.gitignore

@@ -1 +1 @@
-SOURCES/php-7.4.33.tar.xz
+SOURCES/php-8.0.30.tar.xz

.php.metadata

@@ -1 +1 @@
-4d3152b2339332b4eef2c12931931d4a1245fdab SOURCES/php-7.4.33.tar.xz
+f6d5137d6ce3e52b6d8a582e2990913f2807add4 SOURCES/php-8.0.30.tar.xz

SOURCES/10-opcache.ini

@@ -42,6 +42,11 @@ opcache.enable_cli=1
 ; size of the optimized code.
 ;opcache.save_comments=1
 
+; If enabled, compilation warnings (including notices and deprecations) will
+; be recorded and replayed each time a file is included. Otherwise, compilation
+; warnings will only be emitted when the file is first cached.
+;opcache.record_warnings=0
+
 ; Allow file existence override (file_exists, etc.) performance feature.
 ;opcache.enable_file_override=0
 

SOURCES/php-5.6.3-datetests.patch

@@ -1,23 +0,0 @@
---- a/ext/date/tests/bug66985.phpt	2014-10-30 07:32:03.297693403 +0100
-+++ b/ext/date/tests/bug66985.phpt	2014-10-30 07:32:45.138877977 +0100
-@@ -3,7 +3,7 @@
- --FILE--
- <?php
- $zones = array(
--	"CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
-+	"CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
- 	"GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
- 	"Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
- 	"Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
-@@ -45,11 +45,6 @@
- )
- DateTimeZone Object
- (
--    [timezone_type] => 3
--    [timezone] => Factory
--)
--DateTimeZone Object
--(
-     [timezone_type] => 3
-     [timezone] => GB-Eire
- )

SOURCES/php-5.6.3-phpinfo.patch

@@ -1,27 +0,0 @@
-
-Drop "Configure Command" from phpinfo as it doesn't
-provide any useful information.
-The available extensions are not related to this command.
-
---- php-5.4.9/ext/standard/info.c.orig	2012-12-11 10:43:02.450578276 +0100
-+++ php-5.4.9/ext/standard/info.c	2012-12-11 10:44:12.530820821 +0100
-@@ -743,9 +743,6 @@
- #ifdef ARCHITECTURE
- 		php_info_print_table_row(2, "Architecture", ARCHITECTURE);
- #endif
--#ifdef CONFIGURE_COMMAND
--		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
--#endif
- 
- 		if (sapi_module.pretty_name) {
- 			php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
---- php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt.orig	2012-12-11 11:07:26.959156091 +0100
-+++ php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt	2012-12-11 11:07:30.899170970 +0100
-@@ -20,7 +20,6 @@
- 
- System => %s
- Build Date => %s%a
--Configure Command => %s
- Server API => Command Line Interface
- Virtual Directory Support => %s
- Configuration File (php.ini) Path => %s

SOURCES/php-7.4.0-datetests.patch

@@ -0,0 +1,98 @@
+diff -up ./ext/date/tests/bug33414-2.phpt.datetests ./ext/date/tests/bug33414-2.phpt
+--- ./ext/date/tests/bug33414-2.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
++++ ./ext/date/tests/bug33414-2.phpt	2020-04-09 14:40:00.809433489 +0200
+@@ -74,10 +74,10 @@ $strtotime_tstamp = strtotime("next Frid
+ print "result=".date("l Y-m-d H:i:s T I", $strtotime_tstamp)."\n";
+ print "wanted=Friday            00:00:00\n\n";
+ ?>
+---EXPECT--
++--EXPECTF--
+ TZ=Pacific/Rarotonga - wrong day.
+-tStamp=Thursday 1970-01-01 17:17:17 -1030 0
+-result=Tuesday 1970-01-06 00:00:00 -1030 0
++tStamp=Thursday 1970-01-01 17:17:17 %s
++result=Tuesday 1970-01-06 00:00:00 %s
+ wanted=Tuesday            00:00:00
+ 
+ TZ=Atlantic/South_Georgia - wrong day.
+@@ -91,13 +91,13 @@ result=Monday 2005-04-04 00:00:00 EDT 1
+ wanted=Monday            00:00:00
+ 
+ TZ=Pacific/Enderbury - wrong day, off by 2 days.
+-tStamp=Thursday 1970-01-01 17:17:17 -12 0
+-result=Monday 1970-01-05 00:00:00 -12 0
++tStamp=Thursday 1970-01-01 17:17:17 %s
++result=Monday 1970-01-05 00:00:00 %s
+ wanted=Monday            00:00:00
+ 
+ TZ=Pacific/Kiritimati - wrong day, off by 2 days.
+-tStamp=Thursday 1970-01-01 17:17:17 -1040 0
+-result=Monday 1970-01-05 00:00:00 -1040 0
++tStamp=Thursday 1970-01-01 17:17:17 %s
++result=Monday 1970-01-05 00:00:00 %s
+ wanted=Monday            00:00:00
+ 
+ TZ=America/Managua - wrong day.
+@@ -106,13 +106,13 @@ result=Tuesday 2005-04-12 00:00:00 CDT 1
+ wanted=Tuesday            00:00:00
+ 
+ TZ=Pacific/Pitcairn - wrong day.
+-tStamp=Thursday 1970-01-01 17:17:17 -0830 0
+-result=Wednesday 1970-01-07 00:00:00 -0830 0
++tStamp=Thursday 1970-01-01 17:17:17 %s
++result=Wednesday 1970-01-07 00:00:00 %s
+ wanted=Wednesday            00:00:00
+ 
+ TZ=Pacific/Fakaofo - wrong day.
+-tStamp=Thursday 1970-01-01 17:17:17 -11 0
+-result=Saturday 1970-01-03 00:00:00 -11 0
++tStamp=Thursday 1970-01-01 17:17:17 %s
++result=Saturday 1970-01-03 00:00:00 %s
+ wanted=Saturday            00:00:00
+ 
+ TZ=Pacific/Johnston - wrong day.
+diff -up ./ext/date/tests/bug66985.phpt.datetests ./ext/date/tests/bug66985.phpt
+--- ./ext/date/tests/bug66985.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
++++ ./ext/date/tests/bug66985.phpt	2020-04-09 14:40:37.099288185 +0200
+@@ -3,7 +3,7 @@ Bug #66985 (Some timezones are no longer
+ --FILE--
+ <?php
+ $zones = array(
+-    "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
++    "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
+     "GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
+     "Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
+     "Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
+@@ -45,11 +45,6 @@ DateTimeZone Object
+ )
+ DateTimeZone Object
+ (
+-    [timezone_type] => 3
+-    [timezone] => Factory
+-)
+-DateTimeZone Object
+-(
+     [timezone_type] => 3
+     [timezone] => GB-Eire
+ )
+diff -up ./ext/date/tests/strtotime3-64bit.phpt.datetests ./ext/date/tests/strtotime3-64bit.phpt
+--- ./ext/date/tests/strtotime3-64bit.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
++++ ./ext/date/tests/strtotime3-64bit.phpt	2020-04-09 14:40:00.809433489 +0200
+@@ -44,7 +44,7 @@ foreach ($strs as $str) {
+ }
+ 
+ ?>
+---EXPECT--
++--EXPECTF--
+ bool(false)
+ bool(false)
+ string(31) "Thu, 15 Jun 2006 00:00:00 +0100"
+@@ -53,7 +53,7 @@ bool(false)
+ string(31) "Fri, 16 Jun 2006 23:49:12 +0100"
+ bool(false)
+ string(31) "Fri, 16 Jun 2006 02:22:00 +0100"
+-string(31) "Sun, 16 Jun 0222 02:22:00 -0036"
++string(31) "Sun, 16 Jun 0222 02:22:00 %s"
+ string(31) "Fri, 16 Jun 2006 02:22:33 +0100"
+ bool(false)
+ string(31) "Tue, 02 Mar 2004 00:00:00 +0000"

SOURCES/php-7.4.0-libdb.patch

@@ -1,7 +1,7 @@
-diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.m4
---- php-7.2.0alpha0/ext/dba/config.m4.libdb	2017-05-29 08:56:06.000000000 +0200
-+++ php-7.2.0alpha0/ext/dba/config.m4	2017-05-29 09:13:52.014823282 +0200
-@@ -346,61 +346,13 @@ if test "$PHP_DB4" != "no"; then
+diff -up ./ext/dba/config.m4.libdb ./ext/dba/config.m4
+--- ./ext/dba/config.m4.libdb	2020-04-09 14:06:11.000000000 +0200
++++ ./ext/dba/config.m4	2020-04-09 14:35:08.208605065 +0200
+@@ -375,61 +375,13 @@ if test "$PHP_DB4" != "no"; then
    dbdp4="/usr/local/BerkeleyDB.4."
    dbdp5="/usr/local/BerkeleyDB.5."
    for i in $PHP_DB4 ${dbdp5}1 ${dbdp5}0 ${dbdp4}8 ${dbdp4}7 ${dbdp4}6 ${dbdp4}5 ${dbdp4}4 ${dbdp4}3 ${dbdp4}2 ${dbdp4}1 ${dbdp}0 /usr/local /usr; do
@@ -65,21 +65,21 @@ diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.
  fi
  PHP_DBA_STD_RESULT(db4,Berkeley DB4)
  
-diff -up php-7.2.0alpha0/ext/dba/dba.c.libdb php-7.2.0alpha0/ext/dba/dba.c
---- php-7.2.0alpha0/ext/dba/dba.c.libdb	2017-05-29 09:16:15.736628202 +0200
-+++ php-7.2.0alpha0/ext/dba/dba.c	2017-05-29 09:16:20.494654746 +0200
-@@ -53,6 +53,10 @@
- #include "php_tcadb.h"
+diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c
+--- ./ext/dba/dba.c.libdb	2020-04-09 14:06:11.000000000 +0200
++++ ./ext/dba/dba.c	2020-04-09 14:36:30.593275190 +0200
+@@ -50,6 +50,10 @@
  #include "php_lmdb.h"
+ #include "dba_arginfo.h"
  
 +#ifdef DB4_INCLUDE_FILE
 +#include DB4_INCLUDE_FILE
 +#endif
 +
- /* {{{ arginfo */
- ZEND_BEGIN_ARG_INFO_EX(arginfo_dba_popen, 0, 0, 2)
- 	ZEND_ARG_INFO(0, path)
-@@ -558,6 +562,10 @@ PHP_MINFO_FUNCTION(dba)
+ PHP_MINIT_FUNCTION(dba);
+ PHP_MSHUTDOWN_FUNCTION(dba);
+ PHP_MINFO_FUNCTION(dba);
+@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba)
  
  	php_info_print_table_start();
   	php_info_print_table_row(2, "DBA support", "enabled");

SOURCES/php-7.4.33.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmNftBYACgkQkQ3rRvU+
-oxKEJw/7B1ynCpmaLJD9H8YB6YkRdaQ7s4jX10wHrCL2mYFcrViPokJUPHymQ4cG
-LYYLDxqhziH5a61ZE0QwBqDSthMuW6KHx4bod7DPXT2vb+wI4KGWWLLjRyb36QEU
-JWEYll0ITIy5SKLjQvQWz9Ti6NKs8fPDrty43rQYTXgHi4dnpC4iS1oS5bPQlozK
-d9yWoclOlsD1gQvJLfGmZkBhXMVc1ndDQAwQZexU0OGvy8qiSs3BNOwTrmwHlArr
-UQwBeuvQvoy7NvpMhBazkpt4VwxGx9iJkOKOBupHkqgnQRic9oFH4q1BsAoz/H27
-jy9A6Qkru7x/z9tzFxGvYRa9JYu3ci+C1kNFG3IjkHpzHM9HAS1/2sXrV2RLY8DO
-PagxuSt5/6fYhPTmb4msl/UWGHZlewuFP2HucnIqnCw4/PW/33bqiZpoh/vXT9CH
-1adgRptXeF5MHJH95m0OtRk1Mmw9vIRd0pU8GleJbW/ny5Ki4q+WxF3rb+QFRC4Z
-Mhi2trcicCNhGy2iD3bPhfCObPd9NW7csQorJUf/I7QBFZXFpVExK88axuwOwM5u
-pQA72mvFqRwhSSgMEL5U9RfLG1Is8zcnARs9BqoWtgP78sTPvqKzr2nJ3fzSfglS
-EQ40VNrGF4wsruOZf/Stx1v2ysrDHnZ+45Og0BxaRyfVBp+Q/70=
-=lvvn
------END PGP SIGNATURE-----

SOURCES/php-8.0.0-embed.patch

@@ -1,24 +1,25 @@
---- php-5.6.3/sapi/embed/config.m4.embed
-+++ php-5.6.3/sapi/embed/config.m4
-@@ -11,7 +11,8 @@ if test "$PHP_EMBED" != "no"; then
-   case "$PHP_EMBED" in
+diff -up ./sapi/embed/config.m4.embed ./sapi/embed/config.m4
+--- ./sapi/embed/config.m4.embed	2020-07-07 13:51:05.879764972 +0200
++++ ./sapi/embed/config.m4	2020-07-07 13:52:50.128412148 +0200
+@@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then
      yes|shared)
+       LIBPHP_CFLAGS="-shared"
        PHP_EMBED_TYPE=shared
 -      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib"
 +      EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_MAJOR_VERSION).\$(PHP_MINOR_VERSION)"
 +      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)"
        ;;
      static)
-       PHP_EMBED_TYPE=static
-diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in
---- php-5.5.30/scripts/php-config.in.old	2015-10-19 15:17:31.944747715 +0200
-+++ php-5.5.30/scripts/php-config.in	2015-10-19 15:17:58.278858083 +0200
+       LIBPHP_CFLAGS="-static"
+diff -up ./scripts/php-config.in.embed ./scripts/php-config.in
+--- ./scripts/php-config.in.embed	2020-07-07 12:54:42.000000000 +0200
++++ ./scripts/php-config.in	2020-07-07 13:51:05.880764968 +0200
 @@ -18,7 +18,7 @@ exe_extension="@EXEEXT@"
  php_cli_binary=NONE
  php_cgi_binary=NONE
  configure_options="@CONFIGURE_OPTIONS@"
 -php_sapis="@PHP_INSTALLED_SAPIS@"
-+php_sapis="apache2handler fpm phpdbg @PHP_INSTALLED_SAPIS@"
++php_sapis="apache2handler litespeed fpm phpdbg @PHP_INSTALLED_SAPIS@"
  ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
  ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@"
  

SOURCES/php-8.0.0-phpinfo.patch

@@ -0,0 +1,118 @@
+
+Drop "Configure Command" from phpinfo as it doesn't
+provide any useful information.
+The available extensions are not related to this command.
+
+Replace full GCC name by gcc in php -v output
+
+
+Also apply
+
+From 9bf43c45908433d382f0499d529849172d0d8206 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Mon, 28 Dec 2020 08:33:09 +0100
+Subject: [PATCH] rename COMPILER and ARCHITECTURE macro (too generic)
+
+---
+ configure.ac             |  4 ++--
+ ext/standard/info.c      |  8 ++++----
+ sapi/cli/php_cli.c       |  8 ++++----
+ win32/build/confutils.js | 10 +++++-----
+ 4 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9d9c8b155b07..143dc061346b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1289,10 +1289,10 @@ if test -n "${PHP_BUILD_PROVIDER}"; then
+   AC_DEFINE_UNQUOTED(PHP_BUILD_PROVIDER,"$PHP_BUILD_PROVIDER",[build provider])
+ fi
+ if test -n "${PHP_BUILD_COMPILER}"; then
+-  AC_DEFINE_UNQUOTED(COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
++  AC_DEFINE_UNQUOTED(PHP_BUILD_COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
+ fi
+ if test -n "${PHP_BUILD_ARCH}"; then
+-  AC_DEFINE_UNQUOTED(ARCHITECTURE,"$PHP_BUILD_ARCH",[build architecture])
++  AC_DEFINE_UNQUOTED(PHP_BUILD_ARCH,"$PHP_BUILD_ARCH",[build architecture])
+ fi
+ 
+ PHP_SUBST_OLD(PHP_INSTALLED_SAPIS)
+diff --git a/ext/standard/info.c b/ext/standard/info.c
+index 153cb6cde014..8ceef31d9fe4 100644
+--- a/ext/standard/info.c
++++ b/ext/standard/info.c
+@@ -798,11 +798,11 @@ PHPAPI ZEND_COLD void php_print_info(int flag)
+ #ifdef PHP_BUILD_PROVIDER
+ 		php_info_print_table_row(2, "Build Provider", PHP_BUILD_PROVIDER);
+ #endif
+-#ifdef COMPILER
+-		php_info_print_table_row(2, "Compiler", COMPILER);
++#ifdef PHP_BUILD_COMPILER
++		php_info_print_table_row(2, "Compiler", PHP_BUILD_COMPILER);
+ #endif
+-#ifdef ARCHITECTURE
+-		php_info_print_table_row(2, "Architecture", ARCHITECTURE);
++#ifdef PHP_BUILD_ARCH
++		php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
+ #endif
+ #ifdef CONFIGURE_COMMAND
+ 		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
+diff --git a/sapi/cli/php_cli.c b/sapi/cli/php_cli.c
+index 5092fb0ffd68..9d296acec631 100644
+--- a/sapi/cli/php_cli.c
++++ b/sapi/cli/php_cli.c
+@@ -640,12 +640,12 @@ static int do_cli(int argc, char **argv) /* {{{ */
+ #else
+ 					"NTS "
+ #endif
+-#ifdef COMPILER
+-					COMPILER
++#ifdef PHP_BUILD_COMPILER
++					PHP_BUILD_COMPILER
+ 					" "
+ #endif
+-#ifdef ARCHITECTURE
+-					ARCHITECTURE
++#ifdef PHP_BUILD_ARCH
++					PHP_BUILD_ARCH
+ 					" "
+ #endif
+ #if ZEND_DEBUG
+
+diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
+--- ./ext/standard/info.c.phpinfo	2020-07-21 10:49:31.000000000 +0200
++++ ./ext/standard/info.c	2020-07-21 11:41:56.295633523 +0200
+@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int
+ #ifdef PHP_BUILD_ARCH
+ 		php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
+ #endif
+-#ifdef CONFIGURE_COMMAND
+-		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
+-#endif
+ 
+ 		if (sapi_module.pretty_name) {
+ 			php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
+diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
+--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo	2020-07-21 10:49:31.000000000 +0200
++++ ./ext/standard/tests/general_functions/phpinfo.phpt	2020-07-21 11:41:56.296633522 +0200
+@@ -17,7 +17,6 @@ PHP Version => %s
+ 
+ System => %s
+ Build Date => %s%a
+-Configure Command => %s
+ Server API => Command Line Interface
+ Virtual Directory Support => %s
+ Configuration File (php.ini) Path => %s
+diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
+--- ./sapi/cli/php_cli.c.phpinfo	2020-07-21 11:43:38.812475300 +0200
++++ ./sapi/cli/php_cli.c	2020-07-21 11:43:45.783464540 +0200
+@@ -641,8 +641,7 @@ static int do_cli(int argc, char **argv)
+ 					"NTS "
+ #endif
+ #ifdef PHP_BUILD_COMPILER
+-					PHP_BUILD_COMPILER
+-					" "
++					"gcc "
+ #endif
+ #ifdef PHP_BUILD_ARCH
+ 					PHP_BUILD_ARCH

SOURCES/php-8.0.10-phar-sha.patch

@@ -0,0 +1,515 @@
+Backported for 8.0 from
+
+
+From 8bb0c74e24359a11216824117ac3adf3d5ef7b71 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 5 Aug 2021 11:10:15 +0200
+Subject: [PATCH] switch phar to use sha256 signature by default
+
+---
+ ext/phar/phar/pharcommand.inc                  | 2 +-
+ ext/phar/tests/create_new_and_modify.phpt      | 4 ++--
+ ext/phar/tests/create_new_phar_c.phpt          | 4 ++--
+ ext/phar/tests/phar_setsignaturealgo2.phpt     | 2 +-
+ ext/phar/tests/tar/phar_setsignaturealgo2.phpt | 2 +-
+ ext/phar/tests/zip/phar_setsignaturealgo2.phpt | 2 +-
+ ext/phar/util.c                                | 6 +++---
+ ext/phar/zip.c                                 | 2 +-
+ 8 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
+index a31290eee75fe..5f698b4bec26b 100644
+--- a/ext/phar/phar/pharcommand.inc
++++ b/ext/phar/phar/pharcommand.inc
+@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
+                 'typ' => 'select',
+                 'val' => NULL,
+                 'inf' => '<method> Selects the hash algorithm.',
+-                'select' => array('md5' => 'MD5','sha1' => 'SHA1')
++                'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
+             ),
+             'i' => array(
+                 'typ' => 'regex',
+diff --git a/ext/phar/tests/create_new_and_modify.phpt b/ext/phar/tests/create_new_and_modify.phpt
+index 02e36c6cea2fe..32defcae8a639 100644
+--- a/ext/phar/tests/create_new_and_modify.phpt
++++ b/ext/phar/tests/create_new_and_modify.phpt
+@@ -49,8 +49,8 @@ include $pname . '/b.php';
+ <?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php'); ?>
+ --EXPECTF--
+ brand new!
+-string(40) "%s"
+-string(40) "%s"
++string(%d) "%s"
++string(%d) "%s"
+ bool(true)
+ modified!
+ another!
+diff --git a/ext/phar/tests/create_new_phar_c.phpt b/ext/phar/tests/create_new_phar_c.phpt
+index 566d3c4d5f8ad..bf6d740fd1d10 100644
+--- a/ext/phar/tests/create_new_phar_c.phpt
++++ b/ext/phar/tests/create_new_phar_c.phpt
+@@ -20,7 +20,7 @@ var_dump($phar->getSignature());
+ --EXPECTF--
+ array(2) {
+   ["hash"]=>
+-  string(40) "%s"
++  string(64) "%s"
+   ["hash_type"]=>
+-  string(5) "SHA-1"
++  string(7) "SHA-256"
+ }
+diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
+index 293d3196713d8..4f31836fbbbcc 100644
+--- a/ext/phar/tests/phar_setsignaturealgo2.phpt
++++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
+@@ -52,7 +52,7 @@ array(2) {
+   ["hash"]=>
+   string(%d) "%s"
+   ["hash_type"]=>
+-  string(5) "SHA-1"
++  string(7) "SHA-256"
+ }
+ array(2) {
+   ["hash"]=>
+diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+index 9923ac5c88476..cc10a241d739b 100644
+--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
++++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+@@ -51,7 +51,7 @@ array(2) {
+   ["hash"]=>
+   string(%d) "%s"
+   ["hash_type"]=>
+-  string(5) "SHA-1"
++  string(7) "SHA-256"
+ }
+ array(2) {
+   ["hash"]=>
+diff --git a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
+index 8de77479d7825..60fec578ee894 100644
+--- a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
++++ b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
+@@ -78,7 +78,7 @@ array(2) {
+   ["hash"]=>
+   string(%d) "%s"
+   ["hash_type"]=>
+-  string(5) "SHA-1"
++  string(7) "SHA-256"
+ }
+ array(2) {
+   ["hash"]=>
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 314acfe81a788..8d2db03b69601 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -1798,6 +1798,8 @@ int phar_create_signature(phar_archive_d
+ 			*signature_length = 64;
+ 			break;
+ 		}
++		default:
++			phar->sig_flags = PHAR_SIG_SHA256;
+ 		case PHAR_SIG_SHA256: {
+ 			unsigned char digest[32];
+ 			PHP_SHA256_CTX  context;
+@@ -1894,8 +1896,6 @@ int phar_create_signature(phar_archive_d
+ 			*signature_length = siglen;
+ 		}
+ 		break;
+-		default:
+-			phar->sig_flags = PHAR_SIG_SHA1;
+ 		case PHAR_SIG_SHA1: {
+ 			unsigned char digest[20];
+ 			PHP_SHA1_CTX  context;
+diff --git a/ext/phar/zip.c b/ext/phar/zip.c
+index 31d4bd2998215..c5e38cabf7b87 100644
+--- a/ext/phar/zip.c
++++ b/ext/phar/zip.c
+@@ -1423,7 +1423,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
+ 
+ 	memcpy(eocd.signature, "PK\5\6", 4);
+ 	if (!phar->is_data && !phar->sig_flags) {
+-		phar->sig_flags = PHAR_SIG_SHA1;
++		phar->sig_flags = PHAR_SIG_SHA256;
+ 	}
+ 	if (phar->sig_flags) {
+ 		PHAR_SET_16(eocd.counthere, zend_hash_num_elements(&phar->manifest) + 1);
+
+From c51af22fef988c1b2f92b7b9e3a9d745f7084815 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 5 Aug 2021 16:49:48 +0200
+Subject: [PATCH] implement openssl_256 and openssl_512 for phar singatures
+
+---
+ ext/openssl/openssl.c                         |   1 +
+ ext/phar/phar.1.in                            |  10 +++-
+ ext/phar/phar.c                               |   8 +++-
+ ext/phar/phar/pharcommand.inc                 |  14 +++++-
+ ext/phar/phar_internal.h                      |   2 +
+ ext/phar/phar_object.c                        |  24 ++++++++--
+ ext/phar/tests/files/openssl256.phar          | Bin 0 -> 7129 bytes
+ ext/phar/tests/files/openssl256.phar.pubkey   |   6 +++
+ ext/phar/tests/files/openssl512.phar          | Bin 0 -> 7129 bytes
+ ext/phar/tests/files/openssl512.phar.pubkey   |   6 +++
+ .../phar_get_supported_signatures_002a.phpt   |   6 ++-
+ .../tests/tar/phar_setsignaturealgo2.phpt     |  16 +++++++
+ ext/phar/tests/test_signaturealgos.phpt       |   8 ++++
+ ext/phar/util.c                               |  45 ++++++++++++++----
+ 14 files changed, 128 insertions(+), 18 deletions(-)
+ create mode 100644 ext/phar/tests/files/openssl256.phar
+ create mode 100644 ext/phar/tests/files/openssl256.phar.pubkey
+ create mode 100644 ext/phar/tests/files/openssl512.phar
+ create mode 100644 ext/phar/tests/files/openssl512.phar.pubkey
+
+diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in
+index 77912b241dfd5..323e77b0e2a3b 100644
+--- a/ext/phar/phar.1.in
++++ b/ext/phar/phar.1.in
+@@ -475,7 +475,15 @@ SHA512
+ .TP
+ .PD
+ .B openssl
+-OpenSSL
++OpenSSL using SHA-1
++.TP
++.PD
++.B openssl_sha256
++OpenSSL using SHA-256
++.TP
++.PD
++.B openssl_sha512
++OpenSSL using SHA-512
+ 
+ .SH SEE ALSO
+ For a more or less complete description of PHAR look here:
+diff --git a/ext/phar/phar.c b/ext/phar/phar.c
+index 77f21cef9da53..bc08e4edde05d 100644
+--- a/ext/phar/phar.c
++++ b/ext/phar/phar.c
+@@ -869,6 +869,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
+ 		PHAR_GET_32(sig_ptr, sig_flags);
+ 
+ 		switch(sig_flags) {
++			case PHAR_SIG_OPENSSL_SHA512:
++			case PHAR_SIG_OPENSSL_SHA256:
+ 			case PHAR_SIG_OPENSSL: {
+ 				uint32_t signature_len;
+ 				char *sig;
+@@ -903,7 +905,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
+ 					return FAILURE;
+ 				}
+ 
+-				if (FAILURE == phar_verify_signature(fp, end_of_phar, PHAR_SIG_OPENSSL, sig, signature_len, fname, &signature, &sig_len, error)) {
++				if (FAILURE == phar_verify_signature(fp, end_of_phar, sig_flags, sig, signature_len, fname, &signature, &sig_len, error)) {
+ 					efree(savebuf);
+ 					efree(sig);
+ 					php_stream_close(fp);
+@@ -3162,7 +3164,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
+ 
+ 				php_stream_write(newfile, digest, digest_len);
+ 				efree(digest);
+-				if (phar->sig_flags == PHAR_SIG_OPENSSL) {
++				if (phar->sig_flags == PHAR_SIG_OPENSSL ||
++					phar->sig_flags == PHAR_SIG_OPENSSL_SHA256 ||
++					phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
+ 					phar_set_32(sig_buf, digest_len);
+ 					php_stream_write(newfile, sig_buf, 4);
+ 				}
+diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
+index 5f698b4bec26b..1b1eeca59c560 100644
+--- a/ext/phar/phar/pharcommand.inc
++++ b/ext/phar/phar/pharcommand.inc
+@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
+                 'typ' => 'select',
+                 'val' => NULL,
+                 'inf' => '<method> Selects the hash algorithm.',
+-                'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
++                'select' => ['md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL', 'openssl_sha256' => 'OPENSSL_SHA256', 'openssl_sha512' => 'OPENSSL_SHA512']
+             ),
+             'i' => array(
+                 'typ' => 'regex',
+@@ -156,6 +156,8 @@ class PharCommand extends CLICommand
+         $hash_avail = Phar::getSupportedSignatures();
+         $hash_optional = array('SHA-256' => 'SHA256',
+                                'SHA-512' => 'SHA512',
++                               'OpenSSL_sha256' => 'OpenSSL_SHA256',
++                               'OpenSSL_sha512' => 'OpenSSL_SHA512',
+                                'OpenSSL' => 'OpenSSL');
+         if (!in_array('OpenSSL', $hash_avail)) {
+             unset($phar_args['y']);
+@@ -429,6 +431,16 @@ class PharCommand extends CLICommand
+                     self::error("Cannot use OpenSSL signing without key.\n");
+                 }
+                 return Phar::OPENSSL;
++            case 'openssl_sha256':
++                if (!$privkey) {
++                    self::error("Cannot use OpenSSL signing without key.\n");
++                }
++                return Phar::OPENSSL_SHA256;
++            case 'openssl_sha512':
++                if (!$privkey) {
++                    self::error("Cannot use OpenSSL signing without key.\n");
++                }
++                return Phar::OPENSSL_SHA512;
+         }
+     }
+     // }}}
+diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
+index a9f81e2ab994a..30b408a8c4462 100644
+--- a/ext/phar/phar_internal.h
++++ b/ext/phar/phar_internal.h
+@@ -88,6 +88,8 @@
+ #define PHAR_SIG_SHA256           0x0003
+ #define PHAR_SIG_SHA512           0x0004
+ #define PHAR_SIG_OPENSSL          0x0010
++#define PHAR_SIG_OPENSSL_SHA256   0x0011
++#define PHAR_SIG_OPENSSL_SHA512   0x0012
+ 
+ /* flags byte for each file adheres to these bitmasks.
+    All unused values are reserved */
+diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
+index 9c1e5f2fa1eef..c05970e657f18 100644
+--- a/ext/phar/phar_object.c
++++ b/ext/phar/phar_object.c
+@@ -1246,9 +1246,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
+ 	add_next_index_stringl(return_value, "SHA-512", 7);
+ #ifdef PHAR_HAVE_OPENSSL
+ 	add_next_index_stringl(return_value, "OpenSSL", 7);
++	add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
++	add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
+ #else
+ 	if (zend_hash_str_exists(&module_registry, "openssl", sizeof("openssl")-1)) {
+ 		add_next_index_stringl(return_value, "OpenSSL", 7);
++		add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
++		add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
+ 	}
+ #endif
+ }
+@@ -3028,6 +3032,8 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
+ 		case PHAR_SIG_MD5:
+ 		case PHAR_SIG_SHA1:
+ 		case PHAR_SIG_OPENSSL:
++		case PHAR_SIG_OPENSSL_SHA256:
++		case PHAR_SIG_OPENSSL_SHA512:
+ 			if (phar_obj->archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->archive))) {
+ 				zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
+ 				RETURN_THROWS();
+@@ -3066,19 +3072,25 @@ PHP_METHOD(Phar, getSignature)
+ 		add_assoc_stringl(return_value, "hash", phar_obj->archive->signature, phar_obj->archive->sig_len);
+ 		switch(phar_obj->archive->sig_flags) {
+ 			case PHAR_SIG_MD5:
+-				add_assoc_stringl(return_value, "hash_type", "MD5", 3);
++				add_assoc_string(return_value, "hash_type", "MD5");
+ 				break;
+ 			case PHAR_SIG_SHA1:
+-				add_assoc_stringl(return_value, "hash_type", "SHA-1", 5);
++				add_assoc_string(return_value, "hash_type", "SHA-1");
+ 				break;
+ 			case PHAR_SIG_SHA256:
+-				add_assoc_stringl(return_value, "hash_type", "SHA-256", 7);
++				add_assoc_string(return_value, "hash_type", "SHA-256");
+ 				break;
+ 			case PHAR_SIG_SHA512:
+-				add_assoc_stringl(return_value, "hash_type", "SHA-512", 7);
++				add_assoc_string(return_value, "hash_type", "SHA-512");
+ 				break;
+ 			case PHAR_SIG_OPENSSL:
+-				add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7);
++				add_assoc_string(return_value, "hash_type", "OpenSSL");
++				break;
++			case PHAR_SIG_OPENSSL_SHA256:
++				add_assoc_string(return_value, "hash_type", "OpenSSL_SHA256");
++				break;
++			case PHAR_SIG_OPENSSL_SHA512:
++				add_assoc_string(return_value, "hash_type", "OpenSSL_SHA512");
+ 				break;
+ 			default:
+ 				unknown = strpprintf(0, "Unknown (%u)", phar_obj->archive->sig_flags);
+@@ -5103,6 +5115,8 @@ void phar_object_init(void) /* {{{ */
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
++	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA256", PHAR_SIG_OPENSSL_SHA256)
++	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA512", PHAR_SIG_OPENSSL_SHA512)
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
+ 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)
+diff --git a/ext/phar/tests/phar_get_supported_signatures_002a.phpt b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
+index 06d811f2c35c2..639143b3d2c90 100644
+--- a/ext/phar/tests/phar_get_supported_signatures_002a.phpt
++++ b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
+@@ -14,7 +14,7 @@ phar.readonly=0
+ var_dump(Phar::getSupportedSignatures());
+ ?>
+ --EXPECT--
+-array(5) {
++array(7) {
+   [0]=>
+   string(3) "MD5"
+   [1]=>
+@@ -25,4 +25,8 @@ array(5) {
+   string(7) "SHA-512"
+   [4]=>
+   string(7) "OpenSSL"
++  [5]=>
++  string(14) "OpenSSL_SHA256"
++  [6]=>
++  string(14) "OpenSSL_SHA512"
+ }
+diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+index cc10a241d739b..c2eb5d77a5bf0 100644
+--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
++++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+@@ -38,6 +38,10 @@ $pkey = '';
+ openssl_pkey_export($private, $pkey, NULL, $config_arg);
+ $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
+ var_dump($p->getSignature());
++$p->setSignatureAlgorithm(Phar::OPENSSL_SHA512, $pkey);
++var_dump($p->getSignature());
++$p->setSignatureAlgorithm(Phar::OPENSSL_SHA256, $pkey);
++var_dump($p->getSignature());
+ } catch (Exception $e) {
+ echo $e->getMessage();
+ }
+@@ -83,3 +87,15 @@ array(2) {
+   ["hash_type"]=>
+   string(7) "OpenSSL"
+ }
++array(2) {
++  ["hash"]=>
++  string(%d) "%s"
++  ["hash_type"]=>
++  string(14) "OpenSSL_SHA512"
++}
++array(2) {
++  ["hash"]=>
++  string(%d) "%s"
++  ["hash_type"]=>
++  string(14) "OpenSSL_SHA256"
++}
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 8d2db03b69601..515830bf2c70a 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -34,7 +34,7 @@
+ #include <openssl/ssl.h>
+ #include <openssl/pkcs12.h>
+ #else
+-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
++static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type);
+ #endif
+ 
+ /* for links to relative location, prepend cwd of the entry */
+@@ -1381,11 +1381,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
+ /* }}} */
+ 
+ #ifndef PHAR_HAVE_OPENSSL
+-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
++static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type) /* {{{ */
+ {
+ 	zend_fcall_info fci;
+ 	zend_fcall_info_cache fcc;
+-	zval retval, zp[3], openssl;
++	zval retval, zp[4], openssl;
+ 	zend_string *str;
+ 
+ 	ZVAL_STRINGL(&openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1);
+@@ -1402,6 +1402,14 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
+ 	} else {
+ 		ZVAL_EMPTY_STRING(&zp[0]);
+ 	}
++	if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
++		ZVAL_LONG(&zp[3], 9); /* value from openssl.c #define OPENSSL_ALGO_SHA512 9 */
++	} else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
++		ZVAL_LONG(&zp[3], 7); /* value from openssl.c #define OPENSSL_ALGO_SHA256 7 */
++	} else {
++		/* don't rely on default value which may change in the future */
++		ZVAL_LONG(&zp[3], 1); /* value from openssl.c #define OPENSSL_ALGO_SHA1   1 */
++	}
+ 
+ 	if ((size_t)end != Z_STRLEN(zp[0])) {
+ 		zval_ptr_dtor_str(&zp[0]);
+@@ -1419,7 +1427,7 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
+ 		return FAILURE;
+ 	}
+ 
+-	fci.param_count = 3;
++	fci.param_count = 4;
+ 	fci.params = zp;
+ 	Z_ADDREF(zp[0]);
+ 	if (is_sign) {
+@@ -1482,12 +1490,22 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
+ 	php_stream_rewind(fp);
+ 
+ 	switch (sig_type) {
++		case PHAR_SIG_OPENSSL_SHA512:
++		case PHAR_SIG_OPENSSL_SHA256:
+ 		case PHAR_SIG_OPENSSL: {
+ #ifdef PHAR_HAVE_OPENSSL
+ 			BIO *in;
+ 			EVP_PKEY *key;
+-			EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
++			const EVP_MD *mdtype;
+ 			EVP_MD_CTX *md_ctx;
++
++			if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
++				mdtype = EVP_sha512();
++			} else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
++				mdtype = EVP_sha256();
++			} else {
++				mdtype = EVP_sha1();
++			}
+ #else
+ 			size_t tempsig;
+ #endif
+@@ -1521,7 +1539,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
+ #ifndef PHAR_HAVE_OPENSSL
+ 			tempsig = sig_len;
+ 
+-			if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig)) {
++			if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig, sig_type)) {
+ 				if (pubkey) {
+ 					zend_string_release_ex(pubkey, 0);
+ 				}
+@@ -1815,6 +1833,8 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
+ 			*signature_length = 32;
+ 			break;
+ 		}
++		case PHAR_SIG_OPENSSL_SHA512:
++		case PHAR_SIG_OPENSSL_SHA256:
+ 		case PHAR_SIG_OPENSSL: {
+ 			unsigned char *sigbuf;
+ #ifdef PHAR_HAVE_OPENSSL
+@@ -1822,6 +1842,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
+ 			BIO *in;
+ 			EVP_PKEY *key;
+ 			EVP_MD_CTX *md_ctx;
++			const EVP_MD *mdtype;
++
++			if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
++				mdtype = EVP_sha512();
++			} else if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA256) {
++				mdtype = EVP_sha256();
++			} else {
++				mdtype = EVP_sha1();
++			}
+ 
+ 			in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
+ 
+@@ -1847,7 +1876,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
+ 			siglen = EVP_PKEY_size(key);
+ 			sigbuf = emalloc(siglen + 1);
+ 
+-			if (!EVP_SignInit(md_ctx, EVP_sha1())) {
++			if (!EVP_SignInit(md_ctx, mdtype)) {
+ 				EVP_PKEY_free(key);
+ 				efree(sigbuf);
+ 				if (error) {
+@@ -1885,7 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
+ 			siglen = 0;
+ 			php_stream_seek(fp, 0, SEEK_END);
+ 
+-			if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen)) {
++			if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen, phar->sig_flags)) {
+ 				if (error) {
+ 					spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
+ 				}

SOURCES/php-8.0.10-snmp-sha.patch

@@ -0,0 +1,143 @@
+Backported for 8.0 from
+
+
+From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 11 Aug 2021 13:02:18 +0200
+Subject: [PATCH] add SHA256 and SHA512 for security protocol
+
+---
+ ext/snmp/config.m4                            | 18 +++++++++-
+ ext/snmp/snmp.c                               | 33 ++++++++++++++++++-
+ .../tests/snmp-object-setSecurity_error.phpt  |  2 +-
+ ext/snmp/tests/snmp3-error.phpt               |  2 +-
+ 4 files changed, 51 insertions(+), 4 deletions(-)
+
+diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
+index 1475ddfe2b7f0..f285a572de9cb 100644
+--- a/ext/snmp/config.m4
++++ b/ext/snmp/config.m4
+@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
+         AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
+       fi
+     else
+-      AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
++      AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
+     fi
+   else
+     AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
+@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
+     $SNMP_SHARED_LIBADD
+   ])
+ 
++  dnl Check whether usmHMAC192SHA256AuthProtocol exists.
++  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
++  [
++    AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
++  ], [], [
++    $SNMP_SHARED_LIBADD
++  ])
++
++  dnl Check whether usmHMAC384SHA512AuthProtocol exists.
++  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
++  [
++    AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
++  ], [], [
++    $SNMP_SHARED_LIBADD
++  ])
++
+   PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
+   PHP_SUBST(SNMP_SHARED_LIBADD)
+ fi
+diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
+index 69d6549405b17..f0917501751f5 100644
+--- a/ext/snmp/snmp.c
++++ b/ext/snmp/snmp.c
+@@ -29,6 +29,7 @@
+ #include "php_snmp.h"
+ 
+ #include "zend_exceptions.h"
++#include "zend_smart_string.h"
+ #include "ext/spl/spl_exceptions.h"
+ #include "snmp_arginfo.h"
+ 
+@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
+ 	if (!strcasecmp(prot, "MD5")) {
+ 		s->securityAuthProto = usmHMACMD5AuthProtocol;
+ 		s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
+-	} else
++		return 0;
++	}
+ #endif
++
+ 	if (!strcasecmp(prot, "SHA")) {
+ 		s->securityAuthProto = usmHMACSHA1AuthProtocol;
+ 		s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
+-	} else {
+-		zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
+-		return (-1);
++		return 0;
+ 	}
+-	return (0);
++
++#ifdef HAVE_SNMP_SHA256
++	if (!strcasecmp(prot, "SHA256")) {
++		s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
++		s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
++		return 0;
++	}
++#endif
++
++#ifdef HAVE_SNMP_SHA512
++	if (!strcasecmp(prot, "SHA512")) {
++		s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
++		s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
++		return 0;
++	}
++#endif
++
++	smart_string err = {0};
++
++	smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
++#ifdef HAVE_SNMP_SHA256
++	smart_string_appends(&err, " or \"SHA256\"");
++#endif
++#ifdef HAVE_SNMP_SHA512
++	smart_string_appends(&err, " or \"SHA512\"");
++#endif
++#ifndef DISABLE_MD5
++	smart_string_appends(&err, " or \"MD5\"");
++#endif
++	smart_string_0(&err);
++	zend_value_error("%s", err.c);
++	smart_string_free(&err);
++	return -1;
+ }
+ /* }}} */
+ 
+diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
+index f8de846492a75..cf4f928837773 100644
+--- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
++++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
+@@ -59,7 +59,7 @@ var_dump($session->close());
+ --EXPECTF--
+ Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
+ Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
+-Authentication protocol must be either "MD5" or "SHA"
++Authentication protocol must be %s
+ 
+ Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
+ bool(false)
+diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
+index 849e363b45058..389800dad6b28 100644
+--- a/ext/snmp/tests/snmp3-error.phpt
++++ b/ext/snmp/tests/snmp3-error.phpt
+@@ -58,7 +58,7 @@ try {
+ Checking error handling
+ Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
+ Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
+-Authentication protocol must be either "MD5" or "SHA"
++Authentication protocol must be %s
+ 
+ Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
+ bool(false)

SOURCES/php-8.0.10-systzdata-v21.patch

@@ -5,7 +5,10 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.
 
 History:
-r19: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
+r22: fix possible buffer overflow
+r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
+r20: adapt for timelib 2020.03 (in 8.0.10RC1)
+r19: adapt for timelib 2020.02 (in 8.0.0beta2)
 r18: adapt for autotool change in 7.3.3RC1
 r17: adapt for timelib 2018.01 (in 7.3.2RC1)
 r16: adapt for timelib 2017.06 (in 7.2.3RC1)
@@ -55,7 +58,7 @@ index 20e4164aaa..a61243646d 100644
  timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
                   lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
 diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
-index 020da3135e..12e68ef043 100644
+index e9bd0f136d..c04ff01adc 100644
 --- a/ext/date/lib/parse_tz.c
 +++ b/ext/date/lib/parse_tz.c
 @@ -26,8 +26,21 @@
@@ -80,7 +83,7 @@ index 020da3135e..12e68ef043 100644
  
  #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
  # if defined(__LITTLE_ENDIAN__)
-@@ -88,6 +101,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
  {
  	uint32_t version;
  
@@ -92,11 +95,11 @@ index 020da3135e..12e68ef043 100644
  	/* read ID */
  	version = (*tzf)[3] - '0';
  	*tzf += 4;
-@@ -412,7 +430,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
+@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
  	}
  }
  
--static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
+-static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
 +#ifdef HAVE_SYSTEM_TZDATA
 +
 +#ifdef HAVE_SYSTEM_TZDATA_PREFIX
@@ -452,7 +455,7 @@ index 020da3135e..12e68ef043 100644
 +        size_t n;
 +        char *data, *p;
 +        
-+        data = malloc(3 * sysdb->index_size + 7);
++        data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1);
 +
 +        p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
 +
@@ -557,15 +560,15 @@ index 020da3135e..12e68ef043 100644
 +
 +#endif
 +
-+static int inmem_seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
++static int inmem_seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
  {
  	int left = 0, right = tzdb->index_size - 1;
  
-@@ -438,9 +916,49 @@ static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const
+@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
  	return 0;
  }
  
-+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
++static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
 +			       char **map, size_t *maplen,
 +			       const timelib_tzdb *tzdb)
 +{
@@ -611,8 +614,8 @@ index 020da3135e..12e68ef043 100644
  }
  
  const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -452,7 +970,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
- int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
+@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
+ int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
  {
  	const unsigned char *tzf;
 -	return (seek_to_tz_position(&tzf, timezone, tzdb));
@@ -643,8 +646,8 @@ index 020da3135e..12e68ef043 100644
  }
  
  static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -494,12 +1035,14 @@ static timelib_tzinfo* timelib_tzinfo_ctor(char *name)
- timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code)
+@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
+ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
  {
  	const unsigned char *tzf;
 +	char *memmap = NULL;
@@ -652,14 +655,16 @@ index 020da3135e..12e68ef043 100644
  	timelib_tzinfo *tmp;
  	int version;
  	int transitions_result, types_result;
- 	unsigned int type; /* TIMELIB_TZINFO_PHP or TIMELIB_TZINFO_ZONEINFO */
+@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+ 
+ 	*error_code = TIMELIB_ERROR_NO_ERROR;
  
 -	if (seek_to_tz_position(&tzf, timezone, tzdb)) {
 +	if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
  		tmp = timelib_tzinfo_ctor(timezone);
  
  		version = read_preamble(&tzf, tmp, &type);
-@@ -534,11 +1077,36 @@ timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, i
+@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
  		}
  		skip_posix_string(&tzf, tmp);
  
@@ -697,10 +702,10 @@ index 020da3135e..12e68ef043 100644
  		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
  		tmp = NULL;
 diff --git a/ext/date/php_date.c b/ext/date/php_date.c
-index e1a427c5ca..465906fa2b 100644
+index 2d5cffb963..389f09f313 100644
 --- a/ext/date/php_date.c
 +++ b/ext/date/php_date.c
-@@ -951,7 +951,11 @@ PHP_MINFO_FUNCTION(date)
+@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
  	php_info_print_table_row(2, "date/time support", "enabled");
  	php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
  	php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);

SOURCES/php-8.0.13-crypt.patch

@@ -0,0 +1,45 @@
+From fc4e31467c352032ee709ac55d3c67bc22abcd8d Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Fri, 15 Oct 2021 17:11:12 +0200
+Subject: [PATCH] add --with-external-libcrypt build option display an error
+ message if some algo not available in external libcrypt
+
+---
+ ext/standard/config.m4 | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
+index 58b9c5e658a4..3ec18be4d7df 100644
+--- a/ext/standard/config.m4
++++ b/ext/standard/config.m4
+@@ -267,14 +267,25 @@ int main() {
+ ])])
+ 
+ 
++PHP_ARG_WITH([external-libcrypt],
++  [for external libcrypt or libxcrypt],
++  [AS_HELP_STRING([--with-external-libcrypt],
++    [Use external libcrypt or libxcrypt])],
++  [no],
++  [no])
++
+ dnl
+ dnl If one of them is missing, use our own implementation, portable code is then possible
+ dnl
+-dnl TODO This is currently always enabled
+-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then
+-  AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
+-
+-  PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
++dnl This is currently enabled by default
++if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
++  if test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
++    AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
++
++    PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
++   else
++    AC_MSG_ERROR([Cannot use external libcrypt as some algo are missing])
++   fi
+ else
+   AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
+ fi

SOURCES/php-8.0.19-parser.patch

@@ -0,0 +1,16 @@
+diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
+--- ./build/gen_stub.php.syslib	2020-06-25 08:11:51.782046813 +0200
++++ ./build/gen_stub.php	2020-06-25 08:13:11.188860368 +0200
+@@ -1075,6 +1075,12 @@ function initPhpParser() {
+     }
+ 
+     $isInitialized = true;
++
++    if (file_exists('/usr/share/php/PhpParser4/autoload.php')) {
++        require_once '/usr/share/php/PhpParser4/autoload.php';
++        return;
++    }
++
+     $version = "4.13.0";
+     $phpParserDir = __DIR__ . "/PHP-Parser-$version";
+     if (!is_dir($phpParserDir)) {

SOURCES/php-8.0.30.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmTL4VIACgkQ+cOdwLlp
+hUQzrQ//cGopLQ71fiXCM+IYoT7RITJWWeh81fuDpL7bqZblaLRjpoI5I7iUoD10
+seJMLrzRxh72A3yY5GoF+LVBFc8J4MsOTJLXpIVWYheOY+BVLDhQHOFSZpT3JDN5
+UH6q21WS6wobwj3fFzJzHSSo8GDeSQ60D1Vq5t5ZVWb6uvmzf/cctcjlWB/Zp/X+
+hFS6HzrxqM/LBd1IocnTJoLJ2SFCyOS6n9yRJGOW4M3bSqtaTwv1Rd4kTybO0cnF
+7bJ71+RAQJZIRG9sOHF3ZtPx08kR5NKR3Ev/9YmlrBWMXMOZs3NvM1UB7zcJ8Qok
+CbYrVsyoEk8La8oCV6Jm2jjD73XY7QIWKBuZMerTP9Y+FTP2m699gXeoamuizriY
+vWF3j0to67mUY9wWq+4ahfVFdX043mWs2pzvjYTcFcKX0MxFOKMILnAN70a7dKGh
+D45B0PdCezJvRjsbO9ynfBmCuBzWGWeQDIM9UlJatu8ND4dS+dWp6FPqgZY8wQke
+8/P6FZlZ9wBsKvfWyA/xLr3fN71u+C3CLgTIOzYhI12FDyb6Cbxy8cq8ruGF4D5x
+CaSvaOSAXKIPmOhtLgwk2V5jcLlj45cNyFm9PTvqLo3urJFSDXdLJ2Rns5+xjMX9
+tMiJS4N8UvvhhVDSJr2/qvmh6inhsTRHuUdR8dacapnW0AgsN88=
+=Gqmv
+-----END PGP SIGNATURE-----

SOURCES/php-8.0.6-deprecated.patch

@@ -0,0 +1,400 @@
+From 4dc8b3c0efaae25b08c8f59b068f17c97c59d0ae Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 5 May 2021 15:41:00 +0200
+Subject: [PATCH] get rid of inet_aton and inet_ntoa use inet_ntop iand
+ inet_pton where available standardize buffer size
+
+---
+ ext/sockets/sockaddr_conv.c |  4 ++++
+ ext/sockets/sockets.c       | 48 +++++++++++++++++++++++++------------
+ ext/standard/dns.c          | 16 ++++++++++++-
+ main/network.c              | 20 ++++++++++++++--
+ 4 files changed, 70 insertions(+), 18 deletions(-)
+
+diff --git a/ext/sockets/sockaddr_conv.c b/ext/sockets/sockaddr_conv.c
+index 57996612d2d7e..65c8418fb3a6f 100644
+--- a/ext/sockets/sockaddr_conv.c
++++ b/ext/sockets/sockaddr_conv.c
+@@ -87,7 +87,11 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
+ 	struct in_addr tmp;
+ 	struct hostent *host_entry;
+ 
++#ifdef HAVE_INET_PTON
++	if (inet_pton(AF_INET, string, &tmp)) {
++#else
+ 	if (inet_aton(string, &tmp)) {
++#endif
+ 		sin->sin_addr.s_addr = tmp.s_addr;
+ 	} else {
+ 		if (strlen(string) > MAXFQDNLEN || ! (host_entry = php_network_gethostbyname(string))) {
+diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
+index 16ad3e8013a4c..85c938d1b97b1 100644
+--- a/ext/sockets/sockets.c
++++ b/ext/sockets/sockets.c
+@@ -220,8 +220,10 @@ zend_module_entry sockets_module_entry = {
+ ZEND_GET_MODULE(sockets)
+ #endif
+ 
++#ifndef HAVE_INET_NTOP
+ /* inet_ntop should be used instead of inet_ntoa */
+ int inet_ntoa_lock = 0;
++#endif
+ 
+ static int php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{ */
+ {
+@@ -1082,10 +1084,12 @@ PHP_FUNCTION(socket_getsockname)
+ 	struct sockaddr_in		*sin;
+ #if HAVE_IPV6
+ 	struct sockaddr_in6		*sin6;
+-	char					addr6[INET6_ADDRSTRLEN+1];
++#endif
++#ifdef HAVE_INET_NTOP
++	char					addrbuf[INET6_ADDRSTRLEN];
+ #endif
+ 	struct sockaddr_un		*s_un;
+-	char					*addr_string;
++	const char				*addr_string;
+ 	socklen_t				salen = sizeof(php_sockaddr_storage);
+ 
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &addr, &port) == FAILURE) {
+@@ -1106,8 +1110,8 @@ PHP_FUNCTION(socket_getsockname)
+ #if HAVE_IPV6
+ 		case AF_INET6:
+ 			sin6 = (struct sockaddr_in6 *) sa;
+-			inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
+-			ZEND_TRY_ASSIGN_REF_STRING(addr, addr6);
++			inet_ntop(AF_INET6, &sin6->sin6_addr,  addrbuf, sizeof(addrbuf));
++			ZEND_TRY_ASSIGN_REF_STRING(addr, addrbuf);
+ 
+ 			if (port != NULL) {
+ 				ZEND_TRY_ASSIGN_REF_LONG(port, htons(sin6->sin6_port));
+@@ -1117,11 +1121,14 @@ PHP_FUNCTION(socket_getsockname)
+ #endif
+ 		case AF_INET:
+ 			sin = (struct sockaddr_in *) sa;
++#ifdef HAVE_INET_NTOP
++			addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
++#else
+ 			while (inet_ntoa_lock == 1);
+ 			inet_ntoa_lock = 1;
+ 			addr_string = inet_ntoa(sin->sin_addr);
+ 			inet_ntoa_lock = 0;
+-
++#endif
+ 			ZEND_TRY_ASSIGN_REF_STRING(addr, addr_string);
+ 
+ 			if (port != NULL) {
+@@ -1154,10 +1161,12 @@ PHP_FUNCTION(socket_getpeername)
+ 	struct sockaddr_in		*sin;
+ #if HAVE_IPV6
+ 	struct sockaddr_in6		*sin6;
+-	char					addr6[INET6_ADDRSTRLEN+1];
++#endif
++#ifdef HAVE_INET_NTOP
++	char					addrbuf[INET6_ADDRSTRLEN];
+ #endif
+ 	struct sockaddr_un		*s_un;
+-	char					*addr_string;
++	const char				*addr_string;
+ 	socklen_t				salen = sizeof(php_sockaddr_storage);
+ 
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &arg2, &arg3) == FAILURE) {
+@@ -1178,9 +1187,9 @@ PHP_FUNCTION(socket_getpeername)
+ #if HAVE_IPV6
+ 		case AF_INET6:
+ 			sin6 = (struct sockaddr_in6 *) sa;
+-			inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
++			inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
+ 
+-			ZEND_TRY_ASSIGN_REF_STRING(arg2, addr6);
++			ZEND_TRY_ASSIGN_REF_STRING(arg2, addrbuf);
+ 
+ 			if (arg3 != NULL) {
+ 				ZEND_TRY_ASSIGN_REF_LONG(arg3, htons(sin6->sin6_port));
+@@ -1191,11 +1200,14 @@ PHP_FUNCTION(socket_getpeername)
+ #endif
+ 		case AF_INET:
+ 			sin = (struct sockaddr_in *) sa;
++#ifdef HAVE_INET_NTOP
++			addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
++#else
+ 			while (inet_ntoa_lock == 1);
+ 			inet_ntoa_lock = 1;
+ 			addr_string = inet_ntoa(sin->sin_addr);
+ 			inet_ntoa_lock = 0;
+-
++#endif
+ 			ZEND_TRY_ASSIGN_REF_STRING(arg2, addr_string);
+ 
+ 			if (arg3 != NULL) {
+@@ -1527,12 +1539,14 @@ PHP_FUNCTION(socket_recvfrom)
+ 	struct sockaddr_in	sin;
+ #if HAVE_IPV6
+ 	struct sockaddr_in6	sin6;
+-	char				addr6[INET6_ADDRSTRLEN];
++#endif
++#ifdef HAVE_INET_NTOP
++	char				addrbuf[INET6_ADDRSTRLEN];
+ #endif
+ 	socklen_t			slen;
+ 	int					retval;
+ 	zend_long				arg3, arg4;
+-	char				*address;
++	const char			*address;
+ 	zend_string			*recv_buf;
+ 
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Ozllz|z", &arg1, socket_ce, &arg2, &arg3, &arg4, &arg5, &arg6) == FAILURE) {
+@@ -1590,7 +1604,11 @@ PHP_FUNCTION(socket_recvfrom)
+ 			ZSTR_LEN(recv_buf) = retval;
+ 			ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
+ 
++#ifdef HAVE_INET_NTOP
++			address = inet_ntop(AF_INET, &sin.sin_addr, addrbuf, sizeof(addrbuf));
++#else
+ 			address = inet_ntoa(sin.sin_addr);
++#endif
+ 
+ 			ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
+ 			ZEND_TRY_ASSIGN_REF_STRING(arg5, address ? address : "0.0.0.0");
+@@ -1617,11 +1635,11 @@ PHP_FUNCTION(socket_recvfrom)
+ 			ZSTR_LEN(recv_buf) = retval;
+ 			ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
+ 
+-			memset(addr6, 0, INET6_ADDRSTRLEN);
+-			inet_ntop(AF_INET6, &sin6.sin6_addr, addr6, INET6_ADDRSTRLEN);
++			memset(addrbuf, 0, INET6_ADDRSTRLEN);
++			inet_ntop(AF_INET6, &sin6.sin6_addr,  addrbuf, sizeof(addrbuf));
+ 
+ 			ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
+-			ZEND_TRY_ASSIGN_REF_STRING(arg5, addr6[0] ? addr6 : "::");
++			ZEND_TRY_ASSIGN_REF_STRING(arg5, addrbuf[0] ? addrbuf : "::");
+ 			ZEND_TRY_ASSIGN_REF_LONG(arg6, ntohs(sin6.sin6_port));
+ 			break;
+ #endif
+diff --git a/ext/standard/dns.c b/ext/standard/dns.c
+index 41b98424edb60..6efdbbe894b46 100644
+--- a/ext/standard/dns.c
++++ b/ext/standard/dns.c
+@@ -228,6 +228,9 @@ PHP_FUNCTION(gethostbynamel)
+ 	struct hostent *hp;
+ 	struct in_addr in;
+ 	int i;
++#ifdef HAVE_INET_NTOP
++	char addr4[INET_ADDRSTRLEN];
++#endif
+ 
+ 	ZEND_PARSE_PARAMETERS_START(1, 1)
+ 		Z_PARAM_PATH(hostname, hostname_len)
+@@ -255,7 +258,11 @@ PHP_FUNCTION(gethostbynamel)
+ 		}
+ 
+ 		in = *h_addr_entry;
++#ifdef HAVE_INET_NTOP
++		add_next_index_string(return_value, inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN));
++#else
+ 		add_next_index_string(return_value, inet_ntoa(in));
++#endif
+ 	}
+ }
+ /* }}} */
+@@ -266,7 +273,10 @@ static zend_string *php_gethostbyname(char *name)
+ 	struct hostent *hp;
+ 	struct in_addr *h_addr_0; /* Don't call this h_addr, it's a macro! */
+ 	struct in_addr in;
+-	char *address;
++#ifdef HAVE_INET_NTOP
++	char addr4[INET_ADDRSTRLEN];
++#endif
++	const char *address;
+ 
+ 	hp = php_network_gethostbyname(name);
+ 	if (!hp) {
+@@ -281,7 +291,11 @@ static zend_string *php_gethostbyname(char *name)
+ 
+ 	memcpy(&in.s_addr, h_addr_0, sizeof(in.s_addr));
+ 
++#ifdef HAVE_INET_NTOP
++	address = inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN);
++#else
+ 	address = inet_ntoa(in);
++#endif
+ 	return zend_string_init(address, strlen(address), 0);
+ }
+ /* }}} */
+diff --git a/main/network.c b/main/network.c
+index 2c504952b2dd1..7f2f714ec42df 100644
+--- a/main/network.c
++++ b/main/network.c
+@@ -236,8 +236,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
+ 	} while ((sai = sai->ai_next) != NULL);
+ 
+ 	freeaddrinfo(res);
++#else
++#ifdef HAVE_INET_PTON
++	if (!inet_pton(AF_INET, host, &in)) {
+ #else
+ 	if (!inet_aton(host, &in)) {
++#endif
+ 		if(strlen(host) > MAXFQDNLEN) {
+ 			host_info = NULL;
+ 			errno = E2BIG;
+@@ -555,7 +559,11 @@ PHPAPI int php_network_parse_network_address_with_port(const char *addr, zend_lo
+ 		goto out;
+ 	}
+ #endif
++#ifdef HAVE_INET_PTON
++	if (inet_pton(AF_INET, tmp, &in4->sin_addr) > 0) {
++#else
+ 	if (inet_aton(tmp, &in4->sin_addr) > 0) {
++#endif
+ 		in4->sin_port = htons(port);
+ 		in4->sin_family = AF_INET;
+ 		*sl = sizeof(struct sockaddr_in);
+@@ -617,15 +625,19 @@ PHPAPI void php_network_populate_name_from_sockaddr(
+ 	}
+ 
+ 	if (textaddr) {
+-#if HAVE_IPV6 && HAVE_INET_NTOP
++#ifdef HAVE_INET_NTOP
+ 		char abuf[256];
+ #endif
+-		char *buf = NULL;
++		const char *buf = NULL;
+ 
+ 		switch (sa->sa_family) {
+ 			case AF_INET:
+ 				/* generally not thread safe, but it *is* thread safe under win32 */
++#ifdef HAVE_INET_NTOP
++				buf = inet_ntop(AF_INET, &((struct sockaddr_in*)sa)->sin_addr, (char *)&abuf, sizeof(abuf));
++#else
+ 				buf = inet_ntoa(((struct sockaddr_in*)sa)->sin_addr);
++#endif
+ 				if (buf) {
+ 					*textaddr = strpprintf(0, "%s:%d",
+ 						buf, ntohs(((struct sockaddr_in*)sa)->sin_port));
+@@ -862,7 +874,11 @@ php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short
+ 
+ 					in4->sin_family = sa->sa_family;
+ 					in4->sin_port = htons(bindport);
++#ifdef HAVE_INET_PTON
++					if (!inet_pton(AF_INET, bindto, &in4->sin_addr)) {
++#else
+ 					if (!inet_aton(bindto, &in4->sin_addr)) {
++#endif
+ 						php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
+ 						goto skip_bind;
+ 					}
+From e5b6f43ec7813392d83ea586b7902e0396a1f792 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 6 May 2021 14:21:29 +0200
+Subject: [PATCH] get rid of inet_addr usage
+
+---
+ main/fastcgi.c            | 4 ++++
+ sapi/litespeed/lsapilib.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/main/fastcgi.c b/main/fastcgi.c
+index 071f69d3a7f0..c936d42405de 100644
+--- a/main/fastcgi.c
++++ b/main/fastcgi.c
+@@ -688,8 +688,12 @@ int fcgi_listen(const char *path, int backlog)
+ 		if (!*host || !strncmp(host, "*", sizeof("*")-1)) {
+ 			sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY);
+ 		} else {
++#ifdef HAVE_INET_PTON
++			if (!inet_pton(AF_INET, host, &sa.sa_inet.sin_addr)) {
++#else
+ 			sa.sa_inet.sin_addr.s_addr = inet_addr(host);
+ 			if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
++#endif
+ 				struct hostent *hep;
+ 
+ 				if(strlen(host) > MAXFQDNLEN) {
+diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
+index a72b5dc1b988..305f3326a682 100644
+--- a/sapi/litespeed/lsapilib.c
++++ b/sapi/litespeed/lsapilib.c
+@@ -2672,8 +2672,12 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr )
+             ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = htonl( INADDR_LOOPBACK );
+         else
+         {
++#ifdef HAVE_INET_PTON
++            if (!inet_pton(AF_INET, p, &((struct sockaddr_in *)pAddr)->sin_addr))
++#else
+             ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = inet_addr( p );
+             if ( ((struct sockaddr_in *)pAddr)->sin_addr.s_addr == INADDR_BROADCAST)
++#endif
+             {
+                 doAddrInfo = 1;
+             }
+From 99d67d121acd4c324738509679d23acaf759d065 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 6 May 2021 16:35:48 +0200
+Subject: [PATCH] use getnameinfo instead of gethostbyaddr
+
+---
+ ext/standard/dns.c | 34 ++++++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/ext/standard/dns.c b/ext/standard/dns.c
+index edd9a4549f5c..540c777faaba 100644
+--- a/ext/standard/dns.c
++++ b/ext/standard/dns.c
+@@ -169,20 +169,30 @@ PHP_FUNCTION(gethostbyaddr)
+ static zend_string *php_gethostbyaddr(char *ip)
+ {
+ #if HAVE_IPV6 && HAVE_INET_PTON
+-	struct in6_addr addr6;
+-#endif
+-	struct in_addr addr;
+-	struct hostent *hp;
++	struct sockaddr_in sa4;
++	struct sockaddr_in6 sa6;
++	char out[NI_MAXHOST];
+ 
+-#if HAVE_IPV6 && HAVE_INET_PTON
+-	if (inet_pton(AF_INET6, ip, &addr6)) {
+-		hp = gethostbyaddr((char *) &addr6, sizeof(addr6), AF_INET6);
+-	} else if (inet_pton(AF_INET, ip, &addr)) {
+-		hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
+-	} else {
+-		return NULL;
++	if (inet_pton(AF_INET6, ip, &sa6.sin6_addr)) {
++		sa6.sin6_family = AF_INET6;
++
++		if (getnameinfo((struct sockaddr *)&sa6, sizeof(sa6), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
++			return zend_string_init(ip, strlen(ip), 0);
++		}
++		return zend_string_init(out, strlen(out), 0);
++	} else if (inet_pton(AF_INET, ip, &sa4.sin_addr)) {
++		sa4.sin_family = AF_INET;
++
++		if (getnameinfo((struct sockaddr *)&sa4, sizeof(sa4), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
++			return zend_string_init(ip, strlen(ip), 0);
++		}
++		return zend_string_init(out, strlen(out), 0);
+ 	}
++	return NULL; /* not a valid IP */
+ #else
++	struct in_addr addr;
++	struct hostent *hp;
++
+ 	addr.s_addr = inet_addr(ip);
+ 
+ 	if (addr.s_addr == -1) {
+@@ -190,13 +200,13 @@ static zend_string *php_gethostbyaddr(char *ip)
+ 	}
+ 
+ 	hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
+-#endif
+ 
+ 	if (!hp || hp->h_name == NULL || hp->h_name[0] == '\0') {
+ 		return zend_string_init(ip, strlen(ip), 0);
+ 	}
+ 
+ 	return zend_string_init(hp->h_name, strlen(hp->h_name), 0);
++#endif
+ }
+ /* }}} */
+ 

SOURCES/php-cve-2022-31631.patch

@@ -1,84 +0,0 @@
-From 7cb160efe19d3dfb8b92629805733ea186b55050 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Mon, 31 Oct 2022 17:20:23 +0100
-Subject: [PATCH 1/2] Fix #81740: PDO::quote() may return unquoted string
-
-`sqlite3_snprintf()` expects its first parameter to be `int`; we need
-to avoid overflow.
-
-(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba)
----
- ext/pdo_sqlite/sqlite_driver.c     |  3 +++
- ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++
- 2 files changed, 20 insertions(+)
- create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt
-
-diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
-index 0595bd09feb..54f9d05e1e2 100644
---- a/ext/pdo_sqlite/sqlite_driver.c
-+++ b/ext/pdo_sqlite/sqlite_driver.c
-@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t
- /* NB: doesn't handle binary strings... use prepared stmts for that */
- static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
- {
-+	if (unquotedlen > (INT_MAX - 3) / 2) {
-+		return 0;
-+	}
- 	*quoted = safe_emalloc(2, unquotedlen, 3);
- 	sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
- 	*quotedlen = strlen(*quoted);
-diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt
-new file mode 100644
-index 00000000000..99fb07c3048
---- /dev/null
-+++ b/ext/pdo_sqlite/tests/bug81740.phpt
-@@ -0,0 +1,17 @@
-+--TEST--
-+Bug #81740 (PDO::quote() may return unquoted string)
-+--SKIPIF--
-+<?php
-+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
-+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
-+?>
-+--INI--
-+memory_limit=-1
-+--FILE--
-+<?php
-+$pdo = new PDO("sqlite::memory:");
-+$string = str_repeat("a", 0x80000000);
-+var_dump($pdo->quote($string));
-+?>
-+--EXPECT--
-+bool(false)
--- 
-2.38.1
-
-From 7328f3a0344806b846bd05657bdce96e47810bf0 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 19 Dec 2022 09:24:02 +0100
-Subject: [PATCH 2/2] NEWS
-
----
- NEWS | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 8a8c0c9285d..03e8c839c77 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,5 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-+
-+Backported from 8.0.27
-+
-+- PDO/SQLite:
-+  . Fixed bug #81740 (PDO::quote() may return unquoted string).
-+    (CVE-2022-31631) (cmb)
-+
- 03 Nov 2022, PHP 7.4.33
- 
- - GD:
--- 
-2.38.1
-

SOURCES/php-cve-2023-0567.patch

@@ -1,188 +0,0 @@
-From 7437aaae38cf4b3357e7580f9e22fd4a403b6c23 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
-Date: Mon, 23 Jan 2023 21:15:24 +0100
-Subject: [PATCH 1/7] crypt: Fix validation of malformed BCrypt hashes
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-PHP’s implementation of crypt_blowfish differs from the upstream Openwall
-version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
-by including a `$` character within the characters that represent the salt.
-
-Hashes that are affected by the “PHP Hack” may erroneously validate any
-password as valid when used with `password_verify` and when comparing the
-return value of `crypt()` against the input.
-
-The PHP Hack exists since the first version of PHP’s own crypt_blowfish
-implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5.
-
-No clear reason is given for the PHP Hack’s existence. This commit removes it,
-because BCrypt hashes containing a `$` character in their salt are not valid
-BCrypt hashes.
-
-(cherry picked from commit c840f71524067aa474c00c3eacfb83bd860bfc8a)
----
- ext/standard/crypt_blowfish.c                 |  8 --
- .../tests/crypt/bcrypt_salt_dollar.phpt       | 82 +++++++++++++++++++
- 2 files changed, 82 insertions(+), 8 deletions(-)
- create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
-
-diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
-index c1f945f29ed..aa7e1bc2e68 100644
---- a/ext/standard/crypt_blowfish.c
-+++ b/ext/standard/crypt_blowfish.c
-@@ -376,7 +376,6 @@ static unsigned char BF_atoi64[0x60] = {
- #define BF_safe_atoi64(dst, src) \
- { \
- 	tmp = (unsigned char)(src); \
--	if (tmp == '$') break; /* PHP hack */ \
- 	if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
- 	tmp = BF_atoi64[tmp]; \
- 	if (tmp > 63) return -1; \
-@@ -404,13 +403,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
- 		*dptr++ = ((c3 & 0x03) << 6) | c4;
- 	} while (dptr < end);
- 
--	if (end - dptr == size) {
--		return -1;
--	}
--
--	while (dptr < end) /* PHP hack */
--		*dptr++ = 0;
--
- 	return 0;
- }
- 
-diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
-new file mode 100644
-index 00000000000..32e335f4b08
---- /dev/null
-+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
-@@ -0,0 +1,82 @@
-+--TEST--
-+bcrypt correctly rejects salts containing $
-+--FILE--
-+<?php
-+for ($i = 0; $i < 23; $i++) {
-+	$salt = '$2y$04$' . str_repeat('0', $i) . '$';
-+	$result = crypt("foo", $salt);
-+	var_dump($salt);
-+	var_dump($result);
-+	var_dump($result === $salt);
-+}
-+?>
-+--EXPECT--
-+string(8) "$2y$04$$"
-+string(2) "*0"
-+bool(false)
-+string(9) "$2y$04$0$"
-+string(2) "*0"
-+bool(false)
-+string(10) "$2y$04$00$"
-+string(2) "*0"
-+bool(false)
-+string(11) "$2y$04$000$"
-+string(2) "*0"
-+bool(false)
-+string(12) "$2y$04$0000$"
-+string(2) "*0"
-+bool(false)
-+string(13) "$2y$04$00000$"
-+string(2) "*0"
-+bool(false)
-+string(14) "$2y$04$000000$"
-+string(2) "*0"
-+bool(false)
-+string(15) "$2y$04$0000000$"
-+string(2) "*0"
-+bool(false)
-+string(16) "$2y$04$00000000$"
-+string(2) "*0"
-+bool(false)
-+string(17) "$2y$04$000000000$"
-+string(2) "*0"
-+bool(false)
-+string(18) "$2y$04$0000000000$"
-+string(2) "*0"
-+bool(false)
-+string(19) "$2y$04$00000000000$"
-+string(2) "*0"
-+bool(false)
-+string(20) "$2y$04$000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(21) "$2y$04$0000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(22) "$2y$04$00000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(23) "$2y$04$000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(24) "$2y$04$0000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(25) "$2y$04$00000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(26) "$2y$04$000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(27) "$2y$04$0000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(28) "$2y$04$00000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(29) "$2y$04$000000000000000000000$"
-+string(2) "*0"
-+bool(false)
-+string(30) "$2y$04$0000000000000000000000$"
-+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
-+bool(false)
--- 
-2.39.1
-
-From ed0281b588a6840cb95f3134a4e68847a3be5bb7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
-Date: Mon, 23 Jan 2023 22:13:57 +0100
-Subject: [PATCH 2/7] crypt: Fix possible buffer overread in php_crypt()
-
-(cherry picked from commit a92acbad873a05470af1a47cb785a18eadd827b5)
----
- ext/standard/crypt.c                                   | 1 +
- ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++
- 2 files changed, 9 insertions(+)
- create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt
-
-diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
-index 92430b69f77..04487f3fe5a 100644
---- a/ext/standard/crypt.c
-+++ b/ext/standard/crypt.c
-@@ -151,6 +151,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
- 		} else if (
- 				salt[0] == '$' &&
- 				salt[1] == '2' &&
-+				salt[2] != 0 &&
- 				salt[3] == '$') {
- 			char output[PHP_MAX_SALT_LEN + 1];
- 
-diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt
-new file mode 100644
-index 00000000000..085bc8a2390
---- /dev/null
-+++ b/ext/standard/tests/password/password_bcrypt_short.phpt
-@@ -0,0 +1,8 @@
-+--TEST--
-+Test that password_hash() does not overread buffers when a short hash is passed
-+--FILE--
-+<?php
-+var_dump(password_verify("foo", '$2'));
-+?>
-+--EXPECT--
-+bool(false)
--- 
-2.39.1
-

SOURCES/php-cve-2023-0568.patch

@@ -1,98 +0,0 @@
-From 887cd0710ad856a0d22c329b6ea6c71ebd8621ae Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Fri, 27 Jan 2023 19:28:27 +0100
-Subject: [PATCH 3/7] Fix array overrun when appending slash to paths
-
-Fix it by extending the array sizes by one character. As the input is
-limited to the maximum path length, there will always be place to append
-the slash. As the php_check_specific_open_basedir() simply uses the
-strings to compare against each other, no new failures related to too
-long paths are introduced.
-We'll let the DOM and XML case handle a potentially too long path in the
-library code.
-
-(cherry picked from commit ec10b28d64decbc54aa1e585dce580f0bd7a5953)
----
- ext/dom/document.c            | 2 +-
- ext/xmlreader/php_xmlreader.c | 2 +-
- main/fopen_wrappers.c         | 6 +++---
- 3 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/ext/dom/document.c b/ext/dom/document.c
-index b478e1a1aab..e683eb8f701 100644
---- a/ext/dom/document.c
-+++ b/ext/dom/document.c
-@@ -1380,7 +1380,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
- 	int validate, recover, resolve_externals, keep_blanks, substitute_ent;
- 	int resolved_path_len;
- 	int old_error_reporting = 0;
--	char *directory=NULL, resolved_path[MAXPATHLEN];
-+	char *directory=NULL, resolved_path[MAXPATHLEN + 1];
- 
- 	if (id != NULL) {
- 		intern = Z_DOMOBJ_P(id);
-diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
-index 06f569949ce..ecc81ad1470 100644
---- a/ext/xmlreader/php_xmlreader.c
-+++ b/ext/xmlreader/php_xmlreader.c
-@@ -1038,7 +1038,7 @@ PHP_METHOD(xmlreader, XML)
- 	xmlreader_object *intern = NULL;
- 	char *source, *uri = NULL, *encoding = NULL;
- 	int resolved_path_len, ret = 0;
--	char *directory=NULL, resolved_path[MAXPATHLEN];
-+	char *directory=NULL, resolved_path[MAXPATHLEN + 1];
- 	xmlParserInputBufferPtr inputbfr;
- 	xmlTextReaderPtr reader;
- 
-diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
-index 27135020fa3..90de040a218 100644
---- a/main/fopen_wrappers.c
-+++ b/main/fopen_wrappers.c
-@@ -138,10 +138,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
- */
- PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
- {
--	char resolved_name[MAXPATHLEN];
--	char resolved_basedir[MAXPATHLEN];
-+	char resolved_name[MAXPATHLEN + 1];
-+	char resolved_basedir[MAXPATHLEN + 1];
- 	char local_open_basedir[MAXPATHLEN];
--	char path_tmp[MAXPATHLEN];
-+	char path_tmp[MAXPATHLEN + 1];
- 	char *path_file;
- 	size_t resolved_basedir_len;
- 	size_t resolved_name_len;
--- 
-2.39.1
-
-From 614468ce4056c0ef93aae09532dcffdf65b594b5 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 13 Feb 2023 11:46:47 +0100
-Subject: [PATCH 4/7] NEWS
-
----
- NEWS | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 03e8c839c77..8157a20d4b3 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,14 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.0.28
-+
-+- Core:
-+  . Fixed bug #81744 (Password_verify() always return true with some hash).
-+    (CVE-2023-0567). (Tim Düsterhus)
-+  . Fixed bug #81746 (1-byte array overrun in common path resolve code).
-+    (CVE-2023-0568). (Niels Dossche)
-+
- Backported from 8.0.27
- 
- - PDO/SQLite:
--- 
-2.39.1
-

SOURCES/php-cve-2023-0662.patch

@@ -1,143 +0,0 @@
-From 3a2fdef1ae38881110006616ee1f0534b082ca45 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Thu, 19 Jan 2023 14:11:18 +0000
-Subject: [PATCH 5/7] Fix repeated warning for file uploads limit exceeding
-
----
- main/rfc1867.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index edef19c16d6..4931b9aeefb 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -922,7 +922,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 				skip_upload = 1;
- 			} else if (upload_cnt <= 0) {
- 				skip_upload = 1;
--				sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
-+				if (upload_cnt == 0) {
-+					--upload_cnt;
-+					sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
-+				}
- 			}
- 
- 			/* Return with an error if the posted data is garbled */
--- 
-2.39.1
-
-From 8ec78d28d20c82c75c4747f44c52601cfdb22516 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Thu, 19 Jan 2023 14:31:25 +0000
-Subject: [PATCH 6/7] Introduce max_multipart_body_parts INI
-
-This fixes GHSA-54hq-v5wp-fqgv DOS vulnerabality by limitting number of
-parsed multipart body parts as currently all parts were always parsed.
----
- main/main.c    |  1 +
- main/rfc1867.c | 11 +++++++++++
- 2 files changed, 12 insertions(+)
-
-diff --git a/main/main.c b/main/main.c
-index 0b33b2b56c9..d8c465988cc 100644
---- a/main/main.c
-+++ b/main/main.c
-@@ -836,6 +836,7 @@ PHP_INI_BEGIN()
- 	PHP_INI_ENTRY("disable_functions",			"",			PHP_INI_SYSTEM,		NULL)
- 	PHP_INI_ENTRY("disable_classes",			"",			PHP_INI_SYSTEM,		NULL)
- 	PHP_INI_ENTRY("max_file_uploads",			"20",			PHP_INI_SYSTEM|PHP_INI_PERDIR,		NULL)
-+	PHP_INI_ENTRY("max_multipart_body_parts",	"-1",			PHP_INI_SYSTEM|PHP_INI_PERDIR,		NULL)
- 
- 	STD_PHP_INI_BOOLEAN("allow_url_fopen",		"1",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_fopen,		php_core_globals,		core_globals)
- 	STD_PHP_INI_BOOLEAN("allow_url_include",	"0",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_include,		php_core_globals,		core_globals)
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index 4931b9aeefb..1b212c93325 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -694,6 +694,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 	void *event_extra_data = NULL;
- 	unsigned int llen = 0;
- 	int upload_cnt = INI_INT("max_file_uploads");
-+	int body_parts_cnt = INI_INT("max_multipart_body_parts");
- 	const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding();
- 	php_rfc1867_getword_t getword;
- 	php_rfc1867_getword_conf_t getword_conf;
-@@ -715,6 +716,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 		return;
- 	}
- 
-+	if (body_parts_cnt < 0) {
-+		body_parts_cnt = PG(max_input_vars) + upload_cnt;
-+	}
-+	int body_parts_limit = body_parts_cnt;
-+
- 	/* Get the boundary */
- 	boundary = strstr(content_type_dup, "boundary");
- 	if (!boundary) {
-@@ -799,6 +805,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 			char *pair = NULL;
- 			int end = 0;
- 
-+			if (--body_parts_cnt < 0) {
-+				php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit);
-+				goto fileupload_done;
-+			}
-+
- 			while (isspace(*cd)) {
- 				++cd;
- 			}
--- 
-2.39.1
-
-From 472db3ee3a00ac00d36019eee0b3b7362334481c Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 14 Feb 2023 09:14:47 +0100
-Subject: [PATCH 7/7] NEWS
-
----
- NEWS | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 8157a20d4b3..c1668368818 100644
---- a/NEWS
-+++ b/NEWS
-@@ -9,6 +9,10 @@ Backported from 8.0.28
-   . Fixed bug #81746 (1-byte array overrun in common path resolve code).
-     (CVE-2023-0568). (Niels Dossche)
- 
-+- FPM:
-+  . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
-+    request body). (CVE-2023-0662) (Jakub Zelenka)
-+
- Backported from 8.0.27
- 
- - PDO/SQLite:
--- 
-2.39.1
-
-From c04f310440a906fc4ca885f4ecf6e3e4cd36edc7 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 14 Feb 2023 11:47:22 +0100
-Subject: [PATCH] fix NEWS, not FPM specific
-
----
- NEWS | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index c1668368818..3f8739eae78 100644
---- a/NEWS
-+++ b/NEWS
-@@ -8,8 +8,6 @@ Backported from 8.0.28
-     (CVE-2023-0567). (Tim Düsterhus)
-   . Fixed bug #81746 (1-byte array overrun in common path resolve code).
-     (CVE-2023-0568). (Niels Dossche)
--
--- FPM:
-   . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
-     request body). (CVE-2023-0662) (Jakub Zelenka)
- 
--- 
-2.39.1
-

SOURCES/php-cve-2023-3247.patch

@@ -1,152 +0,0 @@
-From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sun, 16 Apr 2023 15:05:03 +0200
-Subject: [PATCH] Fix missing randomness check and insufficient random bytes
- for SOAP HTTP Digest
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If php_random_bytes_throw fails, the nonce will be uninitialized, but
-still sent to the server. The client nonce is intended to protect
-against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1],
-and bullet point 2 below.
-
-Tim pointed out that even though it's the MD5 of the nonce that gets sent,
-enumerating 31 bits is trivial. So we have still a stack information leak
-of 31 bits.
-
-Furthermore, Tim found the following issues:
-* The small size of cnonce might cause the server to erroneously reject
-  a request due to a repeated (cnonce, nc) pair. As per the birthday
-  problem 31 bits of randomness will return a duplication with 50%
-  chance after less than 55000 requests and nc always starts counting at 1.
-* The cnonce is intended to protect the client and password against a
-  malicious server that returns a constant server nonce where the server
-  precomputed a rainbow table between passwords and correct client response.
-  As storage is fairly cheap, a server could precompute the client responses
-  for (a subset of) client nonces and still have a chance of reversing the
-  client response with the same probability as the cnonce duplication.
-
-  Precomputing the rainbow table for all 2^31 cnonces increases the rainbow
-  table size by factor 2 billion, which is infeasible. But precomputing it
-  for 2^14 cnonces only increases the table size by factor 16k and the server
-  would still have a 10% chance of successfully reversing a password with a
-  single client request.
-
-This patch fixes the issues by increasing the nonce size, and checking
-the return value of php_random_bytes_throw(). In the process we also get
-rid of the MD5 hashing of the nonce.
-
-[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616
-
-Co-authored-by: Tim Düsterhus <timwolla@php.net>
-(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a)
----
- NEWS                |  6 ++++++
- ext/soap/php_http.c | 21 +++++++++++++--------
- 2 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 3f8739eae7..7c07635cad 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.0.29
-+
-+- Soap:
-+  . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
-+    bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
-+
- Backported from 8.0.28
- 
- - Core:
-diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
-index ee3dcbdc9a..e3a9afdbe9 100644
---- a/ext/soap/php_http.c
-+++ b/ext/soap/php_http.c
-@@ -666,18 +666,23 @@ int make_http_soap_request(zval        *this_ptr,
- 			if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
- 				if (Z_TYPE_P(digest) == IS_ARRAY) {
- 					char          HA1[33], HA2[33], response[33], cnonce[33], nc[9];
--					zend_long     nonce;
-+					unsigned char nonce[16];
- 					PHP_MD5_CTX   md5ctx;
- 					unsigned char hash[16];
- 
--					php_random_bytes_throw(&nonce, sizeof(nonce));
--					nonce &= 0x7fffffff;
-+					if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
-+						ZEND_ASSERT(EG(exception));
-+						php_stream_close(stream);
-+						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
-+						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
-+						zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
-+						smart_str_free(&soap_headers_z);
-+						smart_str_free(&soap_headers);
-+						return FALSE;
-+					}
- 
--					PHP_MD5Init(&md5ctx);
--					snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
--					PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
--					PHP_MD5Final(hash, &md5ctx);
--					make_digest(cnonce, hash);
-+					php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
-+					cnonce[32] = 0;
- 
- 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
- 					    Z_TYPE_P(tmp) == IS_LONG) {
-From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 6 Jun 2023 18:05:22 +0200
-Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex
-
----
- ext/soap/php_http.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
-index e3a9afdbe9f..912b8e341d8 100644
---- a/ext/soap/php_http.c
-+++ b/ext/soap/php_http.c
-@@ -22,6 +22,7 @@
- #include "ext/standard/base64.h"
- #include "ext/standard/md5.h"
- #include "ext/standard/php_random.h"
-+#include "ext/hash/php_hash.h"
- 
- static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
- static char *get_http_header_value(char *headers, char *type);
--- 
-2.40.1
-
-From f3021d66d7bb42d2578530cc94f9bde47e58eb10 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 15 Jun 2023 08:47:55 +0200
-Subject: [PATCH] add cve
-
----
- NEWS | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/NEWS b/NEWS
-index 7c07635cade..899644b3d63 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,7 +5,8 @@ Backported from 8.0.29
- 
- - Soap:
-   . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
--    bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
-+    bytes in HTTP Digest authentication for SOAP).
-+    (CVE-2023-3247) (nielsdos, timwolla)
- 
- Backported from 8.0.28
- 
--- 
-2.40.1
-

SOURCES/php-cve-2023-3823.patch

@@ -1,89 +0,0 @@
-From c398fe98c044c8e7c23135acdc38d4ef7bedc983 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Mon, 10 Jul 2023 13:25:34 +0200
-Subject: [PATCH 1/4] Fix buffer mismanagement in phar_dir_read()
-
-Fixes GHSA-jqcx-ccgc-xwhv.
-
-(cherry picked from commit 80316123f3e9dcce8ac419bd9dd43546e2ccb5ef)
----
- ext/phar/dirstream.c                    | 15 ++++++++------
- ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt | 27 +++++++++++++++++++++++++
- 2 files changed, 36 insertions(+), 6 deletions(-)
- create mode 100644 ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt
-
-diff --git a/ext/phar/dirstream.c b/ext/phar/dirstream.c
-index 4710703c70e..490b14528f1 100644
---- a/ext/phar/dirstream.c
-+++ b/ext/phar/dirstream.c
-@@ -91,25 +91,28 @@ static int phar_dir_seek(php_stream *stream, zend_off_t offset, int whence, zend
-  */
- static ssize_t phar_dir_read(php_stream *stream, char *buf, size_t count) /* {{{ */
- {
--	size_t to_read;
- 	HashTable *data = (HashTable *)stream->abstract;
- 	zend_string *str_key;
- 	zend_ulong unused;
- 
-+	if (count != sizeof(php_stream_dirent)) {
-+		return -1;
-+	}
-+
- 	if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key(data, &str_key, &unused)) {
- 		return 0;
- 	}
- 
- 	zend_hash_move_forward(data);
--	to_read = MIN(ZSTR_LEN(str_key), count);
- 
--	if (to_read == 0 || count < ZSTR_LEN(str_key)) {
-+	php_stream_dirent *dirent = (php_stream_dirent *) buf;
-+
-+	if (sizeof(dirent->d_name) <= ZSTR_LEN(str_key)) {
- 		return 0;
- 	}
- 
--	memset(buf, 0, sizeof(php_stream_dirent));
--	memcpy(((php_stream_dirent *) buf)->d_name, ZSTR_VAL(str_key), to_read);
--	((php_stream_dirent *) buf)->d_name[to_read + 1] = '\0';
-+	memset(dirent, 0, sizeof(php_stream_dirent));
-+	PHP_STRLCPY(dirent->d_name, ZSTR_VAL(str_key), sizeof(dirent->d_name), ZSTR_LEN(str_key));
- 
- 	return sizeof(php_stream_dirent);
- }
-diff --git a/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt b/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt
-new file mode 100644
-index 00000000000..4e12f05fb62
---- /dev/null
-+++ b/ext/phar/tests/GHSA-jqcx-ccgc-xwhv.phpt
-@@ -0,0 +1,27 @@
-+--TEST--
-+GHSA-jqcx-ccgc-xwhv (Buffer overflow and overread in phar_dir_read())
-+--SKIPIF--
-+<?php if (!extension_loaded("phar")) die("skip"); ?>
-+--INI--
-+phar.readonly=0
-+--FILE--
-+<?php
-+$phar = new Phar(__DIR__. '/GHSA-jqcx-ccgc-xwhv.phar');
-+$phar->startBuffering();
-+$phar->addFromString(str_repeat('A', PHP_MAXPATHLEN - 1), 'This is the content of file 1.');
-+$phar->addFromString(str_repeat('B', PHP_MAXPATHLEN - 1).'C', 'This is the content of file 2.');
-+$phar->stopBuffering();
-+
-+$handle = opendir('phar://' . __DIR__ . '/GHSA-jqcx-ccgc-xwhv.phar');
-+var_dump(strlen(readdir($handle)));
-+// Must not be a string of length PHP_MAXPATHLEN+1
-+var_dump(readdir($handle));
-+closedir($handle);
-+?>
-+--CLEAN--
-+<?php
-+unlink(__DIR__. '/GHSA-jqcx-ccgc-xwhv.phar');
-+?>
-+--EXPECTF--
-+int(%d)
-+bool(false)
--- 
-2.41.0
-

SOURCES/php-cve-2023-3824.patch

@@ -1,644 +0,0 @@
-From b3758bd21223b97c042cae7bd26a66cde081ea98 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sat, 15 Jul 2023 17:33:52 +0200
-Subject: [PATCH 2/4] Sanitize libxml2 globals before parsing
-
-Fixes GHSA-3qrf-m4j2-pcrr.
-
-To parse a document with libxml2, you first need to create a parsing context.
-The parsing context contains parsing options (e.g. XML_NOENT to substitute
-entities) that the application (in this case PHP) can set.
-Unfortunately, libxml2 also supports providing default set options.
-For example, if you call xmlSubstituteEntitiesDefault(1) then the XML_NOENT
-option will be added to the parsing options every time you create a parsing
-context **even if the application never requested XML_NOENT**.
-
-Third party extensions can override these globals, in particular the
-substitute entity global. This causes entity substitution to be
-unexpectedly active.
-
-Fix it by setting the parsing options to a sane known value.
-For API calls that depend on global state we introduce
-PHP_LIBXML_SANITIZE_GLOBALS() and PHP_LIBXML_RESTORE_GLOBALS().
-For other APIs that work directly with a context we introduce
-php_libxml_sanitize_parse_ctxt_options().
-
-(cherry picked from commit c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975)
----
- ext/dom/document.c                            | 15 ++++++++
- ext/dom/documentfragment.c                    |  2 ++
- ...xml_global_state_entity_loader_bypass.phpt | 36 +++++++++++++++++++
- ext/libxml/php_libxml.h                       | 36 +++++++++++++++++++
- ext/simplexml/simplexml.c                     |  6 ++++
- ...xml_global_state_entity_loader_bypass.phpt | 36 +++++++++++++++++++
- ext/soap/php_xml.c                            |  2 ++
- ext/xml/compat.c                              |  2 ++
- ext/xmlreader/php_xmlreader.c                 |  9 +++++
- ...xml_global_state_entity_loader_bypass.phpt | 35 ++++++++++++++++++
- ext/xsl/xsltprocessor.c                       |  9 +++--
- 11 files changed, 183 insertions(+), 5 deletions(-)
- create mode 100644 ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
- create mode 100644 ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
- create mode 100644 ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-
-diff --git a/ext/dom/document.c b/ext/dom/document.c
-index e683eb8f701..989b5b3dd24 100644
---- a/ext/dom/document.c
-+++ b/ext/dom/document.c
-@@ -1459,6 +1459,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
- 		options |= XML_PARSE_NOBLANKS;
- 	}
- 
-+	php_libxml_sanitize_parse_ctxt_options(ctxt);
- 	xmlCtxtUseOptions(ctxt, options);
- 
- 	ctxt->recovery = recover;
-@@ -1759,7 +1760,9 @@ PHP_FUNCTION(dom_document_xinclude)
- 
- 	DOM_GET_OBJ(docp, id, xmlDocPtr, intern);
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(xinclude);
- 	err = xmlXIncludeProcessFlags(docp, (int)flags);
-+	PHP_LIBXML_RESTORE_GLOBALS(xinclude);
- 
- 	/* XML_XINCLUDE_START and XML_XINCLUDE_END nodes need to be removed as these
- 	are added via xmlXIncludeProcess to mark beginning and ending of xincluded document
-@@ -1799,6 +1802,7 @@ PHP_FUNCTION(dom_document_validate)
- 
- 	DOM_GET_OBJ(docp, id, xmlDocPtr, intern);
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(validate);
- 	cvp = xmlNewValidCtxt();
- 
- 	cvp->userData = NULL;
-@@ -1810,6 +1814,7 @@ PHP_FUNCTION(dom_document_validate)
- 	} else {
- 		RETVAL_FALSE;
- 	}
-+	PHP_LIBXML_RESTORE_GLOBALS(validate);
- 
- 	xmlFreeValidCtxt(cvp);
- 
-@@ -1844,14 +1849,18 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type
- 
- 	DOM_GET_OBJ(docp, id, xmlDocPtr, intern);
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(new_parser_ctxt);
-+
- 	switch (type) {
- 	case DOM_LOAD_FILE:
- 		if (CHECK_NULL_PATH(source, source_len)) {
-+			PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt);
- 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
- 			RETURN_FALSE;
- 		}
- 		valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN);
- 		if (!valid_file) {
-+			PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt);
- 			php_error_docref(NULL, E_WARNING, "Invalid Schema file source");
- 			RETURN_FALSE;
- 		}
-@@ -1872,6 +1881,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type
- 		parser);
- 	sptr = xmlSchemaParse(parser);
- 	xmlSchemaFreeParserCtxt(parser);
-+	PHP_LIBXML_RESTORE_GLOBALS(new_parser_ctxt);
- 	if (!sptr) {
- 		php_error_docref(NULL, E_WARNING, "Invalid Schema");
- 		RETURN_FALSE;
-@@ -1890,11 +1900,13 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type
- 		valid_opts |= XML_SCHEMA_VAL_VC_I_CREATE;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(validate);
- 	xmlSchemaSetValidOptions(vptr, valid_opts);
- 	xmlSchemaSetValidErrors(vptr, php_libxml_error_handler, php_libxml_error_handler, vptr);
- 	is_valid = xmlSchemaValidateDoc(vptr, docp);
- 	xmlSchemaFree(sptr);
- 	xmlSchemaFreeValidCtxt(vptr);
-+	PHP_LIBXML_RESTORE_GLOBALS(validate);
- 
- 	if (is_valid == 0) {
- 		RETURN_TRUE;
-@@ -1965,12 +1977,14 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ
- 		return;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(parse);
- 	xmlRelaxNGSetParserErrors(parser,
- 		(xmlRelaxNGValidityErrorFunc) php_libxml_error_handler,
- 		(xmlRelaxNGValidityWarningFunc) php_libxml_error_handler,
- 		parser);
- 	sptr = xmlRelaxNGParse(parser);
- 	xmlRelaxNGFreeParserCtxt(parser);
-+	PHP_LIBXML_RESTORE_GLOBALS(parse);
- 	if (!sptr) {
- 		php_error_docref(NULL, E_WARNING, "Invalid RelaxNG");
- 		RETURN_FALSE;
-@@ -2069,6 +2083,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
- 		ctxt->sax->error = php_libxml_ctx_error;
- 		ctxt->sax->warning = php_libxml_ctx_warning;
- 	}
-+	php_libxml_sanitize_parse_ctxt_options(ctxt);
- 	if (options) {
- 		htmlCtxtUseOptions(ctxt, (int)options);
- 	}
-diff --git a/ext/dom/documentfragment.c b/ext/dom/documentfragment.c
-index 9b222586ac5..711c42f939d 100644
---- a/ext/dom/documentfragment.c
-+++ b/ext/dom/documentfragment.c
-@@ -131,7 +131,9 @@ PHP_METHOD(domdocumentfragment, appendXML) {
- 	}
- 
- 	if (data) {
-+		PHP_LIBXML_SANITIZE_GLOBALS(parse);
- 		err = xmlParseBalancedChunkMemory(nodep->doc, NULL, NULL, 0, (xmlChar *) data, &lst);
-+		PHP_LIBXML_RESTORE_GLOBALS(parse);
- 		if (err != 0) {
- 			RETURN_FALSE;
- 		}
-diff --git a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
-new file mode 100644
-index 00000000000..b28afd4694e
---- /dev/null
-+++ b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -0,0 +1,36 @@
-+--TEST--
-+GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
-+--SKIPIF--
-+<?php
-+if (!extension_loaded('libxml')) die('skip libxml extension not available');
-+if (!extension_loaded('dom')) die('skip dom extension not available');
-+if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+?>
-+--FILE--
-+<?php
-+
-+$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>";
-+
-+libxml_use_internal_errors(true);
-+
-+function parseXML($xml) {
-+  $doc = new DOMDocument();
-+  @$doc->loadXML($xml);
-+  $doc->createDocumentFragment()->appendXML("&bork;");
-+  foreach (libxml_get_errors() as $error) {
-+    var_dump(trim($error->message));
-+  }
-+}
-+
-+parseXML($xml);
-+zend_test_override_libxml_global_state();
-+parseXML($xml);
-+
-+echo "Done\n";
-+
-+?>
-+--EXPECT--
-+string(25) "Entity 'bork' not defined"
-+string(25) "Entity 'bork' not defined"
-+string(25) "Entity 'bork' not defined"
-+Done
-diff --git a/ext/libxml/php_libxml.h b/ext/libxml/php_libxml.h
-index cf936e95de1..92028d5703e 100644
---- a/ext/libxml/php_libxml.h
-+++ b/ext/libxml/php_libxml.h
-@@ -121,6 +121,42 @@ PHP_LIBXML_API void php_libxml_shutdown(void);
- ZEND_TSRMLS_CACHE_EXTERN()
- #endif
- 
-+/* Other extension may override the global state options, these global options
-+ * are copied initially to ctxt->options. Set the options to a known good value.
-+ * See libxml2 globals.c and parserInternals.c.
-+ * The unique_name argument allows multiple sanitizes and restores within the
-+ * same function, even nested is necessary. */
-+#define PHP_LIBXML_SANITIZE_GLOBALS(unique_name) \
-+	int xml_old_loadsubset_##unique_name = xmlLoadExtDtdDefaultValue; \
-+	xmlLoadExtDtdDefaultValue = 0; \
-+	int xml_old_validate_##unique_name = xmlDoValidityCheckingDefaultValue; \
-+	xmlDoValidityCheckingDefaultValue = 0; \
-+	int xml_old_pedantic_##unique_name = xmlPedanticParserDefault(0); \
-+	int xml_old_substitute_##unique_name = xmlSubstituteEntitiesDefault(0); \
-+	int xml_old_linenrs_##unique_name = xmlLineNumbersDefault(0); \
-+	int xml_old_blanks_##unique_name = xmlKeepBlanksDefault(1);
-+
-+#define PHP_LIBXML_RESTORE_GLOBALS(unique_name) \
-+	xmlLoadExtDtdDefaultValue = xml_old_loadsubset_##unique_name; \
-+	xmlDoValidityCheckingDefaultValue = xml_old_validate_##unique_name; \
-+	(void) xmlPedanticParserDefault(xml_old_pedantic_##unique_name); \
-+	(void) xmlSubstituteEntitiesDefault(xml_old_substitute_##unique_name); \
-+	(void) xmlLineNumbersDefault(xml_old_linenrs_##unique_name); \
-+	(void) xmlKeepBlanksDefault(xml_old_blanks_##unique_name);
-+
-+/* Alternative for above, working directly on the context and not setting globals.
-+ * Generally faster because no locking is involved, and this has the advantage that it sets the options to a known good value. */
-+static zend_always_inline void php_libxml_sanitize_parse_ctxt_options(xmlParserCtxtPtr ctxt)
-+{
-+	ctxt->loadsubset = 0;
-+	ctxt->validate = 0;
-+	ctxt->pedantic = 0;
-+	ctxt->replaceEntities = 0;
-+	ctxt->linenumbers = 0;
-+	ctxt->keepBlanks = 1;
-+	ctxt->options = 0;
-+}
-+
- #else /* HAVE_LIBXML */
- #define libxml_module_ptr NULL
- #endif
-diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
-index 2cdff0e648d..101a9d8fd8c 100644
---- a/ext/simplexml/simplexml.c
-+++ b/ext/simplexml/simplexml.c
-@@ -2194,7 +2194,9 @@ PHP_FUNCTION(simplexml_load_file)
- 		RETURN_FALSE;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(read_file);
- 	docp = xmlReadFile(filename, NULL, (int)options);
-+	PHP_LIBXML_RESTORE_GLOBALS(read_file);
- 
- 	if (!docp) {
- 		RETURN_FALSE;
-@@ -2248,7 +2250,9 @@ PHP_FUNCTION(simplexml_load_string)
- 		RETURN_FALSE;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(read_memory);
- 	docp = xmlReadMemory(data, (int)data_len, NULL, NULL, (int)options);
-+	PHP_LIBXML_RESTORE_GLOBALS(read_memory);
- 
- 	if (!docp) {
- 		RETURN_FALSE;
-@@ -2298,7 +2302,9 @@ SXE_METHOD(__construct)
- 		return;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(read_file_or_memory);
- 	docp = is_url ? xmlReadFile(data, NULL, (int)options) : xmlReadMemory(data, (int)data_len, NULL, NULL, (int)options);
-+	PHP_LIBXML_RESTORE_GLOBALS(read_file_or_memory);
- 
- 	if (!docp) {
- 		((php_libxml_node_object *)sxe)->document = NULL;
-diff --git a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
-new file mode 100644
-index 00000000000..2152e012328
---- /dev/null
-+++ b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -0,0 +1,36 @@
-+--TEST--
-+GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
-+--SKIPIF--
-+<?php
-+if (!extension_loaded('libxml')) die('skip libxml extension not available');
-+if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
-+if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+?>
-+--FILE--
-+<?php
-+
-+$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>";
-+
-+libxml_use_internal_errors(true);
-+zend_test_override_libxml_global_state();
-+
-+echo "--- String test ---\n";
-+simplexml_load_string($xml);
-+echo "--- Constructor test ---\n";
-+new SimpleXMLElement($xml);
-+echo "--- File test ---\n";
-+file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml);
-+simplexml_load_file("libxml_global_state_entity_loader_bypass.tmp");
-+
-+echo "Done\n";
-+
-+?>
-+--CLEAN--
-+<?php
-+@unlink("libxml_global_state_entity_loader_bypass.tmp");
-+?>
-+--EXPECT--
-+--- String test ---
-+--- Constructor test ---
-+--- File test ---
-+Done
-diff --git a/ext/soap/php_xml.c b/ext/soap/php_xml.c
-index 18a266179b7..1bb7fa00a37 100644
---- a/ext/soap/php_xml.c
-+++ b/ext/soap/php_xml.c
-@@ -93,6 +93,7 @@ xmlDocPtr soap_xmlParseFile(const char *filename)
- 	if (ctxt) {
- 		zend_bool old;
- 
-+		php_libxml_sanitize_parse_ctxt_options(ctxt);
- 		ctxt->keepBlanks = 0;
- 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- 		ctxt->sax->comment = soap_Comment;
-@@ -141,6 +142,7 @@ xmlDocPtr soap_xmlParseMemory(const void *buf, size_t buf_size)
- 	if (ctxt) {
- 		zend_bool old;
- 
-+		php_libxml_sanitize_parse_ctxt_options(ctxt);
- 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- 		ctxt->sax->comment = soap_Comment;
- 		ctxt->sax->warning = NULL;
-diff --git a/ext/xml/compat.c b/ext/xml/compat.c
-index fc4525650fc..57eb00dd429 100644
---- a/ext/xml/compat.c
-+++ b/ext/xml/compat.c
-@@ -19,6 +19,7 @@
- #include "php.h"
- #if defined(HAVE_LIBXML) && (defined(HAVE_XML) || defined(HAVE_XMLRPC)) && !defined(HAVE_LIBEXPAT)
- #include "expat_compat.h"
-+#include "ext/libxml/php_libxml.h"
- 
- typedef struct _php_xml_ns {
- 	xmlNsPtr nsptr;
-@@ -471,6 +472,7 @@ XML_ParserCreate_MM(const XML_Char *encoding, const XML_Memory_Handling_Suite *m
- 		return NULL;
- 	}
- 
-+	php_libxml_sanitize_parse_ctxt_options(parser->parser);
- 	xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX);
- 
- 	parser->parser->replaceEntities = 1;
-diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
-index ecc81ad1470..51d6bb9c9f2 100644
---- a/ext/xmlreader/php_xmlreader.c
-+++ b/ext/xmlreader/php_xmlreader.c
-@@ -304,6 +304,7 @@ static xmlRelaxNGPtr _xmlreader_get_relaxNG(char *source, size_t source_len, siz
- 		return NULL;
- 	}
- 
-+	PHP_LIBXML_SANITIZE_GLOBALS(parse);
- 	if (error_func || warn_func) {
- 		xmlRelaxNGSetParserErrors(parser,
- 			(xmlRelaxNGValidityErrorFunc) error_func,
-@@ -312,6 +313,7 @@ static xmlRelaxNGPtr _xmlreader_get_relaxNG(char *source, size_t source_len, siz
- 	}
- 	sptr = xmlRelaxNGParse(parser);
- 	xmlRelaxNGFreeParserCtxt(parser);
-+	PHP_LIBXML_RESTORE_GLOBALS(parse);
- 
- 	return sptr;
- }
-@@ -881,7 +883,9 @@ PHP_METHOD(xmlreader, open)
- 	valid_file = _xmlreader_get_valid_file_path(source, resolved_path, MAXPATHLEN );
- 
- 	if (valid_file) {
-+		PHP_LIBXML_SANITIZE_GLOBALS(reader_for_file);
- 		reader = xmlReaderForFile(valid_file, encoding, options);
-+		PHP_LIBXML_RESTORE_GLOBALS(reader_for_file);
- 	}
- 
- 	if (reader == NULL) {
-@@ -958,7 +962,9 @@ PHP_METHOD(xmlreader, setSchema)
- 
- 	intern = Z_XMLREADER_P(id);
- 	if (intern && intern->ptr) {
-+		PHP_LIBXML_SANITIZE_GLOBALS(schema);
- 		retval = xmlTextReaderSchemaValidate(intern->ptr, source);
-+		PHP_LIBXML_RESTORE_GLOBALS(schema);
- 
- 		if (retval == 0) {
- 			RETURN_TRUE;
-@@ -1082,6 +1088,7 @@ PHP_METHOD(xmlreader, XML)
- 			}
- 			uri = (char *) xmlCanonicPath((const xmlChar *) resolved_path);
- 		}
-+		PHP_LIBXML_SANITIZE_GLOBALS(text_reader);
- 		reader = xmlNewTextReader(inputbfr, uri);
- 
- 		if (reader != NULL) {
-@@ -1100,9 +1107,11 @@ PHP_METHOD(xmlreader, XML)
- 					xmlFree(uri);
- 				}
- 
-+				PHP_LIBXML_RESTORE_GLOBALS(text_reader);
- 				return;
- 			}
- 		}
-+		PHP_LIBXML_RESTORE_GLOBALS(text_reader);
- 	}
- 
- 	if (uri) {
-diff --git a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-new file mode 100644
-index 00000000000..e9ffb04c2bb
---- /dev/null
-+++ b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -0,0 +1,35 @@
-+--TEST--
-+GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
-+--SKIPIF--
-+<?php
-+if (!extension_loaded('libxml')) die('skip libxml extension not available');
-+if (!extension_loaded('xmlreader')) die('skip xmlreader extension not available');
-+if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+?>
-+--FILE--
-+<?php
-+
-+$xml = "<?xml version='1.0'?><!DOCTYPE root [<!ENTITY % bork SYSTEM \"php://nope\"> %bork;]><nothing/>";
-+
-+libxml_use_internal_errors(true);
-+zend_test_override_libxml_global_state();
-+
-+echo "--- String test ---\n";
-+$reader = XMLReader::xml($xml);
-+$reader->read();
-+echo "--- File test ---\n";
-+file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml);
-+$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp");
-+$reader->read();
-+
-+echo "Done\n";
-+
-+?>
-+--CLEAN--
-+<?php
-+@unlink("libxml_global_state_entity_loader_bypass.tmp");
-+?>
-+--EXPECT--
-+--- String test ---
-+--- File test ---
-+Done
-diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c
-index 079920d0ffa..2d95b2ff4bb 100644
---- a/ext/xsl/xsltprocessor.c
-+++ b/ext/xsl/xsltprocessor.c
-@@ -398,7 +398,7 @@ PHP_FUNCTION(xsl_xsltprocessor_import_stylesheet)
- 	xmlDoc *doc = NULL, *newdoc = NULL;
- 	xsltStylesheetPtr sheetp, oldsheetp;
- 	xsl_object *intern;
--	int prevSubstValue, prevExtDtdValue, clone_docu = 0;
-+	int clone_docu = 0;
- 	xmlNode *nodep = NULL;
- 	zval *cloneDocu, member, rv;
- 
-@@ -421,13 +421,12 @@ PHP_FUNCTION(xsl_xsltprocessor_import_stylesheet)
- 	stylesheet document otherwise the node proxies will be a mess */
- 	newdoc = xmlCopyDoc(doc, 1);
- 	xmlNodeSetBase((xmlNodePtr) newdoc, (xmlChar *)doc->URL);
--	prevSubstValue = xmlSubstituteEntitiesDefault(1);
--	prevExtDtdValue = xmlLoadExtDtdDefaultValue;
-+	PHP_LIBXML_SANITIZE_GLOBALS(parse);
-+	xmlSubstituteEntitiesDefault(1);
- 	xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
- 
- 	sheetp = xsltParseStylesheetDoc(newdoc);
--	xmlSubstituteEntitiesDefault(prevSubstValue);
--	xmlLoadExtDtdDefaultValue = prevExtDtdValue;
-+	PHP_LIBXML_RESTORE_GLOBALS(parse);
- 
- 	if (!sheetp) {
- 		xmlFreeDoc(newdoc);
--- 
-2.41.0
-
-From ef1d507acf7be23d7624dc3c891683b2218feb51 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 1 Aug 2023 07:22:33 +0200
-Subject: [PATCH 3/4] NEWS
-
----
- NEWS | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 899644b3d63..4f88029a7d6 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,16 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.0.30
-+
-+- Libxml:
-+  . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
-+    in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
-+
-+- Phar:
-+  . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
-+    (CVE-2023-3824) (nielsdos)
-+
- Backported from 8.0.29
- 
- - Soap:
--- 
-2.41.0
-
-From 24e669e790e6aebd219c9a9fa19017455c8646b4 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 1 Aug 2023 07:37:25 +0200
-Subject: [PATCH 4/4] backport zend_test changes
- (zend_test_override_libxml_global_state)
-
----
- ...xml_global_state_entity_loader_bypass.phpt |  1 +
- ...xml_global_state_entity_loader_bypass.phpt |  1 +
- ...xml_global_state_entity_loader_bypass.phpt |  5 +++--
- ext/zend_test/test.c                          | 22 +++++++++++++++++++
- 4 files changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
-index b28afd4694e..7fc2a249ac7 100644
---- a/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
-+++ b/ext/dom/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
- if (!extension_loaded('libxml')) die('skip libxml extension not available');
- if (!extension_loaded('dom')) die('skip dom extension not available');
- if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows');
- ?>
- --FILE--
- <?php
-diff --git a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
-index 2152e012328..54f9d4941eb 100644
---- a/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
-+++ b/ext/simplexml/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
- if (!extension_loaded('libxml')) die('skip libxml extension not available');
- if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
- if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows');
- ?>
- --FILE--
- <?php
-diff --git a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-index e9ffb04c2bb..b0120b325ef 100644
---- a/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-+++ b/ext/xmlreader/tests/libxml_global_state_entity_loader_bypass.phpt
-@@ -5,6 +5,7 @@ GHSA-3qrf-m4j2-pcrr (libxml global state entity loader bypass)
- if (!extension_loaded('libxml')) die('skip libxml extension not available');
- if (!extension_loaded('xmlreader')) die('skip xmlreader extension not available');
- if (!extension_loaded('zend-test')) die('skip zend-test extension not available');
-+if (!function_exists('zend_test_override_libxml_global_state')) die('skip not for Windows');
- ?>
- --FILE--
- <?php
-@@ -15,11 +16,11 @@ libxml_use_internal_errors(true);
- zend_test_override_libxml_global_state();
- 
- echo "--- String test ---\n";
--$reader = XMLReader::xml($xml);
-+$reader = @XMLReader::xml($xml);
- $reader->read();
- echo "--- File test ---\n";
- file_put_contents("libxml_global_state_entity_loader_bypass.tmp", $xml);
--$reader = XMLReader::open("libxml_global_state_entity_loader_bypass.tmp");
-+$reader = @XMLReader::open("libxml_global_state_entity_loader_bypass.tmp");
- $reader->read();
- 
- echo "Done\n";
-diff --git a/ext/zend_test/test.c b/ext/zend_test/test.c
-index 4f81adc6ac1..cdfc15571c0 100644
---- a/ext/zend_test/test.c
-+++ b/ext/zend_test/test.c
-@@ -25,6 +25,11 @@
- #include "ext/standard/info.h"
- #include "php_test.h"
- 
-+#if defined(HAVE_LIBXML) && !defined(PHP_WIN32)
-+# include <libxml/globals.h>
-+# include <libxml/parser.h>
-+#endif
-+
- static zend_class_entry *zend_test_interface;
- static zend_class_entry *zend_test_class;
- static zend_class_entry *zend_test_child_class;
-@@ -48,6 +53,20 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_zend_leak_variable, 0, 0, 1)
- 	ZEND_ARG_INFO(0, variable)
- ZEND_END_ARG_INFO()
- 
-+#if defined(HAVE_LIBXML) && !defined(PHP_WIN32)
-+static ZEND_FUNCTION(zend_test_override_libxml_global_state)
-+{
-+	ZEND_PARSE_PARAMETERS_NONE();
-+
-+	xmlLoadExtDtdDefaultValue = 1;
-+	xmlDoValidityCheckingDefaultValue = 1;
-+	(void) xmlPedanticParserDefault(1);
-+	(void) xmlSubstituteEntitiesDefault(1);
-+	(void) xmlLineNumbersDefault(1);
-+	(void) xmlKeepBlanksDefault(0);
-+}
-+#endif
-+
- ZEND_FUNCTION(zend_test_func)
- {
- 	/* dummy */
-@@ -297,6 +316,9 @@ static const zend_function_entry zend_test_functions[] = {
- 	ZEND_FE(zend_terminate_string, arginfo_zend_terminate_string)
- 	ZEND_FE(zend_leak_bytes, NULL)
- 	ZEND_FE(zend_leak_variable, arginfo_zend_leak_variable)
-+#if defined(HAVE_LIBXML) && !defined(PHP_WIN32)
-+	ZEND_FE(zend_test_override_libxml_global_state, NULL)
-+#endif
- 	ZEND_FE_END
- };
- 
--- 
-2.41.0
-

SOURCES/php-cve-2024-2756.patch

@@ -1,193 +0,0 @@
-From a6c1c62a25ac23b08a86af11d68f0e2eaafc102b Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sun, 17 Mar 2024 21:04:47 +0100
-Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass
- due to partial CVE-2022-31629 fix
-
-The check happened too early as later code paths may perform more
-mangling rules. Move the check downwards right before adding the actual
-variable.
-
-(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53)
-(cherry picked from commit 2e07a3acd7a6b53c55325b94bed97748d7697b53)
----
- ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++
- main/php_variables.c                        | 41 +++++++++-----
- 2 files changed, 90 insertions(+), 14 deletions(-)
- create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-
-diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-new file mode 100644
-index 00000000000..77fcb680894
---- /dev/null
-+++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-@@ -0,0 +1,63 @@
-+--TEST--
-+ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix)
-+--COOKIE--
-+..Host-test=ignore_1;
-+._Host-test=ignore_2;
-+.[Host-test=ignore_3;
-+_.Host-test=ignore_4;
-+__Host-test=ignore_5;
-+_[Host-test=ignore_6;
-+[.Host-test=ignore_7;
-+[_Host-test=ignore_8;
-+[[Host-test=ignore_9;
-+..Host-test[]=ignore_10;
-+._Host-test[]=ignore_11;
-+.[Host-test[]=ignore_12;
-+_.Host-test[]=ignore_13;
-+__Host-test[]=legitimate_14;
-+_[Host-test[]=legitimate_15;
-+[.Host-test[]=ignore_16;
-+[_Host-test[]=ignore_17;
-+[[Host-test[]=ignore_18;
-+..Secure-test=ignore_1;
-+._Secure-test=ignore_2;
-+.[Secure-test=ignore_3;
-+_.Secure-test=ignore_4;
-+__Secure-test=ignore_5;
-+_[Secure-test=ignore_6;
-+[.Secure-test=ignore_7;
-+[_Secure-test=ignore_8;
-+[[Secure-test=ignore_9;
-+..Secure-test[]=ignore_10;
-+._Secure-test[]=ignore_11;
-+.[Secure-test[]=ignore_12;
-+_.Secure-test[]=ignore_13;
-+__Secure-test[]=legitimate_14;
-+_[Secure-test[]=legitimate_15;
-+[.Secure-test[]=ignore_16;
-+[_Secure-test[]=ignore_17;
-+[[Secure-test[]=ignore_18;
-+--FILE--
-+<?php
-+var_dump($_COOKIE);
-+?>
-+--EXPECT--
-+array(3) {
-+  ["__Host-test"]=>
-+  array(1) {
-+    [0]=>
-+    string(13) "legitimate_14"
-+  }
-+  ["_"]=>
-+  array(2) {
-+    ["Host-test["]=>
-+    string(13) "legitimate_15"
-+    ["Secure-test["]=>
-+    string(13) "legitimate_15"
-+  }
-+  ["__Secure-test"]=>
-+  array(1) {
-+    [0]=>
-+    string(13) "legitimate_14"
-+  }
-+}
-diff --git a/main/php_variables.c b/main/php_variables.c
-index 18f6b65a6c5..e971d497337 100644
---- a/main/php_variables.c
-+++ b/main/php_variables.c
-@@ -65,6 +65,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz
- 	zend_string_release_ex(key, 0);
- }
- 
-+/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host-
-+ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
-+static zend_bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name)
-+{
-+	if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) {
-+		return 1;
-+	}
-+
-+	if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
-+		return 1;
-+	}
-+
-+	return 0;
-+}
-+
- PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array)
- {
- 	char *p = NULL;
-@@ -115,20 +130,6 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
- 	}
- 	var_len = p - var;
- 
--	/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
--	if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
--		zval_ptr_dtor_nogc(val);
--		free_alloca(var_orig, use_heap);
--		return;
--	}
--
--	/* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
--	if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
--		zval_ptr_dtor_nogc(val);
--		free_alloca(var_orig, use_heap);
--		return;
--	}
--
- 	if (var_len==0) { /* empty variable name, or variable name with a space in it */
- 		zval_ptr_dtor_nogc(val);
- 		free_alloca(var_orig, use_heap);
-@@ -226,6 +227,12 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
- 					return;
- 				}
- 			} else {
-+				if (php_is_forbidden_variable_name(index, index_len, var_name)) {
-+					zval_ptr_dtor_nogc(val);
-+					free_alloca(var_orig, use_heap);
-+					return;
-+				}
-+
- 				gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
- 				if (!gpc_element_p) {
- 					zval tmp;
-@@ -263,6 +270,12 @@ plain_var:
- 				zval_ptr_dtor_nogc(val);
- 			}
- 		} else {
-+			if (php_is_forbidden_variable_name(index, index_len, var_name)) {
-+				zval_ptr_dtor_nogc(val);
-+				free_alloca(var_orig, use_heap);
-+				return;
-+			}
-+
- 			zend_ulong idx;
- 
- 			/*
--- 
-2.44.0
-
-From dcdd49ef3bfbd8ccc778850d6a0f9b98adf625d4 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 10 Apr 2024 08:59:32 +0200
-Subject: [PATCH 2/4] NEWS
-
-(cherry picked from commit 366cc249b7d54707572beb7096e8f6c65ee79719)
----
- NEWS | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 4f88029a7d6..d63aadc6851 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.28
-+
-+- Standard:
-+  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
-+    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
-+
- Backported from 8.0.30
- 
- - Libxml:
--- 
-2.44.0
-

SOURCES/php-cve-2024-3096.patch

@@ -1,81 +0,0 @@
-From 4a7ceb9d6427f8d368f1a8739267b1f8310ec201 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Fri, 29 Mar 2024 15:27:59 +0000
-Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can
- erroneously return true
-
-Disallow null character in bcrypt password
-
-(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826)
-(cherry picked from commit 81794c73068d9a44bf109bbcc9793e7b56a1c051)
----
- ext/standard/password.c                                 | 5 +++++
- ext/standard/tests/password/password_bcrypt_errors.phpt | 6 ++++++
- 2 files changed, 11 insertions(+)
-
-diff --git a/ext/standard/password.c b/ext/standard/password.c
-index 9fe7fb1a422..af80670246a 100644
---- a/ext/standard/password.c
-+++ b/ext/standard/password.c
-@@ -260,6 +260,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
- 	zval *zcost;
- 	zend_long cost = PHP_PASSWORD_BCRYPT_COST;
- 
-+	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
-+		php_error_docref(NULL, E_WARNING, "Bcrypt password must not contain null character");
-+		return NULL;
-+	}
-+
- 	if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
- 		cost = zval_get_long(zcost);
- 	}
-diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
-index a0826080e62..f95b72670ae 100644
---- a/ext/standard/tests/password/password_bcrypt_errors.phpt
-+++ b/ext/standard/tests/password/password_bcrypt_errors.phpt
-@@ -16,6 +16,8 @@ var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => 123)));
- 
- var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => "foo")));
- 
-+var_dump(password_hash("null\0password", PASSWORD_BCRYPT));
-+
- ?>
- --EXPECTF--
- Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d
-@@ -41,3 +43,7 @@ NULL
- 
- Warning: password_hash(): Invalid bcrypt cost parameter specified: 0 in %s on line %d
- NULL
-+
-+Warning: password_hash(): Bcrypt password must not contain null character in %s on line %d
-+NULL
-+
--- 
-2.44.0
-
-From 027bdbc636632be49ecfad8d4191509faacb34ac Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 10 Apr 2024 09:01:09 +0200
-Subject: [PATCH 4/4] NEWS
-
-(cherry picked from commit 24f77904ee2259d722559f129f96a1f145a2367b)
----
- NEWS | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index d63aadc6851..96a33c21637 100644
---- a/NEWS
-+++ b/NEWS
-@@ -6,6 +6,8 @@ Backported from 8.1.28
- - Standard:
-   . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
-     partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
-+  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
-+    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
- 
- Backported from 8.0.30
- 
--- 
-2.44.0
-

SOURCES/php-cve-2024-5458.patch

@@ -1,180 +0,0 @@
-From 08be64e40197fc12dca5f802d16748d9c3cb4cb4 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Wed, 22 May 2024 22:25:02 +0200
-Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w
-
-We should not early-out with success status if we found an ipv6
-hostname, we should keep checking the rest of the conditions.
-Because integrating the if-check of the ipv6 hostname in the
-"Validate domain" if-check made the code hard to read, I extracted the
-condition out to a separate function. This also required to make
-a few pointers const in order to have some clean code.
-
-(cherry picked from commit 4066610b47e22c24cbee91be434a94357056a479)
----
- ext/filter/logical_filters.c              | 35 ++++++++++---------
- ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++
- 2 files changed, 61 insertions(+), 15 deletions(-)
- create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-
-diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
-index e5e87c01568..9c86ad072cc 100644
---- a/ext/filter/logical_filters.c
-+++ b/ext/filter/logical_filters.c
-@@ -91,7 +91,7 @@
- #define FORMAT_IPV4    4
- #define FORMAT_IPV6    6
- 
--static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]);
-+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]);
- 
- static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */
- 	zend_long ctx_value;
-@@ -571,6 +571,14 @@ static int is_userinfo_valid(zend_string *str)
- 	return 1;
- }
- 
-+static zend_bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l)
-+{
-+	const char *e = s + l;
-+	const char *t = e - 1;
-+
-+	return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL);
-+}
-+
- void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- 	php_url *url;
-@@ -596,7 +604,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- 
- 	if (url->scheme != NULL &&
- 		(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
--		char *e, *s, *t;
-+		const char *s;
- 		size_t l;
- 
- 		if (url->host == NULL) {
-@@ -605,17 +613,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- 
- 		s = ZSTR_VAL(url->host);
- 		l = ZSTR_LEN(url->host);
--		e = s + l;
--		t = e - 1;
--
--		/* An IPv6 enclosed by square brackets is a valid hostname */
--		if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) {
--			php_url_free(url);
--			return;
--		}
- 
--		// Validate domain
--		if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
-+		if (
-+			/* An IPv6 enclosed by square brackets is a valid hostname.*/
-+			!php_filter_is_valid_ipv6_hostname(s, l) &&
-+			/* Validate domain.
-+			 * This includes a loose check for an IPv4 address. */
-+			!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)
-+		) {
- 			php_url_free(url);
- 			RETURN_VALIDATION_FAILED
- 		}
-@@ -749,15 +754,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{
- }
- /* }}} */
- 
--static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */
-+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */
- {
- 	int compressed_pos = -1;
- 	int blocks = 0;
- 	int num, n, i;
- 	char *ipv4;
--	char *end;
-+	const char *end;
- 	int ip4elm[4];
--	char *s = str;
-+	const char *s = str;
- 
- 	if (!memchr(str, ':', str_len)) {
- 		return 0;
-diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-new file mode 100644
-index 00000000000..0092408ee5a
---- /dev/null
-+++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-@@ -0,0 +1,41 @@
-+--TEST--
-+GHSA-w8qr-v226-r27w
-+--EXTENSIONS--
-+filter
-+--FILE--
-+<?php
-+
-+function test(string $input) {
-+    var_dump(filter_var($input, FILTER_VALIDATE_URL));
-+}
-+
-+echo "--- These ones should fail ---\n";
-+test("http://t[est@127.0.0.1");
-+test("http://t[est@[::1]");
-+test("http://t[est@[::1");
-+test("http://t[est@::1]");
-+test("http://php.net\\@aliyun.com/aaa.do");
-+test("http://test[@2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4");
-+
-+echo "--- These ones should work ---\n";
-+test("http://test@127.0.0.1");
-+test("http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://test@[::1]");
-+
-+?>
-+--EXPECT--
-+--- These ones should fail ---
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+--- These ones should work ---
-+string(21) "http://test@127.0.0.1"
-+string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]"
-+string(17) "http://test@[::1]"
--- 
-2.45.1
-
-From ec1d5e6468479e64acc7fb8cb955f053b64ea9a0 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 4 Jun 2024 16:48:08 +0200
-Subject: [PATCH 2/2] NEWS
-
-(cherry picked from commit a1ff81b786bd519597e770795be114f5171f0648)
----
- NEWS | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 8058eff0256..34ad33cf5c4 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.29
-+
-+- Filter:
-+  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
-+    (CVE-2024-5458) (nielsdos)
-+
- Backported from 8.1.28
- 
- - Standard:
--- 
-2.45.1
-

SOURCES/php-cve-2024-8925.patch

@@ -1,227 +0,0 @@
-From a24ac172f52e75101913f3946cfa5515f723c99f Mon Sep 17 00:00:00 2001
-From: Arnaud Le Blanc <arnaud.lb@gmail.com>
-Date: Mon, 9 Sep 2024 15:22:07 +0200
-Subject: [PATCH 04/11] Fix GHSA-9pqp-7h25-4f32
-
-multipart/form-data boundaries larger than the read buffer result in erroneous
-parsing, which violates data integrity.
-
-Limit boundary size, as allowed by RFC 1521:
-
-    Encapsulation boundaries [...] must be no longer than 70 characters, not
-    counting the two leading hyphens.
-
-We correctly parse payloads with boundaries of length up to
-FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.
-
-(cherry picked from commit 19b49258d0c5a61398d395d8afde1123e8d161e0)
-(cherry picked from commit 2b0daf421c162376892832588eccdfa9a286ed09)
----
- main/rfc1867.c                       |   7 ++
- tests/basic/GHSA-9pqp-7h25-4f32.inc  |   3 +
- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 100 +++++++++++++++++++++++++++
- 3 files changed, 110 insertions(+)
- create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.inc
- create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.phpt
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index 1b212c93325..43ccce120c3 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -759,6 +759,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 		boundary_len = boundary_end-boundary;
- 	}
- 
-+	/* Boundaries larger than FILLUNIT-strlen("\r\n--") characters lead to
-+	 * erroneous parsing */
-+	if (boundary_len > FILLUNIT-strlen("\r\n--")) {
-+		sapi_module.sapi_error(E_WARNING, "Boundary too large in multipart/form-data POST data");
-+		return;
-+	}
-+
- 	/* Initialize the buffer */
- 	if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) {
- 		sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer");
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.inc b/tests/basic/GHSA-9pqp-7h25-4f32.inc
-new file mode 100644
-index 00000000000..adf72a361a2
---- /dev/null
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.inc
-@@ -0,0 +1,3 @@
-+<?php
-+print "Hello world\n";
-+var_dump($_POST);
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-new file mode 100644
-index 00000000000..af819163705
---- /dev/null
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-@@ -0,0 +1,100 @@
-+--TEST--
-+GHSA-9pqp-7h25-4f32
-+--SKIPIF--
-+<?php
-+if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
-+    die("skip php-cgi not available");
-+}
-+?>
-+--FILE--
-+<?php
-+
-+const FILLUNIT = 5 * 1024;
-+
-+function test($boundaryLen) {
-+    printf("Boundary len: %d\n", $boundaryLen);
-+
-+    $cmd = [
-+        getenv('TEST_PHP_CGI_EXECUTABLE'),
-+        '-C',
-+        '-n',
-+        __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
-+    ];
-+
-+    $boundary = str_repeat('A', $boundaryLen);
-+    $body = ""
-+        . "--$boundary\r\n"
-+        . "Content-Disposition: form-data; name=\"koko\"\r\n"
-+        . "\r\n"
-+        . "BBB\r\n--" . substr($boundary, 0, -1) . "CCC\r\n"
-+        . "--$boundary--\r\n"
-+        ;
-+
-+    $env = array_merge($_ENV, [
-+        'REDIRECT_STATUS' => '1',
-+        'CONTENT_TYPE' => "multipart/form-data; boundary=$boundary",
-+        'CONTENT_LENGTH' => strlen($body),
-+        'REQUEST_METHOD' => 'POST',
-+        'SCRIPT_FILENAME' => __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
-+    ]);
-+
-+    $spec = [
-+        0 => ['pipe', 'r'],
-+        1 => STDOUT,
-+        2 => STDOUT,
-+    ];
-+
-+    $pipes = [];
-+
-+    print "Starting...\n";
-+
-+    $handle = proc_open($cmd, $spec, $pipes, getcwd(), $env);
-+
-+    fwrite($pipes[0], $body);
-+
-+    $status = proc_close($handle);
-+
-+    print "\n";
-+}
-+
-+for ($offset = -1; $offset <= 1; $offset++) {
-+    test(FILLUNIT - strlen("\r\n--") + $offset);
-+}
-+
-+?>
-+--EXPECTF--
-+Boundary len: 5115
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+Hello world
-+array(1) {
-+  ["koko"]=>
-+  string(5124) "BBB
-+--AAA%sCCC"
-+}
-+
-+Boundary len: 5116
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+Hello world
-+array(1) {
-+  ["koko"]=>
-+  string(5125) "BBB
-+--AAA%sCCC"
-+}
-+
-+Boundary len: 5117
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+<br />
-+<b>Warning</b>:  Boundary too large in multipart/form-data POST data in <b>Unknown</b> on line <b>0</b><br />
-+Hello world
-+array(0) {
-+}
-+
--- 
-2.46.1
-
-From 2fd1b83817d20523e72bef3ad524cd5797f51acf Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Mon, 23 Sep 2024 18:54:31 +0100
-Subject: [PATCH 08/11] Skip GHSA-9pqp-7h25-4f32 test on Windows
-
-(cherry picked from commit c70e25630832fa10d421328eed2b8e1a36af7a64)
-(cherry picked from commit c75683864f6e4188439e8ca2adbb05824918be12)
----
- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-index af819163705..29bcb6557d5 100644
---- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-@@ -5,6 +5,9 @@ GHSA-9pqp-7h25-4f32
- if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
-     die("skip php-cgi not available");
- }
-+if (substr(PHP_OS, 0, 3) == 'WIN') {
-+    die("skip not for Windows in CI - probably resource issue");
-+}
- ?>
- --FILE--
- <?php
--- 
-2.46.1
-
-From 29065f33f37f99ba33254cb23c941647bcd7372c Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 26 Sep 2024 15:49:03 +0200
-Subject: [PATCH 11/11] adapt GHSA-9pqp-7h25-4f32 test for 7.x
-
----
- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-index 29bcb6557d5..a1ead918ff3 100644
---- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-@@ -21,6 +21,7 @@ function test($boundaryLen) {
-         getenv('TEST_PHP_CGI_EXECUTABLE'),
-         '-C',
-         '-n',
-+        '-dlog_errors=1',
-         __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
-     ];
- 
-@@ -92,11 +93,10 @@ array(1) {
- 
- Boundary len: 5117
- Starting...
-+PHP Warning:  Boundary too large in multipart/form-data POST data in Unknown on line 0
- X-Powered-By: %s
- Content-type: text/html; charset=UTF-8
- 
--<br />
--<b>Warning</b>:  Boundary too large in multipart/form-data POST data in <b>Unknown</b> on line <b>0</b><br />
- Hello world
- array(0) {
- }
--- 
-2.46.1
-

SOURCES/php-cve-2024-8926.patch

@@ -1,210 +0,0 @@
-From fb718aa6f2117933566bb7bb2f70b2b0d9a9c08f Mon Sep 17 00:00:00 2001
-From: Jan Ehrhardt <github@ehrhardt.nl>
-Date: Wed, 5 Jun 2024 20:24:52 +0200
-Subject: [PATCH 01/11] Fix GHSA-3qgc-jrrr-25jv
-
----
- sapi/cgi/cgi_main.c                     | 23 ++++++++++++++-
- sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt | 38 +++++++++++++++++++++++++
- 2 files changed, 60 insertions(+), 1 deletion(-)
- create mode 100644 sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index a36f426d266..8d1342727dc 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1827,8 +1827,13 @@ int main(int argc, char *argv[])
- 		}
- 	}
- 
-+	/* Apache CGI will pass the query string to the command line if it doesn't contain a '='.
-+	 * This can create an issue where a malicious request can pass command line arguments to
-+	 * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
-+	 * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
-+	 * Therefore, this code only prevents passing arguments if the query string starts with a '-'.
-+	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
- 	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
--		/* we've got query string that has no = - apache CGI will pass it to command line */
- 		unsigned char *p;
- 		decoded_query_string = strdup(query_string);
- 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
-@@ -1838,6 +1843,22 @@ int main(int argc, char *argv[])
- 		if(*p == '-') {
- 			skip_getopt = 1;
- 		}
-+
-+		/* On Windows we have to take into account the "best fit" mapping behaviour. */
-+#ifdef PHP_WIN32
-+		if (*p >= 0x80) {
-+			wchar_t wide_buf[1];
-+			wide_buf[0] = *p;
-+			char char_buf[4];
-+			size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
-+			size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
-+			if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
-+				|| char_buf[0] == '-') {
-+				skip_getopt = 1;
-+			}
-+		}
-+#endif
-+
- 		free(decoded_query_string);
- 	}
- 
-diff --git a/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-new file mode 100644
-index 00000000000..fd2fcdfbf89
---- /dev/null
-+++ b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-@@ -0,0 +1,38 @@
-+--TEST--
-+GHSA-3qgc-jrrr-25jv
-+--SKIPIF--
-+<?php
-+include 'skipif.inc';
-+if (PHP_OS_FAMILY !== "Windows") die("skip Only for Windows");
-+
-+$codepage = trim(shell_exec("powershell Get-ItemPropertyValue HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage ACP"));
-+if ($codepage !== '932' && $codepage !== '936' && $codepage !== '950') die("skip Wrong codepage");
-+?>
-+--FILE--
-+<?php
-+include 'include.inc';
-+
-+$filename = __DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php";
-+$script = '<?php echo "hello "; echo "world"; ?>';
-+file_put_contents($filename, $script);
-+
-+$php = get_cgi_path();
-+reset_env_vars();
-+
-+putenv("SERVER_NAME=Test");
-+putenv("SCRIPT_FILENAME=$filename");
-+putenv("QUERY_STRING=%ads");
-+putenv("REDIRECT_STATUS=1");
-+
-+passthru("$php -s");
-+
-+?>
-+--CLEAN--
-+<?php
-+@unlink(__DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php");
-+?>
-+--EXPECTF--
-+X-Powered-By: PHP/%s
-+Content-type: %s
-+
-+hello world
--- 
-2.46.1
-
-From a634d3f5169c884715d9e26ac213ecf2a25c3666 Mon Sep 17 00:00:00 2001
-From: Jan Ehrhardt <github@ehrhardt.nl>
-Date: Sun, 9 Jun 2024 20:09:02 +0200
-Subject: [PATCH 03/11] NEWS: Add backports from 8.1.29
-
----
- NEWS | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 34ad33cf5c4..a96518695fb 100644
---- a/NEWS
-+++ b/NEWS
-@@ -3,10 +3,18 @@ PHP                                                                        NEWS
- 
- Backported from 8.1.29
- 
-+- CGI:
-+  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
-+    in PHP-CGI). (CVE-2024-4577) (nielsdos)
-+
- - Filter:
-   . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
-     (CVE-2024-5458) (nielsdos)
- 
-+- Standard:
-+  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
-+    (CVE-2024-5585) (nielsdos)
-+
- Backported from 8.1.28
- 
- - Standard:
--- 
-2.46.1
-
-From 1158d06f0b20532ab7309cb20f0be843f9662e3c Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Fri, 14 Jun 2024 19:49:22 +0200
-Subject: [PATCH 05/11] Fix GHSA-p99j-rfp4-xqvq
-
-It's no use trying to work around whatever the operating system and Apache
-do because we'll be fighting that until eternity.
-Change the skip_getopt condition such that when we're running in
-CGI or FastCGI mode we always skip the argument parsing.
-This is a BC break, but this seems to be the only way to get rid of this
-class of issues.
-
-(cherry picked from commit abcfd980bfa03298792fd3aba051c78d52f10642)
-(cherry picked from commit 2d2552e092b6ff32cd823692d512f126ee629842)
----
- sapi/cgi/cgi_main.c | 26 ++++++++------------------
- 1 file changed, 8 insertions(+), 18 deletions(-)
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index 8d1342727dc..a2761aafd7b 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1777,7 +1777,6 @@ int main(int argc, char *argv[])
- 	int status = 0;
- #endif
- 	char *query_string;
--	char *decoded_query_string;
- 	int skip_getopt = 0;
- 
- #if defined(SIGPIPE) && defined(SIG_IGN)
-@@ -1832,10 +1831,15 @@ int main(int argc, char *argv[])
- 	 * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
- 	 * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
- 	 * Therefore, this code only prevents passing arguments if the query string starts with a '-'.
--	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
-+	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue.
-+	 * However, Windows has lots of conversion rules and command line parsing rules that
-+	 * are too difficult and dangerous to reliably emulate. */
- 	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
-+#ifdef PHP_WIN32
-+		skip_getopt = cgi || fastcgi;
-+#else
- 		unsigned char *p;
--		decoded_query_string = strdup(query_string);
-+		char *decoded_query_string = strdup(query_string);
- 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
- 		for (p = (unsigned char *)decoded_query_string; *p &&  *p <= ' '; p++) {
- 			/* skip all leading spaces */
-@@ -1844,22 +1848,8 @@ int main(int argc, char *argv[])
- 			skip_getopt = 1;
- 		}
- 
--		/* On Windows we have to take into account the "best fit" mapping behaviour. */
--#ifdef PHP_WIN32
--		if (*p >= 0x80) {
--			wchar_t wide_buf[1];
--			wide_buf[0] = *p;
--			char char_buf[4];
--			size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
--			size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
--			if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
--				|| char_buf[0] == '-') {
--				skip_getopt = 1;
--			}
--		}
--#endif
--
- 		free(decoded_query_string);
-+#endif
- 	}
- 
- 	while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
--- 
-2.46.1
-

SOURCES/php-cve-2024-8927.patch

@@ -1,57 +0,0 @@
-From c7308ba7cd0533501b40eba255602bb5e085550f Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Tue, 18 Jun 2024 21:28:26 +0200
-Subject: [PATCH 06/11] Fix GHSA-94p6-54jq-9mwp
-
-Apache only generates REDIRECT_STATUS, so explicitly check for that
-if the server name is Apache, don't allow other variable names.
-Furthermore, redirect.so and Netscape no longer exist, so
-remove those entries as we can't check their server name anymore.
-
-We now also check for the configuration override *first* such that it
-always take precedence. This would allow for a mitigation path if
-something like this happens in the future.
-
-(cherry picked from commit 48808d98f4fc2a05193cdcc1aedd6c66816450f1)
-(cherry picked from commit 8aa748ee0657cdee8d883ba50d04b68bc450f686)
----
- sapi/cgi/cgi_main.c | 23 +++++++++++------------
- 1 file changed, 11 insertions(+), 12 deletions(-)
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index a2761aafd7b..ebce6302b93 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1939,18 +1939,17 @@ int main(int argc, char *argv[])
- 
- 	/* check force_cgi after startup, so we have proper output */
- 	if (cgi && CGIG(force_redirect)) {
--		/* Apache will generate REDIRECT_STATUS,
--		 * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS.
--		 * redirect.so and installation instructions available from
--		 * http://www.koehntopp.de/php.
--		 *   -- kk@netuse.de
--		 */
--		if (!getenv("REDIRECT_STATUS") &&
--			!getenv ("HTTP_REDIRECT_STATUS") &&
--			/* this is to allow a different env var to be configured
--			 * in case some server does something different than above */
--			(!CGIG(redirect_status_env) || !getenv(CGIG(redirect_status_env)))
--		) {
-+		/* This is to allow a different environment variable to be configured
-+		 * in case the we cannot auto-detect which environment variable to use.
-+		 * Checking this first to allow user overrides in case the environment
-+		 * variable can be set by an untrusted party. */
-+		const char *redirect_status_env = CGIG(redirect_status_env);
-+		if (!redirect_status_env) {
-+			/* Apache will generate REDIRECT_STATUS. */
-+			redirect_status_env = "REDIRECT_STATUS";
-+		}
-+
-+		if (!getenv(redirect_status_env)) {
- 			zend_try {
- 				SG(sapi_headers).http_response_code = 400;
- 				PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
--- 
-2.46.1
-

SOURCES/php-cve-2024-9026.patch

@@ -1,245 +0,0 @@
-From 4a8b8fa2592bd8862adeacb5b2faacb30500b9f9 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Thu, 12 Sep 2024 13:11:11 +0100
-Subject: [PATCH 07/11] Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may
- be altered
-
-(cherry picked from commit 1f8e16172c7961045c2b0f34ba7613e3f21cdee8)
-(cherry picked from commit 22f4d3504d7613ce78bb96aa53cbfe7d672fa036)
----
- sapi/fpm/fpm/fpm_stdio.c                      |  2 +-
- .../log-bwp-msg-flush-split-sep-pos-end.phpt  | 47 +++++++++++++++++++
- ...log-bwp-msg-flush-split-sep-pos-start.phpt | 47 +++++++++++++++++++
- 3 files changed, 95 insertions(+), 1 deletion(-)
- create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
- create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-
-diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c
-index ddedfb48c7c..9d87273314a 100644
---- a/sapi/fpm/fpm/fpm_stdio.c
-+++ b/sapi/fpm/fpm/fpm_stdio.c
-@@ -177,7 +177,7 @@ stdio_read:
- 			if 	((sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos) <= in_buf &&
- 					!memcmp(buf, &FPM_STDIO_CMD_FLUSH[cmd_pos], sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos)) {
- 				zlog_stream_finish(log_stream);
--				start = cmd_pos;
-+				start = sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos;
- 			} else {
- 				zlog_stream_str(log_stream, &FPM_STDIO_CMD_FLUSH[0], cmd_pos);
- 			}
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-new file mode 100644
-index 00000000000..52826320080
---- /dev/null
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-@@ -0,0 +1,47 @@
-+--TEST--
-+FPM: Buffered worker output plain log with msg with flush split position towards separator end
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+catch_workers_output = yes
-+decorate_workers_output = no
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+file_put_contents('php://stderr', str_repeat('a', 1013) . "Quarkslab\0fscf\0Quarkslab");
-+EOT;
-+
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$tester->request()->expectEmptyBody();
-+$tester->expectLogLine(str_repeat('a', 1013)  . "Quarkslab", decorated: false);
-+$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->terminate();
-+$tester->expectLogTerminatingNotices();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-new file mode 100644
-index 00000000000..34905938553
---- /dev/null
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-@@ -0,0 +1,47 @@
-+--TEST--
-+FPM: Buffered worker output plain log with msg with flush split position towards separator start
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+catch_workers_output = yes
-+decorate_workers_output = no
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+file_put_contents('php://stderr', str_repeat('a', 1009) . "Quarkslab\0fscf\0Quarkslab");
-+EOT;
-+
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$tester->request()->expectEmptyBody();
-+$tester->expectLogLine(str_repeat('a', 1009)  . "Quarkslab", decorated: false);
-+$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->terminate();
-+$tester->expectLogTerminatingNotices();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
--- 
-2.46.1
-
-From 1154fbd3ddfa418bf2492c5366adaefb47c47737 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 26 Sep 2024 11:50:54 +0200
-Subject: [PATCH 09/11] NEWS for 8.1.30 backports
-
-(cherry picked from commit af3fb385e7b328ab89db26ec712d89c7096f0743)
----
- NEWS | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index a96518695fb..62616d6312d 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,23 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.30
-+
-+- CGI:
-+  . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
-+    Vulnerability). (CVE-2024-8926) (nielsdos)
-+  . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
-+    bypassable due to the environment variable collision). (CVE-2024-8927)
-+    (nielsdos)
-+
-+- FPM:
-+  . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
-+    (CVE-2024-9026) (Jakub Zelenka)
-+
-+- SAPI:
-+  . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
-+    (CVE-2024-8925) (Arnaud)
-+
- Backported from 8.1.29
- 
- - CGI:
--- 
-2.46.1
-
-From bc574c256596abc4966e7f0e3e0913839092151e Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 26 Sep 2024 15:48:11 +0200
-Subject: [PATCH 10/11] adapt GHSA-865w-9rf3-2wh5 test for 7.x
-
----
- sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt   | 4 ++--
- sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt | 4 ++--
- sapi/fpm/tests/tester.inc                                 | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-index 52826320080..bdd61782bfa 100644
---- a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-@@ -30,8 +30,8 @@ $tester = new FPM\Tester($cfg, $code);
- $tester->start();
- $tester->expectLogStartNotices();
- $tester->request()->expectEmptyBody();
--$tester->expectLogLine(str_repeat('a', 1013)  . "Quarkslab", decorated: false);
--$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->expectLogLine(str_repeat('a', 1013)  . "Quarkslab", true, false);
-+$tester->expectLogLine("Quarkslab", true, false);
- $tester->terminate();
- $tester->expectLogTerminatingNotices();
- $tester->close();
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-index 34905938553..f3461e4a0c8 100644
---- a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-@@ -30,8 +30,8 @@ $tester = new FPM\Tester($cfg, $code);
- $tester->start();
- $tester->expectLogStartNotices();
- $tester->request()->expectEmptyBody();
--$tester->expectLogLine(str_repeat('a', 1009)  . "Quarkslab", decorated: false);
--$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->expectLogLine(str_repeat('a', 1009)  . "Quarkslab", true, false);
-+$tester->expectLogLine("Quarkslab", true, false);
- $tester->terminate();
- $tester->expectLogTerminatingNotices();
- $tester->close();
-diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
-index 7868afc4ac1..fe5f0c2fde7 100644
---- a/sapi/fpm/tests/tester.inc
-+++ b/sapi/fpm/tests/tester.inc
-@@ -1315,7 +1315,7 @@ class Tester
-      * @param string $message
-      * @return bool
-      */
--    public function expectLogLine(string $message, bool $is_stderr = true)
-+    public function expectLogLine(string $message, bool $is_stderr = true, bool $decorated = true)
-     {
-         $messageLen = strlen($message);
-         $limit = $messageLen > 1024 ? $messageLen + 16 : 1024;
-@@ -1325,7 +1325,7 @@ class Tester
-             $this->message("LOG LINE: " . ($logLines[0] ?? ''));
-         }
- 
--        return $this->logTool->checkWrappedMessage($logLines, false, true, $is_stderr);
-+        return $this->logTool->checkWrappedMessage($logLines, false, $decorated, $is_stderr);
-     }
- 
-     /**
--- 
-2.46.1
-

SOURCES/php-keyring.gpg

@@ -1,320 +1,597 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBFklYukBEAC9tCSjnoNs3ucOA9RPfKcuK87JD9jdet2UUsw4DHd/Hwmrt3T7
-WKoH1GwRp+ue5+vzXqdFRZ4gG+7tgvUsOtNb5rh22bTBsUIeGsvm/omJntXCFQhY
-cfjtk04p3qtgJ5PGjZahCRYg4aQ2tGp2Mb8auFuFPsHtOHLWQCL7vQShsN9mEkEz
-AQZnn9QYL+IvTQVSKsRy8XcHYZVk2uT2xQY2LvkAucWF0TrjU2LJ2IFdepc0+jz1
-xasBR0afT9YccHpQH5w8yOW+9o/n7BiMHfgT0sBMdKCfKVoQrQe0CsFnqc/+V4Ns
-nHkyUrbfKiIFm+NOupIMpL6/A+Iky5YpjIIUHPuVL6VAY6wm463WI8FPk+NtGekm
-9jqISxirkYWsIEoZtCrycC8N0iUbGq8eLYdC9ewU5dagCdLGwnDvYjOvzH156LTi
-E/Svrq2q0kBDAa7CTGRlT+2sgD89ol73QtAVUJst99lVHMmIL1cV4HUpvOlTJHRd
-sN6VhlPrw6ue+2vmYsF86bYni6vMH6KJnmiWa1wijYO0wiSphtTXAa0HE/HTV+hS
-b9bCRbyipwdqkEeaj8sKcx9+XyNxVOlUfo8pQZnLRTd61Fvj+sSTSEbo95a5gi0W
-DnyNtiafKEvLxal7VyatbAcCEcLDYAVHffNLg4fm4H35HN0YQpUt+SuVwQARAQAB
-tBpSZW1pIENvbGxldCA8cmVtaUBwaHAubmV0PokCPgQTAQIAKAUCWSVi6QIbAwUJ
-DShogAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ3J/40+5a8n9OJQ/9HtuZ
-4BMPMDFGVPUZ9DP0d74DF/QcT0V101TrdIZ92R4up56Dv40djjQZc2W9BmpPVFr/
-v6qdjapdPH5vvmatnQDz/nIOfo1iwPWGzvmKnbDBQ4qJX7Jd6PdD/YorcD+0tOQN
-KLIGE9ZFQnS80iz9iaTGzvQKEQKEMugQSf3kG3NBEGqKQBsTTrBQOUJ3g8w6id2/
-qJtrDRbL9TuCU77Dpx9HUAnjj/Ixlvd4RQDa/BCYzGYJlCyTsaVW3qc7DIh/pRad
-qtswghSETtl6SSo9yHtoYOGTxXO6UikLEE8miOlaOPQrC9hCD+LSGc5QhNLBEKes
-0l79w9kw9qZ9Xfh4pw/hf1N4O3kPHyUg0q9QaX1XKtigjTUcpdf2Kq8LtlB60p40
-eZE2dV3T11X+rcn33pFSXMeTJeaNKHXoeGcva/gyZVtvi8iJhqtw9QOUkxRDvGB+
-FEUId3Z1yAu7ZAz6qiUCgxK/VJ6/kBb+YYR8K4FHLmNOd5KoiTerKQu423uuMYlY
-fBHpVZ9YuEJQnTEpizFEeOgaixx5RDLnoPsd/x59VS9eaaKotTPbW/rEp7SvbKj0
-dR5WMfGyd/OJrcWVZy8/Kh5Mc/4KOHD+JGAp0bE113TkEEoTZ8gNHFdLdv52V9eX
-UkeT5IxyThZBkUy6palDM8A5vaf6Eet8xOLy9XG5Ag0EWSVi6QEQAKujAODvsdbt
-5n1dO29Nj5htbmt6M2A7eOjt7yUj4UMtBaGOA08O0DVA8MJkvepMq9AJBXHZMi9D
-ycw3rxBHQDqHJJMwghu3RoQw1y5Wym7LiLhoWSU/wK0BrKOULBwh+kS6udKA4oWr
-V/gr0JGmfdL8dZjBF10kHCfCcjcjWtmIp2GRaoOKTlHCviNmRxzyqba7zE0Zc2ma
-Q/4w98BI83GqD1bT8gF/5qwSI1hecBwt9oS7EbZ1ZiE8SSE8Gr6OR3p5UNHbzqxU
-Wy8W4r3qulCLc6g1LPXP1V59cMxX9jQJ7lSdv0k8C6Lb6t9Wm8G63hNYgRCAmNW5
-EnqieTrx45K9vqoqfQK6Apfy0UoOquiuK7QClT3wBd7kmyKsCfV0bwRA/fV/sC1R
-niu8PV7CRk9ryudUXycKq33pSkrOfZjFIQhCqdJkVc2MPbAuj2pOMutKwGKRq/Mt
-3O8nEfGqWaJPa36C6dhlPqjEGTIEk5P493DzM7fj5VVIWyUrI8Vm9FslSvzILcON
-HMtKtRs2cRYA085NKDXGN7i5Am7L7ZONfqVs3V493ICwmALzeSULNLiMtX+ESQfd
-WCS3Hosnjbc6INDg9BRhFt5MEWJ/qchM3g4NQuukqtOYsiEUw8bCzepwJxXplvNY
-u0yQDxvP+0RzjMozruVz3VoHeyf6rSWvABEBAAGJAiUEGAECAA8FAlklYukCGwwF
-CQ0oaIAACgkQ3J/40+5a8n/8gg//a75gXQ4csiDUTsUndb94EXqraffmMcT5oCzf
-cP+Mecbuv3G8oQZeLRchsW2i4QecnvPwrXAJcF8kJuN/KZLyeh21PWBy55wo/2nb
-wOvQockXpK5yVeuc3DmdTaxDnW9u3QpSwbvkEyoCpeHH6rZ1wjqn8Qi1k7njC4qg
-XpRrLQdRsS5ULXpf3IM+vaxbQ5avVnNRu5zMA6M/0reL0RSjgMfnk+3AwLCtuMiy
-1aStCe8V7Y60/oauk+IZA1VJlSz2n3675YD7TkTZKkYIYZHTBw3ZPVJo08jdRUXt
-GJjpOyyWVjP7GMKvZuQVWqcFyc8QHHaIPDLkdi7B9YFPWqfwJPBfUXcdzjAXI7N4
-XsSEeMm8S8SC4FKCidioP/A+bamKcONHUuZ+AztvLh24ZTkqzA/sRRYpbMGUQzpc
-DbastuXG66s3e9pJa0R14011A4bofy6Ureh9q6TQNOkNegUUdjbGSd1bfNIdQXRH
-0+LBV1oaY//v+aBjswy4hJ5oXmQj5jQKFitRCP9jzueyDdMJZ0j0Hhh4ItCzFV5z
-IKtWiy7pRp1DXq9LjoyWeeLfKu+HrEGjMwyTGJiMjcL7oCHeiV/a+fY92wpUrY1/
-mRVLqKqDIA6/iEL2DVf21U7rXY26xxvf4QFImZaYLwKQYLe8TOOjDA/I9bR1JJmh
-54yw10CZAg0EXP+o8QEQAOt/faLOy1ltLfFcIRJo0o/tS9eEcofNUDxDNeT9Q61F
-2oMXi7uxRpnnJu69/9AgN5urM4aSL/amfIn5NSmT2JCkFHhcSb367UX3Hw3sNWJ6
-eGp7JePowEb9OhnTsJBuxIslZLUj8n9IRqi2snkIZqg5dnMTybjzvCTkgyEoJN96
-1PeP0AVgNkUS0ibQdzGbqWPWekb2DLMMkW3GClkJamdPYmeCA6nnjqZf2LiFhApf
-/fW6RBKKhQ/bTZaWmPpg8tooU+kVnvuLnn20lnxRI8aRnfsdXHAiiqlYmIIBJdG8
-PkutEWkvucRDhvcJ7ka1UZ1XvRG02MNvsTHQ7AWhZdKryz2P+ugX3g/omaQP3Tdg
-a7Diy1pOwifcgoKB8S9fORjC20DcuvO2wnlVBgyAReejisxgQO2yYlumfl1ZFV9e
-pYvdPEwZy8ugyLWCKmBZkoBggGL4gJrKtb/3VTnXaXQMw1uEXx+RawTaKWDPdhbM
-BfDbQzflbLcFgFEANiA1932MD4piFfsRvHm4FQC8u51pAHbBRj6GZFCWvseS5/Fl
-Dhd+5DGzbYXf7gXpcng2djFOvxG/s+eBjloo58Npe255U8rGrSfPJdHXs5jdDkPG
-J90mg4zCjVbPpIn6lZQIUoqd/3iAOP9z9waf0VrWpMzfZ1f31FVoHOobuhczOqM3
-ABEBAAG0JURlcmljayBSZXRoYW5zIDxncGdAZGVyaWNrcmV0aGFucy5ubD6JAlQE
-EwEKAD4WIQRaUogHgfdVYIv4FfyRDetG9T6jEgUCXP+peQIbAwUJEswDAAULCQgH
-AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCRDetG9T6jEjUFD/9pntL8QAV66p/blK/9
-PQs/h1oqO1t2/dNWpQ9WpiCkuFvHCrNbzXuahxECh+TXfy5WCrsirmoCliq3yxu3
-YLjQBFQsmt81KhYk+9coewQ/Er71FE6oKU3reHx1vLK/qyGIL611FT62+FOQ781X
-zDgQTtUARTNWUuiewPBHlZpssrGHN+gj6GG/wgesjHuxtaZxPbaqKAOIYh8H6297
-fU3ksyiGyk3Lh7RoGsSKLKf3t/3hWVItMz1QECiwQNa51B3o1W/XAEWUEiBaSwW1
-GhhgSUozbmpaEDlj5xwrk8vchevvgeE6C1iwea/Z0Lu9HHaHdtbS7adgTKa8iopK
-TejiKuSqY+trgBg7uW/5YYW0FebaeYMWm4SMn6ApywuiTB8FbKaSBtV7A7XDOCGh
-Zd25eTpdPhtL7ja7ttXvcnRjB0ded4T5eX7M1gpFkIR18O9vPryGV+CiN7i26SSw
-x1mPEBq8BqajzHKjm3HqZLJHo6SmV9ibcnKIjpZ7bjFnyy5i+0vjpmJxZDsvBtE3
-LQ+OcC5X1rSQ80a9qe0w2HEN6B39DkDBwEOKlCVy2MsZT42uD1ojFceSPYS7V3ye
-JKyivxSUA3HBXoAUfL4UFaENFhaLf1c6NaruPPH9MNLQCQ39evsPFhYWJyG8H53R
-jIH7v55AGfzQJA/2wLpfTRigXLQlRGVyaWNrIFJldGhhbnMgKFBIUCkgPGRlcmlj
-a0BwaHAubmV0PokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6lp
-AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMScc4Q
-AMfExi/iGk2BMxCAlJNsAUyEqEjLqBeXmVOMd2b4gOslhtTi5/fLi3ghoxgjBadf
-zhRmXwnv0AFY+/3gWcz571Y+yZFKz7eBKVNFzqVWp/XFYfWM3bOth0NfVkSTpzGD
-u8c2XHpqZlLGeaABor0bCeNlIbx4uNPU/2aUXcjrYll5nQVyESvRtzriwYXIbxSI
-QG432GxQ/oFc3Rk4VOsR1wH5y6Bbss2CKV84Kw2HZn5LJC5k3eJniqBVcHAZz1l8
-VCc9RzcTwiP3WPA1Jlo6p2+KgVPiZy6telJrxBtk3caSor3KCR+ZWiFZwBGtgN2p
-7MO1lOche5+W/Tx/cRbDyaXFHO/q3Nhdw+nmPFmPrUks8isbkWBe4RXkYn8Ekozj
-A6edJIFEdn/+YBkQ/Kw0ik7RqvaVQ17SD7dsRJ2P0h+jvDJrrJpPP20utbehz4xG
-QRjjvS62G1QXBwmQB0c1rhUyGncofqt99H15QmB2hwGYjeeUxA6HI9V8ZYYi3MkR
-sA7TJ3NiDoyVI8sQF8BcFalThghbaKd97Y+EwipjA/jUni1pgpgy4/NbeK/fjtgN
-gPAIRDAQgu5vTeg5Q3RjHjss3Q01E6fXHW5y0XNqiTZPENwuPxSPNkqCbThNG7rw
-PSX8+RhFPlf2RLjI/mGEQs+rd4hSEgo8VpVEyB+RsOQNtChEZXJpY2sgUmV0aGFu
-cyA8ZGVyaWNrQGRlcmlja3JldGhhbnMubmw+iQJUBBMBCgA+FiEEWlKIB4H3VWCL
-+BX8kQ3rRvU+oxIFAlz/qPECGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
-F4AACgkQkQ3rRvU+oxKNsg//TzbKTSo4hqtLuwgcWOF6xV2DcxlVCVEMZwmZOaPi
-tc6VOVQlfF41wa3ocEnv9e4QGpJfuY/qhbf6azkTx3Vz8isiPkjPzprnPtQIzlNz
-jwKcK6V9ALGDHQ4uQbaV4ifERgTRLCiTfoQopKTZFF1ZW5br3MrQl/43uE25yXUR
-RUiQnT9WFwM61W1wlRVoE1OYOUsDxKQ8bPUM74IN+Txv1OUIhUkwjQqJE9R3X/kt
-mvoeZ8Up6ptlZ/NDcjQcvcuJAQQpFNfDc0fenFsYnHLIUfKkvu04NRCARRZ4XmZE
-djELpH8Qh5Yl+NKRoqchxOSn/IbmIDUYh7H3WCH82EMfJX78ETat/EKzIoSH3AWX
-5es9PeiegI+l4gOVanCg3Q9IFcO+ygpEcswbRrepEqkrRfSWBPUYwW9++aj7LwlY
-Vv2paUnJ0bSc1crQ0/cXqnuRdFevxoTb55YAaNyNqft94A2+U0DhcKInVeOpV5QG
-KNLAG1yT8PWWaxxOutR0PU+Qi7SfnGnSE19+t/EnOl3LHWw/rqVNldaYkPYFL4Aj
-XWBo3GDF033uJe8fuqbYRNJW+7vqv58s06M3s9MaAlsoDCZRE0Fyp7OhJ4TIt6YQ
-LlJ4bKN31gL8LToB1vUGi/q8eZ6Wnd8BskaPcak5qxPxJfBYAC12Nl34IB/80ISM
-DSG0MURlcmljayBSZXRoYW5zIChHaXRIdWIpIDxnaXRodWJAZGVyaWNrcmV0aGFu
-cy5ubD6JAlQEEwEKAD4WIQRaUogHgfdVYIv4FfyRDetG9T6jEgUCXP+pVgIbAwUJ
-EswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCRDetG9T6jEo1lEACxljQI
-WJ7k0wCKCrcD7A2m+pCVd03AWog+Xs112F9VhRCjLi3p2JAiM0bljhZGUfEa/IiY
-+74gj1leW54onLCjauAH/GCF6vEJ2pt9IEpB6Poxqc2WJw3RQ2o2Gse8FSjMVJj7
-AukYXxJNCQBV4aKqxTq7LlMPmwQuCzrxc3bn5kvJJSauJK6WH9ZKeQluvwy9/GEa
-5oauXY8orgPIiT7cpcXEfrV0pshrYJbQoh0uBHTjshtITrH5Bz6iCneU2+yfqTBo
-pgqf/WFdTSDWxaViBt6RerKKTC1OWB4dFqu0oHw1ZpLj8VGhAoU1c0vcupNw8IVu
-2UaXEsfYQ0cGhxcP3k7knTR/+wqVyq9KP/s7r6voKQB2zx9Rn4pKDQfO5UnX1HTP
-eUE73kI0vuiBW0Ef+aQhAK2mfexD9NgNqOOZ59m1f4Dr2Uaqj7iWUPKydK8qn8UV
-o/3ESq7bfpP59HSkFybf9IObPiFYCBx6HuYbc7F8o78X6Ui/r7rfGH7a/Jcgsxqh
-VGWl+c6bIMKcuBTH/d7bT2IkLhv6VQ+HUsXN+O8S9N6wftBemCL+kgyrgPWMvW49
-sUbiW+VpgJW+u6sBO7qxr4AJDF7N3XlTFidaB+SgdbdeZjlNxrp3f6t1jttRkI+5
-XgC5eHFfqA1yPt89YnSDBFkFmqGNqU+z51MOa7kCDQRc/6jxARAAsFh2uyrRLcdi
-ioIXpfci8C8eOC0Z7ili4xjax6oyMukUlgXDilVJ3sLZc6/LoAABN6jF7Rnd7wi6
-RLagyeEYIQa1fWFSwK6/W2uHJZkoK9YgymROMY0e9a5MBHK0APSKmn2jkJk84/zC
-aBK2DjWreewnwK0LPkneEmCci02fuh3UmVcjObQ6KKKJE6GWqvxR0NYCrUFbiJDO
-9tvSWlaPuMUJ/Dfp0ArCr25f/QE8V6Mc7H9lMQ7DjlvjIvagJkg3Q6RiLFpBZr2Z
-0Tz5y10ZEIgnKu9N2bfwOWpHuCTy1d2Vb784bwN+0M/GBPD7nfo0y272eniof191
-2JFBo7Ww1D32OtR024iynA2JhG7Q/Wz2vYHj4TT11XKVSnfq/VECQPjrJLec2zZz
-sdSQjSByifLNpZethuAXEu+gZz0swrRrg51tNcT4/EOahB8AXKSr1o+LEceg0sYY
-nnjJtxWdknAmq89rzWN7JgyUnNpTlmJRYEMMM6gLMagOy2+VZmLkkSihFgfF50Nq
-3KAGlLgpvKlP832v8p/e3mWvVSjDF/V+7XDALmEQ9HxJkvc43l+uIf/rWXUJ1Kti
-bbYc+KiJzbP5UkmIQkwuR/RWfYRXuV+y4mJ08LOaOk13o7V8SLWmBf+C7XbKv20+
-YCPzzaj/vok0BYyw1FKBuUt1PP+t9fkAEQEAAYkCPAQYAQoAJhYhBFpSiAeB91Vg
-i/gV/JEN60b1PqMSBQJc/6jxAhsMBQkSzAMAAAoJEJEN60b1PqMSFpoP/Ahxle+K
-KiqzX9K7lGh1n5tS5PvvwgKerkmXjDpCUk/+DZeX9jt2jwO11ZOHWr7xwNyK0tOd
-yzO8VFG9BZ2qyjJSoP/93+ibb2r3oHus3xt6o/7On0v/BIKGZEt7MsBh2M8tvfbI
-GSse3hf6ZFY/6JYA0PzKZDObHKQ4WNax474XEfLCzPDuQ5Dn8k2hIkbqYTERfRtt
-abt5CD3+Av+LTDdE5jQc3fvS+p+IkKKFbMcwKIY5SEJeg45xjOVOyKN7n0Kgrhjo
-STXTD27mh/2bS8YZ67tZGYh06D6BkQwFvGHYwZ2CJY1u90Sj4DKZCIi+eg10rG/O
-6igS2d2gZI2TtjcU9xlD2wgGEP2+SUNDnrtsG32A2fJa/qwExA//Wepq5jz4JlYP
-hJl6V928gZXy71rpJ2UIBBcmRIkFDVrD19TC/lV1EvVZB2J4Gejw0j0RD/qzf18L
-DWgioO+g8d1XMavtDY/XOqhD6IguHkBmu4knO8pR7GJUPai68EgV5jqBkpxZKU6M
-hIt90gNhamaiyLxtfs+7Kok4lm03Y2fBkoQMGQw57GzVMbnvWImBTVMBJCYXMZAK
-WsBoTbVpGw7U670UQB2efAjAzEb6WinxnKRfkZckbpk5RAoaYvrzV91MqK9q2g9d
-mKJSFBm41XY972EZMHb6EN3GSaWWSx8k/Zw1mQINBFsXB0IBEACa2MgvyiiM6Zc5
-CrbnOowqVE9izKLxb1B6fjnQjDfitUoL3gYcbB4CtdH8fSotVL6Nlo4VAMNa3kJP
-4NOsIrrCVtG2dluaykClDyR9iSxCXFXSQFXatrxk3bFTZL4mvDtF18zdLRm9o7so
-19Rz11CeY0QbIj66aXiuvjRIs0Jo+FmAResH7BGpSXUPIO50keKfbB3aLSPuroOo
-cUrXIyv8MBS0aqWMGUCw20SVVTAwFyFS5poPAj+FWqyLBfjxL/YqAhGk9sspxVWE
-oZm1Nl5lCUpWrV2h4Ut/wuiJCrTlmXVNmdmINDsgFLLIpF2A1fGzTnZUqvtIM/sc
-JoJShmMDMbNUvgrUp0sG7sJi7zdlTEVgwjeAi2EXs5pDVtN1Njl0cazBOqpZPNlT
-XC46SZ3NQFVgRf1ouCvrBt9nvrqE2u72Q+KeWJn4DEcHt7GuigjYG7n4p+YnSLbR
-wf2TmXciDL8TKhAZI4AjhwKywxSzHjHt+uLgbe3NjCwjx+vr+fOEXazs/mJfALyo
-N/os1+pcFxNlawv+n5F5Vu2dPoBEvGJjXfvrIuSTowxqkISeof6/bmVRi2JNS6YB
-MYB8RoRtVlyEiKxgXdJKhXZB2ACIE2fdvYK3b+LRac+Pq0gcUwZcHTwirHpZF929
-EuYUqgBrMhS/1E/pe4eb5S70yXuluQARAQABtCFDaHJpc3RvcGggTS4gQmVja2Vy
-IDxjbWJAcGhwLm5ldD6JAlQEEwEIAD4WIQTLr2nxc6D+pLU39HDWbJWTEYvMtgUC
-WxcHQgIbAwUJB4TOAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDWbJWTEYvM
-tqODD/9eL13izQjTbZ4aW5J0VFV6zkXCmbA08kxy8eASb2nvQ7AdBpcxiOMZZFhV
-0VvaNf98Rv7B6YNYUNqOagCjzfCACQUZvjv3G8mMV+SaMMtZfr4qbfd2UvYfi9px
-FpPoQU+oZ39t7uaaOSSjwhFoAKmcQpxYrz+f0kzQ/QmeX15UzFxmEZnoSP7hkNZP
-KlzC1Qhu+ZjMSG7V1Z5dDSKKv5p0/JDVrNstexCq24V+rSlXTs7ECEmdQjdPkiXm
-K3wo75VZwhUEv8Btzn5n7FyDLV0dNrC334WoueIyDPw53Whq7DcWshqknDFTJ4ZF
-PE5NTPdn8KYdyWjJU+5opPn53VpEGbSgLrvY+wjZhYXdfVCj28fhaSyBHHGMp9I4
-dEZ4HPCbN2YSAI2gjaUoyUyLlnDcEXZLNIR0rr7Ct9gvmKWpBdRuzllhUksv6e1R
-lzUekf7GYJ+6AtKnfeeARsmjIcZjO33s4XBWAkjRuQ/oxtkYuSrXBSXLsOLSlw8U
-9cINKZpNLSx/mTT8N9O1nc646qc+U62My04snMW5frqOG7Snu+Nq5bkl1WqseW1a
-ceqNYuNpRnrwo6v5+qAWzO/J/IE3OLz63T40WDjb4k6ZTYqS6JeO4azxtsmpKHtD
-6mChS5uwsx2y+uGt2QivSv11rYfDlCWw1BlkR51WebacUKmEdrkCDQRbFwdCARAA
-w1s9IysYcuwET/Ct/LwcGoyRk28IrsolDZv0oQloZrvyYBAkKCiWu4Hfw6c2YI5A
-P+30xRqxf/wB/AitpF//Uw55C7I7E9FpZuujDrTMs+B2JE4yRxxakFIMqFYVNsRQ
-KdrJ1YGS3Ve8kqM/vrd7fZUrvH1FM6nX9O7n1/gOB184COv9gPsc7275FmP49fFx
-NjBNd8YgV4rXWRqlSyw9NovzmmkB2ItTxGpXy51rTAT7uaEHftlU7em2LBDj4wjm
-H118O1E7xrTlzhxOcLdJmQdvMgb/KGY7DaWt+hR1vdDvvChgZq8+V+XNDLopQJ63
-xnRWlNXJ0hXhshBnX7Bthc8Dy/b3yFV9eH/dic3KaX8JTo5v78zjYzhNvxmwDmgh
-vaaT9+8nxprEn7S7uDKQbKkpCgf0JRp3MD/bcMPrMHtew1jCprZugtLkm93W02/0
-DXc1hBM+WWAFOAKvGNUnPEEZakoES5gbL331+L0LIO9K9JIadwK4v7XAQJFp55JD
-oNcTwdPwxhITsxCAoYyJrS4ISJGF3lViXH3EeHz6xHLN+1fD0dFlirOIDRCsu5wX
-pXAeBHz4xFxGI4gFws8xeQmqGOLqG+UV7bzqdtF7+vrYTyhQIbg3T1y8Thi2Cef7
-oZO5RJRIU2kOz6sUbAnFg7X+DmRITpdWoNht0xF8f/EAEQEAAYkCPAQYAQgAJhYh
-BMuvafFzoP6ktTf0cNZslZMRi8y2BQJbFwdCAhsMBQkHhM4AAAoJENZslZMRi8y2
-cAcP/jrIdbwgB4hVGpENlT18x3tcGG2Ty2zfvGrPDv6Rf1Og88DuEClMY8GzKyBb
-NrdDrnJXRYCVIzR8UJiknXquMfjTYXGXoKG2PAiBHbFrF5XuI2bpKgz/vN8Wx9M+
-gFmSNxrkbzQlYNyjeEUSBQjpgZHX5ohjF2atLUIBVmBWfqN0exT7dHmdVZt+E4hu
-c0XMmX1qlmbZqMPcj2AnFdF32+x/OR939zOcbXq/S18W39F13T55VsGcO4rjYDI4
-LY1G1oonRPykVQsRFBswEcO5FddhGBEgNd89T2BWOZ9nr2l8NIwpAySrQSf9h45C
-+67jQ5CjrUf9f/A+m/8rih2UF5i5yd+/dcjrTZx9OuJQCw3smVqK25Uk8m5QWZgr
-MNiyqtDslxMz5GOisD1iNKFznNjko3GExCGlzDmAArm0NQHkqJfXEFO86yLAkaAz
-eoSOhDUlbLpLfAU0biJx8RSMK5rHdNETLBHbUY355r76SweGHlu2iAqIxEOEvUXn
-OR4W420uy3DRlQY4MIeRLgNKkFrY3fHDot0h5Srvae74E2osLoWh95JujbbsuMVE
-rrgwO/1hysVjmkdiU2UPkH1FB/iQHzP0FGCu5SQB+7+A2gq2hBSTQztqgPxygrHL
-hbzBVymcn9yJd96JnwVe5d1BrxFlxcfDDG/GBGqVB8MsufmjmQMuBE9mqaARCACF
-SqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvjaDjWi9hcwp4E/
-lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18LMqhc4G+RU+L
-cNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1mTmFT9a0Q8SK
-r+mUrrJkuG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIcqP2yC4nLGR3M
-kubowxoEBYCZet18aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkfcJFADa8MzOL9
-0zOxXwbGfbIZOlh5En8jAQCXlfnx2eQL3BSW/6XANa51dbWiEp1d1BAkpGKtZvlk
-0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN6Zdy2MxL1RRJCFbytLhl0ronC49BsGYV
-GshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVCkhUAhouH6xzZQNLR+RU+QebY
-zXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSNoBeGBKWWLiOsPjvS
-72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xPyc6RsB84sfsk
-2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlDXnHxJ0HI1I/k
-OBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9d5ud4jTJRkQG
-vAP5pg76vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup44Ck6ZTgdlmFY
-MLF1hR47PIZTDKEREuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/+Lp8lQO0GHLP
-B9glVhnC0db6l1Xpg1CMI8/RozBMcij30EgATggC/y2zbiqAFoS9FN9nXPbe4phS
-tqABEyeZ+nXudt7PUYTjVgcrqo8bHZCisBobWC7OnKyUzxVxzUeuPkIfmZuzkLaM
-w2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ5QrdmE0/BbQyU3RhbmlzbGF2
-IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWlsLmNvbT6IegQTEQgA
-IgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQL3lWvF2gS12X
-MwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0MvpnvzOhv9Iufv
-vsZEj3E7i3h+iD5648YMwfTFCij+tCtTdGFuaXNsYXYgTWFseXNoZXYgKFBIUCBr
-ZXkpIDxzdGFzQHBocC5uZXQ+iHoEExEIACIFAk9mqaACGwMGCwkIBwMCBhUIAgkK
-CwQWAgMBAh4BAheAAAoJEC95VrxdoEtdhdsA/1qQb5RZbh6PlIVeHCFFC3fMvy56
-wJ1KC0knhphyZdcGAP9bQFhWGbxylFn7xmnbJ2bpa+0YfzRWwbgmeISoZItQ1bQ1
-U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QHN1Z2FyY3Jt
-LmNvbT6IegQTEQgAIgUCT2aqnQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
-CgkQL3lWvF2gS11roQD/S/f3M7YgChaM8SAt79iAPvLieplUBgYguOJjHc16QA0A
-/Am0mjKmNq3W5P0uA/vB+liCEcMLdcZiOIsNI44eHj5PuQINBE9mqaAQCADfZPMp
-jZkkGZj3BY/7ApoLq4mwqzbh+CpLXwNn20tFNvSXfb8RdeXvVEb7Scx+W9qYpiau
-n2iXJgCVH8fgpZpR856ulT1q6uCG++CXubEvip/eJkZl93/84h04KQJwsgOrAh0O
-m3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTeySBVFdov6L4mepddfjekicKQq
-hL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/PginD11zp+6wtrWCm
-/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4HGRHZdBMJB4r
-HUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05btZ/x01r67dHf
-aMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJARXWUOO72+sSc
-HP8KQmTl1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTikr2bZYukHDQ33
-XBPs4e6MbWKfsa9qaVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHBi9MI16oJIzzB
-PbGl2uoedjwiZ6QeQZnSuOVYZxU2d3lRA8PrtfFN1VSlpEm/VcAvtieHUYWHN0wO
-u+cp3Slr5XJVNjTjJhl28SlinMME54mKAGf2Ldr/dRwXiGEEGBEIAAkFAk9mqaAC
-GwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQPzdfU847tqDK4zJjbmRv5vLLw
-oE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejwmQINBFjxRtoBEADk
-S6+Q7afwYDPFnqJXuyF2ZIvXysDBrpr/xbre4jVeiC/HIELaQedOJqO1V+BgnTRk
-fhor+Yq3mZ1un+6zJIiFcm5Kp7sPZjh15JF96PsA4e2Eh5eCeJzjXHj1nAKXfn5+
-CgpYEyL30r1/ACkmo9TKIiUxIDZRkZvxjY4UKeo+EoJo0ViutV8mvSTgxaz9gzPh
-Z5OJR8zECT8j3T8d+tBD8wWxxmGZ0veOu/MBew1C/BDr8RqTCXDywUbyNuSsdb3a
-5aLuIuLekSJVSCcFwPIje1WrX4FyC42+elOp0SXpjWzdb08NXX4DEY8zVyVXI1Sc
-SpTbslffcFkY60NJhjpP7t856L9vTLRfHIM9BIdSYH/ar5mEQ0vyJbiNfkx5tIMn
-EmnIYbmnjjmcPZDKZ4PyQEUEWF3DqNOOAWhk9HUMFEkANkd1vEcNNQxgD2eOJM6e
-gfUv9KtuAEcRX2iDu3gIyE+55x92VVoEJDu5M+Q6PYGUIMh7nz2gS3lnlpG2vquQ
-pqDS9UogsZ8L4NsukdP2ixRFnD9qaTOemqRYwIptOX6wvrtR7PmWOnnRZ5OcpK5/
-qyK9iCLY7bbHDViBoV0uLEHNPTDHjrALJrqS+dH1glYid/82OvKE3KREjRpMOW83
-nNfQcqkMi9fhH8WUkz6OD6JemvB/s/CwBS2w3+9LAQARAQABtB5TYXJhIEdvbGVt
-b24gPHBvbGxpdGFAcGhwLm5ldD6JAj4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheABQJY/TOeBQkNNFUtAAoJENvbOXRw0SFy1xYP/jQeNv4WUPK3M0Hl
-3EvEnOeODxePysU0khvgnw/mRtQu7BOwRdbB0HWv8Kx0HXL7XI4l2myHRZbd9PrB
-lG4YFYjZqWmqQ9WGlLBxDpSJNeROpTgKjhxA2hOl1xH2Et5kbRcZzpJJ9zuD3rqk
-q80S3u/UAB/QzYfJWKnQBTXi/3psZNAVTRp3/4sEn1kCfEnlNUYPih/NqdXE0frl
-KeITOAmatD2cjYcJlc/ETLil8Sq1nIgiE/++KZalbcXcRSHVZSd/L+fNlMDIh6k9
-pjcE562oiyyMHKed/pAX7o1BqlKqSwxjQoNskpICVFkyMv+P7cIPyOxJa8kaGyyH
-ND+8i1GzvwcPhLYeOWDwmiXBs4Ea8Z7KWxhi19zlxMrEfAcfFIomcRoxfzcnSY3F
-VJYIoEySK/IBiivqeunyeDA2JG1vLSZIV5hNicUihp4hnhX4Z1gElN+C68P49SZs
-eFzxvzwMq5RIUbWVwIh2+Wj51/UrULgoM4qNkgejDLYFyTxbLfXq+Tk91UXdpepB
-HvE9KFVqh4MbIlyx9TAzOizqLdZlnPRwLb3rWBLsv7XbCTeYtp4jVU8Q35hnvGFy
-+GsSROJv04mJW+whyz+zxOEMPiVbVA5um3ZbSj5oou87M9LiJtrUOqNfyyqddLC8
-L5LgwwlYKqP+W6Q4LMf/Whoj3FFCuQINBFjxRtoBEACk8wfJqP03Hz6PX8br3jEU
-llSngdD/28K2C4RVOOr71u4FJRcEMR98SbPnCNIUt4KdedO1DJpYac1XvIaVBbLx
-EcBjRMWNhBgZbxoQzPjFTWHQ/UwHZPiiwQkL55fN1ejBEacDV8B1JwqjcBbii6zI
-tLUV/gxGH7Jce/f7KBM7vWlaP+xHpmd+iPK1swK5wNQzDL83b7NPyj58fqlmh54F
-r+jcpuUjynaYfjtJsgwc4CScdai7FclctLMg8Y8DW7/bkqf1BQy9Dik82IWSN4wg
-VM1eWSGx+PzPlshGH/C8B53U353NcRhjFp3zX31wQhsJrA7Jp+10S3HbXGrr3aVG
-MMq3dqSBGp38iKJUmJ3zyVvby5Mk4+8FFmMk3gVuQE52pW4EOlSVQNQC8yzYsgaG
-/4N0M8DRpbfPhT5wiD/Qcb7MUXTE96dzs/KcyPJju/aq4cJ6DgpbJmM6OZwnx5HY
-wa58RgOwAVBbsxYOa6oS+Fj02eaiUETwfPHtqF9juCcM5D0mcLZRT1I4zK60qPb6
-ZDzuFguXg8hm/djjh2YlDFCNKqCZHktCISTWX5u1cyF5j+UL3fsKcAAcyiHZV9UH
-8tr6v0i0P19Uje2ZHk9utJggYSSM0uyqGhmiyd8su2FqitBltvTo00Kc8sv4AcDm
-Cng8SVO0og1wiJZdiHJI7QARAQABiQIfBBgBAgAJBQJY8UbaAhsMAAoJENvbOXRw
-0SFydu4QALeYG2PPMEOQtMV6jOVT51U0Yo0yl94RJoQCOCCT/JkUyIDczHmtcVAB
-rpitX3tFl4vacJM3uKWKbzbM7qO2+Hd0u6rxO+o8WUGRMZp5IgcbagDOHs0vorVN
-2Yo0Tl8RoqW91MCvlRFA+8snmKjWfTYj8jxbhIUEtVrIU+5LDEgDP+T6PvpaVeXf
-LYItieCsZgib3qPz5mM49jDH84XG5F19kx0QtVGJs7n8FrcAGcQl/iMrm7dRrRuh
-9394ongIum0uld287Zlg9q12iJiir3w04Npy43G12RXq9TD9aRfbMhQ+HB5Dnvf4
-2mfCfGvalSE0rg9mh1KeaiQUXxCzCf1D6a3H50rh1IDn363Wn41/Hr0j4ntVjvEJ
-xs9nUb8qod2HMOPLOFqwxck7ueGaeDN/GZ5zjPdIppYwE3LbCM1ZFLkV+QhFef4z
-Xwml1/AnGGFULgGYorwGCchizhU1wbZVcoUF74MtprnAsuPdFxlw+4yCcFEeYVpM
-DQg/ZfZ28T1GruGHqLJqIVpOum48Ec+fjnHAZAH9dOs/qhBuCLE+5xUoVyP2lwt0
-MaHs5SLmxRKhcV6IWRJKTlZ9YdDXbVv5LisL/qDOTjRj7vOgCPRhklyA0JjFeyTD
-pSeAWXFZnab0nYBPWkxtdxxRruEeQPAYP1vl0O6ABMxRAI6o6zIImQINBF629C4B
-EADl/O47tHfZap6Y3PwfI9/4we/TDwJLqBP8jMz3AH8s5e8rWHIIwXJao1NWFkd4
-VnSSiNEMeffkrNWpyCbjr06NEmmp49GCUpQwhT1DuQu8LhKoePhIGnAIstty1Lbp
-ylSfTEO7fk7SnkYoyPOCiufEXDOLpBx8Gwm/cMNZhFI05XCQSf5+9IjaExihgmdf
-CKchbyvGrUn9Y7eu5PYUtsEu1STasNzq5usSQ6hot3zBbVoPRK8a7TZCDGJqzvqH
-0bIpVHKVKxA8r9kPxTb4jlRPQV81VSe88TgsIzDSeGqOhM5NDTmVN+qr9AYPAdyF
-jemsVjMFEL34dEgM2VBsX87q2hvOkY9c9tTycCcUAEyEYREX5tdfBAFccD/8c9Dc
-K69OOB8dFovJl+qotAeXda39PFQFKCfwYa+y326Y24tM+Jr8GYfsnUa6MA6H3/oN
-CAGps0VZnBVRcjnSzNojPc9dA7OnT74ukFb0zGX6xN5dTCKRW/mLjnlOQEBW5dLK
-Nh2lj9UzG/9KUI4V4fVsEjn8IxtUMhIm7OAsUjGydk8D2CzaPUEGZwXTzDwVH2tC
-ZGocPjZ87R4xDbB27K/4nNWb4ux7mlEwis5taBnoiKiAV7R/Fq0LEJQFoiXRL7tm
-JCgMo8VDg/a3i+GvDWxr3tTHjQtU+KJ1+Tqif3QrJ53dfQARAQABtDhHYWJyaWVs
-IENhcnVzbyAoUmVsZWFzZSBNYW5hZ2VyKSA8Y2FydXNvZ2FicmllbEBwaHAubmV0
-PokCVAQTAQgAPhYhBL/d0oZCgk+BGO93kJtnpcEiKRGPBQJetvQuAhsDBQkHhM4A
-BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJtnpcEiKRGPd2EQAKK3pPDXSMZH
-oAwV0q1VUdMANxbE+7TE9uXFQx6VdDZxlaEWEUFuua41u8zwCh3v6F5OjDrlWwoP
-Rq/c5yWvypUB7ItB7L/uvsOqy6V8PGkH4pHxYCyFThC2OvzKFXGqNrxF70NIAz6N
-ySlQPlu5TK2PrC1MiXMMPciNdfNagSUZQKecMMij4qjRMRypcUZJTEker4CR6HC+
-4UlnBj6UpijKquaGZMAe95oRJLVwCOshLgHjihMe12qwX1njeAQqPQR4KZ7JUeaY
-4M1oymxyuZPlwUtAKSouHQ7s7g3KHaoSIalIaxY9OCxs52H5y2uyFbrqSDVWPh1/
-zgXffmu6hB/oReyDhhcH47+cTgn23cw86d7+Buppbs05g8QcjbWv099IRbVpirKm
-ORT+4qdXjev/w74WZUFXKW7PFhHor6PAUb2zAcurVv4RTIVsRD6wPovUKgkbdJeX
-9vbJrZycgnGT4twL7WSPKivn4BYBIp28/jZzl2OtiSyZf/hrnEqFp8fa4DiW9mRA
-3ExbjfCQqOGMTwLwAkj4m+AhdN55xYQLsj/6pz3AysBRoS1E/vtxSIpRAAmf3Uhh
-MpRkKk0mA5f4MsQqR7JZ2ben9k/GTHeH7qsqzb1k+rEwEY8F91QgsBzT5zO4pPQ1
-rIGTN4CBa7QcJH3fc3i9rYMYAtuVlpCUuQINBF629C4BEADdWtCy2yfnyjSBasMb
-IzTOV+WHcj0DJJDNJjGcy4GTM98gklBcP2W3w+makX6cboHpN/TNpfAUQPHlqNE4
-hQKth3Q/clwX6olnNQxS9GZFYCbUjPHMxOCF9RDjewUcIp9AZDgoZ/jxNCVinb64
-8qOm2ffeWBcjZANxpVMUsqAIWorzxX60qCgVEl0omQZPSs3a0uZO+mZYRO91Xo9U
-uVws/krKo+l+vN4g6k1pZF2lCfBAJ8L/m/Ncz5p438ZwFmMWvx4vrxlsQ4A4T+BJ
-flyUi43BAeSVrdGtVJEil4oM+y5GIm9bNPdZiJEz7DZrbIeXNqKRjKFiXcG2b8qo
-DN1aq5QiJC3Rok4ar4YfOZCpL4INQYnINHdNL5lpcyeDBYZG7dKUy2O4afnvjxd4
-FnsvYp5qm4s+dl2oPD0Gr+6KTotX2/eVr4vwZDGer+Z5o8c0BHvh2heFI2RtXxcF
-adx7LNldg709kAM8/yVdQI9GjRaN+1QFXmyqpHa8TQkUEIOKet9JMBCJkcCU2GPL
-VTVJVUD23VcJGCb3YV47FVwKT6MQYVNtEuanr8TIiP9hYRBx4JuT5qJEml4g4CCO
-xpuLFIKAK3rJbzpsnaUHhikjlOYGdTELb3wb3XEEH1dZJZwk7WEDFf+pTVFxMfS5
-V82kN/wIdCwtF0lfvAfc8/wNBQARAQABiQI8BBgBCAAmFiEEv93ShkKCT4EY73eQ
-m2elwSIpEY8FAl629C4CGwwFCQeEzgAACgkQm2elwSIpEY9frw//SgPRLx3Tzcg5
-PI1P3VLz2Cqi3EEygNHAaQ3L/fjdG31RYowbcPB6coPtt0NF8SbsKYC+ze9hy8Qi
-c66XyMrnHOY/fflq4dcK26ncp5CifYTNuJTIY9mR2j+NqDegLeLpyxRofNGvmJCR
-Y08YfYzkb7Y16UI86vo/vIrEOYu9ck/Vk83rCQYbayzFUK4DjQ+ROgEvyLlBIzh7
-dyDbhthxSadI0bXZQU/WSwfs6EySCDAEVKmRmU4Bfq3oVSLE13ne33VonTCvRijf
-UlPnAVmd73G9+5Q6YfGwpkW/2hpW8uYQVMuisK0lxf1elbMqlonHF87ffQ6tAX7k
-hPlQimIx06MsOI/YJ5a2XR9jTMMlIInCm3PBi28Rkurc2K0stjA/gSC0A/nJ6RoA
-Mg9pG3BJuoIRli004tdXKLXK9Llwi4j2cFhtvMnIcfR8V77zVDQK7w0pj9urmaqP
-1mRWLpGmhS5bUKHCOTxAJMdiuDfsW9MuR7f/DPlzTv7f6QEfsh1jVKWVIG2dHbo5
-uYT3VQPVOdXMhzArnDpdLDdPqDtuq3u3tGU5yJoxehwc4DeS4Q5nHKE+K6ThSaq1
-u+4TjIbyFJIOZ+Enet8GwfPASrD1xepkVBD3B7r8C6+YwBPEElurC4aYQG4eexl3
-RbbnRGir0GxlvcmpWMLo+2IqeVyRrbY=
-=jKsj
+mQINBFjxRtoBEADkS6+Q7afwYDPFnqJXuyF2ZIvXysDBrpr/xbre4jVeiC/HIELa
+QedOJqO1V+BgnTRkfhor+Yq3mZ1un+6zJIiFcm5Kp7sPZjh15JF96PsA4e2Eh5eC
+eJzjXHj1nAKXfn5+CgpYEyL30r1/ACkmo9TKIiUxIDZRkZvxjY4UKeo+EoJo0Viu
+tV8mvSTgxaz9gzPhZ5OJR8zECT8j3T8d+tBD8wWxxmGZ0veOu/MBew1C/BDr8RqT
+CXDywUbyNuSsdb3a5aLuIuLekSJVSCcFwPIje1WrX4FyC42+elOp0SXpjWzdb08N
+XX4DEY8zVyVXI1ScSpTbslffcFkY60NJhjpP7t856L9vTLRfHIM9BIdSYH/ar5mE
+Q0vyJbiNfkx5tIMnEmnIYbmnjjmcPZDKZ4PyQEUEWF3DqNOOAWhk9HUMFEkANkd1
+vEcNNQxgD2eOJM6egfUv9KtuAEcRX2iDu3gIyE+55x92VVoEJDu5M+Q6PYGUIMh7
+nz2gS3lnlpG2vquQpqDS9UogsZ8L4NsukdP2ixRFnD9qaTOemqRYwIptOX6wvrtR
+7PmWOnnRZ5OcpK5/qyK9iCLY7bbHDViBoV0uLEHNPTDHjrALJrqS+dH1glYid/82
+OvKE3KREjRpMOW83nNfQcqkMi9fhH8WUkz6OD6JemvB/s/CwBS2w3+9LAQARAQAB
+tB5TYXJhIEdvbGVtb24gPHBvbGxpdGFAcGhwLm5ldD6JAj4EEwECACgCGwMGCwkI
+BwMCBhUIAgkKCwQWAgMBAh4BAheABQJY/TOeBQkNNFUtAAoJENvbOXRw0SFy1xYP
+/jQeNv4WUPK3M0Hl3EvEnOeODxePysU0khvgnw/mRtQu7BOwRdbB0HWv8Kx0HXL7
+XI4l2myHRZbd9PrBlG4YFYjZqWmqQ9WGlLBxDpSJNeROpTgKjhxA2hOl1xH2Et5k
+bRcZzpJJ9zuD3rqkq80S3u/UAB/QzYfJWKnQBTXi/3psZNAVTRp3/4sEn1kCfEnl
+NUYPih/NqdXE0frlKeITOAmatD2cjYcJlc/ETLil8Sq1nIgiE/++KZalbcXcRSHV
+ZSd/L+fNlMDIh6k9pjcE562oiyyMHKed/pAX7o1BqlKqSwxjQoNskpICVFkyMv+P
+7cIPyOxJa8kaGyyHND+8i1GzvwcPhLYeOWDwmiXBs4Ea8Z7KWxhi19zlxMrEfAcf
+FIomcRoxfzcnSY3FVJYIoEySK/IBiivqeunyeDA2JG1vLSZIV5hNicUihp4hnhX4
+Z1gElN+C68P49SZseFzxvzwMq5RIUbWVwIh2+Wj51/UrULgoM4qNkgejDLYFyTxb
+LfXq+Tk91UXdpepBHvE9KFVqh4MbIlyx9TAzOizqLdZlnPRwLb3rWBLsv7XbCTeY
+tp4jVU8Q35hnvGFy+GsSROJv04mJW+whyz+zxOEMPiVbVA5um3ZbSj5oou87M9Li
+JtrUOqNfyyqddLC8L5LgwwlYKqP+W6Q4LMf/Whoj3FFCuQINBFjxRtoBEACk8wfJ
+qP03Hz6PX8br3jEUllSngdD/28K2C4RVOOr71u4FJRcEMR98SbPnCNIUt4KdedO1
+DJpYac1XvIaVBbLxEcBjRMWNhBgZbxoQzPjFTWHQ/UwHZPiiwQkL55fN1ejBEacD
+V8B1JwqjcBbii6zItLUV/gxGH7Jce/f7KBM7vWlaP+xHpmd+iPK1swK5wNQzDL83
+b7NPyj58fqlmh54Fr+jcpuUjynaYfjtJsgwc4CScdai7FclctLMg8Y8DW7/bkqf1
+BQy9Dik82IWSN4wgVM1eWSGx+PzPlshGH/C8B53U353NcRhjFp3zX31wQhsJrA7J
+p+10S3HbXGrr3aVGMMq3dqSBGp38iKJUmJ3zyVvby5Mk4+8FFmMk3gVuQE52pW4E
+OlSVQNQC8yzYsgaG/4N0M8DRpbfPhT5wiD/Qcb7MUXTE96dzs/KcyPJju/aq4cJ6
+DgpbJmM6OZwnx5HYwa58RgOwAVBbsxYOa6oS+Fj02eaiUETwfPHtqF9juCcM5D0m
+cLZRT1I4zK60qPb6ZDzuFguXg8hm/djjh2YlDFCNKqCZHktCISTWX5u1cyF5j+UL
+3fsKcAAcyiHZV9UH8tr6v0i0P19Uje2ZHk9utJggYSSM0uyqGhmiyd8su2FqitBl
+tvTo00Kc8sv4AcDmCng8SVO0og1wiJZdiHJI7QARAQABiQIfBBgBAgAJBQJY8Uba
+AhsMAAoJENvbOXRw0SFydu4QALeYG2PPMEOQtMV6jOVT51U0Yo0yl94RJoQCOCCT
+/JkUyIDczHmtcVABrpitX3tFl4vacJM3uKWKbzbM7qO2+Hd0u6rxO+o8WUGRMZp5
+IgcbagDOHs0vorVN2Yo0Tl8RoqW91MCvlRFA+8snmKjWfTYj8jxbhIUEtVrIU+5L
+DEgDP+T6PvpaVeXfLYItieCsZgib3qPz5mM49jDH84XG5F19kx0QtVGJs7n8FrcA
+GcQl/iMrm7dRrRuh9394ongIum0uld287Zlg9q12iJiir3w04Npy43G12RXq9TD9
+aRfbMhQ+HB5Dnvf42mfCfGvalSE0rg9mh1KeaiQUXxCzCf1D6a3H50rh1IDn363W
+n41/Hr0j4ntVjvEJxs9nUb8qod2HMOPLOFqwxck7ueGaeDN/GZ5zjPdIppYwE3Lb
+CM1ZFLkV+QhFef4zXwml1/AnGGFULgGYorwGCchizhU1wbZVcoUF74MtprnAsuPd
+Fxlw+4yCcFEeYVpMDQg/ZfZ28T1GruGHqLJqIVpOum48Ec+fjnHAZAH9dOs/qhBu
+CLE+5xUoVyP2lwt0MaHs5SLmxRKhcV6IWRJKTlZ9YdDXbVv5LisL/qDOTjRj7vOg
+CPRhklyA0JjFeyTDpSeAWXFZnab0nYBPWkxtdxxRruEeQPAYP1vl0O6ABMxRAI6o
+6zIImQINBFklYukBEAC9tCSjnoNs3ucOA9RPfKcuK87JD9jdet2UUsw4DHd/Hwmr
+t3T7WKoH1GwRp+ue5+vzXqdFRZ4gG+7tgvUsOtNb5rh22bTBsUIeGsvm/omJntXC
+FQhYcfjtk04p3qtgJ5PGjZahCRYg4aQ2tGp2Mb8auFuFPsHtOHLWQCL7vQShsN9m
+EkEzAQZnn9QYL+IvTQVSKsRy8XcHYZVk2uT2xQY2LvkAucWF0TrjU2LJ2IFdepc0
++jz1xasBR0afT9YccHpQH5w8yOW+9o/n7BiMHfgT0sBMdKCfKVoQrQe0CsFnqc/+
+V4NsnHkyUrbfKiIFm+NOupIMpL6/A+Iky5YpjIIUHPuVL6VAY6wm463WI8FPk+Nt
+Gekm9jqISxirkYWsIEoZtCrycC8N0iUbGq8eLYdC9ewU5dagCdLGwnDvYjOvzH15
+6LTiE/Svrq2q0kBDAa7CTGRlT+2sgD89ol73QtAVUJst99lVHMmIL1cV4HUpvOlT
+JHRdsN6VhlPrw6ue+2vmYsF86bYni6vMH6KJnmiWa1wijYO0wiSphtTXAa0HE/HT
+V+hSb9bCRbyipwdqkEeaj8sKcx9+XyNxVOlUfo8pQZnLRTd61Fvj+sSTSEbo95a5
+gi0WDnyNtiafKEvLxal7VyatbAcCEcLDYAVHffNLg4fm4H35HN0YQpUt+SuVwQAR
+AQABtBpSZW1pIENvbGxldCA8cmVtaUBwaHAubmV0PokCPgQTAQIAKAUCWSVi6QIb
+AwUJDShogAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ3J/40+5a8n9OJQ/9
+HtuZ4BMPMDFGVPUZ9DP0d74DF/QcT0V101TrdIZ92R4up56Dv40djjQZc2W9BmpP
+VFr/v6qdjapdPH5vvmatnQDz/nIOfo1iwPWGzvmKnbDBQ4qJX7Jd6PdD/YorcD+0
+tOQNKLIGE9ZFQnS80iz9iaTGzvQKEQKEMugQSf3kG3NBEGqKQBsTTrBQOUJ3g8w6
+id2/qJtrDRbL9TuCU77Dpx9HUAnjj/Ixlvd4RQDa/BCYzGYJlCyTsaVW3qc7DIh/
+pRadqtswghSETtl6SSo9yHtoYOGTxXO6UikLEE8miOlaOPQrC9hCD+LSGc5QhNLB
+EKes0l79w9kw9qZ9Xfh4pw/hf1N4O3kPHyUg0q9QaX1XKtigjTUcpdf2Kq8LtlB6
+0p40eZE2dV3T11X+rcn33pFSXMeTJeaNKHXoeGcva/gyZVtvi8iJhqtw9QOUkxRD
+vGB+FEUId3Z1yAu7ZAz6qiUCgxK/VJ6/kBb+YYR8K4FHLmNOd5KoiTerKQu423uu
+MYlYfBHpVZ9YuEJQnTEpizFEeOgaixx5RDLnoPsd/x59VS9eaaKotTPbW/rEp7Sv
+bKj0dR5WMfGyd/OJrcWVZy8/Kh5Mc/4KOHD+JGAp0bE113TkEEoTZ8gNHFdLdv52
+V9eXUkeT5IxyThZBkUy6palDM8A5vaf6Eet8xOLy9XG5Ag0EWSVi6QEQAKujAODv
+sdbt5n1dO29Nj5htbmt6M2A7eOjt7yUj4UMtBaGOA08O0DVA8MJkvepMq9AJBXHZ
+Mi9Dycw3rxBHQDqHJJMwghu3RoQw1y5Wym7LiLhoWSU/wK0BrKOULBwh+kS6udKA
+4oWrV/gr0JGmfdL8dZjBF10kHCfCcjcjWtmIp2GRaoOKTlHCviNmRxzyqba7zE0Z
+c2maQ/4w98BI83GqD1bT8gF/5qwSI1hecBwt9oS7EbZ1ZiE8SSE8Gr6OR3p5UNHb
+zqxUWy8W4r3qulCLc6g1LPXP1V59cMxX9jQJ7lSdv0k8C6Lb6t9Wm8G63hNYgRCA
+mNW5EnqieTrx45K9vqoqfQK6Apfy0UoOquiuK7QClT3wBd7kmyKsCfV0bwRA/fV/
+sC1Rniu8PV7CRk9ryudUXycKq33pSkrOfZjFIQhCqdJkVc2MPbAuj2pOMutKwGKR
+q/Mt3O8nEfGqWaJPa36C6dhlPqjEGTIEk5P493DzM7fj5VVIWyUrI8Vm9FslSvzI
+LcONHMtKtRs2cRYA085NKDXGN7i5Am7L7ZONfqVs3V493ICwmALzeSULNLiMtX+E
+SQfdWCS3Hosnjbc6INDg9BRhFt5MEWJ/qchM3g4NQuukqtOYsiEUw8bCzepwJxXp
+lvNYu0yQDxvP+0RzjMozruVz3VoHeyf6rSWvABEBAAGJAiUEGAECAA8FAlklYukC
+GwwFCQ0oaIAACgkQ3J/40+5a8n/8gg//a75gXQ4csiDUTsUndb94EXqraffmMcT5
+oCzfcP+Mecbuv3G8oQZeLRchsW2i4QecnvPwrXAJcF8kJuN/KZLyeh21PWBy55wo
+/2nbwOvQockXpK5yVeuc3DmdTaxDnW9u3QpSwbvkEyoCpeHH6rZ1wjqn8Qi1k7nj
+C4qgXpRrLQdRsS5ULXpf3IM+vaxbQ5avVnNRu5zMA6M/0reL0RSjgMfnk+3AwLCt
+uMiy1aStCe8V7Y60/oauk+IZA1VJlSz2n3675YD7TkTZKkYIYZHTBw3ZPVJo08jd
+RUXtGJjpOyyWVjP7GMKvZuQVWqcFyc8QHHaIPDLkdi7B9YFPWqfwJPBfUXcdzjAX
+I7N4XsSEeMm8S8SC4FKCidioP/A+bamKcONHUuZ+AztvLh24ZTkqzA/sRRYpbMGU
+QzpcDbastuXG66s3e9pJa0R14011A4bofy6Ureh9q6TQNOkNegUUdjbGSd1bfNId
+QXRH0+LBV1oaY//v+aBjswy4hJ5oXmQj5jQKFitRCP9jzueyDdMJZ0j0Hhh4ItCz
+FV5zIKtWiy7pRp1DXq9LjoyWeeLfKu+HrEGjMwyTGJiMjcL7oCHeiV/a+fY92wpU
+rY1/mRVLqKqDIA6/iEL2DVf21U7rXY26xxvf4QFImZaYLwKQYLe8TOOjDA/I9bR1
+JJmh54yw10CZAg0EYIdBNgEQALohT1pcSlW4sk0DNfAvur1W3U+TEkevuQnKdSD/
+chKs50nLYRuiVrsZsR28tnr2j41uwvm+Y6ZPYAPSkQZ8yAT0pYnXbaIR83iGtZOH
+P6wdxV39Mpf0T3yD4dOmgka1hynqNjEbRhE/t2fXNKf0JrBUmkyyhLYbQlkH+raU
+gQug9EsyOJxEMER9qZM+Le/JiK5/i+8JxhjPcAQxiKu3l/usGtU6zcVUGjMSqs3Z
+89Fa8WBOeGxDwwSKrn8MyyfEWrbCCF4Ao8gBeFmIkWgoeyumIAA0SYZkFjaltbTm
+sFjVmYmmLXIKtKTnzZx0+jYJr42s0Q8n2ymgSKcC0Cmn+iuKslhuMpWJaqaHuZhj
+K/80BArAYETW6ne1IZWPSsobd/2x4u9iwCkd/SWERA3/KnML6lgOVJfNbFxDxuJ+
+LFvpe6VoSAHlc4fC6+lMroeg011kzjgWX4H94Bdp5svpWHQ/UQ3/YMGvgUY1vy+V
+d28bGzuslsnz5o2Zh40h2Dmpti5s2w7Z9TvLD2RMM1N6PrdCXVrQx3bB9nN7x1nL
+osn+0v/8gfck93SO9PXLQtUgqhhWsh+/TrOiVWmWqLvbN95zWSnDRVHp1P8vKEGX
+I26aokxEd1mVfilQKnHv2k6ieMc1M26GM48uXNqLSihYG2WgNl80agVFU00m/+Ea
+9Uz7ABEBAAG0G0JlbiBSYW1zZXkgPHJhbXNleUBwaHAubmV0PokCVAQTAQgAPgIb
+AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBDm2QTQ9jBBLKxRtw/nDncC5aYVE
+BQJihlmDBQkInT24AAoJEPnDncC5aYVE9GUP/R/QmyOxYIXhjOJGkF7wsKznajRW
+u00xRbbTofNroJcjcActcdd4KZjBTQukQLe+ywDq9q0yGs8qdvNVdoREnwkK7sfI
+c/umJhTmWdboljw07x+NPzn71xLsi8xDT113KlSegPSL6tfkSDqnv4KrHQJb4HYJ
+ex9whcnzW/KR015biH6DifHQfTRw4XqhecneiNCfdaNMTRb1DP4USrJAFIlIK8zw
+guJP0iYnKSeInWBAHgroUcrLucUAdBfoQdARHQonlklQ2y1qxh1m4qitH0MeUK6z
+XoTYAEgVMYJIN26gFaMoBRd19/1WH8p2h2IcecsaCFBPWpI1jbvz9h876cLC6N9h
+hZPZFfsZ4BBe4Iw53eEhlgBdm5aa6SRobthKI8q89DoKuw5ok/tEK/WY9QFzkTDh
+iQHdyfubopjVVpakaNYmJMF6SNlu7BfLv5yc/pHr7z5BA64WKUd4AJKWEtN7nu2L
+Al4jthv23UnJ8x1y0e/ZM1m5r9/leRQz4uFqXEBa8Y0/Ipp8OBnQWNajmOHqO44E
+4/BOXr09FYm12iC5L2V8TxL6HgU+nLRetgssFIWRr9NXhelITdfKOii6qrbLP6uQ
+rjFXnLnLqgKB72gSXCYdHLEnwtskkqKXtB4jzYm2OPh0TstfNRdjaS3wepurzSp4
+UmP42igZx4cGzNp8uQINBGCHQTYBEADY0/Oat2b8EDcNSKPJNdyrQlDQ+N2fyTbq
+1XPThTe5f3nRT1jepYqfsi/i4/6rza2AMvyxPO7AQSsHYlBYHxccqCH2Q90jCTu7
+iUJyU65Kx3aZC3U7VE4+jl81W5/b5qqjvZNRxLgDZDnvO7hBFh7b+jj7x1ABsHdw
+q+zXjmg2mJCBsD4ba5jQaPr+nirvhr/Y744mGpaVWRlg7d/LhL73GRy546DgCVej
+gd56vMsi2HBy2BKtjxIr2nd2yJn12+A5yenuagOVpye8F5Dy7ULFJ6iYe1/NpoVn
+yipv3m0hE4C0x1vIw8tiXR85cb0aGuYgjOgEyLCE9INmMQ0ZZd1JqZwK2IyWiy0n
+DNVJXqkzc3YjYZcrYiBb8dV7kvAf0E+UniIYTYtBU2rOWBM3aTT47Jh6ftss/tQ4
+e0HLeHZpvpWwJtkPHb1jGD/08icZH4XyVxIlEMhziuAZdBDTr7v7xSmqPrw49afW
+iXfROV01j94tFdvF48wDOIb3qIBBbsNddqMvHPTShq2wMHlnylVFM/0CJn/yxezB
+cuQfRVWeHg7lbzSt0HD29fBz7MlxoOSesmJCN+swoSy4nZ1nhWNHEaRh32Vn2H2q
+4ya0rZFEHk2fS6WWBMTh7cjinmklQVxAhB99d+EYCZ4SHu74Ats4LvAsdJwe5I9b
+lOIrYecwNwARAQABiQI8BBgBCAAmAhsMFiEEObZBND2MEEsrFG3D+cOdwLlphUQF
+AmKGWbwFCQidq28ACgkQ+cOdwLlphURJshAAkIdJ2xM7MV8PGs+eN2O0/BYpiCfO
+Oc42fwAiqYQzr9WT3FtB6oSh6ybaN+RRgIke1WC9HxIvjxXWatJnbs1U3iyjBmyH
+vMBxOCxsIm7hyyLI/QB7wB7sdRb4ZeObUeyXOoAKWilj3r2vOTuC+K9+W+uW5Hj2
+H2tnUKOva9F8RjokSkMiCpCVoGT1YWsWwKALcnQBio/GCyzARTCQ2uXHpHyAOdNr
+ohJBJWD2qT30Fk/jnOGCbw0FVb+eX5854zosi8xPWFUHrUmzQzFwoeq1ysg95Fp5
+LwCtorI0ilZlCngFL1ij0OA7IkpZWZfCRYrne26JeMmTXSA9CEy8U8Yhh8Z36JPo
+iff9sE08Dd3vmZAxhijjp0p7H0YpCu5qCG6ACIUKgoqwHV7bjkQ6+Znqs02Qi8wG
++gMVOE6gmiw/SpIHE8EJMrtp3AOqC8hWdnqtJ8Mv1aTlfkLn7fXmeWy0Q+uzJXLA
+qnB3hZINXT5lI1jxjjydU7YlQiPHKGnJ/biBq+EwMcVQ3UirtjK2RvnFIdqcoChl
+ufsPyEo99VrB6yL+tEbxbSgNOwTNWEuVZ03LVPH+Wr1sjp/Ao/TexcLJuPgvjVkH
+xqMNnJL2kUnMvYnexp1vmocSL/bqr0Ghg5kqMl+rq/hwl/6JliC5ruBIp41Fg7D0
+Hwt0DeJiahaJT/6ZAg0EYGWinQEQAMQJ6RQqrrZgYJ6SIfzJPsC3zFd00C/UxLQo
+aaiAQHEPnEQgjnAPqkvspSE7MpmyAohbUzXVnDO+ycxznIkLz0yYjs/m1qVB6hTM
+w/PlD10ELoA6m3om/2E1vQQI78U3w3evBgVlGLzBIXWKLX7ZsBSm4xoPmD9mmisM
+sM0xhqQzVuGm0I81gvKkIlWHPB+TqUWBpvDwmIdCRuGis7810OBKaMmTQ/rdhg1T
+YZInZPfjeuW+oZ8Lqs4w3cfmyuDbbKQN8b1Qd2d9lJwkudI6KhIyH7uU0F1GeHIg
+i9hZJZZcnlDiqtcHZ5YYEUHEzD6rPAL0LoUFpS6dP4DFch8R4oBpW8XTjg2BzfwZ
+RCv1IuIgd6HhEUcuWj5QGMi6huCF/2WVDEoGs/K32Kyh+1Jg4OOOpuLP0/YqvsRO
+AMbdY80xppR2yMMtpTJPhs5aCykZ8ffHKEsh4VGvi+xFIwuOGElqXoALFPas8N+D
+5jXnJQR1/2zekei9YiM6jDXps0SIChBL6vG05cua6X5K+71YHHlDoUubb+tjiIHy
+FYtzEe1PPMiLl6XtAdqllLqUQvy+McHgdqNOIU+FxbWDWjDtZ5hlDdZ+sIlz3esG
+wl/zQQMdRdTsjcNuElOdl2pMmLlA8CvhJM+IkHVsIHponLtBqN0Ibrw+Sh1kX0sE
+cjkfrDSJABEBAAG0KFBhdHJpY2sgQWxsYWVydCA8cGF0cmlja2FsbGFlcnRAcGhw
+Lm5ldD6JAmUEEwEIADgWIQTx9pIjj7wWZuWlzNQZn53+9v+6/QUCYGWinQIbAwUL
+CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAhCRAZn53+9v+6/RYhBPH2kiOPvBZm5aXM
+1Bmfnf72/7r9wugQAJuMXAsnTk2m4Esda1R66IaOx3hms49hTtoJ3XTkOP0z/Y89
+66mJ0Zp/tjhof74jRwN+Eo9R0Vc4WpuXdL6ZaOm6alc4hYsT+13bO1hNEXFP70OF
+3sithHac8wShdeutBdXGW/DcR8m7CXOsNWdQAlbYnCb3gt2zTp4DTrxmYVP4YptB
+sQBQtaTqHlO0K0UGoHEkqk5PbbOeuUvvBAyeSEvislOxeSCQakBXFVROKojd90Qb
+i6XFlNvZWzPgBHsrVRKuopgiNqfNAKz/n5ruhZcI4SKdni7zmv9CLiBO8P/qqzta
+9Wv52z669MgPRMfODJr7Q9pG6AZCAm99oKCUStX/adKGBnfu0mx/v0bIyK7YSWp/
+8l4ioiulBs04xeZ1S9T6nMEGry8k2qlErcGI59DAR08aOAbKs/42W70Eoxepx8pw
+S8KSyCfTCuF78bDdxXv3uutYb+A1AiHspu+esjJscgcXNRPYruQFBDUQ0aUzVrns
+bePX6i1ZXYkPUTSRs6Hu9K8sJQ+mr5dTEae28szDxfN9mPqlNGbsKc21CsXwOJhU
+IgU6a32gtZ7xq4g/A9DYHY1jSPhKi2q5JMbckQ2qzrl17zXhVISEcPTebQ0Qcu3Y
+S24+k/mAqIGCrlSnFtLOf6MPTtL8JpeW9fiuys2spb/pHhqmlCevbda8CUtLuQIN
+BGBlop0BEADLZJnHlI7dfEQ+thWKLLdLpd0MZBOugCqWjYdUfL89OY60W2C3Lrzg
+fewjiNLxBzwvqmgEYyQURtlV7o04LJVtyO1B2b7ZQYQoC6gu+KV5z+8w1EOs6G+M
+INda/QydjQk8ymChggGdHtWtGzTZ5K1js+e8wJgkF00n9YCxkkz+jJCK1L7w73vt
+YvS0qYea1UVxmGG+cBsfQ9GbweRl6TvSjlmLtl7m6h1cpGDQrnyyp/yrfONLby1t
+Q32lMhfH09XAPHpJWCfhv9dovgHHtb4Kroaj82UAZz2Je2Rn7SJiACLvezWEFTZM
+WClntlHqHIVtmasntzhzzgK6E1IH67DgWR3m82noLpmbYlHAOLmNBsOYRGdfOQG2
+8L25P3HrWV9APikwdPHg4/0tKLgNzhB6yO6dj5Hs/YRsJD0Jn9X+cCNasP5VTLOF
+sZD4J1i8jT8brlf/f367qOte3aFAPQq7OFYPvpFY/c0J0D6eb3FHCxfejVQL4YV4
+bg3HOUGynUeBGwHgyQJw/LY0LdCejokylQZr7Dj8H4l3b6x85UhJSKRoIin+c8aX
+iI7/2CJbFDAIv3sovyMsAhS+GyntxIpYmoAl0jrqRCr6CWCaFl1Tjh3xrJ+pRCSk
+TVq9OASHUqAb532B3Tt+DJzwrlf4qtQDFz7o7lPGXMnxYLW/KEa7QQARAQABiQJN
+BBgBCAAgFiEE8faSI4+8FmblpczUGZ+d/vb/uv0FAmBlop0CGwwAIQkQGZ+d/vb/
+uv0WIQTx9pIjj7wWZuWlzNQZn53+9v+6/ccvD/0RXb7doLc6YilekZcEqtvvCrgo
+/ZDbda1tjRbpQGyLy9J9whIdD7G7lSoGILSd8U18gCL7PZq96tGq75CDy89u0vI+
+IQ1WemRlfrBZb5qkSOGO2Yr/VYVxxjZbtYiM44aJyrehhA3MCvwzyP27iclH7N0X
+sXgJOF1p3AVEfuXHhAVSbR3tkLPe7osXKyDUgUCuvJIPLSglCqPHsm95Xch8PpUX
+JRemPpFnsPIlqDKu/vfIrDMZtnEFBog/afjA6sqmC8X2BTKF6Tiv8KKy0divkwsm
+dAq+We0vkkIMq1PMc2UkDLv8DujpF4TXMvBXO3AWoKPDNt6L7zMUdymto5TIIA9W
+sIbn+aGTfbfSflJlhlzJ53nyzl/x9ukFabwp7jjF6Vyh7KYMQE6ob16JWTo+AZY3
+mvKoUXw6jwGonaBjNkuR9Em/IyjXDx0tiKKaNPdVh8Tg8pcGNt3ssroEKWqLrUjW
+lrso/+QPeH2Gl5+NjQYSIcQOcYo/MGuiikA9GJu088+IgJ8bmTiFgMuq/ZLAuQ6g
+kpZBQXAN2hVIkV6H5IJwp8lbyf8GG0qBCk9Va03+PZjhZLu/fb9EzVmhyX95cENY
+NUE7QXQplsJZqchsBbjgQE38DWiZKT7uyRhZUCUD3h9ZIsYo63NrQNoA+xkz9tub
++4cXQV6iJi/GqeBTcpkCDQRc/6jxARAA6399os7LWW0t8VwhEmjSj+1L14Ryh81Q
+PEM15P1DrUXagxeLu7FGmecm7r3/0CA3m6szhpIv9qZ8ifk1KZPYkKQUeFxJvfrt
+RfcfDew1Ynp4ansl4+jARv06GdOwkG7EiyVktSPyf0hGqLayeQhmqDl2cxPJuPO8
+JOSDISgk33rU94/QBWA2RRLSJtB3MZupY9Z6RvYMswyRbcYKWQlqZ09iZ4IDqeeO
+pl/YuIWECl/99bpEEoqFD9tNlpaY+mDy2ihT6RWe+4uefbSWfFEjxpGd+x1ccCKK
+qViYggEl0bw+S60RaS+5xEOG9wnuRrVRnVe9EbTYw2+xMdDsBaFl0qvLPY/66Bfe
+D+iZpA/dN2BrsOLLWk7CJ9yCgoHxL185GMLbQNy687bCeVUGDIBF56OKzGBA7bJi
+W6Z+XVkVX16li908TBnLy6DItYIqYFmSgGCAYviAmsq1v/dVOddpdAzDW4RfH5Fr
+BNopYM92FswF8NtDN+VstwWAUQA2IDX3fYwPimIV+xG8ebgVALy7nWkAdsFGPoZk
+UJa+x5Ln8WUOF37kMbNthd/uBelyeDZ2MU6/Eb+z54GOWijnw2l7bnlTysatJ88l
+0dezmN0OQ8Yn3SaDjMKNVs+kifqVlAhSip3/eIA4/3P3Bp/RWtakzN9nV/fUVWgc
+6hu6FzM6ozcAEQEAAbQlRGVyaWNrIFJldGhhbnMgPGdwZ0BkZXJpY2tyZXRoYW5z
+Lm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6l5AhsDBQkS
+zAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMSNQUP/2me0vxA
+BXrqn9uUr/09Cz+HWio7W3b901alD1amIKS4W8cKs1vNe5qHEQKH5Nd/LlYKuyKu
+agKWKrfLG7dguNAEVCya3zUqFiT71yh7BD8SvvUUTqgpTet4fHW8sr+rIYgvrXUV
+Prb4U5DvzVfMOBBO1QBFM1ZS6J7A8EeVmmyysYc36CPoYb/CB6yMe7G1pnE9tqoo
+A4hiHwfrb3t9TeSzKIbKTcuHtGgaxIosp/e3/eFZUi0zPVAQKLBA1rnUHejVb9cA
+RZQSIFpLBbUaGGBJSjNualoQOWPnHCuTy9yF6++B4ToLWLB5r9nQu70cdod21tLt
+p2BMpryKikpN6OIq5Kpj62uAGDu5b/lhhbQV5tp5gxabhIyfoCnLC6JMHwVsppIG
+1XsDtcM4IaFl3bl5Ol0+G0vuNru21e9ydGMHR153hPl5fszWCkWQhHXw728+vIZX
+4KI3uLbpJLDHWY8QGrwGpqPMcqObcepkskejpKZX2JtycoiOlntuMWfLLmL7S+Om
+YnFkOy8G0TctD45wLlfWtJDzRr2p7TDYcQ3oHf0OQMHAQ4qUJXLYyxlPja4PWiMV
+x5I9hLtXfJ4krKK/FJQDccFegBR8vhQVoQ0WFot/Vzo1qu488f0w0tAJDf16+w8W
+FhYnIbwfndGMgfu/nkAZ/NAkD/bAul9NGKBctCVEZXJpY2sgUmV0aGFucyAoUEhQ
+KSA8ZGVyaWNrQHBocC5uZXQ+iQJUBBMBCgA+FiEEWlKIB4H3VWCL+BX8kQ3rRvU+
+oxIFAlz/qWkCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkQ3r
+RvU+oxJxzhAAx8TGL+IaTYEzEICUk2wBTISoSMuoF5eZU4x3ZviA6yWG1OLn98uL
+eCGjGCMFp1/OFGZfCe/QAVj7/eBZzPnvVj7JkUrPt4EpU0XOpVan9cVh9Yzds62H
+Q19WRJOnMYO7xzZcempmUsZ5oAGivRsJ42UhvHi409T/ZpRdyOtiWXmdBXIRK9G3
+OuLBhchvFIhAbjfYbFD+gVzdGThU6xHXAfnLoFuyzYIpXzgrDYdmfkskLmTd4meK
+oFVwcBnPWXxUJz1HNxPCI/dY8DUmWjqnb4qBU+JnLq16UmvEG2TdxpKivcoJH5la
+IVnAEa2A3answ7WU5yF7n5b9PH9xFsPJpcUc7+rc2F3D6eY8WY+tSSzyKxuRYF7h
+FeRifwSSjOMDp50kgUR2f/5gGRD8rDSKTtGq9pVDXtIPt2xEnY/SH6O8Mmusmk8/
+bS61t6HPjEZBGOO9LrYbVBcHCZAHRzWuFTIadyh+q330fXlCYHaHAZiN55TEDocj
+1XxlhiLcyRGwDtMnc2IOjJUjyxAXwFwVqVOGCFtop33tj4TCKmMD+NSeLWmCmDLj
+81t4r9+O2A2A8AhEMBCC7m9N6DlDdGMeOyzdDTUTp9cdbnLRc2qJNk8Q3C4/FI82
+SoJtOE0buvA9Jfz5GEU+V/ZEuMj+YYRCz6t3iFISCjxWlUTIH5Gw5A20KERlcmlj
+ayBSZXRoYW5zIDxkZXJpY2tAZGVyaWNrcmV0aGFucy5ubD6JAlQEEwEKAD4WIQRa
+UogHgfdVYIv4FfyRDetG9T6jEgUCXP+o8QIbAwUJEswDAAULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCRDetG9T6jEo2yD/9PNspNKjiGq0u7CBxY4XrFXYNzGVUJ
+UQxnCZk5o+K1zpU5VCV8XjXBrehwSe/17hAakl+5j+qFt/prORPHdXPyKyI+SM/O
+muc+1AjOU3OPApwrpX0AsYMdDi5BtpXiJ8RGBNEsKJN+hCikpNkUXVlbluvcytCX
+/je4TbnJdRFFSJCdP1YXAzrVbXCVFWgTU5g5SwPEpDxs9Qzvgg35PG/U5QiFSTCN
+CokT1Hdf+S2a+h5nxSnqm2Vn80NyNBy9y4kBBCkU18NzR96cWxiccshR8qS+7Tg1
+EIBFFnheZkR2MQukfxCHliX40pGipyHE5Kf8huYgNRiHsfdYIfzYQx8lfvwRNq38
+QrMihIfcBZfl6z096J6Aj6XiA5VqcKDdD0gVw77KCkRyzBtGt6kSqStF9JYE9RjB
+b375qPsvCVhW/alpScnRtJzVytDT9xeqe5F0V6/GhNvnlgBo3I2p+33gDb5TQOFw
+oidV46lXlAYo0sAbXJPw9ZZrHE661HQ9T5CLtJ+cadITX3638Sc6XcsdbD+upU2V
+1piQ9gUvgCNdYGjcYMXTfe4l7x+6pthE0lb7u+q/nyzTozez0xoCWygMJlETQXKn
+s6EnhMi3phAuUnhso3fWAvwtOgHW9QaL+rx5npad3wGyRo9xqTmrE/El8FgALXY2
+XfggH/zQhIwNIbQxRGVyaWNrIFJldGhhbnMgKEdpdEh1YikgPGdpdGh1YkBkZXJp
+Y2tyZXRoYW5zLm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc
+/6lWAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMS
+jWUQALGWNAhYnuTTAIoKtwPsDab6kJV3TcBaiD5ezXXYX1WFEKMuLenYkCIzRuWO
+FkZR8Rr8iJj7viCPWV5bniicsKNq4Af8YIXq8Qnam30gSkHo+jGpzZYnDdFDajYa
+x7wVKMxUmPsC6RhfEk0JAFXhoqrFOrsuUw+bBC4LOvFzdufmS8klJq4krpYf1kp5
+CW6/DL38YRrmhq5djyiuA8iJPtylxcR+tXSmyGtgltCiHS4EdOOyG0hOsfkHPqIK
+d5Tb7J+pMGimCp/9YV1NINbFpWIG3pF6sopMLU5YHh0Wq7SgfDVmkuPxUaEChTVz
+S9y6k3DwhW7ZRpcSx9hDRwaHFw/eTuSdNH/7CpXKr0o/+zuvq+gpAHbPH1GfikoN
+B87lSdfUdM95QTveQjS+6IFbQR/5pCEAraZ97EP02A2o45nn2bV/gOvZRqqPuJZQ
+8rJ0ryqfxRWj/cRKrtt+k/n0dKQXJt/0g5s+IVgIHHoe5htzsXyjvxfpSL+vut8Y
+ftr8lyCzGqFUZaX5zpsgwpy4FMf93ttPYiQuG/pVD4dSxc347xL03rB+0F6YIv6S
+DKuA9Yy9bj2xRuJb5WmAlb67qwE7urGvgAkMXs3deVMWJ1oH5KB1t15mOU3Gund/
+q3WO21GQj7leALl4cV+oDXI+3z1idIMEWQWaoY2pT7PnUw5ruQINBFz/qPEBEACw
+WHa7KtEtx2KKghel9yLwLx44LRnuKWLjGNrHqjIy6RSWBcOKVUnewtlzr8ugAAE3
+qMXtGd3vCLpEtqDJ4RghBrV9YVLArr9ba4clmSgr1iDKZE4xjR71rkwEcrQA9Iqa
+faOQmTzj/MJoErYONat57CfArQs+Sd4SYJyLTZ+6HdSZVyM5tDooookToZaq/FHQ
+1gKtQVuIkM7229JaVo+4xQn8N+nQCsKvbl/9ATxXoxzsf2UxDsOOW+Mi9qAmSDdD
+pGIsWkFmvZnRPPnLXRkQiCcq703Zt/A5ake4JPLV3ZVvvzhvA37Qz8YE8Pud+jTL
+bvZ6eKh/X3XYkUGjtbDUPfY61HTbiLKcDYmEbtD9bPa9gePhNPXVcpVKd+r9UQJA
++Oskt5zbNnOx1JCNIHKJ8s2ll62G4BcS76BnPSzCtGuDnW01xPj8Q5qEHwBcpKvW
+j4sRx6DSxhieeMm3FZ2ScCarz2vNY3smDJSc2lOWYlFgQwwzqAsxqA7Lb5VmYuSR
+KKEWB8XnQ2rcoAaUuCm8qU/zfa/yn97eZa9VKMMX9X7tcMAuYRD0fEmS9zjeX64h
+/+tZdQnUq2Jtthz4qInNs/lSSYhCTC5H9FZ9hFe5X7LiYnTws5o6TXejtXxItaYF
+/4Ltdsq/bT5gI/PNqP++iTQFjLDUUoG5S3U8/631+QARAQABiQI8BBgBCgAmFiEE
+WlKIB4H3VWCL+BX8kQ3rRvU+oxIFAlz/qPECGwwFCRLMAwAACgkQkQ3rRvU+oxIW
+mg/8CHGV74oqKrNf0ruUaHWfm1Lk++/CAp6uSZeMOkJST/4Nl5f2O3aPA7XVk4da
+vvHA3IrS053LM7xUUb0FnarKMlKg//3f6Jtvavege6zfG3qj/s6fS/8EgoZkS3sy
+wGHYzy299sgZKx7eF/pkVj/olgDQ/MpkM5scpDhY1rHjvhcR8sLM8O5DkOfyTaEi
+RuphMRF9G21pu3kIPf4C/4tMN0TmNBzd+9L6n4iQooVsxzAohjlIQl6DjnGM5U7I
+o3ufQqCuGOhJNdMPbuaH/ZtLxhnru1kZiHToPoGRDAW8YdjBnYIljW73RKPgMpkI
+iL56DXSsb87qKBLZ3aBkjZO2NxT3GUPbCAYQ/b5JQ0Oeu2wbfYDZ8lr+rATED/9Z
+6mrmPPgmVg+EmXpX3byBlfLvWuknZQgEFyZEiQUNWsPX1ML+VXUS9VkHYngZ6PDS
+PREP+rN/XwsNaCKg76Dx3Vcxq+0Nj9c6qEPoiC4eQGa7iSc7ylHsYlQ9qLrwSBXm
+OoGSnFkpToyEi33SA2FqZqLIvG1+z7sqiTiWbTdjZ8GShAwZDDnsbNUxue9YiYFN
+UwEkJhcxkApawGhNtWkbDtTrvRRAHZ58CMDMRvpaKfGcpF+RlyRumTlEChpi+vNX
+3Uyor2raD12YolIUGbjVdj3vYRkwdvoQ3cZJpZZLHyT9nDWZAg0EWxcHQgEQAJrY
+yC/KKIzplzkKtuc6jCpUT2LMovFvUHp+OdCMN+K1SgveBhxsHgK10fx9Ki1Uvo2W
+jhUAw1reQk/g06wiusJW0bZ2W5rKQKUPJH2JLEJcVdJAVdq2vGTdsVNkvia8O0XX
+zN0tGb2juyjX1HPXUJ5jRBsiPrppeK6+NEizQmj4WYBF6wfsEalJdQ8g7nSR4p9s
+HdotI+6ug6hxStcjK/wwFLRqpYwZQLDbRJVVMDAXIVLmmg8CP4VarIsF+PEv9ioC
+EaT2yynFVYShmbU2XmUJSlatXaHhS3/C6IkKtOWZdU2Z2Yg0OyAUssikXYDV8bNO
+dlSq+0gz+xwmglKGYwMxs1S+CtSnSwbuwmLvN2VMRWDCN4CLYRezmkNW03U2OXRx
+rME6qlk82VNcLjpJnc1AVWBF/Wi4K+sG32e+uoTa7vZD4p5YmfgMRwe3sa6KCNgb
+ufin5idIttHB/ZOZdyIMvxMqEBkjgCOHArLDFLMeMe364uBt7c2MLCPH6+v584Rd
+rOz+Yl8AvKg3+izX6lwXE2VrC/6fkXlW7Z0+gES8YmNd++si5JOjDGqQhJ6h/r9u
+ZVGLYk1LpgExgHxGhG1WXISIrGBd0kqFdkHYAIgTZ929grdv4tFpz4+rSBxTBlwd
+PCKselkX3b0S5hSqAGsyFL/UT+l7h5vlLvTJe6W5ABEBAAG0IUNocmlzdG9waCBN
+LiBCZWNrZXIgPGNtYkBwaHAubmV0PokCVAQTAQgAPhYhBMuvafFzoP6ktTf0cNZs
+lZMRi8y2BQJbFwdCAhsDBQkHhM4ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
+ENZslZMRi8y2o4MP/14vXeLNCNNtnhpbknRUVXrORcKZsDTyTHLx4BJvae9DsB0G
+lzGI4xlkWFXRW9o1/3xG/sHpg1hQ2o5qAKPN8IAJBRm+O/cbyYxX5Jowy1l+vipt
+93ZS9h+L2nEWk+hBT6hnf23u5po5JKPCEWgAqZxCnFivP5/STND9CZ5fXlTMXGYR
+mehI/uGQ1k8qXMLVCG75mMxIbtXVnl0NIoq/mnT8kNWs2y17EKrbhX6tKVdOzsQI
+SZ1CN0+SJeYrfCjvlVnCFQS/wG3OfmfsXIMtXR02sLffhai54jIM/DndaGrsNxay
+GqScMVMnhkU8Tk1M92fwph3JaMlT7mik+fndWkQZtKAuu9j7CNmFhd19UKPbx+Fp
+LIEccYyn0jh0Rngc8Js3ZhIAjaCNpSjJTIuWcNwRdks0hHSuvsK32C+YpakF1G7O
+WWFSSy/p7VGXNR6R/sZgn7oC0qd954BGyaMhxmM7fezhcFYCSNG5D+jG2Ri5KtcF
+Jcuw4tKXDxT1wg0pmk0tLH+ZNPw307Wdzrjqpz5TrYzLTiycxbl+uo4btKe742rl
+uSXVaqx5bVpx6o1i42lGevCjq/n6oBbM78n8gTc4vPrdPjRYONviTplNipLol47h
+rPG2yakoe0PqYKFLm7CzHbL64a3ZCK9K/XWth8OUJbDUGWRHnVZ5tpxQqYR2mQMu
+BE9mqaARCACFSqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvja
+DjWi9hcwp4E/lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18
+LMqhc4G+RU+LcNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1
+mTmFT9a0Q8SKr+mUrrJkuG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIc
+qP2yC4nLGR3MkubowxoEBYCZet18aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkf
+cJFADa8MzOL90zOxXwbGfbIZOlh5En8jAQCXlfnx2eQL3BSW/6XANa51dbWiEp1d
+1BAkpGKtZvlk0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN6Zdy2MxL1RRJCFbytLhl
+0ronC49BsGYVGshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVCkhUAhouH6xzZ
+QNLR+RU+QebYzXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSNoBeG
+BKWWLiOsPjvS72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xP
+yc6RsB84sfsk2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlD
+XnHxJ0HI1I/kOBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9
+d5ud4jTJRkQGvAP5pg76vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup4
+4Ck6ZTgdlmFYMLF1hR47PIZTDKEREuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/
++Lp8lQO0GHLPB9glVhnC0db6l1Xpg1CMI8/RozBMcij30EgATggC/y2zbiqAFoS9
+FN9nXPbe4phStqABEyeZ+nXudt7PUYTjVgcrqo8bHZCisBobWC7OnKyUzxVxzUeu
+PkIfmZuzkLaMw2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ5QrdmE0/BbQy
+U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWlsLmNv
+bT6IegQTEQgAIgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
+L3lWvF2gS12XMwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0Mv
+pnvzOhv9IufvvsZEj3E7i3h+iD5648YMwfTFCij+tCtTdGFuaXNsYXYgTWFseXNo
+ZXYgKFBIUCBrZXkpIDxzdGFzQHBocC5uZXQ+iHoEExEIACIFAk9mqaACGwMGCwkI
+BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEC95VrxdoEtdhdsA/1qQb5RZbh6PlIVe
+HCFFC3fMvy56wJ1KC0knhphyZdcGAP9bQFhWGbxylFn7xmnbJ2bpa+0YfzRWwbgm
+eISoZItQ1bQ1U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2
+QHN1Z2FyY3JtLmNvbT6IegQTEQgAIgUCT2aqnQIbAwYLCQgHAwIGFQgCCQoLBBYC
+AwECHgECF4AACgkQL3lWvF2gS11roQD/S/f3M7YgChaM8SAt79iAPvLieplUBgYg
+uOJjHc16QA0A/Am0mjKmNq3W5P0uA/vB+liCEcMLdcZiOIsNI44eHj5PuQINBE9m
+qaAQCADfZPMpjZkkGZj3BY/7ApoLq4mwqzbh+CpLXwNn20tFNvSXfb8RdeXvVEb7
+Scx+W9qYpiaun2iXJgCVH8fgpZpR856ulT1q6uCG++CXubEvip/eJkZl93/84h04
+KQJwsgOrAh0Om3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTeySBVFdov6L4me
+pddfjekicKQqhL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/PginD
+11zp+6wtrWCm/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4
+HGRHZdBMJB4rHUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05b
+tZ/x01r67dHfaMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJA
+RXWUOO72+sScHP8KQmTl1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTik
+r2bZYukHDQ33XBPs4e6MbWKfsa9qaVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHB
+i9MI16oJIzzBPbGl2uoedjwiZ6QeQZnSuOVYZxU2d3lRA8PrtfFN1VSlpEm/VcAv
+tieHUYWHN0wOu+cp3Slr5XJVNjTjJhl28SlinMME54mKAGf2Ldr/dRwXiGEEGBEI
+AAkFAk9mqaACGwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQPzdfU847tqDK4
+zJjbmRv5vLLwoE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejwmQEN
+BFhJm64BCAC/9u6NdeqwFuJT5TNbKVrlVnmHihg96XSYGwl8UPiiYuO3JxXZaduB
+w0955FOc6X2cAoOJrRYv1zZO10nWS3n5CfjUn9rLZ1dnmL87+gZcOUfejBo2EmLI
+VM1yTsLZvigxIhjCUdiQDsUNhN0h1QMwprKAugyhtS4UI9DepsEt9KaqVQ4Jw1M6
+N0b/enkQYs+PHk5TbWUqwdvuGDVeZI2poBo2SL5igUfe2EAOZLZo0CY+tCsge1hu
++fYxckEF4C8SltQqiXnk5Z/SvqhuRV0lvOYBshwun+6qgC5UJ8qHsfW7pK+Qewfx
+nsAsW6gbuKorluCiRg2hCIwK3fAJ0SLHABEBAAG0HUpvZSBXYXRraW5zIDxrcmFr
+am9lQHBocC5uZXQ+iQE3BBMBCAAhBQJYSZuuAhsDBQsJCAcDBRUKCQgLBRYCAwEA
+Ah4BAheAAAoJEPm6Ctoxy9ie5VAIALXzzB78e3Fe0J83zOfj7VBHRoIsljdnlOPi
+rIciZquOoeOOMpSdwgHA8sdlFxzspEDyN4X1YU2zJ5emE4x1bNSY8tI9h7Xflq6k
+GJ3zlYa5SQ9w97Z0Mnas0j7wbJGeajPmbb6ZFfWY83rowHUuIujql+RN0Av2MKxE
+XXeydOdZGImvzCoNltHWlmoHxI9+oerPOQ+04RxhFnCvwv5HyiN29O8sn08F92wX
+RrKzLcudXJeUZgQIVmv5spY84SMldv/lSr18s3lPlvQDafPjbzUs7Q6dJFiiGdW+
+sOW3MntJYAe9n8X2tly5owMs58N8BNThMJoLhtIm1MNZzoGnMBa5AQ0EWEmbrgEI
+AOF4kVuofaESBahVCR4jWl0wWbiv3RNOUb/7Vm1TXeH8kmkLkIPGdiDSrc/yENi9
+i9I/e+7fzV+NY4B0IzPewUfLUrbrUR43LRBhumNAkpDEaXYQnz+MGYIXj/2pWJoV
+s0tJMauspCJK9+iTbFPENE7nllQb0bI1FZ2nSgCdw3u47o7Dc3UKh0xWrC9G18BJ
+SZbPn9eUZ0ioDZaVCnxvJfS+MbSj9KJfG6xgngK/khSrMPiyBMXs1mSXI+pZSMFX
+TRl+U9vIN9qkdsP1vgin7CgwQa2V0MHPdQap7NszbpG0dduxRkvgM7uK2Y7QCviD
+q8eVbC8fqsAvRe+UDIXbA3sAEQEAAYkBHwQYAQgACQUCWEmbrgIbDAAKCRD5ugra
+McvYnoIuB/9cHKVJhmGe105G0XeYNVq+X0yzSugMfAwVGJOIY4bdkbxSOj67eAc1
+xTH6wbx7KHHhDfDVN/5KHxJSm+uJXE6hi62dY++syPdoqhv/1AMD0YKpx62Erm9z
+qJ3/k5pCPmzFLEniQ48bdZFxaVUZBvZ4c4cq7aE5kY/WfSN/WNOJ79zSo+vT2Rnt
+uFY24Rkplwo+aiq/gEdwKvuOzVDc07G+idozfWIYAWXRgiGDEgUgmPkNbpYLoM1M
+PKTTkBVMjYvEESdkiPjHHcBugV5kpsuyWm6jtbgR2Jt84gq8+qv9gVgkT0xo+Jf/
+9X7so8CXqtI9P1keQ51gXM3lQFXkp7FQuQENBFhJnJYBCAC/Q4RbdpAwRval9S6d
+oIVKvPu27haj4Irppgz4c0NKtnGY6MkYOXwMJmd1KGnV4kU+zJAXCj+4fo0nUnPw
+Ml+vkr6X3KtOOMr9Bb5T1wnj2YieYpA0oEf4Jnic8qQZKz6SV2aZxB/FgS+orOC1
+mDv1xmSPuHfCZuH2JtHA+4y+3XqYt0ZusS31vSsv63HiUqt0c33BMrTdgDmP0ynt
+DnS1Qb7cgwhMe6AVXHHNJDZSNbCWkwu1ASHfrTRUt1ijEUZocGBIEmMN+vdyU4Nd
+5aF/4fiQRoNOq3WLjknaKM+uAJ62AguDzuEkn3z6Ei2rlg3KN/9L3Mzi7D7gdVwh
+seytABEBAAGJAR8EGAEIAAkFAlhJnJYCGyAACgkQ+boK2jHL2J7hpgf9EDjp0U9F
+gpmW0JVKOshmkdJIoF0km4YBKn5KLjVTmPNP2js3gD4PMkfuXMUR2/uDQJvEpgL/
+DqbKqt8TgupxGsMmQ3mYgnaiVwDH0yNSz6rpzYSsvnZxaIyKjpp963RfQqAtg42P
+F3Dje8vlMT7lo7Pb8naUr+bu7PaIsPZL1Bl0lGMymAKS/AUZ6B1eUIy7Qg+/Qcl9
+5+f/4nnQuxTpA5kqcibAAWpM/xbxbpKoydbJZG0opxgai9hvy7hOf0Rlep7cdISu
+P5YcAdGWYSHq5t4RJplGLFlBD4hOAzkTi8KmtjriLEIp7fMG8QCYYge3O32KK6BS
+dWmgYjuINvO0LJkCDQRgXeS5ARAAznHoM4UlDvg6j6UEk0clROZhxPXQIaXsVLwJ
+sk92+ayaDoFF6SPv1cymtreNIJHHZIP7h2WzBk0ION377bGNXg99rr3iStKzJ7QS
+DZzmn+4w0WvUHSql1skCGzkjP8ssiLXOp9phQuK2R2jVNUMGQjxhGLeD04E5johY
++jR38ljCFMyE2Gv+xJLhXFd7YqnrvBptnBpZRYGkNPf93YS825bLYIHeH9QO8++W
+qBpjMusb8Bc3N2QMta8V3ReUAqXbPrr1l5K6TSaURmSeHkfDuNizgyRKYERpOCwP
+o72bp1tILSTiCpgBn19iEpNvGqwkddvXcWoRxynn1EvEHNs0yuvyPwaf2TFXPzQt
+6LOibq0CQ/yn3+GpoTWgWEVg/jZ+30forWdxzwR9sn9J8y9HIMBrd+xm0Fxqkbx3
+MJqAAWPZt1mVQtSJnTkuk98zK1AuAE8g/6rVLOjbscldtgtYy0bRqrtmDHQMPrNR
+ulekN2NEq5UasNDW+FINIDMCmXVQlPttqhplSeOA+30q+wMiGZkqwuIuiKBfSNKX
+KWWHSCJoDgZ5kpsDiIp+f5NDqoN4GVmQJ9mFeqqVZ90Y1c/xpBZJpd9U53g4vmmS
+Ur5sqW7045Gh/8wC8CqXEiHVWWJZpVn1qaxvFGN1nN1yaus0WIxvWAHYGS8x/uwe
+8q/1UfMAEQEAAbQhU2VyZ2V5IFBhbnRlbGVldiA8c2VyZ2V5QHBocC5uZXQ+iQJX
+BBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEE5gkT5N8gmQfY
+4w2WZZqXyc8qeVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVqENhAAglRrXTkxTEFh
+e3KZwGzRUhszL/XX3xO2jmnFWoRHETLruTuTjYWTJSsHl41yY5lyYGuF8WYn3KKZ
+6CRIogJnenm9aHXh361wGqyooPx6gh17UxQXNAAxICHsPRKx4ygoqYN7gQMb0fJ3
+Qlf8Q5gCA3WRjO7oZJWL7ZOvI4Myt7c2Mg83rPnkCoY0HV3x4KdjKlfmnrrsvHLB
+VryVfwyQ01xTHg8AJvbQfHzKh2QzpRdY6ZfhW10tzXTfznnvC7Y2vseYkzDCOZVZ
+px6Xpsetlvjtsgh1HXeE18SOmn76Sl5xw47F2aGaC1NYmMFbQO1xiGUws381jLxb
+F7V6ftxrHzhRWbXl2JOF4KBft5vlUVA13JMnd9x3NlmQyHuDymFPko8VfRp/y7av
+V88D2/VIC6IurhUZyaPa+MwEynlOHtJivZmcsuTXZee7R17BHfq9kmoodJL9G19y
+8ViPGm+iVqTghVmPt51VFyauWh9xrbHb/11KpPjO+teiyLHQ2Wy2e/PUKxPZjhLw
+A57PcCI7fFxXHf/+ZO/zjP+X/xitPqfXb+dbkp7sqrV9tUrRuf2PosbtDLiu4yto
+EpkNB8KFNrs5VF7xciFoBB//kFIDNUKH5aLwY6fuXMCG+wiJdLKjw6EW2llgKrYI
+kSBXiP1HCLLNlqh1GPmyGW7YqUgPk7+0KFNlcmdleSBQYW50ZWxlZXYgPHNlcmdl
+eUBzLXBhbnRlbGVldi5ydT6JAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUCYmuyVgUJEO1yXAAKCRBlmpfJ
+zyp5Wni0D/93RGKQjWMUseorSyJDJ1Yn3VouznuwE6iBnyDuWeLmfRNCQr9Agx8u
+ADEO/DRuu8yuV0p4KAhh3bF1MPYfOe3bV06lSqRu8AwAUiUAvoOobuLCuu7aRZbv
+GXPiBrRnNnjY0xUnIjHZQmqHGPnoVlVbrhHsOyr3VXxDMSSC0ZN4K4as7F6ND2nj
+6o0Sv5cf8GBw1u9ueQC4myfEN8n/YfiznRGtKh9cbHUj+xuebdZAQqBrBW0/LDyz
+cxTLas7ok4EILEzDTnosDqz0VCMOMlUDjubL2dPmoIzhn9IpJRtIXkDAuyxihQMy
+iBbcVa1eoUoMB7e8tnwOUb0QUdM2Rui+W1JD9P/bcRenOh7ElYoQDqV9jMqXpebh
+w4J6qunhmzMxuNDKDpp2lnBayAja/rmS2NRXwJa9TZeLMoqlxd+vqwNnud0FXD6d
+p5b/SEfoo1rVFSDvsXKQBSmeTcFhETvqEKBjZKrlu1CuMfIzvHs5GLP5wumPnCdw
+Irj0u+mr5z+O/0gL28lSw2pss8rfJkjLJ8qoIIc+or6qlhPNdItdNwHxQow6JDU3
+dLs6QnC++FTeaRbL3iOet8Vop2yKALYD7xR3dfDX2IJMi25OvVeLP4dKJw/KRInd
+txMQylyjlwWc59QcOe8/2RQsckpVC0LOfQTBU3WPVV06l/JdqWoZi7QtU2VyZ2V5
+IFBhbnRlbGVldiA8c2VyZ2V5QHNlcmdleXBhbnRlbGVldi5jb20+iQJUBBMBCAA+
+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE5gkT5N8gmQfY4w2WZZqXyc8q
+eVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVpUQxAAnDw/w62tH9B1uKqrtGWHqK7J
+kasiNvqW9bbF1Oai5+1VGXm8kWi5Ld5KvxN3pp8QdjH7Z9zlvWMxw1kHI3Mx7ZCj
+633lPNiWtd0xeb7rch1Ek5/Uasy+X7cfjuDmdB+XKrLJ8qYHZ5AQOXGthtrNw6p6
+bYWT+3tmId7zxBB4OR7xOxrB9XMje9xH6eMQCZbRUnRVbTQ62fMSI8PYlJ55dD2u
+mMRSrsuQLC07/U+soQD/PNqOX1tY6ok1KSquJfxgoymViIwYFEGlDw3ViEjYRtKq
+CvxlDaUf1n2iTHcmBbfWxvjRksfoNEV2Dlpp9zhFYGuSe39aZF4HIjnR2OBTERlh
+hoQw3H2lgU11WpP4jJVm6zzcFHrt+9VuKTJGWgx6tEahW85F+XjwnFKnjh2T8+aq
+4wEpDqw66e+Q+WYaOlHDBGjpgNxPPNy2UAmPs4fR/Z9+FFCKpWto7O6Z6vQG9LmD
+lXuRfk4qx96gMyK6X262pRpxA+pYC2yWsVN3lE7tdy/8YFHx9o6muJrwwUuIPqwa
+o+CdkHG3P3451BIp7bthzfEBiRKZDUhQI7ll0NA5o4nZe9dA83FWcvljHB5gDXl2
+ezEl17xsFFfkQuSq/z81QE5AsCVGPnHplNxP/r6fqFDhdTsbyEiihBdUB/aeuJMh
+NHszyeUrFc+J84ughPm5Ag0EYF3kuQEQAJA4YiAQSWtR5pdzAd8gw4Oyb1WwwAOg
+YvcOV3sptLKiHTOtt1Njv0UJc832V7IN3+GuumY6LdbdWsRWV1zcOqfffZGbROcZ
+NdEHKus35lAzOsq5ZmrZgiJrvppVka1u2Km2uw6YFieZuBVxk6dPDafJzSYiAmhu
+x35Ox7WSI8zK/eX32k2l7Iki2nbz9KNpJz9HLwSz1kCjFPPQAyPMYfNJpuqJrJ0m
+8tn5blHroEijaCsSanaKlglg+W69GKZN1MhvYFHKCVMkJgtoFFLPYNZLMnqv8Rpa
+03CfZe3OSNom8n60a2n1shOWYP75SiwX357EpCK1ftHOERY45bXkZuhIoOpVZl2z
+l230qKSMrxvSGJm4GObUV/2jL6TnlHG6sfVn7LqdTGGO7YeQf10lyUArEYNpNZzJ
+ex4KvTFa5pCgrl9SL1gZgIpa8ZQKnZXakgPvP2ScUMmqXQ7cPHnFdDSBRRtrQsaH
+ZyXJeUVWURrDuIDY0FWVuh6d5LaXAy7CZKTYZ7B/MivYZgb3v/ygX7ac29CNd1u2
+yTCaM+q4OdhQ2zvfTWZiyZfTfOZgjzSEr4WhxTiynMhaUTp7ntnohEfDi7/zNuJ/
+9p76dUlsJIb/ojOhSE9cghacV418QiEiTNaGJkzPXuVo99I2QL2HIMA/SmP0xs0m
+aNVvwT4riEIlABEBAAGJAjwEGAEIACYWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUC
+YF3kuQIbDAUJB4YfXAAKCRBlmpfJzyp5WupsD/9w/5GDNp5L6FyzDvCtKufWO7n9
+0hN8GdlR8g3f12iozn10BRMiuUamWCPpm7/8SOfPl6FZX/ct51M8lEQmgUWj7b02
+6cum/GNwEcPMU+cAWA1WmNMc5R44nRVTZwydTCjb8J+vFeKmXV9Xccxwfj61HmRu
+WFaBgksNWruGKhrmD9FbhOQHmPaT+nP5gu7EriwCe4s5Gs+iDYiFu4XCXET12NjX
+cgkcM0mN+lACO2VZynq76StXl6y4acEm2wYEuP6IfrHbvdKEG99nSUVU2Wf509fA
+kek7cb7LuaxbfEOG1ZFx4g2T7668/ZDgqNaXtw31zm9qETJRd6GeofjITQtyGb1U
+xGNFiutiORq33rhnTAb3CPgRaUPqa7+22VTlP42ZUC+gxH0Nk9njXNsYmD9XSsKK
+h+oXG/I9zonbPPMT3y8XjCD2QYAi8scESSFvAoUof0fb6PT/hzZhZLe0y8vgFUJu
+UFf4Jnb8CZ00t7Q7D1AQO1l9qTLGG0BA81skHa5kgIKRsOZ2h6s/oXIxiulbGFv2
+x+RUHjin1DxOBFT6SHF40BP/yc6yfLCZDyEw+CPHCKzKNg0nrLKzg75A6KLQucAs
+A9o8ys28FYxk4LZui1kyGpktFLIQBw5PbZ3XcYDw/Mnhc120ESQu7AaBXC3AUSax
+erq5RAYJplqOAGyLWJkCDQRgZSYzARAAtsGzvzyAM1UgKdpJOzF5s6F1UUj8hG54
+zeqpu+56877oIf23j2bnBupW1zMUbAo+BkvcS3BmaEkGYU/9hiXcvmlLe83+rMpq
+SVE3ID3RFZn+bk8Vp0JAYNAXZuofMcL4E2Va3X8Mu3+43wLBklysxJiXydi+ix5g
+DCNyPnLHT6igR0s4+oWI2WHMF0qdkwCEpKSiplfZKZGN2Sg6CQnQ2+UOm88uMSvg
+SO1xWyDC1ghJH6VGrBl5T6Ff/ar1lq90hrZyoxOVY6FYAOYqoDFMpsndi/c9wasv
+PpirZncV8l4NztKOvMRvaO6XI6Gr1W0VoqhPU6mXMGq/uNiqC+gXIVmJTL3mfUTu
+l/rpqvcBiY0dxvfTxHB7RelqJjFxoni6m1M/1ltBoqC9+75KijGWGdLciE4iWX+2
+ptieE4oMqvJJNRxuq5km10kjgXCF1r/mlZ50zNeByo7G3+o8fdVXf+eMg+4cqM8B
+LrW+Pgs/zt0fWd1eqfzn3JwEy1wnQ4NYWDY1qM+k2XJcRk6WSae03r6hAYakPLmv
+0Fxyches2t1RWFyOAtl7Wlel+nOx9kr0aYbJ51WRDFkgbGXnFvrvd9XmpkIs8+XZ
+llu4wrUKg/63Mm6qPj3rbM1vg67MYN8xfXTzNx/htV3OESC9SuD4Ua66Zfh8GbbD
+oFIiSzIK1z8AEQEAAbQjUGllcnJpY2sgQ2hhcnJvbiA8cGllcnJpY2tAcGhwLm5l
+dD6JAk4EEwEIADgWIQQRmMARdZNJel7FwZkoavH5iXRp3AUCYnCdvQIbAwULCQgH
+AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAoavH5iXRp3IY5D/4mMKbN8VdyPyiSkgTV
+B3Zu6GzLl1tapw2fzlzYeS9vE9D8vF03UshdE9hKQb0qtMokblaU1cBPGrKWWPqv
+x0sJbSAZx69YKfZAiJWfHsVgvATwfMgcqlpdGHqRnEEn8fKta0+VL3GKwXW/aHAn
+dJ6JLT5qJ2qqMoa8VqhT5CcHo7TJ3CfMXDw7dI5TiE/MOIPuRUEwyw2JXqM2GTqS
+pX1dz/PMPP/UHM2BMgT17TSSL6g69JhHNVcruYypQHNxFOBWqg5lP8iXutqS/SJ6
+FJEWfKX7gLyfdA/Zj051ttqyE1i/liVfLti8Q4eZX3+/tbQn68T3jtQiYyS/Tjq9
+/8t50t1B74FXCe8/wlScBpTazngJTxkDFY9kNScYgaCfwda9/ZF9TmhJ/rGoqpj+
+IH1nWHyU6kvLylngrr5/gNqgwmc0g4/n2twYcbWBgsTX8ATLSoxdRF89hK9fnJSF
+S6pXp3LRMrMrkiHg/sFuDkiEiK8At3s0eMFpyBgAmDJuiGotNtJPvNeMI6gAEjNK
+lMf08QXbygqhhzO1BFYPHXg8QwcUItXieX2hdkMySXmVLgBQ/IaSWAQIx4iO9uKI
+MklGlzbE7ZkSMLMrU7pnWBXJOu7N9aYsoLCx7rc/9C8deso8sbQvkzwu55rMyiTe
+14JvH6tFOVQrpjLMByXnhzFaq7kCDQRgZSYzARAA7Zul4lU0CKuVKTVF6Wrncrrj
+BI5BNYSO4cv4+Di/nb/F24yb97SjTh53CVHfnYsVwRwa4lmVJTWK3MbRDCW8T7OI
+8PQrmWnyuk57e5+nGyhhv0U5z8Lwy/ozhqftZ92gR7qQmguvUQXJT9Hr2DU/a86g
+MuDSHPQBSxAh8uKW3QUChM/QOukzVJW1ekYo4SFgo7vb71a0IMBPTNl1l0/0bpCZ
+Jp8MFopRkwpNv2fQUXM2clEunnQ9YKeuhQapaRBefNj5y/u6ALY8MGPDQWIF5EJk
+xML704+IY9VU7H/8oGXPDdkzYtrF+n32BWkiRXeMcXyk9AyHVHJCNtJvs8SzMHlW
+Tr2+pBVed/8Cgw//S3ygqfJr7360lI5a5CrTbSb28UI0QIYUU6RmhdIwzpkRFz5R
+5+a/wT7BcpV9uBSbdlrBZ2tjkbd4KLJtj5F8t6ea/1tVXasIEVRcQIles8xDwFKa
+WP1Hl8Bla21zLCG9aBbaT4G09AruLY96T1bHvO3FvW1JQXE5e11tyoZV7hMDoaOo
+3FCM6p6OrOObTzird7S/XqSBVhDeV/mOQceD7eKXnMGMT3r6rvfckyWDpbNLqnXn
+vU8zyLnSG3C8rGb0B/CfBHzObq6lEHAjplzyY3mkprXk3TpQp9duH3l3epudHWTn
+nuA6aGmSzscREVCYxucAEQEAAYkCNgQYAQgAIAIbDBYhBBGYwBF1k0l6XsXBmShq
+8fmJdGncBQJib+7rAAoJEChq8fmJdGncdxMP/RRqJrNUEM5Rg/8ZWkArMMhAzZZh
+ZbO37eOLLPUYHzBCQmU2/uXv54g1xhxYpGal9mI3myKNsxdIkTe4PfRJee4KG58R
+T6MSUx8/vWjTNDJNPusoRFnpCa8znjw6Mbe2ZJPzRmkEPrb0Cd5weGTqs/DOh2i4
+9ErH9IEE8Dqegl2fybJzcWPUFQkMXkIEhovpIFKt5HSdcWyGnuGaxhzjoHWuGCKP
+RztiIU2WNailldhRwLp6tVpYVWxmxT7l15MzigWXuYiuS4eG0ATuQHUxs4PJjL1K
++g2kubxH54hhY3OaXT2olh4YLWpPcqZa0p0lXPRiUXb6pfJdJUwxpGxnUqcPvtA3
+tktM67OwNTi2mwE8WKGKFI3DHtkNG3y5hn/OuHhveTySu4DFAEFvlgDwJAhrPTR4
+uMuzB0hCcAIm82EpitV07aD1s8zZ0DIruHoZ2SWVVNTBlfreBP+dAgIG5U5HRdBU
+HPS4mUQBCHmmuahe4IHPtQi/6NHgypW9vliDd6TFGI6jje4gk0X/0jtJipEkX9Be
+FTQXD46DnUQp555g2lfDTf415ln5VfEGhkWvS7K09uQ49/NfENK+rLG6w8pWi61h
+CrmdfU0NU6TQBB/ZTwprTR1irAT1NRhR/k9glMuJDON41ieS2ZYv58KcXSCMmqGk
+vDUrjyK1dYOElF2LmQINBGMOFOMBEADgKtI+ygTCen92n3GGTQy/rqhbH1hss+qZ
+J5rYcp8Uv5rkEp85jEhrZF2nWUiiCc+WYF17t1C1pPxh8ceONbCGnV4hZxC+7VCL
+uFT6FHYE7D25zRtig8YnRWxahrpuqfk0W/yfajCbU+VbCRddmmLqzb0Ombj0EbEO
+47uRFRIk584dqYqfxYG8lxtxX1YSf4aUu+R/YoRd1M/I9Nq7w57nrIzYc2nFlwPA
+j77Oke8CBZpXFg5pKWOmaiOkh0jlFCNIrjyFC60WomjfOeoHsKyX6Z/Zr3HTewDR
+sFl5XkHjpZye8BZ+0i1ZAhAraNdWTi19Z5XJVoIVHs62a5tzfWpmbY7S4HHUKJfs
+91RLGinBXJ6IztmAvmgiwuH8nyA8fJKQ0B5v1+J5H2VdWd6QAuRZUa2LyEzVrPxk
+FL8XRoeOxAHRNHAj7k2Shz3vGdcgQ7AKvXjbnK3rYH9eAdEKL7lWJPoipAhB+H49
+dftxhH6fsLaLW2UdLbl1iiwHH5ndh2KAZBqEShJuTYSQ/M+0hBFK+9o3a9r2ly0x
+Dhs3gf13sfMD20em/ExSrdj08umqDpKUijpe4Skxv8jknGyik97vBwmbqswofu+/
+yPvrMpJz2haK2w/8IJCa6ItOmZ3Jk1w4qO5t8RynJ9MLvp6QfNPzmvJZ1U0cyml+
+QwdO77C/gwARAQABtCZHYWJyaWVsIENhcnVzbyA8Y2FydXNvZ2FicmllbEBwaHAu
+bmV0PokCVwQTAQgAQRYhBCwWx2Xb5UoIgTDxvEubX2ALVfO0BQJjDhTjAhsDBQkD
+wmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEEubX2ALVfO0Tf0P/ilP
++QfJNlvRzT90nD7gL3elOKCL4FI5NOtU/8ehi92nWAtw/w1/dE6lprexO/uqdnEb
+gAlbwShZTwHHce4K/bT+ETAz2+NU50KqLfXcSn+SuXieSe//x5j2WZHyaOBFVoCg
+v1IW9TLxsmuymEnbD+tMAxfgQorjUChT0oZebjZxTl6shYan05TOFJq9Mqmmyfiu
+YGbq7D+d+Y2gYuK2Gay+KEb+1c3f1G5/lhh4cQGLVGMv03YTRVkArBb0psbkLzKW
+7t3D/zOttdCQ96a/pxai4Y10/ezWCYHKhWqsErdRTRr/XdTRpPjC638GpDlfGaq7
+1F9A4Qrd79DtfeQanZl7DDRSt4p+OjK9yx+NX8cM4DP1PGKnQ4J3UG/IZKXSV48t
+JKjnjNI8kDxqvl3DnTWN4qfX8hl2X0IP6HFHS6qnnH/TLZBdhwLovYZuRGRxSSmm
+jUdWN2emNqQbKKn3KUqY1G8H01vF8o0Y8LsHgyEaLHmGj08mCpHeXCGCQsz5jvXU
+j8k9WDB99SIQBLCWTteAZ3ruzRpx7zB/EPHeZNYznybaP4Es2O5BmA3HKdiGwY/c
+ufrIycqwaRPXAhjVxHcJTN2X1I+GWhFmNizQwWplDTJywcMVpklaZDQ/O6tER6IX
+p3bVRCJ3qTGUDdzUBcwo6FX4i2VcMPxwDCLyNlIbuQINBGMOFOMBEADIuvI9EXIv
+tY3yrixE3kqP7A+fSZ/QbYAE13L3gDcdd+CXOq+gy6nqs5l6vB0n0KpANbAUv5RC
+AIt/a4M06vzC4QyOSejeb3/b1/ELDoOdTvqN4QR1YusGvf/hyA5t3UY5GL4Tt1wG
+RBZYlbn8fMf9BcxX5tGSW7UUJ6raHTYKS8KxmnGTdE3Ata2s3oCpq35iLroRENzV
+1ugYIZZaLw9196aN0fAkFNn5cVUFv/hTJ4pdrydfERxXcxXHuMnwXW2m321Y48eu
+XzWDa2RzuTsmNXN27RoDQBydR+jK4cx8rcLsHJaBiFj+WpX6wEJPhoiCXa4Unrlj
+LNjbF13ojzec/cXkqVjVIrMwWF3QmcCSDfo1ELmMHD4CCiAqqPL1tHClJbKbrlix
+ybs03xuSTfxF1ZqhjWoUvThPG5JOA+hXMB4Ne/pJu1SMB+aiyOFJXGCdeE3cmW1v
+3cV5w8OgHhY/ual+8xWZwqUmYIWQB1GMAZP1p9E7XxixMbJI6/WQTBsdrceDTG2u
+djk76En4YGHAVYobzFPXYLv2KheU+yanLkXZnoz7gFB4IvuVaxwHZSdgnGoSaIoz
+FiCpNN8OtAFFdVI0O9RbzDqcnSktONqKnpeRWFCeEsyMZ6cuYoxbar2NjJ2IL+HN
+BBS5nfbZ04Pyj78fpGvJVAcpF+MZ7T5jmwARAQABiQI8BBgBCAAmFiEELBbHZdvl
+SgiBMPG8S5tfYAtV87QFAmMOFOMCGwwFCQPCZwAACgkQS5tfYAtV87TJ6RAAo0ms
+AmFVeSSPzxCYecFw3peIu15CAna3VidsZZ3W+c1Wf01hZiphPOLxUVXNr1VzaBos
+40xGJ0woIX3tC71tyzxinaUlYpZnE4h5otS0P+Qbm+NHqReDfcVnPoP89551hfH6
+epBUgmm00d5+FNbuTabMsIO3vBSk+Y+p7zbY9bkHFq5wB+JYz6vfxe/3frB1zvx6
+j0M6ehMrG1/YjA+z9L0+7etcUy/qvW1hSkdBtCbMEv9EGDzjhEjxP+wZSJ7kW2xh
+bFUzbM2rFGodb9sn7z9sX2Gf+lVwuXynHXm56Rc0Zrq4e2MlN09UQkjZT1BT4bEc
+K/oUZjqWcMgGMRoH8Zlw2v8qUMqTNBs07kC9+4ujSSz69TJM5R1Ryof7mucOeRzn
+SSqk2bMRefe8kkLAKsKb9xYyV0ComRJZUmxLDy3EMlzqjlVg0IXTT1Q0z5VdP9dB
+49oDQiz4DaAeqAz8PgttGz5b63JM231DUUxdrkuneb+jz7LCIeL6Kb95q+Uozij7
+nFajgP1ekqYyJ6WloxrPEGaW6syrXxGPcQwsDlDZ8c/uwTBtfRkLVuznVvjaVx8m
+6rQwdwE4JJFpr0tHJ7us7MEcYp21/S/1MD+mvG8XwPn8seRnTEQrGND+YkKIGvEi
+AooHYYZVpg1Aid5L6wwqjpnO1VYX95o4BIZ/9GyZAg0EXrb0LgEQAOX87ju0d9lq
+npjc/B8j3/jB79MPAkuoE/yMzPcAfyzl7ytYcgjBclqjU1YWR3hWdJKI0Qx59+Ss
+1anIJuOvTo0Saanj0YJSlDCFPUO5C7wuEqh4+EgacAiy23LUtunKVJ9MQ7t+TtKe
+RijI84KK58RcM4ukHHwbCb9ww1mEUjTlcJBJ/n70iNoTGKGCZ18IpyFvK8atSf1j
+t67k9hS2wS7VJNqw3Orm6xJDqGi3fMFtWg9ErxrtNkIMYmrO+ofRsilUcpUrEDyv
+2Q/FNviOVE9BXzVVJ7zxOCwjMNJ4ao6Ezk0NOZU36qv0Bg8B3IWN6axWMwUQvfh0
+SAzZUGxfzuraG86Rj1z21PJwJxQATIRhERfm118EAVxwP/xz0Nwrr044Hx0Wi8mX
+6qi0B5d1rf08VAUoJ/Bhr7Lfbpjbi0z4mvwZh+ydRrowDoff+g0IAamzRVmcFVFy
+OdLM2iM9z10Ds6dPvi6QVvTMZfrE3l1MIpFb+YuOeU5AQFbl0so2HaWP1TMb/0pQ
+jhXh9WwSOfwjG1QyEibs4CxSMbJ2TwPYLNo9QQZnBdPMPBUfa0Jkahw+NnztHjEN
+sHbsr/ic1Zvi7HuaUTCKzm1oGeiIqIBXtH8WrQsQlAWiJdEvu2YkKAyjxUOD9reL
+4a8NbGve1MeNC1T4onX5OqJ/dCsnnd19ABEBAAG0OEdhYnJpZWwgQ2FydXNvIChS
+ZWxlYXNlIE1hbmFnZXIpIDxjYXJ1c29nYWJyaWVsQHBocC5uZXQ+iQJUBBMBCAA+
+FiEEv93ShkKCT4EY73eQm2elwSIpEY8FAl629C4CGwMFCQeEzgAFCwkIBwIGFQoJ
+CAsCBBYCAwECHgECF4AACgkQm2elwSIpEY93YRAAorek8NdIxkegDBXSrVVR0wA3
+FsT7tMT25cVDHpV0NnGVoRYRQW65rjW7zPAKHe/oXk6MOuVbCg9Gr9znJa/KlQHs
+i0Hsv+6+w6rLpXw8aQfikfFgLIVOELY6/MoVcao2vEXvQ0gDPo3JKVA+W7lMrY+s
+LUyJcww9yI1181qBJRlAp5wwyKPiqNExHKlxRklMSR6vgJHocL7hSWcGPpSmKMqq
+5oZkwB73mhEktXAI6yEuAeOKEx7XarBfWeN4BCo9BHgpnslR5pjgzWjKbHK5k+XB
+S0ApKi4dDuzuDcodqhIhqUhrFj04LGznYfnLa7IVuupINVY+HX/OBd9+a7qEH+hF
+7IOGFwfjv5xOCfbdzDzp3v4G6mluzTmDxByNta/T30hFtWmKsqY5FP7ip1eN6//D
+vhZlQVcpbs8WEeivo8BRvbMBy6tW/hFMhWxEPrA+i9QqCRt0l5f29smtnJyCcZPi
+3AvtZI8qK+fgFgEinbz+NnOXY62JLJl/+GucSoWnx9rgOJb2ZEDcTFuN8JCo4YxP
+AvACSPib4CF03nnFhAuyP/qnPcDKwFGhLUT++3FIilEACZ/dSGEylGQqTSYDl/gy
+xCpHslnZt6f2T8ZMd4fuqyrNvWT6sTARjwX3VCCwHNPnM7ik9DWsgZM3gIFrtBwk
+fd9zeL2tgxgC25WWkJS5Ag0EXrb0LgEQAN1a0LLbJ+fKNIFqwxsjNM5X5YdyPQMk
+kM0mMZzLgZMz3yCSUFw/ZbfD6ZqRfpxugek39M2l8BRA8eWo0TiFAq2HdD9yXBfq
+iWc1DFL0ZkVgJtSM8czE4IX1EON7BRwin0BkOChn+PE0JWKdvrjyo6bZ995YFyNk
+A3GlUxSyoAhaivPFfrSoKBUSXSiZBk9KzdrS5k76ZlhE73Vej1S5XCz+Ssqj6X68
+3iDqTWlkXaUJ8EAnwv+b81zPmnjfxnAWYxa/Hi+vGWxDgDhP4El+XJSLjcEB5JWt
+0a1UkSKXigz7LkYib1s091mIkTPsNmtsh5c2opGMoWJdwbZvyqgM3VqrlCIkLdGi
+Thqvhh85kKkvgg1Bicg0d00vmWlzJ4MFhkbt0pTLY7hp+e+PF3gWey9inmqbiz52
+Xag8PQav7opOi1fb95Wvi/BkMZ6v5nmjxzQEe+HaF4UjZG1fFwVp3Hss2V2DvT2Q
+Azz/JV1Aj0aNFo37VAVebKqkdrxNCRQQg4p630kwEImRwJTYY8tVNUlVQPbdVwkY
+JvdhXjsVXApPoxBhU20S5qevxMiI/2FhEHHgm5PmokSaXiDgII7Gm4sUgoAreslv
+OmydpQeGKSOU5gZ1MQtvfBvdcQQfV1klnCTtYQMV/6lNUXEx9LlXzaQ3/Ah0LC0X
+SV+8B9zz/A0FABEBAAGJAjwEGAEIACYWIQS/3dKGQoJPgRjvd5CbZ6XBIikRjwUC
+Xrb0LgIbDAUJB4TOAAAKCRCbZ6XBIikRj1+vD/9KA9EvHdPNyDk8jU/dUvPYKqLc
+QTKA0cBpDcv9+N0bfVFijBtw8Hpyg+23Q0XxJuwpgL7N72HLxCJzrpfIyucc5j99
++Wrh1wrbqdynkKJ9hM24lMhj2ZHaP42oN6At4unLFGh80a+YkJFjTxh9jORvtjXp
+Qjzq+j+8isQ5i71yT9WTzesJBhtrLMVQrgOND5E6AS/IuUEjOHt3INuG2HFJp0jR
+tdlBT9ZLB+zoTJIIMARUqZGZTgF+rehVIsTXed7fdWidMK9GKN9SU+cBWZ3vcb37
+lDph8bCmRb/aGlby5hBUy6KwrSXF/V6VsyqWiccXzt99Dq0BfuSE+VCKYjHToyw4
+j9gnlrZdH2NMwyUgicKbc8GLbxGS6tzYrSy2MD+BILQD+cnpGgAyD2kbcEm6ghGW
+LTTi11cotcr0uXCLiPZwWG28ychx9HxXvvNUNArvDSmP26uZqo/WZFYukaaFLltQ
+ocI5PEAkx2K4N+xb0y5Ht/8M+XNO/t/pAR+yHWNUpZUgbZ0dujm5hPdVA9U51cyH
+MCucOl0sN0+oO26re7e0ZTnImjF6HBzgN5LhDmccoT4rpOFJqrW77hOMhvIUkg5n
+4Sd63wbB88BKsPXF6mRUEPcHuvwLr5jAE8QSW6sLhphAbh57GXdFtudEaKvQbGW9
+yalYwuj7Yip5XJGttg==
+=jLhZ
 -----END PGP PUBLIC KEY BLOCK-----

SOURCES/php.conf

@@ -19,15 +19,13 @@ DirectoryIndex index.php
 #
 # Redirect to local php-fpm (no mod_php in default configuration)
 #
-<IfModule !mod_php5.c>
-  <IfModule !mod_php7.c>
+<IfModule !mod_php.c>
     # Enable http authorization headers
     SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
     <FilesMatch \.(php|phar)$>
         SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
     </FilesMatch>
-  </IfModule>
 </IfModule>
 
 #
@@ -36,7 +34,7 @@ DirectoryIndex index.php
 #
 # mod_php options
 #
-<IfModule  mod_php7.c>
+<IfModule  mod_php.c>
     #
     # Cause the PHP interpreter to handle files with a .php extension.
     #

SOURCES/php.ini

@@ -88,6 +88,7 @@
 ;;;;;;;;;;;;;;;;;;;
 ; Quick Reference ;
 ;;;;;;;;;;;;;;;;;;;
+
 ; The following are all the settings which are different in either the production
 ; or development versions of the INIs with respect to PHP's default behavior.
 ; Please see the actual settings later in the document for more details as to why
@@ -99,12 +100,12 @@
 ;   Production Value: Off
 
 ; display_startup_errors
-;   Default Value: Off
+;   Default Value: On
 ;   Development Value: On
 ;   Production Value: Off
 
 ; error_reporting
-;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+;   Default Value: E_ALL
 ;   Development Value: E_ALL
 ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 
@@ -153,6 +154,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; zend.exception_ignore_args
+;   Default Value: Off
+;   Development Value: Off
+;   Production Value: On
+
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -306,12 +317,12 @@ serialize_precision = -1
 ; http://php.net/open-basedir
 ;open_basedir =
 
-; This directive allows you to disable certain functions for security reasons.
+; This directive allows you to disable certain functions.
 ; It receives a comma-delimited list of function names.
 ; http://php.net/disable-functions
 disable_functions =
 
-; This directive allows you to disable certain classes for security reasons.
+; This directive allows you to disable certain classes.
 ; It receives a comma-delimited list of class names.
 ; http://php.net/disable-classes
 disable_classes =
@@ -352,21 +363,31 @@ zend.enable_gc = On
 ; If enabled, scripts may be written in encodings that are incompatible with
 ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
 ; encodings.  To use this feature, mbstring extension must be enabled.
-; Default: Off
 ;zend.multibyte = Off
 
 ; Allows to set the default encoding for the scripts.  This value will be used
 ; unless "declare(encoding=...)" directive appears at the top of the script.
 ; Only affects if zend.multibyte is set.
-; Default: ""
 ;zend.script_encoding =
 
-; Allows to include or exclude arguments from stack traces generated for exceptions
-; Default: Off
-; In production, it is recommended to turn this setting on to prohibit the output 
+; Allows to include or exclude arguments from stack traces generated for exceptions.
+; In production, it is recommended to turn this setting on to prohibit the output
 ; of sensitive information in stack traces
+; Default Value: Off
+; Development Value: Off
+; Production Value: On
 zend.exception_ignore_args = On
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+; In production, it is recommended to set this to 0 to reduce the output
+; of sensitive information in stack traces.
+zend.exception_string_param_max_len = 0
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@@ -404,7 +425,7 @@ max_input_time = 60
 ; How many GET/POST/COOKIE input variables may be accepted
 ;max_input_vars = 1000
 
-; Maximum amount of memory a script may consume (128MB)
+; Maximum amount of memory a script may consume
 ; http://php.net/memory-limit
 memory_limit = 128M
 
@@ -458,7 +479,7 @@ memory_limit = 128M
 ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
 ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
 ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Default Value: E_ALL
 ; Development Value: E_ALL
 ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 ; http://php.net/error-reporting
@@ -482,11 +503,9 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
 
 ; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. PHP's default behavior is to suppress those
-; errors from clients. Turning the display of startup errors on can be useful in
-; debugging configuration problems. We strongly recommend you
-; set this to 'off' for production servers.
-; Default Value: Off
+; separately from display_errors. We strongly recommend you set this to 'off'
+; for production servers to avoid leaking configuration details.
+; Default Value: On
 ; Development Value: On
 ; Production Value: Off
 ; http://php.net/display-startup-errors
@@ -524,19 +543,9 @@ ignore_repeated_source = Off
 ; http://php.net/report-memleaks
 report_memleaks = On
 
-; This setting is on by default.
+; This setting is off by default.
 ;report_zend_debug = 0
 
-; Store the last error/warning message in $php_errormsg (boolean). Setting this value
-; to On can assist in debugging and is appropriate for development servers. It should
-; however be disabled on production servers.
-; This directive is DEPRECATED.
-; Default Value: Off
-; Development Value: Off
-; Production Value: Off
-; http://php.net/track-errors
-;track_errors = Off
-
 ; Turn off normal error reporting and emit XML-RPC error XML
 ; http://php.net/xmlrpc-errors
 ;xmlrpc_errors = 0
@@ -929,10 +938,10 @@ cli_server.color = On
 ;date.default_longitude = 35.2333
 
 ; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
+;date.sunrise_zenith = 90.833333
 
 ; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
+;date.sunset_zenith = 90.833333
 
 [filter]
 ; http://php.net/filter.default
@@ -1009,8 +1018,6 @@ pcre.jit=0
 ; http://php.net/pdo-odbc.connection-pooling
 ;pdo_odbc.connection_pooling=strict
 
-;pdo_odbc.db2_instance_name
-
 [Pdo_mysql]
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
@@ -1292,7 +1299,8 @@ session.cookie_domain =
 session.cookie_httponly =
 
 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
-; Current valid values are "Lax" or "Strict"
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
 ; https://tools.ietf.org/html/draft-west-first-party-cookies-07
 session.cookie_samesite =
 
@@ -1300,12 +1308,9 @@ session.cookie_samesite =
 ; http://php.net/session.serialize-handler
 session.serialize_handler = php
 
-; Defines the probability that the 'garbage collection' process is started
-; on every session initialization. The probability is calculated by using
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator
-; and gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any given request.
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
 ; Default Value: 1
 ; Development Value: 1
 ; Production Value: 1
@@ -1313,13 +1318,9 @@ session.serialize_handler = php
 session.gc_probability = 1
 
 ; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using the following equation:
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
-; session.gc_divisor is the denominator in the equation. Setting this value to 100
-; when the session.gc_probability value is 1 will give you approximately a 1% chance
-; the gc will run on any given request. Increasing this value to 1000 will give you
-; a 0.1% chance the gc will run on any given request. For high volume production servers,
-; this is a more efficient approach.
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; For high volume production servers, using a value of 1000 is a more efficient approach.
 ; Default Value: 100
 ; Development Value: 1000
 ; Production Value: 1000
@@ -1335,8 +1336,8 @@ session.gc_maxlifetime = 1440
 ;       (see session.save_path above), then garbage collection does *not*
 ;       happen automatically.  You will need to do your own garbage
 ;       collection through a shell script, cron entry, or some other method.
-;       For example, the following script would is the equivalent of
-;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+;       For example, the following script is the equivalent of setting
+;       session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
 ;          find /path/to/sessions -cmin +24 -type f | xargs rm
 
 ; Check HTTP Referer to invalidate externally stored URLs containing ids.
@@ -1493,11 +1494,6 @@ zend.assertions = -1
 ; http://php.net/assert.callback
 ;assert.callback = 0
 
-; Eval the expression with current error_reporting().  Set to true if you want
-; error_reporting(0) around the eval().
-; http://php.net/assert.quiet-eval
-;assert.quiet_eval = 0
-
 [mbstring]
 ; language for internal character representation.
 ; This affects mb_send_mail() and mbstring.detect_order.
@@ -1515,7 +1511,7 @@ zend.assertions = -1
 ; http input encoding.
 ; mbstring.encoding_translation = On is needed to use this setting.
 ; If empty, default_charset or input_encoding or mbstring.input is used.
-; The precedence is: default_charset < input_encoding < mbsting.http_input
+; The precedence is: default_charset < input_encoding < mbstring.http_input
 ; http://php.net/mbstring.http-input
 ;mbstring.http_input =
 
@@ -1547,20 +1543,8 @@ zend.assertions = -1
 ; http://php.net/mbstring.substitute-character
 ;mbstring.substitute_character = none
 
-; overload(replace) single byte functions by mbstring functions.
-; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
-; etc. Possible values are 0,1,2,4 or combination of them.
-; For example, 7 for overload everything.
-; 0: No overload
-; 1: Overload mail() function
-; 2: Overload str*() functions
-; 4: Overload ereg*() functions
-; http://php.net/mbstring.func-overload
-;mbstring.func_overload = 0
-
-; enable strict encoding detection.
-; Default: Off
-;mbstring.strict_detection = On
+; Enable strict encoding detection.
+;mbstring.strict_detection = Off
 
 ; This directive specifies the regex pattern of content types for which mb_output_handler()
 ; is activated.
@@ -1569,12 +1553,10 @@ zend.assertions = -1
 
 ; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
 ; to the pcre.recursion_limit for PCRE.
-; Default: 100000
 ;mbstring.regex_stack_limit=100000
 
 ; This directive specifies maximum retry count for mbstring regular expressions. It is similar
 ; to the pcre.backtrack_limit for PCRE.
-; Default: 1000000
 ;mbstring.regex_retry_limit=1000000
 
 [gd]

SOURCES/php.modconf

@@ -3,10 +3,11 @@
 # easy for developers to write dynamically generated webpages.
 #
 
-# Cannot load both php5 and php7 modules
+# Cannot load both php5, php7 and php modules
 <IfModule !mod_php5.c>
-  <IfModule prefork.c>
-    LoadModule php7_module modules/libphp7.so
+  <IfModule !mod_php7.c>
+    <IfModule prefork.c>
+      LoadModule php_module modules/libphp.so
+    </IfModule>
   </IfModule>
 </IfModule>
-