pdns-backend-godbc-4.1.8-lp151.2.3.1 4>$  Ap]J#/=„` m9%] w,zwښ adMAFcMG|taiYhnQ}95ɹA&?Ėyr"X0O5A ݳ(FNH ^̕:3%T3!q`6=MSAM^2Λ ͖*H4຋5y!Q< d=WYDw9e߯i¢}W%Vׯ3=?AR*kTiLA{6498d33bc2387d86eb8eae71b1a47c159272478cc9fb0ffc7dc47310e5f3b9f7023f2788e089473cb76efebe3b8c3f9000d24323ΐ]J#/=„M=2-hiA c4ma=08$qR2k94S˹AEc+XgA tA]ύSeS98" K-s +)` 0@6Ca6[cCgl}:9eP'v>96nlK*`>p>V?Vd ' =  2Vpv     P(8/9/: /FSGSHSISXSYS\S]S^SbTcTdU;eU@fUClUEuUXvU\wUxUyUzV0V@VDVJVCpdns-backend-godbc4.1.8lp151.2.3.1ODBC backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the ODBC backend for pdns.]Jjlamb20PopenSUSE Leap 15.1openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttps://www.powerdns.com/linuxx86_64P]Jcec49ab72abb086834df11960f1eb9168f39c6d9fb35e23f39c5442989496b1f5rootrootpdns-4.1.8-lp151.2.3.1.src.rpmlibgodbcbackend.so()(64bit)pdns-backend-godbcpdns-backend-godbc(x86-64)@@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libodbc.so.2()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.11)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)libstdc++.so.6(GLIBCXX_3.4.9)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.1.83.0.4-14.6.0-14.0-15.2-14.14.1]A\@\@\@\[[[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Michael Ströder Michael Ströder Michael Ströder Dirk Mueller Michael Ströder amajer@suse.commichael@stroeder.comkbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- CVE-2019-10162.patch: fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) - CVE-2019-10163.patch: fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163) - CVE-2019-10203.patch: update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;- Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.- Update to 4.1.7 with a security fix: * Insufficient validation in the HTTP remote backend (bsc#1129734, CVE-2019-3871)- Update to 4.1.6 * Prevent more than one CNAME/SOA record in the same RRset- adjust buildrequires for mariadb 10.2.x on SLES- Update to 4.1.5 * Improvements - Apply alias scopemask after chasing - Release memory in case of error in the openssl ecdsa constructor - Switch to devtoolset 7 for el6 * Bug Fixes - Crafted zone record can cause a denial of service (bsc#1114157, CVE-2018-10851) - Packet cache pollution via crafted query (bsc#1114169, CVE-2018-14626) - Fix compilation with libressl 2.7.0+ - Actually truncate truncated responses- Update to 4.1.4 - Improvements * #6590: Fix warnings reported by gcc 8.1.0. * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof * #6685, #6686: Initialize some missed qtypes. - Bug Fixes * #6780: Avoid concurrent records/comments iteration from running out of sync. * #6816: Fix a crash in the API when adding records. * #4457, #6691: pdns_control notify: handle slave without renotify properly. * #6736, #6738: Reset the TSIG state between queries. * #6857: Remove SOA-check backoff on incoming notify and fix lock handling. * #6858: Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and geoip_id_by_addr_v6_gl return value. (Aki Tuomi)- Use HTTPS links in .spec file like mentioned in PowerDNS announcements - removed obsolete 6370.patch - Update to 4.1.3 - Improvements * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi) * #6130: Update copyright years to 2018 (Matt Nordhoff) * #6312, #6545: Lower ‘packet too short’ loglevel - Bug Fixes * #6441, #6614: Restrict creation of OPT and TSIG RRsets * #6228, #6370: Fix handling of user-defined axfr filters return values * #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) * #6654, #6659: Ensure alias answers over TCP have correct name- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-devellamb20 15651828264.1.8-lp151.2.3.14.1.8-lp151.2.3.1libgodbcbackend.so/usr/lib64/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10740/openSUSE_Leap_15.1_Update/4ebf1031957cded3e97a80f9c9ba6025-pdns.openSUSE_Leap_15.1_Updatecpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9d894087d10b6c6241cc6d5adcf4a32e6b29c45c, strippedPRRRRRR R R R R RRRR\óm_6utf-8ac85026a282328a11e317a363233c490c176572523ae20e1efb228d90b957fb6? 7zXZ !t/_s] crv9u$)&P~m3h':|4K7Wy%B61łh옕w]|mJb a 0uZ.v" GJA2RB J趙pTiWN#$7H5Cf~p mR*o`ȼ~'4ky$'I`!*@ύb8U Rk!lD3`r,!w ޒ̈́-ڸ3ə`!a{+7[Ѹi@.= [@0rD 5^wAf5m7{6ө`@e#C7L%XHzn1#F^:[XM6L0޳-޵֔|/w%7+DNkaoeڴO4"H3+̟ͲTMsHEDF=g&eZgnHnn& kw @vva›|( ّYYo) L륿7`(8GؽbR-t U]{k`}4.<@ ERg?9WS՛\'7'_Tsv*](3CB Ԏ}f̑w y v 6_&[oIl'RcYgl14)S$q-d2FB2gm^#<NnАZl4% 6&|CލV<WC|?CYs xQ !菓!%>O6fiA:ghb2=,JiyK|&qİ .}2CRMTv=!}#0ƈ-ѶIAQ¨Է &lO\R:ѮݙpI5Ǚ˴xE7/VaVe\jdw BGAQqjR6P1Fmc ;4*>w.cjvBGhK϶7 #ƥ¦v2 ItO 繥YW1۠Sr+&t#Qzeh== 2އ &Cgiž~DBJ8ȠH ?vȟˌI,wJALnOtR,N4\'uԷiCx2d˒wa|}P- bhG=UNV@ǰdiē $>n[)kg^p\~giA[#ڄ_ٷB_3&T x/d~4]N"BD@y+ !=[&2jdgЫsghS`__|ٿ f.jpaf5y^ȢOwy$\2;m~Hs{y|>&wWrenԳ dnSl-oZ ;0Bu:%1O?}Jżq⇷SVoE<`/f/V F}#fu_Av~6Fyn3 . s/f+v Uٞho'sjv-lG>Z #bգ]AM1쥃jJއ}Mk;ݺpaji>^^8X!!'>u ݣ.Az ᗌՍ'1p2!HŚPkFYF7QLX {xg)?7BwѡB]SJ:Z v0NoQ0LUY,w|/&*/x\4bn4K%fE~s&Il #-jIp gC7ː!hyאƞ:\Qu5@̲ƹrwF7=MV%1qlߔco!lcFJ GQI(mG@9P5Q%z.@uT^h6Lh-lhgy؁##dž(.g̈́ʾ =X^mse[9.'f’ S5v:I;:M  RK@JM!oNv?H9! agM}/!\jo-5 DU+Eb[{+6q|p )E?ՐSk}έOEYʧ:5;$bHw~B1uq'o*$%VX.x<߽f@z7 WU ; 9"1#!x򌺘P5wCG$ 5k Po0e>quJo:|:/+Z {+[!-H/5:'rk!x#+Ϟ9sI^>k>> RS P)뎓񼷨6Eʸ6i<}`l:fNwBxx5<}PX܋!14l[׳~}d4y^kc) 5TlVq5gQ 4.^t0]H|֒ƽkpEE3bҞE{I q듿 aQzE+2i>$l ?j%65ז85p9unQ++VZ/x=|,b*ˠÎB;#<׻җ*G7R2f_UλX@djx>" ᭿ 댴b,2 ~H5b^v=w105 Z0]^ W0jlAPfECؿr}l/CR0f=(P8+`0y9ApEee51Ҩ%5q|@͞?^[5+"AǨ9}ցGJS6C_}a-Oh(BuMC բQ@$Fv]AE5WAfF<#]>nLX~Sk5wRݟ>9/qދ@c1,K}P2&&8_u=mkh?ǣh;:k7W@0 xDޟJ, $93(q`|fY p*uZ3f) 2^}ɺ*:Ǝ"no9Qv{*nj_(WGllFr/ep&aK 3vKⳓ~7pj!zxﰯ \Ԇe1OčRг N  ϣVw\Pu\V&>ZErQ˼ޘp }qzSetaI 7?n#=i;nx ^ 7~ _0T a< (ȍ O N`.I2 e _386{p9dk|2PlT')ߜ:YtߢNz+.`tcM,Gr,`NTػ p&|Ӫ8ra +]1">  ݷf<-9$g?1cE BaP<NU`&;,ѻG EJhf0Zg!ZsA7d3^TތGDd_@[0|5{"36Zrl9/#x2ֻ'):!i̠U @8ΐ]Th?)3XW|SP Nڇp0Jm=YGٛeiz*zsE^\o՝IF>3S D޷Ϳu9gŒA)LmUIs O9r?gfS,w'#-1$$wa"#^6^&GNǮh5UOt X<ax;qhl(#M ˼D"`~/nt'Lh ¯%BQRnݘs&![bTUN1BV]rUR])7aW\SXrk [W;f\]X"5uUI6 9䜵6.B pgo|뷢Wq i>1 ݚo[4rZab+`ePKP`/zsD@H!S}I2=B&fd'ҚJ؄NSÖ(_(A$g:a]o` ɇ\Z[*uPY@,vEVp'͎5B1*ZZ%jzýq9zU-yV  !o\GY"qjkXa>N|lC4/ql9},7'ٯJxV=go\2WOK\tp/mppdfuR8Ep{brWL9ǃPҲW!AxFP[ .TUW\ 'PP+V*&b&|nn ֤w)S8o%MqMTw݉8([񅏤Okf;Y29o7fpł*mv@n㩋.0F8`\8O#,[8kͨ*syiMtp=P! `pa-#ΞGMơ[󊦗i0dkpR%xmb=qsFrF f{9%P߾y r0ֽ/Q:^:箲"|Yk y"t v;}+C L_/pb7Nt!m~A8%-1O/1 z.Y4N;G~D1-R6Tv%z+L#.3*cw}j')V "X2qn~dC;`<^v2a.G߰o/`31Iy^} |bpm?Uk٫s1h^⩡ΊQrӚ ۾Q?܏~,gK 1>3yN_`G 3Y)( 7‘z湛涀z2\i RȻ@t)m]$E;'ÐarӞuPD+͜avXCN%}ioxfNԲf:,pvRTT+پ]})h9 Hsך:jaS w_[Q*нLudyK:n."?,t=rw=etw-k1HPwߑ!jŕ ['b83t T>*j| kd #\]jmcѤ:;eRsD3%0A:WkaNbg_VyUV)ܷs#*me{?ӕHh) q eWaC&/͖l #kaf`詨0w2-J}Sܝ칆HLT.ؙSo&"k _.;%nӇTBX6@z4]'NN7tj=ҐDZCp2^agM* WpV ~Kpu[\$"P T64\p˭)j^R-闫W/5 ]vһOsbˀf!ŸxΏ4TfDt7\y'!nr-O/(,B=(5]t{J8XiJɓ#kYB%ӓJT\^m4;߹T>=aBJ btz5HL8g8~\6Q_Jp"SҪ yb=iTz/0 ǭlcaS nX=yupYx`&_c|=y% .1GG`[.oGj-KӔ="ΌqWoeFfz|@X¨.0913: 6a _l(@\b싁et-ހHP'~ZsAؒsa]W-/>BoM ',bE(N6)J՗?_z9aSʡU[Q ?]5h4dTM^|Uύ;g/ٹToail =j ZPz[ho\DMN G _pHk4ksl 44cHB͆@6G|g5p|_ VBb$,+7UY##̥/@kEx7as 7Q+My̞>g"+ᩢYAeP/"n4-`̽OZa"; N쪟EEOXA|?>ޙ .n'yi"W(/$'!S5cFV2lfJlZV2ń+5(,?JF3ro\2o6kTJ'ZeZ8of^u7؈sys]'ЎXX{S3N"B)Xּy)kH JeȻ {}g8%7/j3F;ZH@1OTw6<$9ojd-ҎR`r^4ĥ'cٹt@&f%Q-wJGD&4LE셒Qp$OҼo"K.EN}%e,/l<&w?'ElCĴ9ϼLUعS $67Y5:{0>AABoJ^ ӳ!vHqk + D V8D4}Xܹ@ZuYVTJ^6+\qn3JScXA_&ƙ+nkjct S~}CLٿBr!_vΏ/[ħkt>љ,a@TAɲ6R [_1kWpedC\}|R&G[ǨsdqoBA(aF9V) VZke;_.n:=bo(8&~A@i 1kkо  ROaZjֱ,Sgti mmҥ=Ñ?P 3XzنJ)4.mHQ \ >PG/ #xiZ'=&zMZyv?X\oDA$G(̂7ϴTۋUHw;`-A 8W:%Jԯ+ߐ!+5n>^ĥNnЎAXW}bPǶ%֞|F/mXI6ĸ)\kus,nY `.䱭pi1JYߔzMza5y4YvZLbYzglהhЭKE`R+( 8G'¿bPU_rs>r޲'+4[3CS,+~_,Y;I:8fh6A!zkZ^+;gBۢ t~0gA`v\xί3nFa](Q? ʴ>ϗEiO`j@!7db;h-I:!d{蓝7]]>I3 eUos͛(n:bέ#`L̕a e |iwCTҬD:kkaqL"gl)E;m XhUBYJƁO/RK"AS>| ih V SW!6:oj#t"pBD^R j6Ї,Ƚ9Uc}k;K&e[T51gNڈMZ%4'\_t?h]P4Ji֯5K/[f35J&T2 HKʌ,ldQL:l 4uCRWM]KI;.&B`M@8kX6t0z00548>'n7CU Kqbw3]7@2y9)59%8o+ҟ+7`;G C5V;3f8t~+zF; 1I;jx?uLCb lQpZR"֠k,PٜV¬Gim=-S)O2N *Y6+rӋ*dGD_2:ce$',BAn\ 78>윈П {]G\N["G\U]Q5[ `d/t cV|]0_dp"뫶mt; 98TH||z_O'B&c_Y,o7i~k-#Pd{ٔ2V:^_(#whZށ 5('q (͈J\7Xa|,N;Vu0N>^PUb"P3Z-O9|RZ*W vT0OѦO?(/devovn /VOTm)G#'wihe?j\ L$b&"rژu%3Ž9"=_QxliP`q9ffWf謧IMa<բ|'|-@fI{$>ɋ%,eC &\Zr&[FuKB(X ڵSy׵/?'WoAc] o~ 2PbNF|F)tI7H\?9aYRxG<; Q~3fYT 1(?:1z:brGF t]T58WT0}11ȤMal/KYVUp532( ~J}hsL}:i%,l3=-z uS d\E` n]Zº]lfى@GwʴƬ ̬r@=h:wQK:1RJhyJ]BwΝULԄx_q>_9V5Co+t֠4fJ&'rd fU:'$rKe `~#')ʏ_Nh&)G3fC*4a.}J"+.c]=1Bau \q&ϳ<s`k`OxxtcvTgF3m\IϧZUMa֚x/Ϧﳩ~8~iDc շT ^D}l]H^)G"mO4nCMeնԊNW}8rk՚oCMQnʅg,覸 q[.B-_e=jWdN,yR_p\̈8 ikl1_@tZQ0ּ8zN|;QEt{ qDˮ759t6h쓅ce:nJl`=&QW Ni݃YJqU kn@m~K?\Wmj S %Q}q6:fCsYC%CBL4l7ГNO9? Ѷb>^;uf2) F5[ \Y=#8g [nsrR:)hސ炟ʱdv@F j5fTꞵ B @"Wwޑnt ~KqJvm2Fݢ[fKjg0gic\P6? ݳ3=ϑ7 .~/!Ӿ$}`0+$!^!ϧWΨDa9yzQ6=XGc.c*{:|X'臈6FU P_ʴ*m.*b =^()/ź@ޟQ$cj,Q y3%?ˍŜrFNp"2I%ۏh.^Qo9Ȍ X; ʹNSjzDfJ2j[#7) @ٕ!ކ_^x\҉y>Gqz+YuTUS|Lū2ޑFl:)u鸯f؃Y57{K/Lmﯷqz+5}חI1G q,CdK y$oE8xؔ60d_IMCoK XQʥaL//{ y H-CUŗuԢI5Cqr-ZZGOٓrVʖ檰m{1t2;SK(d #a@Yks@wͪ}8wPS>w)H>,UW>on8j͐u\(?#Œo>wF{ G"v8VH 5958F=[{myzlxm"Dj:Ǹ]ټ&Y0l1ڽv`_z15/42 N|u1 sAD_s:@u&"`hT  ǐWע X4וLI\Yk`a(\,:o*@2! 0,i BbMq]NY%}4L_,J@9^ j_8ٓ}?}@KcU$ `Fà VZx@& lN:Ox[?Uaa[/^gwX#8J)# Z& # e^ou)S u4;T| `W HR. 5EĂ{,~O_J4|YIϳJ\l[2VS|!8|êY`s$M:ri< qD[gA6@T7S==WBP8<0I[&2Jl (>>o.`%URpW"1j@5G;&I M?VlrZ_)s}[84}"= P"JE:)2ZOX /W{]_ѪЪޖJS*KgK6uvbC/RVD!oxߎ9&/=ؼ!o_.R*<˯uL d>f#YOlrhkHt;Q}CL| ԪekS`0Sg%rA{2Ak)Bp-4+nr?z*A}@N #9 XJ]ىyIrq*TJ rw~OPFRGa4y2+( rueUVA`l F^,B7R {i,@G+q{($&kh H1c/ɀⲈ;Idu7w[`DIhj<jOhI1GXs[qwL͉Q3m!V=)H7sz\AhNH(,4e/4@cWX+`` oC)C?uZhl;pctk^32]>'f՚57ډjMG_cf;4BQa}8}^ɺAƈe_3-Yd:#5{Tea^L#ct`=kqrfIקF Oș\Dgr[UVUٕQ}ҩ`j=pvC]e6n`NOg5ߑWx=P.I {ji11F7Q&k+/`Aƫ)BWĒFj>·Lq'5XP~~稖KVIJա\Ϗ]c]S7"cIDk5p`. gMxC=:ݑu]n\o|>`+f[Syש~:|1X}歑 J )2"3v?<]Ov#C=J8`LF:% dDs آgQ:^^mþiR+ԑM `ʘD.џZm+>ǫPļk5eYFĦnDRʅ&C 󳲸- cklpL45gɓ!Pv{z)3Q,WQygsK_#[a`h nh|~SD}&r>9ƽUgSfbn\N =PKF΂g2)W;`2 g5C- ^ݣG^}TDɖ|.=몵&nZ28߲_0 H:3.RZ"Xlrβ$FʫH?F5]ϑVgS~rQR%)o Woda"uC̋?7GU#g9<c-g|\J" XY7L:WF/POgNiOijB3oxHY#vCfS6 ŸYˢ6 y?drSFBlP  {Rj= /oL¿K[46ަt.^'Ta"7XUUf- f*1V[ɶ/i:9A'vx$Wp1٘qfD} Zy}5VS,Y_*(vE]ZAepLnrz<踠 ÌZF0ь C&֔E`4P^XPgA>8;FO.eݫW)mhwtX-xsBM'jXjibGe.SZ֣b7DCm4JjvHeՠPR߄{{cڭ"VC( t@B:A^#!Nz Ϭ+MRE?ThX=G^+N9ĺ 1-8$|48TxAq%tƝxEz}o:E/A\!gs^,)̊ Cm›#:-Uq:1ԍa> j |sL$W|3~YO&Fiv(ݫS80H> TN>T3QyP:z/:KD \{/(DcOb,:ٺ٬,1NGʏ=hzԱrSPfqJa. @7!I?.fG +(͒ʶh41Coki4rqɀ?vཟyK1? 3hkNCМJscT?ЎK.E ,@"|*o+MO6~Aj.YYhOʋtAxEĿT+ᰊ+y]sKqE,2{s*F,FMЯU{Kfn:@A=4آG; 4v$2 :ұysLoGDn2ɬ%wع=ɵɦC9)dtϡ[x_SLuc$jzX)qF#.]gÖ)NMCu ϡ zc 8e- ڔm['>nRoXFT~>DG$OpMs7fC*CS&w"`:NWt>9frx )ªzdͪ3!썴4SYd sFWCEVf {^pm&Thq"GzLn\I2uQ}w1!y.mcwUW^N2^HuQE=U;fXcz{VXT}/Tgk0;o }a%ёMxv .oCΞk\.W1 爮g}ʑkωUBdTE0a%֞P탛: 36ЛpF :_jV\j!|`^V&R3֘eZj] ( `׺䁜FIcݦuo t ͍&)MUCJ,:#Ӆ_YOă Čg|,ϭ:Gu@-UEޖNGe~O$v#T8uR.82hޘ3^*r=RL~:qlzaiH/aV ( H61Y]/#Ta5v-Fok0|+%{ X%2i(4ċ0O&1 8 4g>_S:<û. }^*mMįU]waFF ?DR` NÅbc&V!wr@:| RbثDAtW@T→H8Iӄ$hUn_ N m_QaI,A$l|. 1PWjpaҾb&\~xςn4$O*eXC9h؇SVerŀBCj\v WD.ь;Mѱ}iנ}C}2xpc3d 9.; ДHmXA0߹o1/ +-2 9>S0MvRP "/p0yى:$:5 ݼ~m+b0I {D]]Y,tdj 5ПNɄ44M~aغϏ:Dz%6Afkٺ{m^g\;Δ͎-uy1Е\.c"+- 21jkxeYx+Ycdע3섦-@5 Ь*tu*PW)WP}Ȇ_s/_r8 AdȲN7I|Pj!0Ky*@s H?~ǻƔGqDSbkGj٭:LXax{CmPx5c+j!, rQPsܽpw%k3u"9x\VkEM#r}{Џ JrׇG%Pn[O7bm[byiY%y]֗< |My>F$ő~c `F"jL`Hwd&rIs)"A@) /BC {+f&?GۘxEO)g2+Br1=Amj\.Jm=ASMN_6 X&;w1>@@u[͵ J h_k}nkvwwg74-f鸃ԍ2M?Enh bs}NT:S2^̏m$O]yVРg}V Y J1p Հ'$+Wቌp.{Y3z=z[<( &i W=VYyyw{>r_r ce`fF2pS?x8I, jphyg2BlSꃺZ>A hxًg?0U{8|dD ӗt9Ltmkd} ?Hs>ȄPft,>D4XZg{}{!A͗fS(Y\eY|_M^|G*-VbdYNjX)u?'tR\'7[0»2Xw| "-60ITƢAƇk~Ց( ` E;lu[c$ս%#J_iAcw (߱p E RS1!%'V*p,Nf bnNЂ-j_?βxOZ }d9uZBڞIZxA*:b 9 B騮*Ox*(GbdЙ6M@̘[MJ3vX,o}rg穷wKNҜc15贻`h<+J[t.z!Rny H~,黄C k"2\ Z{:cY,_ B``E JJm42ږ-F([Hk{XwU9N7 F=<J@s5H^5v~:b}qRCֱ"UW:M\yϩ5,>5Bcȩ,c3}= I;X Qk><";&PC=:l7홈n𜑆R&B MpEV ai ]4lԛF U<[ŗkYH&"s7kgAeъ}+;6(c g#0b q!$5/ަbo8= EK~i{^%ᡉ*Bo}=Bex.ZW*m @B߼d ӂ2mg#\ZQo2j/wKY Cee0{'9;C޳VcF_XvOwOX)H J!Tv@_IAMδV\=oοk6k*- dZ l2cΎ"'ׅ4L~[>VMx7t @YpcD^P Ze" ;͝8ޣ= c˺E"iQ>p_T ]Ĉ\[72o)iᕩP=yyյ,llzv[C_2Om|Am}Cח-2*GAM WH+88FIvL^c؇M$ylz^kiYFRÊ҈ hlnb\z-ltPH7] RpL;@.$ZxrǕm1R6qMڅS-Е64p;pc;YtNt+۫WƩ3n$?; E+vcB=r]< M>3T"T VOZq\su&|y[l3 0y Í"`;Fr!·u =|6JfM6硕cMAF-lcq7<ܾME]Bc%ׅ*1Fe:gA+7:G$b'1cIe8o?, RsRrEnRKRTE}|z}o|PPh=wVဨ pE*Aągf5` dhx؀+K{%@͋07g|i2zCS*Rd T _AvlVGso[~pZ9@fUҮ+"FIC*r4 nY=.'ű~bŗ9%SY׶T-._sĄԹ& %u]cq vsMSK2W 17$2n\{m49I-NUw3͚H35'Ѕ=i4;Mf}ͯt5p8E* .$ЃV =},F9Pؤ϶D ۀuo~b=NoʂGAS8Jrv5t~4xq(6ymEpčBlo@XO㇛כJ6G(*~/VS qwmn/Br/,HW .3) gF,]əgBDt{Gw(B -jz\%M׊#x7gdA :f¿$.^=]»wif6* LsbTXCsNo;oڜSm=G,`E݆+\Q?[ /jDϐ\ u1!3w_ρu4<*ͤ 擇<85գs!~0Ts{+/F\,sdÇmTX=Y6ױqR! !fnc]MI Y}G3/?Aé-@3b$/h'A.NqnHkV!Ƿa,'&Nx"mcq5o!ׯݡLO !v 0({;^\$בwu1٩^gkVЕGN\ d27'@FMw)no\r'I|2?cF ATVxPe䐽0"_CCȫ--^wr0ODxNSsrg믖zY'7b3 +wa .]gWQA&4{~δ_`6lX) 8Q>Nf'U]|Dq}єbw=SvJiukQ>S1;HYy_ؗv۔952c,. ,aIb iV9{S$ TM Pf +6kQ)5uI·#!(l\!VW};xB e#S!{*yz,'y'0f $K\Þ\y8K⺦Z67"o J D|Q ]85ca{qaOD2<°_b]ucm>r21GN՜>u6EAgCREe65{Nǻ"$a)YR#' YV^ʊڔGS@-V=O :Yl"EZ䟤W/ 3Ϫ̏)j<X[r*v\]l<Am#OZX"l `m ⅫtA 1rxR&wY5Fs{@MY`t UeI#M4~V&#c8fO\6/оaq]phe@ pt.Wz_ 1/)m6 YqY.0϶|v( 5l|ew>_'bH?)Ҟ|Zx+!)[7{T7wH$PvWs6H\({&hFamit|"z%f_,4KɈ͊+(4󠮥“O~S_t O+;Wkm]!rk ٌ^f*D56i ֋Exj,i[UZV^hE]Fse#nf0j& őRҸwrM캉| DZmEOq&H/B tr"ap-d;R4> < #rG\hCEs<ػ75IK'J15^d&/IIn$!3J]`??LnaZK<̏JK0߁2PzX};QVe YZ