pdns-backend-mysql-4.6.1-bp154.1.33 >  A b|i!M@eeencO_4_ԄZrvCG'[]벰x]bY5K#|Mm5=[a4PN] n|ٷW)~RF.YxF[V KWre\TebQ |n,22<3l+|p-7%cFґWy3dat]<2aԶIKi3e!RhTs6eEa [R9988e9658c27c661e0ec9c30c3cd1e351c9d64bbc05eaf1fad0b5fcbe2baa4a2054c58e33421a39f6fc7d7044439dc7e29b139a8b|i!M@eee^ m*^Z2Ak`Wq0ⰵqP<@;[w#MMz`BVmbgb53.zNywNb1M0ByP%عO:čgp5{ h('^O8iDyayb23ݏ})~ yDN0qAXSd*i7>zhuu mߩ;07kRjɀ<^H{X%aB|j?D+Xe40P>p>y?yd & =' Ae      HpX(8$D9 4D:8DFu*Gu@Hu`IuXuYu\u]u^vbvcwdxex fx lxux$vxDwxxyyy$zyly|yyyCpdns-backend-mysql4.6.1bp154.1.33MySQL backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the MySQL backend for pdns.b|h:obs-arm-10*}SUSE Linux Enterprise 15 SP4openSUSEGPL-2.0-onlyhttps://bugs.opensuse.orgProductivity/Networking/DNS/Servershttps://www.powerdns.com/linuxaarch64PAtG/V 큤b|h2b|gb|gb|gb|gb|gb|gb|g2f181dd4068a2ea59e74f234b4d76251d2d27d0e8e73f01cd2372635ebdb2cb1d346987088607845ccdca47590ba23aaac3e4fe7b6c29ebb40db488740e4544ed5173555e51dde6862bfbca847d66a5122dd9bb6323538e100c8f18e62d3a03e506ab94c48241fa6d48e3ffc5a69fa3940d27ec4abc7357a8a78c6d2464fbe34fe692ea2a767b8d3087861366eae702fdcf25cabb284e36897be8b9853da65bf3fdc6537a686328b8255825bdaae3d067016bcdb6da59fb3db47b185578c97752775a0ebdc23285ea081a549cdcc531ed50d5cc0baf3727e719f0e907efa928e65ff0f50a5b12e4293334d793bc7a544e0b7f13d6a358f2a262724a4af39c762rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpdns-4.6.1-bp154.1.33.src.rpmlibgmysqlbackend.so()(64bit)pdns-backend-mysqlpdns-backend-mysql(aarch-64)@@@@@@@@@@@@@@@@@    ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libmariadb.so.3()(64bit)libmariadb.so.3(libmysqlclient_18)(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.7)(64bit)libstdc++.so.6(CXXABI_1.3.8)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.11)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)libstdc++.so.6(GLIBCXX_3.4.9)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.6.13.0.4-14.6.0-14.0-15.2-14.14.3b=a@a@a@``@`!'_ܙ_@_i@__[@^k@^@^@^@^`]]i]L]B@] ]@\@\@\@\[[[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Michael Ströder Michael Ströder Michael Ströder Adam Majer Michael Ströder Michael Ströder Michael Ströder Adam Majer Michael Ströder Adam Majer Marcus Rueckert Marcus Rueckert Marcus Rueckert Marcus Rueckert Vítězslav Čížek Adam Majer Michael Ströder Michael Ströder Adam Majer Michael Ströder Michael Ströder Michael Ströder Michael Ströder Michael Ströder Dirk Mueller Michael Ströder amajer@suse.commichael@stroeder.comkbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- Update to 4.6.1 * fixes incomplete validation of incoming IXFR transfer for secondary zones for which IXFR transfers have been enabled and the network path to the primary server is not trusted. Note that IXFR transfers are not enabled by default. (CVE-2022-27227, bsc#1197525)- Removed random from --with-dynmodules= because randombackend was removed - Update to 4.6.0 * New Features - support for incoming PROXY headers - support for EDNS cookies - autoprimary management via pdnsutil and the API * Improvements - add zone removal to the zone cache (Kees Monshouwer) - docker images: Remove capability requirements * Bug Fixes - pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt - lmdb: check if the lookup name is part of the zone (Kees Monshouwer) - lmdb: fix records removal in deleteDomain(); improve tcp exception handling- Update to 4.5.3 * Improvements - 2136: improve some log messages * Bug Fixes - lmdb, check if the lookup name is part of the zone - pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt - improve tcp exception handling - lmdb: fix records removal in deleteDomain() - 2136: apply new TTL to whole RRset, not only to the added record- Update to 4.5.2 with bug fixes: * bindbackend: skip rejected zones during list and search PR#10968 * make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones PR#10964 * api, check SOA location PR#10962 * improve dnsname exception handling for SOA records PR#10952 * improve SOA parse exception handling PR#10792 * try to reload rejected zones in bind-backend once every bind-check-interval PR#10778- Update to 4.5.1 * Fixes a remote DoS when server receives query with QTYPE 65535 (bsc#1188495, CVE-2021-36754) - update keyring file - no longer builds on 32-bit arches (since 4.5.0 release)- Update to 4.5.0 * With version 4.5.0, support for platforms with a time_t type smaller than 64 bits is dropped. * The ‘zone cache’, which allows PowerDNS to keep a list of zones in memory, updated periodically. * Priority ordering in the AXFR queue in PowerDNS running as a secondary. * Small improvements and fixes.- Update to 4.4.1 * Improvements - debian packaging update #9965 - dockerfiles: do not claim equivs-dummy is built from the pdns source package #9953 - Fix missing #include for gcc-11#9952 - lmdb: Do a mdb_readers_check to clean up stale readers on database load #9946 * Bug Fixes - fix TCP answer counters #10008 - run deleteDomain() inside a transaction #10039 - lmdb: do not reuse backend that has seen corrupted data #9985 - lmdb: serialise LMDBBackend construction to ensure only a single schema upgrade is attempted #9949 - backport some asan/ubsan fixes #9923 - pdnsutil edit-zone: do not exit on ZoneParser exception #9912- Update to 4.4.0 * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! - 9070.patch: upstreamed and removed- Drop GSS-TSIG support in the spec file as it's a removed from the upcoming 4.4.0 version due to security issues and lack of testing https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html- Update to 4.3.1 especially a security fix for PowerDNS Security Advisory 2020-05 (CVE-2020-17482, bsc#1176535) Other improvements and bug fixes include, * gpgsql: Reintroduce prepared statements * Handle the extra single-row result set of MySQL stored procedures * Raise an exception on invalid hex content in unknown records For details, see https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1- 9070.patch: backport compilation fix vs. latest Boost 1.74 based on https://github.com/PowerDNS/pdns/pull/9070 (bsc#1176312)- Update to 4.3.0: A lot of internals have been reworked, with some visible changes for users. If you read the upgrade notes for a beta or RC, please read them again! A notable new feature in 4.3 is support for hiding DNSSEC keys, which makes it possible to do algorithm rollovers. This feature was contributed by Robin Geuze of TransIP, thanks! Another interesting new feature is support for automatically publishing CDS/CDNSKEY records with a single pdns.conf setting. Please note that 4.3.0 comes with a mandatory database schema upgrade. https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0 - refreshed patch pdns-4.0.3_allow_dacoverride_in_capset.patch - dropped subpackages for mydns and opendbx - change run directory from /var/run/ to /run/ - pdns-backend-lua now has the lua2 backend- guard ixfrdist support so it is only enabled on the distros that have the dependencies- add ixfrdist to the systemd macros - add instantiated services to the systemd macros- enable ixfrdist - enable lmdb support on Tumbleweed - new BR for libboost_serialization-devel and lmdb-devel - fix configure option for libsodium- Build with libmaxminddb instead of the obsolete GeoIP (bsc#1156196)- Update to 4.2.1: New features * Add SLAVE-RENOTIFY zone metadata support * Add configurable timeout for inbound * for gmysql backend, add an option to send the SSL capability flag Improvements * Register a few known RR types * bindbackend: use metadata for also-notifies as well * pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH * API: optionally do not return dnssec info in domain list Bug Fixes * LUA view: do not crash on empty IP list * API: Accept headers without spaces * Avoid database state-related SERVFAILs after a LUA error * Fix broken edit-zone and other features with the LMDB backend * rfc2136, pdnsutil: somewhat improve duplicate record handling- Update to 4.2.0: - New features: * Lua records * ixfrdist * a new LMDB backend - Important functional changes: * the default UDP response size limit has been changed from 1680 to 1232 * the autoserial feature has been removed - pdns-4.0.3_allow_dacoverride_in_capset.patch: refreshed- Update to 4.1.13: * #8157: gpgsqlbackend: add missing schema file to Makefile * #8162: stop using select() in places where FDs can be >1023- Update to 4.1.11: * update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END; - spec file simplifications and cleanup- Update to 4.1.10 with security fixes: * fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) * fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163)- Update to 4.1.9 * #7922: by popular demand, the option to disable superslave support has been backported from 4.2.0 to 4.1.9 * #7921: `pdnsutil b2b-migrate` would lose NSEC3 settings. This has been corrected now.- Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.- Update to 4.1.7 with a security fix: * Insufficient validation in the HTTP remote backend (bsc#1129734, CVE-2019-3871)- Update to 4.1.6 * Prevent more than one CNAME/SOA record in the same RRset- adjust buildrequires for mariadb 10.2.x on SLES- Update to 4.1.5 * Improvements - Apply alias scopemask after chasing - Release memory in case of error in the openssl ecdsa constructor - Switch to devtoolset 7 for el6 * Bug Fixes - Crafted zone record can cause a denial of service (bsc#1114157, CVE-2018-10851) - Packet cache pollution via crafted query (bsc#1114169, CVE-2018-14626) - Fix compilation with libressl 2.7.0+ - Actually truncate truncated responses- Update to 4.1.4 - Improvements * #6590: Fix warnings reported by gcc 8.1.0. * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof * #6685, #6686: Initialize some missed qtypes. - Bug Fixes * #6780: Avoid concurrent records/comments iteration from running out of sync. * #6816: Fix a crash in the API when adding records. * #4457, #6691: pdns_control notify: handle slave without renotify properly. * #6736, #6738: Reset the TSIG state between queries. * #6857: Remove SOA-check backoff on incoming notify and fix lock handling. * #6858: Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and geoip_id_by_addr_v6_gl return value. (Aki Tuomi)- Use HTTPS links in .spec file like mentioned in PowerDNS announcements - removed obsolete 6370.patch - Update to 4.1.3 - Improvements * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi) * #6130: Update copyright years to 2018 (Matt Nordhoff) * #6312, #6545: Lower ‘packet too short’ loglevel - Bug Fixes * #6441, #6614: Restrict creation of OPT and TSIG RRsets * #6228, #6370: Fix handling of user-defined axfr filters return values * #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) * #6654, #6659: Ensure alias answers over TCP have correct name- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-develobs-arm-10 16523203144.6.1-bp154.1.334.6.1-bp154.1.33libgmysqlbackend.so3.4.0_to_4.1.0_schema.mysql.sql4.1.0_to_4.2.0_schema.mysql.sql4.2.0_to_4.3.0_schema.mysql.sqldnssec-3.x_to_3.4.0_schema.mysql.sqlenable-foreign-keys.mysql.sqlnodnssec-3.x_to_3.4.0_schema.mysql.sqlschema.mysql.sql/usr/lib64/pdns//usr/share/doc/packages/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Backports:SLE-15-SP4/standard/c45de056b2257fb72c9a937cef7665e6-pdnscpioxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a466f9350a3bd8b074452ffe88a2aa10202cc1be, strippedASCII textPRRRRR R R RRR RR RRRRRXmVQR|=؛gutf-8e0457001b0dca3bbaf29d607894dd6af4b694898d25ac9113ade46e0892dc433? 7zXZ !t/0O] crv9w Wlw@}ApF7 }cVf9V!nvh؅*L.P+Y 3swMs_hg͚.M넴$W9{!Oz]DA !OwOպss ziYmġ( ^ ahf dX{`J!y27YQu9 xX44j'`>8u Cꃒ@OY|Lv^ qM>[v!>:V(71Li_(GO)ᜅ?< xFs9 1早ՕOՕztm2Dau+g\ZuIG)A]Y͛69:n/F?(d~DqntileXuʘ*S̉wrgLlO\jd,B(" e-C)~5̺ώo0=b&?ʉOi >s;Yxm6dVi4x0{ cv/U'~q6{Ů,ʺ,cwGKX4Ʈpn8T׵գ\T6z2߶P4A_ĤKoVbgK`,k7+m~ƃ|{6C=?|=:MDOƲ_vOh-8 y6NHy_sLҮ LǗزBX$/F'JA2cU@]bugNP4^GkulKcCGp hds ?g8[.}Kè@|o4 c- },RH4ǰC4`ewӈ1A9 ƴm;X ,cCZYxb>Y#}xAC5G7 4Z^̤vf_4Ɣs A."7E5 @ A//0ʃ%8/ 4Z 7L#80l?>9'N )ßM]6-FhIOI_96=c`GgK7{4M%A~NS"@.Cɗ:ȷH W{ 湓c8gՖ(p/?lQ@꽬稳V[4qe-{tN~AE;Дn|+zݻV53Ւ8 4GUlؕ;> _;?1`}WusYHt z0gO,_j?؎]`0Y<ݍ=ЎReU10OxtZ@H֠$OD-t|g12::x"oOj2^Ly ARzxEI.Jy<5;y\OӐnWSd%*.׷8Sy&m#.yTk-.GNltw㳛`9ˡݬew"CI棧 ycE_4+/y(pB> 9|~Tͼc^PjP0oY%^p8*t#ZMӭb?:mC- bxBƀK* L黂i(k;s\m˄btkv dfJ+yZ]]#+pF[#QXѳ* ٞMNNU`B4➿5B߼P v0@MR6hVWP?_ÙcCum)WT[ ǥ)&Vb9Ip35bͦA;幓#^Yw^V\n # He,1+ !GMfQѤYlZCozyt P(_Xe2~$P]i J(ASM,;<&7.Ĵ25-kaO>4>۸G;R(J?S V"KU~Ƣz@D2UKnQ1l)ڵښ ;y5_z/HGx"./`)K6l:M,1y ɑ6n#0[qY1hWntWKr&,e:^I#P`>GY%FG=c~AA:SaαP7P4LȰ4B%Qmje/D.8\v fCy~{-bz Yx1NP)  3p~f}cU72[َtFnflhY u0xܦObC%Γ42%LDĻqRhgSܼ6#ߊO: &:^cma+//Eûήݡ 5?_s2<YXɳ4 S PxI&R F##'5I,И U4|V"N% OVۓRaE`$>>3Q_l΋ٗ)##xԉfJN2̅e kwQV+\ۅL)OaV`J6|* ;d%g捷T&}|X$Oh B;fe(Gm#ygĂYگmʟpW_6[â"v1y U2\fTEაeLB_򤿠J$r01k#d/:jƶfO BFQZ)ŠP{_ @,nZ-O۰Kh+eE:3x9J}\#DiNգ}͑/c&HgyDbrb~yKR>Zg!uRE1_M >XAh%_Q« KXa7xrL)au72Zf"?-\hWĬ@a6iL0]G1OC~G L/|^ yk6^U tB0CP+]s%Yt_Y-,**@b? }ҫnj{2?!ȐFsR! 6?:#YA)N $c qi=e>WiѠN6btjNӢ3N'S!~ϮؒzJ$xR' Չ2 -tEN@wII5Ev-E.!BmkSxGm5Y`j8e­ƾQ@O#Y%/ [P끝fT{>9bcd7 \gؚBFIF>'IINzP{1O?=RXOGq04GM1~r}6HȣNt:ҵ:52$Sݦo)V/in4qVPqb+ETVpBPs/ {π؁Y2$-^N`C,8h"1gC1TBp\ &c>0Dp`"e9+(Q[M^HJ?iG|~x#|1rB|8 >.,qX6Î:vGAMy,KI$ގHx0w֯Bg֭/I0*.JSTے:gBK#+ˀ ޠ:$jTztNCDOP|d[Y#9wQ}}=zieܨ9FK_G)d?Rݰu#aLLw}QQON_*A ,y/ ^4' s3ϔgkնj+5Z`;.pIٿn-#r>׷ˏei03XЙ՘X8}U@I±~E:Vʥ)JCE\;3%~`ǯ85GzP.ϩXY;wt?H{Hq4f͖Wx˅"f X4'(7 {ҋS&!@W*Z ^ me'lDcӠ~48A)^*r uP4ģl3붷s"iȦ70EH{ x 6L!JINAF4 ҌI fۼSR'|Idޔ2g|]'`C!Dr>Hئ6]h8=0ejV<2`m'pnK.c2S&3I?-(At A uZpa׮ f\6ɳh6H_܂.EʱcI2(ĥ&}Zkv2=]@/=`hyTܐA(³,Ք.[?l< &\HĄ~ne\ ɿ!zEnۺkpQk7f/h K3\d`1 jROH #F!sw (m%u!|#$&@+/ü}$„9Q=O/=Jl%3A$(ׯp2n;y駴<<0I <Ƶu⎆ͅ1/.dhfP"'QMaUK!OOH*:g9:d4Q.eB>"OUoġq@Ex`ۯYLhKjI&w Rv!EW*.;ZW}F)<[uR$gx" Wt>FO&*UÒuu^61svWbsL\H ;1Af7NOew$] *;3gic Qgh0U"ĽoRjv"Fqa9<9ȝ]iE = r2/ NAK-}O][lyB U5hqEG$1W,ҼwxA)/UnV@5#Êly Aj:aX &#ߜmk˰iߎ6C[RUHvB`'|rI2(Y''Qorr`bu⼑BZ+eY)R5ܤE"@VEl;Mٯi#_qA)}$4Y;HޑcN~3+ gP?֑_25*&-ڕ, |};vc>gs{B˜Es' V1BgyRqD;LH9@j|0wW&ôKQ  ܼ9<*$cK}0_/A& eo}:I@+H*lP]#AEܷ 6̨uF13')t3p >= (K8 1TYހpT i?XByQr#7[JՋo88Y㐻MkI&ߪ䭒km}4ຮ-{l qYTR`9_wod>y7unW|<%4F/x7 ^ r-:#Nk 6o>u.hc-qgb[ Uy- m,8p0vnb%"FKV}?WˣTq8ӟ2gq/ُ+`ʘՙ^i)y|_s15<)rl΄DaS?z`ut` ?;4]sԤN-!MDU3]}(@qW4˴# Žb-$&p(glıD+ZB pE) Z/,} $€Υ3,o  <"LAa ]:w5҉xb7c6 jq 3(r;`迪dC` i㿲YD-)'rؽAV1kR q j:2$%"J^e:Ou_ClQgRFjE|,zȸ(F3WC<^> K4Y- %'%}AHri1ߵ:&oO |mz/v31ڢJG4yĎ7h{0CZΛW^~pd:&dEno{ B-R3MַZD}~̕մ(>?EuN8BC>O#)H'K] 76NwGg0s)6$Ek|/;,4(-6Ug%Qd?Yqkzu Q=;|RIWAO:d:F&ԊCEWޤ3ucݝGQF2@s:= Mh3`^bX%MM\!4/;w[c[X4b|dzl֔v"l&n7:VHwˋ҅f4ABY#Z1q@ WM:*KH'?$c/Ҭ>ՍqE˟d:39;Ԑ ic6(kgK,rsF`%>ܣ,:7].$lO5x Xyܳ);_C@4HC-X_p" D!I]h@+b-XĸbM73 ʞ*)?/_WD;D:3P^Jgc !mKrN|l?Pdtl@ ;^ؐ?Lj@p@EC|9-$aĞ0l0lN+iyɹ(߂ U]Y= (/4L8#~ي*ʖah<;!=pG>A{PuM XAL~|llCuEv6"l+"H)S\Aϝ02l7}oļx\h8)'H]c^9<3^`@M]*RNe.'R]Toj.bW =bċɱ m}Pu~G tN{s^SRQ \¾"> /z/=#T%}`mr)=l8q?NBԌNV5 _?׺>?J]2|B62[:9~7Q3|I^8n8eMIIA BoqUSP<@OR蓪Y&߆%x A5%dk9®]~m:sL~.0ڪR-]LqՇ=gz𾜦 EKv5R;<@F xʟD, 9ב$ ͞sTw2;_*ڗaۊu{zC51Ī zDiQ9ܦ.ҾiNcjONxxxvŕIe իUkzQAa`s&dҗ P%&<B>2kW ovȯ~`#RS⧈60b!(CjlKR 4XP)&zoui+e˚ZiBUGȼYSNCGeytՔ9Oy̻9/S\Xpav_GM m.\SHMsWr)Rex1W#ws.ql.IMh ]bΎh11FcumxvX.b㏁yS. ,82$CvFc*2 wU_d+`(guqA DܒX$Ga7X$`7x46>13qI7АWQ*~x>؉K(~7<9 iTvTp0[f' (r2$"\^QȽ*ߟH')m: :gn_J)>*Ӊ$ / -Zyq$ Uy﹵* X{~,k0d#;q5K򕵂hoQ7G54Wuu4.x[dGGnGX|VOzBF؏d;Ȁgi;u-RɍܳDEwػ:tD YbCM~ M*[$; :IZ[B@0da6 U_](k6!,R$<¡J)q eV ^Ι D-BIK!O &'MI*i&]L}l2ʐ6Aar)X~x#1TTXO \ZjDoC3&|Y1 ïΧqtŪXQinDvwCٯO؎:tƉ uYWaY)|{K֔'zˀ1ݪjr*Y;ӣM 6SW-Ya(',* e5Wt yd 3#5N~O,.1Hobu>~ 3nmMLfnEb ^OgC}Hked ģ9|R 3Iw-'EL5eD^i)$m~;)UAZ-<|k~d^P@ }#q` X>v˟!Z[{4:GQrDf5JQ'WV@Sf oGPAxk& 3 sw*OiWQRL64E*ҩB#TzNU@DӖͧr#¢5YnO.&Gl0ܰ6ƨ[9 (xs"O_t.rg»ĶFJpR7 +gP!^UmH:XO)ٿ^{[*6/p} dvEAJNX"+_H :Zն!Ur8സit 9bUuoحqB/#pė5:I'-FEg#m=[e]ZţĄ^dD~H 2D R]H;C|+k-OZDyT;:q#WD: o>N1EqmL8SɮH8")nF9\j!ɿ`Үj6]g0_3k_ONcTW4M5* $^tMĘ"<d¤F5b֘+(5z"ly򴻇}<@?fî/ʯ?r$;sU/zl%u֪@۠d{jGoC_r +E4dGyt%i䧢:{>^Ma5[W(lqS|~j~)%lH6^j0ScCH~Og~՜![S`Zlשee DeH`+R`폠˨]̼޽ +?G뱯8r>kϒr,IsW[C%}Yّbт[AKOwR,p;WOb>Rt<{"#+$ڦ/ 3Pn3i?4Lt7x8Nk&m;;CW|S-r Ot*q2H%`\B&((գSSݮR>[A1$7CC7Q V\INR.q"iPui_pף1sPHs`~m R\–K*h$7y=tڂfId1y㖟z7}b&+2vb& oʰfiuNhz"B&70ebA#(g.nR 5U4yijq@>+4Ѵ+9 ǁnp #M* +3Lvrm٢ #ɫF\?0OyraxJ T8{xf U13FNyGhÏqEI{/Fp ycCC楳~Cb=`!|󧔾p^e mWRrpHjUp[iq%>C=򇀿]˰ݻkj_la:#.(/?ullp?a; +~/d >w8}5\ܩ/X=,:MP@|ɝEd7p24 ^f.oK"[&姱fo@vhUHOV, \Eq83[ >0#ϐuC-gxTCW\Vaev:iDV@}P nN,u}EΒmGJ lpΟ^][y-Bx]Hj.HX1hg@)%]Ĕ_k6DHHfw9S?p.y Ako㶌h55u.'dȹ7㡑LBskl5оb#ʚ"6ď@>OőwOc7kX7`MǣF)R~&]^yAphUprhf!n tԍIi*HܟC[ߊؚ3S4tr,υ4*| qzb8`"m XA`Y-%7hU5OnEcf]s„jN%6.PLWe7أpmx{B[7(1i/m4 ӛRQom~B495IOYaʛF8<1fɌa%\$Ӈ#*MwR©' *kt6l?"&ˆ+9 t;Wӆ P>ز\c,eeUqG K߇薧v`_ǙATfrڧU3Z r嚷 /fDfSeփ"eL(;?Xm6hSU losʲE\+%6x"_alš*r=fG zKx<*ByOw:PQͪ-kaZ G1|t0k=F?ܘQߕɛ1ё{(z3 @}WH) "R 9~ JH~p!IAK| :AʙF mv-/thS4ĝ|Ϫz1}ڥJ3YNm{!J\Hirk(n݉[f8^tPߦ3-8H UXIVHS&E)#7Z|TB̂§4|9Pwg]*hn7-s^fx](Fb)5d' "?5t4N֖O*wq.l-@}s/jqe"vvWl-x)ABqqB%"27X 'c{A?[NL6ti.VpuA+" [o NuP:u\_-l&uoynN׬ɫ͠}?|_Ϲыgh@W3J|N*X9G: wCwO7ϣ3o4i*gk;~kVJur 9QBY(>DozQ])5]ֵ̭3žX#?A@"H}H.g:Q?d<[slW 7aT+J8}e Zx+Z鯅HK1;: Z342 hg';oS`m(,!-^Cղ,D}$[A{뮙_3V b-rC7fKeЪgdD i{p e̩ꚱ p&Y cWQ" t ' }G-e-.,*LLWEmic_Xfħm{}.[_pTˉ/Š0,lNL+SM>Pld?U '}y.x-f`ȸʿ!ji\u $F`SaZaC.66_̀nSk *x,8ٞ)Ҫ/mJht P~ZQLmx&{Wavj!D>rI*vh̽aQN&\WLCoؑ(cay Mb۔aVq4jqB(VϖT9H)bҗƾ~5jPq9&2p2pbE8Zcڽ [Ĉy87F)si5D`K)/_}T6\O a aI/;) IwPdz<`C-$g o"L6IO}5.{!|;y%DYeD~y~J4b7sS'Kly7*%IiT88a񶇧{g x6Mi_߇zaLݩpqq;k5p&H\8/mf]` 1=іZ7l T= Sk&p^ h0 'a|ūp[D~X+.bbNd^8uͬ$d P˭i EBhZ`lƠ'+M,ŪiPbd:n=J޿=SFkamw_:JNT*cp7fG>enwD? ΜE54]U aH(iGZc e>j6+ߜLuD~=Gs&g߱6 Jxi`˼RZ)t|y05ʲvynD&#O6\N+<*7!SN X= _`UeK-?Z!uYDW^"b•Od_:watU_] 2CXz,qK.!Kzy//[:}VX@ne:?&`K5ʬeϸqY:RRG7^k< V(^ <9y3[- 2 FfW@oyFg %y¡fBĈQ 3VWI┢ N{ELV='v'˥i&rAb/̚,R2'vlU~o}n)#2`K+ >e> 2pȝӊԄb4c@i*\%AV|5@2 QᏢ2-|:#{pY(+!nKtp@1R YTY1,$Dv.B / ]k֎`2j_؝X)X69zU4e(}߀yѴ%ě1B5d#5 =|k@0YZ@E&FvѪRG}TMb3&Ń[DRQW#$YuQ{Cڳ\. 4`?/]9L3%A"G'?"XUf+=d,&M]Wz¾vMu3]#i`(;}A_$#j]-w!ݜ2ދ7]&bGz%g})z7ńZmٛD{H0jqx9M/ܵ\vḕ5;"ƭT^s{A!/lk{?F hs`q4x~(,eM՟Jd#ʺJ\cmo_q/LrN"Jh5tn e9OqrF%?3_M%P*&-LZg⡞a-r/e%:hk{F Hh ܀o|٭׈T1+0wdۑmf=h\5"L̀+g ( P PLtÚ:![hY3[~BhG.-*ՁcwiHEzS\p WaJG66%a%񖝕돲t+^-fu J07?+.zoAjUjaX_)O {f[iWJcB4/Zˎj= (Gb@c\ˊV!߽ &IG58sa0G1d`Il%0#C9!MMs^&ܡ"yI)A[Z 7p)Jm2Qq^܁r8Z0x?z?J^ƧX\.z+K@2wݚZ*%7E<2$ =%f ri?-AL;'Ċ1Ů(@,0,#HxC$;R[wl9NaT~ N1wu};x}gK:e ]yZ"zMK&/dV9%\ˑ,5!JbtPgTdID˳zXBnl_E%+uhPK%(B4VTHNQE ė@pWD<QdyrjU(v| F(hPSa[;mu}:ECvRѯ-CiSAIƫ𧧻sL-,E.2Bo+yeF 5ObUqT\u3^ީC{U /59e[ sr( sH} fXAŽN1a,GêH'6LxuFzh.ĴJ )I1ZڏyQƾn6j"#ʿ {0 muPi%[)[-79AFґij,/EQΤ6ԃbrٟT)g"cPXwo Rر6Ep}ayX]\xۥ0٧x_z :&Iݞj"%J(\օ~ۛ 6@ LB ui %&!k'2ґDd8o+3N-GM<@W6iŗTSW7;fd:znq W.6?!O}UKX]d8ҁ33pt*7J+i06^-DLf^8Lk;4h!A#Ob`Qr÷!( :h</$N#Dbi ƈ ]X!n.ZI^9 wB27y#Lgm W8f8h22S=0Hs,IsX:f grv4ǽ?='0Z\9Ʀ6)o?olb{`G"3bRz1/v9KUKlr}[c nzD$¸!ω Z>bٹ"GA ŭQ믶 QAV`ة}ȌE*[8KO"=RZ߸A"M AY@}:8ڃL %n[Uhh>@@ )$w{c\\#lA BS,rP@X`_'IWTeSԥR/fKܕ =uhW#-%_vLR:)X /`}Y]ǚT.v SʜBl`9}crOdxÈtBb/lCY1BVاO~|Y#itȉ[VP.}uG$3dK?:w/[C-76u*=NErtRΙ_nCǭڏM۾i8MJ5GNe855}he,*66B(ⅆ(9 ; s14[OT`xo**9;pQVnLy}D^@ \wCvN3~cE_(T@G1G*ӳ3X1k\$<%= ׏ioG/:/V$ޒ8AL`eC˶CA/ڲW!sȬ ;NM&z[_%JS(I*ҳ[*ћM&re^LyeniK!ˆK`:¤z޽:=~.-h?MQqqPn _%qSTUU ,eVcCTE {l~`"+)<$awϐ쎅TI/d@73ƦbL |} oiG-p>صzdK@Z}`GzGtrQ/@rռ,[*Iw ʠ΁/Z1Nz? WnH%3W㍐n볿#2$o3oZ~o3XZlUm0Z~ajNXS&$GЯ/@nqnFL:H72c_y\Vw]H9 !o嘹}Ӫ#&EB=K[*) s"<+%VF(Q0~=3:@M{71ewRf/,QA\ "}4xJ9!'\`-'&ي2E:~B©f{gK\emJB싀/@C(7 ${l@Z#tmrbiC7 f -`,jaRQ@n&(b5b6'ѕFSǨAvf=^:ad hܹE…:^dJ&"3qq@*(0Rgk@L"=2j tzL DŽ)ёzqj)&#BYl `ˑ!߿x,: }f-kIt\s9vrt;! qOYeM- kC$F sQ#پ/=إ7m7lִ١04~xx:ϜyԶM+P39TQ0g+".`Q9H|/@ƀR.֊9bY4:WV9-7nba l~- j">z3!h'g IKeηB,k?2Ɣ$?[  {9oPԜ Ó`f,,рťALq|4 `[F~OmYg}wCpsEn\`I$ױjFjdH eѪX1\9l.įB{k︩jw1U5+o4jz+{#&M-~+pgt/ "иꢨ(V;vKK' By.l,;NS2']B?JHGw$^t1o?:Q7Li@oW L^Q](?@dDGW|KbKВ+~E8;|YU6\ۖ'x&'!ㄏL_=^cr7 וlBc7Sq|kmx˫50oVHh/h}sw4ĉ?2A\'tt(Z斶=: ,\y|FVw(r\G\^cl"WeZxZ#;Dq*U@0(v'Kd܂\E St\nu.,}( 3% 1ΧCuף"ao :ߩ%:imBJerUt[X>?G {+B.XGэkN~-AtB[-.MTcB{TFiN%QC00RZ݃&qāq6,87cqիRa!_mRt ;)^jBN]K۟sW&}*qe(R:(Ҙ| SV(@F*|PN/E LS .~hWf&$ oZoSypr;Jn]/Ѫeяcda DB\3ݒ}Q DM.Y-~mN߷1{@-m# H %@("LKQ&Zmh|$' \O>Qna>>jʡL-aU>PQ>]^#mgH]uj.wVO=fLsz(tc j"C/u$2)@)MC2 CZoRS ϚF d4R87E khF.{,\~{ -qy<7GMyXE23o*G݊.⦄u<8<( zC Nj(E!KgO{e73pw h}RZJ'K%!b,,sS>$}&Ք A>UiBXGQ|(7oRZ6ڇuyB b$oxXѮ䃟@1D줖^r}Cf~nS .N u ޤ޽F,>` qL!8ƶDLݣfj'0tღ;}jU(c-OAk3!WGҩIɍۄӰŽwxh2C̚ t>&_7[ji[gs.,wƾ g#0n:1@_bAj=5R*|cxZZ93`{k lmdQSݎdzIp"ǯs5TbMT )z88 7ubffuEO?lynωim\i ztAH=tКR2z\&{evcͫcDFvw[)ϗpO80S֠v/g70UCKp]C>3؉* -f(w9Z SGlL5_À^fŠ.$ݝ'~S/ONI_OG (Rop2+P nEÙ(u?, ԙ=*/WXSWo-F~j5ΌXQNè&kQWo5UG1 bMʽ/8sw#Y_+STޗ[s4kXk.,OtOh_ dSsؽ޿)yW؄kv5Z纗V,BetYU=؍ҩ,I=jT  jU[NmqiA(C` !7} AL:r l^&d7Ҕ8{xZ G8 㡩zMVSq+HoO#^nH<՟ ΐ"'U+C-fOJ@Mc4 [͒=^VSkDO Xslwٔ¼W%oz 0AgIaw&B*~DqY`bXWFFK#= edcBKzU^%{&a~$wiru_Xe)a..4@r@L[:RЬ%~݂!Ó bHJw[ꊺQQLpLT/ʣwLD!-W HS}mu뒍kkV| L! 3Q& 7mBg;t"u-ҕfWmd);^+Xx_8h x/cVzy3}taX}Kڐ]!p;ncg6SWeEԂxr_~Wao$Y:;%ROD<;GJTlG( }St˸3@8y4z*L1W8Rُ 6؆JEn&ot@h9+s ꑕ^Hg "Cρ:4,xم4=H Ǹ}l\$m#TK P5@z0sF){-=cZmO@eh`X+-mJ 0y$a`2w(sI!W^ &Y{Z]kffn_;TkG66Ni) #`!;UxS!$;mtB,e~oW,@ Fy]9?opj,F)xL2Џ1?9S4dAt&|v_ ?,sWt鬮Zb`X@0 y0<t܆wݸs=8"~c&|bځSж.%8'SS"n?+jP0E#*:>EG2c=t{t;?!̆<ӁmiW#1}ʲN {A*RkRV/6!P6d-*͉u# 4E$=ʊqyqNE5"Ҁ8<)h97YʁU R$9׬Mwx91TCiS gY *CKVtڊ)zDWL\ūyU24W q< ' LRzI3#N.9A;K,~#)i5wYOCت3mG)]ͺrE#oӋdH0au TWn ~}t[TTn` Tn}f~!)KC~]@>fYe2i!ec 6,ul3:ƃ[hLȫcSOMm][_Lʑ\Y'W7{cp~bOvJ89稨 ;Q>>X2_>ʊW=[ihD!i9E ch)UW_8Gh_F/M&zX\ʑX5Ch Wm~{.  J՛7ӝQ_CbV?p൒"=FRz<_ӑ\biSL0놂@Py,#.=W`(RߏYZDFN.+֖͑QﰶJX5\ľlfp]0DHuܸmZ<@fLYt]Ŗ@vi-OF"w|0aW,L(!~l3(7)v(A':h1+yc<1k5[ 'do]7sBY_,ŦhNuG& & l+7/|/7?Fx IOpdbCPtˈvЌ^Z>Ω@&A C#r/[fQ F[93*f`ʈ[eԄ%BhR@*~=lm !T7Y ~& -!Y\|X$tݿCa3>Qn(d^ ܹA--L*ӛS0:{aֹmB*t%~{n}&f|YzchN(Rbzos|+Hczļυ`~qad@in}?h*y52C2?uA-d#FwYDg8:khG3vm#Q<3-qwk-hϟ>y) /bw4L*9*$ KjKMd!z> l*swR"8#ϭ#`|'g= Hfns˾O_yX>t|(5FE\J nq5e)ʉBIl"UÿbvՏʆ2 yg9#vvuvDk) ޅ- )Ԅ|fZE#Ɛ"8g hc<eIX)b"tgUðvd ?쩜o2_~ _[2,:c߾,lR݅୷+RBU/" 2t 5H+]x|9;nr$/wѭ>e9r[M*f=Y/`wģKJ9_pcqDgc Al1}.Aucl|XK.e(W׳Wgԟ=LuBbd:߁zah mJblC;Lht~V&V*t ^ =f8ީA?)M*ih?drrtle I~ScrkQֿAZq=uM`wc[A+ֲOswIp@[lQ-V+6lI;k{ b&MWc *Mxm ph\m$?޹r4tgKsͲx@ S,!rawM1FWj20r4>M3_0Dxq+,bEOTňCOkM\3[ `jeHXI9F.nz"coRD7Bp{5 g*cʁH|@~(nԑb{t0He3[L^ BdJ RvSש7+Fx&=@<:;Ͼߑ-N^X݄Gsԓ$zTo8w/F222HZ ͊l|kb8Χ^6 @qU~5^ԯT\н^N!8UCŅ&s)ujfyēw%1>b7ÔF(Zɑ6NQxy4)}N \ Ezin Y8Xh*Y!&?*WoE Hxk"OnM~$x1X3r_HV} Pth𣹎6DL!"3PdrZ.u>omyN}x/#Z3'5&v^MEH/?-bj4˘QYnq1 Wm,X+>26+2l$ʃ8%2hupnJ^"yYR/o^8OX+S qXHۼ=9)po2"^Yt7; A9?X? naQj[k>ux{[gh&((kJkX/ :eԡЈTΫ@N G|P3qRB𹣶Y%&unӼ+jM4JU#i-[sM\AEa0be4C@>vjh`NbEb xS $q&׀H ~N1gMi2*CT6%R<Z=XfZ\UM>D?J)CO[L`Ia@ y_!Ь}%WqڝiO_\y@怿%QL͙IYf>O+txտ*;q5F2?:$nMrgc7D|[~2 d Sfn}-][3DZ NqzWaGZnp$&iu`:/x^: 60ߝ`.OSU_E9{MLSR11頤h=+u(hLD#FK(u['҂mJLv.W5׶VhK&TaLaݸ3kQFo'tʩ!%2Ҽ8O.yUh޿1ۯ*rg:h$`W\; 08^ۿo0)v|%; fsM&+K:^F ?& vO6zHsX6`zX9 'd [ Ԧ_?#fl{Xzp` j %Gzo.۴{]sf˽=eC@W"rg(T81, |O @SbqFxӽm4GѼK /M:X7( J\?nUn%k ;V~ǝa!_f_'qGia)^Q=qhjq-*ts&/>!(^Cwڢ3WSAFNHf+LlW>hX 5KaXVIm.c+ևDf*5#nv$itqqw>>D%6dyPn˅͘jHiY9swż"\IF81Rix~D(/F#pÑC=s)/./%]Bp1:`a_Dke2ggn;<|&mm?SzF΂QD 6y o65^ܿdN:j^ףD< B.tv$I8OsHĶ^F YZ