debian/0000775000000000000000000000000013232177527007201 5ustar debian/libtasn1-6-dev.links0000664000000000000000000000010712246634270012672 0ustar usr/share/gtk-doc/html/libtasn1 usr/share/doc/libtasn1-6-dev/reference debian/rules0000775000000000000000000000142112246634270010254 0ustar #! /usr/bin/make -f # Build the libtasn1 packages for Debian. include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --with-packager=Debian \ --with-packager-bug-reports=http://bugs.debian.org/ \ --with-packager-version="$(DEB_VERSION)" \ --enable-gtk-doc --enable-gtk-doc-pdf \ --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) DEB_MAKE_CHECK_TARGET = check endif DEB_DH_INSTALL_SOURCEDIR = debian/tmp DEB_DH_MAKESHLIBS_ARGS_ALL := -V 'libtasn1-6 (>=3.4-0)' DEB_COMPRESS_EXCLUDE := libtasn1.pdf build/libtasn1-3-dev:: if ! test -e doc/libtasn1.pdf ; then \ $(MAKE) pdf ; fi if ! test -e doc/libtasn1.html ; then \ $(MAKE) html ; fi debian/source/0000775000000000000000000000000012262231370010466 5ustar debian/source/format0000664000000000000000000000001412246634270011704 0ustar 3.0 (quilt) debian/source/include-binaries0000664000000000000000000000004012262231370013620 0ustar debian/upstream-signing-key.pgp debian/watch0000664000000000000000000000017412262230167010224 0ustar version=3 opts=pgpsigurlmangle=s/$/.sig/ \ http://ftp.gnu.org/gnu/libtasn1/libtasn1-(.*)\.tar\.(?:xz|gz|bz2) debian uupdate debian/control0000664000000000000000000000767712362241560010615 0ustar Source: libtasn1-6 Section: libs Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian GnuTLS Maintainers Uploaders: Andreas Metzler , Eric Dorland , James Westby , Simon Josefsson Build-Depends: debhelper (>= 9), cdbs (>= 0.4.93), bison, gtk-doc-tools, texinfo, autotools-dev, texlive-latex-base Standards-Version: 3.9.5 Priority: standard Vcs-Git: git://anonscm.debian.org/pkg-gnutls/libtasn1.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnutls/libtasn1.git Homepage: http://www.gnu.org/software/libtasn1/ Package: libtasn1-6-dev Section: libdevel Architecture: any Depends: libtasn1-6 (= ${binary:Version}), ${misc:Depends} Conflicts: libtasn1-dev Provides: libtasn1-dev Priority: optional Description: Manage ASN.1 structures (development) Manage ASN1 (Abstract Syntax Notation One) structures. The main features of this library are: * on-line ASN1 structure management that doesn't require any C code file generation. * off-line ASN1 structure management with C code file generation containing an array. * DER (Distinguish Encoding Rules) encoding * no limits for INTEGER and ENUMERATED values . This package contains header files and libraries for static linking. Package: libtasn1-6-dbg Section: debug Architecture: any Depends: libtasn1-6 (= ${binary:Version}), ${misc:Depends} Replaces: libtasn1-3-dbg Breaks: libtasn1-3-dbg Priority: extra Multi-Arch: same Description: Manage ASN.1 structures (debugging symbols) Manage ASN1 (Abstract Syntax Notation One) structures. The main features of this library are: * on-line ASN1 structure management that doesn't require any C code file generation. * off-line ASN1 structure management with C code file generation containing an array. * DER (Distinguish Encoding Rules) encoding * no limits for INTEGER and ENUMERATED values . This package contains symbol files for debugging. Package: libtasn1-6 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: Manage ASN.1 structures (runtime) Manage ASN1 (Abstract Syntax Notation One) structures. The main features of this library are: * on-line ASN1 structure management that doesn't require any C code file generation. * off-line ASN1 structure management with C code file generation containing an array. * DER (Distinguish Encoding Rules) encoding * no limits for INTEGER and ENUMERATED values . This package contains runtime libraries. Package: libtasn1-bin Section: devel Priority: extra Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: libtasn1-3-bin Breaks: libtasn1-3-bin (<< 3) Multi-Arch: foreign Description: Manage ASN.1 structures (binaries) Manage ASN1 (Abstract Syntax Notation One) structures. The main features of this library are: * on-line ASN1 structure management that doesn't require any C code file generation. * off-line ASN1 structure management with C code file generation containing an array. * DER (Distinguish Encoding Rules) encoding * no limits for INTEGER and ENUMERATED values . This package contains programs to encode, decode and parse asn1 data structures. Package: libtasn1-3-dev Section: oldlibs Priority: extra Architecture: all Depends: libtasn1-6-dev (>= ${source:Version}), ${misc:Depends} Description: transitional libtasn1-3-dev package This is a transitional dummy package to ease the migration from libtasn1-3-dev to libtasn1-6-dev. You can safely remove this package. Package: libtasn1-3-bin Section: oldlibs Priority: extra Architecture: all Depends: libtasn1-bin (>= ${source:Version}), ${misc:Depends} Description: transitional libtasn1-3-bin package This is a transitional dummy package to ease the migration from libtasn1-3-bin to libtasn1-bin. You can safely remove this package. debian/libtasn1-6.install0000664000000000000000000000002412246634270012442 0ustar usr/lib/*/lib*.so.* debian/copyright0000664000000000000000000000651612246634270011141 0ustar This package was debianized by Ivo Timmermans on Sat, 15 Jun 2002 23:37:29 +0200. Matthias Urlichs . It is now maintained by Andreas Metzler , Eric Dorland and James Westby It was downloaded from ftp://ftp.gnutls.org/pub/crypto/gnutls/libtasn1/ Upstream Authors: Fabio Fiorina Simon Josefsson The library itself is licensed as LGPLv2.1+, the build system, test-suite and command-line tools (package libtasn1-bin) are GPLv3+. Copyright (library): /* * Copyright (C) 2000-2013 Free Software Foundation, Inc. * * This file is part of LIBTASN1. * * The LIBTASN1 library is free software; you can redistribute it * and/or modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA */ On Debian GNU/Linux systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL'; the text of the earliest applying version of the license (2.1) can be found in `/usr/share/common-licenses/LGPL-2.1'. Copyright (build system, test-suite and command-line tools): * Copyright (C) 2000-2013 Free Software Foundation, Inc. * * This file is part of LIBTASN1. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * */ On Debian GNU/Linux systems, the complete text of the GNU General Public License version 3 can be found in /usr/share/common-licenses/GPL-3. The documentation is distributed under the terms of the GNU Free Documentation License (FDL 1.3): ---------------------------------- Copyright (c) 2001-2013 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". ---------------------------------- On Debian systems a copy of the complete text of the GNU FDL 1.3 can be found in /usr/share/common-licenses/GFDL-1.3. debian/libtasn1-bin.install0000664000000000000000000000012012246634270013042 0ustar usr/bin/asn1Coding usr/bin/asn1Parser usr/bin/asn1Decoding usr/share/man/man1/* debian/libtasn1-6-dev.examples0000664000000000000000000000001012246634270013361 0ustar src/*.c debian/clean0000664000000000000000000000004112246634270010176 0ustar doc/reference/tmpl/libtasn1.sgml debian/libtasn1-6-dev.install0000664000000000000000000000033612246634270013224 0ustar ../../doc/libtasn1.pdf usr/share/doc/libtasn1-6-dev ../../doc/fdl-1.3.texi usr/share/doc/libtasn1-6-dev usr/include/* usr/lib/*/lib*.a usr/lib/*/lib*.so usr/lib/*/pkgconfig/*.pc usr/share/man/man3/* usr/share/gtk-doc/html debian/compat0000664000000000000000000000000212246634270010374 0ustar 9 debian/libtasn1-6-dev.doc-base0000664000000000000000000000063612246634270013236 0ustar Document: libtasn1 Title: Manual for Libtasn1 Author: Fabio Fiorina, Simon Josefsson Abstract: This manual is for Libtasn1, which is a library for Abstract Syntax Notation One (ASN.1) and Distinguish Encoding Rules (DER) manipulation. Section: Programming/C Format: PDF Files: /usr/share/doc/libtasn1-6-dev/libtasn1.pdf Format: info Index: /usr/share/info/libtasn1.info.gz Files: /usr/share/info/libtasn1.info* debian/libtasn1-6-dev.info0000664000000000000000000000004112246634270012502 0ustar debian/tmp/usr/share/info/*info* debian/patches/0000775000000000000000000000000013232160132010610 5ustar debian/patches/series0000664000000000000000000000025213232160132012024 0ustar CVE-2014-3467-3468.patch CVE-2014-3469.patch CVE-2015-2806.patch CVE-2015-3622.patch CVE-2016-4008-1.patch CVE-2016-4008-2.patch CVE-2017-6891.patch CVE-2017-10790.patch debian/patches/CVE-2016-4008-2.patch0000664000000000000000000000303312707727477013416 0ustar Backport of: From a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 6 Apr 2016 13:02:19 +0200 Subject: [PATCH] _asn1_extract_der_octet: properly account the bytes read through indefinite encodings This prevents infinite recursions in the function loop. Reported by Pascal Cuoq. --- lib/decoding.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) Index: libtasn1-6-3.4/lib/decoding.c =================================================================== --- libtasn1-6-3.4.orig/lib/decoding.c 2016-04-26 14:09:39.813661557 -0400 +++ libtasn1-6-3.4/lib/decoding.c 2016-04-26 14:10:54.142702359 -0400 @@ -636,7 +636,7 @@ static int _asn1_extract_der_octet (asn1_node node, const unsigned char *der, - int der_len) + int der_len, int *bytes) { int len2, len3; int counter, counter_end; @@ -679,15 +679,19 @@ DECR_LEN(der_len, len3); result = _asn1_extract_der_octet (node, der + counter + len3, - der_len); + der_len, &len2); if (result != ASN1_SUCCESS) return result; - len2 = 0; + + DECR_LEN(der_len, len2); } counter += len2 + len3 + 1; } + if (bytes) + *bytes = counter; + return ASN1_SUCCESS; cleanup: @@ -756,7 +760,7 @@ asn1_length_der (tot_len, temp, &len2); _asn1_set_value (node, temp, len2); - ret = _asn1_extract_der_octet (node, der, der_len); + ret = _asn1_extract_der_octet (node, der, der_len, NULL); if (ret != ASN1_SUCCESS) return ret; debian/patches/CVE-2015-2806.patch0000664000000000000000000000705512507260631013250 0ustar Description: fix denial of service and possible code execution via overflow in _asn1_ltostr Origin: backport, http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=e47b2a0651ffe1867c844968ade7f6127957bf13 Origin: backport, http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 Index: libtasn1-6-3.4/lib/coding.c =================================================================== --- libtasn1-6-3.4.orig/lib/coding.c 2015-04-02 11:32:56.272565639 -0400 +++ libtasn1-6-3.4/lib/coding.c 2015-04-02 11:34:40.765403415 -0400 @@ -34,6 +34,10 @@ #define MAX_TAG_LEN 16 +#ifndef MAX +# define MAX(a,b) ((a) > (b) ? (a) : (b)) +#endif + /******************************************************/ /* Function : _asn1_error_description_value_not_found */ /* Description: creates the ErrorDescription string */ @@ -590,7 +594,7 @@ { asn1_node p; int tag_len, is_tag_implicit; - unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1]; + unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)]; unsigned long tag_implicit = 0; unsigned char tag_der[MAX_TAG_LEN]; @@ -959,7 +963,7 @@ char *ErrorDescription) { asn1_node node, p, p2; - unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1]; + unsigned char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)]; int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old; int err; unsigned char *der = ider; Index: libtasn1-6-3.4/lib/decoding.c =================================================================== --- libtasn1-6-3.4.orig/lib/decoding.c 2015-04-02 11:32:56.272565639 -0400 +++ libtasn1-6-3.4/lib/decoding.c 2015-04-02 11:32:56.268565609 -0400 @@ -301,7 +301,7 @@ { int len_len, len, k; int leading; - char temp[20]; + char temp[LTOSTR_MAX_SIZE]; unsigned long val, val1; *ret_len = 0; Index: libtasn1-6-3.4/lib/element.c =================================================================== --- libtasn1-6-3.4.orig/lib/element.c 2015-04-02 11:32:56.272565639 -0400 +++ libtasn1-6-3.4/lib/element.c 2015-04-02 11:32:56.268565609 -0400 @@ -133,7 +133,7 @@ _asn1_append_sequence_set (asn1_node node) { asn1_node p, p2; - char temp[10]; + char temp[LTOSTR_MAX_SIZE]; long n; if (!node || !(node->down)) Index: libtasn1-6-3.4/lib/parser_aux.c =================================================================== --- libtasn1-6-3.4.orig/lib/parser_aux.c 2015-04-02 11:32:56.272565639 -0400 +++ libtasn1-6-3.4/lib/parser_aux.c 2015-04-02 11:32:56.268565609 -0400 @@ -528,10 +528,10 @@ char * -_asn1_ltostr (long v, char *str) +_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]) { long d, r; - char temp[20]; + char temp[LTOSTR_MAX_SIZE]; int count, k, start; if (v < 0) @@ -552,7 +552,7 @@ count++; v = d; } - while (v); + while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); for (k = 0; k < count; k++) str[k + start] = temp[start + count - k - 1]; Index: libtasn1-6-3.4/lib/parser_aux.h =================================================================== --- libtasn1-6-3.4.orig/lib/parser_aux.h 2015-04-02 11:32:56.272565639 -0400 +++ libtasn1-6-3.4/lib/parser_aux.h 2015-04-02 11:32:56.268565609 -0400 @@ -54,7 +54,9 @@ void _asn1_delete_list_and_nodes (void); -char *_asn1_ltostr (long v, char *str); +/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ +#define LTOSTR_MAX_SIZE 22 +char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]); asn1_node _asn1_find_up (asn1_node node); debian/patches/CVE-2017-10790.patch0000664000000000000000000000462513232160132013322 0ustar Backport of: From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 22 Jun 2017 16:31:37 +0200 Subject: [PATCH] _asn1_check_identifier: safer access to values read Signed-off-by: Nikos Mavrogiannopoulos --- lib/parser_aux.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/parser_aux.c b/lib/parser_aux.c index b57fa4a..0d706b7 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -923,10 +923,10 @@ _asn1_check_identifier (asn1_node node) p2 = asn1_find_node (node, name2); if (p2 == NULL) { - if (p->value) - _asn1_strcpy (_asn1_identifierMissing, p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); + if (p->value) + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); return ASN1_IDENTIFIER_NOT_FOUND; } } @@ -937,9 +937,15 @@ _asn1_check_identifier (asn1_node node) if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) { _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + if (p2->value) + { + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + } + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) @@ -959,7 +965,8 @@ _asn1_check_identifier (asn1_node node) _asn1_str_cpy (name2, sizeof (name2), node->name); _asn1_str_cat (name2, sizeof (name2), "."); _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_strcpy (_asn1_identifierMissing, p2->value); + _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); + p2 = asn1_find_node (node, name2); if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || !(p2->type & CONST_ASSIGN)) debian/patches/CVE-2016-4008-1.patch0000664000000000000000000000206612707727335013413 0ustar From f435825c0f527a8e52e6ffbc3ad0bc60531d537e Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 4 Apr 2016 15:06:21 +0200 Subject: [PATCH] _asn1_extract_der_octet: catch invalid input cases early That is, check the calculated lengths for validity prior to entering a loop. This avoids an infinite recursion. Reported by Pascal Cuoq. --- lib/decoding.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Index: libtasn1-6-3.4/lib/decoding.c =================================================================== --- libtasn1-6-3.4.orig/lib/decoding.c 2016-04-26 14:09:30.925537109 -0400 +++ libtasn1-6-3.4/lib/decoding.c 2016-04-26 14:09:30.925537109 -0400 @@ -650,10 +650,17 @@ DECR_LEN(der_len, len3); if (len2 == -1) - counter_end = der_len - 2; + { + if (der_len < 2) + return ASN1_DER_ERROR; + counter_end = der_len - 2; + } else counter_end = der_len; + if (counter_end < counter) + return ASN1_DER_ERROR; + while (counter < counter_end) { DECR_LEN(der_len, 1); debian/patches/CVE-2017-6891.patch0000664000000000000000000000247113114045630013252 0ustar From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 18 May 2017 18:03:34 +0200 Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() This prevents a stack overflow in asn1_find_node() which is triggered by too long variable names in the definitions files. That means that applications have to deliberately pass a too long 'name' constant to asn1_write_value() and friends. Reported by Jakub Jirasek. Signed-off-by: Nikos Mavrogiannopoulos --- lib/parser_aux.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: libtasn1-6-3.4/lib/parser_aux.c =================================================================== --- libtasn1-6-3.4.orig/lib/parser_aux.c 2017-06-01 13:15:02.052336813 -0400 +++ libtasn1-6-3.4/lib/parser_aux.c 2017-06-01 13:15:02.048336767 -0400 @@ -114,6 +114,9 @@ asn1_find_node (asn1_node pointer, const if (n_end) { nsize = n_end - n_start; + if (nsize >= sizeof(n)) + return NULL; + memcpy (n, n_start, nsize); n[nsize] = 0; n_start = n_end; @@ -152,6 +155,9 @@ asn1_find_node (asn1_node pointer, const if (n_end) { nsize = n_end - n_start; + if (nsize >= sizeof(n)) + return NULL; + memcpy (n, n_start, nsize); n[nsize] = 0; n_start = n_end; debian/patches/CVE-2015-3622.patch0000664000000000000000000000215112520701567013240 0ustar From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 20 Apr 2015 14:56:27 +0200 Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reported by Hanno Böck. --- lib/decoding.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Index: libtasn1-6-3.4/lib/decoding.c =================================================================== --- libtasn1-6-3.4.orig/lib/decoding.c 2015-05-01 09:45:24.994212023 -0400 +++ libtasn1-6-3.4/lib/decoding.c 2015-05-01 09:45:24.990211987 -0400 @@ -647,6 +647,7 @@ return ASN1_DER_ERROR; counter = len3 + 1; + DECR_LEN(der_len, len3); if (len2 == -1) counter_end = der_len - 2; @@ -655,6 +656,7 @@ while (counter < counter_end) { + DECR_LEN(der_len, 1); len2 = asn1_get_length_der (der + counter, der_len, &len3); if (len2 < -1) @@ -676,7 +678,6 @@ len2 = 0; } - DECR_LEN(der_len, 1); counter += len2 + len3 + 1; } debian/patches/CVE-2014-3467-3468.patch0000664000000000000000000010265012362241500013643 0ustar Description: fix denial of service and possible code execution via invalid ASN.1 data Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=ff3b5c68cc32e30d19edbbc3a962b2266029f3cc Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=b32eae0501626fa8f28d3746246cef853b6a631e Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=0e80d79db71747644394fe3472dad28cd3e7b00b Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=154909136c12cfa5c60732b7210827dfb1ec6aee Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=eb83e268099b92e046f4ec224c8296f7bb61f159 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=25d7f2dbb74fa5033117e52638f082b94b3ef5fa Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=37a16434131c6ad8745b9accefec5cecb4cbb5b7 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=df4b741dfc41c1930fd73a5c7968479196961508 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=cc10a8c5443c751d920cfaca1f104089e43296be Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=609d5c1366fb424f6150c4eed358d246e61cf204 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6fee6745b1bd1a82f16ae9b607855a3e3ab39fc6 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=af0e8cd0bacf47ecce049165d3bc1ed9e861df1c Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=92541f56adbdb56bbc97b07c2e073bbcd9f11b4a Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f245088c5bd6c7e9bea18e5601ee24d431531558 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=51612fca32dda445056ca9a7533bae258acd3ecb Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=02d59b37540609c0be510642a8eb0f72799ca6c6 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=44a4680d83fe4ff732e4e1b826c987bc5d67bd1c Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=53958290ab731c8486531a3bdef54a933533579d Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=045ac8d01857265f422d0d74ca99944f70c0b9e3 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f09f2b9e497d0597f3372014838df08f81f653b4 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=6cd01f6f8f5fe4a85d4df3febec4d9133e360b72 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f Index: libtasn1-6-3.4/lib/decoding.c =================================================================== --- libtasn1-6-3.4.orig/lib/decoding.c 2014-07-18 11:43:56.225893253 -0400 +++ libtasn1-6-3.4/lib/decoding.c 2014-07-18 11:46:13.521898381 -0400 @@ -33,8 +33,25 @@ #include #include +#ifdef DEBUG +# define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) +#else +# define warn() +#endif + +#define HAVE_TWO(x) (x>=2?1:0) + +#define DECR_LEN(l, s) do { \ + l -= s; \ + if (l < 0) { \ + warn(); \ + result = ASN1_DER_ERROR; \ + goto cleanup; \ + } \ + } while (0) + static int -_asn1_get_indefinite_length_string (const unsigned char *der, int *len); +_asn1_get_indefinite_length_string (const unsigned char *der, int der_len, int *len); static void _asn1_error_description_tag_error (asn1_node node, char *ErrorDescription) @@ -149,7 +166,7 @@ /* Long form */ punt = 1; ris = 0; - while (punt <= der_len && der[punt] & 128) + while (punt < der_len && der[punt] & 128) { if (INT_MULTIPLY_OVERFLOW (ris, 128)) @@ -206,8 +223,7 @@ ret = asn1_get_length_der (ber, ber_len, len); if (ret == -1) { /* indefinite length method */ - ret = ber_len; - err = _asn1_get_indefinite_length_string (ber + 1, &ret); + err = _asn1_get_indefinite_length_string (ber + 1, ber_len, &ret); if (err != ASN1_SUCCESS) return -3; } @@ -233,12 +249,11 @@ int *ret_len, unsigned char *str, int str_size, int *str_len) { - int len_len; + int len_len = 0; if (der_len <= 0) return ASN1_GENERIC_ERROR; - /* if(str==NULL) return ASN1_SUCCESS; */ *str_len = asn1_get_length_der (der, der_len, &len_len); if (*str_len < 0) @@ -246,7 +261,10 @@ *ret_len = *str_len + len_len; if (str_size >= *str_len) - memcpy (str, der + len_len, *str_len); + { + if (*str_len > 0 && str != NULL) + memcpy (str, der + len_len, *str_len); + } else { return ASN1_MEM_ERROR; @@ -265,9 +283,11 @@ if (der_len <= 0 || str == NULL) return ASN1_DER_ERROR; + str_len = asn1_get_length_der (der, der_len, &len_len); - if (str_len < 0 || str_size < str_len) + if (str_len <= 0 || str_size < str_len) return ASN1_DER_ERROR; + memcpy (str, der + len_len, str_len); str[str_len] = 0; *ret_len = str_len + len_len; @@ -293,7 +313,7 @@ len = asn1_get_length_der (der, der_len, &len_len); - if (len < 0 || len > der_len || len_len > der_len) + if (len <= 0 || len + len_len > der_len) return ASN1_DER_ERROR; val1 = der[len_len] / 40; @@ -355,19 +375,26 @@ int *ret_len, unsigned char *str, int str_size, int *bit_len) { - int len_len, len_byte; + int len_len = 0, len_byte; if (der_len <= 0) return ASN1_GENERIC_ERROR; + len_byte = asn1_get_length_der (der, der_len, &len_len) - 1; if (len_byte < 0) return ASN1_DER_ERROR; *ret_len = len_byte + len_len + 1; *bit_len = len_byte * 8 - der[len_len]; + + if (*bit_len < 0) + return ASN1_DER_ERROR; if (str_size >= len_byte) - memcpy (str, der + len_len + 1, len_byte); + { + if (len_byte > 0 && str) + memcpy (str, der + len_len + 1, len_byte); + } else { return ASN1_MEM_ERROR; @@ -382,6 +409,7 @@ { asn1_node p; int counter, len2, len3, is_tag_implicit; + int result; unsigned long tag, tag_implicit = 0; unsigned char class, class2, class_implicit = 0; @@ -409,23 +437,21 @@ if (p->type & CONST_EXPLICIT) { if (asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, + (der + counter, der_len, &class, &len2, &tag) != ASN1_SUCCESS) return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; + DECR_LEN(der_len, len2); counter += len2; len3 = - asn1_get_length_ber (der + counter, der_len - counter, + asn1_get_length_ber (der + counter, der_len, &len2); if (len3 < 0) return ASN1_DER_ERROR; + DECR_LEN(der_len, len2); counter += len2; - if (counter > der_len) - return ASN1_DER_ERROR; if (!is_tag_implicit) { @@ -462,11 +488,11 @@ if (is_tag_implicit) { if (asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, + (der + counter, der_len, &class, &len2, &tag) != ASN1_SUCCESS) return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; + + DECR_LEN(der_len, len2); if ((class != class_implicit) || (tag != tag_implicit)) { @@ -485,18 +511,16 @@ unsigned type = type_field (node->type); if (type == ASN1_ETYPE_TAG) { - counter = 0; - *ret_len = counter; + *ret_len = 0; return ASN1_SUCCESS; } if (asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, + (der + counter, der_len, &class, &len2, &tag) != ASN1_SUCCESS) return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; + DECR_LEN(der_len, len2); switch (type) { @@ -546,6 +570,9 @@ counter += len2; *ret_len = counter; return ASN1_SUCCESS; + +cleanup: + return result; } static int @@ -612,97 +639,108 @@ int der_len) { int len2, len3; - int counter2, counter_end; + int counter, counter_end; + int result; len2 = asn1_get_length_der (der, der_len, &len3); if (len2 < -1) return ASN1_DER_ERROR; - counter2 = len3 + 1; + counter = len3 + 1; if (len2 == -1) counter_end = der_len - 2; else counter_end = der_len; - while (counter2 < counter_end) + while (counter < counter_end) { - len2 = asn1_get_length_der (der + counter2, der_len - counter2, &len3); + len2 = asn1_get_length_der (der + counter, der_len, &len3); if (len2 < -1) return ASN1_DER_ERROR; - if (len2 > 0) + if (len2 >= 0) { - _asn1_append_value (node, der + counter2 + len3, len2); + DECR_LEN(der_len, len2+len3); + _asn1_append_value (node, der + counter + len3, len2); } else { /* indefinite */ - - len2 = - _asn1_extract_der_octet (node, der + counter2 + len3, - der_len - counter2 - len3); - if (len2 < 0) - return len2; + DECR_LEN(der_len, len3); + result = + _asn1_extract_der_octet (node, der + counter + len3, + der_len); + if (result != ASN1_SUCCESS) + return result; + len2 = 0; } - counter2 += len2 + len3 + 1; + DECR_LEN(der_len, 1); + counter += len2 + len3 + 1; } return ASN1_SUCCESS; + +cleanup: + return result; } static int -_asn1_get_octet_string (const unsigned char *der, asn1_node node, int *len) +_asn1_get_octet_string (asn1_node node, const unsigned char *der, int der_len, int *len) { int len2, len3, counter, tot_len, indefinite; + int result; counter = 0; if (*(der - 1) & ASN1_CLASS_STRUCTURED) { tot_len = 0; - indefinite = asn1_get_length_der (der, *len, &len3); + indefinite = asn1_get_length_der (der, der_len, &len3); if (indefinite < -1) return ASN1_DER_ERROR; counter += len3; + DECR_LEN(der_len, len3); + if (indefinite >= 0) indefinite += len3; while (1) { - if (counter > (*len)) - return ASN1_DER_ERROR; - if (indefinite == -1) { - if ((der[counter] == 0) && (der[counter + 1] == 0)) + if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0)) { counter += 2; + DECR_LEN(der_len, 2); break; } } else if (counter >= indefinite) break; + DECR_LEN(der_len, 1); if (der[counter] != ASN1_TAG_OCTET_STRING) return ASN1_DER_ERROR; counter++; - len2 = asn1_get_length_der (der + counter, *len - counter, &len3); + len2 = asn1_get_length_der (der + counter, der_len, &len3); if (len2 <= 0) return ASN1_DER_ERROR; + DECR_LEN(der_len, len3 + len2); counter += len3 + len2; + tot_len += len2; } /* copy */ if (node) { - unsigned char temp[DER_LEN]; + unsigned char temp[ASN1_MAX_LENGTH_SIZE]; int ret; len2 = sizeof (temp); @@ -710,7 +748,7 @@ asn1_length_der (tot_len, temp, &len2); _asn1_set_value (node, temp, len2); - ret = _asn1_extract_der_octet (node, der, *len); + ret = _asn1_extract_der_octet (node, der, der_len); if (ret != ASN1_SUCCESS) return ret; @@ -718,10 +756,11 @@ } else { /* NOT STRUCTURED */ - len2 = asn1_get_length_der (der, *len, &len3); + len2 = asn1_get_length_der (der, der_len, &len3); if (len2 < 0) return ASN1_DER_ERROR; + DECR_LEN(der_len, len3+len2); counter = len3 + len2; if (node) _asn1_set_value (node, der, counter); @@ -730,12 +769,16 @@ *len = counter; return ASN1_SUCCESS; +cleanup: + return result; } static int -_asn1_get_indefinite_length_string (const unsigned char *der, int *len) +_asn1_get_indefinite_length_string (const unsigned char *der, + int der_len, int *len) { int len2, len3, counter, indefinite; + int result; unsigned long tag; unsigned char class; @@ -743,12 +786,11 @@ while (1) { - if ((*len) < counter) - return ASN1_DER_ERROR; - - if ((der[counter] == 0) && (der[counter + 1] == 0)) + if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0)) { counter += 2; + DECR_LEN(der_len, 2); + indefinite--; if (indefinite <= 0) break; @@ -757,36 +799,44 @@ } if (asn1_get_tag_der - (der + counter, *len - counter, &class, &len2, + (der + counter, der_len, &class, &len2, &tag) != ASN1_SUCCESS) return ASN1_DER_ERROR; - if (counter + len2 > *len) - return ASN1_DER_ERROR; + + DECR_LEN(der_len, len2); counter += len2; - len2 = asn1_get_length_der (der + counter, *len - counter, &len3); + + len2 = asn1_get_length_der (der + counter, der_len, &len3); if (len2 < -1) return ASN1_DER_ERROR; + if (len2 == -1) { indefinite++; counter += 1; + DECR_LEN(der_len, 1); } else { counter += len2 + len3; + DECR_LEN(der_len, len2+len3); } } *len = counter; return ASN1_SUCCESS; +cleanup: + return result; } + + /** * asn1_der_decoding: * @element: pointer to an ASN1 structure. * @ider: vector that contains the DER encoding. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1]. + * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1]. * @errorDescription: null-terminated string contains details when an * error occurred. * @@ -802,7 +852,7 @@ * name (*@ELEMENT deleted). **/ int -asn1_der_decoding (asn1_node * element, const void *ider, int len, +asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, char *errorDescription) { asn1_node node, p, p2, p3; @@ -824,6 +874,7 @@ if (node->type & CONST_OPTION) { result = ASN1_GENERIC_ERROR; + warn(); goto cleanup; } @@ -841,11 +892,12 @@ len2 = _asn1_strtol (p2->value, NULL, 10); if (len2 == -1) { - if (!der[counter] && !der[counter + 1]) + if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) { p = p2; move = UP; counter += 2; + DECR_LEN(ider_len, 2); continue; } } @@ -858,6 +910,7 @@ else if (counter > len2) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } p2 = p2->down; @@ -868,7 +921,7 @@ if (type_field (p2->type) != ASN1_ETYPE_CHOICE) ris = _asn1_extract_tag_der (p2, der + counter, - len - counter, &len2); + ider_len, &len2); else { p3 = p2->down; @@ -876,7 +929,7 @@ { ris = _asn1_extract_tag_der (p3, der + counter, - len - counter, &len2); + ider_len, &len2); if (ris == ASN1_SUCCESS) break; p3 = p3->right; @@ -894,6 +947,7 @@ if (p2 == NULL) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } } @@ -924,12 +978,10 @@ { while (p->down) { - if (counter < len) - ris = + ris = _asn1_extract_tag_der (p->down, der + counter, - len - counter, &len2); - else - ris = ASN1_DER_ERROR; + ider_len, &len2); + if (ris == ASN1_SUCCESS) { while (p->down->right) @@ -942,6 +994,7 @@ else if (ris == ASN1_ERROR_TYPE_ANY) { result = ASN1_ERROR_TYPE_ANY; + warn(); goto cleanup; } else @@ -956,6 +1009,7 @@ if (!(p->type & CONST_OPTION)) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } } @@ -967,13 +1021,15 @@ { p2 = _asn1_find_up (p); len2 = _asn1_strtol (p2->value, NULL, 10); + if ((len2 != -1) && (counter > len2)) ris = ASN1_TAG_ERROR; } if (ris == ASN1_SUCCESS) ris = - _asn1_extract_tag_der (p, der + counter, len - counter, &len2); + _asn1_extract_tag_der (p, der + counter, ider_len, &len2); + if (ris != ASN1_SUCCESS) { if (p->type & CONST_OPTION) @@ -992,11 +1048,15 @@ _asn1_error_description_tag_error (p, errorDescription); result = ASN1_TAG_ERROR; + warn(); goto cleanup; } } else - counter += len2; + { + DECR_LEN(ider_len, len2); + counter += len2; + } } if (ris == ASN1_SUCCESS) @@ -1004,18 +1064,23 @@ switch (type_field (p->type)) { case ASN1_ETYPE_NULL: + DECR_LEN(ider_len, 1); if (der[counter]) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } counter++; move = RIGHT; break; case ASN1_ETYPE_BOOLEAN: + DECR_LEN(ider_len, 2); + if (der[counter++] != 1) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } if (der[counter++] == 0) @@ -1027,50 +1092,68 @@ case ASN1_ETYPE_INTEGER: case ASN1_ETYPE_ENUMERATED: len2 = - asn1_get_length_der (der + counter, len - counter, &len3); + asn1_get_length_der (der + counter, ider_len, &len3); if (len2 < 0) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } + DECR_LEN(ider_len, len3+len2); + _asn1_set_value (p, der + counter, len3 + len2); counter += len3 + len2; move = RIGHT; break; case ASN1_ETYPE_OBJECT_ID: result = - _asn1_get_objectid_der (der + counter, len - counter, &len2, + _asn1_get_objectid_der (der + counter, ider_len, &len2, temp, sizeof (temp)); if (result != ASN1_SUCCESS) - goto cleanup; + { + warn(); + goto cleanup; + } + + DECR_LEN(ider_len, len2); tlen = strlen (temp); if (tlen > 0) _asn1_set_value (p, temp, tlen + 1); + counter += len2; move = RIGHT; break; case ASN1_ETYPE_GENERALIZED_TIME: case ASN1_ETYPE_UTC_TIME: result = - _asn1_get_time_der (der + counter, len - counter, &len2, temp, + _asn1_get_time_der (der + counter, ider_len, &len2, temp, sizeof (temp) - 1); if (result != ASN1_SUCCESS) - goto cleanup; + { + warn(); + goto cleanup; + } + + DECR_LEN(ider_len, len2); tlen = strlen (temp); if (tlen > 0) _asn1_set_value (p, temp, tlen); + counter += len2; move = RIGHT; break; case ASN1_ETYPE_OCTET_STRING: - len3 = len - counter; - result = _asn1_get_octet_string (der + counter, p, &len3); + result = _asn1_get_octet_string (p, der + counter, ider_len, &len3); if (result != ASN1_SUCCESS) - goto cleanup; + { + warn(); + goto cleanup; + } + DECR_LEN(ider_len, len3); counter += len3; move = RIGHT; break; @@ -1085,13 +1168,16 @@ case ASN1_ETYPE_VISIBLE_STRING: case ASN1_ETYPE_BIT_STRING: len2 = - asn1_get_length_der (der + counter, len - counter, &len3); + asn1_get_length_der (der + counter, ider_len, &len3); if (len2 < 0) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } + DECR_LEN(ider_len, len3+len2); + _asn1_set_value (p, der + counter, len3 + len2); counter += len3 + len2; move = RIGHT; @@ -1104,18 +1190,12 @@ _asn1_set_value (p, NULL, 0); if (len2 == -1) { /* indefinite length method */ - if (len - counter + 1 > 0) - { - if ((der[counter]) || der[counter + 1]) - { - result = ASN1_DER_ERROR; - goto cleanup; - } - } - else - { - result = ASN1_DER_ERROR; - goto cleanup; + DECR_LEN(ider_len, 2); + if ((der[counter]) || der[counter + 1]) + { + result = ASN1_DER_ERROR; + warn(); + goto cleanup; } counter += 2; } @@ -1124,6 +1204,7 @@ if (len2 != counter) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } } @@ -1132,13 +1213,17 @@ else { /* move==DOWN || move==RIGHT */ len3 = - asn1_get_length_der (der + counter, len - counter, &len2); + asn1_get_length_der (der + counter, ider_len, &len2); if (len3 < -1) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } + + DECR_LEN(ider_len, len2); counter += len2; + if (len3 > 0) { _asn1_ltostr (counter + len3, temp); @@ -1177,13 +1262,7 @@ len2 = _asn1_strtol (p->value, NULL, 10); if (len2 == -1) { /* indefinite length method */ - if ((counter + 2) > len) - { - result = ASN1_DER_ERROR; - goto cleanup; - } - - if ((der[counter]) || der[counter + 1]) + if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1])) { _asn1_append_sequence_set (p); p = p->down; @@ -1192,7 +1271,9 @@ move = RIGHT; continue; } + _asn1_set_value (p, NULL, 0); + DECR_LEN(ider_len, 2); counter += 2; } else @@ -1206,10 +1287,12 @@ move = RIGHT; continue; } + _asn1_set_value (p, NULL, 0); if (len2 != counter) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } } @@ -1217,12 +1300,15 @@ else { /* move==DOWN || move==RIGHT */ len3 = - asn1_get_length_der (der + counter, len - counter, &len2); + asn1_get_length_der (der + counter, ider_len, &len2); if (len3 < -1) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } + + DECR_LEN(ider_len, len2); counter += len2; if (len3) { @@ -1251,46 +1337,59 @@ break; case ASN1_ETYPE_ANY: if (asn1_get_tag_der - (der + counter, len - counter, &class, &len2, + (der + counter, ider_len, &class, &len2, &tag) != ASN1_SUCCESS) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } - if (counter + len2 > len) - { - result = ASN1_DER_ERROR; - goto cleanup; - } + DECR_LEN(ider_len, len2); + len4 = asn1_get_length_der (der + counter + len2, - len - counter - len2, &len3); + ider_len, &len3); if (len4 < -1) { result = ASN1_DER_ERROR; + warn(); goto cleanup; } - if (len4 != -1) + if (len4 != -1) /* definite */ { len2 += len4; + + DECR_LEN(ider_len, len4+len3); _asn1_set_value_lv (p, der + counter, len2 + len3); counter += len2 + len3; } - else + else /* == -1 */ { /* indefinite length */ + ider_len += len2; /* undo DECR_LEN */ + + if (counter == 0) + { + result = ASN1_DER_ERROR; + warn(); + goto cleanup; + } + /* Check indefinite lenth method in an EXPLICIT TAG */ if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) indefinite = 1; else indefinite = 0; - len2 = len - counter; result = - _asn1_get_indefinite_length_string (der + counter, &len2); + _asn1_get_indefinite_length_string (der + counter, ider_len, &len2); if (result != ASN1_SUCCESS) - goto cleanup; + { + warn(); + goto cleanup; + } + DECR_LEN(ider_len, len2); _asn1_set_value_lv (p, der + counter, len2); counter += len2; @@ -1298,6 +1397,7 @@ an indefinite length method. */ if (indefinite) { + DECR_LEN(ider_len, 2); if (!der[counter] && !der[counter + 1]) { counter += 2; @@ -1305,6 +1405,7 @@ else { result = ASN1_DER_ERROR; + warn(); goto cleanup; } } @@ -1340,8 +1441,9 @@ _asn1_delete_not_used (*element); - if (counter != len) + if (ider_len != 0) { + warn(); result = ASN1_DER_ERROR; goto cleanup; } @@ -1374,6 +1476,9 @@ * decoding procedure, the *@STRUCTURE is deleted and set equal to * %NULL. * + * This function is deprecated and may just be an alias to asn1_der_decoding + * in future versions. Use asn1_der_decoding() instead. + * * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND * if ELEMENT is %NULL or @elementName == NULL, and * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't @@ -1737,15 +1842,14 @@ move = RIGHT; break; case ASN1_ETYPE_OCTET_STRING: - len3 = len - counter; if (state == FOUND) { - result = _asn1_get_octet_string (der + counter, p, &len3); + result = _asn1_get_octet_string (p, der + counter, len-counter, &len3); if (p == nodeFound) state = EXIT; } else - result = _asn1_get_octet_string (der + counter, NULL, &len3); + result = _asn1_get_octet_string (NULL, der + counter, len-counter, &len3); if (result != ASN1_SUCCESS) goto cleanup; @@ -1987,9 +2091,8 @@ else indefinite = 0; - len2 = len - counter; result = - _asn1_get_indefinite_length_string (der + counter, &len2); + _asn1_get_indefinite_length_string (der + counter, len-counter, &len2); if (result != ASN1_SUCCESS) goto cleanup; @@ -2160,7 +2263,7 @@ * asn1_der_decoding_startEnd: * @element: pointer to an ASN1 element * @ider: vector that contains the DER encoding. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1] + * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1] * @name_element: an element of NAME structure. * @start: the position of the first byte of NAME_ELEMENT decoding * (@ider[*start]) @@ -2182,14 +2285,14 @@ * doesn't match the structure ELEMENT. **/ int -asn1_der_decoding_startEnd (asn1_node element, const void *ider, int len, +asn1_der_decoding_startEnd (asn1_node element, const void *ider, int ider_len, const char *name_element, int *start, int *end) { asn1_node node, node_to_find, p, p2, p3; int counter, len2, len3, len4, move, ris; unsigned char class; unsigned long tag; - int indefinite; + int indefinite, result = ASN1_DER_ERROR; const unsigned char *der = ider; node = element; @@ -2205,7 +2308,7 @@ if (node_to_find == node) { *start = 0; - *end = len - 1; + *end = ider_len - 1; return ASN1_SUCCESS; } @@ -2228,16 +2331,20 @@ { p2 = _asn1_find_up (p); if (p2 == NULL) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } len2 = _asn1_strtol (p2->value, NULL, 10); if (len2 == -1) { - if (!der[counter] && !der[counter + 1]) + if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) { p = p2; move = UP; counter += 2; + DECR_LEN(ider_len, 2); continue; } } @@ -2248,7 +2355,10 @@ continue; } else if (counter > len2) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } p2 = p2->down; @@ -2259,7 +2369,7 @@ if (type_field (p2->type) != ASN1_ETYPE_CHOICE) ris = _asn1_extract_tag_der (p2, der + counter, - len - counter, &len2); + ider_len, &len2); else { p3 = p2->down; @@ -2268,7 +2378,7 @@ ris = _asn1_extract_tag_der (p3, der + counter, - len - counter, &len2); + ider_len, &len2); } if (ris == ASN1_SUCCESS) { @@ -2280,7 +2390,10 @@ p2 = p2->right; } if (p2 == NULL) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } } if (p == node_to_find) @@ -2290,10 +2403,13 @@ { p = p->down; if (p == NULL) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } ris = - _asn1_extract_tag_der (p, der + counter, len - counter, + _asn1_extract_tag_der (p, der + counter, ider_len, &len2); if (p == node_to_find) *start = counter; @@ -2301,7 +2417,7 @@ if (ris == ASN1_SUCCESS) ris = - _asn1_extract_tag_der (p, der + counter, len - counter, &len2); + _asn1_extract_tag_der (p, der + counter, ider_len, &len2); if (ris != ASN1_SUCCESS) { if (p->type & CONST_OPTION) @@ -2315,11 +2431,15 @@ } else { + warn(); return ASN1_TAG_ERROR; } } else - counter += len2; + { + DECR_LEN(ider_len, len2); + counter += len2; + } } if (ris == ASN1_SUCCESS) @@ -2327,22 +2447,36 @@ switch (type_field (p->type)) { case ASN1_ETYPE_NULL: + DECR_LEN(ider_len, 1); + if (der[counter]) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } counter++; move = RIGHT; break; case ASN1_ETYPE_BOOLEAN: - if (der[counter++] != 1) - return ASN1_DER_ERROR; - counter++; + DECR_LEN(ider_len, 2); + + if (der[counter] != 1) + { + warn(); + return ASN1_DER_ERROR; + } + + counter += 2; move = RIGHT; break; case ASN1_ETYPE_OCTET_STRING: - len3 = len - counter; - ris = _asn1_get_octet_string (der + counter, NULL, &len3); + ris = _asn1_get_octet_string (NULL, der + counter, ider_len, &len3); if (ris != ASN1_SUCCESS) - return ris; + { + warn(); + return ris; + } + DECR_LEN(ider_len, len3); counter += len3; move = RIGHT; break; @@ -2362,9 +2496,14 @@ case ASN1_ETYPE_VISIBLE_STRING: case ASN1_ETYPE_BIT_STRING: len2 = - asn1_get_length_der (der + counter, len - counter, &len3); + asn1_get_length_der (der + counter, ider_len, &len3); if (len2 < 0) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } + + DECR_LEN(ider_len, len3 + len2); counter += len3 + len2; move = RIGHT; break; @@ -2373,10 +2512,16 @@ if (move != UP) { len3 = - asn1_get_length_der (der + counter, len - counter, &len2); + asn1_get_length_der (der + counter, ider_len, &len2); if (len3 < -1) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } + + DECR_LEN(ider_len, len2); counter += len2; + if (len3 == 0) move = RIGHT; else @@ -2384,8 +2529,11 @@ } else { - if (!der[counter] && !der[counter + 1]) /* indefinite length method */ - counter += 2; + if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) /* indefinite length method */ + { + counter += 2; + DECR_LEN(ider_len, 2); + } move = RIGHT; } break; @@ -2394,13 +2542,26 @@ if (move != UP) { len3 = - asn1_get_length_der (der + counter, len - counter, &len2); + asn1_get_length_der (der + counter, ider_len, &len2); if (len3 < -1) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } + + DECR_LEN(ider_len, len2); counter += len2; - if ((len3 == -1) && !der[counter] && !der[counter + 1]) - counter += 2; - else if (len3) + + if (len3 == -1) + { + if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) + { + DECR_LEN(ider_len, 2); + counter += 2; + } + } + + if (len3) { p2 = p->down; while ((type_field (p2->type) == ASN1_ETYPE_TAG) || @@ -2411,52 +2572,79 @@ } else { - if (!der[counter] && !der[counter + 1]) /* indefinite length method */ - counter += 2; + if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) /* indefinite length method */ + { + DECR_LEN(ider_len, 2); + counter += 2; + } } move = RIGHT; break; case ASN1_ETYPE_ANY: if (asn1_get_tag_der - (der + counter, len - counter, &class, &len2, + (der + counter, ider_len, &class, &len2, &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > len) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } + + DECR_LEN(ider_len, len2); len4 = asn1_get_length_der (der + counter + len2, - len - counter - len2, &len3); + ider_len, &len3); if (len4 < -1) - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } if (len4 != -1) { - counter += len2 + len4 + len3; + DECR_LEN(ider_len, len3 + len4); + counter += len2 + len3 + len4; } else { /* indefinite length */ /* Check indefinite lenth method in an EXPLICIT TAG */ + ider_len += len2; /* undo DECR_LEN */ + + if (counter == 0) + { + result = ASN1_DER_ERROR; + warn(); + goto cleanup; + } + if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) indefinite = 1; else indefinite = 0; - len2 = len - counter; ris = - _asn1_get_indefinite_length_string (der + counter, &len2); + _asn1_get_indefinite_length_string (der + counter, ider_len, &len2); if (ris != ASN1_SUCCESS) - return ris; + { + warn(); + return ris; + } counter += len2; + DECR_LEN(ider_len, len2); /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with an indefinite length method. */ if (indefinite) { + DECR_LEN(ider_len, 2); + if (!der[counter] && !der[counter + 1]) counter += 2; else - return ASN1_DER_ERROR; + { + warn(); + return ASN1_DER_ERROR; + } } } move = RIGHT; @@ -2494,7 +2682,11 @@ p = _asn1_find_up (p); } + warn(); return ASN1_ELEMENT_NOT_FOUND; + +cleanup: + return result; } /** debian/patches/CVE-2014-3469.patch0000664000000000000000000001202012362241536013243 0ustar Description: fix denial of service via NULL value Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/lib/element.c?id=a8b3e14f84174e01755bfd1be5448fffce7c9ffa Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/lib/element.c?id=3d6a02f19ff15a38dae9686033e37499b3968256 Origin: backport, http://git.savannah.gnu.org/cgit/libtasn1.git/commit/lib/element.c?id=53958290ab731c8486531a3bdef54a933533579d Index: libtasn1-6-3.4/lib/element.c =================================================================== --- libtasn1-6-3.4.orig/lib/element.c 2013-11-25 14:14:32.000000000 -0500 +++ libtasn1-6-3.4/lib/element.c 2014-07-18 11:49:02.037904674 -0400 @@ -112,8 +112,11 @@ /* VALUE_OUT is too short to contain the value conversion */ return ASN1_MEM_ERROR; - for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) - value_out[k2 - k] = val[k2]; + if (value_out != NULL) + { + for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) + value_out[k2 - k] = val[k2]; + } #if 0 printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); @@ -615,7 +618,8 @@ if (ptr_size < data_size) { \ return ASN1_MEM_ERROR; \ } else { \ - memcpy( ptr, data, data_size); \ + if (ptr && data_size > 0) \ + memcpy( ptr, data, data_size); \ } #define PUT_STR_VALUE( ptr, ptr_size, data) \ @@ -624,7 +628,9 @@ return ASN1_MEM_ERROR; \ } else { \ /* this strcpy is checked */ \ - _asn1_strcpy(ptr, data); \ + if (ptr) { \ + _asn1_strcpy(ptr, data); \ + } \ } #define PUT_AS_STR_VALUE( ptr, ptr_size, data, data_size) \ @@ -633,36 +639,42 @@ return ASN1_MEM_ERROR; \ } else { \ /* this strcpy is checked */ \ - memcpy(ptr, data, data_size); \ - ptr[data_size] = 0; \ + if (ptr) { \ + if (data_size > 0) \ + memcpy (ptr, data, data_size); \ + ptr[data_size] = 0; \ + } \ } #define ADD_STR_VALUE( ptr, ptr_size, data) \ - *len = (int) _asn1_strlen(data) + 1; \ - if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcat is checked */ \ - _asn1_strcat(ptr, data); \ - } + *len += _asn1_strlen(data); \ + if (ptr_size < (int) *len) { \ + (*len)++; \ + return ASN1_MEM_ERROR; \ + } else { \ + /* this strcat is checked */ \ + if (ptr) _asn1_strcat (ptr, data); \ + } /** * asn1_read_value: * @root: pointer to a structure. * @name: the name of the element inside a structure that you want to read. * @ivalue: vector that will contain the element's content, must be a - * pointer to memory cells already allocated. + * pointer to memory cells already allocated (may be %NULL). * @len: number of bytes of *value: value[0]..value[len-1]. Initialy * holds the sizeof value. * - * Returns the value of one element inside a structure. - * - * If an element is OPTIONAL and the function "read_value" returns + * Returns the value of one element inside a structure. + * If an element is OPTIONAL and this returns * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present * in the der encoding that created the structure. The first element * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and * so on. * + * Note that there can be valid values with length zero. In these case + * this function will succeed and @len will be zero. + * * INTEGER: VALUE will contain a two's complement form integer. * * integer=-1 -> value[0]=0xFF , len=1. @@ -718,19 +730,22 @@ * @root: pointer to a structure. * @name: the name of the element inside a structure that you want to read. * @ivalue: vector that will contain the element's content, must be a - * pointer to memory cells already allocated. + * pointer to memory cells already allocated (may be %NULL). * @len: number of bytes of *value: value[0]..value[len-1]. Initialy * holds the sizeof value. * @etype: The type of the value read (ASN1_ETYPE) * - * Returns the value of one element inside a structure. - * - * If an element is OPTIONAL and the function "read_value" returns + * Returns the value of one element inside a structure. + * If an element is OPTIONAL and this returns * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present * in the der encoding that created the structure. The first element * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and * so on. * + * Note that there can be valid values with length zero. In these case + * this function will succeed and @len will be zero. + * + * * INTEGER: VALUE will contain a two's complement form integer. * * integer=-1 -> value[0]=0xFF , len=1. @@ -874,7 +889,9 @@ case ASN1_ETYPE_OBJECT_ID: if (node->type & CONST_ASSIGN) { - value[0] = 0; + *len = 0; + if (value) + value[0] = 0; p = node->down; while (p) { @@ -888,7 +905,7 @@ } p = p->right; } - *len = _asn1_strlen (value) + 1; + (*len)++; } else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) { debian/changelog0000664000000000000000000005667013232177527011071 0ustar libtasn1-6 (3.4-3ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference and DoS - debian/patches/CVE-2017-10790.patch: safer access to values read in /lib/parser_aux.c. - CVE-2017-10790 -- Leonidas S. Barbosa Wed, 24 Jan 2018 16:37:09 -0300 libtasn1-6 (3.4-3ubuntu0.5) trusty-security; urgency=medium * SECURITY UPDATE: buffer overflow via specially crafted assignments file - debian/patches/CVE-2017-6891.patch: add checks to lib/parser_aux.c. - CVE-2017-6891 -- Marc Deslauriers Thu, 01 Jun 2017 13:15:06 -0400 libtasn1-6 (3.4-3ubuntu0.4) trusty-security; urgency=medium * SECURITY UPDATE: infinite loop via malformed DER cert - debian/patches/CVE-2016-4008-1.patch: catch invalid input cases early in lib/decoding.c. - debian/patches/CVE-2016-4008-2.patch: properly account bytes read in lib/decoding.c. - CVE-2016-4008 -- Marc Deslauriers Tue, 26 Apr 2016 14:11:17 -0400 libtasn1-6 (3.4-3ubuntu0.3) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via overflow in _asn1_extract_der_octet. - debian/patches/CVE-2015-3622.patch: properly handle length in lib/decoding.c. - CVE-2015-3622 -- Marc Deslauriers Fri, 01 May 2015 09:45:29 -0400 libtasn1-6 (3.4-3ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via overflow in _asn1_ltostr - debian/patches/CVE-2015-2806.patch: introduce LTOSTR_MAX_SIZE and use in lib/coding.c, lib/decoding.c, lib/element.c, lib/parser_aux.c, lib/parser_aux.h. - CVE-2015-2806 -- Marc Deslauriers Thu, 02 Apr 2015 11:12:05 -0400 libtasn1-6 (3.4-3ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via invalid ASN.1 data - debian/patches/CVE-2014-3467-3468.patch: properly calculate lengths in lib/decoding.c. - CVE-2014-3467 - CVE-2014-3468 * SECURITY UPDATE: denial of service via NULL value - debian/patches/CVE-2014-3469.patch: check for NULLs in lib/element.c. - CVE-2014-3469 -- Marc Deslauriers Fri, 18 Jul 2014 11:49:24 -0400 libtasn1-6 (3.4-3) unstable; urgency=medium * Point vcs* to git. * Add debian/upstream-signing-key.pgp (listed in debian/source/include-binaries) and update watchfile to check upstream signature. * Add transitional packages for libtasn1-3-dev and -bin. (#730856) -- Andreas Metzler Sat, 01 Feb 2014 11:39:30 +0100 libtasn1-6 (3.4-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Fri, 29 Nov 2013 18:46:13 +0100 libtasn1-6 (3.4-1) experimental; urgency=low * New upstream version, bump shlibs. (asn1_delete_structure2 was added.) -- Andreas Metzler Tue, 26 Nov 2013 19:34:41 +0100 libtasn1-6 (3.3-2) unstable; urgency=low * Use debhelper v9 mode. This allows us to mark libtasn1-6-dbg Multi-Arch: same. * Point Vcs-* to anonscm.debian.org. -- Andreas Metzler Sun, 23 Jun 2013 15:14:02 +0200 libtasn1-6 (3.3-1) unstable; urgency=low * libtasn1-6-dbg needs to Break/Relaces libtasn1-3-dbg. Closes: #699795 * New upstream version. -- Andreas Metzler Wed, 03 Apr 2013 19:48:23 +0200 libtasn1-6 (3.2-1) unstable; urgency=low * New upstream version, almost identical to 3.1 with 20_overflow-in-parser.diff. + Drop 20_overflow-in-parser.diff. * Upload to unstable. This is a leaf package, uploaded the first time to unstable yet and will not hurt the release. -- Andreas Metzler Sat, 02 Feb 2013 09:07:14 +0100 libtasn1-6 (3.1-1) experimental; urgency=low * New upstream version. * New symbols added, bump shlibs. * 20_overflow-in-parser.diff from upstream git fixes a possible buffer overflow. (Caught by testsuite on hardened build.) -- Andreas Metzler Mon, 26 Nov 2012 19:04:16 +0100 libtasn1-6 (3.0-1) experimental; urgency=low * New upstream version, soname bumped. Change source and binary package names (libtasn1-3* to libtasn1-6* except for libtasn1-3-bin which is renamed to libtasn1-bin). -- Andreas Metzler Thu, 01 Nov 2012 15:29:34 +0100 libtasn1-3 (2.14-2) experimental; urgency=low * Fix typo in shlibs version. -- Andreas Metzler Thu, 27 Sep 2012 20:12:43 +0200 libtasn1-3 (2.14-1) experimental; urgency=low [ Simon Josefsson ] * Build gtk-doc reference manual. [ Andreas Metzler ] * Fix building twice in row. make distclean removes html/pdf docs, which were missing on install. gtk-doc modifies doc/reference/tmpl/libtasn1.sgml, remove it on clean. * Ship gtk-doc manual, symlink html version to usr/share/doc. * With these three changes together gtk-doc-tools and texlive-latex-base are uctually sed for build (or re-build in same sourcedirectory). Closes: #682464 * New upstream version. Bump shlibs. -- Andreas Metzler Wed, 26 Sep 2012 18:49:47 +0200 libtasn1-3 (2.13-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Thu, 07 Jun 2012 17:45:46 +0200 libtasn1-3 (2.13-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 31 May 2012 19:48:46 +0200 libtasn1-3 (2.12-1) unstable; urgency=medium * New upstream version. + Fixes CVE-2012-1569. -- Andreas Metzler Mon, 19 Mar 2012 19:25:16 +0100 libtasn1-3 (2.11-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Fri, 25 Nov 2011 19:04:40 +0100 libtasn1-3 (2.10-1) unstable; urgency=low [Simon Josefsson] * Fix Debian BTS URL in --with-packager-bug-reports option. [Andreas Metzler] * New upstream Version. (Includes workaround for #639818) * Point watchfile to ftp.gnu.org instead of ftp.gnutls.org. * [debian/control] Drop priority and section from libtasn1-3 binary package stanza. * Update debian/copyright. -- Andreas Metzler Mon, 31 Oct 2011 08:54:49 +0100 libtasn1-3 (2.9-4) unstable; urgency=low * Merge from Ubuntu (build for multiarch): + configure with --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH), update *.install accordingly. + Bump cdbs Build-Depends to 0.4.93 (required for expanding $(DEB_HOST_MULTIARCH)). + Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}). + runtime library is Multi-Arch: same and has Pre-Depends: ${misc:Pre-Depends}, -bin (helper binaries) is Multi-Arch: foreign. -dev is unchanged. * Diverge from the Ubuntu patch by not settting Multi-Arch: same on -dbg package. It contains debugging symbols for both library and helper binaries ( e.g. /usr/lib/debug/usr/bin/asn1Decoding) and is therefore not co-installable with itself. -- Andreas Metzler Sat, 18 Jun 2011 09:13:50 +0200 libtasn1-3 (2.9-3) unstable; urgency=low * Stop shipping libtool la file in -dev package, now that it is not refered in other packages' dependency_libs anymore. * Stop setting CFLAGS += -Wall, it is set by default again. -- Andreas Metzler Sun, 24 Apr 2011 08:29:12 +0200 libtasn1-3 (2.9-2) unstable; urgency=low * Upload to unstable. * Downgrade libtasn1-3 priority to standard. * Drop superfluous code from debian/rules. * set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not seem to set it by default. -- Andreas Metzler Sat, 12 Feb 2011 16:38:16 +0100 libtasn1-3 (2.9-1) experimental; urgency=low * New upstream release. * Use debhelper compatibility level 7. * Fix libtasn1-3-dbg short description. * Drop -D_REENTRANT from CFLAGS. * Drop DEB_DH_STRIP_ARGS = --dbg-package libtasn1-3-dbg from debian/rules, it is handled automatically. * Drop old Conflicts/Replaces that were relevant when upgrading from sarge and earlier, i.e. from versions older than old-stable. * Standards-Version: 3.9.1 -- Andreas Metzler Sat, 08 Jan 2011 10:31:39 +0100 libtasn1-3 (2.7-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Sat, 29 May 2010 09:10:34 +0200 libtasn1-3 (2.6-1) unstable; urgency=low * New upstream version. * Drop libtasn1-config.1, we have not shipped the documented script since 2.0. -- Andreas Metzler Sat, 24 Apr 2010 09:12:34 +0200 libtasn1-3 (2.5-1) unstable; urgency=low * New upstream version. * Do not run test-suite when cross compiling. (Thanks, Colin Watson) Closes: #554343 -- Andreas Metzler Mon, 15 Mar 2010 19:16:34 +0100 libtasn1-3 (2.4-1) unstable; urgency=low * New upstream version. * Update debian/copyright. * Drop cdbs simple-patchsys in favour of dpkg-source v3. Remove unneeded debian/README.source. * Use dh_installinfo instead of dh_install for info files to get the recommended dependency on dpkg (>= 1.15.4) | install-info. -- Andreas Metzler Sat, 23 Jan 2010 15:20:23 +0100 libtasn1-3 (2.3-1) unstable; urgency=low * Move libtasn1-3-bin to section devel. #532649 * New upstream version. * Set newly available --with-packager options. * Update homepage location, this is now an official GNU project. * Standards version 3.8.2: + In debian/copyright point to /usr/share/common-licenses/GFDL-1.3 instead of shipping our own copy. * Fix dh_install pattern for installation of info files to not match a dir file. -- Andreas Metzler Fri, 31 Jul 2009 19:27:41 +0200 libtasn1-3 (2.2-1) unstable; urgency=low * Sync debian/control with override file, libtasn1-3-dbg is section debug. * New upstream version. * Standards-Version 3.8.1, no changes required. * Add Homepage field to debian/control. -- Andreas Metzler Thu, 21 May 2009 09:06:49 +0200 libtasn1-3 (2.0~0.20090323-1) experimental; urgency=low * New upstream version, 2.0 prerelease. + Does not include libtasn1-config anymore. -- Andreas Metzler Sun, 29 Mar 2009 17:44:46 +0200 libtasn1-3 (1.8-1) unstable; urgency=low * New upstream version. * [lintian] Add ${misc:Depends}. * Standards-Version 3.8.0. + Rename README.source_and_patches to README.source -- Andreas Metzler Tue, 17 Feb 2009 13:17:19 +0100 libtasn1-3 (1.7-1) experimental; urgency=low * New upstream release * docs are now FDL 1.3, update debian/copyright. * 1.6 introduces asn1_strerror, et.al. as replacement for the libtasn1_* stuff. Bump shlibs. * libtasn1.m4 is gone (use pkg-config, please). -- Andreas Metzler Tue, 18 Nov 2008 20:02:52 +0100 libtasn1-3 (1.5-3) experimental; urgency=low * Cherry-pick the patch for handling BER encoded certificates without the ABI breakage introduced by tree optimization from upstream git. * Also add resulting patchlet for tests/Makefile.in and TestIndef.p12 (Binary file), fixing FTBFS. Closes: #504783 -- Andreas Metzler Sun, 16 Nov 2008 15:27:50 +0100 libtasn1-3 (1.5-2) experimental; urgency=low * Add Simon Josefsson to uploaders. * Support decoding of PKCS#12 certificates. (Patch from upstream). Bump shlibs. Closes: #503833 -- Andreas Metzler Thu, 06 Nov 2008 19:18:58 +0100 libtasn1-3 (1.5-1) unstable; urgency=low * New upstream bugfix release. * Drop tetex-bin Build-Depends alternative. -- Andreas Metzler Sat, 20 Sep 2008 08:43:45 +0200 libtasn1-3 (1.4-1) unstable; urgency=low * New upstream version. * remove cruft from debian/rules * Use Programming/C instead of gone section Apps/Net for doc-base. -- Andreas Metzler Sat, 26 Apr 2008 09:47:38 +0200 libtasn1-3 (1.3-1) unstable; urgency=low * New upstream version. * Add Vcs-Svn: and Vcs-Browser control fields. * [lintian-happiness] Stop ignoring errors on $(MAKE) distclean. * Set CFLAGS += -D_REENTRANT, since policy requires it and upstream stopped setting it by default. -- Andreas Metzler Sat, 02 Feb 2008 09:44:03 +0100 libtasn1-3 (1.2-1) unstable; urgency=low * New upstream version. * Standards-Version: 3.7.3. ${binary:Version} instead of ${Source-Version}. -- Andreas Metzler Wed, 26 Dec 2007 10:27:50 +0100 libtasn1-3 (1.1-1) unstable; urgency=low * New upstream version 1.1. - Uses GPLv3+ for self tests, tools /with their manpages) and build infrastructure. - The library itself continues to stay LGPLv2.1+ * Update debian/copyright. -- Andreas Metzler Sun, 2 Dec 2007 09:28:57 +0100 libtasn1-3 (0.3.10-1) unstable; urgency=low * add texlive-latex-base | tetex-bin to build-depends to allow to run dpkg-build-package twice in the same extracted sourcecode. (According to my tests this is the minimal package for working pdf-generation from makeinfo.) Closes: #424540 * New upstream version 0.3.10. (Just updated gnulib files and minimal changes to configure.in.) -- Andreas Metzler Sat, 11 Aug 2007 09:45:09 +0200 libtasn1-3 (0.3.9-1) unstable; urgency=low * New upstream version. * Switch to debhelper v5 mode. Drop usr/share/doc/* from debian/libtasn1-3-dev.install. Bump build-depends. * Downgrade libtasn1-3-bin priority to extra and drop Recomends on libtasn1-3-bin in libtasn1-3. (Closes: #416556) -- Andreas Metzler Sun, 8 Apr 2007 12:06:30 +0200 libtasn1-3 (0.3.8-1) experimental; urgency=low [ James Westby ] * Quote $(CURDIR) in debian/rules to avoid FTBFS if it has spaces. [ Andreas Metzler ] * New upstream version. - Fix reading of binary files in asn1Decoding, for Windows. -- Andreas Metzler Sat, 3 Feb 2007 10:39:02 +0100 libtasn1-3 (0.3.7-1) experimental; urgency=low [ Andreas Metzler ] * New upstream version. Uploaded to experimental, because we are frozen. * Drop patches/20_asnparser.diff (condionally #include only #ifdef HAVE_UNISTD_H). -- Andreas Metzler Sat, 14 Oct 2006 15:13:50 +0200 libtasn1-3 (0.3.6-2) unstable; urgency=low [ Andreas Metzler ] * Add a watchfile. * Add a copy of the FDL 1.2 to debian/copyright. -- Andreas Metzler Sat, 14 Oct 2006 14:37:30 +0200 libtasn1-3 (0.3.6-1) unstable; urgency=low * New upstream version. * Drop superfluous patches: - 30_man_hyphen_get_length.diff - 30_man_hyphen_read_value.diff - 30_man_hyphen_write_value.diff -- Andreas Metzler Sat, 16 Sep 2006 16:15:10 +0200 libtasn1-3 (0.3.5-2) unstable; urgency=low [ Andreas Metzler ] * Add libtasn1-2 (<< 0.2.17-1) to libtasn-3-bin's Conflicts/Replaces. (closes: #379424) -- Andreas Metzler Sun, 23 Jul 2006 16:31:38 +0200 libtasn1-3 (0.3.5-1) unstable; urgency=low [ Andreas Metzler ] * Ship pkg-config file libtasn1.pc. [ James Westby ] * New upstream revision. - Fixes creation of zero length buffers on 64 bit platforms. (closes: #375630) -- Andreas Metzler Tue, 27 Jun 2006 19:01:34 +0200 libtasn1-3 (0.3.4-2) unstable; urgency=low [ Andreas Metzler ] * Set maintainer to alioth mailinglist. * Drop code for updating config.guess/config.sub from debian/rules, as cdbs handles this. Build-Depend on autotools-dev. * Use cdbs' simple-patchsys.mk. - add debian/README.source_and_patches - add patches/20_asnparser.diff * Do not gzip pdf documentation. * Register library manual with doc-base. * Standards version 3.7.2, no changes required. [ James Westby ] * Added debian/patches/30_man_hyphen* to fix a lintain warning about use of "-" as a minus sign. * Added a man-page for libtasn1-config in libtasn1-3-dev. -- Andreas Metzler Wed, 7 Jun 2006 20:14:52 +0200 libtasn1-3 (0.3.4-1) experimental; urgency=low * New maintainer team. Thanks, Matthias for all the work you did. * New upstream version, based on Bastian's NMU. (closes: #356694) Replacing libtasn1-2 with this version is going to fix grave bug #352182. * clean packaging against upstream tarball. - Set DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script to force versioning of symbols, instead of patching ./configure.in. - Disable invocation of gnulib-tool in debian/rules. - Upstream tarball does not contain ansn1.tex and fdl.tex. Ignore the former and use fdl.texi for the latter. - stop removing doc/libtasn1.ps on clean and drop build-dependency on tetex-bin, tetex-extra. - The file is part of the upstream tarball, no need to regenerate it unless we patch the sources. - ship libtasn1.pdf instead of libtasn1.pdf. - drop build-depency on binutils (>= 2.14.90.0.7), even sarge has 2.15-6. - use dh_install instead of dh_move and manual instal -m... commands, simplifiying debian/rules. - remove debian/*.dirs. - drop Debian-specific stub manpage for asn1Decoding.1 asn1Parser.1 asn1Coding.1 and use the upstream one instead. * libtasn1-3-bin conflicts/replaces libtasn1-2-bin (closes: #362245) * Set DEB_MAKE_CHECK_TARGET = check to run included testsuite. * Copy a complete copyright statement into debian/copyright. -- Andreas Metzler Thu, 1 Jun 2006 17:07:51 +0000 libtasn1-2 (0.3.1-1.1) unstable; urgency=high * Non-maintainer upload. * Fix name of binary packages. (closes: #361890) - Remove spurious conflicts. -- Bastian Blank Tue, 11 Apr 2006 07:41:21 +0000 libtasn1-2 (0.3.1-1) unstable; urgency=high * New Upstream release. - Fixes a buffer overrun: Closes:#352182 - Yes, I know, this release is *late*. Sorry about that. -- Matthias Urlichs Sat, 18 Mar 2006 03:21:11 +0100 libtasn1-2 (0.2.17-1) unstable; urgency=low * New Upstream version. * Build-Depend on texinfo. Closes:#332563 * Split off binaries into a tasn1-2-bin packages. Closes:#330739 - Also added stub manpages for them. * Fix autotools call in "make clean" rule. * Use current gnulib. -- Matthias Urlichs Tue, 25 Oct 2005 11:57:41 +0200 libtasn1-2 (0.2.13-2) unstable; urgency=low * Changed the Copyright statement. Closes: #290209: Improper copyright file * Added missing Priority: statements to debian/control. Closes: #294706: changes file is missing priority * Added missing AC_PROG_LIBTOOL to configure.in. * Updated Standards-Version: to 3.6.2; no changes. -- Matthias Urlichs Thu, 14 Jul 2005 05:43:49 +0200 libtasn1-2 (0.2.13-1) unstable; urgency=low * Merged Upstream release. * Upstream removed symbol versioning and replaced it with a simple export-visibility rule. Restored -- we can't go back. Besides, versioning is a Good Thing. * The previous upload Closes: #301575: New upstream version available. * Switched to autoconf 1.9. -- Matthias Urlichs Mon, 4 Jul 2005 16:07:13 +0200 libtasn1-2 (0.2.10-5) unstable; urgency=low * Closes: #264032: debian/rules clean doesn't undo all build effects * Re-enable libtasn1-2-dbg. -- Matthias Urlichs Wed, 15 Sep 2004 22:24:20 +0200 libtasn1-2 (0.2.10-4) unstable; urgency=medium * Updated shlib deps (new function) -- Matthias Urlichs Fri, 13 Aug 2004 11:45:01 +0200 libtasn1-2 (0.2.10-3) unstable; urgency=low * Depend on binutils (>= 2.14.90.0.7). - Closes: #262267: libtasn1-2: Change Build-Depends Thanks to Dirk Prösdorf . -- Matthias Urlichs Fri, 30 Jul 2004 14:29:58 +0200 libtasn1-2 (0.2.10-2) unstable; urgency=low * Priority: Important -- only for the library package please. -- Matthias Urlichs Thu, 29 Jul 2004 14:10:38 +0200 libtasn1-2 (0.2.10-1) unstable; urgency=high * Merged to current Upstream version * Didn't install libtasn1-config. * Didn't install libtasn1.m4. -- Matthias Urlichs Thu, 29 Jul 2004 12:58:01 +0200 libtasn1-2 (0.2.7.0-2) unstable; urgency=medium * The binary package ended up empty due to a local bug. Sorry. -- Matthias Urlichs Wed, 14 Jul 2004 13:45:04 +0200 libtasn1-2 (0.2.7.0-1) unstable; urgency=low * Use the original .orig.tgz file; the old one is broken. -- Matthias Urlichs Mon, 12 Jul 2004 19:25:22 +0200 libtasn1-2 (0.2.7-3) unstable; urgency=low * New maintainer. * Use the included test scripts. * Don't use the included generated files: Upstream CVS doesn't have them. - Depend on tetex-bin and bison. -- Matthias Urlichs Sun, 11 Jul 2004 13:40:13 +0200 libtasn1-2 (0.2.7-2) unstable; urgency=HIGH * patches/001_decoding_bof_0.2.7.diff: patch to fix DER parsing routines vulnerability registered as CAN-2004-0401. -- Ivo Timmermans Mon, 10 May 2004 11:39:23 +0200 libtasn1-2 (0.2.7-1) unstable; urgency=low * Thanks to Andreas Metzler for preparing this package. * New upstream release, which introduces versioned symbols. * debian/control: Added conflict with libtasn1-1. (Closes: #228204) -- Ivo Timmermans Tue, 23 Mar 2004 19:39:04 +0100 libtasn1-2 (0.2.6-1) unstable; urgency=low * New upstream release; package renamed to libtasn1-2. * debian/rules: Moved to cdbs. * debian/control: * updated Standards-Version; * tightened debhelper build dependency; * added auto* to the build dependencies. -- Ivo Timmermans Sat, 6 Dec 2003 21:02:25 +0100 libtasn1-1 (0.2.4-3) unstable; urgency=low * debian/rules: Use libtool rather than install to install the stuff in src. -- Ivo Timmermans Thu, 8 May 2003 22:35:35 +0200 libtasn1-1 (0.2.4-2) unstable; urgency=low * debian/rules, debian/libtasn1-1.{dirs,files}: Install asn1Coding, asn1Decoding, asn1Parser from src in /usr/bin. (Closes: #192465) * debian/control: Update Standards-Version. -- Ivo Timmermans Thu, 8 May 2003 21:37:19 +0200 libtasn1-1 (0.2.4-1) unstable; urgency=low * New upstream release. (Closes: #187398) -- Ivo Timmermans Thu, 3 Apr 2003 11:19:03 +0200 libtasn1-1 (0.2.1-1) unstable; urgency=low * New upstream release. - Fixed tests. (Closes: #164612) * Made it a separate source package. -- Ivo Timmermans Fri, 14 Feb 2003 21:42:10 +0100 libtasn1 (0.1.2-1) unstable; urgency=low * New upstream release -- Ivo Timmermans Fri, 11 Oct 2002 17:37:51 +0200 libtasn1 (0.1.1-3) unstable; urgency=low * debian/control: Conflict with the versions of libgnutls that included a libtasn1.{la,a,so}. (Closes: #156765) * debian/libtasn1-dev.files: Include libtasn1.la. -- Ivo Timmermans Tue, 20 Aug 2002 18:17:28 +0200 libtasn1 (0.1.1-2) unstable; urgency=low * debian/libtasn1-0.shlibs: Changed so version from 0.1.1 to 0; remove upper version limit; set lower limit to 0.1.1-2 (current). -- Ivo Timmermans Wed, 14 Aug 2002 16:49:15 +0200 libtasn1 (0.1.1-1) unstable; urgency=low * Initial Release. (Closes: #150106) -- Ivo Timmermans Sat, 10 Aug 2002 22:02:49 +0200 debian/upstream-signing-key.pgp0000664000000000000000000014211512262230527013767 0ustar H 6uC\‡U-HRK _iצC!eTл $P H,*QKvڃYو9(yf/Daˏ~2<4<̓WWzרK dA67Kd1Hm_ ͸fbQHI6jqxT =¦R qg !x^9KhÝZ p]o 8-mО` %)Nikos Mavrogiannopoulos FH ]W\7ud9bf+6V' u{MFH~ J "9pzP aQm4ak&^"r&H %  )XQq V4Np6nn$ 掠Tv6W$ <k!@],ZcK޲ 1eL n۳){UJ_ߡ#N\Fm:$&Z6Mm`ę^z4@icHh\)[ieTs,?Y:>;k~jX5Ҷھ*f$'" [zv.M1;Ij|=W}{UKahT4iXylt-%5c:avK\Rçnxx% /zd +S*&4q>TCxgAŝ{ngL|$j37nnw T0>8󮷗'Ak"{Ur7HӉ) % Hΰ )XQq" /4q&bAL&ޣ:I9,a( .'p;ǵ6Gt̹7NWOQU&cҔ:`wB!ɰofYP[!+PI ] 5"W3umQϋ<BbLwaW}V2)<tw .>#˿kYڽdf)tޔYHaf߶Gb?٥l[Dgƕy~Q;rl4|ZQm}%sտgi2  Vvt4_9o/50}H"eU+ b ߲V αHFM!הDNmzZ(ouӠj.6@FM^Z {'eT _r~[;'1\FbNY]N0w,u'xFMN ibvOŞDvdKXejO+W~g= FMO I6 ;d6fzN.\rx:dN{ozYzFMO 1帡iE\n#,9MF^^SD*և:m{֘FMP |zarF2Fuy:GiԹ2FMP{, 0$H]FMR sS/zn$UNy#tk<'1ǏjCM8R}r"FMS m :@X7tD'U6m}V_4w*Ejڐ2옏a-FסFMS -ߟw6{šԓd;ss#uWPpFMT|) /s)<T:~9@atdkc|ckn6G^FMU. n,*} m׸-P amWx,$fv>Z!CX|rv݈FMWê rN1$xhI!Ťz!'bjdRf8~FMX> ݪ6g 5j/rgf;fh:!7۵/z{BeOvqфFMX> / xANl֧ -M2T1I[0={-jzI;MYkS20>GYְ_ڊge%MVĸhttp://www.gothgoose.net/pgp/ u)9tRQUkOV^_Ox,HN droe%MVĻhttp://www.gothgoose.net/pgp/ ֠P.)-ӚakOpֽ@ PHDQΈt4MO]-http://www.a2x.ch/de/kontakt/pgp-policy.html qmD="-NB1xzv Ź__NuIN:20z.㹈t4MOo-http://www.a2x.ch/de/kontakt/pgp-policy.html V)>zT\tԉFN|ZVjԧ l3Xwb[MPD }&r$/K4Rs9q/p{K7d 3*~!|N_;;Jz&+<0'roGڣ?EO/22٢<.q^Oƭ{mZ`Sr&lIh;J*B9 P Z;%LYRks- oV:.`~gbWe7 ڧ ίHʿVZ<^Y`}G c|P8]fg]{\Օ這Fa~/%v. Z'` hݹ0Js#{w6#ϝ3kiSori39a'I!T8qq+TTD1EZU+FHV܄`DQ8߁.aG] GrY:6)|a9v|Os6NQ/}.Ie>>A{WT,xpq%3MQ ZA6>US>{&>ȵ#LtچGS,?y 9T1bգ#8r Ÿ!t s0$F{}%D.!zeV/q?璴p7UZ;Wu2;pkW_G8@G4)2Tߟ^]k6ˇ 5[# ']cryqݟQrG >]It%]N^QJq u0MO 8Շ& 7 W-oRRyMkRS*`S]1c2RJ*h=k:6ΆH-T\vYgE4Nhɢ)% n \`,tPҧUhז^(F/g/'kdq2;c:vxhݯP.1άriRW܃g R7A z~zM=Aa@6vtt8wΌH 4N#CGa+\F>*;6=kP)`\i,6X.C~`yvtm_;0#ocb`@#V?c+6c@;K䲏h|&V'yf !1D*ȁە2SrD91=yn_DdTwIHJ{q W;| ;K__DeGtCȦץ;8EqU?xLvApk;T%nWd5hgHx'vt5mvT780,{xQ? iliJrAMN gfZCU.! C+%/6"qR$)ǩ H +P|vZZY }#*SBj=['zwhhGsa'"-Q),61 R]lKL%]' =\YoB`{L?RGF?h.k8s.HI?lR\) m4t{ntve'-0͜ȮlI?;pMO: ~* zzX8=wgq o"_yrРZGj(7,;;UXl_$\F Qg{ӑ2gz;s70?+g!4Xce uN|% ?-{< z˿I6&W_m_ kwd9aA{npm{'bgSslMa#/7qn]{r9o]aI0/Ro*.;cQ7FDGt@ohgw:J"y wAqjH*מ 5*efT)T(j5jm٧]I^+KG+[9Ō' Fa#N^Ź9- i?dCYhhn!6{"]ܿ/Q>I98oR;OgX:ЊOitʭ7 dl Vi86"Ư(RmĢ7|?UAcB˻II`.|r(IVưl O@}}^Y`9y$k.L5esi =znVDsH4'^W>¥Q5T$責,6mPk_^]")ďD\p6Qj4.ă,Ɩm$Q94&d'=*vnʵ5c^AA`+N{5hL_ɺ6Q.8> Zcwt2FYq@%fy{QU!cɽ*d[>:JL]LΤx=!Uq&֥]sc&m3C箳o1 >UNJ#0e]-(L_5I[e)-p`GMQ /@~)?j.!]19Dy_Gi`ZxEn\_Hch^5k0m@;e#!MEz%&nَf~NuX#gU"05BCZp$= {j4kQ*MIgMBƀyU؅: #O9@fZks Ǧ5Z]d6GCOF\I)*zg<8-JZZ1&yR 5 Kl꤅NSGBV޾9K/~d4X0>ka, CЦyDc(rtWe+{SmV G DQgXB{OP^y2JU}I1c۫Ev pE BeAU̟aF9 xʕ:**c]k[~zaCNٱ80S2ĀKӏb?ş/JLxwR,txMRo *2Aњ64/3y֋~Y9x}.DYa o+ϰ.?BHR &oi3+Yj䥈Y/}+" Oo%`EOTR`j\~gC`-%MN #+KKv!=ܵ2ÐFIBy0?r2AGCE9H {"#)R2ƣiߤ526 * $W+ĸ;b {AN+ci`'gN;M!\,BܩeE6fW0}3s+%J 9GwvTZJ)%K[-_q]i>-@`7ͷs0#EQ @a~y'?,U2Z>6Tg{pn'ȷ՞Zlt+Fd^Ӱ= y.l+=', ꥴ͸5/ MR' d]*E6 q(:l,=ϒ&i4Xv|Rcj*xa"d=Bj0Uu{¬Rz=+&Š V-c8/9tD}Izи{2G(!gR_I6kt™;/i))Łv$- W֎/鈞CDXhW* A"sVySy?U\řZ9jHC[I rD1%Dkk}~i VGh;3GӺ9vS7uH o+z%2wAx2cN ӾN$z`Q|W8σЃQmwWV{Bn!({;l&Wٲ=p@>wTḆٗDHmtJbm,qc~G+9ɵE$tܝ1Eu:I[Sk&D%i>iNI-io%בGw~T=.sÀ4(n| lj, MS$ ،y"b3,8W䐤14R^<>p991y!34o 98ιsЧj}to7F>moF2d(53cG Fu# 7o,-r<7",i(W3q?jaoԠPo>l Y)KF~ $h$mJs=;\kz?fxy4{uZ'KY TjLA_㡶=IrM$c)s܅ȴ)PLD51x`uU/!A{J] _q$"%1.TM3mрcK@'No]|$XZ6/*Η"$= PAe놖{yf>|z05Խ0pjl^w=9Z_F5iYQT+KguiK޳0Fs-yFMEe9){w3Ov~H2ɞVM^ s$x2 shl&4S]22?6SPrm$g2p?6ޏJ(QhwdwTPybG{宓o/D텭{}$No(ٝ=>*(tice#E$,ŒEiGlUwN!irVWj^(=:Ǵ[;v]@V-@?v\=Bl<fPnbn04$]y(w˰#dlÖ'?Uw`Sٓ3`eTXl!7QosW:Iݸ-`[ʝ~,;0"vVFЍ3|ackgSh%Mkn=\渶b!-66C>+6ا&)“C'?G>͒%40 ٽM~y6SU"~AcP`M 66Sޓ,k #vLJ;oĉ3b)f&-3#%M_ R%1[:_[c?}."Ȇ3=Zu Meo?OT* R݂AwlJ JAN{HMo*Q!s>p{] 65!"8ȿD mƕ`W-0}$w%C@q"(z5ڠ HXTzY mgG(<Ժp:N'`4-7έԡvțUM*!DP⯄m_ɜ̠UÑ'uEQUg*/@@ҧ~!f]}zϚfpF(/,zOړkBJM jr89XE?r t-,Ka? &jk3tW"R V"ekmsaA(Vt'zZ_K|Kq} ;)"֑+DMO "Ѽen,DgwBN) G2Q{iHME갶Q(9vN#!Qo*{8*'wl-+uICNkB׮-'zsJi=/٣0+?]|]E}FP+ CM'Z~]Z[u-A167tH܇ΣxIR`(>1 Sz3+=61&r["fDP\=^,r*>=Ca;WM״ ( }Dhs:h8qT|#'+\86TmHAX34лc2gOznj/bރN"x}Ꞧ t ^?g H-TdtV"KN֍E_}ĂTMtzXyTܷnUS4ю{6˪?^+Z^:\Nvy/+JXVAEyJvKi' OǟMP /p3ȟn)*k+; YjϪfr=óPn(*+I"( n+j؟#s:kO*y*8qUַK8_VJu 3nQX"m3Eo|Ы7oEILxdbĮ͜}n50FtKi,xG81H4lw~؊ Wd7Ny~p#4d/ڹcYptbXy5ri$ˍA<',sVG+X3MY o^:h%_1[/&{9r o 3y_6u,nzj5֖OSk`2P>M#>xt#*f$o4nR%=/,$P^G~juٟ͜7LZZטF}TzwF'Yi)8=K|׽%Ē iO}LbmjB۴A5?Vb!}QmJҟ#LDi FujW*B~<l;lOIoS~N樂q1ItDA?:Q#<FxPq}Yx Ccȧ7JzwVWҚ[^4:B'b5Ú;Z+q6W,,&o5}b;}ocg `"a.!ڂ(ȯVz,ƕnVI+?:q Jbg~B["H؉ MWx &uD  @@hB'ǧ /u={kb^˒dML;p5ƟTSn،` MiX[eS^J1r9erތY>Qa@}.spڻp(^y\ #k Om#n?18D7 MW @]79Ȅ<.u%+?y I#)%qSw2J֑" ɐo˪wlfam&3gA"\ {a?w>J7H.4D1s HނGg̈M W@pN\@IhW|"H#jiigkXҋu4D#an |'Y `x~`!>( lS1"2YA:S{$P ujzN- LHC%]Usf Ylq4IIR ,Ro`t%Sֻxk= MDz`$:@E*ÍU;MT ׵*&xIC"S4+q<^8R*@l/VYj?NþhZ^XRѵ/#JKJlS߈ucH0`}ysGjϺfg1pTia^cq翳[+ bkxyXm\@8ax㕨O,>X_ u+NZ ,7 |q,lQ߈c{Y\%3ꠇ)v>Ğ[GdKΒ@ƒ5r쁿 ?h@HWoqllGY[ $[ߑE~Rr 9+^n, 92903]tt޾D3X˧%GHs>CZ< ɧ7K$mu_>Hx|۫IRv BT0Ti\)p\3:jb]e՗QKrdONYag v8Jei7mGMNY ە ׋Xϣ쾏QRF.yГ|gpSf9NZAbam䯐.{wAi2c ɸβ3CW}ajPh,F%yrم<$0Wp$7 {ܗr$Q:c}gn>|+L^t&ш~s86Z:AkTd#25S}"\ V%팸^CQ.6m#fcZ f<y@a!ۮsE` )ET% ZjEf?X$~u͠" 41^bϘ(080;zfɥp OQ{hf<d6#7VRigu d|{Œpϟ/Ƞ ĕ2tX7?q6ųF*XRi!]]/*Ρ#p,5Q]\4h&Vx |<)O0Q%^숣 n8HFE-:d%ALMO, %,(~OU6Ί418CR8='۱5A(l#d&1GuG^K.OD-|=} z.?Nn;M%D6C:k{Y4+%DQ$+ ʷ!ˉf.hw\7ȻDb}Hp)zG][rS]^`U uQHw -{&I…WQ$ǮzWiKv!"P BreO2OhDMj>}}Χ1FN>B }+]`ep9y:=LP7[i*lZgǀ%:dѤFN55KwY !Y) Zj_S({#/l(6M@98 ŸVd:A,ڧ56mPJ)*60|9(MPgl 0U)[7~4Q;p9wQҼ$xRCL EFUUE0G.91&`dRmrA βږKʷB?Y r5dT0J3I\T|!BX7op.hEE=oA}nd; iC>=( L"|5ujpB(QQ`S9v(ԕ=*"(. o-+rU.7vTn;cqB,KTSmՙ&1(@ D.+GV>NRcqwK^F9Lo~-M@ש }vޟkD xۦI*iĴ8*;2RPDX:D4enc?45EFR@۠-~ѱc=d8o jZ)ׁ9Y϶%kӉMS ~U{ zKd4JRyEA5e3lH_ҒkČ,=u it*g!]Q֓d@&> vۢx|`S>Hah頃h87 Ǒb+b:xP4>U㑲\zӋ淧/gjːȰ"E/AWP0imt II&nA!#?Q>6{URX+ԗ~3 Vz {T^YNn|vWo7ŃW Liđk~AԿ<-e}}8dgZ{PbweILk6ka`+ˏ3}ȯPic39=ZfY ɲrY|qQhi"Iͥ`uIqO>Xgr=0q[wx(e 9cu'Ŧja" \`a?3D_ ''xrxg ;MO Ax4| Fփۧq<Nϸ0;'xdPɎ(k|WB1Bw'|o)L>)~Z v{{H(b4ϳdr>Wq w7]'P̩N?*/dPX\4oprǢ&@#iA9Nș9cC#u8Ui!s֠9IyM=oƖ599]J&Wͳߕy Ջd4G;1,oN uΩggCE0],QQ?` <*`ɻ`|IGX%Et[fFdyJ1k ЊN2o/)`|nO MT ` T{. ct͛I 8#4zQV9*EfPMg+( "BHj#d>+B5̟(@;w+.>6$ʘuMRm3F MNB "㊸&şf[1m|^x,zZ} {|w }ۯACr8t,9 ^4J+NȓHo5~ 7j3.( IBOgfKCǀɓR6ֻ6},J_DG~D-MZ>r* Syh}.Pž /i 4ts?Oώ]:.{s숿zf9H?q>"ZXM~1wը|(>aWh#=ELk${7(1P3~,:r_f l |W*ADѶ'DNo;E\[b  MOx ɑ٫E~^ Ny54'9֧QήngT5DRyj~7}or?HjP7MؑC/t+4j;37fk@qb2y~R8 #̄B3_{SpTlhg\$:ϘZMuWaX~ʕT~DT8A%p*6͏^Y0hEcUbVE9D^Ɔl)*qg)j埑L@.Yڳ!Q ,5&3A)do"nQ#e}7A/,G4Au52˕, Nֽw:ako ] ByI&5 ЙnTX,j2e%wIV[[PJB.@TLsƩ8fCu?PBqppTM)׎eLTX* GKAKMw"K> QaEBtz4@;%MVĿhttp://www.gothgoose.net/pgp/ zBB8#gzy ?g'uJO R,7t /H,UTYGe2E*N{{{Ⱦ!WzITel/bc;_Țr`λǪ$7S}o_mH^}v_k%oK}q(tf Q{ˏ6M6[ۡ#w"$$N-KAIZ"D-Q Yz-BVF+X2 ۦDGӬb.bE3BBS,fENe \/"7 DZ~fsòʮZTiG %8 ?Nt{Rud}ulY 0XL(.}҉zAa0ݱ[09!0*-"IMeK׺VyBi%VF2/ZD.Acݻ3 ͝ '܉ch3iSmjIFuc75D*aK]M 3ukUV>yaDZNƜ͆7 g_uh!@mp8)k3ъpLh@}I34;8eKe]ĎPo,oB/da!S|a%B4E\=)\~8&7g^.z XL?kۘ ٢{TeFNz * Mk$O4|de[Ֆߌ6^g`鳐f=˫%9"OfU6չdAeG4]*Lм@Hyo;o{0:}Ef`Y.`^,}x$~ aj0 [zsAcyh.5'UrxƯ D_ 5 SDHӊW^F˴xD2d+EV_e5ANՉMw 2WU[g%> `ΠVjO=V0) sb+i?䖥8o o[=gj#U` yc=@Q%*KO8$\A@='.iV:\Ĥ3*mzj*;R,kU׎4ȅU?p lGv)4یyj|EX M3> Z cU #4mq 4-Xgz(5%59]clc8+`'/Is r˒CRndjpObo2f|FtH6Np TO!NOFn [vNBoєH.}s-=g4.7De2/@1vը<(óg/;V]'|SWrmշk5- sF݆&|k#ã a%~)x.h7*̳Ð;mx;F{ 8jv^*+*t9djd6{HE \l|,FD%rK<& n4"ǹ9LCxiȈTU/eiR J8sT? 'ur+ 9]t,l"A@ȤKdӐGj|d Y _`m}LPeYLVo #bak߽izd֯FO* V(@pZ!t,fkݶPfEE{󏂑@FO* cBZp@b㈩*neU^&4jx\G+NnR_$UO* grQ[?R+pM1 $/A) .ݎ}-H3C.& âWc:Hk2?RB1Fz.8V }ʴ>Oуs(6+Ғ"}NN4:\" H5K{ǼxXOadddn<1|9/2aO8AUV*_5ǂR<#R̶DUEESb". Ϫ<8nXO'~≍FO* ( o:[`q|ǔޖQ]y r1(J vZ-V&U:/8 _3gZAtrI#95MK1}햮~\L3)O*Nq)ȕcdGYd7qwHLJ E]U0P_{_CkxqvXń"]b:0zt,? 9ZOTy1Q;{mN$*{(>&ߠCp$7Nikos Mavrogiannopoulos FH ]W\7FSX= 8}ERà<§%;FH~ J 暲,In~{_zO;@-`Y`&s_?z&H %  )XQq &smJw+RD(XgԪX`yeC$d_;LW>W=,&@lT` Bo},T`)+¬̋?o)sq݋&ĝX% }P9KrI}ei<`~p;Irf,hR| ꇆP6GףCպe# '{buSA!(7wl[ A4A}bܵT+E{nbڵD޺Soc;w_ޠF=LXTVVDyg-:ke4VN+ \L/xp} U*cJu&# .X\%,Xg3߈.e=FM^Z {'eʀy r֋,@l4|2CQmFMN ibvOŞDp"VkK ~_0bm+&|'*aiFMO I6 ;d}CHʣB]t=: oB f+WFMO 1帡iSJ˼_x#NBn۝ϟ xcX Ut8H+ FMP +:BmUrzU4fCf3rVnrFMP{, 0$Hluzt>z/*OUNK6/:o΁̗x$FMR sS/Q0ܾ?!-95 k7^H$5>PtFMS m :@X7> AA6!Psm386LzƖUFaۧFMS -ߟ#<.sy΃M\Z^R).Lf\ހM2jpeUVFMT|) /s)<Rf5kV"e.\ f^o=C.[&hʌ;)U{FMU. n,*} `y7Z6waO$쳌zMq!oOBFMWê rK\ZF|䜃AG~źY}j0`sKjxbLFMX> ݪ6g 5jc1@ ^ lRiP“_4_,•6h3FMX> / x79Χ%)܊8a9+]O#p`/F+FFMZ q3_jbh7(+dҒFOKuuFM[y  Z?RK Xv2РzĞػ?EVBXFMP~U сzlBr Cb3_?.uhp),YF6FMO ݇AZ"V8PT;e.s15gY$ gX:)Ν rFMQ_f #;W_C5 $1zͰLz]}1ֹ̣FMR Vb8 3^q1U#vl`kHNC8ڻged Y鯠2vCFMXW 8zv~u )XX"E\!KaVEѬx09FM]Z b?chK"d tyAl\H4U(^MO5 Bv603kʊiM:n ?'ݽƒfs|*eQL;~P@7΁Wm}^MTR 6=8iU2eM/FlgҭէI"97p\Lz![#kB;(EG1HAc5e%MVĸhttp://www.gothgoose.net/pgp/ u)\& :YHd.k@3 D7IB?yڈe%MVĻhttp://www.gothgoose.net/pgp/ ֠P.{O}cepWV.Ñ۪SMbTt4MO]-http://www.a2x.ch/de/kontakt/pgp-policy.html qmD="-s:~ o/.cTkTM[7ַMrgLjt4MOo-http://www.a2x.ch/de/kontakt/pgp-policy.html V)>zTGݵ<7ױݿMC[~Fiyz!rMPD }&rR5ޘ|L~ֽB 3eї$j;k .ޫoQ4A::1=2hO$ƍsʼKyKYV>@YdFf( ڶ䄃,d,‹ZöѤ{їiBcL(޳~KRr1(KpGO ><{vٱ,@D_-|Jn$s2yknrnHMp\|݊<vRťBj`=MQ VtoZDU宐xPGG4qKvܺFboNZB68A-]yk)D + b}6 [N2ڊ܂-Q(W[ii]B>Mk"Yo E ܞIdNJ1{ NP[4wT8*߈C(i#I,%72"t zw8isGrvC6 %4%j VdoGBbx @MMQ ZA6LC~ DVT!ŀa`+IGL ] ߅϶Q~PT%]e?ky0d.ˢp8<1jH*~#0o2Rv[.vow],ҟV@c|&n5W[ApEt:aCl}qR!8oq)2#xN4bC/I$:5*m3etA@Ju?kzxxжy5UMO 8Շ ?0s {][+ztujhRf(.g_41$>k|E ަJU_y҅ &s^8<|SbGObs ;dQ~҆~A$d  ޥH/W^F11i3uߝ}lMYoqEk|0'oJ}HYnU<>H}hZr+~;k1-02}auU=@Ҁ_ ĨSqYV\!-)O}>FKRdҢ 9BYF Hܘ|x s4VԣMPe 8ՇE X ZT2͢ڨQiZcGpʼsH*V )r@$C+A sO7'6EلHP_;c`,Ҭ-֦pKf)>-y+sc}q:իk0@(XB 6X (&*"JGf:5}'~TT`V4^%>ZXpz˰4\ۚ?qw_\ '*ju065h$W66KBK>uA },cI&.罁u2{msNqEU.}=yq=0c \}"sDbGsVxMN gfZCeU\s/) Q4HbA.+:Zzenb8ҵ~Khw; 2qFS;9,Vhʜmְ#%+O@zu PZ<t){*2]_i&촩ӫiT)2#Z,[> ?iQ=ls?ʤ+ Y#օT@Yk5+ 4^Ӌa(PT҆{;9%B*< 9d$^>۽0 S9׾k/c(Hf⸪kY'wԃe3_ _: (:4XVbQװ%=SabLj{bڸ(͙ Xk_NOD;1?g*F7)OZIgurlꨖtp}: m] ##j"3w; GCOI[H4b'}/ ks累zKv:lSkrr5Jg>eXb?ό1U%݊s#+&vnټЖh$kkK|#pxLjI+0nr`A]fa5MP[@ a/1bmQWfj? W".~}R CiCڬyv%[]kpdȶqbN/?dKa־dc)HO 9n9Md0R< y&w.#%WWSؖGzAOo@?ƵvD U'9ÓOU@fyKi_(b/>04YH OnϔjMQ ^>@Ju4sb;}%aʄrj6穋6t}.a7<_:l8xIR|){ʔ*wg{<(wkҨ5-`%l}-qWtFcֿBNM"440X{4Qcop7*Z?;r"ڭ Á.`qSe`Frd0"{[{o p-p XMV ٺ}ľttoܴF#7]MI2 ~p&0(7e6YO4`p@'tEd [D%HMA0xT3r EM=5(!kE?nƧrÿN$sY|4A4$R7˄(b|.(0gs|P /R% MQ /@~54|MI2x)Gl`Cʌ% |/㘯.HWU8,øm{słV  J|rx:A .쌷I KcB֥0_Yy_ow)k}3/+ļYÔv7F > ̔oxr0'CDŌ ?ܨ*b,>.?w<#~dRz-La]SM>W%f(+&C}NT-ԁ!Νf,le,Apwd5E ˼V\5]jYC&]95P\7ɐIVɷbO45׶l;GLN~APn\*m$$WoJp} %,6]V̇$J o`Za1@FCDLQ|R,,^r`6`+)NY6MRo *X(Fc]C3,+*Y" hc)OUK#ʐ'S qKm> oiUd9n@jЈ d A@;4c+'n=LCgF;մΆhc(p09p}zމϗΒԞ+YErF~rN#-N/RsJCYig]>Z5Ksf0. y}u#Q>K`u7?ԕP=eff~PHioxB^Ԃ1X- m|l It!L۝IZbANj6yAcހӽ]/2WY3R"ɳ]xqO .'}B^:+<1*v]/ zq0J&M~ E lgHǹZ?!qEՁHm['kd4ނUJ;yKUhHX$T GvFjd팴#.)%u<x>Sl[g0:pFwLkH T,`V34m|/ܤ\zIuT:${s4;aC0*Rl+W,e<L*JI17;)SC'&uA!LfqLȦsljMS lӮ:`Ƅެ}zk&ghY(\58h==\?,&9 Th,w!%IVWa{IN0]ftDⓟ\~|ܰ5Hbp֭V b,~`CKj4Ea.pHst棋[+ˌF衟*aTz؍c Ä$XKsk#S*Pzv ז.=;ȬY+}SrM(S6R$K]N"5aY$3ě›i C_zhbbdU < Pd3\ v`KcS >~^ϵjiNX~cҮ!?)RՕd,;rAU ~Es>]6g{j;u/Y#do&q̶Ds-;ڱ].ș 3 (*] FZw+ޭuHYIw 񐿋(($7!gzNMS$ ،y_5jlW ;74*RDkDkI qb46IK'nb5j2jD0R KWz2@~d.Pn7 c&#+Fi7]ǜLMX߼x3Q !EX&+ Z/PlXOGPGiQ[j|f0;3Zl& x( Ke/Mj)bZXЁ‰`zC=88i]c+TIz4jX0]-7.VڰG~:N%Gsl1m$#|x( Tw\S.U-1UI(./;S}0c :wa8ɩ0Ew6ĄlmNUކ*:%yQ0n/n/Ew,d|#_c̗P8M GN0Iw.M]D r$P٠дedM}~]}Qm5R/ril#@SfM$ufg.op&v+9590Ϡ=:@H6p߼F!& !0lPpE IE㫜yDaP%r7Oy-=Gs"/r,G *eŽٵj^zSA{3\E)l^\sCyR? /E$pr@UYa ijaLzxrJvqWm*pcGA+u o;z;x5 RD  T~ZH;5c'QŤh0!V֓tG`]M@S:pS]'.f\ eM#1z6qdpHw:Ev%mĺNC\ Veъ7esM^ s$x2 xGtL|V J-(KQ}gvMEDlx tN-"?ꐑ¥`%E( G o7  *zA5x5-BW ר+dVܸLj^D)!?f)v!l9:%Z$ ovB?1}ٞxK9`|//&vAiuj w.)AĢrxMɔ]W=ء;Ѥީp.NXY팶! pmY3[<-8K&SjG jzD%dS.2h# TMq皴ƞ~ony%J{W t<햇|쳥T<%dfAqý{Bcqpr@jMO "ѼeES;+7[PRKf[v wr[)Y i(,D8.#uy#qkQɘٓ2S[^nq===K~V8D!HUU,&T#1bFt<~qFFFU/sĖ(9愉%ִ'2WgW.ΰt,tTZN R"X~ۛ69Ø%c\܃$?oia+/@K=C )N(kTY}טKzQkr"opg;k2jBոĹVR2};eIgy];;<ŃBEu/l59|CfOQqk}Z.HZx'llY6(A~<'xnq; NFr9>FB!t1y(G4c+nmo=XfQAks3べL,R-y.jdS!~j7;q}79ľE5چ`wsRG<]8Zϑ-(Pj UpP͊Ǭk IcNaM@K˒#=#`ߧGh&%;?\3b<-+arXau.L SlW9o'U!VяN&|J >LDp3=(54-[;PX06땵B=8`UD5Q1")rdvenx?%aSlIVi-YHP}e 慄"ͺw5}A( eFÖO}h<?n;2zw!'  ׷xj-,3R\{- =uϦe{B  MWx &uD 2w',捠k^a]M#̾ ww"'XvI#'<-#ȏb )4$n cRr ^:6a)0[S.i#fQ.} kO.t[#VN /$"T̈n[۷TD+cy1W,0pc @;{FHi YN8`0>Gw2Ldi)*N7x2ɠX+Rg.0ڡ؆{Ol2"]FQc\lۏizY?'nVucaWxBфf-s{8zwȃ=P(Th| JL;ACm;N&2!S/NOYR_2r6E]:?44W̝yP^F Aj2`@ ϬtN5*NG,^zx86{7f#`=EX MW @]7<$b~T(㭗ْ'|@ַr_-l̅9G\&:30˹>E 9(!?! 6Vtb]v3w.˥, Mgoojۧ=NDJsTn&5hbu7ߦވV'Q]&=wyspӷ`Kx` crPEj+.[nxUoO {4~Ѡc0f$9PfN5:ʂ@XYcR%I $Nk2 M-,mj_T uzP[2x tJ'׬Z{+TӠfC\43앯o ˰2R} 9iUa6uł fRx?)fjf߱HwUOOMF9٘ ۑiu)wvIf&~0d=ihk7yVKNXy%$%NMQ_c Zgэ&yW&?fq{&Ֆ Bc#Ȝ;=\!Gs4Bx5yYI?FIb[ ~P/HCEŁ+k@-ڹj 4PǦ :Ba~H' O Zh,;ChlvY's]>As@~AQpId/`Ş_h Kڇb>EIզ m6DX*TblS]6*Q8+,'Yˎ;Ml1RZY64ՍJ)"d~:VGPQ RnIكs5k!ErNwڶS߾-MCSz>vi|7/CTE=t{Ѫ9~'$v>/UWӲ_֟L#7Urq;HD jo[n*%^=e,4hvZ4l ʆ^=]Bґo8j_QZqf8pS*Tt]uN5&;4MN\ ە |p l+6""\+iD4C!}:_ƒ)(8PSx LEnM/A Mk8%]AL}D@~5Ia@HG($aYAom?`kowS %EU>]&e܀a6L|6NrM`Ԝ*Vt36YIy2,Wgг̟R n7m J 9l*W&-%ΔBq7Se'YY{Vk ]S".I˪xW=X!/.V|ᆄisMM_ýl?&s_0xzAv_Ogeb>+wj$0] խO.L`"5۞~A@!|DNo:7M>vRfsq[ +b@DKEMO, %,'mxKb>?Eu!NNۯECXHbnM{Ϡ4 2kO̝$>:r}Sd A5fK` B3R,t0σRW|'z60xͣtr1azH*ɜ?D*RwzU@QH[g'3z8SgU>i"Rp5%y:ydy4̘'Ө3Mߗ@Š&i8e@32b.=E<:FgfGmS bTy*(&γ~ c<GҚ]%!>!5Ԟ+qduUBUSٴw}V1Ldsf)GvKV> ROU2!2 to0}yõNL߽P\ؙKZ=ps=tMPgl 0Uy|F_X q-IĝGN4ks1ZDWl~>8Y&G4 54ޘ;F$;QZ.a0ԩMWNAԕm,'S*R#w)'?'9-n(bRE1UTKFr6Y\WM1\?$˽7L6mZOi_XwC;/yeHiQ=y#Mv݌ڧ мCf#nXVԊ/dMf%EVE=ƭ`HuuK~^!['~p<7|mɴ^wnbic<#I |vl]2G!rrSL,΁W!xM?3欁04[MS ~U{ }n_3YM֨%)łpjO15kCdXW=W<6PB(-ѝ[ASHK4 u?hc7||0Gq9=qWwfi|SLѵ.J 'HNNmS4ΛB&瘞y`Jg1 쏀e}'kq9Y9ԛ ?sI-UҦ0%Pʱ_4W|#׻ \ȆswNwLL@6shՑ<ҞxW["K/ aHHbXr\UaKI~$zŤJ~̺N7#>gpv ero8q9M;}c= 腆8l&6glMs}x jz$"ޠ4E#~p E&tI#z }.l `ɬc4rN֥;yƉMO Ax4| ?r]\ 3 D_|5w"6T2sɩnr=}hB (-5.b܉Oj"txb钒B3PUYO{ޑUA43Vlӑ]DRZT9G/i8h  UIK]bpy[+|H{J3 !rzޔh> zt-ϺZ*"c6|6Z wcI%:dt*6A2h{V!ɏ|BJ'ݣÙe4iA*])A̐)RE”O`=0,1&xl!M XYMOcwݍ[l%(_J:Dmx"},dtjыs1Vi5F8& UZԯ);^uyx9V&Q=@MU?R pľ!4ȗ7=.-2MQo }ƞIN[a+fK;ӘmM7nOTM iUN!by<ثdH*&G X%d$ 77nZHîο+<|cB=.҉#I;,CY<=/nU^,F |e7pFG:f $=\ f)~o5k* 0 N:O J-?g7](tMGLb6FlnS8j!( npV r ʰ( b+&j@HB_TrXC@#VHJA7PB?cܒ7o d4jdM#~K/f$d77lPzg2"@ZP|b ֙O,Ӗ|ueJ *RK0-W`KbzB_}|A՚xR˛h>W9qɉ MOx ɑ٫E~?GTFx 龊7nψ'iuʀXN1jA0o{J[lc{i/zԑhvEAwHpzu[RWP;C|vwęgEx[6Khth3D5%rjIAH}1sĤJ3Ch <ۍr?-kL .dy6OC2#B}CȰK gaYZSoq}>_z+ BίB| WDD6V}#hXn 蕁tSgU>J[ђ%z ҮQtY _JF6}u&k?,n.Tʂoc YN^n, ;Nzpj ߼h2%d|2%;ͼ^)~VRfC8K#Im gȗA(qa?`I>'CP f*wu &ΟWOܮyZ =%lzv}Ƙ(\B zx JR8qH).ܑ,C].r`;5+FM Kñ̇B-Y&ʫJ|W(4 Ve˱S"+OFM2 Q xW;Ba\0ԗS醆jl T;#T+Isb}=M`^2http://www.nic-nac-project.org/~blaap/policy.htmlx rPe'G`M< '.˰A0(#ҹt0i(FO* V(@|*q :mF`)^st=/gmŘſuFO* cBZd޾24@=(=]lO#!O* grQ<nn 3_UsV0J!K\1``$w[4ID|{!` pIeSp <%j=N3QAԤ͆e4fM=YÞgQL*[M1kn{_ϱDb!L} 0dF`BLPM8Ȣ.R[]e-G7S9 A.~.g^tDuypX Cn{G%EVr65ɧZ7k!+qmAj1+}97o̰~D0nٲ. sβC[$KIӇz8Nn'>@ #· D}ER0%ph5{=47Ң# A"&🜯7@vP){v%{55_0$u}y+H};;؜$3C[җA2;3<-r5ħ .TW>f2jcc,Pݎi쵉E]dHM: 6EJ;2qfI\cce~MNxiqCqU%T4"u4Y]duyKӴl460lZj=?sˮtNI>I !j Mz_R;;#1 %E*M/P4ۡ[oz+n8I& NQϙ90dTFU"%`˵Dܨj6KuT |ΘJn YPrIo%j!g.ɬ^U(k*06075+QX i(kcx-5/4wmwUT~mW=oѐ0:'2mK{<­z;BR O;Q6%Zڄa2q[zEyy;qSlS(NocYte|i4}bM;BI;($>qϑ ևTcitj5Pd!,xZ'(}pPIf/M婏&P U 3C{r*s<5T+V0{E~.%+_iVrGFa6(_A#dƊ:5u<BPN=.U"8@TuQ.“=""j7w*߈&UےJ7$jdb։ M3> ZEX ٩CN1]M\65nRn~w("2Yq>B8&R<f;҂78 0$dͯDUH\fQ{o,0 QQGx'%aFA@\An#Sv@Dp({3Mupmg '@:=~ 1T'kYXxM+*Lt&m1EG(4\`9`ʕg= zcF,(+s X '|ZI-k d`aFe!G1)9r-v,uƣ(Oouěj' hJ awj6sfU9=KóKC/`AҰ3n:E_=qpǻPSG"󎾷iZ%hڌv`@A9;\tzbOy%Iuz0[:U 9ܴ+Nikos Mavrogiannopoulos (Q+ %   )XQqH 29]U":-sb#D{ww CY>~+* u&DpG6$ڣ~@颂7Nf̬M=%dtJZ#!7%EX ̮u\.~cK^P r_<ݺ{5.('M`e$*2P=۾Sҷh:)<~Ior-Βr>KǴKH- ) )XQq] H. ^B1HflyBkNAlBl?DN>9sJ5TZJYvO7[MQL/~1&_. /Y ԛ'V雡p wMi'Xk`eEbL5iM},*6`KV=JV3q&tBz'PF)'H5BUn]mV[NWfO4 ;d3:N >kВ-f)N3uU>:Y8Aim{LۅLwbܙ︫ga-H791_9ͬt>hb$\/oxe uiy74N2RvSVCqWIW#w A@L׷ Xf҆}Me"ĊV=B&T[}PqݫN'O&^Kv'\P:"f/:Bhѳq3gx/ĖqZz-t?;ڏGcE[