mod_session-2.4.6-98.sl7_9.7> H HtxHFd,!l ?*}}'\f"vyRvGߤJ%4anJ`4184ae427f818814b4d4a880acb4edfdf94f0722#A\skK2Fd,!l ?*}}$ eCOu{-b\nUjOENܭ?E>3|?|d  L :SY`x    . 4LjJ(89:*GzHzIzX{Y{\{,]{D^{b{d|e|f|l||Cmod_session2.4.698.sl7_9.7Session interface for the Apache HTTP ServerThe mod_session module and associated backends provide an abstract interface for storing and accessing per-user session data.d+sl7.fnal.govScientific LinuxScientific LinuxASL 2.0Scientific LinuxSystem Environment/Daemonshttp://httpd.apache.org/linuxx86_64m\x+\Ld+d+d+d+d+d+51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1f9733a82cd59b4d26d7ce1ce762e5742e28de0606040f22822ef78caeeef40d4e90792391612d816522854be4a4ce59210e43d4ec88478c827b124cf00b0af2b015b3b6cd89538492d6a5be86255fc7eeff9ec351775b7ee6719ca2aa5aa7172c3af076e7a44543c57f80943dd1f524f5100f2630e8f18d5a7e364ebcab87cc842cf310d3a83f496a168b1d423514659076568eaa20d59be538fc7177ce3f3b5rootrootrootrootrootrootrootrootrootrootrootroothttpd-2.4.6-98.sl7_9.7.src.rpmmod_sessionmod_session(x86-64)   @@@@@@@ httpdhttpd-mmnapr-util-opensslrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpthread.so.0()(64bit)rtld(GNU_HASH)rpmlib(PayloadIsXz)0:2.4.6-98.sl7_9.720120211x86644.6.0-14.0-13.0.4-15.2-14.11.3d,@d@c@b9@aaav@a^@_}^@^|@]z@]^]A\@\[+@[+@[+@[*A['[d@[d@ZZS]@Y@YeY@YY@YY@YdYp@Y{Y{Y*@YYw2Y@Y@Y@XXg@X,X,X@XƉX•@XCX@X@XXXXO@XO@XO@XO@XXWWW{@Wc@V͛@U@Uݪ@UoUȒ@UU@Un@UY@U.RT}Tto@TXTG@T2@T @TTS@SS@S@SuSǺS*@SSRUR@RRΏ@R@RkR1@RsRrF@Ri RM\@RC@Q@QQޞ@QQo@Q@QQ@Qo@Qm=@QQQ,Q,Q']QP @P6@P6@P{@PPl(PiPiPiPiPiPYPQPIP3x@P3x@PPO@OO@O@OЗOЗOF@OF@OF@O]@O"O"O@O@O@O@O@O@O@OOOOOOleOleO_6O_6O_6OU@O8@O8@O5OKO@ONNS@N{#@NoENdNBrN)f@N&@N@N MM>MMn1@MdMRMF@M(QM$]@M$]@M# L@L@LLMxL7@K@Scientific Linux Auto Patch Process Luboš Uhliarik - 2.4.6-97.7Luboš Uhliarik - 2.4.6-97.6Luboš Uhliarik - 2.4.6-97.5Luboš Uhliarik - 2.4.6-97.4Luboš Uhliarik - 2.4.6-97.3Luboš Uhliarik - 2.4.6-97.2Luboš Uhliarik - 2.4.6-97.1Lubos Uhliarik - 2.4.6-97Lubos Uhliarik - 2.4.6-95Lubos Uhliarik - 2.4.6-94Lubos Uhliarik - 2.4.6-93Joe Orton - 2.4.6-92Lubos Uhliarik - 2.4.6-91Lubos Uhliarik - 2.4.6-90Joe Orton - 2.4.6-89Luboš Uhliarik - 2.4.6-88Luboš Uhliarik - 2.4.6-87Luboš Uhliarik - 2.4.6-86Luboš Uhliarik - 2.4.6-85Luboš Uhliarik - 2.4.6-84Luboš Uhliarik - 2.4.6-83Luboš Uhliarik - 2.4.6-82Joe Orton - 2.4.6-81Luboš Uhliarik - 2.4.6-80Luboš Uhliarik - 2.4.6-79Luboš Uhliarik - 2.4.6-78Luboš Uhliarik - 2.4.6-77Luboš Uhliarik - 2.4.6-76Luboš Uhliarik - 2.4.6-75Luboš Uhliarik - 2.4.6-74Luboš Uhliarik - 2.4.6-73Luboš Uhliarik - 2.4.6-72Luboš Uhliarik - 2.4.6-71Luboš Uhliarik - 2.4.6-70Luboš Uhliarik - 2.4.6-69Luboš Uhliarik - 2.4.6-68Luboš Uhliarik - 2.4.6-67Luboš Uhliarik - 2.4.6-66Luboš Uhliarik - 2.4.6-65Luboš Uhliarik - 2.4.6-64Luboš Uhliarik - 2.4.6-63Luboš Uhliarik - 2.4.6-62Luboš Uhliarik - 2.4.6-61Luboš Uhliarik - 2.4.6-60Luboš Uhliarik - 2.4.6-59Luboš Uhliarik - 2.4.6-58Luboš Uhliarik - 2.4.6-57Luboš Uhliarik - 2.4.6-56Luboš Uhliarik - 2.4.6-55Luboš Uhliarik - 2.4.6-54Luboš Uhliarik - 2.4.6-53Luboš Uhliarik - 2.4.6-52Luboš Uhliarik - 2.4.6-51Luboš Uhliarik - 2.4.6-50Luboš Uhliarik - 2.4.6-49Luboš Uhliarik - 2.4.6-48Joe Orton - 2.4.6-47Luboš Uhliarik - 2.4.6-46Luboš Uhliarik - 2.4.6-45Joe Orton - 2.4.6-44Joe Orton - 2.4.6-43Joe Orton - 2.4.6-42Jan Kaluza - 2.4.6-41Jan Kaluza - 2.4.6-40Jan Kaluza - 2.4.6-39Jan Kaluza - 2.4.6-38Jan Kaluza - 2.4.6-37Jan Kaluza - 2.4.6-36Jan Kaluza - 2.4.6-35Jan Kaluza - 2.4.6-34Jan Kaluza - 2.4.6-33Jan Kaluza - 2.4.6-32Jan Kaluza - 2.4.6-31Jan Kaluza - 2.4.6-30Jan Kaluza - 2.4.6-29Jan Kaluza - 2.4.6-28Jan Kaluza - 2.4.6-27Jan Kaluza - 2.4.6-26Jan Kaluza - 2.4.6-25Jan Kaluza - 2.4.6-24Jan Kaluza - 2.4.6-23Jan Kaluza - 2.4.6-22Jan Kaluza - 2.4.6-21Jan Kaluza - 2.4.6-20Jan Kaluza - 2.4.6-19Jan Kaluza - 2.4.6-18Jan Kaluza - 2.4.6-17Joe Orton - 2.4.6-16Joe Orton - 2.4.6-15Daniel Mach - 2.4.6-14Joe Orton - 2.4.6-13Joe Orton - 2.4.6-12Joe Orton - 2.4.6-11Joe Orton - 2.4.6-10Daniel Mach - 2.4.6-9Joe Orton - 2.4.6-8Jan Kaluza - 2.4.6-7Jan Kaluza - 2.4.6-6Jan Kaluza - 2.4.6-5Jan Kaluza - 2.4.6-4Jan Kaluza - 2.4.6-3Jan Kaluza - 2.4.6-2Joe Orton - 2.4.6-1Jan Kaluza - 2.4.4-12Joe Orton - 2.4.4-11Joe Orton - 2.4.4-10Joe Orton - 2.4.4-9Jan Kaluza - 2.4.4-8Jan Kaluza - 2.4.4-6Jan Kaluza - 2.4.4-5Jan Kaluza - 2.4.4-4Jan Kaluza - 2.4.4-3Joe Orton - 2.4.4-2Joe Orton - 2.4.4-1Joe Orton - 2.4.3-17Fedora Release Engineering - 2.4.3-16Joe Orton - 2.4.3-15Joe Orton - 2.4.3-14Joe Orton - 2.4.3-13Joe Orton - 2.4.3-12Joe Orton - 2.4.3-11Joe Orton - 2.4.3-10Joe Orton - 2.4.3-9.1Joe Orton - 2.4.3-9Joe Orton - 2.4.3-8Joe Orton - 2.4.3-7Jan Kaluza - 2.4.3-6Joe Orton - 2.4.3-5Joe Orton - 2.4.3-4Jan Kaluza - 2.4.3-3Joe Orton - 2.4.3-2Joe Orton - 2.4.3-1Joe Orton - 2.4.2-23Fedora Release Engineering - 2.4.2-22Joe Orton - 2.4.2-21Joe Orton - 2.4.2-20Joe Orton - 2.4.2-19Joe Orton - 2.4.2-18Joe Orton - 2.4.2-17Joe Orton - 2.4.2-16Joe Orton - 2.4.2-15Joe Orton - 2.4.2-14Joe Orton - 2.4.2-13Joe Orton - 2.4.2-12Joe Orton - 2.4.2-11Joe Orton - 2.4.2-10Joe Orton - 2.4.2-9Joe Orton - 2.4.2-8Joe Orton - 2.4.2-7Joe Orton - 2.4.2-6Joe Orton - 2.4.2-5Joe Orton - 2.4.2-4Joe Orton - 2.4.2-3.2Joe Orton - 2.4.2-3Joe Orton - 2.4.2-2Jan Kaluza - 2.4.2-1Joe Orton - 2.4.1-6Joe Orton - 2.4.1-5Joe Orton - 2.4.1-4Joe Orton - 2.4.1-3Joe Orton - 2.4.1-2Joe Orton - 2.4.1-1Joe Orton - 2.2.22-2Joe Orton - 2.2.22-1Petr Pisar - 2.2.21-8Jan Kaluza - 2.2.21-7Joe Orton - 2.2.21-6Fedora Release Engineering - 2.2.21-5Jan Kaluza - 2.2.21-4Jan Kaluza - 2.2.21-3Ville Skyttä - 2.2.21-2Joe Orton - 2.2.21-1Joe Orton - 2.2.20-1Jan Kaluza - 2.2.19-5Iain Arnell 1:2.2.19-4Jan Kaluza - 2.2.19-3Jan Kaluza - 2.2.19-2Joe Orton - 2.2.19-1Joe Orton - 2.2.17-13Joe Orton - 2.2.17-12Joe Orton - 2.2.17-11Joe Orton - 2.2.17-10Joe Orton - 2.2.17-9Fedora Release Engineering - 2.2.17-8Joe Orton - 2.2.17-7Joe Orton - 2.2.17-6Joe Orton - 2.2.17-5Joe Orton - 2.2.17-4Joe Orton - 2.2.17-3Joe Orton - 2.2.17-2Joe Orton - 2.2.17-1Joe Orton - 2.2.16-2Joe Orton - 2.2.16-1Joe Orton - 2.2.15-3Robert Scheck - 2.2.15-1- Added Source: httpd-sl_index.html.sl.patch --> This patch removes TUV branding from the default index.html - Added Source: httpd-spec_sl_index.html.sl7.patch --> The index.html file is outside of the source tarball, so we need to patch it in the install step - Added Source: httpd.ini --> Config file for automated patch script- Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy- Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes corrupt and mixed-up responses- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in ap_escape_quotes() via malicious input - Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session- Resolves: #2035058 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow when parsing multipart content- Resolves: #2015694 - proxy rewrite to unix socket fails with CVE-2021-40438 fix- Resolves: #2011729 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending a client cert to backend server - Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout - Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool concurrency issues- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value- Resolves: #1565491 - CVE-2017-15715 httpd: bypass with a trailing newline in the file name - Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect - Resolves: #1724879 - httpd terminates all SSL connections using an abortive shutdown - Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive - Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service - Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications- Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time- htpasswd: add SHA-2 crypt() support (#1486889)- Resolves: #1630886 - scriptlet can fail if hostname is not installed - Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values - Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request - Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch directive - Resolves: #1633152 - mod_session missing apr-util-openssl - Resolves: #1649470 - httpd response contains garbage in Content-Type header - Resolves: #1724034 - Unexpected OCSP in proxy SSL connection- Resolves: #1566317 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest - Resolves: #1696141 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition - Resolves: #1696096 - CVE-2019-0220 httpd: URL normalization inconsistency- fix per-request leak of bucket brigade structure (#1583218)- Resolves: #1527295 - httpd with worker/event mpm segfaults after multiple SIGUSR1- Resolves: #1458364 - RMM list corruption in ldap module results in server hang- Resolves: #1493181 - RFE: mod_ssl: allow sending multiple CA names which differ only in case- Resolves: #1556761 - mod_proxy_wstunned config needs the default port number- Resolves: #1548501 - Make OCSP more configurable (like CRL)- Resolves: #1523536 - Backport Apache BZ#59230 mod_proxy_express uses db after close- Resolves: #1533793 - Use Variable with mod_authnz_ldap- don't terminate connections during graceful stop/restart (#1557785)- Related: #1288395 - httpd segfault when logrotate invoked- Resolves: #1274890 - mod_ssl config: tighten defaults- Resolves: #1506392 - Backport: SSLSessionTickets directive support- Resolves: #1440590 - Need an option to disable UTF8-conversion of certificate DN- Resolves: #1464406 - Apache consumes too much memory for CGI output- Resolves: #1448892 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv. Needs documentation.- Resolves: #1430640 - "ProxyAddHeaders Off" does not become effective when it's defined outside setting- Resolves: #1499253 - ProxyRemote with HTTPS backend sends requests with absoluteURI instead of abs_path- Resolves: #1288395 - httpd segfault when logrotate invoked- Resolves: #1368491 - mod_authz_dbd segfaults when AuthzDBDQuery missing- Resolves: #1467402 - rotatelogs: creation of zombie processes when -p is used- Resolves: #1493065 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method- Resolves: #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass - Resolves: #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference - Resolves: #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread - Resolves: #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread - Resolves: #1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest- Related: #1332242 - Explicitly disallow the '#' character in allow,deny directives- Related: #1332242 - Explicitly disallow the '#' character in allow,deny directives- Resolves: #1445885 - define _RH_HAS_HTTPPROTOCOLOPTIONS- Resolves: #1442872 - apache user is not created during httpd installation when apache group already exist with GID other than 48- Related: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 httpd: various flaws- Resolves: #1397241 - Backport Apache Bug 53098 - mod_proxy_ajp: patch to set worker secret passed to tomcat- Related: #1414258 - Crash during restart or at startup in mod_ssl, in certinfo_free() function registered by ssl_stapling_ex_init()- Resolves: #1414258 - Crash during restart or at startup in mod_ssl, in certinfo_free() function registered by ssl_stapling_ex_init()- Resolves: #1378946 - Backport of apache bug 55910: Continuation lines are broken during buffer resize- Resolves: #1364604 - Upstream Bug 56925 - ErrorDocument directive misbehaves with mod_proxy_http and mod_proxy_ajp- Resolves: #1324416 - Error 404 when switching language in HTML manual more than once- Resolves: #1353740 - Backport Apache PR58118 to fix mod_proxy_fcgi spamming non-errors: AH01075: Error dispatching request to : (passing brigade to output filters)- Resolves: #1371876 - Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter- Resolves: #1372692 - Apache httpd does not log status code "413" in access_log when exceeding LimitRequestBody- Resolves: #1376835 - httpd with worker/event mpm segfaults after multiple successive graceful reloads- Resolves: #1332242 - Explicitly disallow the '#' character in allow,deny directives- Resolves: #1396197 - Backport: mod_proxy_wstunnel - AH02447: err/hup on backconn- Resolves: #1348019 - mod_proxy: Fix a race condition that caused a failed worker to be retried before the retry period is over- Resolves: #1389535 - Segmentation fault in SSL_renegotiate- Resolves: #1406184 - stapling_renew_response: abort early (before apr_uri_parse) if ocspuri is empty- prefork: fix delay completing graceful restart (#1327624) - mod_ldap: fix authz regression, failing to rebind (#1415257)- Resolves: #1412976 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 httpd: various flaws- RFE: run mod_rewrite external mapping program as non-root (#1316900)- add security fix for CVE-2016-5387- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)- mod_cache: merge r->err_headers_out into r->headers when the response is cached for the first time (#1264989) - mod_ssl: Do not send SSL warning when SNI hostname is not found as per RFC 6066 (#1298148) - mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038) - fix apache user creation when apache group already exists (#1299889) - fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757) - mod_proxy: fix slow response time for reponses with error status code when using ProxyErrorOverride (#1283653) - mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149) - mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495) - rotatelogs: improve support for localtime (#1244545) - ab: fix read failure when targeting SSL server (#1255331) - mod_log_debug: fix LogMessage example in documentation (#1279465) - mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime of DB lookup entries independently of the selected DB engine (#1287844) - mod_ssl: fix hardware crypto support with custom DH parms (#1291865) - mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797)- mod_dav: follow up fix for previous commit (#1263975)- mod_dav: treat dav_resource uri as escaped (#1255480)- mod_ssl: add support for User Principal Name in SSLUserName (#1242503)- core: fix chunk header parsing defect (CVE-2015-3183) - core: replace of ap_some_auth_required with ap_some_authn_required and ap_force_authn hook (CVE-2015-3185)- Revert fix for #1162152, it is not needed in RHEL7 - mod_proxy_ajp: fix settings ProxyPass parameters for AJP backends (#1242416)- mod_remoteip: correct the trusted proxy match test (#1179306) - mod_dav: send complete response when resource is created (#1235383) - apachectl: correct the apachectl status man page (#1231924)- mod_proxy_fcgi: honor Timeout / ProxyTimeout (#1222328) - do not show all vhosts twice in httpd -D DUMP_VHOSTS output (#1225820) - fix -D[efined] or [d] variables lifetime accross restarts (#1227219) - mod_ssl: do not send NPN extension with not configured (#1226015)- mod_authz_dbm: fix crash when using "Require dbm-file-group" (#1221575)- mod_authn_dbd: fix use-after-free bug with postgresql (#1188779) - mod_remoteip: correct the trusted proxy match test (#1179306) - mod_status: honor remote_ip as documented (#1169081) - mod_deflate: fix decompression of files larger than 4GB (#1170214) - core: improve error message for inaccessible DocumentRoot (#1170220) - ab: try all addresses instead of failing on first one when not available (#1125276) - mod_proxy_wstunnel: add support for SSL (#1180745) - mod_proxy_wstunnel: load this module by default (#1180745) - mod_rewrite: add support for WebSockets (#1180745) - mod_rewrite: do not search for directory if a URL will be rewritten (#1210091) - mod_ssl: Fix SSL_CLIENT_VERIFY value when optional_no_ca and SSLSessionCache are used and SSL session is resumed (#1170206) - mod_ssl: fix memory leak on httpd reloads (#1181690) - mod_ssl: use SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA (#1118476) - mod_cgi: return error code 408 on timeout (#1162152) - mod_dav_fs: set default value of DAVLockDB (#1176449) - add Documentation= to the httpd.service and htcacheclean.service (#1184118) - do not display "bomb" icon for files ending with "core" (#1170215) - add missing Reason-Phrase in HTTP response headers (#1162159) - fix BuildRequires to require openssl-devel >= 1:1.0.1e-37 (#1160625) - apachectl: ignore HTTPD variable from sysconfig (#1214401) - apachectl: fix "graceful" documentation (#1214398) - apachectl: fix "graceful" behaviour when httpd is not running (#1214430)- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled instead of hardcoding it (#1168050) - mod_proxy: support Unix Domain Sockets (#1168081)- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) - mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)- rebuild against proper version of OpenSSL (#1080125)- set vstring based on /etc/os-release (#1114123)- fix the dependency on openssl-libs to match the fix for #1080125- allow 'es to be seen under virtual hosts (#1131847)- do not use hardcoded curve for ECDHE suites (#1080125)- allow reverse-proxy to be set via SetHandler (#1136290)- fix possible crash in SIGINT handling (#1131006)- ab: fix integer overflow when printing stats with lot of requests (#1092420)- add pre_htaccess so mpm-itk can be build as separate module (#1059143)- mod_ssl: prefer larger keys and support up to 8192-bit keys (#1073078)- fix build on ppc64le by using configure macro (#1125545) - compile httpd with -O3 on ppc64le (#1123490) - mod_rewrite: expose CONN_REMOTE_ADDR (#1060536)- mod_cgid: add security fix for CVE-2014-0231 (#1120608) - mod_proxy: add security fix for CVE-2014-0117 (#1120608) - mod_deflate: add security fix for CVE-2014-0118 (#1120608) - mod_status: add security fix for CVE-2014-0226 (#1120608) - mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)- mod_dav: add security fix for CVE-2013-6438 (#1077907) - mod_log_config: add security fix for CVE-2014-0098 (#1077907)- mod_ssl: improve DH temp key handling (#1057687)- mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1071276)- Mass rebuild 2014-01-24- mod_ssl: sanity-check use of "SSLCompression" (#1036666) - mod_proxy_http: fix brigade memory usage (#1040447)- rebuild- build with -O3 on ppc64 (#1051066)- mod_dav: fix locktoken handling (#1004046)- Mass rebuild 2013-12-27- use unambiguous httpd-mmn (#1029360)- mod_ssl: allow SSLEngine to override Listen-based default (#1023168)- systemd: Use {MAINPID} notation in service file (#969972)- systemd: send SIGWINCH signal without httpd -k in ExecStop (#969972)- expand macros in macros.httpd (#1011393)- fix "LDAPReferrals off" to really disable LDAP Referrals- revert fix for dumping vhosts twice- update to 2.4.6 - mod_ssl: use revised NPN API (r1487772)- mod_unique_id: replace use of hostname + pid with PRNG output (#976666) - apxs: mention -p option in manpage- add patch for aarch64 (Dennis Gilmore, #925558)- remove duplicate apxs man page from httpd-tools- remove zombie dbmmanage script- return 400 Bad Request on malformed Host header- htpasswd/htdbm: fix hash generation bug (#956344) - do not dump vhosts twice in httpd -S output (#928761) - mod_cache: fix potential crash caused by uninitialized variable (#954109)- execute systemctl reload as result of apachectl graceful - mod_ssl: ignore SNI hints unless required by config - mod_cache: forward-port CacheMaxExpire "hard" option - mod_ssl: fall back on another module's proxy hook if mod_ssl proxy is not configured.- fix service file to not send SIGTERM after ExecStop (#906321, #912288)- protect MIMEMagicFile with IfModule (#893949)- really package mod_auth_form in mod_session (#915438)- update to 2.4.4 - fix duplicate ownership of mod_session config (#914901)- add mod_session subpackage, move mod_auth_form there (#894500)- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild- add systemd service for htcacheclean- drop patch for r1344712- filter mod_*.so auto-provides (thanks to rcollet) - pull in syslog logging fix from upstream (r1344712)- rebuild to pick up new apr-util-ldap- rebuild- pull upstream patch r1392850 in addition to r1387633- restore "ServerTokens Full-Release" support (#811714)- define PLATFORM in os.h using vendor string- use systemd script unconditionally (#850149)- use systemd scriptlets if available (#850149) - don't run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists- use systemctl from apachectl (#842736)- fix some error log spam with graceful-stop (r1387633) - minor mod_systemd tweaks- use IncludeOptional for conf.d/*.conf inclusion- adding mod_systemd to integrate with systemd better- mod_ssl: add check for proxy keypair match (upstream r1374214)- update to 2.4.3 (#849883) - own the docroot (#848121)- add mod_proxy fixes from upstream (r1366693, r1365604)- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- drop explicit version requirement on initscripts- mod_ext_filter: fix error_log warnings- support "configtest" and "graceful" as initscripts "legacy actions"- avoid use of "core" GIF for a "core" directory (#168776) - drop use of "syslog.target" in systemd unit file- use _unitdir for systemd unit file - use /run in unit file, ssl.conf- mod_ssl: fix NPN patch merge- move tmpfiles.d fragment into /usr/lib per new guidelines - package /run/httpd not /var/run/httpd - set runtimedir to /run/httpd likewise- fix htdbm/htpasswd crash on crypt() failure (#818684)- pull fix for NPN patch from upstream (r1345599)- update suexec patch to use LOG_AUTHPRIV facility- really fix autoindex.conf (thanks to remi@)- fix autoindex.conf to allow symlink to poweredby.png- suexec: use upstream version of patch for capability bit support- suexec: use syslog rather than suexec.log, drop dac_override capability- mod_ssl: add TLS NPN support (r1332643, #809599)- add BR on APR >= 1.4.0- use systemctl from logrotate (#221073)- pull from upstream: * use TLS close_notify alert for dummy_connection (r1326980+) * cleanup symbol exports (r1327036+)- rebuild- really fix restart- tweak default ssl.conf - fix restart handling (#814645) - use graceful restart by default- update to 2.4.2- fix macros- add _httpd_moddir to macros- fix symlink for poweredby.png - fix manual.conf- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc) - move mod_ldap, mod_authnz_ldap to mod_ldap subpackage- clean docroot better - ship proxy, ssl directories within /var/cache/httpd - default config: * unrestricted access to (only) /var/www * remove (commented) Mutex, MaxRanges, ScriptSock * split autoindex config to conf.d/autoindex.conf - ship additional example configs in docdir- update to 2.4.1 - adopt upstream default httpd.conf (almost verbatim) - split all LoadModules to conf.modules.d/*.conf - include conf.d/*.conf at end of httpd.conf - trim %changelog- fix build against PCRE 8.30- update to 2.2.22- Rebuild against PCRE 8.30- fix #783629 - start httpd after named- complete conversion to systemd, drop init script (#770311) - fix comments in /etc/sysconfig/httpd (#771024) - enable PrivateTmp in service file (#781440) - set LANG=C in /etc/sysconfig/httpd- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- fix #751591 - start httpd after remote-fs- allow change state of BalancerMember in mod_proxy_balancer web interface- Make mmn available as %{_httpd_mmn}. - Add .svgz to AddEncoding x-gzip example in httpd.conf.- update to 2.2.21- update to 2.2.20 - fix MPM stub man page generation- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided directory names- fix #716621 - suexec now works without setuid bit- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve- update to 2.2.19 - enable dbd, authn_dbd in default config- fix path expansion in service files- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson)- minor updates to httpd.conf - drop old patches- rebuild- use arch-specific mmn- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- generate dummy mod_ssl cert with CA:FALSE constraint (#667841) - add man page stubs for httpd.event, httpd.worker - drop distcache support - add STOP_TIMEOUT support to init script- update default SSLCipherSuite per upstream trunk- fix requires (#667397)- de-ghost /var/run/httpd- add tmpfiles.d configuration, ghost /var/run/httpd (#656600)- drop setuid bit, use capabilities for suexec binary- update to 2.2.17- link everything using -z relro and -z now- update to 2.2.16- default config tweaks: * harden httpd.conf w.r.t. .htaccess restriction (#591293) * load mod_substitute, mod_version by default * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf * add commented list of shipped-but-unloaded modules * bump up worker defaults a little * drop KeepAliveTimeout to 5 secs per upstream - fix LSB compliance in init script (#522074) - bundle NOTICE in -tools - use init script in logrotate postrotate to pick up PIDFILE - drop some old Obsoletes/Conflicts- update to 2.2.15 (#572404, #579311)2.4.6-98.sl7_9.72.4.6-98.sl7_9.701-session.confmod_auth_form.somod_session.somod_session_cookie.somod_session_crypto.somod_session_dbd.so/etc/httpd/conf.modules.d//usr/lib64/httpd/modules/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnu?7zXZ !Xᢧx`] crv(vX0 ~WAe/@%Id2YAaL,g_ky]9I^Jeq%|Udx=ն9TbZuDm \I5emIQ'S^k`̥b&s%P*u Ӗ'"GDG P-g3nwh6K"= +h7r[ TgјŒkheB(RFk0ݙ3mD6E)uaÆ@J@ B'V:P,T{XTѪfWQ~=ߙ8xC%]R.9َc&_`jՈbY ;2RS! f}"Ijm([t} D-[OI2[P^g xbfT?W/s}utsPL̾//x4!Ť6+b1; u(0"zDƋa0bLn0וmH`]<`Vo]_`| д wV^|=$YF񃂘;sb9"_ЀͧR&T'.70WĦ)j賉:y ůn[K @2oc5-Kem& mBXGVV9$ ]2@4u^n&K"mg9XhZSK bBP%Guz%zvKs?rWQ8\PVW)WJvi'4^t)g+7a0;tBзAe/aSOY04DbjBP-ȱXԋ'Ȉrс*ʄ lFaAPsSp3WU]E}}G~qq3-lU! CXZ@r$/*BDw)A&d]*(jhqfSƄgF:]dT)%$= h5 l&65.jiˤLÔֳV,:Mcmmsu餗r#(%LCcDn#PSd̯B qnEzO>2Dnz un2D8]s ʹb@3[HS<ϓ;QkTMۈæ݄_HZ?肠[a߾3<e̐`odwx[I+>uө}\x7o>Ouq]6|Ps eaxR4A)'&W{QkE ,3x> <G9 qu4[,e+n4(;KN]jDjs@懬/Y*"|Zz`xu%Ϫ$}^\*,cFi\=x v$5 luDAs#7ܤ8]>]Zzզ)X2pjM)%fܪaT.~3k/OKz^ܙ$~qsm';i)n=^.)F_B)88nȓ|s_[ژFyO? l@3" E,\ekBU|^ч9l΄Jlh? + :Oћ\>%N~\ Q;G׋aϻoeOGW~1s®5g zaㆌIFcAΦ_Tg׹bx?'uح cܙ9saְ֪tV!ד]Ok|>qR7vZT%jNL->t2.$&)l)_"5Me|]AZQ{Zu90pgvW^>o:20#8t:5,m-jJwHbn5]HWS7S)5h&V9jO!nsu}pޅ?l7֟w s6Uΐ?vg3CtŮZ@C*Sn0}RVeVDZ[km9H嘏P# Y([j%BղF 3^]*t]J 9R"m1EY9<^5@g=Y\r)2}<; P> }_?=#Ea/ 58jKv!C RWNvdR]q}5+MM8 ;>l7%)dnԳL-UkeEFɖkNR$;X+: 4ap>q@>VCk^EXQsf9CjЏ8EZDknV=bvPϋ|tdh&KRփm2knnjO6Ԛ N)qk@[\ݧ͑%6-O̟Oׂ`ݸ@*Y=:gxD| J%)w07ؼR$(Fe /" $Hp¾ KaBNDmu6I2^M<^h˓sY̓J7gqIqg䈭  [do" ]E+~!qO 5<Ůiv ۾O:Daib|)eѐ R--*O$"B-yocN4Pݕ1(Wg:KAS85KFHqq;p{ėk'- ێ)-\9 ȇhgp%]JpRfjm9xE GJ]h06 j]ز]tkmQ'oſ 3<3D*9OmrtV{Ļ;ƭZo;;I"%'_t[]XFdcG@\r$qZRE17hX#e @|iOЍ8)aezh;ܢ z6T .IFQɋ b9'荫8 % LOa6lwmEV?5mf6Efwt_ '̬˿UC CA5hv{M#MXNQ Fp!iGc9#߯ь#y>{|0 ?;m?rVHKOk#W% +fUh(rޤS9ieGBcCS7EȬ0~f-0GX?) j2}]9w+ e"{j R{\ɯ(,X7q *E]HʷN=*-ԋ_gZ W2F l3y@ߒk5g' [dqUcvpiK5Y9JyZv?Jtj3o)93Ӣ;?|Tm"]~ *>گX}l^*MEj q;B$0$鲠ir"1񆆛z핁 34i'Li$(OWH~erg L;ǐKf%?/+YekoWVyO98;D(O'w# ujv_XJL1pʾ qqTG\YPkml] ^Hci#wDelM[jc_Jr6 +!.-LgGu0!Z>HWBucnz?km 1U`3 Ʒ&Zĝu4ۏx!$[򄍌Îx'2GrCm w2 !R틲,_nØ҄.oBH&tW7r]R7 %J\ ʞZ_ޚ7WZJ31?Ĭ4o[d/j.0dk W%Z+)w*65ȄҲ̌!";-n靁i Y %OMT;n!00.j%3>4f$ǭv~B]BڿsP |ȚHMR`OԲ좡©;ZIBjB/ b#+,U2Yt.wz#=:T Ȏ0;Yh_TIDh}1a?tu28/ oه 9zyQ~.i[0qҵ7(%.%/iYETB0iyDtElOz"1ԓa+.<5Ky* 0 䲙yЛTmJpB MP0$ȇ86Vş?7Zm^ R˧Qu LXVA7/['FEfef!}qj,Qܼ ;Wjg?AiׄsZ!Y87O\0$~Vҵb[3Dm.lc}"G!-Լ2l_:;v? S%_+A%X^uUJ-%#yh?z4n n o5R?I.hDOdsQu_ ECxu㫖τgF#]9/YT$JyyE!1pMI`cfMT8߷~tI h5vur 2syoLJ6UV5C?"iB nYhH(hj$Dcpeb2'=UO=}9`=0M=ʚ7eQN#E 7,oLޘ9e%L#~v{JMm#Bp*|jU {y[Y#&Eǵg8牨z'V$!#0I= h#fP*@%0VL˼RKi3wĄ$IIVݫܧatQ怇Pɉnl:s;#kIoju 9w "tr7"5D8FPGh'SqE̼s`lb/N&pVw,*OlY bEZ2w//@]0>?]L:]p,(A#pt1ĥ7?1z7&ʅ]`v'_+O,2X{ 2)O-na'S\9Ϡ}|j,xzBp)a)Ko-% dX;O\9UTnAF$ub8&`ڛJxecףKPHgş ÌAIXZo5 U?< ^lKΫ!O4JB.^aq@>aK[3#'Cy Sɨ.x -)a2Zz/ɣx}.[ xIŬB_C^YNqqœϽ|ޘFЕ+>yϕz- 0"Xԓa@v ޣUl+./Bl1itÝ 4Xz?9~ςvљ!Db(Π"Yy@;4~cHF-\˶Y$Cɪ/&N෉ ;)C<>#웄ڜLTꊤSDɎ{gƥzy;^w&_`Po88BC%gN@5""BH^v sEђ'spv)r`t <9ɖtU% qy%u2b# ;vxԘl;P=\(bK|eWb=c5PWUۮs-Fb*+tIwSqjr>4k}QWP3UյÊ\; <L?^T&?t>#(x|fIU6>?N2]ЬmBrD|ӵё9*LFc.גlΒ~YK*ycsbNۤ}r2oIEyW{\8`^siȉ`/_F lKTM0@ xJ6[MSU st=w=޴3:HǨ@9:% t!UdnG=70 *хZ _F|+Qcӭ>F{r3P̴ĖZDյhHi7! :Z%Xnʟ'¤31ricJ{lc6 j7iL<Ϟn}Ci&I\ 8VB2L#?x3,X=]=_ *ȫ Rh+𩝿|.Ǫ xP4'^.q땷z( L}ث47' \b"Gpq:-b#),h[%.+C4ńĵpJ">=h5A/q'E>y}ggwxӻBrw;m13+@Bl* +#v(}Xũ5ɮf]~Maޤ]#Fj\ȵ.ȱR#b6Q 0 i%F׾]~ [g\%oG0.toqkwGǪf n>Òྵ!X84=<úYV:$P6M1)Q~cy1v|lх'*`),$$ /6ejk˶yF͸U/2Rƻ+Wey'k?8U<scMP'F+@YIIu=?*IiO3X}Zi)%\K)YD(JRv?زMd*aKX?+ Fڝ g[ y^Gx041>z|#{<-k/jClnV0)Iiz# H~3 Xl Ab@k}4_F1 \"昈|UK[ؤ#tfdZףi~K ϽtQS+p7W1==Jљ6b)?y t|yq}W=>gXc$YB梨u$Ԟx15jlVW6ˀ,l-) .޵ M4@P;]Фܘm𡁞8 5g[5X.=) Zkq8gM1|b> BP #j_%:,FebdG;/"ڗX6_pNto!%ܔ&P~gM- /Ud%Z?gAk55.POnfZʞI ;ej&odOBXL86.Af.$kM\2]歨PUM;!M:@c?{_\)DYS1Ft~ȄDn -#da`>8Y$3Pvx$PΪ*;WovDµV@tHodٽۚ$sU[a:t߈ُ">hkI`KS=mQ}0 ۬e5L PZѣ#c?-rݓDNPs[X="eRiSJۈu- Ȥ3[HV\qIqkNʅxqx^Sd^-V` Mnv'9eK'm`an1 fyZݐ-w~ѰcZyNRL˂;mGkՃ14ʁöZm9鸯`C*n;7Ҙp).I8 #_Wq&esPotj}:I+?)~ ƣ;` Ff3{0R:q¯$11{2L:ϡUOsSDf} 6 DJq]Bϼ]vc `fsz2PaTGΌBE=`k~|+\q+0S _Z@!J5!{BkǾpBRvе2F$[N4)}f#XeAHKwN7.),&#s3M:*թ M)d8 0 ^+($:[(/} Ͻm#ԽvS:m#Q-%fy LLe/{4;ԙ](ӋQt.3#CʩEp ́Qe^HD,r[֋Va9="6ŏ4o.8dEӡ/)+Bƿ0̖W/<%SV_(3"'G{OIEfȘ KxsuwZ$yj{h֌ Qcz]C5q]eG< hVP!|GqC$p㫰 t%V}jZs(o7EY܈p}D'hH+XM0nV![N1ap̊mN8s[_QE*j5QAQKOPLkmh~Y 3v vJA7 Th} z x;(Pi`"{-KWټ f݈WWܧo/L̼Tַ:] JOz$kCd{=lYҠ9C(V.783iVW,'uH Tnl=%j&byr2I=F7fƒTAWcs?&[pS! & TpxmIqXYb+#a0*㹬j{rL<]aݢ#; )*EM$-X mƳ7VWx,dm]ثBT5~ :r&j=uxZB 8P> _ ҵm[Ȁ_䤏gxRG܉mv~U 0Udz?̚::q<{4!{ZS`H7 DlYp}<';$2̢_{ۀ3umd~-Ogs"8ό! u(٬^wzL0. AUrd@<8™nIfѩ1Wx:Ooc+vu!ԃUެDx2HOxN\j'ǓRn+$b|_TnMOyU !{ku}5#=ђѯp-o4E;9Q'ױ(3">>P* szWۨyEXCo&M,U[RjM*iQ=S3pI]Jh`OK%iN۵P(3^-> v)ޛ8hP4e=42wW.LhulPCC;1td<ͦ<"Zv[^O{Z'oA\ܧzDI_ ݺ(QHےU(pf 8cĠwk_{C ce0Q(d!t0dP, ^?n΁& zEc"CX+)h(彭ά&ƒ/p=WO~s݀"- v֍:/!C>H} ^O%Na-n[iژj0k 6P8e MmK^ahw{r0Y/0 tMgȓ05I;5at$Ml埯V9Fk*xniӊN^h 8w"-V挄pBY0P'n*:H˧K HjRQ ^P93N50[=3uk3)v Ó1;P;}fgUz񨩜絩Щie!4dRN0wG"lO".! .lY/TDPB$K_L\ETjm__"&Z՚8<R4yYHBxJ;L!*]ooCl6=_Fa;͠Q wKC60i9m_(K"N0$\1 A(g>?+T-so U: cZ\j]V1bM1 F&T|ũ2{ڛYJ邵V0%cݹ˕9O"[C,fQ7}bq*ᏰjNύ|} ; s{=R>PZ0nOÀ|p)%bVZ(5܁; mCwZX&G lR }~dZθmeuN;גTNE~6 m#Vg4/idJqiE]Cu<AQY[qBŰyKIS\.6&ʈp"/ =vB>#&@[TA@ ش{8_Dz4s9 ~ET3_TK2j"JyiJ)F1~b&; 1|S %9.)Vh՜i:s3[OIv*qKvO.->J{ vasxmókpX͚2p]J)<^QNMn.+2'a0Ai.*'E筼Lpxh=fʏ7x˓~ܯ-/n`;F:VX4Wtհisep9%6!8yfMy{ЩUv.w 9u'[ԻGC.0><ߎZҳ9e߯-yszILaR?< Am8VY;fC ԽLDe7tGc Wn}y9:ArP:0|yanJ3ZrϼR$y_hcPxKChI@΀ ﮕ~cA7L7="XbPtu"cY t;NC_-^! ('Ȯr^wץY-,kޑXKn+hI^&j#8mfԝN?kP9 $:ۂJ956Iհ㡙.:Aͪ?11#"BTW% šA_ṷ:\};oyKd՜ V\{vBJ)cýV u`^ࣦ RKY.M]&Ooiƫ+? +ְ!N0jM ]A \oytX"xe/<]p{qwqE+ѭ嘡6Lp*/58*uMy@te  OI'(p:OJg#14:\eTU(.f3LpA={~K\?[2ywkc7^o26.{ːi\H5N x.@1ht_  *5},gT)T"A1C4p2x2x]fhqgz/g*Ʀgs?>N]S(GOxԑGYC p)ao;GC&= .8X:zX`rmg+M8֒m[>|olP-rz!zQɖ$t]ԋtDU(b*ؽ#}9g,d!fɫEEqD4'@ԥObB^;'[b& &E~%IazޮNXb3}`#t(ihr|AU1qMU@OGU3y/1RK+_o Qtcn\>7NJh|F\tス 04ިT%6sq[8R2[msSY㌢B1l~|eH~2Xuhz}'}d뉈ʨϏu4LˎP|ԯTdaK4@d5K*TZW?@t}O]T͔YG* ̶վBsf<73~1J$e}|wŽ ;@4%+9P;~e"rnՂ(;cIZD%Apm_^w e ҧt-4<0g:GsӇTjnqDUDCd*ZbHH7/[^-ɲMHL!éQcU@ 诠̓u B{x\h5M'vn~ﴔLǃîϱ: k3L}8+€Xh@-Ek1/5-.xckVjb U nr#ԋWYc.0&PM^dЏ27pW~J'&0f}I.|R֙O-@1K6ZT-Ct|*j4M_ iX]r!4gժނj@!!&G =ڶX0EFSDϪ ۋh;O;UjN C6Xp?$^Ioܪ({]V $d!פ+xEN.3}-pMe#D 6ٜ&HؙNvkqwa#(łAr`_zR4cS]Z eYoLct&0F<^YۀP%[L.. ͙&!Td1x&2-LȰ_,_Y. S;AT|`ƥs;إ240+| HiU˭ ̩ǰ\O3Wyf2W$T2.(?:"gW{0B %2ZC K}b5 /ҲbCݶ>9O^~ KnJJKڏ}Gpo\Fx`(h]pwrp1Q'TF|`%1EEoI-{Ecpg3~\l1G@02%x&)I0/B0+Ш C{m.ke|>IA$st)%zwK6=*6ܜ+Ym糈:N'n-ws#U Yk"z`/sPn w]q]27==J[..5oeARbPYo)v'h c*ֽ:&|T)e)]7.#rkw6cs OrBvBP%DfvP:ZY ̤ ҪűȘN1Sϔ ',oȻZ"` ,|\C*tD+cqR?+EtzOᷥ 0/ !ͱdÃ2X9כVȇP`(%wS$xj2j<vy8j5K<_8</D/4DTCӾ[z̴6ӳEFd37Q*r}9GVz U;`J(2Djiv+$G5JK =#έ9uH,@Kw1 c9_Wz5 VuzkĦ}^ qNi;Kj։]7aub6F1(?'W԰ƅpKĠm˕:Nِ]r~#F}22]|6{BV;;v7φ& t^j1DS`nױUr\9ykك`0g­Y}klS~)0;;&9я}{5a^qJPy<݀WqMR$M$>Z Ehm cɺɦ{ bƔ+EEbhqf\,Wk?U$Q뿒v b`'sZ~ۅEɇDR޲n<?&.G%!o-m6b z anCI^0Hv EO*Е?ghljf5Tʢ:BFܩ;\"9~I(ECu#18/G'~C^4]ZŅp57m0M}\ c*ӻ)()>,$0FT@Ђʄg"B]k:ttͰ6Ѿȫl$<Ƒ#:-#y<] !PiVէPPe:\yпsGpX\>`ED f"r#KR!×ߑXl$܃v80%*mH/K(2嫾Ң uׂ߶Zx4<^Uhӣ0W[*S̚Z'3=UF5sJCPhy8 |"^F72/$}6,S'QEguzZz av\daNjs-i?ʂxzl1{J`ՙYf#Tq1:4V ZE.h~đ9xa5ؐ5]Dp m( ZIzvQw}8n&?8u{/ ۞&P$n(fJv/˃^."X @+m'ѧfVK5|ُ~DɎΟG+ E1fύoi}E"y :aw~Ǵ 63Βu44h2["(F[\aR@7vɤq%gъ< 3%/n2Í#j"/hyþb2/br'>ೠ8w"fNwp_$:/{#_J>4U(5%`ǢUw^e,HSogg ((x,MuHTd*ѧ,WpEorh BN O%?\#b -+߱] ^%j.e)tlMuVBӨ,XBM^3eQ4XE8ņ8y}9StDH WОDƞ!i365_eŸ(5mX4?AWEelⅰa0d}7I90y 𞐞tMp0_ b[ja\\f+ˈMC3\ĭDm 0.ݢXi̛%0R4wv񛦹P$93<3FY"uFٻ (yUm[ }y'Ϝυ[<~=H=3.D=bm]:u)mUr4y0`]\P+)U.ߗ\n."+Cl/Bs ٺ,%" g;ffFMK;TPLq~1i rOZ1{DJG)*" Į͋F8;~"QFA!H'aؒtԟ>d0}j8yF[*{|[:~KY66Up&CdLWh-α: |׮Ǔy~^5@&T 7pZ2B0ؔڛHM Q,?8-ɤu;+IZ3qPK mvPc{!>E&).obέK݂:L$RYfe6zjD㲿RDET| jl3cEGz' eRrUTSQUN>7:t-%7a&z\ VljN߭ ,#c2iy(y vD qG@ ?J֤$1uuuO޾!fINz DDPkws,Nj4$nI@KBFR}UƊ׿LRZʠFwq"u/>8p6nG]Tss U0?- r|LpV]IF_M K%ͲVz3#/T* ׎:a/|L都߷/ T)"$7C#NFzr;`k܄qRfA}zXMwѬ*.N+MKT\gJY[HD3t#}BLЧ!4x]NjJtA&e0_Syb`*R6cnn"`L.p r&+pD/:tR#RxV%i ا"zCۃQ2~ڍA9dN6g#qdtPPET_8)KdсUrE&~{ 1a4t#1xS&QN/Giik,__TYu<{%w/b/ae'z]X\J6 ;>?y%A>($/GW Y|UxszMD~FmfI3*k^T2D.]SBRٓu%زi& ~ɋ䪢=Z>Z8  NuukP:cw)my%հb‹thŊy[1=rgR&ON;k[]?c>։Kp2s,ϐQN_D厛jPS?+擽 !wJA{řUNl~6> 'l,f=!gVh;Gpk5Bۭ1%~\*Ak;6~%j`UesC+uM/gMCV.b2vpRSKS!.r0{ :5{â=cӞW0X}zb \;1g7U=xDtuJ 2Aea%˛Q3;i$Cf_Va6r1)9ljZ~vт*.oG% K)閭n1ب|-Ɍ {`ਐQ":SRQdѝ ;Ga^Ǥ7$`ztb#E &^(3#йCS^J/^I20W֒p=CJ` 8 +G͠ .KQ|$y|Mwc,D~v2HQS6ilFTnȽNrcm4_k|Hq=ʤAKzb# 72N.+a|*gۜT,Gb)F8 "'S{jWZuf;)z'5 02:WҫC %`1d6@鱨/6 b (tz4Yn{DfchQFD2 ARK:VּnWI8Cf D3+dlk 14mslh2*8[85dÅml2c4 Յn!Q 6QU+4.Ψ6,)n>6/, Hw0`mnHo|Bj|3X|_TҨpj8׻f1<6 xl3@*=o_-iXmu:ﺪgrSv"?aM12ju{B =]65=yQf1|Bӄ۝e'S>f_B↽ ,|9֛i[m|BcI+oӥ|9@z8q".d0qJTE,x\hl;Q3t'o4N /WGKz'mھ1]LNM;ƪ' oe&yH 88P~ls( 9^^ 89`ٴN_- 2侵qvmulc&(iy0R_gwvsq 2-ܧ"]9<{Mc&ն>N/q'6^ifL U[׸;ˆ/:e1w4 a+ȸ+sty,@j֥%;XSc6SC*@7@БAKp%JKD` ﶺ '{Vӿzŏ8c.$o+ɉ74e*rk1.[iQKLX * ژ+Q)LAWp qPi 3xN{xP&OK h(:Fl|,iȨ%#LtFN'\gL+|~L0[tEOUw'kt `TQUU]·# A!' %-`L(`:\P%=F@Xdm/TM^* at/nZ+7$Ba4 _%w7uyqyvrWPM`[IoFW"!^U5滘T&ciNJaZakwXJp;XyC.tQ(3+RNY':sPu_v삻@7`=+!+{0ݷURDg,XF`ʑx[i >飫ъΈq\\ SiAl:%k4xAL>|`>["4Zp"+]Iֳ?]I4ZH2J~.CR<}91jsͽy!E aɺ$,h/"L{a)/%vih\qmb]VX~rtd,b/d]x֪.L>'0;}bh -OX R|2TWWэU˚օ%w&C8c'puWEQV`:j 6S›9~+FP熜\8"+ǵ T=WVBU!:dX\e՟(iq/3 wIHx:9ag裸gc&q?aʫRY*G\%DaeJ$)3Z*~{m{<"Bz;+[8ɺSR'NqMQ`o7^#5="2$c}athCCgjq @[jn.io%[BHy'sMp>IS/מ!q*!Y2j7kC2ڥxeFVB09%@8d8\yPV-XnqQt*Mf?X:#qxrz.7(oyDZ}.Z0c7&e20#~%ZV!2N aP4t~,|1YA&q5)H.\3hrdM]WrmNTbr1 u )Hڈ9N~%aR͔t,'_<_Zp>G=B/LG ص7ΠR ]j0 ji2ڂ*i{xdWkkBۙSAIKA=S1WĹEAV wcւMAZ_ j.pQ( Sa1 ~(Y`ɗc"mb0_ϖ|Ƙ71  9S5~2)7ӎgibeݻdG.lm'F8|:2rDH/1Xtꜫ>>:dw&_!iWUrN=& mUڡw9^N 7+yA+W;MTYOw^gI=⇚fxJTn8j۠æ.ք pmV2\)E-!+GFʿeGq **512 NӛJBذ#InyyM+ <ދ>Ґ0v+:m;blhCG625 ?صv7HҴ?Fraڬ֚K *HI=Wugˆ@l `;~9}DD&%K36% h y"^j Skd4;7cC(D im#a:Qh=%|I78t$- N>h_=`YNGm4|+/Co Ըk:yx DESMsH=uu"2F4&I6;>Tȴ2U*}6@}La#>gY-N^6qImr}=Mq!jNiu}5(dB%UDlVe+7 #мI @z$ d-,בc+!$~-q%+-L*MY6r82ڒ(ツ:yh&չA FaO/L`2[P Vُ?X+2i<FysKx#g<l=kِ"<&$?3<T+RiFȏWva* K&|qJ)lz?#}S;HA8SXP⛇L7"ygksAE |{4+373\y[0D|*PCDR<+8ߠm>k e6e4 @(Ui.hKꉁ =S7)IJ!" 9 ~=VŻ V!oR<` q4ցѷ4M3h!G~^@pMC:CxINս&CmTODq&ςPeފڼu"+$jaSLjؼ$͠T&ǔo B3ؾ-dWVZՈ ]L& j` y|~;:CT Zj_qR_p?c YKeحZT7#@NbFPM|INY{eo.O\@-/ &$3zF{Z\Qs- [^ z -lb^@jJq؃{RR[d> c7 D> sj\%88ϧ}vj-u3 Z=0_8^i=@D)V#YYd3S Ɗ9}5|!x,5Z%T=D 1pGQ:߯bk@{yL&,HWx "Ia54 f\h"G3hn}*A{$ڊE8[3ͧ^S|=Ǝ5?}Jݙð7Zv@@g(vqi;F/mwƗp!{HfNT>v~5!&dJ̛e3ÿ2mϧَP'Of۽l5}Z P$*z1QNEIpMmc?l]V[ ? )DJHtWZ*BS5Lc9xF49cEy  Җ2ڟ1}p> Ʃ`'n$t8&DLF؛h}]-K:1b\>ovTZ^zfUJ\8Rqao#DIOM"<Ώ$d.M@$̰.(T=Xt&z/beѡOOiنd4;'}=wa(m5'&L:&tHGM/XU4~(E.8y%B&gϳ TkED†he-KEPփ0Xy#6b)}~K@/`7R-28M=seӒn}p;XR'8*q1X+? 'p(#"Jof<-xc;w=;Sd|Y}K-ۖbt0XD<ݫ5u\lZw֝6._+?6\+;e_ zA[x~ lSɒX]C#w`(S=BGoK% \zƂCUi֕gdxք#mf5G2zىBe R6 )ac{’lT. t!TL#^s\\eV-s,;\η7JNC! 0iɻ͜ SKlzfz̵8UiQnm%lf97`}޺ X- a-Im#n&< w*cZzQ`DY|?֍!7+~;=#"s_MO݌\֚w-&ꎻ=ZkHY,KI0B1Gn"i#(McB`"R<QXSl~^" 0xLutuK^T`3CHOML3 4|`ɿw4U 9ʰ"xD|%q.Gs>`}H;Jg;1苤6m [YވBM1\] *#ʅ{9Z̽_b߱HED{Vjc*_*?n_f2`?)B֠s&yK]=]񎆦|v[tHR\"fK#9-[EO|ԏ8jzJ0nwv Rtf,,.Ey k(K88Ț׾K3T?~3]Mmip3"L&'Б8H;59fS jIG}<%RWA\E?" HtVF h$Fl:xѱ4F7V[iԸBnt7^6Y逨TeDtꝼSwJ '+UԐivɨ&ǚm^lxQ%UA:iY|>eI_TAJqFL8$}x*aB,RۈVXZ N;*S]| @Q/m h y!@8+;c}p>}*Zí YZ