pdns-backend-postgresql-4.1.8-lp151.2.3.1 4>$  Ap]J#/=„7ue ~K2TȌH︽5܉iR&Of1w-,?)%׿󯩎ںӬ"hh=XtoЛiD<ըbMFO7O)q1T#gZq~#>Bﶅ&o-[|S`*E=^fN=FNř?22%u>oŰscdA1Zz[kMtV_a>i]xLFJfe>p>Y?Yd  , H) Bf     ,E^4(I8P/9 /: /FTGUHUIU0XU8YUD\Ul]U^VbV@cVdWweW|fWlWuWvWwX@xXTyXhzXXXXXCpdns-backend-postgresql4.1.8lp151.2.3.1PostgreSQL backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the PostgreSQL backend for pdns.]Jjlamb20openSUSE Leap 15.1openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttps://www.powerdns.com/linuxx86_64Pp  r큤]Jc]J ]J ]J ]J 9d8d58ae4138e763c2017c5bfedc91c8117c01dbb65b50a22ff5f7da95103d8cc0a1f22f577108a9ec64da2fc1a504d63026ac314a5ae0a0df75c2943759ade6adaf2a23450290c86027a2d2b7ec2c6b7cb97c4653fe0e9a5c0a9da68a0b0a3b0bf6189a5675c9465d2296434a462f1d980c0f684484c0051fd82d4a7d0f0861690d65b04cadd0220bd5fd17478b91ce3fcb0491ed1232226ca73a2ee95b3738rootrootrootrootrootrootrootrootrootrootpdns-4.1.8-lp151.2.3.1.src.rpmlibgpgsqlbackend.so()(64bit)pdns-backend-postgresqlpdns-backend-postgresql(x86-64)@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libpq.so.5()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.8)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.1.83.0.4-14.6.0-14.0-15.2-14.14.1]A\@\@\@\[[[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Michael Ströder Michael Ströder Michael Ströder Dirk Mueller Michael Ströder amajer@suse.commichael@stroeder.comkbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- CVE-2019-10162.patch: fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) - CVE-2019-10163.patch: fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163) - CVE-2019-10203.patch: update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;- Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.- Update to 4.1.7 with a security fix: * Insufficient validation in the HTTP remote backend (bsc#1129734, CVE-2019-3871)- Update to 4.1.6 * Prevent more than one CNAME/SOA record in the same RRset- adjust buildrequires for mariadb 10.2.x on SLES- Update to 4.1.5 * Improvements - Apply alias scopemask after chasing - Release memory in case of error in the openssl ecdsa constructor - Switch to devtoolset 7 for el6 * Bug Fixes - Crafted zone record can cause a denial of service (bsc#1114157, CVE-2018-10851) - Packet cache pollution via crafted query (bsc#1114169, CVE-2018-14626) - Fix compilation with libressl 2.7.0+ - Actually truncate truncated responses- Update to 4.1.4 - Improvements * #6590: Fix warnings reported by gcc 8.1.0. * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof * #6685, #6686: Initialize some missed qtypes. - Bug Fixes * #6780: Avoid concurrent records/comments iteration from running out of sync. * #6816: Fix a crash in the API when adding records. * #4457, #6691: pdns_control notify: handle slave without renotify properly. * #6736, #6738: Reset the TSIG state between queries. * #6857: Remove SOA-check backoff on incoming notify and fix lock handling. * #6858: Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and geoip_id_by_addr_v6_gl return value. (Aki Tuomi)- Use HTTPS links in .spec file like mentioned in PowerDNS announcements - removed obsolete 6370.patch - Update to 4.1.3 - Improvements * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi) * #6130: Update copyright years to 2018 (Matt Nordhoff) * #6312, #6545: Lower ‘packet too short’ loglevel - Bug Fixes * #6441, #6614: Restrict creation of OPT and TSIG RRsets * #6228, #6370: Fix handling of user-defined axfr filters return values * #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) * #6654, #6659: Ensure alias answers over TCP have correct name- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-devellamb20 15651828264.1.8-lp151.2.3.14.1.8-lp151.2.3.1libgpgsqlbackend.so3.4.0_to_4.1.0_schema.pgsql.sqldnssec-3.x_to_3.4.0_schema.pgsql.sqlnodnssec-3.x_to_3.4.0_schema.pgsql.sqlschema.pgsql.sql/usr/lib64/pdns//usr/share/doc/packages/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10740/openSUSE_Leap_15.1_Update/4ebf1031957cded3e97a80f9c9ba6025-pdns.openSUSE_Leap_15.1_Updatecpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=71c0507a292a0e89ff5d582c141249c9455c8f1b, strippedASCII textPRRRRR RR R R RRRR\óm_6utf-8cb9dfae74c72f4c1abc0ca6347e05216ca62a115a999b4058205a7b1b7cec25c? 7zXZ !t/q] crv9u$)&Pn4Pi)BQrmɧsptK \3 שǺۘuH:T«~tV"cj a!obiܿ&rwIIk%j{dfʹAKMN@loj&C>9v, ˁ4;}~W2 6W Cԧ=$E(LfL} ଶ˲oy$!?ɬ$LS`YqҖ) 7#DL?0EHk%2r&&)y5g"\a[QiS#+H]B7I}й ;# τ# @ebAsxɻ5l./Z~g|*R)1^/C/wҀUBfT3Wͧ{07,W1lH݈ ;tV]ieԽ4FhqU9OhM{ˌl*6}KW7P"gAm'cuΌc}Dm?2?&vT|)h:=U_(*|Fbv^t00+FVWd5ht/J^49Z 3K TL#,Q3w</BEVjsb9@}uyGT#^WDm0HYb9"Fe$N7y}l<覽k;FO|([LzP׾ucҀh|ͣ/W#y_*oh2})fJWy:7hyFjpb/@; +%$ 1 &+o*aF:KĴa-blWH~̔i\+*#)9#_$yWADst0.R=Fy@%w~ ]` iP1iaB{~Ci'&S\3yo*">{@.#6#^oOc f&3ٗ#'[$>|ո/o'm8) l&#N5Ohe_2Bbr < ۚ@ـ+nF*ֵs(S6(\0\*?YR;a.c6h`ڢ錵!DՄ'qKw8!&]`|j:*l헂ű󊲆,EXFLKƬfWPpcH I<5b|zraekS!㩱kPH;k}gˍ F# ;k@[vSwCO""m!Oc@N ?R2ҩ,c̍p gd;|ݚ}˟Wwsr/76c:|xp!g`-D]nmSߑFr:.\ ?J, Ȓ믥NޙΦZz{<-fl5O9"W㺛{ rfU"8?SLV\ִ0/`n'H؈'L۞8>W .xus zd!Q};GCEAds8PPw53)M [v}(\ fŬs=l6q@;7+Ω]jwƢ3h_ 困iu k?kt XF/-*eYX-`8Ok:M] (M[!f[ wGu®=<k;M}Es8.ӼR/@⋹ )eZ?U-;[T?;-O’iSG܍Z9諅EĄ Tb5~P!)Vn *[ܮ͡M Ģ_k&>vgv^ N-] wQGi1 -1.OgnKԈc 4-:MN`4}cpF}hsU%X~_omMFxUYգ{,'AA2M2 ؀ŕJIKF=sl픳G)FG堰M[u\ᜪ^k7!$ĭw"k9Vl"lĺΌPH ҂x]zbe턟w[gI9Se;tr.jd*$cDRRiRf̌ZEpu uD1_M2cTVou@8nzfc>O" F0Y b_1U)c~bluBr-x12-äoh-7J)}nUՆy"_oBaYNH1[s;#[YHÉ* pb#' is]l;OWлˇLٲ)9LLB|kFYf˴6ݝ "k&!y= &Q%i-t̢)p ^p?`1<{H.)'6g l&UCTscۖ6fZ u~L7}J%i`$+y j\;9\kG>P[ "-(0ߑu!&.mr=v#ԟ+s_O4LN4&BeV>`AĂ3[&xzjÅ97gm>:}ۙ0C F^BIsf0${@~BAjqAFg+P)EԠS8؎e\/I6J=SC$;ȈE ^3 um><@"SS0AR-lTOm%a~@l4kcѭ' ;@C*bd|φ 8l\\@ڽyKy$^S6;l.›iT#Ϙ'JH '= SΎd^sb^(wΌ%^ ށ3BM#@!`B1*:CYMe9#6'bk ?[bQ>s͡zgjCwO*|~ ˓| F~IӘjW*+B:`ka/r#;suk(E1'[]FYP9ؑѝr]FxPkYyl1a,0GjhnK=bp;qE[nwP"ňBy(K}GZ b9S$Z[92Ww4DjLC2oS2ȍ0o'UΜ\2*nIq%Id%,W7{1tiv9EàndH+ۃA~KL)i U;T '"m\Hzm$!QN==6AeZuK4S8sO/+eEY UHj@*R K`LFJ1u}BH]p¥/NEiF%FM:.3epTak˖S%o($rݼluR[D|5 f] {~ љ,1'l__Ӟ4 INxBOf VbP{oJqrbf9 J}U[$K;sXaSwQk!yt&gw(y61Aǚwa5>}q-Nxîz4$oKW΂^jb=Cku #"Ҭ@"VgO'$à _Wј`F]%_5mj [D3Ra<1C#Ҟ.\00g"|A:1!%8SRQN&|h5f %S6y]AkS0:|/_a t_\=+9EN+4bϯ{'OVBhMסV*<@">(B/81@]q`0AwQg\LJ z7 +?9JO,BP!k+"& 䞚HMDžs N\NL9'8baCuFX<|궧&4@cOa/UL08~iдf!IE.GK%OY1H{Up``A-. 棋/bXrZ Kna\t=iUk\/3 a`tlⴇ|چhAp-T^E,mn^kgx*sr"vwrSLDVKG,hXSKW#Դz )h{gG. @71>1TCIx]Ak#Cj0[u+r3L`ݬ՟` a{S/v 3oo%&ԕh~cEߝ=T2~gԲkL=e eYJ0\m$R*|cH52W8#ZU2ZʓD\r Z*\*5)- =]i /[yR>=̲Mk"i-ܢiK6LVDɴ[t6 Ym_{LE' |]D H$ H [ŭVMe;ZG=uDoo 4%T7]c.=1?)ӫD ,qoU0EyBx\cL?l\S!4P'-P n^ɖREb^m-lp%ATې L__`>^[םdx߭ą7NaPSG~,5en7u`Z! 7.`U5Tac%+ W{{M޽&ZcT2r wwjNEL-iI(T7}0;u0mLSRGֿ˜[^DH@07*r3NI !@(׸[h9 7RTçބ%êū˪19 y# ^%phtPjtLKZՙ^!khPȭ--_/ɪ4,ȑ9͘i[>x>pR.|h&"L8g: cQǻ&4(%Coh :}>Mj~W`J[.}}3k#__qȴb[@9\8 ]e[qȗۉ~{e30;Ml]0/vQ,*7:U5ms]` ;&AKHHn!lǸD`=:tZk`iE3$.jb # T.eEBfR5 {ZOr_= 5*Y"ܚxݴBv3QOsۙiRJ '&kO)3_sNSiUD$OcXN&X ג4Cë'eeL1ə'{W\Y6}o~E{jqӌ4%\HXV'IND?6r7YfT^FL ~^jLBk*V̟I<=c"%#0b^ՔAGZ%^T2{|v~Pg1oXJa3]Grn30P>u1 BDiT4S 0&U'$'pl}N'V– y'ϞsyY1wi{YaRСmahQ 9ryԌKq ŕ`eCvsܼgwŎa#Az'Cy47X곜̪At%rZbr;ܚOvKFj[HD{1K$_!}#ffĿwv;A~\!|9 I ѲZtYjyx!&Jмv,eml| + +J9?/: .͉!s` nԉu:+4/t3?w/kɕrB@! LwPu̟,3"hM#BExl}FП9ГYn0PjW9}&OE]Qš.tx((Yܴs6俊%GbFQt3'@mxOp xER5oyj eý{@YKa&+`5U*0j?5QԐ~gǣ#-ȉD!Qđ5^N~¥Q1^e5CBW2:swo*Ap/'M% LCR'2 \wbG\DLkfY"6g1AY9K*8mŕ62Jm8!5V %ͳ:-0S.7qbkgMy1kOQjb5zqmW'ʢd;StKBĪꙀQ'5*Z}yu~z e1fK7DJL`w)`n¾3&tF ڤWE@%? IhOS6V!~*^CYLo/:S7 D=$?';-%8"WJH\$HEAͳ8YD.B.n&@a3|g%5LHeg0`/?Yn|׆zަK$~<.=u3 .ƢxM7AAz2^Ro5#Pltʑ7F"f =t8(Iܺ#G lB ꃱl u„2( 9|vߢ+ڹ齈gB:nUb ;΂O-'>q(PPl=ϑHwnt}c̥iA|'sf̐E6mz _zR~ĵJZTTiê vx= 08F gM%l_$d'Ot+ʺf͇]hcR4DgQV<й)0蕮?9Xz*HUsuG(&M)|ßx1vj 38H)~OH8W@[i.0 asp72$FF֧d%I(3D6m3 l&=}>U:օMR_ 'H&|RqĎ! ?]˾18M?&eId#bݫU(T-,1:1AxCp2z!!50c`{uf;T H#@=wƌI7T(baαT𓻸D #qtBnWm#9t$kn<ŬgsJG-kg /u xI滯[ kXAC̞N>lfiyt'H"aVOLcdC ݸ~FgRZJ}R|Oq9< ) ֖2"Vȧ̈tBBIhE6&?9e0: c#L^MGμ0LQ&vkz/EWa -mCbI|2[h\f"a6B?:ٺK$|d}Dbb ێ#< E#P35pq kϲ%Sϛji5d6 e[bR3AV&3D#c Yz㛨 ~[`G%Ɉ xL!۠TlCS߫a4S @OQvu`y'?қz<m/ & ^*hw%67̿0XAZrq܁jFQ/`efWE=f({FX*wyx%s9^@2UWzuny!(f;!>z8 d')_3q 8}v.R?§j[VHRC'&?:6P3!}MRYtdGg,39oOM CR@REpÍ]V+ C8RCC%i'&! }|_tja߽ɷA*p4Lс'S['ċ$3=ۡEOH44E%ȅ7GWaDjb8q,ðZaa' <; z?v)oД:*u4]J`=28&`넲Ô\2(-n jï=-ۻSF7i6 S샃 'Ar GK,\zʁ%?Vƈ oA{4j9 eVhr</53z:1*r{#NzOW6+Q͖&$X\ddqaez7Qf='Q5g7Dmߪ ͻ1:>Ue çCG z7*q:`{p@zNŃ/C Fe}3 Y+M[~n'?0N)V,:5⤲W7Z U 19 `s k9-Hv+]҂yWJZi{իk10F*_WBU-21Pl|VM1cA6ʧ"*Q7K uHG$qhɵ;Ὁ@Oa2rydʉy5ULYY4ePPx:dOHT0Zpl yN^ qp7,+5%e2)7 @ƁL랣0!;Q ^B߯Ƣ!4Kw&=V^ޔ5^RQVH.ؿE6j|vHi{Fyv(vV.d0iOН1-9pi3q zNqFYG[k,C$>b웝ōW{XB5rX{ڔU)M`SA)^2 \`ۉ͐g~Hթ]M'鶉A g.8%›0ʛy~e?8#o]s++rQ_s($XA3c56#Qu ».!֟EcuTБ&,1QUP2!#DI. .Fqhy9|m0MZ{dڋo$f0"d/d_c$~܉=P2  ܕ~$i>B؁ϠYZBm]u@75&zZdp{A"^Xo ¨cSu|)w3-Ft‰H'dK(dcƂ/5b:8UW^ ˍH9,_1N`gP_^;1O,^9<+L4Q 5aci+OTx^P؏UdJ?*ghFhAjb@C g59y {ŸB[a>S$?D ɲנA@}R}Vd -TU4 BE@M 5F׽>~VϷN1|XD^@Sr@LѴ%C=)Ebzt DsqbZmaHSnE=(va"ʆFA^LH27ޙ} uR@tA )XHjWj2NqwŽakDO$ a.lVӱ],K3CȎky;q(Ÿ _M> ,siA Ȓ2lglD@3ғf[^D.S U/-"N]Gz_durƗBYRɺpxk,iy|ZJƆ:JӃ+fǏ-p7W%|$4\zTCOonEФ!#3B],隽QԘnI?x FQ?ɮY,(ru+40-9,rv5G_!*kF-d|@*QsV3[K^#" l9;2;Ėv=4 Qm{T lS͛Pnzw`"9z|G}g q.vW]S#3]-mutPwKJ1ې"a'vrIq&cl6|jNg7VR0["9  6߾ =>?'/9~(X㇍ZN ‰3uRkJ6tsJ-2ITӱtE[`8*N#q3ү%OUUSEi ISdR^]R$"+NtDIZR@LE XFs}f1Lۇd^ wS0]72|3'W)񆊳SR(O(o0wn"?Ϙu2ٺ/ Մʚ -Hq2O^I:?. 뒃$ +\^?OԿm&i9X9%u#D%bk5(9 3 ɷi6SϏdi@G$oʟ}R9bNg)a O 6gsKUi9 $ܴ ~zR'YJl5?g\uCn~xv21CyR %u tN fJ4uPql뤦ŐC3/C.Hf77kIYRae[+n|ZD~*w3AHL1Zu/+{OpvnpɤF a8K'ED,`W@}`b3=j _c GKdkE/aƓenublے[&+nxr?pppH'Li@\T9!K'k¿ c>6]7{0hC Y*IIJ'>?(Jqfu砂ƹ…E+*,& -1Y HȌsR GG>$I+ҭ>76!xMeoO-z8az ?h Qhc'P)jlklf704B i@L^&p`Tnh qg\.8RQ3$tu:*U0  Og\3)oGl#Ð/{ˋg.πUBaTg+|cgTp rwk`|S(dso _wJ"$*iK/`^MYF+Ǡd=8F_@CaϞhFq ޔ[ Yr 0X.R(Z 츗?3N`W4yX8xx)o.*qgo|^xD~>r쒣DA(y0de+ɿFVIr[]lʝK8ܢ.;>HUYb2yb.9C{]h2#:`RٍT/_Ųʢ8nyw0]65+o78j` 55N1X}{z{nLKTj]wYK(ײPOҊ`a<7*$xı#SaZR'o!-LB'^/-0':[iZPEZm>[udR 5E{R#'vBy".g~K.s'- d%aBO"Y񂭋_jL1Ky'fk>|"H[`8*>TiC2稫J"-e@%[&6EE!yq ^d?,?7(ιyY7_ϳ0$^z,TSs$Ң#f|b'yB#ދo |P? hXci?95K&&$ r 'mN++v 2v{_{W68(g5(mDL͖*u\$Psd+`(؃3f=+CL'D%Fy>K4~/fygJ$=B)̜rEkE"~ $Uu;ܽ\ȓUHv;'a ?}^μmxk,E i\k6 ʔיx;NXyG!%'?ÁƐ E7yȱS++2QTanB h*ppT q.`nyP*f |t!¯*t+Əځs(@|Ǿcj|/СyL S+ůRZ/\"]U4dFf ^d$T fؖKcoĤzIܞ|0VUӃ4Cp p 9-v ],Sqq =3ko |4Om/90e2:XZ$A]6nI2- 6Th q'&؜ q 5le7ϑ& |$)9뷧+iM/; f 0g_)| IAb4d1!$>D릐am,^ɷK0V{ai{$qKɼ5zKވM:Sb~OЀn=;KU$ :uc6PSSpzt~mL4a ՟j~Slӥۚ[\)8YάZޏ=md-vP7%/ T)," 5vB>P<TA[vo*>{5/li&C˄9$2V2=cDP튧Ga$J"x -/!kWdyÅo;`hڄM4Bm1`qes6F9t6L#߽00&H(wvY` &CO$n0e|%KvWssdXu*"L>%5>}x[̌88.s6 CGry+;~b{KܧTj?} 򊘰*=B+|0Ƭ敶&L7yR@D 5 %SDa,~TsnM:Bt׬gǸM1Vfx~[-DT<ݥmuQNg[58+/輩Ýbù'u+t<V2P&]>Q11)Ķ=@8QuG4q* M;M,CexGs=$[ۆ5f8aG#Lem:[B փQ`O ]h 2tt=?=q^x8!"<_e4IG 2}_v~t 2,GT٘dS]y3%xD^@7h.V$,GPuș6OBB3# Tڭb#S}HsT-=&x;34ONҊ{%8pxm4>5j(X[\@2fWXBhiS}+X@(`ɵofбs>/Xq9)1Dg7(wUHK9 e8MiOr ۥ˵Ig.ț9|x4apx%zш[Y)Fd 47uU n7 [# |@L@:+y,}[GyЖ }UnǃgВfRO0xCzolWբ =i̅ٸnH،N GrƾIl֭XI'E%g7`@ޔ*2~ByPᨏǘOc؆l؍-2a_xUƑCT7ͻ$*jj@Zb 9n  /C?&04 dj+-A,3_)Y8Y9klR,J/[T=Jّ `@ļTE6͵K%;9U-n"Ρ\*ܾG"I oyz% o6r|& F79S-1~L= hܦ:gz##do=ZO8‰|g9@|W7OמPN$ԣX0[u0JF{C& Q_'ɞ v4H80NX6Qa)v;ГPrJA6Z 2@TV?0XK-~jIxl[*V6Q ক]V+# U xGfYf橦BVeT>\ =?*}}-fK 7BcZ@$g&jY.1 "igA/`Eݘt6½ϖ̱.KE!SP(B'rҠ ֎=\rcvL/1L4Tؓ&=]Ӓ"K Z]EUgc]vR1Rcҡp,<=P6T:C╓v`\Z6E=`.|+.=kH#XA65+P^ZC_SM/Ũ'Ԩp!֗FJîl(HGRG@ߒ 2N v 7:`Ug+.-M8\@oܥl1u,JWr]]-Z2 "W90#8 ?,OѢDc@O"&?\ʹ7led蹷lEhzWm<6Fbt%lMۭ [ YRxdwcM3erM L1W òXFQ]5(HP8/KttJu"0 *UL|j^b(A}Ȓx DC &WĖc4kM3Mٖ$2;'w3\6Y'dsɗD?%?`S% rK>*g r`/`\@fNBav@DfnnKw6F搿vda PnEr/IϩSlM=؛tzĂR\2f͇& C5!Z )h@y'O"mm Br{lS5\>9Ƨ6'-2Ht8_"jyW44:pH15ͷ5|ՐRgUσ|s[tn }zGQKRYNO6z}(Vߟv=⬇ʡ8XSb'}IMu>#BZ56_SGI7AiD| 7;\ .h`|Z|N#Rh6yQ8XI\3nfKRIci9o~mGE,RPJ3 /ӘI_SVAYy ~?v<3KK(mgR)PEIK0ʋ ]f!Re'$nK)W`uhfӻEq -o\7p}zٯ9,5n3H[y}@PQ&1K<ȅk(W֒g 3@Ԗ`baXҗ{z'QHy(2f1fZI=_&%m W@B}{gD1?/ҏKdzrMj=+\,>u?8G5zRkAy6-h&yQ̢۳T? ^ϟJڦ5N5[2@2MgL$0Su ǐi^`LF)*i C_!&"9?vGGbug#p~wIW_u౪:q]@$`aAqtQ heExC=qaXu 0;2=E{_4tAjR0OAti0@;~ntLQTQA+ kD\E'"< 2TfT}aILTTrt^DMcOdhv?vrm}3B@V#ȎjwsODBo&O(z2k%'ˍߞ_Tv3,+-jS͢?h JV iS,-'ܴA|~CXVlN쥾Eu l<ӲȵmAQ2K\9mmQǗ?]Fݵ?hM e ( }QxK,Ĩi8iZI>{ݍ[q琿!4Y&.LkFLVSUyKn/\$G c/4.gˮ{4Fj{3Z1 .)ajR2cΥt b 2zkYJ=6r )ǭ֏'@R6l^祹F9S,1-V@E8ʈ{|\Eyf%~6vP:fx ՊDu+`( һq A^Ahέۃیk;iS]T|}+.BJyFPSknR4p>utNN>A~?: }i&k~ҜL9i&[vw?rOPYwVu~Z"u89Q lWm^)&'mJ^X>SGk K,d{VAI+ *ʳ2p8B2D٦, ̏\^#'-?-wzHXv$ #nA%ׁ0(lKUGGMLv1kRC NJ˭YiB)'؜@%=l 2DkOu;STruQ͞d.\l+1~p bgQBe$:҃"I2q{ƳeW9`wPn<_82Bn`lqΠF)4++xьE"2[rV =7w?B =|uYPEpx:mݕXVLQU" Gx8"` 0_<#exU4z))]n%ܼ6&ҼYyeX R0!3H1髚#1}ɢ!|>NFR2?Gq3]Pϸ<߰7SE}bFƇ]q=5Վ)#i?Ôv S^){xC˄Y$/asKg̗Ez'3/{D>W>yߧҹ wTU0FRvz0 jӡ`D fO+H8\80S鶦تP;cg%p|峯±Yx޲_T1_GȔGD8I&㨫rjot槔O¹ҭ_qCe0K ۚF3,†l&GX5`pDXap~Rk 9b/v5Kğ6 ~mf`ɭ2&'p%%R0ЏhtaF.yH@B{}v:tI?(_=O!Ұ;yy?!*Wت鷁`:=۵QPcrkył4O&t9~KoX@IIC488~Z6د#PkRڀ|8נ t[KҶʓ77О-ix_ܙ^ZOoR+/Г{@όyk&fIFc@nbb6z\λMşxrO KO[?WIx?$pyK Aىcir,c r[&!>A#.`9x]VL~6NWƀh)$JMp+^iB`ߧsŊ֚48O4nQO8䢨oY?T#]E8'Ng,AcyC 3W <kZzRV.?m}HRDcVXDYeFY0/[]Ӫc!>?0A qݫK=ꛊz|"R8UЄoaJUPjR}`1R^q*J8@[qg`@K a~M#g{&Q}x3lOܥ4/p+3W$2/QY#J&|L;!tM)uѵt5Dz0;~#sS=MAnDO#C?D -F5f[8uBH=1JX𼕽\Dt)Gn'aTԉr),' l1>^71UHTF~~|$_7ɰ\J4!^8:n0:Mϔ$j[kϊ zL5 E wT^6AnsǴ'Mo\c nV՟`&Rïē%YJs[LplT|x<* rc]12K/lB `_& meENM,E02;($G\YMw wkmt6 DOg;޳6ٸ3\ Ke\zĺ*R^-2PZ]QVϥIuOMNJݼ I9 3TzDK~4r}*]Nӝ7<B=j U[|x/OdZJ;] \ K QhFӇ,ytr y#р !QQq}%]R VnO|"7e5bŰJrf|*H [gBz%H ; e<\3wmOB)nH~ރgaoF@s#L:_U}F? qE՝b3iժk0UwH">(7`UĚ6l < wIUB }}ܧ׿B,54* p+VUHe΋~lGml .>#Ò0axWp1=YHX8> i!ҠɋEKf/G0! pYΪwV.%c-9Yk-ɵ= #J̽7y}o'Ǭ>aH =zkaSA#e2V6?RG96V).e<]@)S>)h$Ԉ),`֡O6Nz nxn,$kX)~DaYxDx[͊atB4I z'a\Xpf%zD|CR߿D$d@2yej7&kip<;aw8HR_8J|(ިKp]qH˺DH.j?J,Pٳ<˱e-I_<W2ʄ5x(Z =6 fR@ᬤSa_Vx9o%5xs-T{3+~'{U f "+|:nym89ڬ.U@%-4k83Dk֢,p߀;KpfzΑﰧ ܽglpxJ=f4(8dIIxSt '$3Su3x(@[m{е t FV6B?Ɓn@1h>r9V9w)_c!!Y]&<#R+#t6GW[f4uDMIٯoI<@mhVZzɠDH@c{AeҤP}0F.j_O };Πq}'eor^ʊч\=BaQT4hn^5{cQeA<>R?(d3G^vx$|VDn6V. H! xTN[>D;uLd< od+PXHNɒ=xݕ[p-@h3{ @آY J-͖ nHh&Q-r-q^)ϖJRUtuPIAH.Y\+WwsKt,nL" g>a)@j,Uc@ے==7y?mۧF|5վoXi e"'ؿ7ZZUqCuhː a0_gAyB eiK TTY5UTUf̅be.N%$fd/`p3]r2'IWsJ63[Ϸµ2^xFV( ‹+9@jUigR0+;+ysdŴw(KY*S+w1'Ql&/@ M^5}z"j)GS$[Z,iϟEbWȌhDWܣmM;s9T#eÔuˉ7ŽQgcVdjhq049PZV^4/f6ՖLjPs?Igº2{fo_Bl3$xQ)X8rNlH4˂A4s}MxK">koh~ :4F&0{<?J<;MB+Υ#f;IH_1;1܉@#Wz@N\YM'u \@S^%!whSJNdǼ;jQ&$ɤeh* ƛ@S&q6,P5trv_AzM[U5;W3C_ YҮ1gCޅ`w|u^u\mmS0s 3R@PCߦADɩZσ>iK{>P>i­,)Y^Au\=ZP_nquDYrKg cc=.SUtP2bn4pjϞpW;`ڒf EF+i(sFĤY"t+6)|{d:A+PvYd: O=&l;|T7>ȑ<_cL<\ V7j sXE]0ukyfyQġ3A9bTg3yt-2 j@2⍕gָ+Ql}K@w{tlz]{^Odz]^!eAB~--lbFAqPT󲓲^͏|ӥ5bȄg8q YZ