shorewall-init-5.1.12.4-lp151.2.24 >  A \/=„H !rW`~5vuZ) IǾ<@1xr8\y3 T"FvyQLbqE~;KPgPߧxa}7ǨhTp Ug򳽧 sT6'Dū0a^:נerGp g44NWެ͉z>N">!O\To إH}D7y/5&B,1h4UK8W:94b0c8a947adddfb10b25a4d523c3c8798be5e43375e6634379127924f80d934aa31336c174de7bc489153302915b6a572a314c0\/=„[wQ?,ŚQj]y[Zb]@k4ˊrؿQcu {|ahm9!Yysj濤۳׋ s^Oy, JPr%OB^p!iԹ]"cPB.> +#Ifo텭%M0hew50B iU{P?/&ci$;EiYU}k B0:7UK;:23uX}hp j:zF2m:vۈ>pF$?d % Z) Cd~p   T  o@h(8 9:=|>|?|@|F|G}H}TI}X}Y}\}]~0^Ebc`defluv(wxTyzCshorewall-init5.1.12.4lp151.2.24Adds functionality to Shoreline Firewall (Shorewall)The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. Shorewall Init is a companion product to Shorewall that allows for tigher control of connections during boot and that integrates Shorewall with ifup/ifdown and NetworkManager.\lamb53openSUSE Leap 15.1openSUSEGPL-2.0-onlyhttps://bugs.opensuse.orgProductivity/Networking/Securityhttp://www.shorewall.net/linuxnoarch test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in shorewall-init.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in shorewall-init.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-shorewall-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-shorewall-update-$service-new-in-upgrade" fi done for service in shorewall-init.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi PNAME=shorewall SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset shorewall-init.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in shorewall-init.service ; do if [ ! -e "/run/rpm-shorewall-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-shorewall-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in shorewall-init.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable shorewall-init.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop shorewall-init.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart shorewall-init.service ) || : fi else # package uninstall for service in shorewall-init.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fi fU f f f F]3!W+ AA큤dAdA큤A큤\\\\\\\\\\\\Z{ZHZH\\\\81d69566585106243ee335e9f3c71601a52202f730c32fd3388386eda4dffa66a58de41541fccad3cd5f41addf379438644848bdd732a60bc6c749ac2e22002581d69566585106243ee335e9f3c71601a52202f730c32fd3388386eda4dffa6681d69566585106243ee335e9f3c71601a52202f730c32fd3388386eda4dffa6681d69566585106243ee335e9f3c71601a52202f730c32fd3388386eda4dffa664ab18c41a9c083995f0e8dc72199cd22c309e851eed009a9ba31453fe4f7fc2dc631c2b52f8d101c9f139085b8f8e191b8938e2c4194f5b6f0b96a581f35e5e252a3e0fa854435ff6d3e41be2ab42bac07c7c97976c41ad9e0ac82446a8ebadbfbed9fafb4e3c8bb07e12fd0298e05e5db4de31a31a38078290bf5cb4f404026ad7ba11516436b7b1ba9eac6428b7c2624d3f19ec2b93fe2432f6baab90235d0d8cd15e59a03461bc02da6b6d9a03b120d347d292bb06c3c72160b0aaa9b697c61f304e771609f15e44aa3f64e176593ea144dc430a16f7f05970bc762eb6f4290ac950f09552c5ca20f5c1f7b743bc312eb3b1ecf591cc4ff348a9f553f2822servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootshorewall-5.1.12.4-lp151.2.24.src.rpmconfig(shorewall-init)shorewall-init@ @     /bin/bash/bin/sh/bin/sh/bin/sh/bin/sh/bin/sh/usr/sbin/serviceconfig(shorewall-init)coreutilsdiffutilsfillupgreplogrotaterpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)shorewallsystemdsystemdsystemdsystemd5.1.12.4-lp151.2.243.0.4-14.6.0-14.0-15.2-15.04.14.1Z>Z1@Z7Y@YYf@YTYJ_YA%@X[XrX,XN@XGVU@UUa@UKSU-@U@U@T@TÉ@TNT@T@TT@Tq@TZ@bruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.cholaf@aepfle.debruno@ioda-net.chalarrosa@suse.combruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chbruno@ioda-net.chtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.orgdimstar@opensuse.orgtoganm@opensuse.orgtoganm@opensuse.org- Changes in 5.1.12.3 Problems Corrected: When 'reset' and 'dst' were specified to the IfEvent action, the action would incorrectly attempt to reset the event for the SOURCE IP address rather than the DEST address. That has been corrected.- spec : + Minimal changes with spec-cleaner + Stop conflicting with other firewall (SuSEFirewall2, firewalld) User can have several management tools, and it help preparing a migration - Run shorewall(6) update -A to update your configurations Check and adapt them before restarting. - Changes in 5.1.12.3 + Update release documents. + Ensure that mutex gets released at exit. - Changes in 5.1.12.2 + Alter documentation to prefer ';;' over ';' in INLINE and IP[6]TABLES rules. + Make 'update' convert ';' to ';;' in INLINE, IPTABLES and IP6TABLES rules. + Correct typo that resulted in an "unknown function" Perl diagnostic. + Correct "Invalid policy" message. + Fix omitted SYN limiting. - Changes in 5.1.12.1 + Replace macro.SSDPServer with corrected macro.SSDPserver. - Changes in 5.1.12 Final + Update release documents. + Add INLINE_MATCHES=Yes to the deprecated list. - Changes in 5.1.12 RC 1 + Update release documents. + Minor performance enhancements to Optimize Category 8. + Always report IPSET_MATCH. - Changes in 5.1.12 Beta 2 + Delete undocumented OPTIMIZE_USE_FIRST option. + Merge 5.1.11. + Suppress trailing whitespace. + Avoid awkward blank lines. - Changes in 5.1.12 Beta 1 + Code and manpage cleanup. + Allow SNAT in the INPUT chain. - Changes in 5.1.11 Final + Update release documents. - Changes in 5.1.11 RC 1 + Update versions and copyrights. + Clear the connection mark on forwarded IPSEC tunneled connections + Make TRACK_PROVIDERS=Yes the default. - Changes in 5.1.11 Beta 2 + Be selective about verification of the conntrack utility when + DYNAMIC_BLACKLIST=ipset,disconnect... + Don't require shorewall to be started for 'allow' with ipset-based DBL. + Make address variables play nice with the 'clear' command. + Don't unconditionally enable forwarding during 'clear'. - Changes in 5.1.11 Beta 1 + Allow non-root to run some 'show' commands. + Use synchain name in log messages rather than base chain name. + Assume :syn for TCP CT entries in the conntrack file and HELPER. + Limit depth of 'find' search when AUTOMAKE=Yes. - Changes in 5.1.10.2 + Limit 'find' to depth 1. + Don't run find in an empty entry in $CONFIG_PATH - Changes in 5.1.10.1 + Fix Shorewall-core installer for sandbox case. + Make /etc and /configfiles the same. - Changes in 5.1.10 Final + Add warning re wildcard and OPTIONS. + Correct IPv6 Universal interfaces file. - Changes in 5.1.10 RC 1 + Correct ingress policing. + Fix Shorewall-init recompilation problem. - Changes in 5.1.10 Beta 2 + Allow a protocol to be associated with a regular action. + Remove the PSH flag from the FIN action. - Changes in 5.1.10 Beta 1 + Allow CONFIG_PATH setting to begin with ':' to allow dropping the first directory by non-root. + Correct several typos in the manpages (Roberto Sánchez). + Correct typo in 'dump' processing. + Reset all table counters during 'reset'. - Changes in 5.1.9 Final + Use logical interface names in the Sample configs. - Changes in 5.1.9 RC 1 + Apply W Van den Akker's OpenWRT/Lede patches. + Don't verify IP and SHOREWALL_SHELL paths when compiling for export. + Support for Redfish remote console in macro.IPMI - Changes in 5.1.9 Beta 2 + Merge content from 5.1.8. - Changes in 5.1.9 Beta 1 + Update release documents. + Add TCPMSS action in the mangle file. + Inline the Broadcast action when ADDRTYPE match is available. + Support logging in the snat file. + Add shorewall-logging(5). - Changes in 5.1.8 Final + Correct 'delete_default_routes()'. + Delete default routes from 'main' when a fallback provider is successfully enabled. + Don't restore default route when a fallback provider is enabled. + Issue a warning when 'persistent' is used with RESTORE_DEFAULT_ROUTE=Yes. + Don't dump SPD entries for the other address family. + Fix 'persistent' provider issues. + Treat LOG_TARGET the same as all other capabilities. + Allow merging of rules with IPSEC policies- spec : + use new %_fillupdir macro with env DIRFILLUP in build * Redone patches *-fillup-install.patch to use ${DIRFILLUP} * use new %_fillupdir macro in files + change require perl to perl-base + Added conflict with firewalld + Refresh list of files and modules - Run shorewall(6) update -A to update your configurations Check and adapt them before restarting. - 5.1.8.1 release - Recommended action : + Update release documents + Make persistent routes and rules independent of 'autosrc' + Correct 'delete_default_routes()' + Delete default routes from 'main' when a fallback provider is successfully enabled + Don't restore default route when a fallback provider is enabled + Issue a warning when 'persistent' is used with RESTORE_DEFAULT_ROUTE=Yes + Don't dump SPD entries for the other address family + Fix 'persistent' provider issues + Treat LOG_TARGET the same as all other capabilities + Allow merging of rules with IPSEC policies - 5.1.7.2 release Please refer to releasenote.txt for a detailled description. As always use shorewall [-6] update and revise your configuration + Features summary * Module loading streamlined, shorewall [-6] update will remove MODULE_SUFFIX configuration * Check route if detect is used in gateway column (dhcpd5 has now binary encoded .lease) * DNAT and REDIRECT support in ShorewallActions * Docker configuration support: DOCKER-INGRESS chain. + Fixes summary * Fix shorewall-snat(5) man page example, DEST column has to be read eth0:+myset[dst] * Fix invalid vlsm to ipcalc message * ADD_IP_ALIASES is set to NO for ipv6 while yes for ipv4 * Cleanup .tmp in save ipset operations. * Command reenable fix for persistent and non-persistent interfaces * Warn if getattr failed (SeLinux) - 5.1.6 release + Fixes summary * $SHAREDIR $CONFIGDIR available again * Fix compilation with optimize level 8 * Be consistant with Netfilter interpretation of 'eth'='eth+' * RESTORE_WAIT_OPTION serialize start of ipv4/ipv6 with -w option * RDP macros handle also UDP part + Features summary * Sparse option (not implemented in our spec) * Add enable / disable runtime extension script * Check zone and subzone to share at least one interface * Runtime address and port variables * Iptables --wait option used for serialization- Update to bugfix release 5.1.5.2 + Make build reproducible boo#1047218 + Fix upgrade from 4x version : dropBcast and dropBcasts are now supported boo#1053650 + Perl 5.26 support + Fix for BASIC_FILTERS=Yes and tcfilters + Fix USER/GROUP messages + MAC address in OUTPUT col in accounting file error is raised at compile time + Fix port number 0 or > 65535 perl execption- Update filename in /var/adm/update-messages to match documentation, and build-compare pattern- bugfix release 5.1.4.4 A defect in 5.1.4.3 caused a startup failure when two or more 'fallback' providers were configured. That has been corrected.- Fix a typo in %posttrans that would remove the wrong file and could cause a problem depending on the execution order of the %pretrans and %posttrans scripts for the shorewall and shorewall6 packages.- This stable branch 5.1x will be the new default for Leap 42.3. Remember that each time you have an upgrade with changes in Major or Major,Minor it is mandatory you upgrade your configuration with shorewall(6) update -a /etc/shorewall(6) command. - Packaging : use pretrans and posttrans to inform user about configuration upgrade. - Bugfix release 5.1.4.3. Problem Corrected: When running on prior-generation distributions such as RHEL6, IPv6 multi-ISP configurations failed to start due to an error such as the following: ERROR: Command "ip -6 -6 route replace default scope global table 250 nexthop via ::192.88.99.1 dev tun6to4 weight 1" Failed Such configurations now start successfully.- Bugfix and enhancement release 5.1.4.2 complete changelog is available http://shorewall.net/pub/shorewall/5.1/shorewall-5.1.4/releasenotes.txt - Main changes All IPv6 standard actions have been deleted and their logic has been added to their IPv4 counterparts who can now handle both address families. Previously, ?error and ?require messages as well as verbose ?info and ?warning messages (those that report the file and line numbers) generated from an action file would report the action file name and line number rather than the file and line number where the action was invoked. The file and line number where the action was invoked were listed second. Beginning with this release, the invoking file and line number are listed first and the action file and line number are not reported. This allows for creation of clearer messages. IPv6 UPnP support (including MINIUPNPD) is now available. A PERL_HASH_SEED option has been added to allow the Perl hash seed to be specified. See shorewall.conf(5) and perlsec(1) for details.- Bugfix release 5.1.3.2 Previously, if a Shorewall Variable (e.g., @chain) was the target of a conditional ?RESET directive (one that was enclosed in ?if. ?else...?endif logic), the compiler could incorrectly use an existing chain created from the action rather than creating a new (and different) chain. That has been corrected. Previously, if alternate input format specified a column that had already been specified, the contents of that column were silently overwritten. Now, a warning message is issued stating that the prior value has been replaced by the newer value.- Update to last bugfix version 5.1.3.1 Problems Corrected: There was a typo in the BLACKLIST_DEFAULT settings in the 5.1.3 sample config files, which resulted in a compilation error. That typo has been corrected. There was also a typo in the two-interface IPv4 sample snat file; 192.168.0.0/16 was inadvertently entered as 92.168.0.0/16. That has been corrected. Previously, when processing the policy file, 'all+' was incorrectly treated the same as 'all'. That has been corrected so that 'all+' causes intra-zone traffic to be included in the policy.- Upgrade to last stable 5.1.3 For details see changelog.txt and releasenotes.txt containing all informations for a correct upgrade path. - Packaging Redone patches for var-fillup + shorewall-fillup-install.patch + shorewall-init-fillup-install.patch + shorewall-lite-fillup-install.patch- Upgrade to stable 5.1.1 For details see changelog.txt and releasenotes.txt containing all informations for a correct upgrade path. - Packaging: + use proper %{} syntax + Adjust year copyright + Remove attr on sbindir symlink + Move Samples and Contrib to doc package- Upgrade to last stable of 5.0.x version 5.0.15 For details see changelog.txt and releasenotes.txt containing all informations for a correct upgrade path. - Packaging : + Remove all non suse %if + Cleanup older non supported version + Remove upstream merged patch * 0001-remote_fs.patch * 0001-required-stop-fix.patch + Remove 0001-fillup-install.patch replaced by specific product patch for correct usage of var-fillup + Added patches for var-fillup when not specific %name6 is also supported * shorewall-fillup-install.patch * shorewall-init-fillup-install.patch * shorewall-lite-fillup-install.patch + spec-cleaner minimal- Update to last 4x bugfix version 4.6.13.4 For details see changelog.txt and releasenotes.txt - 4.6.13.4 * This release includes a couple of additional configure/install fixes from Matt Darfeuille. * The DROP command was previously rejected in the mangle file. That has been corrected. - 4.6.13.3 * Previously, Shorewall6 rejected rules in which the SOURCE contained both an interface name and a MAC address (in Shorewall format). That defect has been corrected so that such rules are now accepted. * A number of corrections have been made to the install, uninstall and configure scripts (Matt Darfeuille). * Previously, optional interfaces were not enabled during 'start' and 'restart' unless there was at least one entry in the 'providers' file. This resulted in these interfaces not appearing in the output of 'shorewall[6] status -i'. * The check for use of a circular kernel log buffer (as opposed to a log file) has been improved. * Previously, if a circular log buffer was being used, the output of various commands still displayed '/var/log/messages' as the log file. Now, it is displayed as 'logread'. * When processing the 'dump' command, the CLI now uses 'netstat' to print socket information when the 'ss' utility is not installed. - 4.6.13.2 * Previously, if statistical load balancing was used in the providers file, the default route in the main table was not deleted during firewall start/restart. That route is now correctly deleted. - 4.6.13.1 * Previously, the 'reset' command would fail if chain names were included. Now, the command succeeds, provided that all of the specified chains exist in the filter table. * The TCP meta-connection is now supported by the Tinc macro and tunnel type. Previously, only the UDP data connection was supported.- Update to version 4.6.13 For more details see changelog.txt and realeasenotes.txt * The 'rules' file manpages have been corrected regarding the packets that are processed by rules in the NEW section. * Parsing of IPv6 address ranges has been corrected. Previously, use of ranges resulted in 'Invalid IPv6 Address' errors. * The shorewall6-hosts man page has been corrected to show the proper contents of the HOST(S) column. * Previously, INLINE statements in the mangle file were not recognized if a chain designator (:F, :P, etc.) followingowed INLINE(...). As a consequence, additional matches following a semicolon were interpreted as column/value pairs unless INLINE_MATCHES=Yes, resulting in compilation failure. * Inline matches on IP[6]TABLE rules could be ignored if INLINE_MATCHES=No. They are now recognized. * Specifying an action with a logging level in one of the _DEFAULT options in shorewall[6].conf (e.g., REJECT_DEFAULT=Reject:info) produced a compilation error: ERROR: Invalid value (:info) for first Reject parameter /usr/share/shorewall/action.Rejectect (line 52) That has been corrected. Note, however, that specifying logging with a default action tends to defeat one of the main purposes of default actions which is to suppress logging. * Previously, it was necessary to set TC_EXPERT=Yes to have full access to the user mark in fw marks. That has been corrected so that any place that a mark or mask can be specified, both the TC mark and the User mark are accessible.- Update to version 4.6.11 For more details see changelog.txt and releasenotes.txt * Previously, when the -c option was given to the 'compile' command, the progress message "Compiling..." was issued before it was determined if compilation was necessary. Now, that message is suppressed when re-compilation is not required. * Previously, when the -c option was given to the 'compile' command, the 'postcompile' extension script was executed even when there was no (re-)compilation. Now, the 'postcompile' script is only invoked when a new script is generated. * If CONFDIR was other than /etc, then ordinary users would not receive a clear error message when they attempted to execute one of the commands that change the firewall state. * Previously, IPv4 DHCP client broadcasts were blocked by the 'rpfilter' interface option. That has been corrected. * The 'update' command incorrectly added the INLINE_MATCHES option to shorewall6.conf with a default value of 'Yes'. This caused 'start' to fail with invalid ip6tables rules when the alternate input format using ';' is used. Note: This last issue is not documented in the release notes included with the release.- Update to version 4.6.10.1 For more details see changelog.txt and releasenotes.txt * Indentation is now consistent in lib.core (Tuomo Soini). * The first problem corrected in 4.6.10 below was incomplete. It is now complete (Tuomo Soini). * Similarly, the second fix was also incomplete and is now completed (Tuomo Soini).- Update to version 4.6.9 For more details see changelog.txt and releasenotes.txt * This release contains defect repair from Shorewall 4.6.8.1 and earlier releases. * The means for preventing loading of helper modules has been clarified in the documentation. * The SetEvent and ResetEvent actions previously set/reset the event even if the packet did not match the other specified columns. This has been corrected. * Previously, the 'show capabilities' command was ignoring the HELPERS setting. This resulted in unwanted modules being autoloaded and, when the -f option was given, an incorrect capabilities file was generated. * Previously, when 'wait' was specified for an interface, the generated script erroneously checked for required interfaces on all commands rather than just start, restart and restore.- Update to version 4.6.8.1 For more details see changnlog.txt and releasenotes.txt * Previously, when servicd was installed and there were one or more required interfaces, the firewall would fail to start at boot.This has been corrected by Tuomo Soini. * Some startup logic in lib.cli has been deleted. A bug prevented the code from working as intended, so there is no loss of functionality resulting from deletion of the code.- Update to version 4.6.8 For more details see changelog.txt and releasenotes.txt * This release includes defect repair from Shorewall 4.6.6.2 and earlier releases. * Previously, when the -n option was specified and NetworkManager was installed on the target system, the Shorewall-init installer would still create ${DESTDIR}etc/NetworkManager/dispatcher.d/01-shorewall, regardless of the setting of $CONFDIR. That has been corrected such that the directory ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall is created instead. * Previously, handling of the IPTABLES and IP6TABLES actions in the conntrack file was broken. nfw provided a fix on IRC. * The Shorewall-core and Shorewall6 installers would previously report incorrectly that the product release was not installed. Matt Darfeuille provided fixes.- Update to version 4.6.7 For more details see changelog.txt and releasenotes.txt * This release includes defect repair from Shorewall 4.6.6.2 and earlier releases. * The 'tunnels' file now supports 'tinc' tunnels. * Previously, the SAME action in the mangle file had a fixed timeout of 300 seconds (5 minutes). That action now allows specification of a different timeout. * It is now possible to add or delete addresses from an ipset with entries in the mangle file. The ADD and DEL actions have the same behavior in the mangle file as they do in the rules file. - Added systemd_version macro in anticipation of detecting the correct service file when systemd version is >= 214- Update to version 4.6.6.2 For more details see changelog.txt and releasenotes.txt * The compiler failed to parse the construct +[n] where n is an integer (e.g., +bad[2]). * Orion Paplawski has provided a patch that adds 'ko.xz' to the default MODULE_SUFFIX setting. This change deals with recent Fedora releases where the module names now end with ".ko.xz". In addition to Orion's patch, the sample configurations have been modified to specify MODULE_SUFFIX="ko ko.xz".- Update to version 4.6.6.1 For more details see changelog.txt and releasenotes.txt * Previously the SAVE and RESTORE actions were erroneously disallowed in the INPUT chain within the mangle file. * The manpage descriptions of the mangle SAVE and RESTORE actions incorrectly required a slash (/) prior to the mask value. * Race conditions could previously occur between the 'start' command and the 'enable' and 'disable' commands. * The 'update' command incorrectly added the INLINE_MATCHES option to shorewall.conf with a default value of 'Yes'. This caused 'start' to fail with invalid iptables rules when the alternate input format using ';' is used. * Previously the LOCKFILE setting was not propagated to the generated script. So when the script was run directly, the script unconditionally used ${VARDIR}/lock.- Update to version 4.6.6 For more details see changlelog.txt and releasenotes.txt As there are many new features with this release please consult the mentioned files. * Previously, a line beginning with 'shell' was interpreted as a shell script. Now, the line must begin with 'SHELL' (case-sensitive). Note that ?SHELL and BEGIN SHELL are still case-insensitive.- Update to version 4.6.5.5 For more details see changelog.txt and releasenotes.txt * This release adds Tuomo Soini's fix for Shorewall-init to 4.6.5.5. Previously, the ifupdown scripts were looking in the wrong directory for the firewall script.- Update to version 4.6.5.4 For more details see changelog.txt and releasenotes.txt * The '-c' option of the 'dump' and 'show routing' commands is now documented. * The handling of the 'DIGEST' environmental variable has been corrected in the Shorewall installer. Previously, specifying that option would not correctly update the Chains module which led to a Perl compilation failure. * Handling of ipset names in PORT columns has been corrected. Previously, such usage resulted in an invalid iptables rule being generated.- Update to version 4.6.5.3 For more details see changelog.txt and releasenotes.txt * The Shorewall-init scripts were using the incorrect variable to set the state directory. Correction provided by Roberto Sanchez. * For normal dynamic zones, the 'add' command failed with a diagnostic such as: ERROR: Zone ast, interface net0 does not have a dynamic host list * When a mark range was used in the marks (tcrules) file, a run-time error occurred while attempting to load the generated ruleset.- Do not buildrequire openSUSE-release: it's a daily changing package and causes thus frequent rebuilds for no reason. configure and install both try to guess the target from /etc/os-release. So we simply inject BUILD=suse for the openSUSE case.- Update to version 4.6.5.2 For more details see changelog.txt and releasenotes.txt * LOG_BACKEND=LOG failed at run-time for all but the most recent kernels. - Changes in 4.6.5.1 * The generated script can now detect an gateway address assigned by later versions of that program (Alan Barrett). * In 4.6.5, the bash-based configure script would issue the following diagnostic if SERVICEDIR was not specified in the shorewallrc file: ./configure: line 199: [SERVICEDIR]=: command not found This was compounded by the fact that all of the released shorewallrc files still specified SYSTEMDDIR rather than SERVICEDIR (Evangelos Foutras) * The shorewallrc.archlinux file now reflects a change in SBINDIR that occurred in Arch Linux in mid 2013 (Evangelos Foutras).- Update to versioin 4.6.4.3 For more details see changelog.txt and releasenotes.txt * The fix for LOG_BACKEND in 4.6.4.2 worked on some older distributions but not on newer ones. This release fixes the problem in the remaining cases./bin/sh/bin/sh/bin/sh/bin/shlamb53 1554443997 5.1.12.4-lp151.2.245.1.12.4-lp151.2.24 NetworkManagerdispatcher.d01-shorewallshorewall-initshorewallshorewallshorewall-initifupdownshorewall-init.servicercshorewall-initshorewall-initshorewall-initCOPYINGchangelog.txtreleasenotes.txtsysconfig.shorewall-initshorewall-init.8.gzshorewall-initversion/etc//etc/NetworkManager//etc/NetworkManager/dispatcher.d//etc/logrotate.d//etc/sysconfig/network/if-down.d//etc/sysconfig/network/if-up.d//usr/lib//usr/lib/shorewall-init//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/shorewall-init//usr/share/fillup-templates//usr/share/man/man8//usr/share//usr/share/shorewall-init/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/357829aee30aaf647c3dc20916887d4b-shorewallcpioxz5noarch-suse-linuxdirectoryPOSIX shell script, ASCII text executableASCII textBourne-Again shell script, ASCII text executableUTF-8 Unicode texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRR9>rbN$'utf-87f723bf781c23034662df692cc1d503ecfbca146af6ea338ffbfa4d41c6bde7e?7zXZ !t/ۇw] crt:bLL mq3bL@*?hI' ZjcTq|sE#|-,`9zZL_Xk;<~/uhxYAƨX _-?vr%=첅r_7 "f;Ll}1P?fVK .KfLEP̕LB _88y$TG`p!eo@F/sJ,m`{sdF?a:O5(9F r8X9 ~TqNy,,G -i*m&о5JS@b˭XNO;nZCI*h1TBtj<μ{W#js `4a Q6s ('^w~*CW2wKA7A//jl,س:܍ сPmɚC;4i{(WQ*C}&"m;M{!-Ig>،x$Mh|YжH9>ı!qҨ5n4(Mh" |;qM|:'\zpz7ۙSA1!hTJV _CϫXjt4L3(< UhVPJp4Q` Z55-T"we+]y@rrQ>AH/0 &o7 c>ye/VDGBь6͠楚y3I m3:\j3OMs+'BYA R>7"ʢspYrq8APͷ֚ $'0G$7R_ˤ{5o>DGQ H u#">:^u.׬ u\ v9[L_k3jH0l5iwP%KswH@TLŴ6? sȨcH!ͨ]F|V`I@)XgwW$YX?\{V{< r-:H|GyYCn͖W$:V:*я2 mqS0%ɐ}WjO,V&V`tCa⇹ͅב]xG7- &:~ח1QHA}y/9f*D^^ ~W@i^~_+բļ:θȍ(|L3)d;soLR~mPv3`-ك7ԉMV,xC6E o7ЛK|I%pT@GS}ġۏtֆYp2r8ZT+È|\y.w=ԮHҭn'  kP$K]y~DX!;^^.`b' )iMz0} dyJ{5 " X7x|#wgdUY40Lm4"'<)BIS%*ĺf Zd=S|5?ُD+xe>rf>@5߉S.}\y*{'p3]ȠXc })P1Q^>z"|J&WpZ#D{S.g3©AsaS܆'Y P"uubfU.Ľ8]o?QrdY{X4 y*E#K9|INcZ-5pW'/ix0 d9_j0{)@p *>;\p-#{Uk퉳}.-hwMS &UoV.C [?{)-*]G&.5!Yw$"Ie59El C$:ɯ 2<]]QajQ1SǪes`Sw)Y{iw8@no]Cm뀟ߺ>uY3;}a.v{FO Oo+y>&I\#օ1;6eXj{Iwl{CeR0|@S cP р#>F:o nJj5DcCNʾ:ED]_pS1uO@sl1bGצ;^\k7׈W]3]DlSMPG9amMyR.c=tTJ_wHg,KX:I\ZK;=C|E.z 60b!!d'ၕd?GNB,Ri/ŗZݟg&'̓WԵJ9sفRZ;DS[ꕶHiUϲ~C|1ll:1,:HUSOAml& -ؿ*kҥY4Ǟ@.X B!5'7 dNu~˅Bسx`7v0|;돔j 陁i-l`B X7".0 l8r*]7%&ccjRC#`(,77oN;)r#.8E;f*q XxD=t "bW炼ZוZ.E2ֵ!;OwO^+f} kHtv[rU:MrU:!8u# ȴ(צ,sizQi|8uP5X⯨yQ`Y2K L4eL$ëG0vyl ZzzN1)b_Vr9+DHcR jWsҨ[>Wq$۷@) !$h1BsB£xEeyф@N(69NξuwLL% JwmS?!fig}Zl--b&`xf찔X~b8CWT=b*n"@R(@\fpw1idYt\[,>PO=+R []$1_#W?a oUt}2eԡu6E#jВwrh b{/[|q]B]|<]-]eNd-iÌvb+jr B%Y.4>IʹvMEYTIo fA iHm ћ0w}^œ2tzPuOӠ? 5]̸}Y*Jsg䮹OBƴπ@ᴌ흇ۢ%uj4.F6+4Z0 ɷ1@Md*ǥR (xhqzʸgKr _Km}"9S}_ю~^b~z.H:D DF;1ͰufEIs SKOYXV臵z,'? 2e(OJX0֛D",f۽2@{@X,ݫ<ٌYUsj+% N):dVsOFinHFa*m^s*_ҹmC%)D TSwUXMتN86Eݐ)' 7cnFe(fOt?2ӛ΀v6@{nL סʥ!Rc} eV*YG"d |2Z .dNfjv¨pZ{V_>:bOTJ~gl=ETA|!r W7kA 5YUJcn8'@K/rǠQR@PD2 #K/xm &p4P%%ޔ b 5zkBHJbQbi@4.O⾵sٶ3v5X-)~%@}I]|0tT:~%: _ ӆg@8~1b%ƅەN\}=}'Qi["z2~܋JRm%ц\ Gw`\j((C{AV[۠l28G1^9tͯFettsm0pz\cp㪘 c[i_=H3v(WA`)/6Yh]H &dDeVPwi\N(@>y-HIC8!k+f"{rH>[!1, >U֓[Т|PeqmsEh~J25=7IJ"8O%v\s".0LwA y863%"@&E;0=%^|m֎9 T&[/,I/9zj  /H-_@ p|)n#7NL85!9'U ueRBl{M5d.GPX@+(Jx-A\-]vFPf,(yY bv7!^8I azC_; Yor#vC88(#ZgcaiUj EQEg!7VòdH =dA\MdJyN$QժIz(??dB;:D* զfc"'6:H;^* 7fqΠ4ucri> 2'nCI]1km;!5au#cQ˳ۆð3HXQjSo@l*׆4f}2>] ]!(D}ŵ14JmM'WX͓"ֱyo0YN"g4M#CdNj}"%G] m$tAI* EI3֪k0'Fr{%QPX,oʩ2߼.%.| .Th|ARZm"ɉ^94#+.gm4ckͣˊYIn/k'o=!wrDN=ÛݐAV1l$4O䵠2sj$oBAiER}%Ufz&韅=.s{6E.\`eހ&R]_YmqKc#JҔDQnL^Otw)on?"b岠LI٣IG q_;o" :H %];=Sz7&6C+9L0MhkØu2SNԦ US:&N<5 (awYuHN:@HN\Xc~$?t ūDYkY\ZN/ub4N< iDz D jci9 pHo@Vp! Xp|z6\:T%.9w( hu?#?ߟwRsSC׿龊W 2vT0; a +γL%A 'bY4%_z~}#!B[Ť<%X-yŗrNڶrp}x4)Sf-,H$rmkh-uqpۯ@8EkA|{|IQcK?2Li˨my_To;3߹`vzCB}0!X=yt%xOb$,$p^(vky5E3ˉFB/=lQե 7zܽz :䂼z$k5+J2Z%~8$-HG\J^ęIN @1g@fطøFNRi̠1&X/Ca4V -t|]KOi| mv-*\k24OTxL'IF %^6#j?}aG;G@J>c­g;XFpEYʻƚ>>S wC*  ܇BDy5#zGVCڀc?N)|2T6!gpp>'Ta\8 {/w>t:H$}W|i g}:/ Nfiʬž*` r8mT 皧1aIBd'$,h2+l8Bf^a,Tv 7K0Y =C. ,/$;rO8!"cxa T̳$J%r<֘nE,w/́_[9]r ˾[Ea6]]"}to)|o@K1R\S LqzdbvUAWm6"r҇Rh _d;-x`{D8}$I7;C2HfyE'Zv&?g`GVп/Em2("΍)ٮ(WcBU*Q# çh׶auZZ9>@QkUnhsn)3oYlny#@lֽsFi57QY.>0v- ;Mnʽt&Pc˖\ \Jrn7KHXў]j;G x]^sc ޢ+&;zc樐ܭcKs5wi&McY̪ۘJIf)Ǚn҄9,ܧBÎVHn (_K)"@أ!AT'NVK3CH#%*Dw 6=>Թ%|gY:wl-+: =&ddM?{.v_n""QcGU H;-c@yNZ?jC 0J *s-Fg^I/n-AYbΆ ~FS~XWQ){B2:Ӆ:Vz=TpO>#H{'(xyAY!:/tLw^[̞v0gܞ+ILOHw8 kVTkI;bs --.珵;{T|fŒ;σK;5sm="#3p ďwIr3F* d0 tO\սcS-tyLf<156j"V_%YL#^Le߀| 5-+8Wyn\`7o]GcCDˀ=LjdIl+i嬔q.=@LZtȊyS~ t.s{zXy޳YN]t\pVM!⽄/]qmd'-ݖ {fȟar./9arȬ Šwg} ]}P|4qd M~LLf`"P? |TpP^?4iq77-KU9QIQO"ց0x H\X!K,hnv#j(٤ŢR;K4؄Zhƛfc\/I tOX5oF6tl,-(>*"gkiZ0\w&ilIQIh ul3$h*a0 MVͣE1Y/Krݲ-ϯκoh|"sII, z~:O݌zp8GW ]0}G5p|:` /Efd?h.Ɇ"PLm=(׷@S)Ip5{yWT ZgS+$B-<بg$eoA&BH͌ڻr."HX\W,k~U{Kt-]`"#Y~z:<Џ4>js=^3;/XVPf`Q`c>KkSuڙ2orTZк@u]_,AK9E{Xs#p=ώD  N/?O&xN㛉<mw*3>P(aJlZ(.!2v*;ܼ>TT @Wkq1ꃵB#t3-D[&9ITY0Vaj :XtFnrN L0^z& CbvߟT,7$!\8;F7g{gDK'kyf-.=7N1˩j29Mc'ty}yv_9ܤ2QT}^w)| 2ܱWd},O '0{ijas+#l5ճҩ#>u 2ىU'K.쐢/64irQp( Fk ϧ Kql1gcS}@ @ĜGTHpar^otozw67~Ưb9wB"q FOlq!p p1r-%+W%1pl6O it>J]n$L|&8y(/'U 2 ٱvzu@lHF6a|}k;țUGcQ,MOZ(7r%ScD,7`=+Wn. q9Jdt.<6|+rT#{-CynsܐӅ|>f%mtnxwAvtX<00:icѮD'ĭf4!õ);9É;Ҽ 4k >TjMhŅ)yW2(ĸrmʨnӷ*ox^fwYtd*Cq dwdF3v;j87g߲y9շ۴{+Z00p+K<,k2}b!7S<` ŗs<׋|r,0QyULU lJ5ꧬQ !̢v:fE!fy0aqK}|FA;5*Le'*R^YpK]l$^Yw##Wt& el)`ȘH-5Q10u?ywG-Q"E ^ej_cepXTCcEc{s !kEj﫾pW:cPAJa4*Օ6SV=N BGX ]lI6Tdfxލpx2{!=ou r)P!O! 1E wTb=4VLj2=o}98K[:XkH1@zU3OZ՜ xl7>oՅy#ZFjkO ׳ԝVYlͨå%J~бcq|n[/*}vsy|T l JN+;ttSϸV/L*q"#:8Jl zGK Ƭ]B`w:U72+:@*2̜9Ӵr)N *Fv:EGpWљ`<鶖Ìj"YG׾_S 48u~^ʮ~uU. }axkQ4j\/|җwu&B]D,lI)xqb $(1Cz d- Zg29%u~TN\`w&p:<6оm x9$'X\ QL O]).*J2Dߔamy0B K̪i}*rp|sUmZ9Q9_?YTzF^ dy->$Z&8yPfj*Α/}0x,A^1`W7AY9oNodoG./0%T`w2<PCP3rNgﯸWGSP]҄@ `O>t{"9Qު [_YEJ-$&* q /ArQmIIf5(&0]?)߳V\]ܵvT5juPӒRo "ܛRȯ'a*Aw(R%YcQ'Zn_cMB9Ѩ9O !n'{Y4?Az'cWm"1WZ[x(C^.qv=N¤tM(MwK.x=Eaف7LlZY#+9sQhoRx6n~GVg<ǝ[pO,/R!\D% ~W^ʢ`{m l՞̇g`WͤV7,!:BD8/^90nFC- ̻SoK;4TFߺ3@ Oai!@``NN_Y {<`PNi5 -ǮA Ѿ_@xEUK+<s ,{RK&TxU!P2YQ'? 00\Ue+"+zf% UǢdsN@pYm8w@v2''2\6hJ^gqN;G_0P!}u~;gih^*.C $V@K0|/YGX'{ *}6Pei:niH>ԧT,xQu?y8ћڧy4Y.#x$J*h[lW̆,X6"ʎLPz\̧Wf,qn#Qo1vMͪ)-4^iKFwr Wf@Ie I x,Ͻ\K?P%%([d!Z+Kƹ&޶𭦜>$,;V>[SA19IQTKR9 'u `6(1~Iw,AE>d9E/łSF-Бfp*W+[`tBH\_XF$'+-A J5d{ p@ؾso)Bj'7I(oِ<i`SF@3nUQa/apZ\.[z6Zd]t3/D u9 NZٵ{b.;|a(ڔIb*š:_ZX;Tؘo&y[Ċy hD#!|0ϸ)6g^iO/fPI'm}~Ͱ*بB%(e{ryվǠM^ɁnH[ĺ7Ic#aLeYIqG* ي6Nfy":vL&um[<6 |hJ7]gW%1|d/WEr_U[7*߾1>K/6x$({L!7ѕ Jk)y;z&.i2{+F~FM+/ .P}p0ZcuQ~yP(F} 1J-rtD8bjmqxO.u$RgKmpz^R#0̟&l<#mQWP1O-_'ɨ@8TI_):5 MOk1o hJX>=oUbXĝD&2uT\iH\ }Z_ ţ]E=/UfƗu тh۵\2M>KE2,fۑB`K@Ka,qYUC>Hȓsxnp|{e3y&jS6{lYh/`\sd?kF=_6Hne c&7ۑ@u;e25LNZMM|и!`T"DS]νa1f8n?^Cw%PЈk},&S3nNo6>)n@Nw1~224?QɜB/Iy~NEGWb`-ҽÄ<@Lg;yt i0eL^N\:. WCs_T=AH"SS2w ;ɘ|ꃜL2PRrMF'MT8Bͻ @sN& e:ΊSe,]K:miu©O<ՙw7mNNm' g U'Uہ o37}R^X6/@oQ*'龙k$]E~)u[39Jz+u#L|'WYïy>Wݽ cKQZK\b`'GIN=CA|wTE }7SZ(Q!";͊_f1 F/R ?e*lo]͞ՂӷsuRj/HbHw \)hԃ7TIe5czA\2`]q6P 5*R2d Yg`4/6n]jKnN"Aq\4{ ?'ڎ'!<^87{X'5`z0w[D|Z H:|:cӟ&m'C%'&;ؙ8 oh׊%׾~]5XC-89!kss=k&emʏy*jmZN~  =LlmݕOO>kk cF ^tvW>`Z*aLI0Zg('ҍk :""i|^+6kx: JY.];F툕X)ʫݞi>1[~*1!kȱV89 U}u}Wn?rq(\_?Aq*5sJJ_:%%Z ãI|K̄rU*ĥjk 2pE[:R02]mP0F.e "pbܢ8Y{k0Cp'B.:zla",bIb"vW&^T90|U_K͕.&ނ /*$F?nx@\t<9τ޵e2]LXSy?v UG =1<H绸|TɋYG"NsTJ p ܏ /V1Z  tMEIpŸu~#v'IrI —GQKPbXhXM2oi9$c!75R7e,y:wbU~UIב2C\(ǭ$Gyzㆃz7 V'"4}*cz'|.JQ6C"IllEK#(fLWDu,Πr[T#0s1R3vU3Al*I ҪZǘhjg% hj*%J-2qP6t5A hbXGk⧝+AAi)ϒ]}ń VYU/48,W\-`Z}Ϲm̓}0.o -#uy%_srrWLM& ,QB.u~!¡(IٰBz M?JFSi.Q+ld:]ՙaV#@$U&ti/& ].R(k)$|܋ym334o>SDbeWg! 9qPMcc^se,&}emv'ihv@;@4=yrt*pE k{:e)zh+=r%1 F{Ί1gJ0&mViHl1uQD:C:t񦳅WD@7>x%ΎrW̔I!v[bn*(A38f'aWqNj|ٵShG}j+/G')IVjcPs5HY>Lfq; mNEf%diB -Xָ d5t4kX*2V]V&iRHs|Ksxd rr(U!%V@BEEd.M)U'$v#ֻcf \v o=Q]|Dǣ itfJsO沎h xD^> 9RUI +b#_E?3琧=@TDf]?;XؤHz#v1!D[켈[//L "J@/X%ʙ_+E]y<ԙ٤yFH 8^0^5QCh>-J :zR*S'Wʷr9 TU^= 񇨕OQ3 YP4g -Xs coWObqG3*ŏAg^'6^x%_KӶ8DwDn^IF  fU|1 $wKKMٱU,UNߖ:֚P7 L˫J +O]9HЅ1$IlN&(]߄ޏȕxG3 Ң%|o[LWB hnQaMCp=TqDk^gr_,\Q )YcDwiPuG_E~+Wt9X׎SZ5zɶKka?6е5b⍰1B@0%:Pcݨgd_p/][/|՛,؟gH+7٦$+זրt҉}}ռ9DA!='1Wwi caٳf)]E_'QN/ y;nGt-|6p)T5pVZ9(:s\ᡭ}XHRC£ih ٧9Ҡ^3Wd#}m.ՄCsӨCqc8ܤuNӼ 3 Í7O |M;;O|Lle!HII{S{daY{/dGmo2Lesnklo ]eR3y{7p􇅧],E O t]z撎V9ckSq ܱ,(4;&a ec,KDU 2pt .vQn*'z}n%]n8TdKT;g~Te`+OR>˽?T'uH[xB(D4X԰ʊrr7autqR{gϚ/5vܐeޘDՒ.֍f+U}Iak,Ҏdm'K8 I)˸v-~cQ 6apQKZ>׬v{T@옗DC;9s'M܉+3"@N" ]m F,4 uA0ޔrI3Lo`R%+suf Jq3s8p)غF8W *ĉ)l$gFӪH+W(HP}XƂ\\ Ӈ3]YݹӛZ5[A6e?⟋ z2vx{8HM6Gi4"kJ ɺG%ZS G3_1^߇GWF{ n*$vIrme,:Q)V0-pV[6LDݴ#+N&Nc; IS'u #pdі}q5)^l X>k|= DRGk<_P[>/L0u@[$0/f:+[OsF{C&E񥅳 ]p _Cx0{HHςAF?JCOYymCEyMudTFuu9YfN5&9ٽ l$<8L*JPuAPZ'fx'-?]m2cs;7'W6_5)fj=/a,stFP$ox C!>~/ލA,8d Ԁ\k%xSԞ׬ %Y0bWVj,fpc֒X]=g@ oNv,\S;4}Յ?E;_sEJE Ja7E_/xieoh9:B)`ERnМ׫SePJ Lg7 }i8гuہt #1y?~e~?LӋyk.hco$(ٴ\=*.Λ5|cDN$_MGM-7]mu5RIo"~ _Lq+{vZ`h = M3Vϒ\+Φjh<kǁ~7n[(1'ɧC- OK,^w [-o;*3[3K]v(o,2ge\ ե H:YNu21z=mi$<!t+s(d0 @,2xQIwtV#́s(pġ->$"I}N`,ox!9\Lk QpTJᑁ/ V 7J)6z=aE7:WL7%7=aF֚lrelui_-Op৷!qqy͉Z,-sxQ!hiذq5K7i={K.?;"yveIDcRxs~_Zhd~iom?U5/J.Z{mR8̏Y-FN5*Ym JB[D+D(3C" !2Ǖ玑?ܻo_]T#hanjY e VcR7 a?!NH³fdZ.:"D¼oPط9hfL>% eo`fKM(o0p چQK ʒs]›OH>ր%W@jw3|my(=O<".SAwt*Q~L{bqeˤtVT"*2ŎSɗU[u3  h^NmNSDt2Ǽ#+kBsZ514̨Badʜ7r"|KɕGUqrzǰPH ͛H [|to_; 0%DfbEV{ 0;yf7.LflVv0e㮾hesطn_jl!^RcS֣KN ]&hQ+(Je퉣!0դӺ`ac@(1M6Έ3;m_6,CB?}PnHְQ *3'O:.8VC-Fx6~_Up}h߶/0l> "16ˆ< @H [ O>X*A~hr&BdH cC?h=wei/e+U sX#_)ۜ S*iM}mq]8jeHйS)PU5&QՖȳ; A;|p!O\3/9C#XsX Yܨg IA>-{J<)(85GZ[P !rl(u`o4  W>hHG.7I@|>؛+۫%7넮l)˯!_̬3Y51j'L=WfOxrjM?nO4Ji*iB ;/g H/}!B=jCV>ݸ'C;YngypNR@ȪĴsxapѨOۙ͞ N~q˖ gOp2,=5KKݽ]'IBhXi}G `V.eSPv|U!Uz;GR'f}zmq2nūM]?ꈎ{z XE*$WI[2N#PhS@0ଯo-۰!G04UH>RSk#gh9cڻ_'pKFcE+#$KG\72*@zͥQZô=+̜V2#Dh&Y"[q\&^CBa`nJP,6Њ ę =pl)H>븛S[аBh쭺b3[#`!<E5@VuJzA1Y 'a15ٯ(}ti+3aP7yp)vwíR,fŰlчsW7R*y̳Px lҴAp7iK潒eV/` K!8y6 q5fff631õ( S/\eMm4Pu}4u!deIJf ȩK#d =l=Rfײ**LZ]ٖiǵ'<[->/1v")#QaC'Nݩ%@[';sLH0HUͺVU';'h!E?ζWqVof>>ㄬ3ǚ`*xo1u5_SLrѹnZ|+=x􎬾I^TJ!D".i9.' 4QUbg5HM8o&.qY6bc,oGGAk6Hv1]@ZX+ub7rMFq %6qJI p1syFTRr|ElFgFK=(&eܺ#(_J5Z%ԡ); L&Cw9g./Ik`*ToS@M}>,;f7$ZX<|-$>Ի+[IKh$Z vxRTțsqo#_:R]]4]̐69I* GDxI"= 1NRc5=c43oY/(D 2 /G S)w>|7֌@e\BBSI\PQğ;[lIA(WOd4Ҫn5Ju_gs-d)xeK^(BBD2 UL9M[FL"[_2jZZv 6U-{_JW9j qFfA37``pM@D~BvЄ Հ=@_pCnq̫ι \[frVk֗ i['^%?XHv;@59g]!ؕhȴkA>w2:3cɻD(t@iѓJgW5WpFTg[rt $N~i\pT 7 "#˰Odо՟ lƘ(*z>>65(e[u,6H7Hfs{vW9oԊ̥ Sd|nX( wңuFWЏ!~ݢϒ7glD qQ( :q4nqЂt'&I5 3*ZBQr?D<#* l),*;2e,x 2!˳3X4\o`Lc(űz>&Wj4bey.'{f0q3RۜmoNY~m!XֱJ[A8g{ N~RǩJeB U'ӺaFE MU*Ps/6vgr;è zc o.=w0ǧ&x+Gԩ]#cүf>dX;iJGMKlbm TT,T!8h\OdXtQ.EdYy2Q{<&Yi*x XПy 鴿Yk>b|dd")ĬzxO'u+o~,8H8ʊZ~anZM̃3)$aÐwƋømȆ3e8 Ju-F6w)uhfz(T4-Hy)F`j Xm3݀YGKZgQʨM+,,9Or8رAg_(Q:٦o'H_\^Bհ"sШ8kڽYxyf{jE~=l5z1:~2\|4w,BZ= Cᅣn}¬x~*L 39Zj*Dva<@pvDccB(WaY{q+hPg IS)He dvY u $PK$"b=Z^jKɤfy,W2Ḝ2Btg̦۔[|ZQ,6t({iɨ5Yp%#4Ax+͏︟{a\[ϵ8<^I;!pjfLw37tZ(Ò_@g}L/x2&~*묉_;i~[nT*+VփT*f~r+ k0YO-P!NX02~jsaP5}52IoRL&TH\±sBnoa]AXOF-MomWT\t~Z&vmzeI| 0I(ɬ }τ]QEu:[y9zڦZUy5%{ #VbN 72LEZ28*Rvm\'j[ <5~cYY.U53V-q< ‡)LD͒?*EcҚDY .TKۜry%@!<pt P&:Z\IV.cx[Ƃay:lIlLfMNY޺!u馅k[тIC4ai W巏#Ɂ΍x;:4`)`wX{]w0ZEY?(F H&㘋 ]pÌ{५BQYqCnzptxګo/~hKϻ3s}!{m?C% {;N.1:"zN"d,%]΋nFyY H5ב>`|J v&@' eZ%n+ORՔϢ؆kQAƝS{I1k&~[N}TC'qb@|V71Y6_`NCćd@Ep%ݨgVbr < Bu# 2S\D> Tܫ19k$N*U?$ͯa>EZ zPh&c<:SAͬdUZvϠWqbn2!Tm!nxDs걩o6ıS @NT֒nc!b<Ȭډy̔3ª@wwhzh]rmZkFgȾo~>Q@) ~nЋriy{6#Dh Ftհ&I-W9\ᥗǬNZ^7I\1۫nUұ?)xnP`80v|}r5z]op}k0X3T2%&}kSj;T8]$Ap'Ýih>hR{m00&Zm0cYzh qunDUZ [ݙp%DoQ5v>oLinhceZ!p{9kw%9.%ƽ" 5( D<eo(XU'O }K6R\_ͣSddX)9^v甶Ӗibp= ]#Z hCp|`3s#i.ȔUeI S_\'t5)+IBW=Yɦ.+ߞ] l]GiqV,k6h/nJք(mV WY@-DW) W<3wC*@ [jq)Nj-D'A[EqC!v| 8Ur;Fmwg Ш8a L lP7&}T6Q84_r1>ƂլQ]r^%xcOasq\SJ < ѕZI4Fx([DTaļ+pVHGrY;&HTuJ?E]b F瞎L1GLf'N S @e>1_unub-)늊)( JN~ r5!}{ k]ra`N.x C%SAO-,W)N'>R`k*5z[P VxI}MQ2`2!{OIhVЃ/l]+ yllGiA2Y UkVHјz; (fVb--> YZ