From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Switching to Artifex Ghostscript Date: Mon, 29 May 2017 18:14:57 -0400 Message-ID: <20170529221457.GA25852@jasmine> References: <20170520205523.GA27152@jasmine> <87k25b5h5d.fsf@fastmail.com> <87vaougxzy.fsf@elephly.net> <87inkr8fui.fsf@gnu.org> <20170529175013.GA13897@jasmine> <874lw3ik3h.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="TakKZr9L6Hm6aLOc" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39584) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFSwM-0003il-8a for guix-devel@gnu.org; Mon, 29 May 2017 18:15:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFSwI-0002QW-7C for guix-devel@gnu.org; Mon, 29 May 2017 18:15:06 -0400 Content-Disposition: inline In-Reply-To: <874lw3ik3h.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: guix-devel@gnu.org --TakKZr9L6Hm6aLOc Content-Type: multipart/mixed; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 29, 2017 at 08:38:58PM +0200, Ricardo Wurmus wrote: > Leo Famulari writes: >=20 > > Here are patches that allow you build groff, cairo, and cups with the > > Artifex Ghostscript. >=20 > Woo! Actually tested and it works! > > + (patches (search-patches "artifex-ghostscript-runpath.patch" > > + ;; TODO: > > + ;;"ghostscript-CVE-2017-8291.patch" > > + )) >=20 > What=E2=80=99s up with this? Is the latest release of Artifex Ghostscript > vulnerable? I added this patch in v2 of the patch series (attached). > > + (replace 'build > > + (lambda _ > > + ;; Build 'libgs.so', but don't build the statically-linke= d 'gs' > > + ;; binary (saves 22 MiB). > > + (zero? (system* "make" "so" "-j" > > + (number->string > > (parallel-job-count)))))) >=20 > Couldn=E2=80=99t we just add =E2=80=9C#:make-flags '("so")=E2=80=9D and a= void replacing the > build phase? It seems to work. How should we make this transition? Should we add Artifex Ghostscript and transition packages over to it, wait for the next core-updates, or something else? --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-Add-Artifex-Ghostscript.patch" Content-Transfer-Encoding: quoted-printable =46rom 6983f3795b6f9143aac8431ffe204ad7ae28cdec Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Mon, 29 May 2017 13:47:39 -0400 Subject: [v2 1/4] gnu: Add Artifex Ghostscript. * gnu/packages/ghostscript.scm (artifex-ghostscript): New variable. * gnu/packages/patches/artifex-ghostscript-CVE-2017-8291.patch, gnu/packages/patches/artifex-ghostscript-runpath.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 + gnu/packages/ghostscript.scm | 90 ++++++++++ .../artifex-ghostscript-CVE-2017-8291.patch | 195 +++++++++++++++++= ++++ .../patches/artifex-ghostscript-runpath.patch | 18 ++ 4 files changed, 305 insertions(+) create mode 100644 gnu/packages/patches/artifex-ghostscript-CVE-2017-8291.= patch create mode 100644 gnu/packages/patches/artifex-ghostscript-runpath.patch diff --git a/gnu/local.mk b/gnu/local.mk index e811e9a0b..c11010aac 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -504,6 +504,8 @@ dist_patch_DATA =3D \ %D%/packages/patches/antiword-CVE-2014-8123.patch \ %D%/packages/patches/apr-skip-getservbyname-test.patch \ %D%/packages/patches/artanis-fix-Makefile.in.patch \ + %D%/packages/patches/artifex-ghostscript-runpath.patch \ + %D%/packages/patches/artifex-ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/aspell-default-dict-dir.patch \ %D%/packages/patches/ath9k-htc-firmware-binutils.patch \ %D%/packages/patches/ath9k-htc-firmware-gcc.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1cb651c96..7fe630443 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -127,6 +127,96 @@ printing, and psresize, for adjusting page sizes.") "See LICENSE in the distribution.")) (home-page "http://knackered.org/angus/psutils/"))) =20 +(define-public artifex-ghostscript + (package + (name "artifex-ghostscript") + (version "9.21") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) + (patches (search-patches "artifex-ghostscript-runpath.patch" + "artifex-ghostscript-CVE-2017-8291.patch"= )) + (modules '((guix build utils))) + (snippet + ;; Remove bundled libraries. The bundled OpenJPEG is a patched f= ork so + ;; we leave it, at least for now. + ;; TODO Try unbundling ijs, which is developed alongside Ghostsc= ript. + '(begin + (for-each delete-file-recursively '("freetype" "jbig2dec" "jpe= g" + "lcms2" "libpng" + "tiff" "zlib")))))) + (build-system gnu-build-system) + (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + exa= mples + (arguments + `(#:disallowed-references ("doc") + #:make-flags '("so") + #:configure-flags + (list "--with-system-libtiff" + "LIBS=3D-lz" + (string-append "ZLIBDIR=3D" + (assoc-ref %build-inputs "zlib") "/include") + "--enable-dynamic") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-doc-dir + (lambda _ + ;; Honor --docdir. + (substitute* "Makefile.in" + (("^docdir=3D.*$") "docdir =3D @docdir@\n") + (("^exdir=3D.*$") "exdir =3D $(docdir)/examples\n")) + #t)) + (add-after 'configure 'remove-doc-reference + (lambda _ + ;; Don't retain a reference to the 'doc' output in 'gs'. + ;; The only use of this definition is in the output of + ;; 'gs --help', so this change is fine. + (substitute* "base/gscdef.c" + (("GS_DOCDIR") + "\"~/.guix-profile/share/doc/ghostscript\"")) + #t)) + (add-after 'configure 'patch-config-files + (lambda _ + (substitute* "base/unixhead.mak" + (("/bin/sh") (which "sh"))) + #t)) + (replace 'install + (lambda _ + (zero? (system* "make" "soinstall")))) + (add-after 'install 'create-gs-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; Some programs depend on having a 'gs' binary available. + (symlink "gsc" (string-append out "/bin/gs")) + #t)))))) + (native-inputs + `(("perl" ,perl) + ("python" ,python-wrapper) + ("tcl" ,tcl))) + (inputs + `(("freetype" ,freetype) + ("jbig2dec" ,jbig2dec) + ("lcms2" ,lcms) + ("libjpeg" ,libjpeg) + ("libpaper" ,libpaper) + ("libpng" ,libpng) + ("libtiff" ,libtiff) + ("zlib" ,zlib))) + (synopsis "PostScript and PDF interpreter") + (description + "Ghostscript is an interpreter for the PostScript language and the PDF +file format. It also includes a C library that implements the graphics +capabilities of the PostScript language. It supports a wide variety of +output file formats and printers.") + (home-page "https://www.ghostscript.com/") + (license license:agpl3+))) + (define-public ghostscript (package (name "ghostscript") diff --git a/gnu/packages/patches/artifex-ghostscript-CVE-2017-8291.patch b= /gnu/packages/patches/artifex-ghostscript-CVE-2017-8291.patch new file mode 100644 index 000000000..d38bd593c --- /dev/null +++ b/gnu/packages/patches/artifex-ghostscript-CVE-2017-8291.patch @@ -0,0 +1,195 @@ +Fix CVE-2017-8291: + +https://bugs.ghostscript.com/show_bug.cgi?id=3D697799 +https://bugs.ghostscript.com/show_bug.cgi?id=3D697808 (duplicate) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-8291 + +Patches copied from upstream source repository: + +https://git.ghostscript.com/?p=3Dghostpdl.git;a=3Dcommitdiff;h=3D4f83478c8= 8c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=3Dghostpdl.git;a=3Dcommitdiff;h=3D04b37bbce= 174eed24edec7ad5b920eb93db4d47d +https://git.ghostscript.com/?p=3Dghostpdl.git;a=3Dcommitdiff;h=3D57f20719e= 1cfaea77b67cb26e26de7fe4d7f9b2e +https://git.ghostscript.com/?p=3Dghostpdl.git;a=3Dcommitdiff;h=3Dccfd2c75a= c9be4cbd369e4cbdd40ba11a0c7bdad + +From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 27 Apr 2017 13:03:33 +0100 +Subject: [PATCH] Bug 697799: have .eqproc check its parameters + +The Ghostscript custom operator .eqproc was not check the number or type of +the parameters it was given. +--- + psi/zmisc3.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b304246..37293ff4b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top =3D stack; +=20 ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(gs_error_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +--=20 +2.13.0 + +From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 27 Apr 2017 13:21:31 +0100 +Subject: [PATCH] Bug 697799: have .rsdparams check its parameters + +The Ghostscript internal operator .rsdparams wasn't checking the number or +type of the operands it was being passed. Do so. +--- + psi/zfrsd.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 191107d8a..950588d69 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) + ref *pFilter; + ref *pDecodeParms; + int Intent =3D 0; +- bool AsyncRead; ++ bool AsyncRead =3D false; + ref empty_array, filter1_array, parms1_array; + uint i; +- int code; ++ int code =3D 0; ++ ++ if (ref_stack_count(&o_stack) < 1) ++ return_error(gs_error_stackunderflow); ++ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { ++ return_error(gs_error_typecheck); ++ } +=20 + make_empty_array(&empty_array, a_readonly); +- if (dict_find_string(op, "Filter", &pFilter) > 0) { ++ if (r_has_type(op, t_dictionary) ++ && dict_find_string(op, "Filter", &pFilter) > 0) { + if (!r_is_array(pFilter)) { + if (!r_has_type(pFilter, t_name)) + return_error(gs_error_typecheck); +@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) + return_error(gs_error_typecheck); + } + } +- code =3D dict_int_param(op, "Intent", 0, 3, 0, &Intent); ++ if (r_has_type(op, t_dictionary)) ++ code =3D dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (code < 0 && code !=3D gs_error_rangecheck) /* out-of-range int is= ok, use 0 */ + return code; +- if ((code =3D dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 +- ) +- return code; ++ if (r_has_type(op, t_dictionary)) ++ if ((code =3D dict_bool_param(op, "AsyncRead", false, &AsyncRead)= ) < 0) ++ return code; + push(1); + op[-1] =3D *pFilter; + if (pDecodeParms) +--=20 +2.13.0 + +From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 3 May 2017 12:05:45 +0100 +Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) + +When using the "DELAYBIND" feature, it turns out that .eqproc can be calle= d with +parameters that are not both procedures. In this case, it turns out, the +expectation is for the operator to return 'false', rather than throw an er= ror. +--- + psi/zmisc3.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 37293ff4b..3f01d39a3 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) + return gs_cliprestore(igs); + } +=20 ++static inline bool ++eqproc_check_type(ref *r) ++{ ++ return r_has_type(r, t_array) ++ || r_has_type(r, t_mixedarray) ++ || r_has_type(r, t_shortarray) ++ || r_has_type(r, t_oparray); ++} ++ + /* .eqproc */ + /* + * Test whether two procedures are equal to depth 10. +@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) +=20 + if (ref_stack_count(&o_stack) < 2) + return_error(gs_error_stackunderflow); +- if (!r_is_array(op - 1) || !r_is_array(op)) { +- return_error(gs_error_typecheck); ++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { ++ make_false(op - 1); ++ pop(1); ++ return 0; + } +=20 + make_array(&stack[0].proc1, 0, 1, op - 1); +--=20 +2.13.0 + +From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 11 May 2017 14:07:48 +0100 +Subject: [PATCH] Bug 697892: fix check for op stack underflow. + +In the original fix, I used the wrong method to check for stack underflow,= this +is using the correct method. +--- + psi/zfrsd.c | 3 +-- + psi/zmisc3.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 950588d69..9c035b96d 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) + uint i; + int code =3D 0; +=20 +- if (ref_stack_count(&o_stack) < 1) +- return_error(gs_error_stackunderflow); ++ check_op(1); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { + return_error(gs_error_typecheck); + } +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 3f01d39a3..43803b55b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top =3D stack; +=20 +- if (ref_stack_count(&o_stack) < 2) +- return_error(gs_error_stackunderflow); ++ check_op(2); + if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { + make_false(op - 1); + pop(1); +--=20 +2.13.0 + diff --git a/gnu/packages/patches/artifex-ghostscript-runpath.patch b/gnu/p= ackages/patches/artifex-ghostscript-runpath.patch new file mode 100644 index 000000000..9f161e45b --- /dev/null +++ b/gnu/packages/patches/artifex-ghostscript-runpath.patch @@ -0,0 +1,18 @@ +diff --git a/base/unix-dll.mak b/base/unix-dll.mak +index 9d57a99..36ef1ff 100644 +--- a/base/unix-dll.mak ++++ b/base/unix-dll.mak +@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) = $(MAKEDIRS) + # Build the small Ghostscript loaders, with Gtk+ and without + $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) = $(MAKEDIRS) + $(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \ +- -L$(BINDIR) -l$(GS_SO_BASE) ++ -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=3D$(libdir) +=20 + $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) = $(MAKEDIRS) + $(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \ +- -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) ++ -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=3D$(libdir) +=20 + $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_D= LL_MAK) $(MAKEDIRS) + $(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL= _SO_BASE) --=20 2.13.0 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: attachment; filename="0002-gnu-ijs-Use-modify-phases-syntax.patch" Content-Transfer-Encoding: quoted-printable =46rom ddbbe1bd753b004ab8809dba083cfa390381703a Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Mon, 29 May 2017 04:42:37 -0400 Subject: [v2 2/4] gnu: ijs: Use modify-phases syntax. * gnu/packages/ghostscript.scm (ijs)[arguments]: Use modify-phases. --- gnu/packages/ghostscript.scm | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 7fe630443..237c3f02f 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -5,6 +5,7 @@ ;;; Copyright =A9 2013, 2015, 2016 Ludovic Court=E8s ;;; Copyright =A9 2017 Alex Vong ;;; Copyright =A9 2017 Efraim Flashner +;;; Copyright =A9 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -335,24 +336,22 @@ output file formats and printers.") ("autoconf" ,autoconf))) (arguments `(#:phases - (alist-cons-after - 'unpack 'autogen - (lambda _ - ;; need to regenerate macros - (system* "autoreconf" "-if") - ;; do not run configure - (substitute* "autogen.sh" - (("^.*\\$srcdir/configure.*") "")) - (system* "bash" "autogen.sh") - - ;; create configure script in ./ijs/ - (chdir "ijs") - ;; do not run configure - (substitute* "autogen.sh" - (("^.*\\$srcdir/configure.*") "") - (("^ + && echo Now type.*$") "")) - (zero? (system* "bash" "autogen.sh"))) - %standard-phases))) + (modify-phases %standard-phases + (add-after 'unpack 'autogen + (lambda _ + ;; need to regenerate macros + (system* "autoreconf" "-if") + ;; do not run configure + (substitute* "autogen.sh" + (("^.*\\$srcdir/configure.*") "")) + (system* "bash" "autogen.sh") + ;; create configure script in ./ijs/ + (chdir "ijs") + ;; do not run configure + (substitute* "autogen.sh" + (("^.*\\$srcdir/configure.*") "") + (("^ + && echo Now type.*$") "")) + (zero? (system* "bash" "autogen.sh"))))))) (synopsis "IJS driver framework for inkjet and other raster devices") (description "IJS is a protocol for transmission of raster page images. This packa= ge --=20 2.13.0 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0003-gnu-ijs-Update-to-9.21.0-and-switch-to-Artifex-Ghost.patch" Content-Transfer-Encoding: quoted-printable =46rom d0878f6c570721c425961c9d199c24fceaefa9e2 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Mon, 29 May 2017 04:43:21 -0400 Subject: [v2 3/4] gnu: ijs: Update to 9.21.0 and switch to Artifex Ghostscr= ipt source. * gnu/packages/ghostscript.scm (ijs): Update to 9.21.0. [source, version, home-page]: Inherit from artifex-ghostscript. --- gnu/packages/ghostscript.scm | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 237c3f02f..f46308c9c 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -322,13 +322,8 @@ output file formats and printers.") (define-public ijs (package (name "ijs") - (version "9.14.0") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" - version ".tar.xz")) - (sha256 (base32 - "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1= ")))) + (version (package-version artifex-ghostscript)) + (source (package-source artifex-ghostscript)) (build-system gnu-build-system) (native-inputs `(("libtool" ,libtool) @@ -358,7 +353,7 @@ output file formats and printers.") provides the reference implementation of the raster printer driver architecture.") (license license:expat) - (home-page "https://www.gnu.org/software/ghostscript/"))) + (home-page (package-home-page artifex-ghostscript)))) =20 (define-public gs-fonts (package --=20 2.13.0 --d6Gm4EdcadzBjdND-- --TakKZr9L6Hm6aLOc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlksnV4ACgkQJkb6MLrK fwjYNhAA7qpoBMesTgI3eCiNOlw5fbH+cOlXxulPh9O+Eo9G1W6UDllRROAONabG zNwBZk7h0HRhqijKTcIqU/IhmDFfUbgBoD2G+7Un9OYUkVVyelOOBi1XcEKIIWP8 gNXPg4WWRkvoL52C4qWqLYqWk3mxoEiVFqUMmgJKqpHTjSABMRdUH/oRr4JJAlb+ 6emE8cBWEEKvVHOc6cwEtdoNRbf9j5vmvwmWNaZdaQb4SaFSlQGslp7GTp4EOu5X gQTtIvu4BCxsJ+15B37Be09iB817pVL+knIXYMU1haypxqwzCg8cSQWqoa8xpM3o xBa8z5tTW9TvKqlfDNifciX614T26FnYLmSDssdG5Fy7aSPmR4KunBii+9MHvW57 CsqOB334Mx2B2cdxPmjuaoJnO9qg2/G+X2pe1VUy9oWv7Nk/AXG79A/YkStsz/R8 9XNr4eV0wKu+eS6VKW6omMbjwMNvdyJLNePdttGlh7LP+hltU5dHkncSf0O76QHK 1wvdMHdmYGrTIbTMBDHoX0bfPPNQrQflD35YLMSVRcVvVNdB+CqZGYDGI0CGDjoO 3zd8mpP0wqRT8fJuH9O/ZFKcrkPuzxrtg18mocdVBL3D9694uFJaUaxL6hhBVfQm apWqem2jrGSGo3pMUuopKF5kyAY9CiNn6PkBYNyMY6YS9iwu+hI= =PfSa -----END PGP SIGNATURE----- --TakKZr9L6Hm6aLOc--