pdns-backend-postgresql-4.1.8-lp151.2.6.1 4>$  Ap^/=„![vv[36G,W`RXd}$LNSFGEY"t<xs[vH?k_ N4eWSA'XB]DgR>+ <^lk U]V}D֡v C=GQX4(L ;eR bU\||!]dH/~\4A ",  $g'䐉gE|s>_!"e4bfa082f60e6a05cffd731d197c4b32681581b42526f41a8327988031673d8ea2ac05cb727eef56c5159a5fac1277338353bae5^/=„ $Tz(oDx>;Q{\S&~ 4pz[v372<`bbtā0\뭊g."2>p>Y?Yd  , H - Fj     0Ib8(M8T191: T1FUGUHUIVXVYV\V<]VP^VbWcWdXGeXLfXOlXQuXdvXxwYxY$yY8zYpYYYYCpdns-backend-postgresql4.1.8lp151.2.6.1PostgreSQL backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the PostgreSQL backend for pdns.^~cloud117openSUSE Leap 15.1openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttps://www.powerdns.com/linuxx86_64Pp  r큤^~^~G^~G^~G^~Gc80205fbcac2f75b7b7b0190561442fbf617839a035732c5a0ea8424780633e7c0a1f22f577108a9ec64da2fc1a504d63026ac314a5ae0a0df75c2943759ade6adaf2a23450290c86027a2d2b7ec2c6b7cb97c4653fe0e9a5c0a9da68a0b0a3b0bf6189a5675c9465d2296434a462f1d980c0f684484c0051fd82d4a7d0f0861690d65b04cadd0220bd5fd17478b91ce3fcb0491ed1232226ca73a2ee95b3738rootrootrootrootrootrootrootrootrootrootpdns-4.1.8-lp151.2.6.1.src.rpmlibgpgsqlbackend.so()(64bit)pdns-backend-postgresqlpdns-backend-postgresql(x86-64)@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libpq.so.5()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.8)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.1.83.0.4-14.6.0-14.0-15.2-14.14.1^%@^`]A\@\@\@\[[[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Vítězslav Čížek Adam Majer Michael Ströder Michael Ströder Michael Ströder Dirk Mueller Michael Ströder amajer@suse.commichael@stroeder.comkbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- pdns_maxmind.patch: backport support for MaxMindDB- Build with libmaxminddb instead of the obsolete GeoIP (bsc#1156196)- CVE-2019-10162.patch: fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) - CVE-2019-10163.patch: fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163) - CVE-2019-10203.patch: update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;- Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.- Update to 4.1.7 with a security fix: * Insufficient validation in the HTTP remote backend (bsc#1129734, CVE-2019-3871)- Update to 4.1.6 * Prevent more than one CNAME/SOA record in the same RRset- adjust buildrequires for mariadb 10.2.x on SLES- Update to 4.1.5 * Improvements - Apply alias scopemask after chasing - Release memory in case of error in the openssl ecdsa constructor - Switch to devtoolset 7 for el6 * Bug Fixes - Crafted zone record can cause a denial of service (bsc#1114157, CVE-2018-10851) - Packet cache pollution via crafted query (bsc#1114169, CVE-2018-14626) - Fix compilation with libressl 2.7.0+ - Actually truncate truncated responses- Update to 4.1.4 - Improvements * #6590: Fix warnings reported by gcc 8.1.0. * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof * #6685, #6686: Initialize some missed qtypes. - Bug Fixes * #6780: Avoid concurrent records/comments iteration from running out of sync. * #6816: Fix a crash in the API when adding records. * #4457, #6691: pdns_control notify: handle slave without renotify properly. * #6736, #6738: Reset the TSIG state between queries. * #6857: Remove SOA-check backoff on incoming notify and fix lock handling. * #6858: Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and geoip_id_by_addr_v6_gl return value. (Aki Tuomi)- Use HTTPS links in .spec file like mentioned in PowerDNS announcements - removed obsolete 6370.patch - Update to 4.1.3 - Improvements * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi) * #6130: Update copyright years to 2018 (Matt Nordhoff) * #6312, #6545: Lower ‘packet too short’ loglevel - Bug Fixes * #6441, #6614: Restrict creation of OPT and TSIG RRsets * #6228, #6370: Fix handling of user-defined axfr filters return values * #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) * #6654, #6659: Ensure alias answers over TCP have correct name- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-develcloud117 15859381224.1.8-lp151.2.6.14.1.8-lp151.2.6.1libgpgsqlbackend.so3.4.0_to_4.1.0_schema.pgsql.sqldnssec-3.x_to_3.4.0_schema.pgsql.sqlnodnssec-3.x_to_3.4.0_schema.pgsql.sqlschema.pgsql.sql/usr/lib64/pdns//usr/share/doc/packages/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:12262/openSUSE_Leap_15.1_Update/7a6cdf7879925af089f69ecf80dec0c8-pdns.openSUSE_Leap_15.1_Updatecpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=45aefe64df517b0704f306f69d0e83791ae25a7f, strippedASCII textPRRRRR RR R R RRRRXz^utf-8dc33640b9d735027ac6c391be8276cdbc50db224d929a7d2e1a53cffaa62bf9c? 7zXZ !t/q] crv9u,2p1ׯV(G췃 |"eGJ _ԮFTh0(Oaڜqwf/oqӆe ɶfr6q{dZ'4'Sd,9!3P e8c\}Huy<*,-V:֐bg9ԒzL߳!Zmd3vbQ RkQgiį1>r׻[*T>7F8C6 KQy˜.>c(eevYe:Ě !f2ukx}!W׭. q`ӳ} slWbh8\=^giL#iۼ_Su~o9C ATE&vutR˞JwX<*^aB.Q^˜qD??V\yN_(y;#o-rۆ'PTSjTjL/4dhxљmί ũh 轧>35m~CB/iL! ]a!˗q%E΂S7bCS;aޒmTbj9UsO a#'~;jsWG%#!ڰg_2eg, *nonp7qD@+uFo?;lVkct(I-|ܶ(b#C +,i=A`Eܮz1C1?-wXzdHq_>ؕH #.OT%ZA{`(6wtq%~cYhp0_0MQ/[{WJ@icN,C MD-A1~/XfGWc}ww* 7%BHNyȼtGtSfg{yt3E۶-ܢSAޫ Aրjxod=*E؊N AZq_"$8M6dH4LY2e0X5]C4"/N.vypX㷂b>P/Aqѷa Co%Wt&/4=n!I{\% !gxQiŀn͊S˓hs#R8T$ i`wơr:uA^f5zsܰm8|P5bjCߧtLhNFdJ:qw:2-=?X`v:rbPHe ӿ  \I{\a¤`jՒ{ B2R7(vB OI~?]FҰ1)@pc0K)ب^'<0‚L5ā|+-7n@RcBx=$pSi2DƼ'V7A5 ,5DH-\bR`vl 44[Ӯp咍gGבܧ57e ~ЀGYy؃F5qՔWf/2?39'֚HrאZ!ARZ3pъARb ۶% iE~#ښٳ) YG`x?QtWz&fC{n*?qڥqLh`_O 4w5,+Nc˲4Hfq|GPg/RJKA/ 7ؐPgwCq똒 hfh-JK[A",KqK&͹ሖJ銪oaiж$I4?bY2 ~DhW*bagkE$>a )*xHxː,|?$_FU`QJVa Ѥ f%M? hGNvj$b%=8E-[rQ? l~^)hReLPdOjnIL 'a3)qncՓ4›]%OδΞ=[W3"+ݣxPj C5G7b~DgN!."G,xx kRdy?2zbE>k===`0/N'<ֻz)f fS'o]gm."^ln%B@ !{Nt ]d@X% nne2iy3'ޝ^z>`/#Of[i:懘^?D]嶗7{deC簚T18&8KAMЯjÎ6뻮7;WW`Xdf M- Gc>o:9#}H&CD?aVĆ+hz֋y?^Y\ˋڃEc6$2фEz.BS)كvz(1?/47,YB 2s#<6t 8$VR\\U<ġMo-<)F9MgMv#A򛩵R jrVI I rjas0OX#W劖"E?:w!$Ȁ\p[ܯv5smU['!`KEb ^UA.U _ZoO[죵)֫.IU 8e >Jf"19#N(P†:Zf,v912I#'1-!b!3,ʳ+v+}Rjp~#AG"I,jrniFI&6ʥ5;x%;dB #C) C%^W>J=ĎG2헜RjZ_`ARv7 AM06cȼӛ0^;@QDrKD- -nI\p)?B&“RkS"bLAu?)׎a ZuMΈ^c%ikxKSL)vN/wvdԛhc}tm@Ό:WT(w4$,S'.Zem= [GbIv+n6̘V3!=,[< P&H9D.x >x`, 2Hge^r 2/uYH KV,/cCJvXU$ o,մ*5YovDύ Ls0;vA{y3yqݭ jʘ_8bք, R%'pJ㍰PbH5 b qc~žˇM zQ-/@ŁN'pk=*>88;*vyGfړ܎f; eJPFg',3 e0咆2Lof=Bp|&Βcn{#t35`Dxppr)y)\^HD)ۀu|P,mq%ϣpÓyN}lrM@TkfAE}߮]h(Wn0ј@]z{b ~ͧ~Iw}k=d' MR ^Yqɶ%= c5|Afm5\M^D9^/x4-Uc%atZIw*[c&<8yӁH?A|BJ-#1D4UOh2NFqfck,l~t P[iw7=KRgӌ$4I2Q>>S53[<pgn6(5+]؏%ѽ? #75B[M0M 3=ƨZ/] ]w5^:KJ1Ld ==c2}aa`n37dߘ/\\ s=߽P QNd|;MIeԱ#sr>q>E,Vӳ[ y)[ t |L5 _.+DnpnECɟQfyWG{NJ]v,G"(j_nů÷}89H9pF/wr, Hᯔx`jd0s)ima>0ΤxNţ/TVc4& Ea,}E>F~fߧހkvAJ5Ջ<"r39sef1bs_n.3"4jU\h߃2igك-D5+lPrZڂ2Xq4J*C{ r@EP q޶) Xp<ᯤ&XP<[M~ {pmb.K;GFECݦ,1Ic#"c0o+B`Za]Y-(?vvѻf}~N;s1;ه陮>fL@咽NyCIC04icDc|DΓxj'aiJ뫊Y?ų͝sG\y+Qu1hq!1Q>W*h2{(Yzp@N'i=~AsØ |Dö0h󐔹B^ E'\0&oZV5gF 7nF7FV#c:(5Ƕ*]e!rj1#3Wl-9Jyj1ܖXeXHܦw2Tz_frs D8ȣi ~<WE +ud aԦ RC̚@O[ YPY)e =7i×ijcqę)3NHSm!\;GZ^akܨ(Ճ|mqBj֐ Zb/&W|5o滕],R. Ji@7k8F(>=K$8dKFqvv1DZyvl# F[ojKoY§}/$B.C5Sұ*V'GJ%UE_&{ h̥{ڍB/g^%oD.ƀnZ7(J3 ؛[zab߱!*]C@TW7mRP;eDT3RH"CKz,uV"\#`Q)w_$FIURw2sz=s|s4,D;C%K OOj+ŢvZ$Z̽*~V^XiW#Q< íc Bk!yVGT,uI0# T,.Z£ym⊹P*4*FUg dExqdYn'֛0Ԉ$a)PDySJ=uqP{kW;4BT IŽ4FZiIwFxUQx@j#=I2I/ oRܸ-1Z٤'R)#+BNe) /TH2"C02~rH"b BPN&QO0$@$lb=;`2Qpt\NXhV]~v+ǭUDT!Rm6$QPQ62dTtdJ5m:tAKc#C82'|hڬV ۳I0ψ_ZrT /";vEc?KsӐhu+˺5Dq6?mXwfi`(<"Ԑ,8LQqJ5Mx1\b/ %⼶=§Ssґ0cIJd)|~}.aqDaW`5%3;c0X6Ot'e]od$9k$F }dRe-GWGE=2?&o3r/wZ吜*90 Ly]A+͔x^sն{w=K'02(I`/ZO=K,oŒxh]=c;y/ڰi(:0-fǼxeMdȍl\Qx33ꐏR}[PFSN ᰸kt:uApka-1G>h*_,[Az)9a P&0ó8XCI2~x y`f%ep.)S q'j?. 75h]bËj -+˕C$ưIf .P7<>)={L /i٠;LCC'Ce2\m^WInI)<1B&рSw^bRG@{ Y/.Hv(j!z5=$迋*@*FujS/ԋᔟuT>"{ttD kI|A+`:c4#~!:m!+}vP@zH<ށ jֹÑY}io˵ tS>_VEd39[ҟNywlh?6÷9FZjS#G xvI9^,Ɯ2,Rl>x${'"k+H [qLd/d r`MqVxY:(I='K}$ ᢡV턭Zm/~+%YJ*<7]g`nl'pzD#5j/NRm9*4=.3Zr:]B~˺\' }đ?_0ã $G)oTJ[5q#*.$58ؽ9BpY[ DY%ե7{F7j tycgi:mGyUs-pWɹ\N(?Lq\ẘ}{͠鯡Ä{P6bٹiɦlG<+WI 8e[h3 Uyȅr/%- 1 +vi  Ϥc 5zA2vwt}QC_.M87RjHW}.6]yY⨧> v> y͖XݍTsgLI*sU6Lœ67u NwUWɐbY^b/njXL'Dh7:oAW4=)d6.Wc?:E篊 XYj( VqP  sxF5tQ~Bh /v)u@p51G}g'xjAH0EhRݜim }NѬcr=eF޾ V۠oXv>DTr0=NgTC1F`?u ̰-|'J5 фwv}? 2jQ1ߕp@PnJnuOGq;&mV_J-A[&O-GK?;q9LIk-)A^H`]>GTR~PlPf"b}MQ# "nl4lk'u6nd9s~~Pıw3AGC.H+ڣ+X"8^s3^|dq]vЉoS 5׀\9&&g6 i`9|1bߧĨ >ri4vod*#x.̞?\?/_r Y-!N(KPۜ Ԁjr׽`OqYwymYI}9H5Ix9uikt w7Ă/# &-<CֹHм^P%}{ 噲4(~w!7J_J=rh";XG>ZY"ZEZPI?rұ&Fҕt9l)$/j*y^S9;!cɛxBnYJs_Q!^ Ďh\T&A=#O6jQ.Zex> i,t= x[(q&ӪBd+p N*M+䯽{d2ڧY#X} Y.#nTX(|w<\6F{挿YXcS#m1ZJ$k:釜qڧDҪ%7ֽ3Df![:!lwv< AmwRsJ{lzSĄɊwճ>q"nvW!yWXG7q$ 2s!pS=|")lgߌZiyAh<%#vXjT\SF?ث;H"T> Cp$8K%@1@e*]D"'-d$l3w }om*2c9|CQc1p:PB.}XǦf= jJ۬w E=⢢4 kV Uns-;w v@s1؊)r h|ϫڌ~?`WO̳p YX}I婼bQt}}H?+p}NNKcM0Dp5e )o0xY1/eOG~ͨAZ r;1 M#%![.\oq)ECb6e*~3h}94|uXzh/o2P5b/5X?>YV~/:_pݝxUsPx$EDoY,v֜9HԂ |a"T v.X. %a7)=# ܝDnhe7gYOfVxIc+bAh^檰 GC(kTY834-%[S~̜8Dʟוֹǖ,z.&=fWtU&^|uc.2|Q,K~Lw |eҰ'0(""|DacH1n5W!"m2I>n"&7 8Dml~S[LZR ̅>JiVa[ W}R"`/ͮ|I=ifa5!z^5C1Gǯ>$F&BV`Y;s 8㖖Kdi{a.#Seb|{>]&]k i_?l^3+FZN)s |=CzA\("v[QԬ80g ^~L@UčW؄T} [{7~GF7@H>b>[~!鄺*ɵ<.+[R˗I*T0SznT䕽5tkVR~eWGz\ƦUP"c@gHK n}~lv\C^DWvi)2W%*-0aXIts򁞚esEգVZR7N۽&_S8q˸]Z6;߉6\ 3(N7Ve5ꭳ`=gb8oL|ˊSacR43zI^7+h(33$. DY nR^Ef J}иhxAE\a'dh56yj C4Pd,&Ykr1ҹee J$j% &xtrku;[:ra@V\Aw5m&"B\͘|A=-G_q[]9WY<7|R?&zLX[Ai0}P77bTYdlcC߅IJ o,% +ۇ!AfKAx+dOEf-ƿoxD-K%/ +c:I90B葏l(Ҹ[m2D[hXek;]r##6z?CMz:7^/ȓ aZ-y?i99$Yä>7V1`kkM :X)Z_ fYpf᜹JC_8l;u)mX":}jgoR##13+$ZZ,bTei2CE\!- SnB_O{.3Ȥ& "L+f z΢7p~p,ļ\^tr̀qE '۴sq=AH}?}uO{n4uk l^%S話~a1R 'fzvOTV{tk#=dFwhLhuF=>[s8n2~֨P٨> ƿ P|QeJ&m˂S}'QᥝF #H)A+qge+Xua p'2jTdFz^𷓠Ph SԶֻ߂jT9UAB %9JY}Fe)n/J iʙثXMix'Ed'RJI3>d+օG GƳ*ܯ13M#-!g,i=SVFŝI#['ا[=52M3)ʉ8G wPR&Y#n a %pSnB="hI6R\ 4NM;~>lA>n?5g1LxUZKB ~CXZf{dgt+4Ÿ.fͭ9`ֳʛ/Y( 8{M367ݱg-Ti`2V{ϝK+` 0䁎ߕVmXgڸuoLOɇOOs#{䙵Pd 0ֻBKw;DsUPxWg_cj6 wR{8]Q $H\6D9|E3S'2.ï 94+Ȋa,M͂_nM)<- U7:I*x(T@y?,Hs_W1R!IFVثּX$G/D3mc ;=|Act(YJȇ68[Nq)U}XG .p`\:&`i"SPVP*,5X:$tWp?rX<?h'gY ,so jwSU8iI8xNl  =FG,@C#w/OYH*+-$,MhSmyxP>W](ic4w)xAFؗ74dK2GfgjlL&[K6ɸoi&$_&K @=H =SȲ2Ԣ!B\9AR[m[Tc!V|KB$-=MilUl19ثCqoY"wX]y)+F1 6PGZs⨄m%n35)XxWHLp'ُpk;:G%ޡe 9[3l#n{Njl~)P1Of5I7])"0Wiݓ]ϛd~f++b{* G gjK|4m: / 80OGwB@ s36UIf/-u{$eb_2XWӹC#ZBb,xv&h# #)1a=>Lװu:a5++#7`,Wv},|hXK5U:wUjwW@>6.$aَl҃K,d1Bf`#E{ncRJt~\ 31~7TJ&ȕ~Neq@/.TۮK `-CZS l0RvNݣ0 M_ڶOaSNX"d|~)`#-tKrx/-| S2T |?`Mx-_QM9IZU뎸3o+%PE;r6*c,C#禢Q_*q 8:إy 6rf^Y08"4 "*Gb ;lnSLT5Ca|AOrGz"It5?<eۆ䅔ɉuuWc68 ^*]6Mu?qjR0F4akƬsM &6& %~]z8!3p9Cx>Jx_7Cu7f QV7(];K_CeFQ5¸X,#(:Np E޴،4$E4eWfoݛu|[9UJwU8XxӊXeWzP 0_}=@~E <[>)@]ːV;R3xM  fH$rJ-jL~gQn:ĘR3:Ϻ9<%hf2?&lPtDqovN@T WfʗEvy<%~`ljEv_@3ի.6y'3;i|B4lZ GAzKWjuwNAJ*6+B5)Z0f*Cv?*)W.u9G4\!$x: 3߿7GE^tޅawY7-7oV,t%W yU?+rHi ~ghDʬ"kxMsVKB􇞙lrr;&xmq{Mv <}toU|[Z86T`,k \c@2wo.“ E(>Q09ɼ'Y>3ڒ d%tv'VX_從jw Sڑhg@6"mi- -$Q 0][}TH$t_8a݃3^sA|=!q)5s#yk$؁LrA& q]ތ68>X PU@󎫥]-Lߟ)2 ; ˏr ;^[>P_|ͨIu.d'.}e!jlk D&+,ans*x XpvPD&mB&yr 93+ kbC4L|23U(1b@UN>2Lm2=̤Yb}۔' 0 ^l8e4Q|츧1~)*=xxV=̻(Ю*4XFPaoP;S֫ԅ2Ř 3(.طP&7Y=6 X>'|J0{ckK:]꾄ft3ByWn@`gX(^ P@w Fw/yşz7;gQ Xe`]۲AݥMz/rz-}j:yBU̢}]UeY~mX;hNCc$L<\= gq;D?8 3ݪ9E κb:@J1|zi&x8ljI[/ˮ*CJ8:L_*Z=?9,LH"#VotEPU)I-uL> 8ğnY:]l+V z8Pd+:$ᩡl {} [|iPBfRO1 w±䑚ńYmByA^]sVK]C%kQ恋o"!0sRvf͖9w6؆%]Q \`{km\LiŧZt;}e(Jâx\b@|nmR;xA>\u0Z.{[ǟ;i}N~t^IF.]b7ჺ.Sd&8"󄭪N-"b?`1i[w<xZU"2: /=3T X/.XS^vuʝ}dR<|:su?9A{ +C Zq>;afxK7H}lqM/gPh;:8SBjHu-h,SFM8,UVb+5蟶 kQ nOTǪ+xsi56`;/[~[SUM%a@ oͩc D@tVOX =]=Q䌵*ho(HŅRsEi]g>9!D#ؼ٧'ZZڀ%`YwG 37 [FKk 4 V>&c|E|CK{1o ; YZmkٝ-̊{{:<4&pyy;q@F] ͯ%C@d^Cnjㄘߥ)ޑ>f_W|0wlHlߑf.ДJd5Y{ڊD$*K1w&ܿ1Xg̛ &Gf@6_,󏝧b|ժB]ԍaSM**^V%Q`UrC[4ƨ O8%&RHs BܼTVSůϜ onO2s\1VR酈;R״)06#(ky:9EurÏ8Sړv0>Z =0r^Jݴl&C%;uB X?凔s Eӵ#sPCf,\ 0'QY3nB 2 z!> ^it^$䉦dԌ !*@؊7&Ɲ׵ \:RUm*eJv50xNH .HP;%HIlQw$[N&Pbi|f?8N@م2ziE-J[\T?)r}CBm5OE BUWh`;1I?Ϙ`FwpiRBY%܋Kn^POuVzΘO.kǼk0%BGtdM.)Xs aFb}f"*!G3$kv^E:ޛBT&㸒U{<"Za}7иDO)֕b>Xi[8³-H6haxҎ؟dC;0E\P0 : LNUPK O zlsv}׺/OD+]{1-㪿J)<_GxAщ?:i)8V*`8?$,^p>kհϑ$<ٮ& ֽGl%3wBpv-+&t#9_\7|f<n_EuA KbnX.9DW ٱZײyŲt gR5\P?4kPC!q턢|S$JFklzrE3ޘ'k%wˡA#</|\ihѽ ^]U貄Z.|SQ<`leQ!6ϏLPYx6=]QL9֨2y oê(GAS daw^? j/W::pl{T Zjc?KY }Yapd)mlX xQ(j1]nn  P*94K nJC4UN~p(8 gl_zNV^Tl DYlYr{Yξq.ę1zݙJjQj!qUo^2мÅnh6n}SP|??&2pˊ0qL  \X?BLLUfmr+%2F?rH,(Kj<oaX@QSZacttB9'I.}WЛbLiKyD1Ao f7V3i-*ڔUj^, 3/4@3)qd5J1Yy'|jnAC Eq [S8E_C>o7E έ+]FrVybސAS,D: NсIb9Rn% H%(mi=="Abh:J5d ,:&T\*e E1I|^7;zܞl-/\,JHoJ&G8 |nxwZdwSKwKk^|2O*8`g%vRa>8ua͕UggA^FxTX3+q]]@C;H1R寛8@F ڋp]_-7𙼺E|:vE/\x-_΂~tnޙ@ZO/{pHG 2|‡u0V4`k儍~KH3j% 2%M>7zd @w]m0q]āӣ>ͽNXœm쬥R~ӛIpҏH n`Tj7ñ3\x4(sJډ n+u+n y& Hݶ76=[Bh#C&0r|\nl&77xju^U9 cwqʪJ:9Dy2kl`'fh389OM"3uGh{Xb鄸 VN8E5o2F?ppՑb$hڟ4tGp5އi;5_/?-8-"UJ46.UOo}=XC% ^NLC@]eRoTʊm +#O,IōhMn9eg)xڌ <֙D,ZVn8Lۑq5'm*8O!V_Q1dw'r]=Zt>k{yO.ʹ: jm?Ye l8=I;nq=I脡VWN&q;|t5/XP$hK`_ Q::[ς6AI2HkLڨ3M>jεOl l*Ž~ҳ$逸08|}6qʖX|I{t&b.岅fΦHS)u|vˡ2qo!DG[_yLY},?aDe6,G.*,Ԃы8*t1CsyP^*tR@;cl2Tguh2UЪx`͊rÆ@s-K;Gdsx=/%hurhR1M )R\6ϻ]|*\7B^{^{ܔ8d/..*} bY5,LFQ0DޥBWυlc bDiYrGH"G$T fʒ6]X( Wjn Tե'rKd~/D;JJkl̠^)TlvIځvcot@=uGЀK`;q4vܠI qm&맃:42mR)OBΖ}Na uC$p5S]wO0@I\Z*5C-Wgxm/%[ ۛt⊽7@ZIJNjL5p9j]bY0Čr52_e{k';$iÆ~@e\Zh+5DBIv5JR=XOk}iv|r )ܭbH ʉ i¹/^͸8൛&(')3enl{q~B6%~]bVqoFk%G}74P5xP`jFNoiA4+ }De?tmf1M*TBv\*5vn?Z n$Y0}N8"IV& j.zo%t臿 "cĸd%Q# )S FdzWZr)ܭ"<@Gы>)c6lVb^/!3IFĐ0|DyIk$j-jAYOI1(5 %>$FjrtzMeMy" Krf^ԗn:2d=E{GJPB[KLWS?b^G3Wl0b{5JJC,K~@(MsL|Uȧ(rX6О !E &_YPK5׋9/Hn. kl.4Of(lYTd1T^'Zg]ϸ%21N(v2Af|R V~Qb0pctN&ř^mhhӘnWj$E+7HT1\\.Mc3f4# ]) {N1AFx )(@π/'\^[;MAYPeš(;(ivRXP2@brx,@ `q_ĝ%MxC.Rt}Ke$vLlSQĆaBb(J9b%;{۾YဓPZ5?5W{ /V S?y("LENbvp B1 X~[f *'ee\s#ȟ[{Sb+TE4mI#j:@P~$L ٷ :"jȇK3sm>3hw}-J qh:e›_1G7u^8}&-v{֎ "mm^X:y