--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package qt4-x11
This upload solves two security bugs:
- blacklist miss issued certificates from Turktrust.
- avoid a bug that would cause certificate verification problems if a different
version of openssl is loaded at runtime to the headers Qt was compiled
against (Closes: #697582).
Both of urgency medium.
We have also added a Recommends to libqt4-network to ca-certificates to close
#530532.
diffstat:
changelog | 20 +
control | 1
libqt4-designer.symbols | 6
patches/Fix_binary_incompatibility_between_openssl_versions.patch | 80 +++++++
patches/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch | 107 ++++++++++
patches/series | 2
6 files changed, 213 insertions(+), 3 deletions(-)
Kinds regards, Lisandro.
unblock qt4-x11/4:4.8.2+dfsg-10
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru qt4-x11-4.8.2+dfsg/debian/changelog qt4-x11-4.8.2+dfsg/debian/changelog
--- qt4-x11-4.8.2+dfsg/debian/changelog 2013-01-06 13:16:57.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/changelog 2013-01-19 16:48:19.000000000 -0300
@@ -1,3 +1,23 @@
+qt4-x11 (4:4.8.2+dfsg-10) unstable; urgency=medium
+
+ * Add SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch to blacklist
+ miss issued certificates from Turktrust.
+ - Patch taken from upstream.
+ - Set urgency to medium.
+ * Add Fix_binary_incompatibility_between_openssl_versions.patch to avoid a
+ bug that would cause certificate verification problems if a different
+ version of openssl is loaded at runtime to the headers Qt was compiled
+ against (Closes: #697582).
+ - Patch taken from upstream.
+ - Also deserves setting the urgency to medium.
+ * Confirm symbols files with buildds' logs.
+ * Make libqt4-network recommend ca-certificates. It may be needed if doing
+ SSL stuff and expecting to use certificate chains.
+ Also Qt does not ship certificate bundles anymore but rather uses the
+ system bundle (Closes: #530532).
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> Sat, 19 Jan 2013 16:47:57 -0300
+
qt4-x11 (4:4.8.2+dfsg-9) unstable; urgency=low
* Fix the Breaks and Replaces version in libqtdbus4 to 4:4.8.2+dfsg-8
diff -Nru qt4-x11-4.8.2+dfsg/debian/control qt4-x11-4.8.2+dfsg/debian/control
--- qt4-x11-4.8.2+dfsg/debian/control 2013-01-06 13:16:14.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/control 2013-01-19 16:37:34.000000000 -0300
@@ -137,6 +137,7 @@
Multi-Arch: same
Pre-Depends: ${misc:Pre-Depends}
Depends: ${misc:Depends}, ${shlibs:Depends}
+Recommends: ca-certificates
Breaks: libqt4-core (<< 4.4.0~beta1-1)
Replaces: libqt4-core (<< 4.4.0~beta1-1)
Description: Qt 4 network module
diff -Nru qt4-x11-4.8.2+dfsg/debian/libqt4-designer.symbols qt4-x11-4.8.2+dfsg/debian/libqt4-designer.symbols
--- qt4-x11-4.8.2+dfsg/debian/libqt4-designer.symbols 2012-07-20 12:16:41.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/libqt4-designer.symbols 2013-01-19 16:37:34.000000000 -0300
@@ -1,4 +1,4 @@
-# SymbolsHelper-Confirmed: 4:4.8.1 amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc s390 s390x sparc
+# SymbolsHelper-Confirmed: 4:4.8.2 ia64
libQtDesigner.so.4 libqt4-designer #MINVER#
* Build-Depends-Package: libqt4-dev
_Z20domPropertyToVariantP20QAbstractFormBuilderPK11QMetaObjectPK11DomProperty@Base 4:4.5.3
@@ -1981,10 +1981,10 @@
(optional=internal)_ZN18qdesigner_internal22PropertySheetEnumValueC2Ev@Base 4:4.5.3
(optional=internal)_ZN18qdesigner_internal22PropertySheetEnumValueD1Ev@Base 4:4.7.4
(optional=internal)_ZN18qdesigner_internal22PropertySheetEnumValueD2Ev@Base 4:4.7.4
- (optional=internal|arch=!amd64 !armel !armhf !hurd-i386 !i386 !ia64 !kfreebsd-amd64 !kfreebsd-i386 !mips !mipsel !s390 !s390x)_ZN18qdesigner_internal22PropertySheetFlagValueC1ERKS0_@Base 4:4.8.0
+ (optional=internal|arch=!amd64 !armel !armhf !hurd-i386 !i386 !kfreebsd-amd64 !kfreebsd-i386 !mips !mipsel !s390 !s390x)_ZN18qdesigner_internal22PropertySheetFlagValueC1ERKS0_@Base 4:4.8.0
(optional=internal)_ZN18qdesigner_internal22PropertySheetFlagValueC1EiRKNS_17DesignerMetaFlagsE@Base 4:4.5.3
(optional=internal)_ZN18qdesigner_internal22PropertySheetFlagValueC1Ev@Base 4:4.5.3
- (optional=internal|arch=!amd64 !armel !armhf !hurd-i386 !i386 !ia64 !kfreebsd-amd64 !kfreebsd-i386 !mips !mipsel !s390 !s390x)_ZN18qdesigner_internal22PropertySheetFlagValueC2ERKS0_@Base 4:4.8.0
+ (optional=internal|arch=!amd64 !armel !armhf !hurd-i386 !i386 !kfreebsd-amd64 !kfreebsd-i386 !mips !mipsel !s390 !s390x)_ZN18qdesigner_internal22PropertySheetFlagValueC2ERKS0_@Base 4:4.8.0
(optional=internal)_ZN18qdesigner_internal22PropertySheetFlagValueC2EiRKNS_17DesignerMetaFlagsE@Base 4:4.5.3
(optional=internal)_ZN18qdesigner_internal22PropertySheetFlagValueC2Ev@Base 4:4.5.3
(optional=internal)_ZN18qdesigner_internal22PropertySheetFlagValueD1Ev@Base 4:4.7.4
diff -Nru qt4-x11-4.8.2+dfsg/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch qt4-x11-4.8.2+dfsg/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch
--- qt4-x11-4.8.2+dfsg/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch 1969-12-31 21:00:00.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/patches/Fix_binary_incompatibility_between_openssl_versions.patch 2013-01-19 16:37:34.000000000 -0300
@@ -0,0 +1,80 @@
+From 9a3b663c64ee74c1efb3d85249cc0aa53f2e5358 Mon Sep 17 00:00:00 2001
+From: Shane Kearns <dbgshane@gmail.com>
+Date: Thu, 6 Dec 2012 17:03:18 +0000
+Subject: [PATCH] Fix binary incompatibility between openssl versions
+
+OpenSSL changed the layout of X509_STORE_CTX between 0.9 and 1.0
+So we have to consider this struct as private implementation, and use
+the access functions instead.
+
+This bug would cause certificate verification problems if a different
+version of openssl is loaded at runtime to the headers Qt was compiled
+against.
+
+Task-number: QTBUG-28343
+Change-Id: I47fc24336f7d9c80f08f9c8ba6debc51a5591258
+Reviewed-by: Richard J. Moore <rich@kde.org>
+(cherry picked from commit eb2688c4c4f257d0a4d978ba4bf57d6347b15252)
+---
+ src/network/ssl/qsslsocket_openssl.cpp | 2 +-
+ src/network/ssl/qsslsocket_openssl_symbols.cpp | 8 ++++++++
+ src/network/ssl/qsslsocket_openssl_symbols_p.h | 4 ++++
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
+index b7ca290..e912abac 100644
+--- a/src/network/ssl/qsslsocket_openssl.cpp
++++ b/src/network/ssl/qsslsocket_openssl.cpp
+@@ -236,7 +236,7 @@ static int q_X509Callback(int ok, X509_STORE_CTX *ctx)
+ {
+ if (!ok) {
+ // Store the error and at which depth the error was detected.
+- _q_sslErrorList()->errors << qMakePair<int, int>(ctx->error, ctx->error_depth);
++ _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx));
+ }
+ // Always return OK to allow verification to continue. We're handle the
+ // errors gracefully after collecting all errors, after verification has
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+index 2d6a25b..2e6ccd0 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -267,6 +267,10 @@ DEFINEFUNC2(int, X509_STORE_add_cert, X509_STORE *a, a, X509 *b, b, return 0, re
+ DEFINEFUNC(void, X509_STORE_CTX_free, X509_STORE_CTX *a, a, return, DUMMYARG)
+ DEFINEFUNC4(int, X509_STORE_CTX_init, X509_STORE_CTX *a, a, X509_STORE *b, b, X509 *c, c, STACK_OF(X509) *d, d, return -1, return)
+ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, return -1, return)
++DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return)
++DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return)
++DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return)
++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return)
+ DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return)
+ #ifdef SSLEAY_MACROS
+ DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return)
+@@ -832,6 +836,10 @@ bool q_resolveOpenSslSymbols()
+ RESOLVEFUNC(X509_STORE_CTX_init)
+ RESOLVEFUNC(X509_STORE_CTX_new)
+ RESOLVEFUNC(X509_STORE_CTX_set_purpose)
++ RESOLVEFUNC(X509_STORE_CTX_get_error)
++ RESOLVEFUNC(X509_STORE_CTX_get_error_depth)
++ RESOLVEFUNC(X509_STORE_CTX_get_current_cert)
++ RESOLVEFUNC(X509_STORE_CTX_get_chain)
+ RESOLVEFUNC(X509_cmp)
+ #ifndef SSLEAY_MACROS
+ RESOLVEFUNC(X509_dup)
+diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+index fa9a157..87f3697 100644
+--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -374,6 +374,10 @@ int q_X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+ X509 *x509, STACK_OF(X509) *chain);
+ X509_STORE_CTX *q_X509_STORE_CTX_new();
+ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
++int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
++int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
++X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
++STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+
+ #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+ #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+--
+1.7.10.4
+
diff -Nru qt4-x11-4.8.2+dfsg/debian/patches/series qt4-x11-4.8.2+dfsg/debian/patches/series
--- qt4-x11-4.8.2+dfsg/debian/patches/series 2012-12-30 00:43:35.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/patches/series 2013-01-19 16:37:34.000000000 -0300
@@ -8,6 +8,8 @@
fix_jit_crash_on_x86_64.patch
add_missing_map_noreserve.patch
make_rules_for_redirect_stricter.patch
+SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch
+Fix_binary_incompatibility_between_openssl_versions.patch
# qt-copy patches
0195-compositing-properties.diff
diff -Nru qt4-x11-4.8.2+dfsg/debian/patches/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch qt4-x11-4.8.2+dfsg/debian/patches/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch
--- qt4-x11-4.8.2+dfsg/debian/patches/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch 1969-12-31 21:00:00.000000000 -0300
+++ qt4-x11-4.8.2+dfsg/debian/patches/SSL-certificates-blacklist-mis-issued-Turktrust-cert.patch 2013-01-19 16:37:34.000000000 -0300
@@ -0,0 +1,107 @@
+From 451462b1e0304e0cb6c2872e4f5688bc2e556dca Mon Sep 17 00:00:00 2001
+From: Peter Hartmann <phartmann@rim.com>
+Date: Fri, 4 Jan 2013 11:06:14 +0100
+Subject: [PATCH] SSL certificates: blacklist mis-issued Turktrust
+ certificates
+
+Those certificates have erroneously set the CA attribute to true,
+meaning everybody in possesion of their keys can issue certificates on
+their own.
+
+backport of bf5e7fb2652669599a508e049b46ebd5cd3206e5 from qtbase
+
+Task-number: QTBUG-28937
+Change-Id: Iee57c6f983fee61c13c3b66ed874300ef8e80c23
+Reviewed-by: Richard J. Moore <rich@kde.org>
+---
+ src/network/ssl/qsslcertificate.cpp | 3 ++
+ ...ted-turktrust-e-islem.kktcmerkezbankasi.org.pem | 24 +++++++++++++++
+ .../blacklisted-turktrust-ego.gov.tr.pem | 31 ++++++++++++++++++++
+ 3 files changed, 58 insertions(+)
+ create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+ create mode 100644 tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+
+diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
+index 038187f..37799d1 100644
+--- a/src/network/ssl/qsslcertificate.cpp
++++ b/src/network/ssl/qsslcertificate.cpp
+@@ -825,6 +825,9 @@ static const char *certificate_blacklist[] = {
+
+ "120001705", "Digisign Server ID (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Verizon CyberTrust
+ "1276011370", "Digisign Server ID - (Enrich)", // (Malaysian) Digicert Sdn. Bhd. cross-signed by Entrust
++
++ "2087", "*.EGO.GOV.TR", // Turktrust mis-issued intermediate certificate
++ "2148", "e-islem.kktcmerkezbankasi.org", // Turktrust mis-issued intermediate certificate
+ 0
+ };
+
+diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+new file mode 100644
+index 0000000..33f2ef4
+--- /dev/null
++++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-e-islem.kktcmerkezbankasi.org.pem
+@@ -0,0 +1,24 @@
++-----BEGIN CERTIFICATE-----
++MIID8DCCAtigAwIBAgICCGQwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTD
++nFJLVFJVU1QgRWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxl
++cmkxCzAJBgNVBAYTAlRSMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0
++acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAo
++YykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIxMDgwNTA3MDc1MVow
++gaMxCzAJBgNVBAYTAlRSMRAwDgYDVQQIEwdMZWZrb3NhMRAwDgYDVQQHEwdMZWZr
++b3NhMRwwGgYDVQQKExNLS1RDIE1lcmtleiBCYW5rYXNpMSYwJAYDVQQDEx1lLWlz
++bGVtLmtrdGNtZXJrZXpiYW5rYXNpLm9yZzEqMCgGCSqGSIb3DQEJARYbaWxldGlA
++a2t0Y21lcmtlemJhbmthc2kub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
++CgKCAQEAw1hUpuRFY67NsZ6C9rzRAPCb9RVpi4nZzJIA1TvIfr4hMPM0X5jseMf5
++GvgJQ+cBMZtooDd7BbZNy2z7O5A+8PYFaMDdokCENx2ePIqAVuO6C5UAqM7J3n6R
++rhjOvqiw6dTQMbtXhjFao+YMuBVvRuuhGHBDK3Je64T/KLzcmAUlRJEuy+ZMe7Aa
++tUaSDr/jy5DMA5xEYOdsnS5Zo30lRG+9vqbxb8CQi+E97sNjY+W4lEgJKQWMNh5r
++Cxo4Hinkm3CKyKX3PAS+DDVI3LQiCiIQUOMA2+1P5aTPTkpqlbjqhbWTWAPWOKCF
++9d83p3RMXOYt5GahS8rg5u6+toEC1QIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYw
++DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAwjWz5tsUvYORVW8K
++JSK/biHFrAnFotMtoTKEewRmnYaYjwXIr1IPaBqhjkGGviLN2eOH/v97Uli6HC4l
++zhKHfMQUS9KF/f5nGcH8iQBy/gmFsfJQ1KDC6GNM4CfMGIzyxjYhP0VzdUtKX3PA
++l5EqgMUcdqRDy6Ruz55+JkdvCL1nAC7xH+czJcZVwysTdGfLTCh6VtYPgIkeL6U8
++3xQAyMuOHm72exJljYFqIsiNvGE0KufCqCuH1PD97IXMrLlwGmKKg5jP349lySBp
++Jjm6RDqCTT+6dUl2jkVbeNmco99Y7AOdtLsOdXBMCo5x8lK8zwQWFrzEms0joHXC
++pWfGWA==
++-----END CERTIFICATE-----
+diff --git a/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+new file mode 100644
+index 0000000..e9d048f
+--- /dev/null
++++ b/tests/auto/qsslcertificate/more-certificates/blacklisted-turktrust-ego.gov.tr.pem
+@@ -0,0 +1,31 @@
++-----BEGIN CERTIFICATE-----
++MIIFPTCCBCWgAwIBAgICCCcwDQYJKoZIhvcNAQEFBQAwgawxPTA7BgNVBAMMNFTD
++nFJLVFJVU1QgRWxla3Ryb25payBTdW51Y3UgU2VydGlmaWthc8SxIEhpem1ldGxl
++cmkxCzAJBgNVBAYTAlRSMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0
++acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAo
++YykgS2FzxLFtICAyMDA1MB4XDTExMDgwODA3MDc1MVoXDTIxMDcwNjA3MDc1MVow
++bjELMAkGA1UEBhMCVFIxDzANBgNVBAgMBkFOS0FSQTEPMA0GA1UEBwwGQU5LQVJB
++MQwwCgYDVQQKDANFR08xGDAWBgNVBAsMD0VHTyBCSUxHSSBJU0xFTTEVMBMGA1UE
++AwwMKi5FR08uR09WLlRSMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
++v5zoj2Bpdl7R1M/zF6Qf4su2F8vDqISKvuTuyJhNAHhFGHCsHjaixGMHspuz0l3V
++50kq/ECWbN8kKaeTrB112QOrWTU276iup1Gh+OlEOiR9vlQ4VAP00dWUjD6z9HQF
++Ci8W3EsEtiiHiYOU9BcPpPkaUbECwP4nGVwR8aPwhB5PGBJc98romdvciYkUpSOO
++wkuSRtooA7tRlLFu72QaNpXN1NueB36I3aajPk0YyiXy2w8XlgK7QI4PSSBnSq+Q
++blFocWVmLhF94je7py6lCnllrIFXpR3FWZLD5GcI6HKlBS78AQ+IMBLFHhsEVw5N
++Qj90chSZClfBWBZzIaV9RwIDAQABo4IBpDCCAaAwHwYDVR0jBBgwFoAUq042AzDS
++29UKaL6HpVBs/PZwpSUwHQYDVR0OBBYEFGT7G4Y9uEryRIL5Vj3qJsD047M0MA4G
++A1UdDwEB/wQEAwIBBjBFBgNVHSAEPjA8MDoGCWCGGAMAAwEBATAtMCsGCCsGAQUF
++BwIBFh9odHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc3VlMA8GA1UdEwEB/wQF
++MAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3d3dy50dXJrdHJ1c3QuY29t
++LnRyL3NpbC9UVVJLVFJVU1RfU1NMX1NJTF9zMi5jcmwwgaoGCCsGAQUFBwEBBIGd
++MIGaMG4GCCsGAQUFBzAChmJodHRwOi8vd3d3LnR1cmt0cnVzdC5jb20udHIvc2Vy
++dGlmaWthbGFyL1RVUktUUlVTVF9FbGVrdHJvbmlrX1N1bnVjdV9TZXJ0aWZpa2Fz
++aV9IaXptZXRsZXJpX3MyLmNydDAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AudHVy
++a3RydXN0LmNvbS50cjANBgkqhkiG9w0BAQUFAAOCAQEAj89QCCyoW0S20EcYDZAn
++vFLFmougK97Bt68iV1OM622+Cyeyf4Sz+1LBk1f9ni3fGT0Q+RWZJYWq5YuSBiLV
++gk3NLcxnwe3wmnvErUgq1QDtAaNlBWMEMklOlWGfJ0eWaillUskJbDd4KwgZHDEj
++7g/jYEQqU1t0zoJdwM/zNsnLHkhwcWZ5PQnnbpff1Ct/1LH/8pdy2eRDmRmqniLU
++h8r2lZfJeudVZG6yIbxsqP3t2JCq5c2P1jDhAGF3g9DiskH0CzsRdbVpoWdr+PY1
++Xz/19G8XEpX9r+IBJhLdbkpVo0Qh0A10mzFP/GUk5f/8nho2HvLaVMhWv1qKcF8I
++hQ==
++-----END CERTIFICATE-----
+--
+1.7.10.4
+
--- End Message ---