJllhIHVJjOy37qdiU+hoG/uMxVABEBAAG0HERhdmV5 -IFNoYWZpayA8ZGF2ZXlAcGhwLm5ldD6JAjEEEwEKABsFAlctS7ECGwMDCwkHAxUK -CAIeAQIXgAMWAgEACgkQ9Qq8gHvV3NBJtxAArDsCmA+Shhd7t9eCP/qdA/MMY1as -O/UXQNY/FWs0zTOB8jWuoj81Pf43A860/V9WHcWejdhbVGb2B40puzjWXNgE0Lly -tj0c/zi5b8xQSoUXPMYB2+TdDGxn/x3wJMKsos1clrrBHVswz/SuLZQrOOPZjPla -xxx1j/0OHO54VI8hwHGfTPlb5B7FAw6l9DNjOMcLgyi6iIh3tOKXBocD/bmCF5Dv -khNXHOIIoK+2lplwonEgVsC79vEVcnlIV40vya1kxOBltLWly99VeGbXZsN7ocr4 -G3wXRVBFjNuINzH1tzTlU7qrlq8imgcUhLkL2m3TkAFgMe9GP376/tK/44/a9s5W -Hlsi6xVT9x5XpnRIvmHFPm0A8CUoBHE+mF8ppSF93SMOX8+7zCovqOEJKf1tlG94 -16A+cA4S47+xtXDAVFfGSSvfgk5V7Qt/MPVG66Gt2ySw4arHx1oJTMtldHDct8bX -Na+vivVtQM9YyRsLokyLj96SrOOrltrb0P2sgPjfIXvL0A6+ET+2aW9XI3bXPwwm -FNV6FbqG/vS/9ht8R4EQ3Sp/2OdyHVG8R9fyWz1eEqXJAZ+GoC3+hvl6BEiUC/EI -/6fwkSIyswk3KUrF8fsrwml2DHfMgcocBFTvYMUBkrQ4kYsWiD3pxmaSZ1hcqos3 -BfwOD5XRrsohq4K0IURhdmV5IFNoYWZpayA8bWVAZGF2ZXlzaGFmaWsuY29tPokC -NAQTAQoAHgUCVy1LsQIbAwMLCQcDFQoIAh4BAheAAxYCAQIZAQAKCRD1CryAe9Xc -0AUtD/9Vp2FyNJIc5TrzNnZsPgDFeAstlTdtZ68L0UdALgzGMjKrgkLVQKhMOuDj -nnBdSxOpYeCZJGk9OJ5ujn5PSpQGtaByuDregQ80MuWxxzkOnhbEs9d8t97A6inH -xWRy3pZUmetF7bzVojja4Cac8bOEre/4pm0/ItGri6vruSqQV0fp+iTlF6CIRI8d -dTjWySJGwIg/SCeTqAm0I0KhGQFRukDl+mZ41f0BBH62EeXNmKwVqpAEcdEjoKxZ -YJW/xc3s7Xu2WVN3iH6QNuEODmJRJh+ivCN2kk0pMa/ZnoF9QZQOvo+U+7G/2WZ4 -JRALLkU/kJcnEmgd9jbkmb97UkgwKP2wUHCIz5QEPAUepM558ksDsXNPascrJ+M+ -uOrEYYNZlcdg3Mo/KzihHpqjwkylPC8T1RHwRtgjIH8lNSVF5YUDhwBCTbQ5OU9P -ZvEOMPI4S1qXbdl66WIoZ/SdqIHBIQotPFSYG/18gWemHXsmC65aOqZQnM7cC/oa -mCItJF0dDk4r30lO0NaU5FAjPdyMV6rldFGNRNXe0u+ZC8Ni/gZTzOkbkjTIwe7z -RAL8vesdqXuypQKKWb6cj8vJ+tXTXN5CvcTPE0nvZX2FyRpGpPoj3MjrqMN39ndv -VmD99s4YE1HIukapT64XIiA6RGdYxoF23EHVwtmqJqjrUUbEwbkBDQRXLUuxAQgA -vvpScErSVbVp/0kkRZW8fmOk8fJ6fBnVKFYvzsfPoaglXAjPxh0LKFIeClNBQ2XE -JODvwGjK+2lSFXhVstt4xRZc348s6y8VfIldJQ596jYTS09CoDNUD8oOJJOX/idu -nM2TMOLYG7bbHmHZGSenmil5IJM86hQW17COaN5+ReUJwz13+enTDv+NYCAUM9P7 -bLgqGSLnsiw0hQSzbS/DL6cx7etgJkadnij+k4xcBLMQ3dhYk48CXkcjEQvqIiQw -Bqj1ob61L1VpwEUrVExj8nSNASvsAN0VEeDYyZAnl1WiKM6SCQjYv7PjTScGEUSR -S6H4xlFQYy60Fp++LdzrEwARAQABiQNEBBgBCgAPBQJXLUuxBQkPCZwAAhsiASkJ -EPUKvIB71dzQwF0gBBkBCgAGBQJXLUuxAAoJEGWqzKLMO04mxKMH/0cecM5ov05A -jveQ+1OFQgo/T0XzNLdU3vkWViS2uu1RU8nV2CgdY2YGxiBt1rDpLm4hC+TE9tsi -qJwsRDGAzhVnx/5o6CKD01opkwCsOM3tTY73QoUKKB3MgQabAAZZjGS7s6+sulTr -vIJKAZX2yoEm4jijTC4QTI/hjXNrK3qp8FfJovVKapwC62qII249KyOrIUHomeNL -1DX7qZ9bRqQeb44ACRNYolwYYBDlOrJ4FBfA3BwfM6cIBFoLpKYK+IzVkaknzwnK -or2Vn49/JTNmt6+xkqOsoI9+d7Gz+qJYBg7Qko/J8Aohy2Y1MXTH/ObbmjqQTlmR -hYdyiIF2XvbKrw//RqFHvhFQcQ2448eVBl8dkG0Ms7nASTaSnXsH+En7AakA655K -8rlrO+l1jUyfprZaNTKsGYjev+F4hsZwQkc3efalceR9Tdz+p1N0oHNxYfm9SH2Y -snqfEEjcHZ2XUmQevGwyUrg+ZW4sgI9V4qPIKSTDxyYRB05bTq7nB0dtjFLxu+ep -BY3xpifk8047+aRCkqM0Y0XJF+9kW+roJ+4Z8l4zhreRzWSslMUNPad5KL/q1D9R -wCz64Hv+J6bFl3VPU6BEAskj05VCGB8g2qykLP7BDM9RO43Pz10oZxXoKuoMBd23 -VWvis2vBGQ4c5z6zT6630Qn0EuyGq+k7BJeQTuQPre/H0WXQFIbQBVrhlcFQgVMn -mnAABdAl+JjwJ/c56+U7G8T9QGOhP/viN9dNsxjqa32h+irituzK5qetyPsUd25O -QXMCB5BhP2aLEUaq7fiY+myww4QXIg/P00CUYPy1MJkKU6N1gSWa7wZi3cMgwHqr -+DD6+K+vaXenZKtQ1zLYFa1IGH+4+sYKgg/DQY+wiF4VI9ONgWhu0uDP6tovdvhM -zVqSO2vY2aWZbxYjyyXq1jWxdwrRpMLHP8w3YHe3x7U3XozxvHttG0FpgKCC1OX6 -rACt3AltH0s+pPcfwgWYfEBmPQqWjBCiEbc30Z//xRW8kde7mkzgTFUu6dO5AQ0E -Vy1LsQEIAMsqt/Wejg0uYayzveDC6EX+yLZCkchtYJ41pC1zovzTXOgOAIIIHhpF -yBVFxBVerqj6JZ89bOFZEsfkg7YtaVE0aKWgQO7pyUxVVvGWB0P+YmD57VFwTSNu -zJctBAt4yyrl/qjq8fnk0JqI9zk6KFj+dxJ3tiNT+6ljVnQKu0M1ObqwPQKP7/rd -EXKKI8QmCwAQ0GyMt1tWgqDSKUhfulB5Pt87X4xTsFoiDXhSrL0MY77C5phrfjpX -fuffbTrTYt5ZvFG/E5c4bfITiKmwLHEFeYkZfr1gAFJzCbsdyKWqsnSsAwhYVNi5 -onNNR4qyAanOCJxtD87ToflrnKCItCsAEQEAAYkDRAQYAQoADwUCVy1LsQUJDwmc -AAIbDAEpCRD1CryAe9Xc0MBdIAQZAQoABgUCVy1LsQAKCRCzZwWGAD17nmqFCAC5 -vkU72CkPMPrr8j9uPIavxJQu5m3aiSXg5fv1y+t4ntMEDUn4h4P2FGBkkmXb9Dep -XsS4SAUG3J2/NVh1aQrSRqo7pI089WeWlY9fcXHzT1HMJJEc81GffnfSfy/Ci4ta -AT7Wt+fUV9fgoPscqM6jBwgDn4I3dNO8lk3YRHUFXfi8t8NLkgahbVJY8rQYsyk3 -oCd58m+osmtjoJ4/yVVD9dXnK/n7nj4oK685a3ZvWTPtAbcaUZXBDsX+YhY0XkTv -WOfumN6O+gEpSZixNdc/k+Ac0mrv52d4G1SAAK6s97+hadOdq6eYOyj/Hxn/4wJx -7FVS/1sUprCVsM8ohBn/K9QQAJAO+P9Fc27NF1vFGyrGzctjgyhoqE2ioj64qtLW -SwBn8Ih5PLwecaiXQ0DAcesH3xxSfXl1zFYsnRxjSVpOm6LCPQs9lMtWpsvTQ+CV -Wz3SXoxOaaCaJgmlgAzCXE1RqmZCTGBzUEBonKSkIooZCgRlHLUu8DH4aKHHDx0N -So+XiMGXkTGRwcb4shcn3SWMTkAed6+BykAmuZlK0uQjzAN3LDJLF+TNOSBymoqh -q/GjnS2Fuw5ZuUKwTyLaERgnSx7xdZ+Utotm1G5fyXAXI2GQyhLAd1vSWfdgH94y -tfeP1evz7hgKoA0tiMX5CE8EHZdhKd1A9GB6U2oMGF1kvCkWKaOKcWVRViwitlGq -MsNyE9qQHWo6zCI3qIJZFMBkIPq95pKhAhni3Yz5q4y68KBPwz+L7L6zlr6q7J+Y -ZCcfkwIaYaPLgovZVilVVXzHx38iebPBZhnQBuOQnB43f3+u5NgKJWqVvaTwpngT -VVZollh9X3TGRlccsqi6yR+b3l6PsptcwY4UWVJXzFNllOiU/xRndPdPIKc0HjQm -sSgTi7LyLWk6dTY5xA+Bk/bSTnVz2d7ix2sKdBULcE1jb2I+OtykY1G92Y7Z5FKh -tl66SzTHYgN9mILwMLbFksPLE1K9+zoJIpPAxGRuPaMMET4CsDFBmYJNHHX3errJ -xyRfmQENBFV3ATsBCADJF+J7X+G2mNkkoKXVHuJ09fznsDL2AhAw0c+5RLXbcuDo -iObG+G1y6kjGSB5zrmkviEX0fe1xh8xA54LDG2yRSP6CYo8W6glgmJV4+K/pzZZo -GobIppFbwDjP49VaD30HkhRJfZhkSuWEVqtbGgJ2jmaJGt8qB1bdVBAL1fPSfJo6 -IpM6aj4jZFqvFq1V8gQMoww8qnekea1Dx1zlDJfeUzj02Chz+x8a8bo5TTyZTpRw -Dd3t6KTqVzH3YeYIwzg4d+eKDvAT7ISbaQ7zqJD0c52u4L3H3aL1Lytt+w4I+Y8g -+Q4TP2xQvlIV+uKrYbMmnHZz7eVPEfNqS3TvkLfjABEBAAG0GkFuYXRvbCBCZWxz -a2kgPGFiQHBocC5uZXQ+iQE+BBMBAgAoBQJVdwE7AhsDBQkQ6s+ABgsJCAcDAgYV -CAIJCgsEFgIDAQIeAQIXgAAKCRC8qjDqnA1XY5QVB/9Hz9r7MEzS/Af/EtA3069w -Krr9IEUF9epvfVVlcGZgkciY1BT8vL+aMFf5uWIYrvnKQvwm4pheClMKalN830z4 -iregz2R1ofpp/kIxzDtW9hPXIEVI3FluqSN6cRyA31hzQYLp6HJZZ7Ph0xr9E3xi -WQOz/S1WpDoai/Oqv+8vnp+dfskxRcqzbu8j1AzjfMsWnoAJpLKceENkGlZzjxJR -TVgAwiSIgzqkVWMoT1csw/obmOe8P9MylICye8Vev1WJsnVB8uGkziN6VY2XS5nB -T3ptFchRLwpM+jSlPdHsAOIh/KPJ7FWHpHtmSlZJEqFUfQlrGHL399lolFbu4QbW -uQENBFV3ATsBCADJrH3TnqfJeT91Y0jxRfOAStYE/ccj7cikz0WjTdeU/H430qaL -pd17ul39BVeVuYz+wAYoNte8/WRxcHGD1bjJqXmM0PU1AXwWdk7bxsFWC5nK2ox2 -WqxJ7tEwfK6PJk0Wv78hTbXAXKTya/VpvObb4XLkJhCQ7wCJnKWbCQRC15E1Tfix -LZXdirUy8Aebj+K2gc3ALgFQOSxcqBmSDDmWpPH4qTOciZJDHS3Q5IN1+lvV9ULt -x17tv/wUQm6JVOcO+IPjmJzKkmss7FQUNT+cKlYRhsjL/FkgauoZr0loGoI0MlH0 -IWLriNNeHnpdDH9y5d+zJXlhSd6dtesgoH7VABEBAAGJASUEGAECAA8FAlV3ATsC -GwwFCRDqz4AACgkQvKow6pwNV2NmWAf8Cm87SJW6jZQEabQZUB7xaKFDRNXNVDXI -QP6pCXPewu7qMUtM/qf/7ELtnVNpcbvqTr09JU8xvSEUkv6i6XI4a5xr2/c3l5Gs -6WEJ9WR54tQwjl5N8OaLBYU1ry5LNPiYxk3hhQ5uc+eHw6MuGTbUMAI3nOUjdMjC -h2vz4TMB2Zf8cFKBQbbXGe1xwv4WsEsqp6xqfpL0ccg+V/aMNsIvDfNWf15zrtYX -VUC2SzpdN0xfmEJ5A6EtlJn30wuIrD7nhXS2QPE5eW6d6qvn7BuSYzxD/Ex+Ncv6 -X3WUGZt66DDqdKNFV0Z9WUlgtMk55/2ep+36K+O7thTJQPuEMJtBcZkBDQRS1Quy -AQgA7pYivH++3tZ5wsn3oGH88FtvgogIrgNJ4hTA2VpZ7hATUlulh4ZBIuugrdFf -LkcoxYJqsfOtnaW3P2dq50P01sQ7R2xkcY12xj5ZjZYsFOoyUBl/kJ0HN2+G/4pS -LzsqHmNFCyHjsblpwpqT+7bPzQ53DX/mKSnhoN3cf1gPmDPrDLwcl0Qud9jMNP6J -qtoKVu6u5Kw5A+671iNX4AHMf+9iOE+Qq5GCicp2qtiSCPygPZ2n7hPQePlPqmrU -9wQJAw9Wn4q/tCcw/bjlha56i2dwaj4S83QHm/Qi7xZZ5IYOfeNuvTDiYjfSTPlw -9cPm43y01kjq4L/iWbdvTZW2YQARAQABtB5GZXJlbmMgS292YWNzIDx0eXJhZWxA -cGhwLm5ldD6JAT4EEwECACgFAlLVC7ICGwMFCQtHNQAGCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheAAAoJEMK/C8Qzz8izayEH/jpOXK+HzUhvjh1DKLsejFu4aoTijFrT -mp9lHE9XGhKwx9j5GTdlFW9qEZ7xo2hwRvUuxJ45xRFpsag5Yo6AEJo8xM0/YvHP -o3+x/IaZL05y8fPQjMqPWZ8DYuHTOfZJ747gyIOSTc9D2BWr88J5XQaXS9Li0O/o -z9JFyCvqYsdFlup5rPhWctc64szJ5DZY8jxgvmjftdz0LOx2e49CnW1Un9XWySWN -+203axbukYTdW3OyvFnLoRDs9mXKO0JQ4QY3a2K86q/CrXZKlJnc0pJz+olhPUQE -Rt4nfTBPn8moFGu3x5HRuzNuynN+J/uFjRq1ZPqfvzKY5k5RkOUwEWm5AQ0EUtUL -sgEIALRsr00wE78LSIjjH5LdqAxn1ifw/E4ot13y+3aJAbA6XqQqVBUg8kiL/ZJ7 -jiW6n8ZFRnVqpmsXArcLLH1lGMzZ5n6BJr71uPjCH4ETODdbEt4U/igKPit4Z1/o -YKkXG5pa4iUmkvIFakvdmx8EAcylTyBP2Z3Wa5B/3Ewnl5qL2inygIdgAtWQbpuS -AmqNDg5qzs0baPVC7JSXp6EbquKJ+nkWgzMcJ4ZS3S1fd+L9M8bdC8YEg+No/cfL -O7BpA0Topt7icu6W2iF/mELav+ltedNb9bMZk7rKCzJs9HFpK6INJ5njk6OHc0s8 -2SNaOuzmtJmgCP96YQYTrA7LSkkAEQEAAYkBJQQYAQIADwUCUtULsgIbDAUJC0c1 -AAAKCRDCvwvEM8/Is8hkCADNNELhsW4s52Ci4MZij3+VskxGvj/VsWre/odTuKcd -WWFqNFdqHTF0S0VZtyUjGIWxYunnet+gVKSD8weN1io73vuEvkoOuAARSs7xryVx -8j63RmeSDbzt/aNoj8yFhsp2mdYWBCOYEO94B8RoU6U/xMA0vrxZfACYWvb90+u5 -TmKb1Cqm3YJ8eFENSZSo0QdxkWFJIXHKjzLJ2LxO6se35v7H2itflaMretbdzmIp -grhJ/PpCumDLI9Z0o43XE1cvvsT5Aq8Jff2zX6Q/leADXw6m7wE8clvfvS/xcZb+ -DeN6qafb4VLTZ6HaxbT3anJNu+NvhQFSTfBfwpChseCfmQENBFhJm64BCAC/9u6N -deqwFuJT5TNbKVrlVnmHihg96XSYGwl8UPiiYuO3JxXZaduBw0955FOc6X2cAoOJ -rRYv1zZO10nWS3n5CfjUn9rLZ1dnmL87+gZcOUfejBo2EmLIVM1yTsLZvigxIhjC -UdiQDsUNhN0h1QMwprKAugyhtS4UI9DepsEt9KaqVQ4Jw1M6N0b/enkQYs+PHk5T -bWUqwdvuGDVeZI2poBo2SL5igUfe2EAOZLZo0CY+tCsge1hu+fYxckEF4C8SltQq -iXnk5Z/SvqhuRV0lvOYBshwun+6qgC5UJ8qHsfW7pK+QewfxnsAsW6gbuKorluCi -Rg2hCIwK3fAJ0SLHABEBAAG0HUpvZSBXYXRraW5zIDxrcmFram9lQHBocC5uZXQ+ -iQE3BBMBCAAhBQJYSZuuAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPm6 -Ctoxy9ie5VAIALXzzB78e3Fe0J83zOfj7VBHRoIsljdnlOPirIciZquOoeOOMpSd -wgHA8sdlFxzspEDyN4X1YU2zJ5emE4x1bNSY8tI9h7Xflq6kGJ3zlYa5SQ9w97Z0 -Mnas0j7wbJGeajPmbb6ZFfWY83rowHUuIujql+RN0Av2MKxEXXeydOdZGImvzCoN -ltHWlmoHxI9+oerPOQ+04RxhFnCvwv5HyiN29O8sn08F92wXRrKzLcudXJeUZgQI -Vmv5spY84SMldv/lSr18s3lPlvQDafPjbzUs7Q6dJFiiGdW+sOW3MntJYAe9n8X2 -tly5owMs58N8BNThMJoLhtIm1MNZzoGnMBa5AQ0EWEmbrgEIAOF4kVuofaESBahV -CR4jWl0wWbiv3RNOUb/7Vm1TXeH8kmkLkIPGdiDSrc/yENi9i9I/e+7fzV+NY4B0 -IzPewUfLUrbrUR43LRBhumNAkpDEaXYQnz+MGYIXj/2pWJoVs0tJMauspCJK9+iT -bFPENE7nllQb0bI1FZ2nSgCdw3u47o7Dc3UKh0xWrC9G18BJSZbPn9eUZ0ioDZaV -CnxvJfS+MbSj9KJfG6xgngK/khSrMPiyBMXs1mSXI+pZSMFXTRl+U9vIN9qkdsP1 -vgin7CgwQa2V0MHPdQap7NszbpG0dduxRkvgM7uK2Y7QCviDq8eVbC8fqsAvRe+U -DIXbA3sAEQEAAYkBHwQYAQgACQUCWEmbrgIbDAAKCRD5ugraMcvYnoIuB/9cHKVJ -hmGe105G0XeYNVq+X0yzSugMfAwVGJOIY4bdkbxSOj67eAc1xTH6wbx7KHHhDfDV -N/5KHxJSm+uJXE6hi62dY++syPdoqhv/1AMD0YKpx62Erm9zqJ3/k5pCPmzFLEni -Q48bdZFxaVUZBvZ4c4cq7aE5kY/WfSN/WNOJ79zSo+vT2RntuFY24Rkplwo+aiq/ -gEdwKvuOzVDc07G+idozfWIYAWXRgiGDEgUgmPkNbpYLoM1MPKTTkBVMjYvEESdk -iPjHHcBugV5kpsuyWm6jtbgR2Jt84gq8+qv9gVgkT0xo+Jf/9X7so8CXqtI9P1ke -Q51gXM3lQFXkp7FQuQENBFhJnJYBCAC/Q4RbdpAwRval9S6doIVKvPu27haj4Irp -pgz4c0NKtnGY6MkYOXwMJmd1KGnV4kU+zJAXCj+4fo0nUnPwMl+vkr6X3KtOOMr9 -Bb5T1wnj2YieYpA0oEf4Jnic8qQZKz6SV2aZxB/FgS+orOC1mDv1xmSPuHfCZuH2 -JtHA+4y+3XqYt0ZusS31vSsv63HiUqt0c33BMrTdgDmP0yntDnS1Qb7cgwhMe6AV -XHHNJDZSNbCWkwu1ASHfrTRUt1ijEUZocGBIEmMN+vdyU4Nd5aF/4fiQRoNOq3WL -jknaKM+uAJ62AguDzuEkn3z6Ei2rlg3KN/9L3Mzi7D7gdVwhseytABEBAAGJAR8E -GAEIAAkFAlhJnJYCGyAACgkQ+boK2jHL2J7hpgf9EDjp0U9FgpmW0JVKOshmkdJI -oF0km4YBKn5KLjVTmPNP2js3gD4PMkfuXMUR2/uDQJvEpgL/DqbKqt8TgupxGsMm -Q3mYgnaiVwDH0yNSz6rpzYSsvnZxaIyKjpp963RfQqAtg42PF3Dje8vlMT7lo7Pb -8naUr+bu7PaIsPZL1Bl0lGMymAKS/AUZ6B1eUIy7Qg+/Qcl95+f/4nnQuxTpA5kq -cibAAWpM/xbxbpKoydbJZG0opxgai9hvy7hOf0Rlep7cdISuP5YcAdGWYSHq5t4R -JplGLFlBD4hOAzkTi8KmtjriLEIp7fMG8QCYYge3O32KK6BSdWmgYjuINvO0LJkB -DQRR57TsAQgA6HxRNeaHCYSGoy9hbBtSAUMqsFK4qS8KGoeJULIUy6PKeMd68sx1 -xgVsUVVvFJdOsQTmAGqYs4/s/9vUXm3hR0PLzVmH7BqbIq4icV98/ohOcYGPqaYm -uXLnOz2D+ww1JZOnfVNQn1ozcTIZCR7bfSi5C0OzP98OZceDfyyYxpe/bTBIoO93 -ioAlEh7R3uYsydcgNi3Lzq8XkOHMJy3dh/aGdi9cVEovXnPL/ME+zPjOyTUta6ne -i9fIhPrC35U5/MC7kVsbqKAnbQHh7C0zsMcCepsaxyDqTKccoyYNT4jtQ5OJcec5 -oUb9xqqGvhM7xFSfz2dYuMWwsW4kKF9fFwARAQABtB1KdWxpZW4gUGF1bGkgPGpw -YXVsaUBwaHAubmV0PokBPgQTAQIAKAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC -F4AFAlePbCMFCQW6LCAACgkQ/oV9mpDZDsGEZQf+IGuWdkgQlnqNtenMm1vJcv/e -moNOQYIOPYRmiS1zs04oWBpFiFL87m/IioenkGhBRpLg3zUpwhU9MAqTCPiRvFN/ -7I+vcSs3iLHaLix+dzqrc+GDic/3zO+UUX+wYCffPXIyVtrIiWn52EMQg1pCHeeh -0aB3kiJenKiH1iuuoSfSDMtcMO0cAHDBG/wDkXRtsdRhndWRflC9WzJ8pWATo8U3 -A8E0DfaFsME01wqRlWh3kMBq4swOTKZGrh7SfSnfFAADsgfo+i6t+Krib+fWdvqd -bj7QcpGD54NAV/+X4SjYqZH6HEWRQrf5QgMiUdpJGKEpP+pwimHuvhay/c0JI5kB -DQRPZjicAQgA8Ox4NnaWJYppK+wWEZthERd+vYUBqbYD7Mb3I4EL2ptQQCIbj0Sb -ak4hhwjEvcHO1g6BHtp/Wb+uYjGnnO4EsXoAWOqUd9UG3KWjqonDgYmYihfhkdzE -ZmzKqYsTOWy0vfFlFROLDpr+L/Bvf27ShqAc8gK0cc3Q67AyHFNCuwbzaaTOeIEF -+U53qS6kYimphapLMjfLOdm/GVXSIAK8ylbhuZok3uqtM/qd3Z+kvo0ltw2U9qRi -MDHfnAveNGRJjQJ4qSDLCcrifB3DuKR0JwKLICGqb4TcRRIQrwV1yPi25nzK1jIr -Wh+100cnN//mW78L1JmFp8hvXA9p1pqKpwARAQABtCVKb2hhbm5lcyBTY2hsw7x0 -ZXIgPGpvaGFubmVzQHBocC5uZXQ+iQE+BBMBAgAoBQJPZjoGAhsDBQkJZgGABgsJ -CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB97E5p/JyD12j/CADfvPn7iEB2FgqD -ZY84Y+/pfF6qvQwMdrhj7RwXNZqBPKTCQLAwNPhAlKUZpbNaaAvGSCD5CjACR1FU -ue+KtspRQWhqBrOozJ+t2OyMw8Hym6ZixqOio0kb4gI6xbaEXXzl6bIjHWjU1OdE -Fd4vXd9eA705qgy6BKT2dYpfLJoY8iIafZfhpfVsjrrxN6Hp97ki/k6hYWww9Imh -NRrSrQazG4NuRojIRHHhTSLKYPauXkMeIqFUBDWuBKvpiiaHMgW9r+38oAXqn7x9 -Pt9CnXHirpNxrl5kszP+tETSYf9jao7ZOWU/Ii9gL2OlTkPtupG1NQbQw7C0RZX6 -R3AqmjLBtCtKb2hhbm5lcyBTY2hsw7x0ZXIgPGpvaGFubmVzQHNjaGx1ZXRlcnMu -ZGU+iQE+BBMBAgAoBQJPZjopAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIe -AQIXgAAKCRB97E5p/JyD10K0CADiH0gD7j2HcPJ5uIXgXlLwAr7t3dE/gCeQSNYw -G8T4xqcPQ5cSWrPFD/8ofR9uRP2lgR9gI9RUxzG0+hr2K+F+aP5zr/ARE+IoeSbI -DHwwSjlCHC07Rb5rFbhok4TdWFAsOX7eG/gh7F8fY1Svvk53LFcmttacto4Mg05M -KFsYXHz6q8LkCFlooX6JfxHFAfh8qrQaYuYO3rNo48KIkumR3xXt4QvXP/UrytVt -xxH3tkcuKbW5J+dzjCItv0VtMXgUwSXSCvDA2pkXw7NfGsNihf1VpgIRhTEpkcU2 -dOVkhUUquicLGnTCatHPtn+6jYUu6tQUOxXlMUFMhlE+653L -=bWxl +mQINBGBd5LkBEADOcegzhSUO+DqPpQSTRyVE5mHE9dAhpexUvAmyT3b5rJoOgUXp +I+/VzKa2t40gkcdkg/uHZbMGTQg43fvtsY1eD32uveJK0rMntBINnOaf7jDRa9Qd +KqXWyQIbOSM/yyyItc6n2mFC4rZHaNU1QwZCPGEYt4PTgTmOiFj6NHfyWMIUzITY +a/7EkuFcV3tiqeu8Gm2cGllFgaQ09/3dhLzblstggd4f1A7z75aoGmMy6xvwFzc3 +ZAy1rxXdF5QCpds+uvWXkrpNJpRGZJ4eR8O42LODJEpgRGk4LA+jvZunW0gtJOIK +mAGfX2ISk28arCR129dxahHHKefUS8Qc2zTK6/I/Bp/ZMVc/NC3os6JurQJD/Kff +4amhNaBYRWD+Nn7fR+itZ3HPBH2yf0nzL0cgwGt37GbQXGqRvHcwmoABY9m3WZVC +1ImdOS6T3zMrUC4ATyD/qtUs6NuxyV22C1jLRtGqu2YMdAw+s1G6V6Q3Y0SrlRqw +0Nb4Ug0gMwKZdVCU+22qGmVJ44D7fSr7AyIZmSrC4i6IoF9I0pcpZYdIImgOBnmS +mwOIin5/k0Oqg3gZWZAn2YV6qpVn3RjVz/GkFkml31TneDi+aZJSvmypbvTjkaH/ +zALwKpcSIdVZYlmlWfWprG8UY3Wc3XJq6zRYjG9YAdgZLzH+7B7yr/VR8wARAQAB +tCFTZXJnZXkgUGFudGVsZWV2IDxzZXJnZXlAcGhwLm5ldD6JAlcEEwEIAEECGwMF +CwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGQEWIQTmCRPk3yCZB9jjDZZlmpfJzyp5 +WgUCYmuyVgUJEO1yXAAKCRBlmpfJzyp5WoQ2EACCVGtdOTFMQWF7cpnAbNFSGzMv +9dffE7aOacVahEcRMuu5O5ONhZMlKweXjXJjmXJga4XxZifcopnoJEiiAmd6eb1o +deHfrXAarKig/HqCHXtTFBc0ADEgIew9ErHjKCipg3uBAxvR8ndCV/xDmAIDdZGM +7uhklYvtk68jgzK3tzYyDzes+eQKhjQdXfHgp2MqV+aeuuy8csFWvJV/DJDTXFMe +DwAm9tB8fMqHZDOlF1jpl+FbXS3NdN/Oee8Ltja+x5iTMMI5lVmnHpemx62W+O2y +CHUdd4TXxI6afvpKXnHDjsXZoZoLU1iYwVtA7XGIZTCzfzWMvFsXtXp+3GsfOFFZ +teXYk4XgoF+3m+VRUDXckyd33Hc2WZDIe4PKYU+SjxV9Gn/Ltq9XzwPb9UgLoi6u +FRnJo9r4zATKeU4e0mK9mZyy5Ndl57tHXsEd+r2Saih0kv0bX3LxWI8ab6JWpOCF +WY+3nVUXJq5aH3Gtsdv/XUqk+M7616LIsdDZbLZ789QrE9mOEvADns9wIjt8XFcd +//5k7/OM/5f/GK0+p9dv51uSnuyqtX21StG5/Y+ixu0MuK7jK2gSmQ0HwoU2uzlU +XvFyIWgEH/+QUgM1QoflovBjp+5cwIb7CIl0sqPDoRbaWWAqtgiRIFeI/UcIss2W +qHUY+bIZbtipSA+Tv4kCVAQTAQgAPhYhBOYJE+TfIJkH2OMNlmWal8nPKnlaBQJg +XeS5AhsDBQkHhh9cBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGWal8nPKnla +g6MP/RZIYMYAw1DM5cx/Q8BcfAYj1c4pwURS6s4ffxcSTf0Q/mIAEk2cZC8Ja4td +z05Sq6IBMZG2xtPK2y4xNq/ok2peUFo07vmcqTXHUT7vUWSfVh6qCUkrjuamb9m5 +8Y4XjCqnV/ZFVnATmhyAXKIeEtrm35LeuBOGF3+x+/rBpJAdrNF/kKd2ynFH/N5C +9boBEA+0RGyf8kJSdCF6QohXzh4j9cVBnPWf2prF40zmvYTkhcsBALUmwTVx0bGz +vriXOrs92WLoiD+InYYFiMmp9YMQWfc8CBHTi4upMjF8qI63jx5u/u+M5FYcadwF +c4roaioju4dZ2GgDB+pzTFrCzEJNnzpCFaYU6MsY9f7XJ+hVLsv9+9GaFnBNwxQj +18gkaIXsRr1cnQNFg+bBU7OaOmEIh20ZQVLx6pK6vkJG1MrXovIY58RnecAeDvcA +TblWx7riRd+/5wZOH70zOhFoIZTxc2jTNq8Ysc99EttS+1ImS1CUPhUeVCIpBULS +wpEG/Iifz6+rEOtetLisiB1nJ8EwOtcq8WXKWeGzKg9E+AWjoRNg+WpEXffxmcN4 +U7uQqsSDcLE4D3Tt2wkagwitpq5eJUGpwiHFi09IBrsTy8iXYXvd4ObtWVdgeHqO +2HvEKxCtolhhWsZumE5eD/SjdmX1TNOsCqdHboKPRxx9gHo3iQJXBBMBCABBAhsD +BQkHhh9cBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE5gkT5N8gmQfY4w2WZZqX +yc8qeVoFAmBm4AoCGQEACgkQZZqXyc8qeVpQHA//bwPwWeyHzbA1saijcvqlot1K +63lYhp8XvmSlQoll1rx3caa6A0LIjf+/m5bORhhpqnZjf59Lt6NPtIZuc3oTO+fq +/WBWikOjLHifeFA6kbahwC7yA5Q788xrOlaQw+SHX6gorxYgzp7ppK3xsoS0kRd3 +ij8JUXZDg3fn3yTcH40+01RjYw9k9p5FhwMEWutN9lEJdnSWlCAMWTBcp9vYsm82 +pAQA90yRiTQuB8vbxR+sZi7sDMA7sSpZNe3bzs9pubJ7FvZ2qAk1TRBfncA07EI+ +bVnW3v0bgW1V7zuIUAHRxaelTbZidpvAm7PTVX2eG4CUTYGVBoVJ/xtOyWdHN8AB +fCwHcQiQp19UZw1o6VIRMODi4eSkf1zsSodXZ6lmbl3pE1ctftXChLZNK6kfTMkL +Uzw8uvCDIl1bI7Ns00hUqvnrjB4MQPtzViW427JYH+d2xbXIxcCslUHEqY2dGTAK +tJ/9mfLYphYviEi78cXvE/DTwranpNLr5MeZyp4ZNvs7WlRSoMCkNnm7BPHwJ0dw +pyys4IQkQFiJY04X57irisWMDugbMRfeT3yH/fLqERLPUatf6f/KPXV9j1ECa8t1 +vf/cpQQJvNKLZBmgsz69vUFEdImPXu2rROfvgYW9goW5VZABhCow1XAzvtKBQrLL +13D5xK4N1a2OWWr+/Oe0KFNlcmdleSBQYW50ZWxlZXYgPHNlcmdleUBzLXBhbnRl +bGVldi5ydT6JAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTm +CRPk3yCZB9jjDZZlmpfJzyp5WgUCYmuyVgUJEO1yXAAKCRBlmpfJzyp5Wni0D/93 +RGKQjWMUseorSyJDJ1Yn3VouznuwE6iBnyDuWeLmfRNCQr9Agx8uADEO/DRuu8yu +V0p4KAhh3bF1MPYfOe3bV06lSqRu8AwAUiUAvoOobuLCuu7aRZbvGXPiBrRnNnjY +0xUnIjHZQmqHGPnoVlVbrhHsOyr3VXxDMSSC0ZN4K4as7F6ND2nj6o0Sv5cf8GBw +1u9ueQC4myfEN8n/YfiznRGtKh9cbHUj+xuebdZAQqBrBW0/LDyzcxTLas7ok4EI +LEzDTnosDqz0VCMOMlUDjubL2dPmoIzhn9IpJRtIXkDAuyxihQMyiBbcVa1eoUoM +B7e8tnwOUb0QUdM2Rui+W1JD9P/bcRenOh7ElYoQDqV9jMqXpebhw4J6qunhmzMx +uNDKDpp2lnBayAja/rmS2NRXwJa9TZeLMoqlxd+vqwNnud0FXD6dp5b/SEfoo1rV +FSDvsXKQBSmeTcFhETvqEKBjZKrlu1CuMfIzvHs5GLP5wumPnCdwIrj0u+mr5z+O +/0gL28lSw2pss8rfJkjLJ8qoIIc+or6qlhPNdItdNwHxQow6JDU3dLs6QnC++FTe +aRbL3iOet8Vop2yKALYD7xR3dfDX2IJMi25OvVeLP4dKJw/KRIndtxMQylyjlwWc +59QcOe8/2RQsckpVC0LOfQTBU3WPVV06l/JdqWoZi4kCVAQTAQgAPhYhBOYJE+Tf +IJkH2OMNlmWal8nPKnlaBQJgZuAKAhsDBQkHhh9cBQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJEGWal8nPKnlaMXgQAMMmeT3eX5zj5Edis70tTogH9b6UW0HO8Px+ +S8RxOXQVs4wnlwEjoPIelbDHU1BCaInlspTSGb/6f7GXPHaGK9+IFSX8I5As7scY +oV0OqPFd8Gz8c5HEb1Y83wS13XSLEn8+lp3lcuwPVx1xGrgphNTlFcL2u65ZBonP +lk+8/4CMtK7L+gxKxptDDFII8WMJw/33m4vWhMqyz2Atl5e/5sm2UG9wAbAuFGTb +FDthzZaPoIx/oUVCamAtDtsT2Aza2VnguG+70W6aSkRtE/dxLdMywn75zKE1b5/c +0sJO08ji7BjHRLHEeLkr6ZoTlMq9py9qfWIz+lEbmo8QWqNz/hYBSwMwhJF3qGIr +TE4vMOAdP0/Q71p67DcPBPHm1QssobmyTZATMAhd0vJBrsUNBCZ5+UWCqE+bu9on +pABzfmCX2SguGSdNzzSfXZozEm2TZuqacBuHRKTy+HOS5vv1qDaykT/wSaOUs/OV +eJzQ3guTIvksMynpILgSpSCrx0CCFwQoN0Fr0Hu8Avp+4AZ7p6A2D8OaHvrjh7yX +1xXoHCwtxz+19+lX2byhq0FYGgxUSB7TxK3/bG4RyOW2xx5o47gcjSB3aHX9TgwJ +XZedh8ACeuI15ZUqrYVCIFL8U1iB2BPOgNPJIkFj9wZzbx+RCd550rfuXhXyih7z +/aclxELJtC1TZXJnZXkgUGFudGVsZWV2IDxzZXJnZXlAc2VyZ2V5cGFudGVsZWV2 +LmNvbT6JAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTmCRPk +3yCZB9jjDZZlmpfJzyp5WgUCYmuyVgUJEO1yXAAKCRBlmpfJzyp5WlRDEACcPD/D +ra0f0HW4qqu0ZYeorsmRqyI2+pb1tsXU5qLn7VUZebyRaLkt3kq/E3emnxB2Mftn +3OW9YzHDWQcjczHtkKPrfeU82Ja13TF5vutyHUSTn9RqzL5ftx+O4OZ0H5cqssny +pgdnkBA5ca2G2s3DqnpthZP7e2Yh3vPEEHg5HvE7GsH1cyN73Efp4xAJltFSdFVt +NDrZ8xIjw9iUnnl0Pa6YxFKuy5AsLTv9T6yhAP882o5fW1jqiTUpKq4l/GCjKZWI +jBgUQaUPDdWISNhG0qoK/GUNpR/WfaJMdyYFt9bG+NGSx+g0RXYOWmn3OEVga5J7 +f1pkXgciOdHY4FMRGWGGhDDcfaWBTXVak/iMlWbrPNwUeu371W4pMkZaDHq0RqFb +zkX5ePCcUqeOHZPz5qrjASkOrDrp75D5Zho6UcMEaOmA3E883LZQCY+zh9H9n34U +UIqla2js7pnq9Ab0uYOVe5F+TirH3qAzIrpfbralGnED6lgLbJaxU3eUTu13L/xg +UfH2jqa4mvDBS4g+rBqj4J2Qcbc/fjnUEintu2HN8QGJEpkNSFAjuWXQ0Dmjidl7 +10DzcVZy+WMcHmANeXZ7MSXXvGwUV+RC5Kr/PzVATkCwJUY+cemU3E/+vp+oUOF1 +OxvISKKEF1QH9p64kyE0ezPJ5SsVz4nzi6CE+YkCVAQTAQgAPhYhBOYJE+TfIJkH +2OMNlmWal8nPKnlaBQJiQseFAhsDBQkHhh9cBQsJCAcCBhUKCQgLAgQWAgMBAh4B +AheAAAoJEGWal8nPKnlaHBcP/jr73jve8nA9PtE/LpQrr1cdhUyIIO64qAxrn2SB +PMmviXP1ECKJisjOulz7a8XIfC4AsVCuYRsapZhuubXHiv6qkbAcMIBGp7DURRvY +oRDOBHei4sTQ6lFTNe+vIFj7ULBAwQ4g9K95G+29NlXgdtHsms65GLz4KrXGaTZO +EsPz4UBRYZ+FbiBH3EF8yeAxrbbzkVSJz1s3pz1uLn4KbMB+aYD+88q1XQnBH/yM +7y3d2KDsXiVd2Nal8ITa0fiSDw79V5CL/JEtpqS1Ws+Sm4A291h7mGJ1uJ4MGt8p +jBW/l8tgx9s9I+PXsj/UHZoodRufB12CGoldzhLqYupgIHrOFusgPbFy9ZOV2jm2 +L8MVAkOmdNdag5p6XzxqHU2V0/EU9vGM96P2DzGiUKXu9YDLPxg/JGo1lW0OPLAE +gzcVoss2hC3+H3TjjWGbX58J/qGf7oGwvvGd2X8G98+LLE9pUfwnS3bbCOuO0WiV +a5UVXgHoaIVdq3HYesZ58H0ZY6cH99D2eC3FcNaM4d0815QcMUUKn0qT8fstbPLu +9i1oBaF+PuGiYO+0p9pLZVF92g1G1Y1EpG7gUhrRMA3q5Iue5dm2QP8bwST8ukRy +k9v1ty9XUqxwQctgvvBZqPEDEYmfEVHx+uOtrodUk/qY/ygmJ7c3XDSAQtFreyYj +ddoCuQINBGBd5LkBEACQOGIgEElrUeaXcwHfIMODsm9VsMADoGL3Dld7KbSyoh0z +rbdTY79FCXPN9leyDd/hrrpmOi3W3VrEVldc3Dqn332Rm0TnGTXRByrrN+ZQMzrK +uWZq2YIia76aVZGtbtiptrsOmBYnmbgVcZOnTw2nyc0mIgJobsd+Tse1kiPMyv3l +99pNpeyJItp28/SjaSc/Ry8Es9ZAoxTz0AMjzGHzSabqiaydJvLZ+W5R66BIo2gr +Emp2ipYJYPluvRimTdTIb2BRyglTJCYLaBRSz2DWSzJ6r/EaWtNwn2XtzkjaJvJ+ +tGtp9bITlmD++UosF9+exKQitX7RzhEWOOW15GboSKDqVWZds5dt9KikjK8b0hiZ +uBjm1Ff9oy+k55RxurH1Z+y6nUxhju2HkH9dJclAKxGDaTWcyXseCr0xWuaQoK5f +Ui9YGYCKWvGUCp2V2pID7z9knFDJql0O3Dx5xXQ0gUUba0LGh2clyXlFVlEaw7iA +2NBVlboeneS2lwMuwmSk2GewfzIr2GYG97/8oF+2nNvQjXdbtskwmjPquDnYUNs7 +301mYsmX03zmYI80hK+FocU4spzIWlE6e57Z6IRHw4u/8zbif/ae+nVJbCSG/6Iz +oUhPXIIWnFeNfEIhIkzWhiZMz17laPfSNkC9hyDAP0pj9MbNJmjVb8E+K4hCJQAR +AQABiQI8BBgBCAAmFiEE5gkT5N8gmQfY4w2WZZqXyc8qeVoFAmBd5LkCGwwFCQeG +H1wACgkQZZqXyc8qeVrqbA//cP+RgzaeS+hcsw7wrSrn1ju5/dITfBnZUfIN39do +qM59dAUTIrlGplgj6Zu//Ejnz5ehWV/3LedTPJREJoFFo+29NunLpvxjcBHDzFPn +AFgNVpjTHOUeOJ0VU2cMnUwo2/CfrxXipl1fV3HMcH4+tR5kblhWgYJLDVq7hioa +5g/RW4TkB5j2k/pz+YLuxK4sAnuLORrPog2IhbuFwlxE9djY13IJHDNJjfpQAjtl +Wcp6u+krV5esuGnBJtsGBLj+iH6x273ShBvfZ0lFVNln+dPXwJHpO3G+y7msW3xD +htWRceINk++uvP2Q4KjWl7cN9c5vahEyUXehnqH4yE0Lchm9VMRjRYrrYjkat964 +Z0wG9wj4EWlD6mu/ttlU5T+NmVAvoMR9DZPZ41zbGJg/V0rCiofqFxvyPc6J2zzz +E98vF4wg9kGAIvLHBEkhbwKFKH9H2+j0/4c2YWS3tMvL4BVCblBX+CZ2/AmdNLe0 +Ow9QEDtZfakyxhtAQPNbJB2uZICCkbDmdoerP6FyMYrpWxhb9sfkVB44p9Q8TgRU ++khxeNAT/8nOsnywmQ8hMPgjxwisyjYNJ6yys4O+QOii0LnALAPaPMrNvBWMZOC2 +botZMhqZLRSyEAcOT22d13GA8PzJ4XNdtBEkLuwGgVwtwFEmsXq6uUQGCaZajgBs +i1iZAg0EWPFG2gEQAORLr5Dtp/BgM8Weole7IXZki9fKwMGumv/Fut7iNV6IL8cg +QtpB504mo7VX4GCdNGR+Giv5ireZnW6f7rMkiIVybkqnuw9mOHXkkX3o+wDh7YSH +l4J4nONcePWcApd+fn4KClgTIvfSvX8AKSaj1MoiJTEgNlGRm/GNjhQp6j4SgmjR +WK61Xya9JODFrP2DM+Fnk4lHzMQJPyPdPx360EPzBbHGYZnS94678wF7DUL8EOvx +GpMJcPLBRvI25Kx1vdrlou4i4t6RIlVIJwXA8iN7VatfgXILjb56U6nRJemNbN1v +Tw1dfgMRjzNXJVcjVJxKlNuyV99wWRjrQ0mGOk/u3znov29MtF8cgz0Eh1Jgf9qv +mYRDS/IluI1+THm0gycSachhuaeOOZw9kMpng/JARQRYXcOo044BaGT0dQwUSQA2 +R3W8Rw01DGAPZ44kzp6B9S/0q24ARxFfaIO7eAjIT7nnH3ZVWgQkO7kz5Do9gZQg +yHufPaBLeWeWkba+q5CmoNL1SiCxnwvg2y6R0/aLFEWcP2ppM56apFjAim05frC+ +u1Hs+ZY6edFnk5ykrn+rIr2IItjttscNWIGhXS4sQc09MMeOsAsmupL50fWCViJ3 +/zY68oTcpESNGkw5bzec19ByqQyL1+EfxZSTPo4Pol6a8H+z8LAFLbDf70sBABEB +AAG0HlNhcmEgR29sZW1vbiA8cG9sbGl0YUBwaHAubmV0PokCPgQTAQIAKAIbAwYL +CQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlj9M54FCQ00VS0ACgkQ29s5dHDRIXLX +Fg/+NB42/hZQ8rczQeXcS8Sc544PF4/KxTSSG+CfD+ZG1C7sE7BF1sHQda/wrHQd +cvtcjiXabIdFlt30+sGUbhgViNmpaapD1YaUsHEOlIk15E6lOAqOHEDaE6XXEfYS +3mRtFxnOkkn3O4PeuqSrzRLe79QAH9DNh8lYqdAFNeL/emxk0BVNGnf/iwSfWQJ8 +SeU1Rg+KH82p1cTR+uUp4hM4CZq0PZyNhwmVz8RMuKXxKrWciCIT/74plqVtxdxF +IdVlJ38v582UwMiHqT2mNwTnraiLLIwcp53+kBfujUGqUqpLDGNCg2ySkgJUWTIy +/4/twg/I7ElryRobLIc0P7yLUbO/Bw+Eth45YPCaJcGzgRrxnspbGGLX3OXEysR8 +Bx8UiiZxGjF/NydJjcVUlgigTJIr8gGKK+p66fJ4MDYkbW8tJkhXmE2JxSKGniGe +FfhnWASU34Lrw/j1Jmx4XPG/PAyrlEhRtZXAiHb5aPnX9StQuCgzio2SB6MMtgXJ +PFst9er5OT3VRd2l6kEe8T0oVWqHgxsiXLH1MDM6LOot1mWc9HAtvetYEuy/tdsJ +N5i2niNVTxDfmGe8YXL4axJE4m/TiYlb7CHLP7PE4Qw+JVtUDm6bdltKPmii7zsz +0uIm2tQ6o1/LKp10sLwvkuDDCVgqo/5bpDgsx/9aGiPcUUK5Ag0EWPFG2gEQAKTz +B8mo/TcfPo9fxuveMRSWVKeB0P/bwrYLhFU46vvW7gUlFwQxH3xJs+cI0hS3gp15 +07UMmlhpzVe8hpUFsvERwGNExY2EGBlvGhDM+MVNYdD9TAdk+KLBCQvnl83V6MER +pwNXwHUnCqNwFuKLrMi0tRX+DEYfslx79/soEzu9aVo/7EemZ36I8rWzArnA1DMM +vzdvs0/KPnx+qWaHngWv6Nym5SPKdph+O0myDBzgJJx1qLsVyVy0syDxjwNbv9uS +p/UFDL0OKTzYhZI3jCBUzV5ZIbH4/M+WyEYf8LwHndTfnc1xGGMWnfNffXBCGwms +Dsmn7XRLcdtcauvdpUYwyrd2pIEanfyIolSYnfPJW9vLkyTj7wUWYyTeBW5ATnal +bgQ6VJVA1ALzLNiyBob/g3QzwNGlt8+FPnCIP9BxvsxRdMT3p3Oz8pzI8mO79qrh +wnoOClsmYzo5nCfHkdjBrnxGA7ABUFuzFg5rqhL4WPTZ5qJQRPB88e2oX2O4Jwzk +PSZwtlFPUjjMrrSo9vpkPO4WC5eDyGb92OOHZiUMUI0qoJkeS0IhJNZfm7VzIXmP +5Qvd+wpwABzKIdlX1Qfy2vq/SLQ/X1SN7ZkeT260mCBhJIzS7KoaGaLJ3yy7YWqK +0GW29OjTQpzyy/gBwOYKeDxJU7SiDXCIll2IckjtABEBAAGJAh8EGAECAAkFAljx +RtoCGwwACgkQ29s5dHDRIXJ27hAAt5gbY88wQ5C0xXqM5VPnVTRijTKX3hEmhAI4 +IJP8mRTIgNzMea1xUAGumK1fe0WXi9pwkze4pYpvNszuo7b4d3S7qvE76jxZQZEx +mnkiBxtqAM4ezS+itU3ZijROXxGipb3UwK+VEUD7yyeYqNZ9NiPyPFuEhQS1WshT +7ksMSAM/5Po++lpV5d8tgi2J4KxmCJveo/PmYzj2MMfzhcbkXX2THRC1UYmzufwW +twAZxCX+Iyubt1GtG6H3f3iieAi6bS6V3bztmWD2rXaImKKvfDTg2nLjcbXZFer1 +MP1pF9syFD4cHkOe9/jaZ8J8a9qVITSuD2aHUp5qJBRfELMJ/UPprcfnSuHUgOff +rdafjX8evSPie1WO8QnGz2dRvyqh3Ycw48s4WrDFyTu54Zp4M38ZnnOM90imljAT +ctsIzVkUuRX5CEV5/jNfCaXX8CcYYVQuAZiivAYJyGLOFTXBtlVyhQXvgy2mucCy +490XGXD7jIJwUR5hWkwNCD9l9nbxPUau4YeosmohWk66bjwRz5+OccBkAf106z+q +EG4IsT7nFShXI/aXC3QxoezlIubFEqFxXohZEkpOVn1h0NdtW/kuKwv+oM5ONGPu +86AI9GGSXIDQmMV7JMOlJ4BZcVmdpvSdgE9aTG13HFGu4R5A8Bg/W+XQ7oAEzFEA +jqjrMgiZAg0EWSVi6QEQAL20JKOeg2ze5w4D1E98py4rzskP2N163ZRSzDgMd38f +Cau3dPtYqgfUbBGn657n6/Nep0VFniAb7u2C9Sw601vmuHbZtMGxQh4ay+b+iYme +1cIVCFhx+O2TTineq2Ank8aNlqEJFiDhpDa0anYxvxq4W4U+we04ctZAIvu9BKGw +32YSQTMBBmef1Bgv4i9NBVIqxHLxdwdhlWTa5PbFBjYu+QC5xYXROuNTYsnYgV16 +lzT6PPXFqwFHRp9P1hxwelAfnDzI5b72j+fsGIwd+BPSwEx0oJ8pWhCtB7QKwWep +z/5Xg2yceTJStt8qIgWb4066kgykvr8D4iTLlimMghQc+5UvpUBjrCbjrdYjwU+T +420Z6Sb2OohLGKuRhawgShm0KvJwLw3SJRsarx4th0L17BTl1qAJ0sbCcO9iM6/M +fXnotOIT9K+urarSQEMBrsJMZGVP7ayAPz2iXvdC0BVQmy332VUcyYgvVxXgdSm8 +6VMkdF2w3pWGU+vDq577a+ZiwXzptieLq8wfoomeaJZrXCKNg7TCJKmG1NcBrQcT +8dNX6FJv1sJFvKKnB2qQR5qPywpzH35fI3FU6VR+jylBmctFN3rUW+P6xJNIRuj3 +lrmCLRYOfI22Jp8oS8vFqXtXJq1sBwIRwsNgBUd980uDh+bgffkc3RhClS35K5XB +ABEBAAG0GlJlbWkgQ29sbGV0IDxyZW1pQHBocC5uZXQ+iQI+BBMBAgAoBQJZJWLp +AhsDBQkNKGiABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDcn/jT7lryf04l +D/0e25ngEw8wMUZU9Rn0M/R3vgMX9BxPRXXTVOt0hn3ZHi6nnoO/jR2ONBlzZb0G +ak9UWv+/qp2Nql08fm++Zq2dAPP+cg5+jWLA9YbO+YqdsMFDiolfsl3o90P9iitw +P7S05A0osgYT1kVCdLzSLP2JpMbO9AoRAoQy6BBJ/eQbc0EQaopAGxNOsFA5QneD +zDqJ3b+om2sNFsv1O4JTvsOnH0dQCeOP8jGW93hFANr8EJjMZgmULJOxpVbepzsM +iH+lFp2q2zCCFIRO2XpJKj3Ie2hg4ZPFc7pSKQsQTyaI6Vo49CsL2EIP4tIZzlCE +0sEQp6zSXv3D2TD2pn1d+HinD+F/U3g7eQ8fJSDSr1BpfVcq2KCNNRyl1/Yqrwu2 +UHrSnjR5kTZ1XdPXVf6tyffekVJcx5Ml5o0odeh4Zy9r+DJlW2+LyImGq3D1A5ST +FEO8YH4URQh3dnXIC7tkDPqqJQKDEr9Unr+QFv5hhHwrgUcuY053kqiJN6spC7jb +e64xiVh8EelVn1i4QlCdMSmLMUR46BqLHHlEMueg+x3/Hn1VL15poqi1M9tb+sSn +tK9sqPR1HlYx8bJ384mtxZVnLz8qHkxz/go4cP4kYCnRsTXXdOQQShNnyA0cV0t2 +/nZX15dSR5PkjHJOFkGRTLqlqUMzwDm9p/oR63zE4vL1cbkCDQRZJWLpARAAq6MA +4O+x1u3mfV07b02PmG1ua3ozYDt46O3vJSPhQy0FoY4DTw7QNUDwwmS96kyr0AkF +cdkyL0PJzDevEEdAOockkzCCG7dGhDDXLlbKbsuIuGhZJT/ArQGso5QsHCH6RLq5 +0oDihatX+CvQkaZ90vx1mMEXXSQcJ8JyNyNa2YinYZFqg4pOUcK+I2ZHHPKptrvM +TRlzaZpD/jD3wEjzcaoPVtPyAX/mrBIjWF5wHC32hLsRtnVmITxJITwavo5HenlQ +0dvOrFRbLxbiveq6UItzqDUs9c/VXn1wzFf2NAnuVJ2/STwLotvq31abwbreE1iB +EICY1bkSeqJ5OvHjkr2+qip9AroCl/LRSg6q6K4rtAKVPfAF3uSbIqwJ9XRvBED9 +9X+wLVGeK7w9XsJGT2vK51RfJwqrfelKSs59mMUhCEKp0mRVzYw9sC6Pak4y60rA +YpGr8y3c7ycR8apZok9rfoLp2GU+qMQZMgSTk/j3cPMzt+PlVUhbJSsjxWb0WyVK +/Mgtw40cy0q1GzZxFgDTzk0oNcY3uLkCbsvtk41+pWzdXj3cgLCYAvN5JQs0uIy1 +f4RJB91YJLceiyeNtzog0OD0FGEW3kwRYn+pyEzeDg1C66Sq05iyIRTDxsLN6nAn +FemW81i7TJAPG8/7RHOMyjOu5XPdWgd7J/qtJa8AEQEAAYkCJQQYAQIADwUCWSVi +6QIbDAUJDShogAAKCRDcn/jT7lryf/yCD/9rvmBdDhyyINROxSd1v3gReqtp9+Yx +xPmgLN9w/4x5xu6/cbyhBl4tFyGxbaLhB5ye8/CtcAlwXyQm438pkvJ6HbU9YHLn +nCj/advA69ChyRekrnJV65zcOZ1NrEOdb27dClLBu+QTKgKl4cfqtnXCOqfxCLWT +ueMLiqBelGstB1GxLlQtel/cgz69rFtDlq9Wc1G7nMwDoz/St4vRFKOAx+eT7cDA +sK24yLLVpK0J7xXtjrT+hq6T4hkDVUmVLPaffrvlgPtORNkqRghhkdMHDdk9UmjT +yN1FRe0YmOk7LJZWM/sYwq9m5BVapwXJzxAcdog8MuR2LsH1gU9ap/Ak8F9Rdx3O +MBcjs3hexIR4ybxLxILgUoKJ2Kg/8D5tqYpw40dS5n4DO28uHbhlOSrMD+xFFils +wZRDOlwNtqy25cbrqzd72klrRHXjTXUDhuh/LpSt6H2rpNA06Q16BRR2NsZJ3Vt8 +0h1BdEfT4sFXWhpj/+/5oGOzDLiEnmheZCPmNAoWK1EI/2PO57IN0wlnSPQeGHgi +0LMVXnMgq1aLLulGnUNer0uOjJZ54t8q74esQaMzDJMYmIyNwvugId6JX9r59j3b +ClStjX+ZFUuoqoMgDr+IQvYNV/bVTutdjbrHG9/hAUiZlpgvApBgt7xM46MMD8j1 +tHUkmaHnjLDXQJkCDQRgh0E2ARAAuiFPWlxKVbiyTQM18C+6vVbdT5MSR6+5Ccp1 +IP9yEqznScthG6JWuxmxHby2evaPjW7C+b5jpk9gA9KRBnzIBPSliddtohHzeIa1 +k4c/rB3FXf0yl/RPfIPh06aCRrWHKeo2MRtGET+3Z9c0p/QmsFSaTLKEthtCWQf6 +tpSBC6D0SzI4nEQwRH2pkz4t78mIrn+L7wnGGM9wBDGIq7eX+6wa1TrNxVQaMxKq +zdnz0VrxYE54bEPDBIqufwzLJ8RatsIIXgCjyAF4WYiRaCh7K6YgADRJhmQWNqW1 +tOawWNWZiaYtcgq0pOfNnHT6NgmvjazRDyfbKaBIpwLQKaf6K4qyWG4ylYlqpoe5 +mGMr/zQECsBgRNbqd7UhlY9Kyht3/bHi72LAKR39JYREDf8qcwvqWA5Ul81sXEPG +4n4sW+l7pWhIAeVzh8Lr6Uyuh6DTXWTOOBZfgf3gF2nmy+lYdD9RDf9gwa+BRjW/ +L5V3bxsbO6yWyfPmjZmHjSHYOam2LmzbDtn1O8sPZEwzU3o+t0JdWtDHdsH2c3vH +Wcuiyf7S//yB9yT3dI709ctC1SCqGFayH79Os6JVaZaou9s33nNZKcNFUenU/y8o +QZcjbpqiTER3WZV+KVAqce/aTqJ4xzUzboYzjy5c2otKKFgbZaA2XzRqBUVTTSb/ +4Rr1TPsAEQEAAbQbQmVuIFJhbXNleSA8cmFtc2V5QHBocC5uZXQ+iQJUBBMBCAA+ +FiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmCHQTYCGwMFCQa/Gu8FCwkIBwIGFQoJ +CAsCBBYCAwECHgECF4AACgkQ+cOdwLlphUTMlhAAjvZwKf2oSr+1EH2f23TYI+AW +0slUUEgkh9Z4JEtCy/a+apYZr16Gqw9PeN3TJOo2xXaFFOTO82etshBS0dtECbak +3PjvgKVwge6pt2TuDB/IQfDa9akS2JVMdskDVqpDKkGsKN18m3SzrnCDgdKmh1J6 +Uk4DSyFYGEGFKBTiRS/Eko9NwXVQzmICOabw5UhAtR5kMsUwlXoUAeY4bQma8YyE ++nUd3dh02DLKGUXUmurH8wr55EFdtdIAxFKYG5RxXmnXpuS3UJD+9Tk3CLcHYcWm +y9rmPr/01mvhXmryLYN7gLIilePfV+wqN+CzeTZKEgNSHqu/HKGQIerWOpzm9hKW +2cX1sgSG38yffzctSgv68F6Nj9QhEpKFO3p4rqVycDFr+6Nvic2+g/5QYcKxNFw0 +r62i6MPFJgXWcjTMcYoKY1GYTKNboqnh42ymg2Sbx0DAZoS+C9U0zkmjnMAj+LiM +E7XiUbupNWEfWtVQU5QMoz4cwPoB2I5KnZ1deZjldrg4wnypZs8RRA/+rMV1x5Av +9iObNNA5qiuEB0H/ZQs+IHReFImm7PcdJ7Qm7PywFUKlpsBAeTz77J059ZFvuFHW +jFLqomLZMiVPm85Hpfy/iRxzGa+hBBudJ1VRMdKBun+J9UUhN6TxFt71o1Ge7iL4 +06QqADezCDOWQlwp8Ma5Ag0EYIdBNgEQANjT85q3ZvwQNw1Io8k13KtCUND43Z/J +NurVc9OFN7l/edFPWN6lip+yL+Lj/qvNrYAy/LE87sBBKwdiUFgfFxyoIfZD3SMJ +O7uJQnJTrkrHdpkLdTtUTj6OXzVbn9vmqqO9k1HEuANkOe87uEEWHtv6OPvHUAGw +d3Cr7NeOaDaYkIGwPhtrmNBo+v6eKu+Gv9jvjiYalpVZGWDt38uEvvcZHLnjoOAJ +V6OB3nq8yyLYcHLYEq2PEivad3bImfXb4DnJ6e5qA5WnJ7wXkPLtQsUnqJh7X82m +hWfKKm/ebSETgLTHW8jDy2JdHzlxvRoa5iCM6ATIsIT0g2YxDRll3UmpnArYjJaL +LScM1UleqTNzdiNhlytiIFvx1XuS8B/QT5SeIhhNi0FTas5YEzdpNPjsmHp+2yz+ +1Dh7Qct4dmm+lbAm2Q8dvWMYP/TyJxkfhfJXEiUQyHOK4Bl0ENOvu/vFKao+vDj1 +p9aJd9E5XTWP3i0V28XjzAM4hveogEFuw112oy8c9NKGrbAweWfKVUUz/QImf/LF +7MFy5B9FVZ4eDuVvNK3QcPb18HPsyXGg5J6yYkI36zChLLidnWeFY0cRpGHfZWfY +farjJrStkUQeTZ9LpZYExOHtyOKeaSVBXECEH3134RgJnhIe7vgC2zgu8Cx0nB7k +j1uU4ith5zA3ABEBAAGJAjwEGAEIACYWIQQ5tkE0PYwQSysUbcP5w53AuWmFRAUC +YIdBNgIbDAUJBr8a7wAKCRD5w53AuWmFRC35D/49YFUU+XTn5NskEX7XLIVd4fdU +WN3PDApf7PkWAVy47+7HhPJ5/2dVRuiIj3MLASWJzOWPKGj775S3NvbIbuw/DCyW +z0t44Dd5vjL2lOyOoR+7uMYhu0ghQao+163vHibk6DfyrJecAVRonPokmIWpuF6R +42RI8r+Yh/JLGR4cEKLIi69aIBBgXMFg3oOw4oSONbQfNrIqih8oTp9OiZoq9Q0u +zl6DK+m4lAD6O0X9QUxYdfATVQX4KxgKYFFHy5V99jMq3U8AlXccqFGByu9S53Gg +w2wh+XxUWVB4LpLQvdkr/LJhbaEXKOksRjCshtINFfNnJ6SELXZ3kxFWmj7GoyGh +kZiJKQUcN+952OHuG0S+MsQM+2iVvNlNt2sIVM2cptORUBXvPpLHYBoFfq0I9fJy +pF4jWcHUeoYUs5b3NPhrsVoMDLSjyCVPHwRE+NsgHL1HWEggHl7DIAA/V94bld+6 +PqpWbsiUQu9+3WQa8HSCb2Tdf6GdvAhXPOC8a4y+Xn426asPxVygntS+OwUNGy+k +cgnvMvasSnhdnxDC+o5K5h9vFZJMmhbmmzLIe6sELhkXrtgUMsHQ+Ir8LIHhXFgd +7v0ZTnKQ36vxJHV5q82d2FQWj3gjdBD7333HQO86FLnhSPiQqJ1m5nvTIN6HvvrX +A7zCpa9B1BlRVQsJBZkCDQRgZaKdARAAxAnpFCqutmBgnpIh/Mk+wLfMV3TQL9TE +tChpqIBAcQ+cRCCOcA+qS+ylITsymbICiFtTNdWcM77JzHOciQvPTJiOz+bWpUHq +FMzD8+UPXQQugDqbeib/YTW9BAjvxTfDd68GBWUYvMEhdYotftmwFKbjGg+YP2aa +KwywzTGGpDNW4abQjzWC8qQiVYc8H5OpRYGm8PCYh0JG4aKzvzXQ4EpoyZND+t2G +DVNhkidk9+N65b6hnwuqzjDdx+bK4NtspA3xvVB3Z32UnCS50joqEjIfu5TQXUZ4 +ciCL2FklllyeUOKq1wdnlhgRQcTMPqs8AvQuhQWlLp0/gMVyHxHigGlbxdOODYHN +/BlEK/Ui4iB3oeERRy5aPlAYyLqG4IX/ZZUMSgaz8rfYrKH7UmDg446m4s/T9iq+ +xE4Axt1jzTGmlHbIwy2lMk+GzloLKRnx98coSyHhUa+L7EUjC44YSWpegAsU9qzw +34PmNeclBHX/bN6R6L1iIzqMNemzRIgKEEvq8bTly5rpfkr7vVgceUOhS5tv62OI +gfIVi3MR7U88yIuXpe0B2qWUupRC/L4xweB2o04hT4XFtYNaMO1nmGUN1n6wiXPd +6wbCX/NBAx1F1OyNw24SU52XakyYuUDwK+Ekz4iQdWwgemicu0Go3QhuvD5KHWRf +SwRyOR+sNIkAEQEAAbQoUGF0cmljayBBbGxhZXJ0IDxwYXRyaWNrYWxsYWVydEBw +aHAubmV0PokCZQQTAQgAOBYhBPH2kiOPvBZm5aXM1Bmfnf72/7r9BQJgZaKdAhsD +BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAACEJEBmfnf72/7r9FiEE8faSI4+8Fmbl +pczUGZ+d/vb/uv3C6BAAm4xcCydOTabgSx1rVHroho7HeGazj2FO2gnddOQ4/TP9 +jz3rqYnRmn+2OGh/viNHA34Sj1HRVzham5d0vplo6bpqVziFixP7Xds7WE0RcU/v +Q4XeyK2EdpzzBKF1660F1cZb8NxHybsJc6w1Z1ACVticJveC3bNOngNOvGZhU/hi +m0GxAFC1pOoeU7QrRQagcSSqTk9ts565S+8EDJ5IS+KyU7F5IJBqQFcVVE4qiN33 +RBuLpcWU29lbM+AEeytVEq6imCI2p80ArP+fmu6FlwjhIp2eLvOa/0IuIE7w/+qr +O1r1a/nbPrr0yA9Ex84MmvtD2kboBkICb32goJRK1f9p0oYGd+7SbH+/RsjIrthJ +an/yXiKiK6UGzTjF5nVL1PqcwQavLyTaqUStwYjn0MBHTxo4Bsqz/jZbvQSjF6nH +ynBLwpLIJ9MK4XvxsN3Fe/e661hv4DUCIeym756yMmxyBxc1E9iu5AUENRDRpTNW +uext49fqLVldiQ9RNJGzoe70rywlD6avl1MRp7byzMPF832Y+qU0ZuwpzbUKxfA4 +mFQiBTprfaC1nvGriD8D0NgdjWNI+EqLarkkxtyRDarOuXXvNeFUhIRw9N5tDRBy +7dhLbj6T+YCogYKuVKcW0s5/ow9O0vwml5b1+K7Kzaylv+keGqaUJ69t1rwJS0u5 +Ag0EYGWinQEQAMtkmceUjt18RD62FYost0ul3QxkE66AKpaNh1R8vz05jrRbYLcu +vOB97COI0vEHPC+qaARjJBRG2VXujTgslW3I7UHZvtlBhCgLqC74pXnP7zDUQ6zo +b4wg11r9DJ2NCTzKYKGCAZ0e1a0bNNnkrWOz57zAmCQXTSf1gLGSTP6MkIrUvvDv +e+1i9LSph5rVRXGYYb5wGx9D0ZvB5GXpO9KOWYu2XubqHVykYNCufLKn/Kt840tv +LW1DfaUyF8fT1cA8eklYJ+G/12i+Ace1vgquhqPzZQBnPYl7ZGftImIAIu97NYQV +NkxYKWe2UeochW2Zqye3OHPOAroTUgfrsOBZHebzaegumZtiUcA4uY0Gw5hEZ185 +Abbwvbk/cetZX0A+KTB08eDj/S0ouA3OEHrI7p2Pkez9hGwkPQmf1f5wI1qw/lVM +s4WxkPgnWLyNPxuuV/9/fruo617doUA9Crs4Vg++kVj9zQnQPp5vcUcLF96NVAvh +hXhuDcc5QbKdR4EbAeDJAnD8tjQt0J6OiTKVBmvsOPwfiXdvrHzlSElIpGgiKf5z +xpeIjv/YIlsUMAi/eyi/IywCFL4bKe3EiliagCXSOupEKvoJYJoWXVOOHfGsn6lE +JKRNWr04BIdSoBvnfYHdO34MnPCuV/iq1AMXPujuU8ZcyfFgtb8oRrtBABEBAAGJ +Ak0EGAEIACAWIQTx9pIjj7wWZuWlzNQZn53+9v+6/QUCYGWinQIbDAAhCRAZn53+ +9v+6/RYhBPH2kiOPvBZm5aXM1Bmfnf72/7r9xy8P/RFdvt2gtzpiKV6RlwSq2+8K +uCj9kNt1rW2NFulAbIvL0n3CEh0PsbuVKgYgtJ3xTXyAIvs9mr3q0arvkIPLz27S +8j4hDVZ6ZGV+sFlvmqRI4Y7Ziv9VhXHGNlu1iIzjhonKt6GEDcwK/DPI/buJyUfs +3RexeAk4XWncBUR+5ceEBVJtHe2Qs97uixcrINSBQK68kg8tKCUKo8eyb3ldyHw+ +lRclF6Y+kWew8iWoMq7+98isMxm2cQUGiD9p+MDqyqYLxfYFMoXpOK/worLR2K+T +CyZ0Cr5Z7S+SQgyrU8xzZSQMu/wO6OkXhNcy8Fc7cBago8M23ovvMxR3Ka2jlMgg +D1awhuf5oZN9t9J+UmWGXMnnefLOX/H26QVpvCnuOMXpXKHspgxATqhvXolZOj4B +ljea8qhRfDqPAaidoGM2S5H0Sb8jKNcPHS2Iopo091WHxODylwY23eyyugQpaout +SNaWuyj/5A94fYaXn42NBhIhxA5xij8wa6KKQD0Ym7Tzz4iAnxuZOIWAy6r9ksC5 +DqCSlkFBcA3aFUiRXofkgnCnyVvJ/wYbSoEKT1VrTf49mOFku799v0TNWaHJf3lw +Q1g1QTtBdCmWwlmpyGwFuOBATfwNaJkpPu7JGFlQJQPeH1kixijrc2tA2gD7GTP2 +25v7hxdBXqImL8ap4FNymQINBFz/qPEBEADrf32izstZbS3xXCESaNKP7UvXhHKH +zVA8QzXk/UOtRdqDF4u7sUaZ5ybuvf/QIDebqzOGki/2pnyJ+TUpk9iQpBR4XEm9 ++u1F9x8N7DVienhqeyXj6MBG/ToZ07CQbsSLJWS1I/J/SEaotrJ5CGaoOXZzE8m4 +87wk5IMhKCTfetT3j9AFYDZFEtIm0Hcxm6lj1npG9gyzDJFtxgpZCWpnT2JnggOp +546mX9i4hYQKX/31ukQSioUP202Wlpj6YPLaKFPpFZ77i559tJZ8USPGkZ37HVxw +IoqpWJiCASXRvD5LrRFpL7nEQ4b3Ce5GtVGdV70RtNjDb7Ex0OwFoWXSq8s9j/ro +F94P6JmkD903YGuw4staTsIn3IKCgfEvXzkYwttA3LrztsJ5VQYMgEXno4rMYEDt +smJbpn5dWRVfXqWL3TxMGcvLoMi1gipgWZKAYIBi+ICayrW/91U512l0DMNbhF8f +kWsE2ilgz3YWzAXw20M35Wy3BYBRADYgNfd9jA+KYhX7Ebx5uBUAvLudaQB2wUY+ +hmRQlr7HkufxZQ4XfuQxs22F3+4F6XJ4NnYxTr8Rv7PngY5aKOfDaXtueVPKxq0n +zyXR17OY3Q5DxifdJoOMwo1Wz6SJ+pWUCFKKnf94gDj/c/cGn9Fa1qTM32dX99RV +aBzqG7oXMzqjNwARAQABtCVEZXJpY2sgUmV0aGFucyA8Z3BnQGRlcmlja3JldGhh +bnMubmw+iQJUBBMBCgA+FiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAlz/qXkCGwMF +CRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkQ3rRvU+oxI1BQ//aZ7S +/EAFeuqf25Sv/T0LP4daKjtbdv3TVqUPVqYgpLhbxwqzW817mocRAofk138uVgq7 +Iq5qApYqt8sbt2C40ARULJrfNSoWJPvXKHsEPxK+9RROqClN63h8dbyyv6shiC+t +dRU+tvhTkO/NV8w4EE7VAEUzVlLonsDwR5WabLKxhzfoI+hhv8IHrIx7sbWmcT22 +qigDiGIfB+tve31N5LMohspNy4e0aBrEiiyn97f94VlSLTM9UBAosEDWudQd6NVv +1wBFlBIgWksFtRoYYElKM25qWhA5Y+ccK5PL3IXr74HhOgtYsHmv2dC7vRx2h3bW +0u2nYEymvIqKSk3o4irkqmPra4AYO7lv+WGFtBXm2nmDFpuEjJ+gKcsLokwfBWym +kgbVewO1wzghoWXduXk6XT4bS+42u7bV73J0YwdHXneE+Xl+zNYKRZCEdfDvbz68 +hlfgoje4tukksMdZjxAavAamo8xyo5tx6mSyR6OkplfYm3JyiI6We24xZ8suYvtL +46ZicWQ7LwbRNy0PjnAuV9a0kPNGvantMNhxDegd/Q5AwcBDipQlctjLGU+Nrg9a +IxXHkj2Eu1d8niSsor8UlANxwV6AFHy+FBWhDRYWi39XOjWq7jzx/TDS0AkN/Xr7 +DxYWFichvB+d0YyB+7+eQBn80CQP9sC6X00YoFy0JURlcmljayBSZXRoYW5zIChQ +SFApIDxkZXJpY2tAcGhwLm5ldD6JAlQEEwEKAD4WIQRaUogHgfdVYIv4FfyRDetG +9T6jEgUCXP+paQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCR +DetG9T6jEnHOEADHxMYv4hpNgTMQgJSTbAFMhKhIy6gXl5lTjHdm+IDrJYbU4uf3 +y4t4IaMYIwWnX84UZl8J79ABWPv94FnM+e9WPsmRSs+3gSlTRc6lVqf1xWH1jN2z +rYdDX1ZEk6cxg7vHNlx6amZSxnmgAaK9GwnjZSG8eLjT1P9mlF3I62JZeZ0FchEr +0bc64sGFyG8UiEBuN9hsUP6BXN0ZOFTrEdcB+cugW7LNgilfOCsNh2Z+SyQuZN3i +Z4qgVXBwGc9ZfFQnPUc3E8Ij91jwNSZaOqdvioFT4mcurXpSa8QbZN3GkqK9ygkf +mVohWcARrYDdqezDtZTnIXuflv08f3EWw8mlxRzv6tzYXcPp5jxZj61JLPIrG5Fg +XuEV5GJ/BJKM4wOnnSSBRHZ//mAZEPysNIpO0ar2lUNe0g+3bESdj9Ifo7wya6ya +Tz9tLrW3oc+MRkEY470uthtUFwcJkAdHNa4VMhp3KH6rffR9eUJgdocBmI3nlMQO +hyPVfGWGItzJEbAO0ydzYg6MlSPLEBfAXBWpU4YIW2infe2PhMIqYwP41J4taYKY +MuPzW3iv347YDYDwCEQwEILub03oOUN0Yx47LN0NNROn1x1uctFzaok2TxDcLj8U +jzZKgm04TRu68D0l/PkYRT5X9kS4yP5hhELPq3eIUhIKPFaVRMgfkbDkDbQoRGVy +aWNrIFJldGhhbnMgPGRlcmlja0BkZXJpY2tyZXRoYW5zLm5sPokCVAQTAQoAPhYh +BFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6jxAhsDBQkSzAMABQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJEJEN60b1PqMSjbIP/082yk0qOIarS7sIHFjhesVdg3MZ +VQlRDGcJmTmj4rXOlTlUJXxeNcGt6HBJ7/XuEBqSX7mP6oW3+ms5E8d1c/IrIj5I +z86a5z7UCM5Tc48CnCulfQCxgx0OLkG2leInxEYE0Swok36EKKSk2RRdWVuW69zK +0Jf+N7hNucl1EUVIkJ0/VhcDOtVtcJUVaBNTmDlLA8SkPGz1DO+CDfk8b9TlCIVJ +MI0KiRPUd1/5LZr6HmfFKeqbZWfzQ3I0HL3LiQEEKRTXw3NH3pxbGJxyyFHypL7t +ODUQgEUWeF5mRHYxC6R/EIeWJfjSkaKnIcTkp/yG5iA1GIex91gh/NhDHyV+/BE2 +rfxCsyKEh9wFl+XrPT3onoCPpeIDlWpwoN0PSBXDvsoKRHLMG0a3qRKpK0X0lgT1 +GMFvfvmo+y8JWFb9qWlJydG0nNXK0NP3F6p7kXRXr8aE2+eWAGjcjan7feANvlNA +4XCiJ1XjqVeUBijSwBtck/D1lmscTrrUdD1PkIu0n5xp0hNffrfxJzpdyx1sP66l +TZXWmJD2BS+AI11gaNxgxdN97iXvH7qm2ETSVvu76r+fLNOjN7PTGgJbKAwmURNB +cqezoSeEyLemEC5SeGyjd9YC/C06Adb1Bov6vHmelp3fAbJGj3GpOasT8SXwWAAt +djZd+CAf/NCEjA0htDFEZXJpY2sgUmV0aGFucyAoR2l0SHViKSA8Z2l0aHViQGRl +cmlja3JldGhhbnMubmw+iQJUBBMBCgA+FiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIF +Alz/qVYCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkQ3rRvU+ +oxKNZRAAsZY0CFie5NMAigq3A+wNpvqQlXdNwFqIPl7NddhfVYUQoy4t6diQIjNG +5Y4WRlHxGvyImPu+II9ZXlueKJywo2rgB/xgherxCdqbfSBKQej6ManNlicN0UNq +NhrHvBUozFSY+wLpGF8STQkAVeGiqsU6uy5TD5sELgs68XN25+ZLySUmriSulh/W +SnkJbr8MvfxhGuaGrl2PKK4DyIk+3KXFxH61dKbIa2CW0KIdLgR047IbSE6x+Qc+ +ogp3lNvsn6kwaKYKn/1hXU0g1sWlYgbekXqyikwtTlgeHRartKB8NWaS4/FRoQKF +NXNL3LqTcPCFbtlGlxLH2ENHBocXD95O5J00f/sKlcqvSj/7O6+r6CkAds8fUZ+K +Sg0HzuVJ19R0z3lBO95CNL7ogVtBH/mkIQCtpn3sQ/TYDajjmefZtX+A69lGqo+4 +llDysnSvKp/FFaP9xEqu236T+fR0pBcm3/SDmz4hWAgceh7mG3OxfKO/F+lIv6+6 +3xh+2vyXILMaoVRlpfnOmyDCnLgUx/3e209iJC4b+lUPh1LFzfjvEvTesH7QXpgi +/pIMq4D1jL1uPbFG4lvlaYCVvrurATu6sa+ACQxezd15UxYnWgfkoHW3XmY5Tca6 +d3+rdY7bUZCPuV4AuXhxX6gNcj7fPWJ0gwRZBZqhjalPs+dTDmu5Ag0EXP+o8QEQ +ALBYdrsq0S3HYoqCF6X3IvAvHjgtGe4pYuMY2seqMjLpFJYFw4pVSd7C2XOvy6AA +ATeoxe0Z3e8IukS2oMnhGCEGtX1hUsCuv1trhyWZKCvWIMpkTjGNHvWuTARytAD0 +ipp9o5CZPOP8wmgStg41q3nsJ8CtCz5J3hJgnItNn7od1JlXIzm0OiiiiROhlqr8 +UdDWAq1BW4iQzvbb0lpWj7jFCfw36dAKwq9uX/0BPFejHOx/ZTEOw45b4yL2oCZI +N0OkYixaQWa9mdE8+ctdGRCIJyrvTdm38DlqR7gk8tXdlW+/OG8DftDPxgTw+536 +NMtu9np4qH9fddiRQaO1sNQ99jrUdNuIspwNiYRu0P1s9r2B4+E09dVylUp36v1R +AkD46yS3nNs2c7HUkI0gconyzaWXrYbgFxLvoGc9LMK0a4OdbTXE+PxDmoQfAFyk +q9aPixHHoNLGGJ54ybcVnZJwJqvPa81jeyYMlJzaU5ZiUWBDDDOoCzGoDstvlWZi +5JEooRYHxedDatygBpS4KbypT/N9r/Kf3t5lr1Uowxf1fu1wwC5hEPR8SZL3ON5f +riH/61l1CdSrYm22HPioic2z+VJJiEJMLkf0Vn2EV7lfsuJidPCzmjpNd6O1fEi1 +pgX/gu12yr9tPmAj882o/76JNAWMsNRSgblLdTz/rfX5ABEBAAGJAjwEGAEKACYW +IQRaUogHgfdVYIv4FfyRDetG9T6jEgUCXP+o8QIbDAUJEswDAAAKCRCRDetG9T6j +EhaaD/wIcZXviioqs1/Su5RodZ+bUuT778ICnq5Jl4w6QlJP/g2Xl/Y7do8DtdWT +h1q+8cDcitLTncszvFRRvQWdqsoyUqD//d/om29q96B7rN8beqP+zp9L/wSChmRL +ezLAYdjPLb32yBkrHt4X+mRWP+iWAND8ymQzmxykOFjWseO+FxHywszw7kOQ5/JN +oSJG6mExEX0bbWm7eQg9/gL/i0w3ROY0HN370vqfiJCihWzHMCiGOUhCXoOOcYzl +Tsije59CoK4Y6Ek10w9u5of9m0vGGeu7WRmIdOg+gZEMBbxh2MGdgiWNbvdEo+Ay +mQiIvnoNdKxvzuooEtndoGSNk7Y3FPcZQ9sIBhD9vklDQ567bBt9gNnyWv6sBMQP +/1nqauY8+CZWD4SZelfdvIGV8u9a6SdlCAQXJkSJBQ1aw9fUwv5VdRL1WQdieBno +8NI9EQ/6s39fCw1oIqDvoPHdVzGr7Q2P1zqoQ+iILh5AZruJJzvKUexiVD2ouvBI +FeY6gZKcWSlOjISLfdIDYWpmosi8bX7PuyqJOJZtN2NnwZKEDBkMOexs1TG571iJ +gU1TASQmFzGQClrAaE21aRsO1Ou9FEAdnnwIwMxG+lop8ZykX5GXJG6ZOUQKGmL6 +81fdTKivatoPXZiiUhQZuNV2Pe9hGTB2+hDdxkmllksfJP2cNZkCDQRbFwdCARAA +mtjIL8oojOmXOQq25zqMKlRPYsyi8W9Qen450Iw34rVKC94GHGweArXR/H0qLVS+ +jZaOFQDDWt5CT+DTrCK6wlbRtnZbmspApQ8kfYksQlxV0kBV2ra8ZN2xU2S+Jrw7 +RdfM3S0ZvaO7KNfUc9dQnmNEGyI+uml4rr40SLNCaPhZgEXrB+wRqUl1DyDudJHi +n2wd2i0j7q6DqHFK1yMr/DAUtGqljBlAsNtElVUwMBchUuaaDwI/hVqsiwX48S/2 +KgIRpPbLKcVVhKGZtTZeZQlKVq1doeFLf8LoiQq05Zl1TZnZiDQ7IBSyyKRdgNXx +s052VKr7SDP7HCaCUoZjAzGzVL4K1KdLBu7CYu83ZUxFYMI3gIthF7OaQ1bTdTY5 +dHGswTqqWTzZU1wuOkmdzUBVYEX9aLgr6wbfZ766hNru9kPinliZ+AxHB7exrooI +2Bu5+KfmJ0i20cH9k5l3Igy/EyoQGSOAI4cCssMUsx4x7fri4G3tzYwsI8fr6/nz +hF2s7P5iXwC8qDf6LNfqXBcTZWsL/p+ReVbtnT6ARLxiY1376yLkk6MMapCEnqH+ +v25lUYtiTUumATGAfEaEbVZchIisYF3SSoV2QdgAiBNn3b2Ct2/i0WnPj6tIHFMG +XB08Iqx6WRfdvRLmFKoAazIUv9RP6XuHm+Uu9Ml7pbkAEQEAAbQhQ2hyaXN0b3Bo +IE0uIEJlY2tlciA8Y21iQHBocC5uZXQ+iQJUBBMBCAA+FiEEy69p8XOg/qS1N/Rw +1myVkxGLzLYFAlsXB0ICGwMFCQeEzgAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA +CgkQ1myVkxGLzLajgw//Xi9d4s0I022eGluSdFRVes5FwpmwNPJMcvHgEm9p70Ow +HQaXMYjjGWRYVdFb2jX/fEb+wemDWFDajmoAo83wgAkFGb479xvJjFfkmjDLWX6+ +Km33dlL2H4vacRaT6EFPqGd/be7mmjkko8IRaACpnEKcWK8/n9JM0P0Jnl9eVMxc +ZhGZ6Ej+4ZDWTypcwtUIbvmYzEhu1dWeXQ0iir+adPyQ1azbLXsQqtuFfq0pV07O +xAhJnUI3T5Il5it8KO+VWcIVBL/Abc5+Z+xcgy1dHTawt9+FqLniMgz8Od1oauw3 +FrIapJwxUyeGRTxOTUz3Z/CmHcloyVPuaKT5+d1aRBm0oC672PsI2YWF3X1Qo9vH +4WksgRxxjKfSOHRGeBzwmzdmEgCNoI2lKMlMi5Zw3BF2SzSEdK6+wrfYL5ilqQXU +bs5ZYVJLL+ntUZc1HpH+xmCfugLSp33ngEbJoyHGYzt97OFwVgJI0bkP6MbZGLkq +1wUly7Di0pcPFPXCDSmaTS0sf5k0/DfTtZ3OuOqnPlOtjMtOLJzFuX66jhu0p7vj +auW5JdVqrHltWnHqjWLjaUZ68KOr+fqgFszvyfyBNzi8+t0+NFg42+JOmU2KkuiX +juGs8bbJqSh7Q+pgoUubsLMdsvrhrdkIr0r9da2Hw5QlsNQZZEedVnm2nFCphHa5 +Ag0EWxcHQgEQAMNbPSMrGHLsBE/wrfy8HBqMkZNvCK7KJQ2b9KEJaGa78mAQJCgo +lruB38OnNmCOQD/t9MUasX/8AfwIraRf/1MOeQuyOxPRaWbrow60zLPgdiROMkcc +WpBSDKhWFTbEUCnaydWBkt1XvJKjP763e32VK7x9RTOp1/Tu59f4DgdfOAjr/YD7 +HO9u+RZj+PXxcTYwTXfGIFeK11kapUssPTaL85ppAdiLU8RqV8uda0wE+7mhB37Z +VO3ptiwQ4+MI5h9dfDtRO8a05c4cTnC3SZkHbzIG/yhmOw2lrfoUdb3Q77woYGav +PlflzQy6KUCet8Z0VpTVydIV4bIQZ1+wbYXPA8v298hVfXh/3YnNyml/CU6Ob+/M +42M4Tb8ZsA5oIb2mk/fvJ8aaxJ+0u7gykGypKQoH9CUadzA/23DD6zB7XsNYwqa2 +boLS5Jvd1tNv9A13NYQTPllgBTgCrxjVJzxBGWpKBEuYGy999fi9CyDvSvSSGncC +uL+1wECRaeeSQ6DXE8HT8MYSE7MQgKGMia0uCEiRhd5VYlx9xHh8+sRyzftXw9HR +ZYqziA0QrLucF6VwHgR8+MRcRiOIBcLPMXkJqhji6hvlFe286nbRe/r62E8oUCG4 +N09cvE4Ytgnn+6GTuUSUSFNpDs+rFGwJxYO1/g5kSE6XVqDYbdMRfH/xABEBAAGJ +AjwEGAEIACYWIQTLr2nxc6D+pLU39HDWbJWTEYvMtgUCWxcHQgIbDAUJB4TOAAAK +CRDWbJWTEYvMtnAHD/46yHW8IAeIVRqRDZU9fMd7XBhtk8ts37xqzw7+kX9ToPPA +7hApTGPBsysgWza3Q65yV0WAlSM0fFCYpJ16rjH402Fxl6ChtjwIgR2xaxeV7iNm +6SoM/7zfFsfTPoBZkjca5G80JWDco3hFEgUI6YGR1+aIYxdmrS1CAVZgVn6jdHsU ++3R5nVWbfhOIbnNFzJl9apZm2ajD3I9gJxXRd9vsfzkfd/cznG16v0tfFt/Rdd0+ +eVbBnDuK42AyOC2NRtaKJ0T8pFULERQbMBHDuRXXYRgRIDXfPU9gVjmfZ69pfDSM +KQMkq0En/YeOQvuu40OQo61H/X/wPpv/K4odlBeYucnfv3XI602cfTriUAsN7Jla +ituVJPJuUFmYKzDYsqrQ7JcTM+RjorA9YjShc5zY5KNxhMQhpcw5gAK5tDUB5KiX +1xBTvOsiwJGgM3qEjoQ1JWy6S3wFNG4icfEUjCuax3TREywR21GN+ea++ksHhh5b +togKiMRDhL1F5zkeFuNtLstw0ZUGODCHkS4DSpBa2N3xw6LdIeUq72nu+BNqLC6F +ofeSbo227LjFRK64MDv9YcrFY5pHYlNlD5B9RQf4kB8z9BRgruUkAfu/gNoKtoQU +k0M7aoD8coKxy4W8wVcpnJ/ciXfeiZ8FXuXdQa8RZcXHwwxvxgRqlQfDLLn5o5kD +LgRPZqmgEQgAhUqnBpjbp5I0ELt1/sl505hXhJLzOCV2UzgXUfGhHrzRpphRH8r4 +2g41ovYXMKeBP5WLQvj+1bFYzNTkl/XqtIwv5Ri9GckV3pPpjctJ+R9TUrk6X/WN +fCzKoXOBvkVPi3DYmfStAybjjrzSz8Vuzh2YLsW98HSj1zVWto8kXyQCptrmiSTE +9Zk5hU/WtEPEiq/plK6yZLhtB9qOks6yrfFsKIp7dXoeu81bCWibUBXIZxGZ5WsC +HKj9sguJyxkdzJLm6MMaBAWAmXrdfGh1VUW76RtkLaG/C7uca7Bm5l8pk5B03ab5 +H3CRQA2vDMzi/dMzsV8Gxn2yGTpYeRJ/IwEAl5X58dnkC9wUlv+lwDWudXW1ohKd +XdQQJKRirWb5ZNEH/jPVgIvvWlzHt8T+ZK8bYJ0TVH9ljemXctjMS9UUSQhW8rS4 +ZdK6JwuPQbBmFRrIXRB/MYQW4iDiSrlWfw05fWxJuz/XOwgu4iclQpIVAIaLh+sc +2UDS0fkVPkHm2M18qVX5ffUJOxHTJq/1gGQhy7r2p8qnqQuRAbGt1ZwH0HpkjaAX +hgSlli4jrD470u9vstc+EVDAH1x5+Jf7BTLfM7e/++AJiT8GarleNaeJjztdlePs +T8nOkbAfOLH7JNkFYr1PMPAJLxkHmI16M+yMGqPefn1rXlc2d+ikUL1HJD/KRox5 +Q15x8SdByNSP5DgWUo8EcFH9HXe98unqz4Wy5PoH/jXSNx/ShiQcxuf61clisFHk +PXebneI0yUZEBrwD+aYO+rxGvXaIG6XuFuWftAX24iUp0JkFkh4mXXY/7d96bW7q +eOApOmU4HZZhWDCxdYUeOzyGUwyhERLimBnIv76vLJ2bxCT/WAsP07Yh3DHazCnG +P/i6fJUDtBhyzwfYJVYZwtHW+pdV6YNQjCPP0aMwTHIo99BIAE4IAv8ts24qgBaE +vRTfZ1z23uKYUragARMnmfp17nbez1GE41YHK6qPGx2QorAaG1guzpyslM8Vcc1H +rj5CH5mbs5C2jMNjHEHb8MLDb0NA82iz99HNV7Jv+xCGCXDlqc5VSeUK3ZhNPwW0 +MlN0YW5pc2xhdiBNYWx5c2hldiAoUEhQIGtleSkgPHNtYWx5c2hldkBnbWFpbC5j +b20+iHoEExEIACIFAk9mqrQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ +EC95VrxdoEtdlzMA/R7kSKJUsCCu+7vBGOOtctrurG19+p+f7qPyw0LsaIt7AP9D +L6Z78zob/SLn777GRI9xO4t4fog+euPGDMH0xQoo/rQrU3RhbmlzbGF2IE1hbHlz +aGV2IChQSFAga2V5KSA8c3Rhc0BwaHAubmV0Poh6BBMRCAAiBQJPZqmgAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAveVa8XaBLXYXbAP9akG+UWW4ej5SF +XhwhRQt3zL8uesCdSgtJJ4aYcmXXBgD/W0BYVhm8cpRZ+8Zp2ydm6WvtGH80VsG4 +JniEqGSLUNW0NVN0YW5pc2xhdiBNYWx5c2hldiAoUEhQIGtleSkgPHNtYWx5c2hl +dkBzdWdhcmNybS5jb20+iHoEExEIACIFAk9mqp0CGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJEC95VrxdoEtda6EA/0v39zO2IAoWjPEgLe/YgD7y4nqZVAYG +ILjiYx3NekANAPwJtJoypjat1uT9LgP7wfpYghHDC3XGYjiLDSOOHh4+T7kCDQRP +ZqmgEAgA32TzKY2ZJBmY9wWP+wKaC6uJsKs24fgqS18DZ9tLRTb0l32/EXXl71RG ++0nMflvamKYmrp9olyYAlR/H4KWaUfOerpU9aurghvvgl7mxL4qf3iZGZfd//OId +OCkCcLIDqwIdDptznj0Z/D6/vvtCzUtBC/Ll/2B3kzhjp55k6mE3skgVRXaL+i+J +nqXXX43pInCkKoS+5mYf8bqtvSYo09LjTV/L+Lw1kA7uXZQHHXfrgd4HFzA/z4Ip +w9dc6fusLa1gpv/sgaqbw8F0F+TxlJ8L20X5ewMtzJsJqF4nnGTINHcE0nO3tJYQ +eBxkR2XQTCQeKx1FRnc6royv3LTr6wADBQf9FLW++kHurAjJR8VQJnhP326Oz4tO +W7Wf8dNa+u3R32jEj9K4giiezNDlvowF7bvfs/wVZ2IrFuu1ln8ZdnEubWQ4Ih4C +QEV1lDju9vrEnBz/CkJk5dc9eoMim8GN0psgZMHKTi9+Z4VFjS8vd7Mj6GOrGVE4 +pK9m2WLpBw0N91wT7OHujG1in7GvamlZp5Thd5OVKgoY7rXx2hGuEO1T+MASKaYR +wYvTCNeqCSM8wT2xpdrqHnY8ImekHkGZ0rjlWGcVNnd5UQPD67XxTdVUpaRJv1XA +L7Ynh1GFhzdMDrvnKd0pa+VyVTY04yYZdvEpYpzDBOeJigBn9i3a/3UcF4hhBBgR +CAAJBQJPZqmgAhsMAAoJEC95VrxdoEtduhEA/1VXdxYIyyoJQpUUD83X1POO7agy +uMyY25kb+byy8KBNAPsG60LO41RlNza0tACJeb1JnsKadgSs0pHqctt51pno8JkC +DQRetvQuARAA5fzuO7R32WqemNz8HyPf+MHv0w8CS6gT/IzM9wB/LOXvK1hyCMFy +WqNTVhZHeFZ0kojRDHn35KzVqcgm469OjRJpqePRglKUMIU9Q7kLvC4SqHj4SBpw +CLLbctS26cpUn0xDu35O0p5GKMjzgornxFwzi6QcfBsJv3DDWYRSNOVwkEn+fvSI +2hMYoYJnXwinIW8rxq1J/WO3ruT2FLbBLtUk2rDc6ubrEkOoaLd8wW1aD0SvGu02 +Qgxias76h9GyKVRylSsQPK/ZD8U2+I5UT0FfNVUnvPE4LCMw0nhqjoTOTQ05lTfq +q/QGDwHchY3prFYzBRC9+HRIDNlQbF/O6tobzpGPXPbU8nAnFABMhGERF+bXXwQB +XHA//HPQ3CuvTjgfHRaLyZfqqLQHl3Wt/TxUBSgn8GGvst9umNuLTPia/BmH7J1G +ujAOh9/6DQgBqbNFWZwVUXI50szaIz3PXQOzp0++LpBW9Mxl+sTeXUwikVv5i455 +TkBAVuXSyjYdpY/VMxv/SlCOFeH1bBI5/CMbVDISJuzgLFIxsnZPA9gs2j1BBmcF +08w8FR9rQmRqHD42fO0eMQ2wduyv+JzVm+Lse5pRMIrObWgZ6IiogFe0fxatCxCU +BaIl0S+7ZiQoDKPFQ4P2t4vhrw1sa97Ux40LVPiidfk6on90Kyed3X0AEQEAAbQ4 +R2FicmllbCBDYXJ1c28gKFJlbGVhc2UgTWFuYWdlcikgPGNhcnVzb2dhYnJpZWxA +cGhwLm5ldD6JAlQEEwEIAD4WIQS/3dKGQoJPgRjvd5CbZ6XBIikRjwUCXrb0LgIb +AwUJB4TOAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCbZ6XBIikRj3dhEACi +t6Tw10jGR6AMFdKtVVHTADcWxPu0xPblxUMelXQ2cZWhFhFBbrmuNbvM8Aod7+he +Tow65VsKD0av3Oclr8qVAeyLQey/7r7DqsulfDxpB+KR8WAshU4Qtjr8yhVxqja8 +Re9DSAM+jckpUD5buUytj6wtTIlzDD3IjXXzWoElGUCnnDDIo+Ko0TEcqXFGSUxJ +Hq+AkehwvuFJZwY+lKYoyqrmhmTAHveaESS1cAjrIS4B44oTHtdqsF9Z43gEKj0E +eCmeyVHmmODNaMpscrmT5cFLQCkqLh0O7O4Nyh2qEiGpSGsWPTgsbOdh+ctrshW6 +6kg1Vj4df84F335ruoQf6EXsg4YXB+O/nE4J9t3MPOne/gbqaW7NOYPEHI21r9Pf +SEW1aYqypjkU/uKnV43r/8O+FmVBVyluzxYR6K+jwFG9swHLq1b+EUyFbEQ+sD6L +1CoJG3SXl/b2ya2cnIJxk+LcC+1kjyor5+AWASKdvP42c5djrYksmX/4a5xKhafH +2uA4lvZkQNxMW43wkKjhjE8C8AJI+JvgIXTeecWEC7I/+qc9wMrAUaEtRP77cUiK +UQAJn91IYTKUZCpNJgOX+DLEKkeyWdm3p/ZPxkx3h+6rKs29ZPqxMBGPBfdUILAc +0+czuKT0NayBkzeAgWu0HCR933N4va2DGALblZaQlLkCDQRetvQuARAA3VrQstsn +58o0gWrDGyM0zlflh3I9AySQzSYxnMuBkzPfIJJQXD9lt8PpmpF+nG6B6Tf0zaXw +FEDx5ajROIUCrYd0P3JcF+qJZzUMUvRmRWAm1IzxzMTghfUQ43sFHCKfQGQ4KGf4 +8TQlYp2+uPKjptn33lgXI2QDcaVTFLKgCFqK88V+tKgoFRJdKJkGT0rN2tLmTvpm +WETvdV6PVLlcLP5KyqPpfrzeIOpNaWRdpQnwQCfC/5vzXM+aeN/GcBZjFr8eL68Z +bEOAOE/gSX5clIuNwQHkla3RrVSRIpeKDPsuRiJvWzT3WYiRM+w2a2yHlzaikYyh +Yl3Btm/KqAzdWquUIiQt0aJOGq+GHzmQqS+CDUGJyDR3TS+ZaXMngwWGRu3SlMtj +uGn5748XeBZ7L2KeapuLPnZdqDw9Bq/uik6LV9v3la+L8GQxnq/meaPHNAR74doX +hSNkbV8XBWnceyzZXYO9PZADPP8lXUCPRo0WjftUBV5sqqR2vE0JFBCDinrfSTAQ +iZHAlNhjy1U1SVVA9t1XCRgm92FeOxVcCk+jEGFTbRLmp6/EyIj/YWEQceCbk+ai +RJpeIOAgjsabixSCgCt6yW86bJ2lB4YpI5TmBnUxC298G91xBB9XWSWcJO1hAxX/ +qU1RcTH0uVfNpDf8CHQsLRdJX7wH3PP8DQUAEQEAAYkCPAQYAQgAJhYhBL/d0oZC +gk+BGO93kJtnpcEiKRGPBQJetvQuAhsMBQkHhM4AAAoJEJtnpcEiKRGPX68P/0oD +0S8d083IOTyNT91S89gqotxBMoDRwGkNy/343Rt9UWKMG3DwenKD7bdDRfEm7CmA +vs3vYcvEInOul8jK5xzmP335auHXCtup3KeQon2EzbiUyGPZkdo/jag3oC3i6csU +aHzRr5iQkWNPGH2M5G+2NelCPOr6P7yKxDmLvXJP1ZPN6wkGG2ssxVCuA40PkToB +L8i5QSM4e3cg24bYcUmnSNG12UFP1ksH7OhMkggwBFSpkZlOAX6t6FUixNd53t91 +aJ0wr0Yo31JT5wFZne9xvfuUOmHxsKZFv9oaVvLmEFTLorCtJcX9XpWzKpaJxxfO +330OrQF+5IT5UIpiMdOjLDiP2CeWtl0fY0zDJSCJwptzwYtvEZLq3NitLLYwP4Eg +tAP5yekaADIPaRtwSbqCEZYtNOLXVyi1yvS5cIuI9nBYbbzJyHH0fFe+81Q0Cu8N +KY/bq5mqj9ZkVi6RpoUuW1Chwjk8QCTHYrg37FvTLke3/wz5c07+3+kBH7IdY1Sl +lSBtnR26ObmE91UD1TnVzIcwK5w6XSw3T6g7bqt7t7RlOciaMXocHOA3kuEOZxyh +Piuk4UmqtbvuE4yG8hSSDmfhJ3rfBsHzwEqw9cXqZFQQ9we6/AuvmMATxBJbqwuG +mEBuHnsZd0W250Roq9BsZb3JqVjC6PtiKnlcka22 +=BHrR -----END PGP PUBLIC KEY BLOCK----- diff --git a/php-pcre1038.patch b/php-pcre1038.patch new file mode 100644 index 0000000..404db72 --- /dev/null +++ b/php-pcre1038.patch @@ -0,0 +1,27 @@ +From 56495ac031005f8b64e75c94e86ec942dd15aa74 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 21 Oct 2021 10:38:16 +0200 +Subject: [PATCH] fix for pcre2 10.38 + +--- + ext/pcre/php_pcre.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c +index 19ea92713875..9d01b328228d 100644 +--- a/ext/pcre/php_pcre.c ++++ b/ext/pcre/php_pcre.c +@@ -169,7 +169,13 @@ static void php_pcre_free(void *block, void *data) + pefree(block, 1); + }/*}}}*/ + ++#ifdef PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK ++ /* pcre 10.38 needs PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK, disabled by default */ ++#define PHP_PCRE_DEFAULT_EXTRA_COPTIONS (PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL|PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK) ++#else + #define PHP_PCRE_DEFAULT_EXTRA_COPTIONS PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL ++#endif ++ + #define PHP_PCRE_PREALLOC_MDATA_SIZE 32 + + static void php_pcre_init_pcre2(uint8_t jit) @@ -1322,7 +1322,8 @@ session.cookie_domain = session.cookie_httponly = ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 session.cookie_samesite = @@ -1365,8 +1366,8 @@ session.gc_maxlifetime = 1440 ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm ; Check HTTP Referer to invalidate externally stored URLs containing ids. @@ -25,16 +25,14 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%if 0%{?rhel} == 6 -%ifarch x86_64 -%global oraclever 18.5 -%else -%global oraclever 18.3 -%endif -%global oraclelib 18.1 -%else -%global oraclever 19.5 +%ifarch aarch64 +%global oraclever 19.19 %global oraclelib 19.1 +%global oracledir 19.19 +%else +%global oraclever 21.13 +%global oraclelib 21.1 +%global oracledir 21 %endif # Build for LiteSpeed Web Server (LSAPI) @@ -60,15 +58,14 @@ %global with_sqlite3 1 -# until firebird available in EPEL -%if 0%{?rhel} == 8 -%global with_firebird 0 -%else -%global with_firebird 1 -%endif +%global with_firebird 1 # Build ZTS extension or only NTS +%ifarch x86_64 %global with_zts 1 +%else +%global with_zts 0 +%endif # Debuild build %global with_debug %{?_with_debug:1}%{!?_with_debug:0} @@ -120,13 +117,12 @@ %global db_devel libdb-devel %endif -%global upver 7.3.13 -#global rcver RC1 +%global upver 7.3.33 Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 13%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -171,24 +167,48 @@ Patch9: php-7.0.7-curl.patch # Functional changes Patch40: php-7.2.4-dlopen.patch -Patch42: php-7.3.3-systzdata-v18.patch +Patch42: php-7.3.3-systzdata-v19.patch # See http://bugs.php.net/53436 Patch43: php-7.3.0-phpize.patch # Use -lldap_r for OpenLDAP Patch45: php-7.2.3-ldap_r.patch -# Make php_config.h constant across builds -Patch46: php-7.2.4-fixheader.patch +# Make php_config.h constant across builds (from 7.4) +Patch46: php-7.3.20-fixheader.patch # drop "Configure command" from phpinfo output -Patch47: php-5.6.3-phpinfo.patch +# and add build system and provider (from 8.0) +Patch47: php-7.3.20-phpinfo.patch # backport PDOStatement::getColumnMeta from 7.4 Patch48: php-7.3.3-pdooci.patch +# backport FPM signals changes from 7.4 +# https://bugs.php.net/74083 master PHP-fpm is stopped on multiple reloads +Patch49: php-7.3.24-fpm.patch # RC Patch Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) +# Backported from 7.4.16 - opcache and pcre.jit +Patch100: php-bug80682.patch +# Backported from 7.4.18 - pdo_odbc +Patch101: php-bug80783.patch +# Backported from 7.4.26 for pcre >= 10.38 +Patch102: php-pcre1038.patch # Security fixes (200+) +Patch200: php-bug81719.patch +Patch201: php-bug81720.patch +Patch202: php-bug81727.patch +Patch203: php-bug81726.patch +Patch204: php-bug81738.patch +Patch205: php-bug81740.patch +Patch206: php-bug81744.patch +Patch207: php-bug81746.patch +Patch208: php-cve-2023-0662.patch +Patch209: php-cve-2023-3247.patch +Patch210: php-cve-2023-3823.patch +Patch211: php-cve-2023-3824.patch +Patch212: php-cve-2024-2756.patch +Patch213: php-cve-2024-3096.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -224,6 +244,7 @@ BuildRequires: bzip2 BuildRequires: perl BuildRequires: autoconf BuildRequires: automake +BuildRequires: make BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?dtsprefix}gcc-c++ BuildRequires: libtool @@ -317,7 +338,7 @@ Group: Development/Languages Summary: The interactive PHP debugger Requires: php-common%{?_isa} = %{version}-%{release} %if 0%{?rhel} -Obsoletes: php56u-dbg, php56w-dbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg +Obsoletes: php56u-dbg, php56w-phpdbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg Obsoletes: php73-dbg, php73w-phpdbg %endif %description dbg @@ -329,7 +350,6 @@ Group: Development/Languages Summary: PHP FastCGI Process Manager BuildRequires: libacl-devel Requires: php-common%{?_isa} = %{version}-%{release} -Requires(pre): /usr/sbin/useradd %if %{with_systemd} BuildRequires: systemd-devel %{?systemd_requires} @@ -350,6 +370,8 @@ Requires(pre): httpd-filesystem Requires: httpd-filesystem >= 2.4.10 # php engine for Apache httpd webserver Provides: php(httpd) +%else +Requires(pre): /usr/sbin/useradd %endif %if %{with_nginx} # for /etc/nginx ownership @@ -390,6 +412,12 @@ Summary: Common files for PHP # fileinfo is licensed under PHP version 3.0 # regex, libmagic are licensed under BSD License: PHP and BSD + +%if %{with_libpcre} +%global pcre2_buildver %(pkg-config --silence-errors --modversion libpcre2-8 2>/dev/null || echo 10.30) +Requires: pcre2%{?_isa} >= %{pcre2_buildver} +%endif + # ABI/API check - Arch specific Provides: php(api) = %{apiver}%{isasuffix} Provides: php(zend-abi) = %{zendver}%{isasuffix} @@ -449,6 +477,7 @@ Requires: php-cli%{?_isa} = %{version}-%{release} # always needed to build extension Requires: autoconf Requires: automake +Requires: make Requires: gcc Requires: gcc-c++ Requires: libtool @@ -720,7 +749,14 @@ Summary: A module for PHP applications that use OCI8 databases Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP +%ifarch aarch64 +BuildRequires: oracle-instantclient%{oraclever}-devel +# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. +Requires: libclntsh.so.%{oraclelib} +AutoReq: 0 +%else BuildRequires: oracle-instantclient-devel >= %{oraclever} +%endif Requires: php-pdo%{?_isa} = %{version}-%{release} Provides: php_database Provides: php-pdo_oci @@ -729,8 +765,6 @@ Obsoletes: php-pecl-oci8 <= %{oci8ver} Conflicts: php-pecl-oci8 > %{oci8ver} Provides: php-pecl(oci8) = %{oci8ver} Provides: php-pecl(oci8)%{?_isa} = %{oci8ver} -# Should requires libclntsh.so.18.3, but it's not provided by Oracle RPM. -AutoReq: 0 %if 0%{?rhel} Obsoletes: php53-oci8, php53u-oci8, php54-oci8, php54w-oci8, php55u-oci8, php55w-oci8, php56u-oci8, php56w-oci8 Obsoletes: php70u-oci8, php70w-oci8, php71u-oci8, php71w-oci8, php72u-oci8, php72w-oci8 @@ -745,13 +779,9 @@ The extension is linked with Oracle client libraries %{oraclever} (Oracle Instant Client). For details, see Oracle's note "Oracle Client / Server Interoperability Support" (ID 207303.1). -You must install libclntsh.so.%{oraclelib} to use this package, provided -in the database installation, or in the free Oracle Instant Client -available from Oracle. - -Notice: -- php-oci8 provides oci8 and pdo_oci extensions from php sources. -- php-pecl-oci8 only provides oci8 extension. +You must install libclntsh.so.%{oraclelib} to use this package, +provided by Oracle Instant Client RPM available from Oracle on: +https://www.oracle.com/database/technologies/instant-client/downloads.html Documentation is at http://php.net/oci8 and http://php.net/pdo_oci %endif @@ -826,8 +856,11 @@ Group: Development/Languages # ucgendat is licensed under OpenLDAP License: PHP and LGPLv2 and BSD and OpenLDAP %if %{with_onig} -# ensure we have soname 5 -BuildRequires: oniguruma-devel >= 6.8 +%if 0%{?rhel} +BuildRequires: oniguruma5php-devel +%else +BuildRequires: oniguruma-devel +%endif %else Provides: bundled(oniguruma) = 6.9.0 %endif @@ -855,12 +888,7 @@ License: PHP and BSD %endif Requires: php-common%{?_isa} = %{version}-%{release} %if %{with_libgd} -BuildRequires: gd-devel >= 2.1.1 -%if 0%{?fedora} <= 19 && 0%{?rhel} <= 7 -Requires: gd-last%{?_isa} >= 2.1.1 -%else -Requires: gd%{?_isa} >= 2.1.1 -%endif +BuildRequires: gd-devel >= 2.3.3 %else # Required to build the bundled GD library BuildRequires: libjpeg-devel @@ -1028,8 +1056,8 @@ Group: System Environment/Libraries # All files licensed under PHP version 3.01 License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -# Upstream requires 4.0, we require 50 to ensure use of libicu-last / libicu62 -BuildRequires: libicu-devel >= 50 +# Upstream requires 4.0, we require 69.1 to ensure use of libicu69 +BuildRequires: libicu-devel = 69.1 %if 0%{?rhel} Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl Obsoletes: php70u-intl, php70w-intl, php71u-intl, php71w-intl, php72u-intl, php72w-intl @@ -1137,42 +1165,60 @@ low-level PHP extension for the libsodium cryptographic library. %setup -q -n php-%{upver}%{?rcver} -%patch1 -p1 -b .mpmcheck -%patch5 -p1 -b .includedir -%patch6 -p1 -b .embed -%patch7 -p1 -b .recode -%patch8 -p1 -b .libdb +%patch -P1 -p1 -b .mpmcheck +%patch -P5 -p1 -b .includedir +%patch -P6 -p1 -b .embed +%patch -P7 -p1 -b .recode +%patch -P8 -p1 -b .libdb %if 0%{?rhel} -%patch9 -p1 -b .curltls +%patch -P9 -p1 -b .curltls %endif -%patch40 -p1 -b .dlopen +%patch -P40 -p1 -b .dlopen %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6 -%patch42 -p1 -b .systzdata +%patch -P42 -p1 -b .systzdata %endif -%patch43 -p1 -b .headers +%patch -P43 -p1 -b .headers %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 -%patch45 -p1 -b .ldap_r +%patch -P45 -p1 -b .ldap_r %endif -%patch46 -p1 -b .fixheader -%patch47 -p1 -b .phpinfo -%patch48 -p1 -b .pdooci +%patch -P46 -p1 -b .fixheader +%patch -P47 -p1 -b .phpinfo +%patch -P48 -p1 -b .pdooci +%patch -P49 -p1 -b .fpmsig -%patch91 -p1 -b .remi-oci8 +%patch -P91 -p1 -b .remi-oci8 # upstream patches +%patch -P100 -p1 -b .bug80682 +%patch -P101 -p1 -b .bug80783 +%patch -P102 -p1 -b .pcre1038 # security patches +%patch -P200 -p1 -b .bug81719 +%patch -P201 -p1 -b .bug81720 +%patch -P202 -p1 -b .bug81727 +%patch -P203 -p1 -b .bug81726 +%patch -P204 -p1 -b .bug81738 +%patch -P205 -p1 -b .bug81740 +%patch -P206 -p1 -b .bug81744 +%patch -P207 -p1 -b .bug81746 +%patch -P208 -p1 -b .cve0662 +%patch -P209 -p1 -b .cve3247 +%patch -P210 -p1 -b .cve3823 +%patch -P211 -p1 -b .cve3824 +%patch -P212 -p1 -b .cve2756 +%patch -P213 -p1 -b .cve3096 # Fixes for tests %if 0%{?fedora} >= 25 || 0%{?rhel} >= 6 -%patch300 -p1 -b .datetests +%patch -P300 -p1 -b .datetests %endif # WIP patch # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE %if ! %{with_libgd} cp ext/gd/libgd/README libgd_README @@ -1196,14 +1242,9 @@ mkdir build-cgi build-apache build-embedded \ # ----- Manage known as failed test ------- # affected by systzdata patch rm ext/date/tests/timezone_location_get.phpt -rm ext/date/tests/timezone_version_get.phpt -rm ext/date/tests/timezone_version_get_basic1.phpt -%if 0%{?fedora} < 28 -# need tzdata 2018i rm ext/date/tests/bug33414-1.phpt rm ext/date/tests/bug33415-2.phpt rm ext/date/tests/date_modify-1.phpt -%endif # too fast builder rm ext/date/tests/bug73837.phpt # Should be skipped but fails sometime @@ -1317,6 +1358,11 @@ fi # Set build date from https://reproducible-builds.org/specs/source-date-epoch/ export SOURCE_DATE_EPOCH=$(date +%s -r NEWS) +export PHP_UNAME=$(uname) +export PHP_BUILD_SYSTEM=$(cat /etc/redhat-release | sed -e 's/ Beta//') +%if 0%{?vendor:1} +export PHP_BUILD_PROVIDER="%{vendor}" +%endif # aclocal workaround - to be improved cat $(aclocal --print-ac-dir)/{libtool,ltoptions,ltsugar,ltversion,lt~obsolete}.m4 >>aclocal.m4 @@ -1453,13 +1499,8 @@ build --libdir=%{_libdir}/php \ --with-mysqli=shared,mysqlnd \ --with-mysql-sock=%{mysql_sock} \ %if %{with_oci8} -%ifarch x86_64 - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ -%else - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ -%endif + --with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ + --with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif %if %{with_firebird} --with-interbase=shared \ @@ -1513,6 +1554,7 @@ popd without_shared="--without-gd \ --disable-dom --disable-dba --without-unixODBC \ --disable-opcache \ + --disable-phpdbg \ --disable-json \ --disable-xmlreader --disable-xmlwriter \ --without-sodium \ @@ -1608,13 +1650,8 @@ build --includedir=%{_includedir}/php-zts \ --with-mysql-sock=%{mysql_sock} \ --enable-mysqlnd-threading \ %if %{with_oci8} -%ifarch x86_64 - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ -%else - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ -%endif + --with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ + --with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif %if %{with_firebird} --with-interbase=shared \ @@ -1684,7 +1721,7 @@ popd %check %if %runselftest -cd build-apache +cd build-fpm # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 @@ -1822,8 +1859,8 @@ install -m 755 -d $RPM_BUILD_ROOT/run/php-fpm install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/php-fpm.service.d install -Dm 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}/php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d/php-fpm.conf -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/nginx.service.d/php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/httpd.service.d/php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/nginx.service.d/php-fpm.conf %endif %else sed -ne '1,2p' -i $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/php-fpm @@ -1976,7 +2013,7 @@ sed -e "s/@PHP_APIVER@/%{apiver}%{isasuffix}/" \ %endif < %{SOURCE3} > macros.php %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 -echo '%pecl_xmldir %{_localstatedir}/lib/php/peclxml' >>macros.php +echo '%%pecl_xmldir %%{_localstatedir}/lib/php/peclxml' >>macros.php %endif install -m 644 -D macros.php \ $RPM_BUILD_ROOT%{macrosdir}/macros.php @@ -2072,6 +2109,19 @@ fi %endif +%posttrans common +cat << EOF +===================================================================== + + WARNING : PHP 7.3 have reached its "End of Life" in + December 2021. Even, if this package includes some of + the important security fixes, backported from 8.0, the + UPGRADE to a maintained version is very strongly RECOMMENDED. + +===================================================================== +EOF + + %{!?_licensedir:%global license %%doc} %files @@ -2090,7 +2140,7 @@ fi %files common -f files.common %doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license timelib_LICENSE %doc php.ini-* @@ -2114,20 +2164,22 @@ fi %files cli %{_bindir}/php -%{_bindir}/zts-php %{_bindir}/php-cgi %{_bindir}/phar.phar %{_bindir}/phar # provides phpize here (not in -devel) for pecl command %{_bindir}/phpize %{_mandir}/man1/php.1* -%{_mandir}/man1/zts-php.1* %{_mandir}/man1/php-cgi.1* %{_mandir}/man1/phar.1* %{_mandir}/man1/phar.phar.1* %{_mandir}/man1/phpize.1* -%{_mandir}/man1/zts-phpize.1* %doc sapi/cgi/README* sapi/cli/README +%if %{with_zts} +%{_bindir}/zts-php +%{_mandir}/man1/zts-php.1* +%{_mandir}/man1/zts-phpize.1* +%endif %files dbg %{_bindir}/phpdbg @@ -2162,8 +2214,8 @@ fi %if %{with_systemd} %{_unitdir}/php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif %dir %{_sysconfdir}/systemd/system/php-fpm.service.d %dir %ghost /run/php-fpm @@ -2193,9 +2245,9 @@ fi %{_includedir}/php-zts %{_bindir}/zts-phpize %{_libdir}/php-zts/build +%{_mandir}/man1/zts-php-config.1* %endif %{_mandir}/man1/php-config.1* -%{_mandir}/man1/zts-php-config.1* %{macrosdir}/macros.php %files embedded @@ -2237,7 +2289,9 @@ fi %files mysqlnd -f files.mysqlnd %files opcache -f files.opcache %config(noreplace) %{_sysconfdir}/php.d/opcache-default.blacklist +%if %{with_zts} %config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist +%endif %if %{with_oci8} %files oci8 -f files.oci8 %endif @@ -2249,6 +2303,195 @@ fi %changelog +* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.3.33-13 +- use oracle client library version 21.11 on x86_64, 19.19 on aarch64 +- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix + CVE-2024-2756 +- Fix password_verify can erroneously return true opening ATO risk + CVE-2024-3096 + +* Thu Sep 21 2023 Remi Collet <remi@remirepo.net> - 7.3.33-12 +- use oracle client library version 21.11 on x86_64, 19.19 on aarch64 +- use official Oracle Instant Client RPM + +* Tue Aug 1 2023 Remi Collet <remi@remirepo.net> - 7.3.33-11 +- Fix Security issue with external entity loading in XML without enabling it + GHSA-3qrf-m4j2-pcrr CVE-2023-3823 +- Fix Buffer mismanagement in phar_dir_read() + GHSA-jqcx-ccgc-xwhv CVE-2023-3824 +- move httpd/nginx wants directive to config files in /etc + +* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.3.33-10 +- fix possible buffer overflow in date + +* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.3.33-9 +- Fix Missing error check and insufficient random bytes in HTTP Digest + authentication for SOAP + GHSA-76gg-c692-v2mw CVE-2023-3247 +- use oracle client library version 21.10 +- define __phpize and __phpconfig + +* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.3.33-8 +- fix #81744: Password_verify() always return true with some hash + CVE-2023-0567 +- fix #81746: 1-byte array overrun in common path resolve code + CVE-2023-0568 +- fix DOS vulnerability when parsing multipart request body + CVE-2023-0662 +- add dependency on pcre2 minimal version + +* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.3.33-7 +- pdo: fix #81740: PDO::quote() may return unquoted string + CVE-2022-31631 +- use oracle client library version 21.8 + +* Mon Oct 24 2022 Remi Collet <remi@remirepo.net> - 7.3.33-6 +- hash: fix #81738: buffer overflow in hash_update() on long parameter. + CVE-2022-37454 + +* Tue Sep 27 2022 Remi Collet <remi@remirepo.net> - 7.3.33-5 +- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 +- core: fix #81727 Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. CVE-2022-31629 +- use oracle client library version 21.7 + +* Tue Jun 7 2022 Remi Collet <remi@remirepo.net> - 7.3.33-3 +- use oracle client library version 21.6 +- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 +- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 +- pcre: fix default options for pcre >= 10.38 + +* Wed Feb 23 2022 Remi Collet <remi@remirepo.net> - 7.3.33-2 +- retrieve tzdata version +- use oracle client library version 21.5 + +* Tue Nov 16 2021 Remi Collet <remi@remirepo.net> - 7.3.33-1 +- Update to 7.3.33 - http://www.php.net/releases/7_3_33.php + +* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 7.3.32-1 +- Update to 7.3.32 - http://www.php.net/releases/7_3_32.php + +* Wed Oct 20 2021 Remi Collet <remi@remirepo.net> - 7.3.31-2 +- fix PHP-FPM oob R/W in root process leading to priv escalation + CVE-2021-21703 +- use libicu version 69 + +* Tue Sep 21 2021 Remi Collet <remi@remirepo.net> - 7.3.31-1 +- Update to 7.3.31 - http://www.php.net/releases/7_3_31.php +- use oracle client library version 21.3 + +* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 7.3.30-1 +- Update to 7.3.30 - http://www.php.net/releases/7_3_30.php + +* Tue Jun 29 2021 Remi Collet <remi@remirepo.net> - 7.3.29-1 +- Update to 7.3.29 - http://www.php.net/releases/7_3_29.php + +* Tue Apr 27 2021 Remi Collet <remi@remirepo.net> - 7.3.28-1 +- Update to 7.3.28 - http://www.php.net/releases/7_3_28.php + +* Thu Apr 8 2021 Remi Collet <remi@remirepo.net> - 7.3.27-2 +- add upstream patch for https://bugs.php.net/80783 + PDO ODBC truncates BLOB records at every 256th byte +- use oracle client library version 21.1 + +* Tue Feb 2 2021 Remi Collet <remi@remirepo.net> - 7.3.27-1 +- Update to 7.3.27 - http://www.php.net/releases/7_3_27.php + +* Thu Jan 28 2021 Remi Collet <remi@remirepo.net> - 7.3.26-2 +- add upstream patch for https://bugs.php.net/80682 + fix opcache doesn't honour pcre.jit option + +* Tue Jan 5 2021 Remi Collet <remi@remirepo.net> - 7.3.26-1 +- Update to 7.3.26 - http://www.php.net/releases/7_3_26.php + +* Tue Dec 15 2020 Remi Collet <remi@remirepo.net> - 7.3.26~RC1-1 +- update to 7.3.26RC1 + +* Tue Nov 24 2020 Remi Collet <remi@remirepo.net> - 7.3.25-1 +- Update to 7.3.25 - http://www.php.net/releases/7_3_25.php +- use oracle client library version 19.9 (x86_64) + +* Tue Nov 10 2020 Remi Collet <remi@remirepo.net> - 7.3.25~RC1-1 +- update to 7.3.25RC1 + +* Tue Oct 27 2020 Remi Collet <remi@remirepo.net> - 7.3.24-1 +- Update to 7.3.24 - http://www.php.net/releases/7_3_24.php + +* Fri Oct 23 2020 Remi Collet <remi@remirepo.net> - 7.3.24~RC1-2 +- backport fix for https://bugs.php.net/74083 from 7.4 + master PHP-fpm is stopped on multiple reloads + +* Tue Oct 13 2020 Remi Collet <remi@remirepo.net> - 7.3.24~RC1-1 +- update to 7.3.24RC1 + +* Tue Sep 29 2020 Remi Collet <remi@remirepo.net> - 7.3.23-1 +- Update to 7.3.23 - http://www.php.net/releases/7_3_23.php + +* Tue Sep 15 2020 Remi Collet <remi@remirepo.net> - 7.3.23~RC1-1 +- update to 7.3.23RC1 + +* Tue Sep 1 2020 Remi Collet <remi@remirepo.net> - 7.3.22-1 +- Update to 7.3.22 - http://www.php.net/releases/7_3_22.php + +* Tue Aug 18 2020 Remi Collet <remi@remirepo.net> - 7.3.22~RC1-1 +- update to 7.3.22RC1 +- use oracle client library version 19.8 (x86_64) + +* Tue Aug 4 2020 Remi Collet <remi@remirepo.net> - 7.3.21-1 +- Update to 7.3.21 - http://www.php.net/releases/7_3_21.php + +* Tue Jul 21 2020 Remi Collet <remi@remirepo.net> - 7.3.21~RC1-1 +- update to 7.3.21RC1 +- build using ICU 65 (excepted on EL-6) + +* Tue Jul 7 2020 Remi Collet <remi@remirepo.net> - 7.3.20-1 +- Update to 7.3.20 - http://www.php.net/releases/7_3_20.php + +* Tue Jun 23 2020 Remi Collet <remi@remirepo.net> - 7.3.20~RC1-2 +- display build system and provider in phpinfo (from 8.0) + +* Tue Jun 23 2020 Remi Collet <remi@remirepo.net> - 7.3.20~RC1-1 +- update to 7.3.20RC1 + +* Tue Jun 9 2020 Remi Collet <remi@remirepo.net> - 7.3.19-1 +- Update to 7.3.19 - http://www.php.net/releases/7_3_19.php +- rebuild using oniguruma5php +- build phpdbg only once + +* Tue May 26 2020 Remi Collet <remi@remirepo.net> - 7.3.19~RC1-1 +- update to 7.3.19RC1 + +* Tue May 12 2020 Remi Collet <remi@remirepo.net> - 7.3.18-1 +- Update to 7.3.18 - http://www.php.net/releases/7_3_18.php + +* Tue Apr 28 2020 Remi Collet <remi@remirepo.net> - 7.3.18~RC1-1 +- update to 7.3.18RC1 + +* Tue Apr 14 2020 Remi Collet <remi@remirepo.net> - 7.3.17-1 +- Update to 7.3.17 - http://www.php.net/releases/7_3_17.php + +* Tue Mar 31 2020 Remi Collet <remi@remirepo.net> - 7.3.17~RC1-1 +- update to 7.3.17RC1 + +* Tue Mar 17 2020 Remi Collet <remi@remirepo.net> - 7.3.16-1 +- Update to 7.3.16 - http://www.php.net/releases/7_3_16.php +- use oracle client library version 19.6 (18.5 on EL-6) + +* Tue Mar 3 2020 Remi Collet <remi@remirepo.net> - 7.3.16~RC1-1 +- update to 7.3.16RC1 + +* Tue Feb 18 2020 Remi Collet <remi@remirepo.net> - 7.3.15-1 +- Update to 7.3.15 - http://www.php.net/releases/7_3_15.php + +* Tue Feb 4 2020 Remi Collet <remi@remirepo.net> - 7.3.15~RC1-1 +- update to 7.3.15RC1 + +* Tue Jan 21 2020 Remi Collet <remi@remirepo.net> - 7.3.14-1 +- Update to 7.3.14 - http://www.php.net/releases/7_3_14.php + +* Tue Jan 7 2020 Remi Collet <remi@remirepo.net> - 7.3.14~RC1-1 +- update to 7.3.14RC1 + * Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.3.13-1 - Update to 7.3.13 - http://www.php.net/releases/7_3_13.php - use oracle client library version 19.5 (18.5 on EL-6) @@ -1,12 +1,12 @@ #include <stdio.h> -#include <php_embed.h> +#include <sapi/embed/php_embed.h> int main (int argc, char*argv[]) { PHP_EMBED_START_BLOCK(argc, argv) zval ver; zend_eval_string("phpversion();", &ver, "Get version" TSRMLS_CC); convert_to_string(&ver); - php_printf("Build PHP Version: %s\n", PHP_VERSION); + php_printf("Build PHP Version: %s\n", PHP_VERSION); php_printf("Running PHP Version: %s\n", Z_STRVAL(ver)); zval_dtor(&ver); PHP_EMBED_END_BLOCK() |