pdns-backend-postgresql-4.1.8-lp151.2.9.1 4>$  Ap_kR/=„';>]E,2=|ES׺"16utλx#En<;˕@"fAP􁯩KVWCS@ѳ/o+V!=mD%i'ij¢7TQȊy[aH"aϸ8)n_VP "OHEL@BEXő 0#'Ks%iXů~&Z}^)ؠKp&Ȳ7ۇۯPFPW4ff53dcf7f95fcd66c5e7c7ca13201ad3d26d1dda0cf8032936a55e2c88285d8d1cde5872d5d4e56275cae0c8af488afd50a60180_kR/=„)m}U8g'ϓukdNӚ3:oJQ)ryWC(]Hi͊#ћr99z 62;/ CKVpɝoΐsVׂ)4QO Xl9ꪣ"8~sWlLR{rUkH $YIXŚH]xՅ]ͤ•!Y_u#?bS/C.{5`[-r7lUm eX=hl^v>p>Z?Zd  , H) Bf     ,E^4(I8P292: t2FVzGVHVIVXVYV\V]W^WbWcXmdXeYfYlYuYvY,wYxYyYzZ$Z4Z8Z>ZCpdns-backend-postgresql4.1.8lp151.2.9.1PostgreSQL backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the PostgreSQL backend for pdns._kQtlamb58openSUSE Leap 15.1openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttps://www.powerdns.com/linuxx86_64Pp  r큤_kQm_kQ_kQ_kQ_kQ522b666ce3899ccbb7abd8711719c5656e2cbd9d7d6b32d7b4804adc44977b7fc0a1f22f577108a9ec64da2fc1a504d63026ac314a5ae0a0df75c2943759ade6adaf2a23450290c86027a2d2b7ec2c6b7cb97c4653fe0e9a5c0a9da68a0b0a3b0bf6189a5675c9465d2296434a462f1d980c0f684484c0051fd82d4a7d0f0861690d65b04cadd0220bd5fd17478b91ce3fcb0491ed1232226ca73a2ee95b3738rootrootrootrootrootrootrootrootrootrootpdns-4.1.8-lp151.2.9.1.src.rpmlibgpgsqlbackend.so()(64bit)pdns-backend-postgresqlpdns-backend-postgresql(x86-64)@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libpq.so.5()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.8)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.1.83.0.4-14.6.0-14.0-15.2-14.14.1_k8^%@^`]A\@\@\@\[[[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Adam Majer Vítězslav Čížek Adam Majer Michael Ströder Michael Ströder Michael Ströder Dirk Mueller Michael Ströder amajer@suse.commichael@stroeder.comkbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- CVE-2020-17482.patch: fixed an error that can result in leaking of uninitialised memory through crafted zone records (CVE-2020-17482, bsc#1176535)- pdns_maxmind.patch: backport support for MaxMindDB- Build with libmaxminddb instead of the obsolete GeoIP (bsc#1156196)- CVE-2019-10162.patch: fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) - CVE-2019-10163.patch: fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163) - CVE-2019-10203.patch: update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;- Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.- Update to 4.1.7 with a security fix: * Insufficient validation in the HTTP remote backend (bsc#1129734, CVE-2019-3871)- Update to 4.1.6 * Prevent more than one CNAME/SOA record in the same RRset- adjust buildrequires for mariadb 10.2.x on SLES- Update to 4.1.5 * Improvements - Apply alias scopemask after chasing - Release memory in case of error in the openssl ecdsa constructor - Switch to devtoolset 7 for el6 * Bug Fixes - Crafted zone record can cause a denial of service (bsc#1114157, CVE-2018-10851) - Packet cache pollution via crafted query (bsc#1114169, CVE-2018-14626) - Fix compilation with libressl 2.7.0+ - Actually truncate truncated responses- Update to 4.1.4 - Improvements * #6590: Fix warnings reported by gcc 8.1.0. * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof * #6685, #6686: Initialize some missed qtypes. - Bug Fixes * #6780: Avoid concurrent records/comments iteration from running out of sync. * #6816: Fix a crash in the API when adding records. * #4457, #6691: pdns_control notify: handle slave without renotify properly. * #6736, #6738: Reset the TSIG state between queries. * #6857: Remove SOA-check backoff on incoming notify and fix lock handling. * #6858: Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and geoip_id_by_addr_v6_gl return value. (Aki Tuomi)- Use HTTPS links in .spec file like mentioned in PowerDNS announcements - removed obsolete 6370.patch - Update to 4.1.3 - Improvements * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi) * #6130: Update copyright years to 2018 (Matt Nordhoff) * #6312, #6545: Lower ‘packet too short’ loglevel - Bug Fixes * #6441, #6614: Restrict creation of OPT and TSIG RRsets * #6228, #6370: Fix handling of user-defined axfr filters return values * #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) * #6654, #6659: Ensure alias answers over TCP have correct name- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-devellamb58 16008687244.1.8-lp151.2.9.14.1.8-lp151.2.9.1libgpgsqlbackend.so3.4.0_to_4.1.0_schema.pgsql.sqldnssec-3.x_to_3.4.0_schema.pgsql.sqlnodnssec-3.x_to_3.4.0_schema.pgsql.sqlschema.pgsql.sql/usr/lib64/pdns//usr/share/doc/packages/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:13121/openSUSE_Leap_15.1_Update/09357eebd4b440097887cd3db35b8206-pdns.openSUSE_Leap_15.1_Updatecpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8ab716c92f97504b841665e7871bb79e1e414538, strippedASCII textPRRRRR R RR R RRRRMBEJQdt0utf-87d2a2a128b1aa44bb9717456cad66d4f61e351ca884d42c558e27072684e9b53? 7zXZ !t/r] crv9u+ԄB/@} 2suk^F HMwE3;! N>Š+x*v% +^IHw"1 >L&Tos ohR7bQdҡ7^A)z;A%Λ+UOoő^C@[ţ:7o=9r=R8yXO:3j8;>tz/LxG"gOdzmi ׀R;:2̛nNS*&Xt cx$4.p@>pӦwEw/_ʜԧ$.N uD}6qHlͅm7=./:va-ƾ?N9"B.|\zLgj {O0Ҍ'e,C̦"U-tcEˏu댙kdE 8V!3: Dڏu4L L…nwd˥6؜|]&aZEM 4i~xERe;EAϓ&&kGu@9ݸzkGpt Хlu$VeoNZa*h~<ŻFo"PS^*iMnSJ}WS~|E,/7c,'kO AX&.oN=*y-X)*C˒4yM)LQQZśLVy UzK)Nv|205 S$@%m<&ac4-V~yY$y W4KwV$t 7 1Ԋ/i 1Yv&,U^,x^s FHZu{./?N[ezNWp e)(p aְbw# mg:]D[î>zOZ}},JD7Rj Y00ZY'i-^5V1E`n9W^ڏ/cR.JL{xO:K]LrB!cॲ>Wڽ|b n #7ىjJF5wfZUR)FqE\L RFZ 3"v՘T 0|[~{DT4 iK8=X>} +m)8:r?<#v<߆u條*1Ȩ"&TbY(6\]g(w/&6ɻ_>jw4A 4}Rhmhej΁cFkyp>O: 0) ̩"0q88gWN9G%8'b@*B-H+?`h#csҡNԂׯq}%.KrJ46rm+PĜ]@+`jhLuite釈3hӵ/y +CKxHc$pRo}e'swHmؗ&}41\ۥ9x5w9T=kv+釹$; Xt7 .,bE>/6$fQ0\qWg(!T_)!iRv\v)6S'x%8qB_s^w T2#S߮z2-}bؼb9_/kg'u@Ɓ%W9uA^iTN0/V^b휚Ωɯc'z}[ a F@ K ҇C{YxMtwt1M[DˆpAevj-}o#Y̫d%N=,cfN,yU{gBwi-yކ}#\8o40Qdk&:~L]Q*rF.n <фG 8pJC^.Yo' g} )UWfwwK 5SZdd-MPnM['H8tdӥXk-AyEHc7yMخl+W}}"UUn؟$ֿ::3JWMr79 Z9}.f1>F jGm +(+y+w*D h6ќ˥}x~`xePqd1ģaĖ5;)6NѽXf5V8қI=ʓv^!F㽂̉u9BC!TԺF ;K&lYfɓ%SSm`%8C{B B _7[KɢA;\w 3_X WYt)`I78Yfq9lɊ!"t֔7i)Q=Zy{[jKNB0O#YL)8oY8O |1Yߕ|-_ ?nta"m,t%U0ſ8e#QQ` 1Ob{Cq-C(w E -M#GJ\InI8Jnt\ry$ [?yV0%$הf4NْH@L'xsP n+Pb:$VH1E h?4-,3uc[gggdT)b&?m!5oy5UFO)7W>H׎-9ɺ.T\nSvKe9}^9-od(г I\Jբ[%ĜKm:mZAr58N XcB.%>۶Ǡ0zB=#JHvTB CĪP8<Ǎth\sg5^Im RgkXF:x *Wwn݃LZPM\Զ3'Br|:qJh<]&ոQA~)rWӘ "u+6yZ rs@99ˀ!9 A}V;k5ad@4~߉}Qo0s,:vo׺drkPjJͧzWr91,b9MyRjl9Sl@3si ƅc. *eiAaM7qfd ǵ 1VS(yNޙh3 `p)ʣ.a|ݛ&q+3}k9&t$ݲN̂P=f*IE$L 6 0b.)7LXxc7v3 Y4J]&|RҦx1yZ45mͶ p\ 3$Xw@7u"txrc4JB'B'N{|U;uMSS m!#Y9q/ u Jm0P|RSVAfA^s&0>z_X6cL\tbK A :_a倽!۹M0նkc,&M &joGvxǟO"uFIȡ1dj n~3XQiݻV LȺt4 9W>.,4"散jlVY+5.C!<8́TU˽w}hϻm|db {qiM#Z]y:|QdR-˚lRMJ$ 05Ό cN^UL83Uys >AYP1|- fhCM&Txp˹&_aԆ-g]!Q}'{"4{$ Og M ܧ:k@фv=@AЍ (FFҹ@V8Z,L f?R wil/dE&dR؍:[&t2:31c3 }̯v*NDE)w-dk}p#rhAt^ ‹E'HmKd0SQX,k,!隄N@Npsc; ܓ0eRT1d'X㽔 z4ւ?oJ`ޒ:q^G_%KdXVhgڈvؒ (կ9UWkh+nj҇OSkOPGcBe0[}(m0l`Hu>:zJddsjׁkq=ɔۦ0]FqO EKO/x0 1'DywAJc'5xbuL[ހpƥ˰eX;S56f&RPf6deJf͗L8M*|WtCW_-KLl ~?8b_BD; 6_*X$6:r.G~ScO{e}`@ &h%J ?qj˒zTKi-XĿ~-~' hc⃕oꆒӭx~i Olv_? [JB!䣣s;1/ڝeOsr9$G՜|wوe9{ =mA3fTڐQK 3AqK̡]Q@b?JppJrE?4YnPa_Dkq7¶ݳ\h_L_svZ>Zq\*G/G ᷮ ǵU|q}8Wz&|ps:zG1^.,[[] ~& $QpIߒr+/ލ.18dzŢ7$=P+(6QIǜ_)CtT\Z8 ؇m6 m?VQ<qe'[C+Pʀ,U@2qx+͏_L)(jih{Xe38py\E=Pz"&&\it/(p c&T^4%*D%Q]%^e1\( Z9=zcd4c>Q$g`X SO",([WNHbtk@^;4(s6:O<5nRZBD S<\3@Uqi~v852(scDK,D pYVb֌ZK~QF|;GRoO>Sst,A>A.K]<%*OfKl堉*(Bn ͏×WelJ!0aB=.蚧î fIKj!lY9/͚AꅻNLvIb,<=)+8%%evjFx$rck8)9/DH pفMmASB4yh{8}7b!bw/4SC"B6f6_$\ D&i5M&r<9VM~WZn!P , `5ƻAZ/Vķ)))) :Iql h.vIQ*oN⠋lx"V?%s,Z/L 5*߁Sf61;qpˀ1"+`U,ތ %{E;p[Puݶ}QR;qZ;/;6r}=ީu'ݯ$k dUlքA)^K:2jlJ<ɾY-BƤO+˷>d?d޽:V|&hѳW2ժCdjL#Va8~?M=`0if*l+ޜT \=`pqv7P9;im|`li;)XM'#E.1|4yxS 6UqS3qT8e-= .^ŭ_РkwM@ewY?z(ZG\bOxT7vhuS`IFi*Y.|7*ZV+ IYM$TUNwP`ͨsHB=MD6 7Q:bP[qKv,MbǢ4g2U(6YGjp%|CR.%Ȫ5U2 {oG-rզ} a%HWfzyN&12GbZꍴr~Q*S/*PĮNHaydN|Yk7׻[itftAUh<dm=t=>[hG,1/?ǒoP>S &uK8T*tlL]&@rط.U.5M6ߏY "]eFe9R>"Tڜcسo͹}4YW~=ߙ*s}l<[;0Hys_FoבD"$ox_g>[}(e=8_c>||~aM 0HɁ~5Q #`aF"3;lj\E}3ܠII|7ε. 5r"ub3{HOhki 9=27"ȴZkMf<ػCtr(һ],.X⬱u7GΧRx* d"n|yÅXIlLa$lMB_xJf~ ;&osa4aܵ6(ӳXJW>RT*΍M5uЁ?^/ KQgs}ck8G'pHmQ1ƅ=kw4ŽEbmTOlM9Ū2/V"&_RoRZ7e>.4G'p ݱ!#={oc` ck_KI.Pěozi :B3rSQ:E~me3u0Wf>$[Joo[28E9,})Fn[{qN)MNb J^|Qav#]Dq]ǰ}Kigl[R!!pQvV4î\bs7Ni5ҤS4%F+Bw]hL\lQM w-}p+I4MVO3^>!ˤکfLokH*+607[V#?nZ Bqqӛ?>D{nrdACixe0Zb? !TϜ18("22)+I'hpTTm]b6\%~O0QЩx7~Jy.ISNw$"X1Q)s ^]UU/"r>&־f N~>uDv3'~bz6D]`mmF+ JcQOD[2y#ncu4fGl 6"FR`J edڛm=a*p#y[zh{kB$\4%㛮?;acoݍa|p_m*ȝ) Q? }?y^0g3J.0)+wX58+x qdՋ?mԁJg/f]=Aaسhnc hV!b`^}o|+]H,>M14ݼ쒸.Ar֗idx2,w;F?J04AKeM; o.yۂKࣽduEarTcڢvJZ-Ą\ܛPЈVV2J8!wGh=$=fyKbTW-f?( l0Y9"xk^ ş+4qŅހ9^[q;'5zAOEGm4ƂK) g6B/k>.sͥJՖ]y$~/e-1$v-H@ G S+Ɇ O =Xq]e<(/@9\,?n{@qw|W[9!]h`Z\ As8cYN^f ٌ0 Mge=2/=ߤ֔(e+w ?+P7ކj۽+JWq/IOH]`7-1myM!QqM('m Brq OˁAW\?&'~=.Tk/ƥ6?kaU3Dj;W[G 3>,/PEͧq4ƙr:$hJqjf>$ sxB1mcKDUDL!T :?CS"D0Mt[hżwM5JĄD|+5ъŔ&6$`eU|bѥ=ut448cm%9iK #Ǣ[\iw/[zЧ؈:0D$r=Y jxuq4K.=m-^ʟX})GI,h.: #[to@Z+U~dl9  xML5] o'vjYbxH?O*ycʣg˴k[i劰(nr]XxJ^c'2gYrW-]bkSk녨BT-|jЊe_Ϩ};{ȶMUDpnLZ>{k^nbƭ_bk肜_փe7clyo$];IL|< PܙDJL4" N%O/) H]zZm C%.|Ix?hshBOPd 4qq&%I_O-ƨp9 >{.$CހZns<ʂZ;n\Pb-tlAq2I!FQAxGX@0'fHRoA(YtPly"]$Yu6smAGhw;޴`̲2R_]ŤD7A$u 3+´ kq=C m -XOG269Vᡱoó2tR (=6UpBkw(\,D*V'T"F tةBiXKofGknӯ.  V8Cz lg6} QqShݴ;"Uv÷y4_qe6sPu|ca@!j%JB䯊P֥ia̛\vOd_@b/[hYp^XYC+$zxL;bU AJUx߽5mAqY?lH4_(I=YE,>6L1lɶ帀y镭y`"LKxM ٖs)o4+(^U1V*S+/MG}ћ H70m@ޞ4oRV4] h0rLCj0<6kac`ş'G4Ė^s. CC؄Klm904cy?{U~1rA|VWu\xm,3Ytǥm< |#;+_Z8{ KSf?G,LL.G7K 8vP"Ѝ\+N7Ho)آ 8zQd&NRRbT%n#\&xȾAUKE1mpL'4D^p5 ޺DR\k*K?f9,Hbg d%D }{?Uqy7l&jOYP vp'^̘FXN{}Z?oËB[ŋRR|)ZAOѲ6Rg`+?AK %PM?+ (evR[E39qY5=yJ <_HֲZU}=);M#/ Ӫ4EGߩ픶]v#KMv"}E9 o*EYWfK $(1Mȥ6&@BQJH2>X>?H.dF |FGљFIiRkvj0y6ߠ".c¥9NeβWY?$R-G}gX|SO:[]n^9M|2/92iz&Qf.`/Octmc `A+]z4bb}uWYxwñKip9,U2*~2>"T[7R+@Bgtj|aĄ݉^:/\0[K(PmLҀ}vg:ψdLM<ړg %!C%>q"~gh)1P8ae~Oz_5?d'5W?I,`uD¬ #8%̭B[ȳu26.e<%aCk:LA#.W Pz;p &< #PW,ܔ[K.HR8U34[3݂^{1w"2ʀ3Ik>1nV7XXET᱊NJ ⦘fg|Bu5ORSb5Kodž!2@SWD+t=kf1'{SvY x~4Ŭ ȁƬ3>w?ajV]¬:R t[H%1<A; 0aF(x|"Iüy(rg"[c -pL~m}|'rgI"+hNTο1@)Np,HkxV_̚to*oC?8RySRnڣ/e~L{mc\FxLŊЊ]rFK6XL5Jz ~ V}z”h +e`"F_x%9U4p Əң?%,sTFStIj~^dIꕶ ~T=~W<_$hG{=Y!bq7{RW8Ot|iƹH Ļ,^%;~G ɜm韅KD;9,֍3)'NHU4uxEQtRM˵j 踗N!I]I( KĈ^w}^9DXf$26-#t֯;,'Wxe%6|O 6`QK: B /؋@ԣQpDO;e0+MURN$Y7S: EtK|EHJG&crB|ҷ`vS5}ׯj)uHvA ثF2F?D,K̕#,\v,לe 2,K 2+:D*6 `EKba ;M|qVŝ /ϹbN GF oU]~b97\KՍwy}԰S ce5̫NC?x2'CP .7n$}$1"60"-8 :ncp *G@2YŎuqLM;nx;׋^ }_/E']_)ȦEҴd<-椻ß,Ǭȼ>cw;M.`xe2?o,DqUSYi!{2>l_q=J*gLݟ 1JPXn{,3Hqn[3dV?_M>IRpL1~N(h}қ<MH*E!lv'uv0 11XG⌿=*78ؚN"<[*T+ER&?Z~h8;DƲY.(8K)ϳE!Z#w^R:ͷ'gufWs.oT)nFj6]=E*p&I̐Q߃ GtqEܫ+p$ p&2!njރs9z< KWOO-VXRAR y9w;xՃW槄wJN'L,$Gˁ~nB#ӞxzG8f[r#vf_Z03'<tAG#֭]Lz4:l1MӮo${|&ӔD2WGI%8pN4Ƚwi:}a8z) u xr{Qrp;2Y_ Y-W{{1z>@Sܑz4g\R#A瞽FG N퇧̄k~`"4_MOK֨|heT._^\i^khU G6^8wuLaz&FžQ* DR:̞YD8dNȱ۩ rčoDٝB3'܏4U)% _ ڛ5w;ɣ[z=(CԢt.8H|g.ĖiRqwJ{[UV&mNW ;eE̬b @,~zQn0p04=Ѽ|!Hmx^=-XD׳>E4u=ϖm-3 3wf]n.2>)#58 P R.KnT,3oX/@/q2s_͠Gc IO!o18Vsf-^GR&&Ndw ?!uBFإ1r<dݼdXndfҲقFmX2o,m6"T4{9WU ߉' *CŖh< "ACazPaNii;M?'<vbL#)PrJÃjsWj5h.<)ZX og`LsvPCܔͮ|"R1P,:WZʵ%}r >#P-CF!WqnSb&ݗ5tZ"XYܞ$  l =(2p Ȟ0H0rBKg܂)O;ȳ+.C`5" T}_ȣGkɡ_MMTf65~^Hf\6FYӰEm.9bwoQ;R fIiFLU6?c[?m*0Qs{ 9HPMqB8t+|[t|USlUXhl:w2ufKݖs?C?P]CGgUTɤczuv1_9]0R'/%kqGp>3w}c_&}IdYMn3n"P]cgQ )K _U%[;{t@8Nr#D ];V(QXi9dbP-\sq[LH/ yVS-po-@@ >]W&)sk tR&%*O}澂1)^fWyG#T98(k-<{/^UU4+̍\e?{:d/Y&`Ò¯l@bRHV{Cֹzq/f&ͺƸ2Q&p7y|E}wu>dA& 8Զ؋"އS1c?y 0NW|-9Y XI>]D6rY]>ɬR)ZU%Aô|cz`jD!x՝@ʚ-jPYI\G7^f $qxy8g1O#n^ le-լ~QK%k=PP3m=G $MwȓdɈ0G is9܆ì}l "Ps"KJsugj[14M&-?Xɑ_<x_ߗ$ޜ7bA\D&ǫ*ϐ*LK!EJߍ3˽H~g;?GbRܟ^"fUK l6{'N2}R\5PYHB[oVCV-:K5 J,3~jvy,LzH~n[}:泭_m򘺢g\F?CnhքwoO*vT=Ew3l_b`|ifUؿ/!0wpƒW6Wgma hr#G9O-w^ZzCg,#Qyjn% (UoYaD )yEAG< 4,U@M6@VOw^14^[uHb#3cq8$ !;EJw(*A _U4Ht*0bxɆL[bxki*K *7Y8[P\FO[<;ìvEg]G'i mp(9&wNi'!4,Ѯ<%Fв{TivJR otQq+ZArk~}TC 5 ]P3YOF0Վ^hCvL`pUqIV^zklŵZ.i/`ەԨf7ƯZ,՚pA6v.f&U6i("ZN7-}J\}?-`$&c in$}e')mT@jMՠ,5 ھb)*nHeOwh3Fm w[8P>'w+/n99;U&q"Jt$0qRo~1;#_\LKW,w+7'A /亽ee8!3dLK^4@tV",Q=C94ԁU04~Cl,(anͥ:@<[c$(2\M(1/NTO&wA.a)lN2'DBm2xo1!2bWGCيJo0u3:>,2a4-Q" ^|tTJzXIwuIDlpn`#I@ z׭}YLah-Zúav_u焣#lܞ&3O΍]}lN& 2.2Ϻw.q.; X [eZܛ۳9|ud8V=&7TFk_瓎I2D1/WjD8o+W~x\@#9=*έCi7Tx=d}$yd?-oY.bEU0Bp>80NN䂆78֘HHf`κ]ݏ_`:Cn6_l,㛶]/iiPߥ ›Uc~w\'x*~8?τu=^:17 z5fڶֳ"YغTʕ갾@M{< KF/ti{lLLqjejfGԗN,Z1(eMqY'K *rLty;kMy6bkd?4@\Q)@ɑk&@x nTE_@ 747I^,-wJ/[Vɡ^GYg_X)ND O7|~J%܃ ˧gl5DL5}PR4֡T&>1x}8n I꘾= O\UbPyDƯ E^CPe`=֙)MY&Bk^hSy}?N8o MfA!a?',U:t7@;j3(vFZb!h!qT)zmW GXϋy]`؜Tmws%`crDyf'U FAR(B*] U&_s%M)kQU뽫p8a#<ۘS ]FRCwوehĜ'bu,>*/OE|vr|7e}EDֆuH%PH~`_=PjK+y >qNrS \xMܬ{'jr)nIoڐw_~&ѷnaVܬY@)VHPT ưNc)SP\נ=}i>uwJ]mZHޭGFm 6'/i{SCV)9RKIgӠlRa Z4{4;SqT_z=B!׃f>}Fu.[ ,/sF>[Bcklg{xdا8++};XP,CIhŃ;XtXA">|b`P d'UQj[ȣ%uyAUrxЈZ9PpT'@NIIb؝Kfc +?ԄL񓞡sJ/V$^uFs%- "_v_t/"" y&tr )?~F"\iop.S&J~) Rl<4+`&bqn)r;z3){\Hdyo-k8V6gJ)n`GE2Vm?!8lf &1p"`H̗?