1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
.. -*- mode: rst -*-
.. This text is in reStucturedText format, so it may look a bit odd.
.. See http://docutils.sourceforge.net/rst.html for details.
=======================
GraphicsMagick Security
=======================
Background
----------
.. _`SSRF` : https://cwe.mitre.org/data/definitions/918.html
Although GraphicsMagick is image processing software, security is a
very important consideration for GraphicsMagick. GraphicsMagick may
be used to open files and URLs produced by an untrusted party. Given
a suitable weakness (which we make every effort to prevent), an
intentionally constructed file might be able to cause the software to
crash, leak memory, request huge amounts of memory, run forever, or in
the worst case execute arbitrary code, including shell code.
GraphicsMagick is very powerful and complex software supporting many
capabilities and so untrusted parties should never be allowed to
submit arbitrary requests into it.
GraphicsMagick includes the ability to access arbitrary http and ftp
URLs as well as local image, font, and SVG files. The SVG renderer
supports read access to http and ftp URLs as well as local files
according to the SVG specification. Since URLs and local file paths
may be included in SVG files, untrusted SVG files may create a Server
Side Request Forgery (`SSRF`_) vulnerability since URL requests are
done by the computer executing the SVG, which may be in a realm of
trust (e.g. inside the firewall and able to access "localhost"
addresses).
The `-comment`, `-draw`, `-format`, and `-label` utility options
support a `@filename` syntax to incorporate any readable file on the
system as a convenience to the user. If text from an untrusted source
(e.g. a web page) is allowed to supply these options, then they may be
used to read arbitrary files, creating a potential security hazard.
The GraphicsMagick project is continually striving to eliminate
conditions in the software which might pose a risk for its users while
not constraining what its users may do with the software.
Reporting Issues
----------------
.. _`GraphicsMagick Security`: mailto:graphicsmagick-security@graphicsmagick.org
.. _`GraphicsMagick Bug Tracker`: https://sourceforge.net/p/graphicsmagick/bugs/
If you become aware of a serious security issue with GraphicsMagick,
then it may be addressed by email directly to the GraphicsMagick
maintainers or to the `GraphicsMagick Security`_ mail address. More
minor issues are best addressed via the `GraphicsMagick Bug Tracker`_
at SourceForge. Please remember to set the bug to 'private' if you
use the bug tracker or else someone may aquire a zero-day exploit from
your report. We will set the bug to 'public' as soon as a remedy has
been made available.
Reporting an issue will allow us to fix it so that future releases of
the software won't suffer from the problem.
The current state of free software is that security-sensitive free
software projects have been undergoing automated testing by machines
(and sometimes what might be hundreds of machines). Machines do not
need to work at a day job, take care of families, rest, or eat, but we
do. Any bug report which comes with a patch or changeset to fix the
problem is greatly appreciated and helps to move the project forward.
The remedy available to us is to submit a changeset to the
GraphicsMagick Mercurial repository, and include the changes in the
next release. Regardless of how an issue becomes known to us, the
issue will become public knowledge as soon as we commit a fix to the
source code repository. Only in exceedingly rare and dire
circumstances (e.g a previously-unknown zero-day shell exploit) might
we do anything different.
Safe Use Of The Software
------------------------
.. _`graphicsmagick-announce` : https://lists.sourceforge.net/lists/listinfo/graphicsmagick-announce
.. _`Container` : https://en.wikipedia.org/wiki/Operating-system-level_virtualization
.. _`FreeBSD Jail` : https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html
.. _`Solaris Zone` : https://illumos.org/man/5/zones
.. _`chrooted` : https://en.wikipedia.org/wiki/Chroot
You are the first line of defense when it comes to GraphicsMagick
security!
If you are operating a server which supports file uploads from
untrusted users, or delivered via a network protocol such as http,
ftp, or email, then you should take steps to assure that a problem
with opening/processing the file does not place the whole server at
risk. These are steps which can be taken:
1. Subscribe to the `graphicsmagick-announce`_ mailing list so that
you are informed about new GraphicsMagick releases or special
security bulletins.
2. Make sure that GraphicsMagick is up to date as reported on the
GraphicsMagick web site. Don't simply trust that packages from
your operating system vendor are kept up to date or are updated to
include security fixes. Keeping GraphicsMagick up to date might
require that you compile GraphicsMagick yourself from source code.
3. Execute the software in a `Container`_, `FreeBSD Jail`_, `Solaris
Zone`_, or `chrooted`_ environment such that it can not cause harm
to the system running it.
4. Execute the software as a least-privileged user (e.g. 'nobody').
5. Normalize input file names or any other external inputs so that
they are under your control and not controlled by an untrusted
party. This should include any file name specifications, which may
include arbitrary 'glob' patterns (wildcards) (requiring hours or
days to complete if sufficiently close long file names exist), and
options supporting a `@filename` syntax.
6. Enforce that uploaded files are passed to the expected reader. For
example, the uploaded file "file.jpg" is forced to be read by the
JPEG reader (rather than a reader selected based on header magic
testing) by using the file name "jpg:file.jpg". If the file is not
really what was indicated, then an error is reported.
GraphicsMagick supports a great many file types and auto-detects
many file types based on their content rather than file extension.
The file which pretends to be an ordinary PNG or JPEG file might be
something else entirely. Note that even using independent file
header testing may not be sufficient since it is possible to
construct valid files with a header which appears to be several
different types, but the first type which matches while testing the
header will be selected.
7. Apply resource limits via the `-limit` option or the
`MAGICK_LIMIT_*` environment variables (e.g. `export
MAGICK_LIMIT_PIXELS=30Mp`, `export MAGICK_LIMIT_MEMORY=500Mb`).
Also consider setting resource limits using the `ulimit` command.
8. Consider using the `MAGICK_CODER_STABILITY` environment variable to
constrain the supported file formats to the subsets selected by
`PRIMARY` or `STABLE`. After setting this environment variable
(e.g. `export MAGICK_CODER_STABILITY=PRIMARY`), use `gm
convert -list format` and verify that the format support you need
is enabled. Selecting the `PRIMARY` or `STABLE` options blocks
access of http and ftp URLs (`SSRF`_ vulnerability), but does not
block SVG renderer access to read local image files.
PGP Public Key
--------------
The following PGP public key (belonging to Bob Friesenhahn) is used to
sign release files (there is an associated .sig file) and may be used
for private correspondence::
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQMuBFvWDmMRCACvO+aWyRPlp7jezY8m4t8q+MkLQXczLCoC8sUVQ5qd5T28HsfD
rUVzrFYY6pWT1K3AgTTKZnVcBO5lyZtLLS6HQI41FESp1Gp/FtyisYbOlQAeOvfG
yJVCQe16QoaHye0UIC8rs2VqH055nSewk7YOpEg9PNdHce0/Mvajkxyj2Eb6C4jp
mZuvcPhU4MaEqo9yAlSnRztwqmmDwvO60LPEoS7WRUB3oEqDGGR8wnMARbCwjlVn
kMHd5BqgOnFDhqxxGnQzq+dv9C4RKGZtpIFl+jVpx9m5DszF9ZYEDtNMwxAoCIia
mZE0DkxTwI5lbwe9Pc3HZSK/wEF7Df1HC/U7AQDoVpk/g33Tllvsd52UYUZM1aca
3qaPM6orhVLXysaI+Qf+LoRoQgTlQX4IP19Z2t8MIx7VP08SOsrZdNAwIgHO4fhs
dOX6okfwpiYOl1bGqnakprit4HarAhtSM0Xd8JPtXImPqzHN07yz6jhCKZBIFWGC
kJSzPFar+P/jCmCWArL7DfBelBw0aHiV7HmSqEQJsyKVZBYjgHmXzjLkp3zsFRaR
tAj3TnB+nN4uXCchv63bVmYd3Cv55AZyugJb49Kl5PHqHarcle39Gbhg/UPPiduo
zIQKqtsKZcLckxZWi5f3XF/BnIY+uKdbOssTY0u8hyCqj904KdUl50GtYEb274EZ
a7ZepmcSp6a3aTtQmmHMf1MP/5U7Z6c6fNha4N3Xwwf+O1Zhc0Y11JSEV8G/2gAC
rjwYCIQ17w6/KDUe4nflxZpCsTP7+YOwmaXRSBqBoCz5N3ZH9jTp0xu73l6hK5wY
LodkfYHRhIMSyRCrW4T7yalUlpcuJy0NhFUnCDALgkjAhLUi4goJ+nsnOIJWC1dp
5DhZtClRTWNIHWK1AmIrWAUBuodpcp6K1NouJFenQB/NtwHS71J+ILli9LTxt6jM
CvaOAseRjvOs8JxG3pBm2LPOvZDyvQQFvfrTgqOlcMgqVp4mIqTKeEtXa2AQWrCG
QK5Ig3ZxfiQuNYIYNRsbag8Xyo8/udvbMDXVOAWQlmQz2B/Ge23rTGQZPMixoA+e
JrQuQm9iIEZyaWVzZW5oYWhuIDxiZnJpZXNlbkBzaW1wbGUuZGFsbGFzLnR4LnVz
PoiZBBMRCABBAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE69/b
IbAg7o/RUaiN4wEEfeEZiXUFAlvWDvECGQEACgkQ4wEEfeEZiXXLpgEAqPfOR6nD
iq8o/5RZ57f8UFNSPBiLTFbi/FTHhn9FV/oA/14uiKfpWhhKib3INfOZweDC0sHX
GdULE2Nrbx54Rn/otCxCb2IgRnJpZXNlbmhhaG4gPGJmcmllc2VuQHNpbXBsZXN5
c3RlbXMub3JnPoiWBBMRCAA+FiEE69/bIbAg7o/RUaiN4wEEfeEZiXUFAlvWDskC
GwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ4wEEfeEZiXWxkwD8
DK9I1UeGW8TIQQ5zzyk9Ue2+0C3RP5R45Dg3cg9W01oA+gIELZMu+15wCOG22dRO
NAvZUjNS8TrGIWtGvQNE5IYctC1Cb2IgRnJpZXNlbmhhaG4gPGJmcmllc2VuQGdy
YXBoaWNzbWFnaWNrLm9yZz6IlgQTEQgAPhYhBOvf2yGwIO6P0VGojeMBBH3hGYl1
BQJb1g7jAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEOMBBH3h
GYl1RekA/2UUHeqkrePzLtI10VfprqAgjYYRIb4Ue/Y18hzSHYEyAP4+LBt/y6CS
5kq5G7RtM072ujLm4LMRu+KKGmSVQz1u2LQrQm9iIEZyaWVzZW5oYWhuIDxib2Jq
ZnJpZXNlbmhhaG5AZ21haWwuY29tPoiWBBMRCAA+FiEE69/bIbAg7o/RUaiN4wEE
feEZiXUFAlvWIvsCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
4wEEfeEZiXWYugEAv6hEjxqDR2pZu6/2qrG642OMk0lHVlFjla3F8hpMabIBALNd
pWvc+nb/HbZTWT5cebhA8Z/dExYTjB9jUIdNYAbU0dKI0oYBEAABAQAAAAAAAAAA
AAAAAP/Y/+AAEEpGSUYAAQEBAEgASAAA/9sAQwAUDg8SDw0UEhASFxUUGB4yIR4c
HB49LC4kMklATEtHQEZFUFpzYlBVbVZFRmSIZW13e4GCgU5gjZeMfZZzfoF8/9sA
QwEVFxceGh47ISE7fFNGU3x8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8
fHx8fHx8fHx8fHx8fHx8fHx8/8AAEQgBBQDEAwEiAAIRAQMRAf/EABoAAAIDAQEA
AAAAAAAAAAAAAAABAwQFAgb/xAA1EAABBAAFAgQEBQQDAQEAAAABAAIDEQQSITFB
BVETImFxIzKBkRRCUqHBBrHR8CRy4VPx/8QAGQEAAwEBAQAAAAAAAAAAAAAAAAEC
AwQF/8QAIBEBAQACAgMAAwEAAAAAAAAAAAECERIhAzFBFDJRcf/aAAwDAQACEQMR
AD8A9MmkmmgJoQmDQhCQNCEJgJoQgBChfiWtdlaM55rYKE44NP5SeaKQ0uoConqL
QdRp6FdjHMcQMzWj1KNjS4hQiYH8wPsVK0gj0QDTQhACEIQAhCaASaEJGEIQglZN
CYVAIQmkAmhNACFHNNHBGXyvDWjkrCxfW5Z3+Dg2lpPNalAk228RiocMLleAeByV
hdQ67mOSG+xA3/ZRswMkvmxMpBO4adT7lWoMLDh21FG1oUXJrMGZHJ1DEnWIhg2B
8oVhuFxjmgOdG0e5K02hdAJbaTBnfgZq0kafbRP8JiAKDz9Fo0utktjgyM0+HdYF
fRXML1YWGygtPcK0Q1wIcL91Tn6bHJrGSw71xacqbg2sPiGTMBa4G+ymXlRJicBJ
rY107Fa3TerxYs5H3HJtR2JVysrjpqpICaaQhCEAIQhIwhCEwrppBNBBNJNANRYn
ENw8ZcdTsB3K7cQBrovO9Z6sG3HCC52wQNKWOkxvUcaIswaOa2aFo4TDRYSPJENe
XHd3uocLF4MWvzu1ee5VtgtZ2t8cdJAuwEmhdtClqAF1SNF0AkZUhd0kgOU6QnSA
5dG2RpY8AtPBWH1LAOw5EjLLBs69R7rfASexsjCxwBaRRBTlRZtmdK6zKwtixJL2
HQOO4Xo2PbIwOYQWnYheHxMBwGLfEbyEW0ntwtro+Py0x7hlO/v3WkrDLF6BCN0K
kBCEIMIQhIK6a5TTI00knGmknhAZfWcb4bPBjdT3D7DuvN4MHEYwvqo4/wBypMXi
XYnETSa+c0PZWcHEIcO0VqdSprTGLrNQpmLiIeVdtWbeJ2KVoChYpm6pKMjZABXR
GyKQBRQbQUAoBhMhIFdboIkIQgMzrmFM+E8WNtyRa1+ochY+EmEbWk2WO0BPHofV
eqdq0grzpwrRPPh3aNJtp7K8WWT1PT5fGwcbr1Aoqysb+nZiYJIX6PYdVtLRjSQm
kgBCEICradri07SDu1V6nJ4XT53XRy0FYtZ3XnV0yQDckD90B5iMgkWTZND0C1I9
aWTCfi2BY2WzBVWpya4rLRQXbVwx7CaDh90zLGzXMFDVO1WGBZoxsPiZQ4WrsMzX
mgUHtMQlei6cQHNHcII8pSNxVrsNSZRFrtppAKkFPMLSKZBCSaROSsrGDLjWkfmF
LVKzce23NPY/ZVPaMvSfpALcWTW4ylbqxeln/lHs4X9VtLVhSQhCAEIQgKNp2uLT
CRurWT/UcmXAtHd9/YKx1PqLenQskdE6QOdXl4WTNjGdadFC1ro3B1lpB2re0QMv
COLpAaJA9F3iJ5nGg6OMcHxAD9la69HHh3RQxU1gZfue5WWMGHZRkKSoCZLP/Miv
uHKF7cQbAlbIPR4/ytODpTHfN9lbHRoDu0JbiuNYMMkkcgE7HjsSKXpOm4gkgA7L
lvTGZXZSAGiyCd0mxtwoYQCHXr29KSt2qTTXM2ado9FZcaiJWTA/PPm4AWpYdGaI
Oilr8V/xGRt/dU39Re3K0aOOps1SeJJaSwDlVHYbO5zpDZIqhsE5EZVHP158DnBu
R3uaXcX9SsLR4jCL5GyryYPENPwGRtHfIFxLh+pvykyE0KALQaH2VaiO2tF1yB58
pDh2vVaWHxcOIAyPAJ4O68m6PFRn4kMT/eMD+ynwxLZB5fCdwWmwfoUuJ8q9Udln
Yt2Ug+qs4fEGQZJBlkq/Rw7hVMfpde6J7F9LfSac8G9iVsLB6K4+O5vG63lowoQh
CAEIQgM5MJJhSpFisNHi8O6GUeV3bceqzWfisFQxERxAhGWN8ernt9u4/dXsTjRC
7K0Znc9gqb8cXzxOc0AMu6PCNq43W2L1iZmM6lD4Ts8bwKKslrImhzjoOUY0RzdV
bNGwCm+Z1VZTdEZt9ApyqsIrnqDi7LG0l36Rx7lVD1jEFxADQB3ctiHBxsbo0A9w
qj+hwPmLjI5oOtCkTSrMvjnD46RznNf8KRhymzmaT7qeWd0rSx7HAkfk1P0XYwMU
EJjiILXGzm3KpY1skdRRE+cZRR2vc/b+6OtjvisdJwgxbc80kjh2ugtg9Oa2KoJZ
YqN+V3P1UfTomxQNa3QAK8HdlO6vj0ycOZfFlbNL4hj2NV/pUj5mMbZIACrYvxIc
c4Rg1I5poC7Gx/hdy4enEtIIGluKdTHbMW0nRjj76KwMYx7ySyu+TWvosHHskjlH
ntuW96srnARfiMZGGZ2fMXAPuv8AdE5iVy1XpS1k7aaQ4Kv+CLHG2HKPTZRQmWHE
hshzEEVIBv6OW9IGyREtcNtdUr0VZ2KbL4DPw+UTAjIXbLOkxM4kP4uB7DYAIAyg
HueVrv8AmjB4dazuqPANO0BBBVQrFzpDSzFubd0KK3Fh9Ft09uGoYL96C3FcZX2a
EIQQQhCAzkwkmFKnmcU/EPnd4ZoXa4OctIkAtwG3ZX8RHlne0dyFWxDalib62foF
M9ujP1NOWktpsu36uPr2V6JrXNGWj7KvCddiphDC45sgB7jT+yVTFlsY5T8JlWVA
2Ng2dKB2zlN0UVate/8A7OJSaK+JkYDkiGd/YbD3PCqMjLpc7zmLef8AHorkoOXK
0BjewUIAAIQFvDSHQBXm7WVRwjL1V9tbIUrYuMuyyNoOadCos4l/LRG4PBV1zbBB
5UEmHsB2ocNnD+U0a7Rsa2sr42lvqF3Fh4Y3EsjDeNBS5D5GkAta760rDJHf/B59
i0/ygWQNaL2UwBaw1suAZSfLAR/2cAuvDlefiva1v6Wc+5KNFa5Z8WW26sZoD3Kp
45oc9xrYi/RabGhgDQKA4VHGNqU38sjKKcqMp0v9MhbDDmLgZH6nXYdlfCzGECJl
18o3VrDSX5bscaqpl8Tl4+trKEIVMjQhCAzkwuUwpUz8c0NxLT31WdibGJbppS1e
os0jkH5TSysa4eNC6xRtR9bzvBZw40Vto0VSA6BWwdLCRwz2pRuPCkvRRlJcQTaN
Vbeh6qxLqCoZAI47JArkpwq0sOwBgpTtjJdfCp9PxQljFEEjkG1fbJqnobJzK1Qw
A6cIkkFgWBabRWyVDh+HadQFy1mUiiVYCKHZAJgJ5K7DAEAUmChNjl26p4s3LG29
CDatuPmIWfijnxbQD8oTib30vvY2SLVunCjwTGxYtwYTltSQOaWZfRPBsJlc/gFE
9rvWNX0JJrVyBCaEBmphJNSpzMzxInN53C851T4Yjygb3/lemWB1pmWUNrRwJCWu
1S9acYV9sDuFfD7CxMDMdWna91psfbjSmtcatNdaHBcRFSOdQUtIrzGmk9lR6phn
Y3Dhsb6G/ur0725aOqpRNklcRH5GcknhOSllZ9VukwzYAeeqcbIBsLdje5xvhcQw
HIM2ulFdyOc1lMGwGytH+MjDx4t/Vn4rEkhpcWMHGXhejjdY0WdHIS5zHjQa3Wy0
ImgN02U1eNmkoXYXC6UmLpLNok86KJ7twE00y7c9lVgp0ksjt/l912ZBIQBzofRT
QYcZibHsq+Il7EIy2eFoQMyRAcnUqsxpfLVeUH7q4njC82Xw00k1bAIQhAZqaSal
RrI64wlraGpBC11Q6nHnaK7FEDzTSYbaBbgaF+ivYeexRNqji7YGyaeTUqOCcNkA
HJ0SsaS6egErWNtxpVZcc296UTneNJlGrWts+/CrFzTiBoSAaHb3SmKrn/E7ZjPI
QbAHqruGDYcwNOOVun3A/hZ2Ghe3ERmVvlPblabXND3Ea63/AIVRnbatRSF0Ugde
hoouwATR0B9FA2VrXObqc2ug5Xcbmud5tB8pKD7jp7PzaZxYschd4fEtbe9Hj91F
LMDbjoAwnTdUnYjMyMtNOePlHFIolsb7XtdsV2CsSLEB5zG8xOlaa+qvYfFEnI/R
1WPVZ2NZktvIrVUZJhZYDr3UuImHgmjqs2I+JJbtDv8A+pyJtWMI7MTffRbDQAL5
WbhoqnAO1rVijsAnbgKtI3Jd1JGzKL5K7QhX6ZW7uzCaSaAEIQgM0JpIUKNQ4ttx
X2UyT252FvdM3kuoRfDu9CdlR8PLK0uFNvfst7FQZnlrhq02FRmhysLq0bdE+qDP
DuAwbnEAEmw30vS/suIp4g03Ys73qVSfO4wsDXZW0AQe4U7Mr21ltu59UWiTa67F
RuBLi0nvey6in8RtMzEDaguIRFuYmj6LSiEeW7LfdTttJFOOZ7Xi2kV6Ky97nNrK
6uNFbbC0nyuFrsQkncE+6e1ajOLixpu6OtEKIRxHKYyAW3QWx4RHDQqs+Fhf53AE
j9OiNpsjL8Tw3hwNg7g8lW2yuzMNgDVwJ40Uc+AY0Zm2Ne9rqDD5mPr5kts6c2Iz
OaRdEbKaOIuexxGlVf7qsxpMoBAFG233W3HBUbB20KqQrRGLksC/MFpMFNAKqYaE
tdbtVcTZ0JpJpkaaSEgaEIQGahJNSo0wkmg1PHRA+YDcarzmNmtkrR5gR27L1szP
EiI5XnJoWsxZz2WuFaDdUGPgsE7FSuLh5Wmr4Wo+BkDQ2MXQ0FLRw8LI4sopjBtl
1v8A9XMsVyBxbduAq1NVjYrQQuOYvdmIFG9gVaw7GeEC46uK5ja510QBZvTSu391
wHRweGXmg11C+AnBdrD/AJ5Xg5ctAWp35hqDu0G/2KqR4qN7HuLSA55FuG9jT/fZ
TjENcMgIOawD/CeoXKos73ucMxB0+65aHaG/RdNzid7OTlN/79FbDAS5vqVOlckD
2ktoV6qCAmKUHSgav0WjHCxwNGtPsoMVhHPBLBrzXdKQWqFEvAPzBxP0tbuCOaNz
SSaNi1jx+WVjng+ITRJ5W5hIso13O6uIqxEKGqkXIFBNNBppJpA0IQgGhCEBmJpI
UqNNJCDdcLHxI82bkHstdYeLxELZ/Bc8ZydAnCaOGa3L5tXFtk9go3NzyNNO9PQJ
wvDi4N9zamyB7zuTaoRAGBpNN04pRmIOcKs9waVp7fLTSA0bmlAb8IAD5jeqixrL
tCYBK5zKto3ICkiw4I20F/dON1AtbppqfqVLC7LGe5KQcxsBc11eZhrbcKWhmIH0
+6cDT+IBrQ3f0XToyXuGxHyn90y6d4YuzBrxRHNbqyYhR9eFxDTmBx0J0KlJNU5X
IzyrMlhBkAduTuB6/wB1oYY39lBLXzVvpqpMGbkefRK3s9dbW00kIQaaSaAaEIQD
QhCAy01nP6o0HyRkjuTSgl6nK8VG0R+u5UbjaeLKtaSVkTc0jg0dys6Tq4LqhZYH
LlmyOe+3PcXHuSowKAStbY+GfV6TqM8gIz0D2FKiyFrfinWV+uZMLsaxt9giU88Z
J0u4Kf5g7QVS1mWBodatedIc0B7SR7LTwWLa/IzMb222WkrmyxXg24DfJJUZFAkg
VltqkJDRpyVG7zUAf97J6TtXaKlDBp5QSiEF2dw+UaV90nSZJiSNtR9f/wAUkJIj
JA1ddUlo9rTfJzsAfupqtmY6ktUbMpaTuC0BSBwzDsdE9Fak0aRtqkX2wncqOaQE
V2XG+vdO3QmOyldXl4CgzOaSWuLT3C7fqVGNzysbW8nWleXFdQwzi9jzOz9JAsf5
VrB9Y8ePMWA8GtCEZbVANEeJmrSyL96RuqmMy6sehgxMc/yHXsd1MvOxyEPsGloY
HqQcfCnPmGzj/KqZIz8NncaaEgbTVOc0IQgPE7hACGbJhYvSIjRcOFKalwQg0QUk
Y+Dr7LghOF/mew+4REeT0sxAFhB4UbmOifnZpym05JG9ireXM2+FW2FiGLGTM3dp
6q14zZAasGvuoBC0k1SnjhA11VyouJkGQEHbddMaWM0qq0U0cYI7Fd+BYT2nTiKS
mhrj7qbOKAC48Dm1IG0jkOLkMvfZdONBdcKJ5oKLWkmnPdyTBaZ0aiMeW0jDnBjS
47ALLa4yFz/1G1Zx8t1C3d2/sq7RQUtvHPqRpoEqOJxyl252Se7yn9l3EKbXYIaL
cONlhAyutvYq5H1iO8srHA9wLCyeKKVJy2M8vHjl7egb1DCuF+KB7hCwLpCrkj8f
FRYu0IUtjCCEISNG4KJxyzMI5tpQhETn+q05vw77K9hzcYtCE4wFZXabFStOtUhC
ok7ApWuIQhNNMnZG6EJAHZQu+coQkopRTVy55jgLhqUIQGVGS8ukcbc4qW9EIUuq
enG8jRxuu2H4lIQg3ZCChCCcOOqEITD/2YiWBBMRCAA+FiEE69/bIbAg7o/RUaiN
4wEEfeEZiXUFAlvWLooCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
CgkQ4wEEfeEZiXUcvgD8Dd3c9PMFe8l36YcKLs1ubSEF30mu3b/s8oG7CgeBdOcA
/062qY6F+Hy0GK/kc5WN9pr5rvFcdS/Tz8wDq5d1shjYuQINBFvWDmMQCAC0JHbI
pX4rz6HzifXiVvPKKgOFdxRs4xZkOA8/sPcK3rB34waMuOgBme6jL7iJNfbC60eo
TIMv75i0C1MWxQReoR+UA+mQctuvpcrkzzceEYH2JWFf0NZZtT5wYoJ8JNfW1ngi
r/QhPRWC4fNfJQiJhWdf4sdP2BnW0hi5IIPnmkHQ44G0xBQpOqPrv7A8F97ROGYD
oS3LNmKmfLV9nKRBH+NmQ+zdaToNcQTOlSbMVZ/hag1F9LSmAUFcqXr9bKKk/qKj
RBkEweAsYppTgn0N7StNtcT9aR5zZkqJ9FBgls6LSr2H6QPiaGZeixZrywjxz2ku
xz5C1D92ZVAe0qhTAAMFCACyCRhU7YmWUdC3D5rMna97JhFu2fQygn5FQEuHOFao
abaUicXCxlW3IKQqBjOcpN6rZl+crapYVKGCGM4nMvmxEqqRBYAHLw8vc3Nfys/O
AXWxI6kiZlVAIX/Q0IZveFejRCoEo6bBabGSfDHWH7QqZXEo2TNWiGJ6oLOyIISl
x1MM4e9jRSufukrtTfsU8HDoWKycRSnaxtYOz4FAAofrCeQ6/Nf3Vf887NXXD1I6
xMp9vyuYqx68SrqtmX9FauagsHzmLylYI42JciTCvje09D9kAHFaidkR58DVgzPW
xFQCGBDO8Rrk1lVjO2gX2bVzKW1J+67ENM1YdWjiVzt9iH4EGBEIACYWIQTr39sh
sCDuj9FRqI3jAQR94RmJdQUCW9YOYwIbDAUJEswDAAAKCRDjAQR94RmJdRzqAQCZ
KJFm7j0Zug7NN+IPTqnIrPCioJkt1iGbec6SbBHh5AEAy5JEbI2ugQEePaIMGWVV
akWaTz0WKIOiD9Lm2ylI9J0=
=UAq2
-----END PGP PUBLIC KEY BLOCK-----
|
