From 2863c30beb96be9d4cfdfbe800a980f2cd932443 Mon Sep 17 00:00:00 2001 From: wenyuzifang Date: Wed, 17 Sep 2025 19:03:57 +0800 Subject: [PATCH] Update code from upstream --- git-2.43.0-core-crypto-hmac.patch | 70 ++++++ ...7-sanitize-sideband-channel-messages.patch | 219 ++++++++++++++++++ git-2.47.3.tar.sign | Bin 0 -> 566 bytes git.spec | 63 ++++- gpgkey-junio.asc | 144 ++++++++++++ 5 files changed, 486 insertions(+), 10 deletions(-) create mode 100644 git-2.43.0-core-crypto-hmac.patch create mode 100644 git-2.47-sanitize-sideband-channel-messages.patch create mode 100644 git-2.47.3.tar.sign create mode 100644 gpgkey-junio.asc diff --git a/git-2.43.0-core-crypto-hmac.patch b/git-2.43.0-core-crypto-hmac.patch new file mode 100644 index 0000000..26343f8 --- /dev/null +++ b/git-2.43.0-core-crypto-hmac.patch @@ -0,0 +1,70 @@ +diff -ur b/builtin/receive-pack.c a/builtin/receive-pack.c +--- b/builtin/receive-pack.c 2023-11-20 03:07:41.000000000 +0100 ++++ a/builtin/receive-pack.c 2023-12-06 15:34:28.294170714 +0100 +@@ -40,6 +40,8 @@ + #include "worktree.h" + #include "shallow.h" + #include "parse-options.h" ++#include ++#include + + static const char * const receive_pack_usage[] = { + N_("git receive-pack "), +@@ -538,43 +540,11 @@ + return 0; + } + +-static void hmac_hash(unsigned char *out, ++static inline void hmac_hash(unsigned char *out, + const char *key_in, size_t key_len, + const char *text, size_t text_len) + { +- unsigned char key[GIT_MAX_BLKSZ]; +- unsigned char k_ipad[GIT_MAX_BLKSZ]; +- unsigned char k_opad[GIT_MAX_BLKSZ]; +- int i; +- git_hash_ctx ctx; +- +- /* RFC 2104 2. (1) */ +- memset(key, '\0', GIT_MAX_BLKSZ); +- if (the_hash_algo->blksz < key_len) { +- the_hash_algo->init_fn(&ctx); +- the_hash_algo->update_fn(&ctx, key_in, key_len); +- the_hash_algo->final_fn(key, &ctx); +- } else { +- memcpy(key, key_in, key_len); +- } +- +- /* RFC 2104 2. (2) & (5) */ +- for (i = 0; i < sizeof(key); i++) { +- k_ipad[i] = key[i] ^ 0x36; +- k_opad[i] = key[i] ^ 0x5c; +- } +- +- /* RFC 2104 2. (3) & (4) */ +- the_hash_algo->init_fn(&ctx); +- the_hash_algo->update_fn(&ctx, k_ipad, sizeof(k_ipad)); +- the_hash_algo->update_fn(&ctx, text, text_len); +- the_hash_algo->final_fn(out, &ctx); +- +- /* RFC 2104 2. (6) & (7) */ +- the_hash_algo->init_fn(&ctx); +- the_hash_algo->update_fn(&ctx, k_opad, sizeof(k_opad)); +- the_hash_algo->update_fn(&ctx, out, the_hash_algo->rawsz); +- the_hash_algo->final_fn(out, &ctx); ++ HMAC(EVP_sha1(), key_in, key_len, text, text_len, out, NULL); + } + + static char *prepare_push_cert_nonce(const char *path, timestamp_t stamp) +diff -ur b/Makefile a/Makefile +--- b/Makefile 2023-11-20 03:07:41.000000000 +0100 ++++ a/Makefile 2023-12-06 15:35:08.506316431 +0100 +@@ -2123,6 +2123,8 @@ + EXTLIBS += -lcrypto -lssl + endif + ++EXTLIBS += -lcrypto ++ + ifneq ($(PROCFS_EXECUTABLE_PATH),) + procfs_executable_path_SQ = $(subst ','\'',$(PROCFS_EXECUTABLE_PATH)) + BASIC_CFLAGS += '-DPROCFS_EXECUTABLE_PATH="$(procfs_executable_path_SQ)"' diff --git a/git-2.47-sanitize-sideband-channel-messages.patch b/git-2.47-sanitize-sideband-channel-messages.patch new file mode 100644 index 0000000..dec65f6 --- /dev/null +++ b/git-2.47-sanitize-sideband-channel-messages.patch @@ -0,0 +1,219 @@ +From 833c73801527b37d9bc725c81c6042ae350aaae3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Fri, 28 Mar 2025 13:26:29 +0100 +Subject: [PATCH] Adds the option to sanitize sideband channel messages + +CVE-2024-52005 wasn't fixed by upstream. This patch adds the option +to harden Git against it. +The default behaviour of Git remains unchanged. + +Changes are taken from Git for Windows. The only differences are that +by default we are allowing all control characters, the documentation +reflects it and one of the tests has to be invoked with a config +change: `sideband.allowControlCharacters=color` + +These commits can also be seen in this upstream PR: +https://github.com/gitgitgadget/git/pull/1853 +--- + Documentation/config.txt | 2 + + Documentation/config/sideband.txt | 16 ++++++ + sideband.c | 78 ++++++++++++++++++++++++++++- + t/t5409-colorize-remote-messages.sh | 30 +++++++++++ + 4 files changed, 124 insertions(+), 2 deletions(-) + create mode 100644 Documentation/config/sideband.txt + +diff --git a/Documentation/config.txt b/Documentation/config.txt +index 8c0b3ed807..48870bb588 100644 +--- a/Documentation/config.txt ++++ b/Documentation/config.txt +@@ -522,6 +522,8 @@ include::config/sequencer.txt[] + + include::config/showbranch.txt[] + ++include::config/sideband.txt[] ++ + include::config/sparse.txt[] + + include::config/splitindex.txt[] +diff --git a/Documentation/config/sideband.txt b/Documentation/config/sideband.txt +new file mode 100644 +index 0000000000..1adc831667 +--- /dev/null ++++ b/Documentation/config/sideband.txt +@@ -0,0 +1,16 @@ ++sideband.allowControlCharacters:: ++ By default, control characters that are delivered via the sideband ++ are NOT masked. Use this config setting to prevent potentially ++ unwanted ANSI escape sequences from being sent to the terminal: +++ ++-- ++ color:: ++ Allow ANSI color sequences, line feeds and horizontal tabs, ++ but mask all other control characters. ++ false:: ++ Mask all control characters other than line feeds and ++ horizontal tabs. ++ true:: ++ Allow all control characters to be sent to the terminal. ++ This is the default. ++-- +\ No newline at end of file +diff --git a/sideband.c b/sideband.c +index 02805573fa..7a0ca61948 100644 +--- a/sideband.c ++++ b/sideband.c +@@ -25,6 +25,12 @@ static struct keyword_entry keywords[] = { + { "error", GIT_COLOR_BOLD_RED }, + }; + ++static enum { ++ ALLOW_NO_CONTROL_CHARACTERS = 0, ++ ALLOW_ALL_CONTROL_CHARACTERS = 1, ++ ALLOW_ANSI_COLOR_SEQUENCES = 2 ++} allow_control_characters = ALLOW_ALL_CONTROL_CHARACTERS; ++ + /* Returns a color setting (GIT_COLOR_NEVER, etc). */ + static int use_sideband_colors(void) + { +@@ -38,6 +44,25 @@ static int use_sideband_colors(void) + if (use_sideband_colors_cached >= 0) + return use_sideband_colors_cached; + ++ switch (git_config_get_maybe_bool("sideband.allowcontrolcharacters", &i)) { ++ case 0: /* Boolean value */ ++ allow_control_characters = i ? ALLOW_ALL_CONTROL_CHARACTERS : ++ ALLOW_NO_CONTROL_CHARACTERS; ++ break; ++ case -1: /* non-Boolean value */ ++ if (git_config_get_string_tmp("sideband.allowcontrolcharacters", ++ &value)) ++ ; /* huh? `get_maybe_bool()` returned -1 */ ++ else if (!strcmp(value, "color")) ++ allow_control_characters = ALLOW_ANSI_COLOR_SEQUENCES; ++ else ++ warning(_("unrecognized value for `sideband." ++ "allowControlCharacters`: '%s'"), value); ++ break; ++ default: ++ break; /* not configured */ ++ } ++ + if (!git_config_get_string_tmp(key, &value)) + use_sideband_colors_cached = git_config_colorbool(key, value); + else if (!git_config_get_string_tmp("color.ui", &value)) +@@ -65,6 +90,55 @@ void list_config_color_sideband_slots(struct string_list *list, const char *pref + list_config_item(list, prefix, keywords[i].keyword); + } + ++static int handle_ansi_color_sequence(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ /* ++ * Valid ANSI color sequences are of the form ++ * ++ * ESC [ [ [; ]*] m ++ */ ++ ++ if (allow_control_characters != ALLOW_ANSI_COLOR_SEQUENCES || ++ n < 3 || src[0] != '\x1b' || src[1] != '[') ++ return 0; ++ ++ for (i = 2; i < n; i++) { ++ if (src[i] == 'm') { ++ strbuf_add(dest, src, i + 1); ++ return i; ++ } ++ if (!isdigit(src[i]) && src[i] != ';') ++ break; ++ } ++ ++ return 0; ++} ++ ++static void strbuf_add_sanitized(struct strbuf *dest, const char *src, int n) ++{ ++ int i; ++ ++ if (allow_control_characters == ALLOW_ALL_CONTROL_CHARACTERS) { ++ strbuf_add(dest, src, n); ++ return; ++ } ++ ++ strbuf_grow(dest, n); ++ for (; n && *src; src++, n--) { ++ if (!iscntrl(*src) || *src == '\t' || *src == '\n') ++ strbuf_addch(dest, *src); ++ else if ((i = handle_ansi_color_sequence(dest, src, n))) { ++ src += i; ++ n -= i; ++ } else { ++ strbuf_addch(dest, '^'); ++ strbuf_addch(dest, 0x40 + *src); ++ } ++ } ++} ++ + /* + * Optionally highlight one keyword in remote output if it appears at the start + * of the line. This should be called for a single line only, which is +@@ -80,7 +154,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + int i; + + if (!want_color_stderr(use_sideband_colors())) { +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + return; + } + +@@ -113,7 +187,7 @@ static void maybe_colorize_sideband(struct strbuf *dest, const char *src, int n) + } + } + +- strbuf_add(dest, src, n); ++ strbuf_add_sanitized(dest, src, n); + } + + +diff --git a/t/t5409-colorize-remote-messages.sh b/t/t5409-colorize-remote-messages.sh +index 516b22fd96..48f8413eff 100755 +--- a/t/t5409-colorize-remote-messages.sh ++++ b/t/t5409-colorize-remote-messages.sh +@@ -99,4 +99,34 @@ test_expect_success 'fallback to color.ui' ' + grep "error: error" decoded + ' + ++test_expect_success 'disallow (color) control sequences in sideband' ' ++ write_script .git/color-me-surprised <<-\EOF && ++ printf "error: Have you \\033[31mread\\033[m this?\\a\\n" >&2 ++ exec "$@" ++ EOF ++ test_config_global uploadPack.packObjectshook ./color-me-surprised && ++ test_commit need-at-least-one-commit && ++ git -c sideband.allowControlCharacters=color \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ test_grep "\\^G" stderr && ++ tr -dc "\\007" actual && ++ test_must_be_empty actual && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters=false \ ++ clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep ! RED decoded && ++ test_grep "\\^G" stderr && ++ ++ rm -rf throw-away && ++ git -c sideband.allowControlCharacters clone --no-local . throw-away 2>stderr && ++ test_decode_color decoded && ++ test_grep RED decoded && ++ tr -dc "\\007" actual && ++ test_file_not_empty actual ++' ++ + test_done +-- +2.49.0 + diff --git a/git-2.47.3.tar.sign b/git-2.47.3.tar.sign new file mode 100644 index 0000000000000000000000000000000000000000..1a5e3c9e0055262ac133c5887fc8d6d77041d33d GIT binary patch literal 566 zcmV-60?GY}0y6{v0SEvc79j-T@HVmj=OQ1+cCr_JP2ROx$X+DyQJH88i)^OK9VwGzT`YizJG0ia~= zN`jl{_$w=`t{1s?)J9hIRmF=7O8(6KjPQhlEF*ml2}lOYt{In6B(IrSU{fKRkXZvi z7{-K8qz94PPHoon7A(%=h{Yc-Z=Yu$?tms;8C6<}S(=vwRzuDSW{`8ou?rv~d&fgj z>y8)MZ$gYRm|5XTgZ%2h9CNs?;PESPYL6)Hz8v~kejT1ktj3t~ZAtyNCI0JOm|6Uv zFqH6FSjg**%9+1B_VG^_MZxIlu0+9xls!uP`5vN2Qlh3tZ=Qy({ zUy}CgEw+j%i{6EeRCIZ&XM7aJLK?v)CinCw_tdvn&Fo_3D-C!uTVwUi`KAvNfgmAp zSOv}d_H*4_NVrGP@WUt;wAwM!c&>+|I z{Yc4se-VD?R>r~I4-(AfUX36Hv(g!aI`bmsp(uU_r?~E6Mnl`|$tX9r*5whbA3M>V EZ63`S<^TWy literal 0 HcmV?d00001 diff --git a/git.spec b/git.spec index 1e03119..92a1393 100644 --- a/git.spec +++ b/git.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %bcond_without docs %bcond_with linkcheck @@ -23,19 +23,21 @@ %global _package_note_file %{_builddir}/%{name}-%{version}/.package_note-%{name}-%{version}-%{release}.%{_arch}.ld Name: git -Version: 2.47.3 +Version: 2.47.3 Release: %{anolis_release}%{?dist} Summary: Distributed version control system License: BSD-3-Clause AND GPLv2 AND LGPL-2.1-or-later AND MIT URL: https://git-scm.com/ -Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz -Source1: git.xinetd.in -Source2: git-gui.desktop -Source3: gitweb-httpd.conf -Source4: gitweb.conf.in -Source5: git@.service.in -Source6: git.socket -Source7: print-failed-test-output +Source0: https://www.kernel.org/pub/software/scm/git/git-2.47.3.tar.xz +Source1: https://www.kernel.org/pub/software/scm/git/git-2.47.3.tar.sign +Source2: gpgkey-junio.asc +Source11: git.xinetd.in +Source12: git-gui.desktop +Source13: gitweb-httpd.conf +Source14: gitweb.conf.in +Source15: git@.service.in +Source16: git.socket +Source99: print-failed-test-output Patch0: git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch Patch1: 0001-t-lib-httpd-try-harder-to-find-a-port-for-apache.patch @@ -44,6 +46,8 @@ Patch3: 0003-t-lib-git-svn-try-harder-to-find-a-port.patch Patch4: git-test-apache-davlockdbtype-config.patch # https://github.com/gitgitgadget/git/pull/1853 Patch5: 0004-backport-CVE-2024-52005.patch +Patch6: git-2.43.0-core-crypto-hmac.patch +Patch7: git-2.47-sanitize-sideband-channel-messages.patch %if %{with docs} BuildRequires: /usr/bin/pod2man @@ -253,6 +257,43 @@ A simple script to set up gitweb and a web server for browsing the local reposit %package p4 Summary: Git tools for working with Perforce depots BuildRequires: python3-devel +BuildRequires: acl +BuildRequires: asciidoc >= 8.4.1 +BuildRequires: bash +BuildRequires: cvs +BuildRequires: cvsps +BuildRequires: emacs-common +BuildRequires: gnupg2 +BuildRequires: httpd +BuildRequires: mod_dav_svn +BuildRequires: perl +BuildRequires: perl(App::Prove) +BuildRequires: perl(CGI) +BuildRequires: perl(CGI::Carp) +BuildRequires: perl(CGI::Util) +BuildRequires: perl(DBD::SQLite) +BuildRequires: perl(Digest::MD5) +BuildRequires: perl(Fcntl) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Find) +BuildRequires: perl(HTTP::Date) +BuildRequires: perl(IO::Pty) +BuildRequires: perl(JSON) +BuildRequires: perl(JSON::PP) +BuildRequires: perl(Mail::Address) +BuildRequires: perl(Memoize) +BuildRequires: perl(POSIX) +BuildRequires: perl(Term::ReadLine) +BuildRequires: perl(Test::More) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(filetest) +BuildRequires: python2-devel +BuildRequires: subversion +BuildRequires: subversion-perl +BuildRequires: tar +BuildRequires: time +BuildRequires: zip Requires: git = %{version}-%{release} BuildArch: noarch @@ -697,6 +738,8 @@ rmdir --ignore-fail-on-non-empty "$testdir" %changelog +* Wed Sep 17 2025 wenyuzifang - 2.47.3-2 +- Improve security and maintainability by replacing custom HMAC code with OpenSSL's trusted implementation * Fri Jul 11 2025 Yangcheng - 2.47.3-1 - update to 2.47.3 to fix CVE-2025-48384 CVE-2025-48385 CVE-2025-48386 diff --git a/gpgkey-junio.asc b/gpgkey-junio.asc new file mode 100644 index 0000000..5edb58f --- /dev/null +++ b/gpgkey-junio.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6GdewBEADE3szNmKeUAUad22z1tWkLjLzyDcJpF7IzEnLs8bD1y0I6iqH0 +169ru5iXKn29wc+YAuxWorb4P5a2i2B/vs32hJy/rXE7dpvsAqlHLSGSDUJXiFzM +Bb9SfJO0EY2r+vqzeQgSUmhp/b4dAXVnMATFM37V83H/mq8REl5Wwb2rxP3pcv6W +F6i51+tPEWIUgo1N74QkR4wdLcPztDO9v7ZIaFKl+2GEGkx6Z+YjECTqQuyushjq +41K3UVmv+AmLhJYKA78HY5KqCkXrz8rCgoi+Ih+ZT2sgjx637yT84Dr/QDh7BkIB +blmpRQ+yoJlVDWI5/bI8rcdrPz+NmxaJ7dKEBg0qTclbwquacpwG1DCCD8NgQrwL +WVLGVdsT2qwek+KkmOs+iNBXY1TgKPAeuv0ZDKKYrCwYpN1K90oXk431g79bKsH5 +8Tybg5uW+e2i+H5gnDeyl481HOt8aHOPu9qIB/zIek6lDH69q3nGcf7k3prxDf3I +qYy6CPcpjTfpN4i/7gxQDNI+AIgbs21EE5Kg1TPUe0XgfdJMtIF+D6wTjbrLtDnn +09Iwz0SfIZR52IrZHxUlFXZFjk10RXYATtdMqEFgYgjYvYXxL9EEr7T5Dgso+qaE +wV0rrg0VDKrf/afrjGOeffumlhBhJnBnns1T+p65Vz5hyQl7SFKLw+Ix7wARAQAB +tCJKdW5pbyBDIEhhbWFubyA8Z2l0c3RlckBwb2JveC5jb20+iQI7BBMBAgAlAhsD +BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCToZ45QIZAQAKCRAg0E5acTZgp1TF +EACr+QRpfDmbGnUY1Rqy50Ap1eG0061vAapCMLmU+4kxqIRKm5/00YGmb7VxRCLD +pKNa0hkH+ftA4QmnPU4j4UEsh/vAa2BGCXRjB9RixTokvQf9iOXUGiHYv1kn+p3l +xg66bLnKV3dWScjV2IueDP4ypLEZHlWD9I/Unmrg2mJEAcz4gSAfBHWLOf/+JYAq +6j6erIxPS5ZtIz/twQf6MCoXXAXuM6tgUhdptJqG82WzSZMuWOfzmS6DSTuqK05h +9gpwdj5nz4jdh4u5sp+LKOqFw94JIRcE+wj5cljOOlX3Fqi84ADC8b/OzC3V9KGa +rNnBzWdnkIoNxbNBNF6wD1dgn1peueufaP9q5CO9ljKNSOGUClwvtJFrpZZL5Phe +NNFFkPSZpkmStcB6s8RHsyz5zuqxQUOWuvLVUDRW58yZR0WC1Xc/yi+cEFSUiKI5 +OqPNwC1v0xh7a/MObJQxTQCEKHLyVYlnohsf2RxzxaOOjgWmY2O+yH5G5ymfBie/ +Uw7zcSsJ89ovLAEG/10tkJVqIfza5Wexj3VAZbI+i7vx2gtlLqM23gGykqcv7VWm +FD5lFWGC4Sw8M7Jikm8vn99dxZnsBKjMqksjENUX1JeUZI+FHg2CNSVBX0J8yLnm +d8eJBkYXkU79J3GVex/WTzbFnSkPmw16MtAu/E9EKNbAILQgSnVuaW8gQyBIYW1h +bm8gPGp1bmlvQHBvYm94LmNvbT6JAjgEEwECACIFAk6GeL4CGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJECDQTlpxNmCn6GMQAJ0V0jmyQ7Lvi5FBBgNTdY8q +fVbLFxEUVAsKf2x9QxhsOcL2heQRVkp10JKv4/VQLfDwr6Pv98FQchXlBmFiySAb +VihUVC+VJ3FhyKBtI14RXT6Nkwd18PXDvWXy2fKeiK9GPDWkufac0h/giz0T1xP7 +CHxDErQATMmYbkinyyM+xd1Nir6DUYcHJQIK2Dg2VPChkI0XXCQETLDbrC9fDwWg +1vP36PQZ+nw/cIRt+2xkq8HHUzB7kOnXHqPt1kb/Ry8hZwPnfV7g/V0MogoMLtz2 +33pqwuguLXP7zY3jTwAZZ9VTpuCTsdVWXJDlznMNurYi1yurCNuUvq/O/9JC8WBt +dVUuvFZGjRZWfP24W57iq/qz8CV6dThq5r4WygE83tMC3DaarNJ4f9dQUA4KpL7j +2EMXkgoXcEy1mieUCypdNiZj96hV8Q7apSLk2V4jtvLkJfzX053glqRJI35SX8Ok +SazZGYZHX6QfZlvznnrCF5x/xBzhbfr2Geo4rxL0BQsp2DQodqUCB23QzsPhWWff +YtkATaD5vovGeQ9Acd1u72jH3DO8tVMH85jMO4f+oc0h3lnkPS4F33QqlnErRo/I +Rm6jCsI/NgMZUYdh0EY5Iiq/e8e+u8gdo0akkwHlNvR4KrYrK/1K4h+i+UBIbJDZ +pqT/iH+yhJRQ3CAan8KStB9KdW5pbyBDIEhhbWFubyA8amNoQGdvb2dsZS5jb20+ +iQI4BBMBAgAiBQJOhnjVAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAg +0E5acTZgp4SyD/9slQ1IkYqz+VXPnmHCQFhurYcHD8t1iGBqiXxI+gpA1Y3L1QL+ +aj0fplW4KuEPbJ7xlYdLA4J+M9kgkwt3Jufw+lM1pQM9tSB627rAbxUyczj4AFjZ +9v8GpqyZ3XPDe8NknI/V4Xlhsr+e3AHJPr355XacMkFGc3Rtw1quFVgrECttdzUD +6xtrhwYYVAYAnKr65943UtMLsVXkJLfjq8c1NZOCov9SwSb0N9IkEhSyihd/92Z2 +NH4d+B1QTIyWagL3GNN8LXXEHK+x+oA/nbhGbFg7bqhxUW4d2JaxKPy4U3nfdtSm +Mbiy16eUfMbbMyvB0jtLf6UFrxF5bJnYkiG18DcLSaX7Hsby8IVzZQZHYvkx5+7p +K2SBsdek3bu3punP3dWLJoMw+Vmm5Bk0Yl7pxzvsYQWhPV7+tpgglUSFQuIeXFrw +jVXP8Q+Ph9nO0vKIaeTcn1ISuq2XaoqhkLH+Zw1I/ruRtk2DJbZsg5BBGfA26BkZ +WJXlO6h33emPwkJ0FanlzRtMTqZ/4RiTXv5G1L/lypX1iq6fF2V+WTh2JmEKyY+2 +l0/19XRANfaDiYULoBvJEdCcIXLbaRTqjem+70ZGvAiCaGO52YvUhBo+XCgjucjc +qhxiF3wc24kzj1ZycrwbDa7VjftZAApN01CJ38mXGpZXiWZU4hjJx41wCbkCDQRO +iUo5ARAA8l5PToapmK0IHBpY5ohie53ZczLV5ojWKZXNsmVYNuSBBKpwC6VH2X85 +9dVd59HigAYsS1TbDCUNGC1bM0thJ9Y92fa1WnlEqyYQZDmJ4rt283DT2Gmrkng6 +XPjvr8PZeHKtvw7uLywfdm4x0WrGrH34g17BL82u/7k0JUOgJoPulIkO9Mls35UJ +SY/Zwk1EdkM4hHKmqJFIiW/DlPYh0Tj5x9Sukk0ATH/R/QdtpjvwJJZyph6gMhbi +YB+G+nR/WZy9vB+bFwPPaa0EudADoIZ9LkQzU/55KqNnKH9dPqPVWEOBZVZvPqiR +iyRuffMIJ0t9mtvc/jruS1qiTZdJoy2vl6K4Uqc+huvlHeCCYR0lGCeDB+Ixuz9x +d2ZdUxMgwgcNiQOCW70YWtxf0LF2seSJdLItHDBOu/f3cqKwNGUvcC3d/9qVb0wP +SI1mq18S02MGcvDySsjGtX7o4kujUqE2ZNCW6ORLJUC6zEYu3TRNWrXeS3uAP21x +UrEPkuTiJL7SCS12FYJt5agx5NIUKI7bkIUbLbiuhC4z47MFajW9Y5jUQk86dk7b +jGqVrXYIu92Dhxc2CND2fWaMpYRhwvHR6KQU1yYHYkGVlMHiozM5D+4dCRRVI8x3 +p/+ypFBZmZr7yTpv/qD0N8HHl2NAYvGRQdzjyFQOXERwaXuzjCkAEQEAAYkEWwQY +AQoAJgIbAhYhBJbgevJXcZVZgNrRACDQTlpxNmCnBQJeHMcfBQkenRjmAinBXSAE +GQECAAYFAk6JSjkACgkQsLXohpav5sukpRAAywCaKmo0HH77yNkqormnKtRBrz8j +tx68e//pq/AyCrghKUh91iLGYji3/E1qQe7p7Ne7WAn3uFZs22zrNKIDGxtMMCQT +C0Ne4BAvMh1NzwzzBCCyirs1ccLj5gKkoFkKfTo5U5NWNznYPM8uib1uY5vdRqIJ +2vJ7JJykNdcW5od42TtWsOxH2zTp4SRNmX8QPaRbfOxPdlKsbp0eIO6kk+Lx6gEv +WAtEda5xSd1PwyK7SfGadTm+8Rw5UeP1kRtuKQPm7sRBB0coXDVHpFi/nMWHzVxv +/NKhLAkzIbGOV6rL8ihVhXGqEgiD5Q+QdbaNsiLtHo5niBzpbnzvSopBYcOftrhc +PNDY0RYXYb/5JZUid/JBWKwV+zREEnbgtsYDbwFEDnCVIGyXAoxyas/S3b14izat +qgINxiYuxpDY+w1O5RywjOTdLPUWlL5YhH1W/gwbdyGiL4sh0v/fzNy0vKR5zPt1 +hICEA9YvCI7k3b74O6eiDB5fMIRPkNr6ubZWe0T6x4eL2EjSFRXIEmbmnAh93pdp +WFrXH+Sf1LKhBZzojgUsQU/rzB2R94S7Vx0Z+tzgDZ8fJe47ZUEfzJccyyGve/QA +sLLgTWRwRP3MSa1rC4wuWtDDMk/drw9CpmeFeRFn0oDIBo/m2mBv+UNAxSdijREz +vPRiwROma/RawVcJECDQTlpxNmCnTLQP/A1WNmgPCCyFqp812Zvgh0pAqceaM+dg +FlvNi5j5Jyw7/hicx2e0BXgKt64TEodphknCFzZIFDq3jJSdLt1l9NHpiLVM0Hf0 +cLFGF3eRHOID7PeGJGztLJ0CGhhSXaPh7nNLK0G9zXCAasedpowX4ZUntv+p/+Fr +jQ8eSgyyljvrlywK+tH07F1W6t6eMNOw7/AHx7fkOux4CDem1FsNbhZWX8YPUATo +vP1YLBXcrQgpJPpypG6up56D70ewTs4l+qNOISr3phG2egeEhYNwv6GUv8aelh69 +iaUHscT+DOXrFKq+RSHBMzGFFTrDJFDSu3d3A5Rg8KxJMcOxc00L3GMPchrFiJH7 +QShAQdU/ocF0MAA6n56g/QynxafFI/MRMXVTmF+lMBW/kK63pD3AJkIgvdLdht5o +s7aKlddPrmIulaELIDdF2MSicMmgWJcqFkqZH2HIC+gx26Fafn2vfiUqsEc4NTpZ +qhf66F9UjPKfYFfLhbGrmq/giAk1qjiGnBzCUQ9hXVqpmFfnVDjmQrk8KB9skDms +PJgZ4hzmj5AarCpFtDmE4W7Tvi/xqgrFZkPX/SDhTWInJGcWaOTvlc5dkjAxKT6X +LUGLScJHxhaovTGVzq1GWhhNCFhCs4AkWqPKhYfeZuWiuiMLZaEyJPfTufT7Svab +pOhlaD1YY8fvuQINBE6GdewBEADxm56jO5pnVRH13BsG38o1qD9mJppXhf0mb6dB +ORP1b3YJNaknQtxVPXSlXNAYNStYs9bWwn+RrYmOEfy0MWekqOBqgHDEf50ktZaz +hFd89dt58IA+WIFo7BFk1XIr4USdSEQeL7Pb4oSg5AYn8C3OlT7T3nxWBh9aEbat +EfiUMFKikLVVLdbEL7FBzEkypHfQCslDlq+ggAAVBzqrMIBn/idto87UrF2x/qd2 +P2PJl9pUf744pL9yzX+cNbQld0Yf6gQW9/r0UUW/CCU4qpPDvycyGIx3Y7PV/MjA +lre4qJv4khoSFasAAjDXzyUIYhw7yMmaAE/lEOVN7M6reYDvhaDCcWfEn8sjH03/ +Wa92vVx7boMx5RAEh8YE2KZHEZkAODlW4pnDKyaH38lj8pa0dh77RXAD6X1XPGwi +zpmjfrBBPGvUNGsdIpJaY4KEaZ0+v3bhvfU0DWB4dmJB3aPxC6CFtVA0QBGcbw16 +jUeA+2LUJgWMs86npHaPzD99J4Q+Smw9mZPfyT5O5yymYXOwIp50aUjkGCQcHtt7 +jisNkU52bFD2JcQJr8o67JIcqFNdhPAnxC+BN0QDtCyXT+wxC1Uvh9E//r3JPEQD +REfEUb3l+3Sarz1KCm3LUhx1XE82Z6c96tHopUfiOiwbtxv+8UypXT2ntKfprz1U +dMb5jwARAQABiQIfBBgBAgAJBQJOhnXsAhsMAAoJECDQTlpxNmCnFKYP/j6dmEQW +ZliWE8le9Qzh1WqTbHd5elaGJuW0KGQ+g9okWBkh+sLlPxxTk2f0b79Pc7K3OPy7 +89OcIsrbHD3jDp7TS9IVpX7kVZnvnts5oV3XcK5q84XDEQqa6UIlfiZkZJCzIX8N +kSAbv0UmmKKLKS+ANIEIZBKBrWxpYwvG2wBoWPkpNv5mdEuR9h3pZ1aCSZRXysMl +WXo5cMYuZUhabrOqTNP5efEm8iBREHzNSotsiOhHuu7OIPmvZJTUjMrR1wZMCw+Y +uNO2kT3t+ZFTxCx2aeRzqnI55LYFQVBpgSsap/seqRZfj7j7SBb2bSbCuhNedbAw +b3kDWSfJGy/IN6vPdsc3NdsYFK+X8cnypCu4pZDK2IU+CkVrq/ukR8TNdrpAYfEY +XbLq0XFOT0s4jIcjf3dAtlGW36hA0AKPw1BL3cyEGfv2sq75gkw1/jIYMXGc8URJ +y5AfgELIrO1dIjMsm6vFFLeHpAobEP87UEpqIyJtwEIfWdcV5YHYmlFkGd21Lnxp +f2dBAh5dc4MJpYmFZGScSDtTcYCDEXICTgedVOt4WCaV5mwpPeSEzr2TOVm6d1nU +lGBJCV6QPMEdyx03hRkwaTMth0D/SYCvUrjlGQ1VC4WuTveSBhTH7iDrjGSoXNJu +P2Oq+jb/iAfZxuetjpKFD6TCMR0Bcs/cEZuXuQINBFQduiABEACYnNg+kGmtkPmt +kQ/75P8lLsljMk9IIwXGmnFILLpHBM/tN+7wGDxODLY/pPZ2Qfmp7PZLr5Ok5Qnt +v/g+YCtVaTu5Cajt2TOsyH+AYDqtrjjHIt8d2kVloq79ONsCUojFtbFD1nf5W9Sk +WQgntHYRYY1MaCkNd3oUp74TQugzk8Q6UBDamAn1r4nfm6QNXstItqyWsCgQhixW +Qi4WzQc4iA/83t+qUJ+32smjk6J+rGUbbEH8zTASXmcDWYBuPgjo3YEjV+3/qNar +zncYneJfQXwFSgvcR9oUuBQ3ydWJd7sfiImuAnQdRfEC/JFb0iR9sJ395Pw5WQfM +Esrp0uL/Uig52mSrFyIfanxhrJP4j+CyCcJp1TaFINag5/YwHX3GzoikwXUukb+h +KxXxK9Vu8Eu2gAlKFaHt2x5Sc3D1d+nr2QyMkIThC6/d3+XUjgOIMWkCK5dgkuz6 +rs60cRQr8YBGf4Jgk/Xrkk/SjBjBlcTz9lrC06wBRCsa+0XxCAHlM7gVp0HvMn+h +Kx9ny7dPqaqhg8WXuBL0n8yAXXDSgDAin55mRbiKq2bNuMaEJvwKNFU6ENHGSngT +w/Pt6B0dbeB1SBVxJPGbGmk74BL8m5V67Kb7MDP05OLSZsUyNLQCpfSgYsUA14uV +GHE/vE6haP9/DwMLdyJ/CxSjQJMk+wARAQABiQRbBBgBCgAmAhsCFiEEluB68ldx +lVmA2tEAINBOWnE2YKcFAl4cxyAFCRkIqP8CKcFdIAQZAQIABgUCVB26IAAKCRB1 +lO7Hs/fKyah/D/wJ3v4WdqGo7KgW0kmWfFVWZLKwtb+16gcy6nIm7F7VUcODv+qR +LA/4UUg72yabVCXnMBi/eEHtkVZWlB/+tzg643DiRvXTCZiwoS5c6fTze55e/Z87 +qY7okf40aTR+qWuMgligI/LeXunr1Pu2jlJLMcUVh5QLxLZ8bDqpDgQM9zcdFmKQ +/ofUnK7y6gYyUl2KYJDYi0alzjTm+73/S0Mc7z08Yp/s+dtKPbU9imKCnNRkPTQp +cwlYHWJv0YPQ0TdOkid6HJC7CmZEPH845D+qojAjYBPogNIj/RaByaT3kN32zu8+ +jaZJSCnBM0l2lSh/qO7sQBZhqPX5pJDjjj7d/ATY7XxJCnK/2cZVSuVhMXPIFIAQ +G4ZYFUaQssjQKLN7BXJUo7+ec1AMkTiwDUocPza8h+fitcpOsWWJWWvZvkSObbuP +KGn7BgoTzEehO2Rz0QsNjgOa5SXxmc0zX7sbB1XiMxSe7gBZBOnYjhPVcidO3tWu +M/jXGfZAL9ISq6Zf47ebXA7Y+6Bx3oquMgtSN10gbdoJvjqEBJNN65wadvBP8+Sr +L+nWRGhsfmu8jupXdJe8h8ysXCboVkpXHuSu+lDjeL9WLqpwc/XkaOy7B6PfwIRa +YYHnsKs8ogvDuTRJPV4khizyt+A6aiQ1PQqxSKWGY+lzxbmBkPhp5v1N5wkQINBO +WnE2YKdkRQ//ZKvUegOZTtfivAZI888o4Ocpig3CFxJGlXa52JUnDhYFFpRtXRTP +gIdQ0zBvhNjmBnELNv5/D1ubnjqWBTaJpZgUXIljJufuWL7VdD57nAAMw2VLvNUe +38iytUYTAPevaJtLQ4jfj3E9MYH4tcMBmlZ75ZKqiHHH+7+V5J8TD/S01xROK7H1 +kGkXo49deB7K9oT4uno8kE5+AgmEMI80XiKjfQkh6tiG5I0W58DLeAOIxCRkm3kH +Bi22PpuAKhRelRQnAF9dLdlhZECy5eYl7JKQzOS/dQ0Z3zg+HuDBRyhrmV/go/9C +npFGUZBa+FOC1GMO07GKH8tZY99D5tDCAH6r6S+RrYS690mWpjXhqouBtJezld+X +dsgKwgKHk3IEM4m916O0E75kiNk/AD7vZowwEBvPsgN+CDXCPgH4J5x0p9uyxnKH +omLBd7cuJpio6gf4O1KTl1tlVGcb8f+AUR/MIe70NXyEtpYWMiPW3/0dKwt9APgW +KSX0c8Mp2XKH/vAEDx86XTfBNrnXyUanOQhbLQciYzolJjiPrB0C2NgFFFXSHPwC +ikyT5n2RehAJVmg3eufB1ZOKQgo7ue3ynkW4JidgyCUtsoYSmipl9Nhw1hA3ZNK1 +FVCx7tcmy0ZHFO+PV+p17oAC8ZCxSRE0oTeHKcgpF5+DRhQM/+UnmKg= +=7hTI +-----END PGP PUBLIC KEY BLOCK----- -- Gitee