From nobody Mon May 08 04:51:39 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QF85Z2dXYz49LLG for ; Mon, 8 May 2023 04:51:46 +0000 (UTC) (envelope-from simon.wright@gmx.net) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QF85Y160kz4PMb for ; Mon, 8 May 2023 04:51:45 +0000 (UTC) (envelope-from simon.wright@gmx.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=s31663417 header.b=ZwjGy0Bc; spf=pass (mx1.freebsd.org: domain of simon.wright@gmx.net designates 212.227.17.22 as permitted sender) smtp.mailfrom=simon.wright@gmx.net; dmarc=pass (policy=none) header.from=gmx.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1683521503; i=simon.wright@gmx.net; bh=8FHwtygWL6VN33TjDlQ2Oa3IlzSCOfyRWOFjEn7y3PY=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=ZwjGy0BchF4mO/HEO2BIz2MB2t/aLw/xk9Y20wBFY2v8AZFlcp5WiPIDgNXx3LjJL YIG115QLUEI690vyzBbTkIyNduaPA1wTrNt4z0TlHvsBxWRDqWBXNJMbNya4q7jolW 802tgnZcS9SS15nBBz2L51jM7BOuKLTFc7dLI+gjlgmbxM9VYtHtk+R3kBli3vQqbx hXpC2WtFXZQrxX8FRwnITv3jsindZTFn1A5662lnJ1ysEpjL++wcRySuGCk2OPc0dY 2yMxo/SH1AxwgFoHfxgEIwnf0raNDT6/GP4uOmN156oqQp0yZR+GHKaEuq4dvuPo7s OQaRSXd+ocAoQ== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [192.168.79.156] ([58.69.122.55]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N1Obb-1qKveX3Aip-012s5y for ; Mon, 08 May 2023 06:51:43 +0200 Message-ID: Date: Mon, 8 May 2023 12:51:39 +0800 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: Updating libxml2 in poudriere jail Content-Language: en-GB To: ports@freebsd.org References: From: Simon Wright In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080808020702050909090201" X-Provags-ID: V03:K1:sW3dEXO545F+CBxHF1UK2df7ftU9SopJXkFsaHMSE2ECHBQu+pR +Xd+cWIDmPhSBfV3r4/KxrFJG+h9kEUhwwkYP0Ovk4djMkYM2ad/mZGg15AWE43ovd/fV4a WXPp1KsDUGMJ0wPDdq5+s1UUb12QGuLLbKdnZLVp6+a2hi+S5sKchgYM8yCEKMM8Qa9GVA0 gFpd2Gqm/3I/HYwiKgNhw== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:+0N+Mx+Ae30=;NnkGxQeNzXxlDnn4M7yXbirnVAk WaJ1YqmVLWglNPOvSLQD681/wqByeaYMZCk8n5K6DYFHEiHRmXHsVOyqpooDlYZtLRfjmj89Q 4wFJzQnTXJxU7t5b5DXLqJ54Jf5Vjp2Ex+LbTf7duYAzjxwD5lnM5u+75YKHuTCTItsY1vsaS jO4344DJImivROkgz79b36eRdQqY3YWVbUxOnRI/QUSxs8DQRk/oOavPxGOi/Qvfp47DW+UQC 6Q1C69AbDcEnMpDlDmT9DkkRxcCLhfiqmQbTYpGG9B3mDVabHgIgaoLVCR92iB0Amti00vZio SD6xjTn/S9QWFQgJLzpp3alM2FUzU+09AXzH+ityXpLyw5Uk2tRbmvhbesNo+T+lxbQNDf+rw OJDgH836XC3HFIum1BrtZ4VLrwDJNJSklwbtFZiR51N1em+OJCMP84OM+fdpH9fzDYW6n7sr6 akHHdzjjqMZQ8Cn3eiThpr0tcWxe/uSGL56AYE5ifS5b25uYbtCjAjQOY8RFyDek+Cl7M4lFV r1eMWqs/+fPXO+f/vgbKQdgvTMgm6JPuABDgNUarhW/Edhy/GVlOLITkmvMhpLuT6vO61LYwL YRQgd4RIWz8fhkH8rlTqOfopU+KgROvpIBMJoVJkWQdEZtvjZS3qTEXgIVcoGLhMvBRLmrGcS 5hZHgpc4nwmawIVDz/vWkf0PhPQ7eihAEwHOTJHvNNhOlPw9I+ylwGd/34VxaHfqSjWCaQzTg +fFu29ue0Slpf6IaFGvuNLqDrZ3eIcNRVcRsv6lu8a0tOoqIymd/qf9whd3WfchB9Y/ishE23 7HgsPjanYWGv4qeRfAtxVtpo7nxl0hbkPLaOHGCm5avZjtWjY7MkKIBLbewxv5/klkvFGPG0B MHBLWcs2CMrtfx5RdHR1T+HfuslSM5BdL5vbB5J2nuZ67t6uRyFgRUIMB0awrMHr6OPaC06Fi Kwy72dN8vN3n6/Ull/g3oUzzbEU= X-Spamd-Result: default: False [-6.86 / 15.00]; SIGNED_SMIME(-2.00)[]; DWL_DNSWL_LOW(-1.00)[gmx.net:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; NEURAL_HAM_SHORT(-0.66)[-0.660]; DMARC_POLICY_ALLOW(-0.50)[gmx.net,none]; R_DKIM_ALLOW(-0.20)[gmx.net:s=s31663417]; R_SPF_ALLOW(-0.20)[+ip4:212.227.17.0/27]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.17.22:from]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org]; MLMMJ_DEST(0.00)[ports@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.17.22:from]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; HAS_ATTACHMENT(0.00)[]; FREEMAIL_FROM(0.00)[gmx.net]; RCVD_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[gmx.net:+]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; FREEMAIL_ENVFROM(0.00)[gmx.net]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4QF85Y160kz4PMb X-Spamd-Bar: ------ X-ThisMailContainsUnwantedMimeParts: N This is a cryptographically signed message in MIME format. --------------ms080808020702050909090201 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2023-05-08 12:40, Mark Millard wrote: > Simon Wright wrote on > Date: Mon, 08 May 2023 01:36:45 UTC : > >> I am using poudriere to build a small selection of posts with >> non-default options. This is working fine, however for the daily >> security run on the VM that runs poudriere, I am seeing this warning: >> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> Checking for security vulnerabilities in base (userland & kernel): >> Database fetched: Sun May 7 03:40:24 PST 2023 >> 0 problem(s) in 0 installed package(s) found. >> 0 problem(s) in 0 installed package(s) found. >> portaudit for jails on vmserver04 - 2 problem(s) found. >> >> portaudit for jail: pkg.home.santos-wright.net (JID: 10) >> >> libxml2-2.10.3_2 (textproc/libxml2) is vulnerable: >> libxml2 -- multiple vulnerabilities >> CVE: CVE-2023-29469 >> CVE: CVE-2023-28484 >> WWW: >> https://vuxml.FreeBSD.org/freebsd/0bd7f07b-dc22-11ed-bf28-589cfc0f81b0.= html >> >> 1 problem(s) found. >> >> portaudit for jail: pkg.home.santos-wright.net (JID: 8) >> >> libxml2-2.10.3_2 (textproc/libxml2) is vulnerable: >> libxml2 -- multiple vulnerabilities >> CVE: CVE-2023-29469 >> CVE: CVE-2023-28484 >> WWW: >> https://vuxml.FreeBSD.org/freebsd/0bd7f07b-dc22-11ed-bf28-589cfc0f81b0.= html >> >> 1 problem(s) found. >> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> >> I've tried manually starting the jail, installing pkg and updating >> libxml2 which works but on restarting the jail, it has as expected >> reverted to the vulnerable version of libxml2. > > It is important for poudriere operation that the jail(s) it > uses not have packages pre-installed. That can interfere with > poudriere building ports into packages and/or with installing > them as needed. (Messing up detection of what is missing and, > so, needs to be built or installed.) poudriere bulk should do > all its own package installations for use in all builders as > I understand things. > >> Can anyone point me in the right direction to eliminate the error >> message on the daily security scan? Or can I remove this package from >> the jail? > > > If you have packages that look to be installed in jail(s) > even when poudriere is not doing the likes of a bulk build > (or related), then I suggest uninstalling such. Even if > such is not a (full) fix of the overall issue, as far as > I know, pre-installed packages are not a valid/general > solution to anything for poudriere bulk operation. Thanks Mark, I also don't understand why the security scan is finding this. Manually starting the jail and checking it did not find any packages (or pkg itself) which is as expected. I use a standard poudriere build and I've never customised it other than via poudriere.conf, certainly never tried to install packages in it - other than the attempt to upgrade to fix the error listed above. Something appears to have gone bad with my poudriere install so I will delete the jail and recreate it. Seems like the easiest solution! I've already cleared out some unused ezjail jails but that did not get rid of the warning. Thanks, will come back here if deleting and recreating does not clear this up :). Simon. --------------ms080808020702050909090201 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DVcwggXiMIIDyqADAgECAhAzhRVh5YTUa1KYYTB3Mk/LMA0GCSqGSIb3DQEBCwUAMIGBMQsw CQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy bzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1 dGhlbnRpY2F0aW9uIENBIEczMB4XDTIyMDkyMjE0MjMxNVoXDTIzMDkyMjE0MjMxNVowHzEd MBsGA1UEAwwUc2ltb24ud3JpZ2h0QGdteC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDSawb8fdlWw9nr3yNGBHFljmFbMDKuicvKplTngQyR/0AFtnrHUVwGJ5iGXbMJ 2hAInls7jXu9n1IFnMpc/l0Gsw5Bk02EMXpLGx1LKuPRoEXXFRrq5OTXYqQW3R5zc7CxhGnm xkYve7/7FXTlZF0UfC+IhYJHeTL8QAEfsAHRr7TVRtTCXiieTt687rdp1ObDCtNLnZDBfBuK +CVWVFzdDdsttzRuuHXWFCCG+jviUvOV33lFst208cVzze86Pw/xp5TDjfPQbvYSXhfrOoIk IenuhxSqy3Sl4+rja6uJTEsqnBFnnTdUJTjPiCkX8EuQtS42EpkEKdvK5rPRZOxNAgMBAAGj ggG1MIIBsTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFL6XqaqEv4C/EFN9CTL54S4yG893 MH4GCCsGAQUFBwEBBHIwcDA7BggrBgEFBQcwAoYvaHR0cDovL2NhY2VydC5hY3RhbGlzLml0 L2NlcnRzL2FjdGFsaXMtYXV0Y2xpZzMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwMDkuYWN0 YWxpcy5pdC9WQS9BVVRIQ0wtRzMwHwYDVR0RBBgwFoEUc2ltb24ud3JpZ2h0QGdteC5uZXQw RwYDVR0gBEAwPjA8BgYrgR8BGAEwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cuYWN0YWxp cy5pdC9hcmVhLWRvd25sb2FkMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBIBgNV HR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDkuYWN0YWxpcy5pdC9SZXBvc2l0b3J5L0FVVEhD TC1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBST+tO2TbACzHF1AyJ2xCsq4Ca26TAOBgNVHQ8B Af8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAHYOykaDn8nLxGYB1xuqydvmsm9G/xbOOSK7 eXWdPmVVgkhwAY8CafJex6sGkxoqN86Cq5nvTP1HyShgRVf4ueH8m7D73BoEopQebxFs6vfh 2Tgt5n8/wWV/pDf0UX70eBe8UlcSlA2ZFIn3Gq4+8ppCG7q/Q5+0q7RLa7hMyfVPKBNyypWr BOOzpQ5QYzJX395zYhCLSSJby5tezRPVP/8z4BRlavUwwaox6tvvAiadqgd/97/LO1VDALBX 69B44KgVqwbP6Rj+duhKImLDa2j+DCeJsnk5iCOw2KN0uBANDlkihdXxbjWtzTz/9LCVBK0+ b3X41c+W8g1MlSuoXsSkdXTjLXfdq4tCUz98GNivDGy+Icr3DNFqFlcJ0VCBiOHXamDd/SuI w7VwO9TWu343bMOJgagnYr1/BLTMx6gQb4gdZeIdmiZhEz4I2zu6O58Dv8Aj36SJ1XZo3r+k raK7lesfWjVXObxJMRdC+aH4g+AJVA0pFri0W5ENEHoGdx3xINULYmy1X77d54F4eGF1Csqn PbJ0cmQvp5NxjE6ILy128m/jbxj6mcpwgw9mAH4prrYUrj4mg/bWNoPXlVFgVpUn4SOLPbCO 9FHYaeLsTRPz7lCG2hGj59vrOwcAEuLHtps7Ap5L/RMsr/GprOJ+pGW7l0QSt1lpzb85UsyR MIIHbTCCBVWgAwIBAgIQFxA+3j2KHLXKBlGT58pDazANBgkqhkiG9w0BAQsFADBrMQswCQYD VQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4 NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJvb3QgQ0EwHhcNMjAw NzA2MDg0NTQ3WhcNMzAwOTIyMTEyMjAyWjCBgTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0Jl cmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5w LkEuMSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMzCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO3mh5ahwaS27cJCVfc/Dw8iYF8T4KZDiIZJ kXkcGy8aUA/cRgHu9ro6hsxRYe/ED4AIcSlarRh82HqtFSVQs4ZwikQW1V/icCIS91C2IVAG a1YlKfedqgweqky+bBniUvRevVT0keZOqRTcO5hw007dL6FhYNmlZBt5IaJs1V6IniRjokOH R++qWgrUGy5LefY6ACs9gZ8Bi0OMK9PZ37pibeQCsdmMRytl4Ej7JVWeM/BtNIIprHwO1LY0 /8InpGOmdG+5LC6xHLzg53B0HvVUqzUQNePUhNwJZFmmTP46FXovxmH4/SuY5IkXop0eJqjN +dxRHHizngYUk1EaTHUOcLFy4vQ0kxgbjb+GsNg6M2/6gZZIRk78JPdpotIwHnBNtkp9wPVH 61NqdcP7kbPkyLXkNMTtAfydpmNnGqqHLEvUrK4iBpUPG9C09KOjm9OyhrT2uf5SLzJsee9g 79r/rw4hAgcsZtR3YI6fCbROJncmD+hgbHCck+9TWcNc1x5xZMgm8UXmoPamkkfceAlVV49Q Q5jUTgqneTQHyF1F2ExXmf47pEIoJMVxloRIXywQuB2uqcIs8/X6tfsMDynFmhfT/0mTrgQ6 xt9DIsgmWuuhvZhLReWS7oeKxnyqscuGeTMXnLs7fjGZq0inyhnlznhA/4rl+WdNjNaO4jEv AgMBAAGjggH0MIIB8DAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFFLYiDrIn3hm7Ynz ezhwlMkCAjbQMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL29jc3AwNS5h Y3RhbGlzLml0L1ZBL0FVVEgtUk9PVDBFBgNVHSAEPjA8MDoGBFUdIAAwMjAwBggrBgEFBQcC ARYkaHR0cHM6Ly93d3cuYWN0YWxpcy5pdC9hcmVhLWRvd25sb2FkMB0GA1UdJQQWMBQGCCsG AQUFBwMCBggrBgEFBQcDBDCB4wYDVR0fBIHbMIHYMIGWoIGToIGQhoGNbGRhcDovL2xkYXAw NS5hY3RhbGlzLml0L2NuJTNkQWN0YWxpcyUyMEF1dGhlbnRpY2F0aW9uJTIwUm9vdCUyMENB LG8lM2RBY3RhbGlzJTIwUy5wLkEuJTJmMDMzNTg1MjA5NjcsYyUzZElUP2NlcnRpZmljYXRl UmV2b2NhdGlvbkxpc3Q7YmluYXJ5MD2gO6A5hjdodHRwOi8vY3JsMDUuYWN0YWxpcy5pdC9S ZXBvc2l0b3J5L0FVVEgtUk9PVC9nZXRMYXN0Q1JMMB0GA1UdDgQWBBS+l6mqhL+AvxBTfQky +eEuMhvPdzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBACab5xtZDXSzEgPp 51X3hICFzULDO2EcV8em5hLfSCKxZR9amCnjcODVfMbaKfdUZXtevMIIZmHgkz9dBan7ijGb JXjZCPP29zwZGSyCjpfadg5s9hnNCN1r3DGwIHfyLgbcfffDyV/2wW+XTGbhldnazZsX892q +srRmC8XnX4ygg+eWL/AkHDenvbFuTlJvUyd5I7e1nb3dYXMObPu24ZTQ9/K1hSQbs7pqeca ptTUjoIDpBUpSp4Us+h1I4MAWonemKYoPS9f0y65JrRCKcfsKSI+1kwPSanDDMiydKzeo46X rS0hlA5NzQjqUJ7UsuGvPtDvknqc0v03nNXBnUjejYtvwO3sEDXdUW5m9kjNqlQZXzdHumZJ VqPUGKTWcn9Hf3d7qbCmmxPXjQoNUuHg56fLCanZWkEO4SP1GAgIA7SyJu/yffv0ts7sBFrS TD3L2mCAXM3Y8BfblvvDSf2bvySm/fPe9brmuzrCXsTxUQc1+/z5ydvzV3E3cLnUoSXP6XfX NyEVO6sPkcUSnISHM798xLkCTB5EkjPCjPE2zs4v9L9JVOkkskvW6RnWWccdfR3fELNHL/ke p8re6IbbYs8Hn5GM0Ohs8CMDPYEox+QX/6/SnOfyaqqSilBonMQBstsymBBgdEKO+tTHHCMn JQVvZn7jRQ20wXgxMrvNMYID8zCCA+8CAQEwgZYwgYExCzAJBgNVBAYTAklUMRAwDgYDVQQI DAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlz IFMucC5BLjEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzMC EDOFFWHlhNRrUphhMHcyT8swDQYJYIZIAWUDBAIBBQCgggItMBgGCSqGSIb3DQEJAzELBgkq hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMDUwODA0NTEzOVowLwYJKoZIhvcNAQkEMSIE IOgl7ts3IDIlmfHXIfG6uaEGrTvPW6peKN8lDEKvR35bMGwGCSqGSIb3DQEJDzFfMF0wCwYJ YIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgacGCSsGAQQBgjcQBDGBmTCB ljCBgTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNh biBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMSwwKgYDVQQDDCNBY3RhbGlzIENs aWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMwIQM4UVYeWE1GtSmGEwdzJPyzCBqQYLKoZIhvcN AQkQAgsxgZmggZYwgYExCzAJBgNVBAYTAklUMRAwDgYDVQQIDAdCZXJnYW1vMRkwFwYDVQQH DBBQb250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMucC5BLjEsMCoGA1UEAwwj QWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzMCEDOFFWHlhNRrUphhMHcyT8sw DQYJKoZIhvcNAQEBBQAEggEAlOQTXesjUg3vYOve5TE+bobEDRFJhMasm68FgxXl/EzIlX3U j98rgR026G6z0H+v8TDG7OAFtRnkoyGX/ezSMNjRz0PQcyBs5Yw6GTwKeoWgs5ZjzllisL0a JcFDqwJ+wJ81Jr2KB0Omo+NM5GkA5k5avxXf2DBZXLjNU5/RdCFxxY5gL7mRqba175STjlKn xypwl9Cfsu4BgYhRy5X8q65XBsitC/h6ToUS+lsF6VbSJV30O3sjJXi1LPwWPrnM5jP/MUhs AMVsHWjA34bh5ZBNCDegjD0OInGTH46dD6xF8jsoynxIm7dsxI39pe9llOkLMjGu7pwaHPLb 87TkqQAAAAAAAA== --------------ms080808020702050909090201--