nginx-1.14.2-lp150.2.11.1<>,!؉]6/=„m9NZo9D? SkMH'7Pq rɇqrj€=P2VRrw͒ff' O&j5t0!=j-{Qkz0eѯ=rG/"ۆ-*8?yNڳ[͘J@g8Y4e Gt[rZ>ͽLK4(k4 c0eZ֔[=%s4N'>!"ޞr>L?d  E) Bdw}Q  DHdH H H H  H  H"H#H$%H&<&|7'X7+7,T,X,n(,o8,x,9-(,:0x,=۾>?@FGHHHI4HX|Yޔ\H]H^bcsdef l u Hv@wHxHyTz $?DLRCnginx1.14.2lp150.2.11.1A HTTP server and IMAP/POP3 proxy servernginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev. It has been running on many heavily loaded Russian sites for more than two years.]6cloud107)+openSUSE Leap 15.0openSUSEBSD-2-Clausehttp://bugs.opensuse.orgProductivity/Networking/Web/Proxyhttps://nginx.org/linuxx86_64/usr/sbin/groupadd -r nginx &>/dev/null ||: /usr/sbin/useradd -g nginx -s /bin/false -r -c "user for nginx" -d /var/lib/nginx nginx &>/dev/null ||: test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in nginx.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in nginx.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-nginx-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-nginx-update-$service-new-in-upgrade" fi done for service in nginx.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset nginx.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in nginx.service ; do if [ ! -e "/run/rpm-nginx-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-nginx-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in nginx.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable nginx.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop nginx.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart nginx.service ) || : fi else # package uninstall for service in nginx.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fi755 2255||W 7n]@OPo\kKuJ@=`xPg9uHs#-,x,"(QgBAA큤A큤Am$AAA큤A큤A큤A큤A큤큤$AA큤큤AAAAAAA]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]5]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6]6\\\]6YF]6ZDZDZDZD]6T-nT-n]6Y\Y\Y\Y\Y\]5]6]5]5\\\]6]6]6]6]6]6]6ec4107751a558c8cab1e79dc64aded337ae12493b225a9211fa95825e5e23005b2c3d480a58f61f3a7dc61850b461e892e36f236317765a4f2f6d558c928fa57b2c3d480a58f61f3a7dc61850b461e892e36f236317765a4f2f6d558c928fa57f37852d0113de30fa6bfc3d9b180ef99383c06739530dd482a8538503afd5a58f37852d0113de30fa6bfc3d9b180ef99383c06739530dd482a8538503afd5a58b5f8a6d411db5e5d11d151d50cd1e962444732593adec0e1ef0a8c6eebec63eede518a9eafe86c8bc705e296d0ef26135835b46bdc0de01d1d50a630fa5d341ed61b7bdd17d561ea037812761e6903970c6bbe5c7dffd0fad069927f057c55a3d61b7bdd17d561ea037812761e6903970c6bbe5c7dffd0fad069927f057c55a3012085a8af8f43fd370b67a11ad601c27701e2f48f446f96c386827a148167ed012085a8af8f43fd370b67a11ad601c27701e2f48f446f96c386827a148167edf27b2027c571ccafcfb0fbb3f54d7aeee11a984e3a0f5a1fdf14629030fc9011f27b2027c571ccafcfb0fbb3f54d7aeee11a984e3a0f5a1fdf14629030fc9011015cb581c2eb84b1a1ac9b575521d5881f791f632bfa62f34b26ba97d70c0d4f015cb581c2eb84b1a1ac9b575521d5881f791f632bfa62f34b26ba97d70c0d4f55adf050bad0cb60cbfe18649f8f17cd405fece0cc65eb78dac72c74c9dad9443c264d74770fd706d59c68d90ca1eb893ac379a666ff136f9acc66ca01daec028c9c319d575082d4ac72db617db687e8c3062d59a8b2a0b1dbe0bb81e7c6e12a460b33ec00b32a7ed130046c130a64d22891e2f97456716b5a8edbc4483e8995d063dc72281e4f1316687d605980791e80048a86b49f903d4e5cd521d8ac6397d9c1f6a66e9e524ade30c480c21c98a6c44cb848c6fc2cded965edc1d493105d0f6e602bad84f6d20c9f3be6f7f7cdeae3c9cf6659c5ecece2ba62f4988f8fa02644b96af930485e082f6c9b724cd4c3611f873ebfe55515a04c33cec3fca1fcc149e49dda0fb15f288ff5e4fde97471e7017c1aabc2da36c443ae515aec91ffd78390c3337d8213e5d9215d5eee022eb8a3d28b2f55ec4da7252054416b28955a54090dcc3939dadf273009361e5c1c5217eadc54925cf79a4933ca17132bde0edb7d5f130ee8cb9247474bc04495c3b0943a489355951c411ef12b531a46cbeec1c50c7441fc103b7947aec473ae04e41cca6168badf882053e5c1d4d33b9c3390932814dc2d7a42720139cdc53c65323ce2c5ba7c62f2ec1f7acf84ff0a13c0b316cf644347bbc8ea472490f0332a58aa40d96be1ade679d3565b9026d1f76ff663dc8c0cc25c3db0f933eba6d7aa0e49fdbb1a7c521962f2c7ab08f90de3b92dec6368135bef01d57c8f4af58cb65add26e3bd5782b314f2cf057d3988898cb4e2ea873034c169e6afd1a89a71e503f63d0046bd8d9f61e4924446afa6dae18f05bcaad47528f8b21861d4a0fb9815ca1bbb4be946c51a51d36623758bcc86e5e38e2b95af0f511c89b4b3d429fa93e7b9508d0a104c4e6bf02cd9bd4ded347247af04436090a3ca370f3a5da20b3b23b699bd31b54ab32286b0686d3daf0f1f1268f61767a4ad65b4bc69884852c53fb5a43b6aa0fbbe6b408de76544388d3c03419f45fee0475dea9826ea965500326802b7feca59c70b5203444783f394126b2ab8db863e110759bb5e44431a2148fb52fff9e22c3b4b58b4c6fdabb21cb8ecb41b817082bdad9deb8473c38d0210d989082bde7ede449fe869407445de1c45bd8cd1400356f675176f939ae00bc9aa9c0802a6c9194cc96c00e4cb4e53f38d396b16e75165e0307a55d9ece458b3b77eb977dd40e6d8cf55064d7bb45958e88f2f1d148a2bb59cdc8f65e86ec0c405c6273bde77a4ec75448c48d132d7334f955d67c48b960b23595fc5245096667491180f1b5f98f47f3d840bdcbe125a45a8f7e7a139e3c0af148caa3634cbfe23ef4ea631a0e7752799027514e0b3371c604fe1441cebe632cc98686aa3ad6d5bef672fc107d7f294eff6ef2cb4e2e7b48eb1f3ba36627388db21bc6c6b0f1e8ea0ab353ebb12312607467cc63b6ef624dc54b0b54e01790403f8b4afa595ba0b8ed0aeee2cd9c251485d600a59cbb9fbae8d0987b4a1547fa48135ed1c890f58e7789acee064026678dbef5cd61cc5bfd4262ea8db2fc575459d1e3b3fd2a4a5a8b2697f1080d7514f5a4d7910295ec71cb7b92198c02f4042727147b3ea069dc61d78693725783ce0ac74ec02servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnginxnginxnginxnginxnginxnginxnginxrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnginxnginxnginxnginxnginxnginxnginxnginx-1.14.2-lp150.2.11.1.src.rpmconfig(nginx)http_daemonhttpdnginxnginx(x86-64)perl(nginx) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/perlconfig(nginx)coreutilsdiffutilsfillupgrepinsservlibGeoIP.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcrypt.so.1()(64bit)libcrypt.so.1(GLIBC_2.2.5)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libexslt.so.0()(64bit)libgd.so.3()(64bit)libpcre.so.1()(64bit)libperl.so()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libxml2.so.2()(64bit)libxml2.so.2(LIBXML2_2.4.30)(64bit)libxml2.so.2(LIBXML2_2.6.0)(64bit)libxslt.so.1()(64bit)libxslt.so.1(LIBXML2_1.0.11)(64bit)libxslt.so.1(LIBXML2_1.0.18)(64bit)libz.so.1()(64bit)perlpwdutilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sedsystemdsystemdsystemdsystemd1.14.2-lp150.2.11.15.26.13.0.4-14.6.0-14.0-15.2-1otherproviders(nginx)4.14.1]g@\YzZ?Z̧@ZZ_@Z_@Z_@Z_@Zz@Zz@Z7YY@Yp@YY@Y@Y@YlY0X"@XۡXf@X*Xp@WW@W@WWPWN@W8dW8dW8dW,@VV V V Uyx@U*^@U*^@U*^@U@Robert Frohl Artem Chernikov achernikov@suse.comastieger@suse.comachernikov@suse.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.deachernikov@suse.comachernikov@suse.comavindra@opensuse.orgmrueckert@suse.demrueckert@suse.deachernikov@suse.commrueckert@suse.demrueckert@suse.deastieger@suse.commrueckert@suse.demrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.derodrigo.oshiro@emc.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.dedmacvicar@suse.dei@marguerite.sumrueckert@suse.demrueckert@suse.demrueckert@suse.dei@marguerite.sumrueckert@suse.demrueckert@suse.demrueckert@suse.devpereirabr@opensuse.org- Fix HTTP/2 related security issues: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579 CVE-2019-9511.patch). - CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580 CVE-2019-9513.patch). - CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582 CVE-2019-9516.patch)- Changes with nginx 1.14.2 - Bugfix: nginx could not be built by gcc 8.1. - Bugfix: nginx could not be built on Fedora 28 Linux. - Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - Change: the logging level of the "http request", "https proxy request", "unsupported protocol", "version too low", "no suitable key share", and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. - Bugfix: nginx could not be built with LibreSSL 2.8.0. - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled. - Bugfix: sending a disk-buffered request body to a gRPC backend might fail. - Bugfix: connections with some gRPC backends might not be cached when using the "keepalive" directive. - Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. - Changes with nginx 1.14.1 - Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843 bsc#1115022) and CPU usage (CVE-2018-16844 bsc#1115025). - Security: processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845 bsc#1115015). - Bugfix: working with gRPC backends might result in excessive memory consumption.- update to 1.14.0 * 1.14.x stable branch. - includes changes from 1.13.12 * bugfix connections with gRPC backends might be closed unexpectedly when returning a large response.- update to 1.13.11: * the "proxy_protocol" parameter of the "listen" directive now supports the PROXY protocol version 2 * bugfix in the "http_404", "http_500", etc. parameters of the "proxy_next_upstream" directive - includes changes from 1.13.10: * the "set" parameter of the "include" SSI directive now allows writing arbitrary responses to a variable; the "subrequest_output_buffer_size" directive defines maximum response size * now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to avoid timeouts being incorrectly triggered on system time changes * add the "escape=none" parameter of the "log_format" directive * add the $ssl_preread_alpn_protocols variable in the ngx_stream_ssl_preread_module. * add the ngx_http_grpc_module. * fix memory allocation error handling in the "geo" directive. * when using variables in the "auth_basic_user_file" directive a null character may have appeared in logs - Use %license (bsc#1082318)- Recommend to use TLSv1.2 by default (boo#1086855)- update rmtp module to 1.2.1 - just commenting all places where we fallthrough conditionals- update headers more to 0.33 - feature: add wildcard match support for more_clear_input_headers.- update fancyindex module to 0.4.2 This release contains an important fix which can cause Nginx to crash when a directory contains zero-sized (empty) files. This bug has been present in all previous releases, and all users are strongly encouraged to update to version 0.4.2. https://github.com/aperezdc/ngx-fancyindex/releases/tag/v0.4.2- changes from 1.13.9 - Feature: HTTP/2 server push support; the "http2_push" and "http2_push_preload" directives. - Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.9.13. - Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive was used and no SSL certificate was specified in a virtual server. - Bugfix: in the ngx_http_v2_module. - Bugfix: in the ngx_http_dav_module. - updates from 1.13.8 - Feature: now nginx automatically preserves the CAP_NET_RAW capability in worker processes when using the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. - Feature: improved CPU cache line size detection. Thanks to Debayan Ghosh. - Feature: new directives in vim syntax highlighting scripts. Thanks to Gena Makhomed. - Bugfix: binary upgrade refused to work if nginx was re-parented to a process with PID different from 1 after its parent process has finished. - Bugfix: the ngx_http_autoindex_module incorrectly handled requests with bodies. - Bugfix: in the "proxy_limit_rate" directive when used with the "keepalive" directive. - Bugfix: some parts of a response might be buffered when using "proxy_buffering off" if the client connection used SSL. Thanks to Patryk Lesiewicz. - Bugfix: in the "proxy_cache_background_update" directive. - Bugfix: it was not possible to start a parameter with a variable in the "${name}" form with the name in curly brackets without enclosing the parameter into single or double quotes.- Install /etc/nginx/conf.d directory for custom user configuration files- Install /etc/nginx/vhosts.d directory for default installation to house custom virtual hosts configuration files- update to version 1.13.7 - Bugfix: in the $upstream_status variable. - Bugfix: a segmentation fault might occur in a worker process if a backend returned a "101 Switching Protocols" response to a subrequest. - Bugfix: a segmentation fault occurred in a master process if a shared memory zone size was changed during a reconfiguration and the reconfiguration failed. - Bugfix: in the ngx_http_fastcgi_module. - Bugfix: nginx returned the 500 error if parameters without variables were specified in the "xslt_stylesheet" directive. - Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using a zlib library variant from Intel. - Bugfix: the "worker_shutdown_timeout" directive did not work when using mail proxy and when proxying WebSocket connections. - partial cleanup with spec-cleaner- update to 1.13.6 - Bugfix: switching to the next upstream server in the stream module did not work when using the "ssl_preread" directive. - Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. - Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t. - Bugfix: in handling of dates prior to the year 1970 and after the year 10000. - Bugfix: in the stream module timeouts waiting for UDP datagrams from upstream servers were not logged or logged at the "info" level instead of "error". - Bugfix: when using HTTP/2 nginx might return the 400 response without logging the reason. - Bugfix: in processing of corrupted cache files. - Bugfix: cache control headers were ignored when caching errors intercepted by error_page. - Bugfix: when using HTTP/2 client request body might be corrupted. - Bugfix: in handling of client addresses when using unix domain sockets. - Bugfix: nginx hogged CPU when using the "hash ... consistent" directive in the upstream block if large weights were used and all or most of the servers were unavailable.- extra modules were enabled on sles due to a typo- Submit nginx to SLES to become a http server for RMT(Repository mirroring tool) [fate#323994, bsc#1059685, boo#1057831]- disable extra modules on sle- update to 1.13.5 - Feature: the $ssl_client_escaped_cert variable. - Bugfix: the "ssl_session_ticket_key" directive and the "include" parameter of the "geo" directive did not work on Windows. - Bugfix: incorrect response length was returned on 32-bit platforms when requesting more than 4 gigabytes with multiple ranges. - Bugfix: the "expires modified" directive and processing of the "If-Range" request header line did not use the response last modification time if proxying without caching was used. - changes from 1.13.4 - Feature: the ngx_http_mirror_module. - Bugfix: client connections might be dropped during configuration testing when using the "reuseport" parameter of the "listen" directive on Linux. - Bugfix: request body might not be available in subrequests if it was saved to a file and proxying was used. - Bugfix: cleaning cache based on the "max_size" parameter did not work on Windows. - Bugfix: any shared memory allocation required 4096 bytes on Windows. - Bugfix: nginx worker might be terminated abnormally when using the "zone" directive inside the "upstream" block on Windows.- add upstream signing key and verify source tarball signature- update to 1.13.3 (boo#1048265) - Security: a specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak (CVE-2017-7529). - changes from 1.13.2 - Change: nginx now returns 200 instead of 416 when a range starting with 0 is requested from an empty file. - Feature: the "add_trailer" directive. Thanks to Piotr Sikora. - Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had appeared in 1.13.0. - Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit. Thanks to Orgad Shaneh. - Bugfix: a segmentation fault might occur in a worker process when using SSI with many includes and proxy_pass with variables. - Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. - update nginx-rtmp-module to 1.2.0: - DASH improvements - OpenSSL 1.1 compatibility- update to 1.13.1 - Feature: now a hostname can be used as the "set_real_ip_from" directive parameter. - Feature: vim syntax highlighting scripts improvements. - Feature: the "worker_cpu_affinity" directive now works on DragonFly BSD. Thanks to Sepherosa Ziehau. - Bugfix: SSL renegotiation on backend connections did not work when using OpenSSL before 1.1.0. - Workaround: nginx could not be built with Oracle Developer Studio 12.5. - Workaround: now cache manager ignores long locked cache entries when cleaning cache based on the "max_size" parameter. - Bugfix: client SSL connections were immediately closed if deferred accept and the "proxy_protocol" parameter of the "listen" directive were used. - Bugfix: in the "proxy_cache_background_update" directive. - Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY option before an SSL handshake. - changes from 1.13.0 - Change: SSL renegotiation is now allowed on backend connections. - Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directives of the mail proxy and stream modules. - Feature: the "return" and "error_page" directives can now be used to return 308 redirections. Thanks to Simon Leblanc. - Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive. - Feature: when logging signals nginx now logs PID of the process which sent the signal. - Bugfix: in memory allocation error handling. - Bugfix: if a server in the stream module listened on a wildcard address, the source address of a response UDP datagram could differ from the original datagram destination address.- update to 1.12.0 - Feature: the "http_429" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. Thanks to Piotr Sikora. - Bugfix: in memory allocation error handling. - Bugfix: requests might hang when using the "sendfile" and "timer_resolution" directives on Linux. - Bugfix: requests might hang when using the "sendfile" and "aio_write" directives with subrequests. - Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. - Bugfix: requests might hang when using the "limit_rate", "sendfile_max_chunk", "limit_req" directives, or the $r->sleep() embedded perl method with subrequests. - Bugfix: in the ngx_http_slice_module.- update to 1.11.12 - Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11. - update to 1.11.11 - Feature: the "worker_shutdown_timeout" directive. - Feature: vim syntax highlighting scripts improvements. Thanks to Wei-Ko Kao. - Bugfix: a segmentation fault might occur in a worker process if the $limit_rate variable was set to an empty string. - Bugfix: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives might work incorrectly if the "if" directive was used. - Bugfix: a segmentation fault might occur in a worker process if number of large_client_header_buffers in a virtual server was different from the one in the default server. - Bugfix: in the mail proxy server.- update to 1.11.10 - Change: cache header format has been changed, previously cached responses will be invalidated. - Feature: support of "stale-while-revalidate" and "stale-if-error" extensions in the "Cache-Control" backend response header line. - Feature: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives. - Feature: nginx is now able to cache responses with the "Vary" header line up to 128 characters long (instead of 42 characters in previous versions). - Feature: the "build" parameter of the "server_tokens" directive. Thanks to Tom Thorogood. - Bugfix: "[crit] SSL_write() failed" messages might appear in logs when handling requests with the "Expect: 100-continue" request header line. - Bugfix: the ngx_http_slice_module did not work in named locations. - Bugfix: a segmentation fault might occur in a worker process when using AIO after an "X-Accel-Redirect" redirection. - Bugfix: reduced memory consumption for long-lived requests using gzipping.- update to 1.11.9 - Bugfix: nginx might hog CPU when using the stream module; the bug had appeared in 1.11.5. - Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted even if it was not enabled in the configuration. - Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive of the stream module was used. - Bugfix: the "ssl_verify_client" directive of the stream module might not work. - Bugfix: closing keepalive connections due to no free worker connections might be too aggressive. Thanks to Joel Cunningham. - Bugfix: an incorrect response might be returned when using the "sendfile" directive on FreeBSD and macOS; the bug had appeared in 1.7.8. - Bugfix: a truncated response might be stored in cache when using the "aio_write" directive. - Bugfix: a socket leak might occur when using the "aio_write" directive.- update to 1.11.8 - Feature: the "absolute_redirect" directive. - Feature: the "escape" parameter of the "log_format" directive. - Feature: client SSL certificates verification in the stream module. - Feature: the "ssl_session_ticket_key" directive supports AES256 encryption of TLS session tickets when used with 80-byte keys. - Feature: vim-commentary support in vim scripts. Thanks to Armin Grodon. - Bugfix: recursion when evaluating variables was not limited. - Bugfix: in the ngx_stream_ssl_preread_module. - Bugfix: if a server in an upstream in the stream module failed, it was considered alive only when a test connection sent to it after fail_timeout was closed; now a successfully established connection is enough. - Bugfix: nginx/Windows could not be built with 64-bit Visual Studio. - Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0. - changes in 1.11.7 - Change: now in case of a client certificate verification error the $ssl_client_verify variable contains a string with the failure reason, for example, "FAILED:certificate has expired". - Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start, $ssl_client_v_end, and $ssl_client_v_remain variables. - Feature: the "volatile" parameter of the "map" directive. - Bugfix: dependencies specified for a module were ignored while building dynamic modules. - Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives client request body might be corrupted; the bug had appeared in 1.11.0. - Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.11.3. - Bugfix: in the ngx_http_mp4_module. Thanks to Congcong Hu. - Bugfix: in the ngx_http_perl_module. - changes in 1.11.6 - Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables has been changed to follow RFC 2253 (RFC 4514); values in the old format are available in the $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables. - Change: when storing temporary files in a cache directory they will be stored in the same subdirectories as corresponding cache files instead of a separate subdirectory for temporary files. - Feature: EXTERNAL authentication mechanism support in mail proxy. Thanks to Robert Norris. - Feature: WebP support in the ngx_http_image_filter_module. - Feature: variables support in the "proxy_method" directive. Thanks to Dmitry Lazurkin. - Feature: the "http2_max_requests" directive in the ngx_http_v2_module. - Feature: the "proxy_cache_max_range_offset", "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and "uwsgi_cache_max_range_offset" directives. - Bugfix: graceful shutdown of old worker processes might require infinite time when using HTTP/2. - Bugfix: in the ngx_http_mp4_module. - Bugfix: "ignore long locked inactive cache entry" alerts might appear in logs when proxying WebSocket connections with caching enabled. - Bugfix: nginx did not write anything to log and returned a response with code 502 instead of 504 when a timeout occurred during an SSL handshake to a backend. - changes in 1.11.5 - Change: the --with-ipv6 configure option was removed, now IPv6 support is configured automatically. - Change: now if there are no available servers in an upstream, nginx will not reset number of failures of all servers as it previously did, but will wait for fail_timeout to expire. - Feature: the ngx_stream_ssl_preread_module. - Feature: the "server" directive in the "upstream" context supports the "max_conns" parameter. - Feature: the --with-compat configure option. - Feature: "manager_files", "manager_threshold", and "manager_sleep" parameters of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. - Bugfix: flags passed by the --with-ld-opt configure option were not used while building perl module. - Bugfix: in the "add_after_body" directive when used with the "sub_filter" directive. - Bugfix: in the $realip_remote_addr variable. - Bugfix: the "dav_access", "proxy_store_access", "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access" directives ignored permissions specified for user. - Bugfix: unix domain listen sockets might not be inherited during binary upgrade on Linux. - Bugfix: nginx returned the 400 response on requests with the "-" character in the HTTP method. - update headers-more-nginx-module 0.32 - tests: skipped the newly added test case that cannot run in check leak test mode. - bugfix: more_set_input_headers: skips setting multi-value headers for bad requests to avoid segfaults. - skipped check leak mode for two test cases using malformed requests. - doc: claims that we work with 1.10.x since it is essentially the same as 1.9.x. - bugfix: fixed a typo in an error message. - bugfix: when the nginx core does not properly initialize r->headers_in.headers (due to 400 bad requests and etc), more_set_input_headers might lead to crashes. thanks Marcin Teodorczyk for the report. - update nginx-rtmp-module 1.1.10 - support for nginx 1.11.5-style cache-manager - update patches to apply cleanly again check_1.9.2+.patch nginx-1.6.1-default_config.patch- Fix the logrotate script: we had a hardcoded postrotate action pointing to /etc/init.d/nginx. This does not exist anymore on systemd hosts. Replace it with /usr/sbin/nginx -s reopen, which will use the pid file passed in the config file or the compiled in default path.- update to 1.11.4 - Feature: the $upstream_bytes_received variable. - Feature: the $bytes_received, $session_time, $protocol, $status, $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received, $upstream_connect_time, $upstream_first_byte_time, and $upstream_session_time variables in the stream module. - Feature: the ngx_stream_log_module. - Feature: the "proxy_protocol" parameter of the "listen" directive, the $proxy_protocol_addr and $proxy_protocol_port variables in the stream module. - Feature: the ngx_stream_realip_module. - Bugfix: nginx could not be built with the stream module and the ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had appeared in 1.11.3. - Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the bug had appeared in 1.11.2. - Bugfix: in the "ranges" parameter of the "geo" directive. - Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. - drop nginx-1.11.3_ssl_stream.patch again - refreshed the following patches to apply cleanly again check_1.9.2+.patch nginx-1.11.2-html.patch nginx-1.11.2-no_Werror.patch nginx-aio.patch- update to 1.11.3 - Change: now the "accept_mutex" directive is turned off by default. - Feature: now nginx uses EPOLLEXCLUSIVE on Linux. - Feature: the ngx_stream_geo_module. - Feature: the ngx_stream_geoip_module. - Feature: the ngx_stream_split_clients_module. - Feature: variables support in the "proxy_pass" and "proxy_ssl_name" directives in the stream module. - Bugfix: socket leak when using HTTP/2. - Bugfix: in configure tests. Thanks to Piotr Sikora. - backport nginx-1.11.3_ssl_stream.patch from hg - refresh patches to apply cleanly again: - check_1.9.2+.patch - nginx-1.11.2-html.patch - nginx-1.11.2-no_Werror.patch - nginx-aio.patch - enable a few new upstream modules and move some from 1.11.x to dynamic: - stream_geoip_module - mail_ssl_module - stream_ssl_module - build fancyindex unconditionally and update it to 0.4.1 - New `fancyindex_directories_first` configuration directive (enabled by default), which allows setting whether directories are sorted before other files. (Patch by Luke Zapart <>.) - Fix index files not working when the fancyindex module is in use (#46). - The module can now be built as a [dynamic module](https://www.nginx.com/resources/wiki/extending/converting/). (Patch by Róbert Nagy <>.) - New configuration directive `fancyindex_show_path`, which allows hiding the `

` header which contains the current path. (Patch by Thomas P. <>.) - Directory and file links in listings now have a title="..." attribute. (Patch by `@janglapuk` <>.) - Fix for hung requests when the module is used along with `ngx_pagespeed`. (Patch by Otto van der Schaaf <>.) - New feature: Allow filtering out symbolic links using the `fancyindex_hide_symlinks` configuration directive. (Idea and prototype patch by Thomas Wemm.) - New feature: Allow specifying the format of timestamps using the `fancyindex_time_format` configuration directive. (Idea suggested by Xiao Meng <>). - Listings in top-level directories will not generate a "Parent Directory" link as first element of the listing. (Patch by Thomas P.) - Fix propagation and overriding of the `fancyindex_css_href` setting inside nested locations. - Minor changes in the code to allow building cleanly under Windows with Visual Studio 2013. (Patch by Y. Yuan <>). - added nginx-rtmp-module - make all modules dynamic that support it: - ngx-fancyindex - headers_more_nginx-module - nginx-rtmp-module - manually install the docs instead of using %doc - unify how we install documentation for the modules - restructure contrib file handling - moved vim files into the normal vim paths so we can use them directly - new BR/R: vim - split out vim files into a subpackage vim-plugin-nginx so we dont have the vim requires on the main package - perl scripts are moved to /usr/share/nginx/- update to 1.11.2 * Change: now nginx always uses internal MD5 and SHA1 implementations; the --with-md5 and --with-sha1 configure options were canceled. * Feature: variables support in the stream module. * Feature: the ngx_stream_map_module. * Feature: the ngx_stream_return_module. * Feature: a port can be specified in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. * Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option when available. * Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. * Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. * Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. * Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4. - the following modules were added: headers-more-nginx-module nginx_upstream_check_module - added patches: nginx-1.11.2-html.patch nginx-1.11.2-no_Werror.patch check_1.9.2+.patch - dropped patches: nginx-1.10.0-html.patch nginx-1.10.0-no_Werror.patch- in the sysvinit script use the pid file in /var/run- update to 1.10.1 (bsc# 982505) Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9.- improve conditionals - merge the 12.2 and 12.1 based conditionals into 1 as both of them are out of support now. - enable pcre JIT - make use if libatomic_ops on Leap- enable dynamic modules for intree modules. The following modules are built as loadable modules now: ngx_http_geoip_module.so ngx_http_image_filter_module.so ngx_http_perl_module.so ngx_http_xslt_filter_module.so ngx_mail_module.so ngx_stream_module.so You will have to load those modules with load_module. http://nginx.org/en/docs/ngx_core_module.html#load_module The correct syntax for this package is: [#] For 64bit machines: load_module lib64/nginx/modules/ngx_http_geoip_module.so; [#] For 32bit machines: load_module lib/nginx/modules/ngx_http_geoip_module.so; Examples for all the intree modules have been added to the default nginx.conf - patches updated: nginx-1.6.1-default_config.patch - added load_module example- enable slice and stream module- update to version 1.10.0 stable * Bugfix: "recv() failed" errors might occur when using HHVM as a FastCGI server. * Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives a timeout or a "client violated flow control" error might occur while reading client request body; the bug had appeared in 1.9.14. * Workaround: a response might not be shown by some browsers if HTTP/2 was used and client request body was not fully read; the bug had appeared in 1.9.14. * Bugfix: connections might hang when using the "aio threads" directive. Thanks to Mindaugas Rasiukevicius. * Feature: OpenSSL 1.1.0 compatibility. * Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives now work with HTTP/2. * Bugfix: "zero size buf in output" alerts might appear in logs when using HTTP/2. * Bugfix: the "client_max_body_size" directive might work incorrectly when using HTTP/2. * Bugfix: of minor bugs in logging. * Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. * Feature: the ngx_http_perl_module can be built dynamically. * Feature: UDP support in the stream module. * Feature: the "aio_write" directive. * Feature: now cache manager monitors number of elements in caches and tries to avoid cache keys zone overflows. * Bugfix: "task already active" and "second aio post" alerts might appear in logs when using the "sendfile" and "aio" directives with subrequests. * Bugfix: "zero size buf in output" alerts might appear in logs if caching was used and a client closed a connection prematurely. * Bugfix: connections with clients might be closed needlessly if caching was used. Thanks to Justin Li. * Bugfix: nginx might hog CPU if the "sendfile" directive was used on Linux or Solaris and a file being sent was changed during sending. * Bugfix: connections might hang when using the "sendfile" and "aio threads" directives. * Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives when using variables. Thanks to Piotr Sikora. * Bugfix: in the ngx_http_sub_filter_module. * Bugfix: if an error occurred in a cached backend connection, the request was passed to the next server regardless of the proxy_next_upstream directive. * Bugfix: "CreateFile() failed" errors when creating temporary files on Windows. * Feature: Huffman encoding of response headers in HTTP/2. Thanks to Vlad Krasnov. * Feature: the "worker_cpu_affinity" directive now supports more than 64 CPUs. * Bugfix: compatibility with 3rd party C++ modules; the bug had appeared in 1.9.11. Thanks to Piotr Sikora. * Bugfix: nginx could not be built statically with OpenSSL on Linux; the bug had appeared in 1.9.11. * Bugfix: the "add_header ... always" directive with an empty value did not delete "Last-Modified" and "ETag" header lines from error responses. * Workaround: "called a function you should not call" and "shutdown while in init" messages might appear in logs when using OpenSSL 1.0.2f. * Bugfix: invalid headers might be logged incorrectly. * Bugfix: socket leak when using HTTP/2. * Bugfix: in the ngx_http_v2_module. * Feature: TCP support in resolver. * Feature: dynamic modules. * Bugfix: the $request_length variable did not include size of request headers when using HTTP/2. * Bugfix: in the ngx_http_v2_module. * Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). * Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). * Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). * Feature: the "auto" parameter of the "worker_cpu_affinity" directive. * Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work with IPv6 listen sockets. * Bugfix: connections to upstream servers might be cached incorrectly when using the "keepalive" directive. * Bugfix: proxying used the HTTP method of the original request after an "X-Accel-Redirect" redirection. * Bugfix: proxying to unix domain sockets did not work when using variables; the bug had appeared in 1.9.8. * Feature: pwritev() support. * Feature: the "include" directive inside the "upstream" block. * Feature: the ngx_http_slice_module. * Bugfix: a segmentation fault might occur in a worker process when using LibreSSL; the bug had appeared in 1.9.6. * Bugfix: nginx could not be built on OS X in some cases. * Feature: the "nohostname" parameter of logging to syslog. * Feature: the "proxy_cache_convert_head" directive. * Feature: the $realip_remote_addr variable in the ngx_http_realip_module. * Bugfix: the "expires" directive might not work when using variables. * Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.9.6. * Bugfix: if nginx was built with the ngx_http_v2_module it was possible to use the HTTP/2 protocol even if the "http2" parameter of the "listen" directive was not specified. * Bugfix: in the ngx_http_v2_module. * Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. Thanks to Piotr Sikora and Denis Andzakovic. * Bugfix: the $server_protocol variable was empty when using HTTP/2. * Bugfix: backend SSL connections in the stream module might be timed out unexpectedly. * Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers. * Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had appeared in 1.9.4. Thanks to Kouhei Sutou. * Bugfix: time was not updated when the timer_resolution directive was used on Windows. * Miscellaneous minor fixes and improvements. Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora. * Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). Thanks to Dropbox and Automattic for sponsoring this work. * Change: now the "output_buffers" directive uses two buffers by default. * Change: now nginx limits subrequests recursion, not simultaneous subrequests. * Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. * Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. * Bugfix: "writev() failed (4: Interrupted system call)" errors might appear in logs when using CephFS and the "timer_resolution" directive on Linux. * Bugfix: in invalid configurations handling. Thanks to Markus Linnala. * Bugfix: a segmentation fault occurred in a worker process if the "sub_filter" directive was used at http level; the bug had appeared in 1.9.4. * Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. * Feature: the "tcp_nodelay" directive in the stream module. * Feature: multiple "sub_filter" directives can be used simultaneously. * Feature: variables support in the search string of the "sub_filter" directive. * Workaround: configuration testing might fail under Linux OpenVZ. Thanks to Gena Makhomed. * Bugfix: old worker processes might hog CPU after reconfiguration with a large number of worker_connections. * Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. * Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. * Bugfix: in hash table initialization error handling. * Bugfix: nginx could not be built with Visual Studio 2015. * Change: duplicate "http", "mail", and "stream" blocks are now disallowed. * Feature: connection limiting in the stream module. * Feature: data rate limiting in the stream module. * Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. * Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. * Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. * Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. * Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. * Feature: the "backlog" parameter of the "listen" directives of the mail proxy and stream modules. * Feature: the "allow" and "deny" directives in the stream module. * Feature: the "proxy_bind" directive in the stream module. * Feature: the "proxy_protocol" directive in the stream module. * Feature: the -T switch. * Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, fastcgi_params, scgi_params, and uwsgi_params standard configuration files. * Bugfix: the "reuseport" parameter of the "listen" directive of the stream module did not work. * Bugfix: OCSP stapling might return an expired OCSP response in some cases. * Change: now SSLv3 protocol is disabled by default. * Change: some long deprecated directives are not supported anymore. * Feature: the "reuseport" parameter of the "listen" directive. Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. * Feature: the $upstream_connect_time variable. * Bugfix: in the "hash" directive on big-endian platforms. * Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. * Bugfix: in IP address parsing. Thanks to Sergey Polovko. * Change: obsolete aio and rtsig event methods have been removed. * Feature: the "zone" directive inside the "upstream" block. * Feature: the stream module. * Feature: byte ranges support in the ngx_http_memcached_module. Thanks to Martin Mlynář. * Feature: shared memory can now be used on Windows versions with address space layout randomization. Thanks to Sergey Brester. * Feature: the "error_log" directive can now be used on mail and server levels in mail proxy. * Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket. - removed patches already present upstream * nginx-0.4.0-no_Werror.patch - refreshed patches * nginx-0.6.38-html.patch to nginx-1.10.0-html.patch * nginx-0.4.0-no_Werror.patch to nginx-1.10.0-no_Werror.patch * merged nginx-1.0.15_docs.patch in nginx-1.10.0-html.patch - config option with-http_spdy_module is now with-http_v2_module- update version 1.8.1 stable * Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). boo#963781  * Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). boo#963778  * Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). boo#963775  * Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket. * Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. * Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. * Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. * Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. * Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers. * Bugfix: the "expires" directive might not work when using variables. * Bugfix: if nginx was built with the ngx_http_spdy_module it was possible to use the SPDY protocol even if the "spdy" parameter of the "listen" directive was not specified.- use libGeoIP-devel everywhere- replace custom "kill -QUIT" with the kill signal setting in the service file- clean up conditionals and use bcond_with* everywhere - drop passenger support for now * drop nginx-1.8.0-passenger-4.0.18.patch * drop nginx-1.4.2-passenger-4.0.18.patch- update version 1.8.0 stable * refer to http://nginx.org/en/CHANGES-1.8 for 1.7.x changes - enable thread pools invented in nginx 1.7.11 - refactor nginx-1.4.2-passenger_fix.patch * rename to nginx-1.4.2-passenger-4.0.18.patch * remove zero_in_uri usage - add patch: nginx-1.8.0-passenger-4.0.18.patch * fix "warning: comparison between pointer and integer" and "error: invalid type argument of ‘->’ (have ‘int’)" - drop nginx-1.4.4-passenger-4.0.33_fix.patch * webyast is dead, we only enable passenger on 13.1 and below, for compatibility. this patch will never be applied now. - drop nginx-1.4.4-passenger-3.0.12_fix.patch * this patch intended to be applied on < 13.1 machines, but 13.1 is the oldest one we still have to build against. - update fancyindex to version 0.3.5- disable libatomic-ops on SLE12 for now. the library seems not available there.- enable ngx_http_auth_request_module- update version 1.6.3 stable - Feature: now the "tcp_nodelay" directive works with SPDY connections. - Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev. - Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4. - Bugfix: alerts "sem_post() failed" might appear in logs. - Bugfix: in hash table handling. Thanks to Chris West. - Bugfix: in integer overflow handling. Thanks to Régis Leroy. - no longer install the init script when using systemd service file - create rcnginx for systemd case- On OpenSUSE 13.2, it requires libGeoIP-devel/bin/sh/bin/sh/bin/sh/bin/shcloud107 1570190856  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH1.14.2-lp150.2.11.11.14.2-lp150.2.11.11.14.2-lp150.2.11.11.14.2    nginxnginxconf.dfastcgi.conffastcgi.conf.defaultfastcgi_paramsfastcgi_params.defaultkoi-utfkoi-winmime.typesmime.types.defaultnginx.confnginx.conf.defaultscgi_paramsscgi_params.defaultuwsgi_paramsuwsgi_params.defaultvhosts.dwin-utf50x.htmlnginxnginx.songinx.pmnginx.servicenginxmodulesngx_http_fancyindex_module.songx_http_geoip_module.songx_http_headers_more_filter_module.songx_http_image_filter_module.songx_http_perl_module.songx_http_xslt_filter_module.songx_mail_module.songx_rtmp_module.songx_stream_geoip_module.songx_stream_module.songinxrcnginxnginxCHANGESCHANGES.ruLICENSEheaders-more-nginx-module-0.33README.markdownnginx-rtmp-module-1.2.1AUTHORSLICENSEREADME.mdstat.xslnginx_upstream_check_module-0.3.0README.txtREADME.wikingx-fancyindex-0.4.2LICENSEREADME.rsttemplate.awktemplate.htemplate.htmlnginx.3pm.gznginxgeo2nginx.plunicode2nginxkoi-utfunicode-to-nginx.plwin-utfnginxfastcgiproxyscgitmpuwsginginx/etc/logrotate.d//etc//etc/nginx//srv/www/htdocs//usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi/auto//usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi/auto/nginx//usr/lib/perl5/vendor_perl/5.26.1/x86_64-linux-thread-multi//usr/lib/systemd/system//usr/lib64//usr/lib64/nginx//usr/lib64/nginx/modules//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/nginx//usr/share/doc/packages/nginx/headers-more-nginx-module-0.33//usr/share/doc/packages/nginx/nginx-rtmp-module-1.2.1//usr/share/doc/packages/nginx/nginx_upstream_check_module-0.3.0//usr/share/doc/packages/nginx/ngx-fancyindex-0.4.2//usr/share/man/man3//usr/share//usr/share/nginx//usr/share/nginx/unicode2nginx//var/lib//var/lib/nginx//var/log/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11216/openSUSE_Leap_15.0_Update/08dfcab61eeb1b24377f05407b6f1c7b-nginx.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linux ASCII textdirectoryHTML document, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2f63969e40ec5b6b2615c0e6eb68112f04b78228, strippedPerl5 module source textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ecfe812c810b8185351fe8e1de886b28576f0ffa, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b31ec8fab6053065bb8906ec324429749d197451, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4f7d129087284736629f422fab57a28b7907b121, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=872b4d3e4f86bfcacaf1a5c5cdd3047946c0e8ff, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=41f2419f32bc42e2380b30b2d0680b85568161c3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8d6ca254bf566852144c0a2b437bad4214d3ecea, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f362b6caf4a65fa56d888013a7bba2a43ae64f88, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7281594280c1afa261aea85ff03ba53eb782e0e6, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbf06eb8136c72901bf5fd08c87cd40d45bdbe4d, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dec94f681fb07ef2d86f192997cf8317fbe72885, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=a67c452c8972f91ec7ce80d1428a3c920438d0c5, strippedUTF-8 Unicode textUTF-8 Unicode text, with very long linesXML 1.0 document, ASCII textUTF-8 Unicode (with BOM) text, with very long linesawk script, UTF-8 Unicode text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)Perl script text executable (,16;RS RRR PRRRR RRRR R RRRR RRRR R!RRRRR R RRRRR'R&R*R)R%R(RR RRRR RRRRR RRRR R RRRRR RRR"R!RR$RRR RRRRRRRR RRR#RR+R RR_Zx ?jlogrotatevim-plugin-nginxutf-8043770f7dbf7926485dc11dac8e16fc7f305e66e7f475d75042753c5da56a04a?@7zXZ !t/4]"k%nԴBެP*6-c)l:KB26V@5xE8 h|n]/P!fok|oxB%߈'#{dn)nVHh"s1?7neO4o/J:6?E}Û(;e -v*HPFRIvV4A3^ȯA>o}S6Aĺeu 46tl7^ On/ObɤRlpO5&k:,ªɰpG00geX E75`'CsgmxۤMvcEŞyOa/(z5N(Hˡ N/n%fH&JV5ܔ(L<ޡ="I2 qK8)mpi9Ofz 孩5('8q׺88Z1|h/*̲> 6չ`arנB?_Հ>|=_`GLX 4xFM$K%]"9+(2H^{Xgb,ْJV;05d̿=nNi8ɵhټXVfL>´שnRsd"EvuS- sro7v)]?4J([8HG"]zw>Wq6 > HqmoJ9>`ʘ,tU6IDIqCJ)d&RU,&_&6\ݕě#.WlWZ(5/mxEP+Vưe1i$ (Dْ8'8_,`{ } #䩳Dz܎XFtZrw$#B+]b-ػ\?IU(#'{D_&[-UE7@dȏIDd`Pms\ΐB߻\\45*[y Ag}μʣ{kIV^V8o%ҁ~0VU{k" hM5%m*"K6vx$&κ+)Bt_@˜޻a* DVxb TKHli|HF?v'2K=h)T[: 0$Rlr) 74mrUYJ?(VL>gUAѠi>~}5K0,ÔCqZ4MW צc K,ڞC&@c&%X߇GP!uqt[]9RF)CO艁Hc+yGePՊkܵMq F ?i/,9I.d89EQP(Y =֔y9jtYK_֜s8VVGr_7WMt%.i;y=C'()$N669auX$/ksP!4꫎vv"sǁ̔Q^T ڹI,&1-{H/4^iBڽM* Iܠ۰aP ^*(_ES@Av8gaTDS~R6.=_סtn^8_LE8@m`t ԿЛ_PĆ7d*t<Dg$ޭMt5p=fOSs hw͙b?$<쀌%w zs 82hRUt ZSN7-H!\1;ЄrF&Tc J,,UT4eH37|lD0o α8ǏW YTyd`[3첚AV]$UR;2|Ә3RڤRO6*BfwHڇٲGs U٘ʣj/Y9Ǣ7[`&67 P^'Θ[o5QܑY"YeXW^SؙϤ4@1uhAƥbXXNp~#S6b1{"mCKlI\~~GR:C9#m!ⴙb~N\qb:yAHЖ[Y Y#z0yL)3s4(Ar{)w@[ق.\TypkƉ ͈&Thi;Gg["o- Zh޶5*TEޖC eLB#ݗy])9d)ZG/P#͊?FG4w%:7ƍcMq$107mAR)Ǯ1,fW Ժx{_K*'eIB$QgР9vs x4K8ԜB~-$X7{JDJ0c}ʜO+j{Z )w 0JN0t`Yx7@L[*Fp'^,C!m@ 2&:tC&k54 X'JGuuF$a~WE~JkQ=d0'q73u^es8/L}nIꌴ+D8놣6/6=!x?jA1*2݊jMNj'gHlYNF_XûXNyYw_7o t-G>Pأv|ikjUO>ieu?gռ" ӡ7=m 8MʗU?ʎ/&lO3<͖, bVxym,i X䡇:G2IƗXjYcEUh{Ġ1MMFvgL?A@np7t}_mJM1~lDUGjw(bȤ3 B\:}D2Ta qܑ2/BxNwfpTI,!f2=vGƤ#aD` _)""dq_\$S(1ЙûG&ju2UnL)M% *.dNѭU.¨Xn)F<`MnE^g*GA7fi}[/j* W~ʲ=j۳ MK44J--*D .Q7u~j[@?E_SŁP5C)*A83pͰ3Nv!ɧ{ăRt $OBE\etc3T% Wr@-5ds&gT#3ޝQﵧx}d8:F8ɐ*Bt&C{N]*>"y&>+t;ڂҖ~Z_'hL}Z0t6?*0D ;Ui0Lh5 b\~Ғ8轃`pVV M` NÒ@ hGG}1E )CdM9u8HpP*UfmV%R׵Q_[Lhډ> @:H B SH8 u}0@ eI:JBr ^9L1Mpe1 #^FoɟCyx#?!ux(\V]1A.)'{>s Y$[dzbh*/2odZS0d01F|1SBh&^5Ha7 7w7 H.,k) S[&ZN}GP,D]𛻐*թ6 1+PB T3V`.w"i-Qgp8&iF|82c\גy``E"q[gn{NgJBr w)pfeoO'VeOXVW»T^s#ϥǗ:`] ܔJЅg!|=gER~g3#;aFg=}i~pS%,"i5Jr$=7MXe}>M"2 ,%cXF*,vgCyC4x^sFU?Y 㙹M ߬g幚wz%௲ {*5\ye'ZA|%l*Jʋ' ֒BM d?ڹ(K:Cp#u?)j"f'*ͅCY.>3 vBtd)q_\D5\- =oVXgHDo&1,҂<DI.ܮEIU"lN*M7` ˡ$F|;RC^UI >4v^4ǻUX}jCjLsa-q9vى(\a87UWt9sUGd⻕[UGO'hu%#^ @-zr` jJzNm=ȲEmO>۶V4.uޭL%E6Un6,I-Dql i/&kl=y V(CR^w扁:NMY] 7a6np R%c 1 UiUM.$N!D) Mp=BZɴ+r6睒jw:)C~;]nQhoI:;.NIc,+Ǫ>a2$RF w'k A|fo L'+TM5~(tHuJo1,5 LۋOUdoH='_bD 6p-ԶCWReW+ ol j! Q3 Vh@4,|ˁEo<:u~)tlZ]ޥ*RMlFC,!yqQx.֌b5F$c4 =ShJKYcc4EԖU#P]{`}|wԹfCէRR2:g (g$$D;Df+|o ZV#{w^+TsDDP7+jl߯f}=9$p%T@S<`iuFRZ.b$C? 1^,k*0tYsrTX0٢=8/F "ں4@V2\pw|Ee^D}(QȎk#G:q 5 btc1x=;BZϟ U7SG1?Kʌ날 ^{pVdu, U=`9teȎlȲYN>kMEqy̼z55~f0S 0ؾÙx (ft,Lfg, --NC:= P(W: L%˵B'.֤ 4B&aT)^%Bq/pJzvF/^L]Čx#P^Յy`ɣS:O1Ouh1Rr0*1DHM[Prl%Rd%pPVZ1H>گg(LZ‚pd ?w4i`+& t럎UD߂2]1N1y^l EPbc ; |;:B}F*,ڀJЛH<qg[CvYUnÉU_O9r;_ V`U,CE1%t?pvƜMղBuɬkǍ\X1KQJ*&LJCO=>g^)q XP?A7I i*pm @Lpm]s^$Βf^zk:|¡upo{Xm! ;k-S} G)x #Ag>^x+ץ)S+OSw`<)lv@\ᡴ}f!Gy\1Ya+_ag%dfoL4⑦|WIrK}XCٶ6˜)^Hs9`B'+.kz-S?9Cjx=1#ܲt`DƖJHix m:R( )Vߤk3`Ųm]Ԥizdȏ)hn-<%wAL3gVyαNmr4h0j{I1rzzţ@P(j^d^"Fk8Bq& ~=V=h'}w[pDZDS*Zu#ya'?1}4  \NϑfKօУ@@X"jmab;%\YtN<{T['&$69 m8zh72*/AYgi/phBbW>DpB!')SՇǮBͿ=BĊ 5.k#ⴿ]z팢њX}_ĝ㽟+Cho;2teDVɵJ4H#~H6`f| 3 {V8/V.+!yCuj;4OrÍS%ak?s3t{F l#aޢ~汸TAs`U2gu|k?8gGyس^ +IW52A6*K?ѥ*#7 Ɉ.`C@Bt6>CRC+713M-vjM D搸%Z=z㳾ZR 6ro3û\[K[j*ۧƇx!.K~4ߑ9~#] ;ñ[ĘMRT ba,-Վ]OܖvIMŜayvp5uq9b` NۥiSGDeNqxJcUK_ݨzj; Vt!.;1M\V.3 '-4Jo(|m5w[B x`G$}^<4$RWԌDW+R"a7$wƃ[1UrX#7x%n}5֮rw7Ƌ5n~_x+4mrBLx7eȰl `- 5hK=meQO!þiU d?ͺF}`bڱeߋԵ(* )Ųյ?3PBs!.8*gh6q^ 9 /0Sm0 \ }0d bڧE7 тZh鄜/L6nvgvU8҉W49ߨ?', Vlcm+4 ܐ1{URq87AF[җ*֬SVh&~4 GFwxRU\|tg͖^1PgNG7f1gpGH|Лx/->}#q Ek2eUn<,Bᮕ/N?6/F u3 nb_)Xć,)*!{zȊZiYݣbJ'C{-yusr=ZG~bQ v(;姯o%Pps %Vŭj"YftL(<['FGD#ͰNk`{5 sU)}/sx.KYs]B\Y-n(XۮU~֯ {s*p{Cv dCh`X4SO37 E5 Swo>rLC.|iLPqrR!;~phQ xIiDew }e2Q틊JǷQ H,]G0PW q>ҾPvIdq7\h3̖ SǧugY_i qX\6Vo--n=02Lqj cAc#l: j:9r- Oo)Y0M6{D/ɷV4obi6UA'sEL,Lv(]*lQVIoad!<S}  J!2,-WűmÒdgvKSn݂9%x?wјپn|(Md^"K:J_Y"C j(ZKndv-%ru QSow{\0gB>R.OCO=fm]%t"YMnWڎj.C oٯH~''6u~e "4l `C_HzڊIрPzO3[-i"&|tJěLQiHў{&W\I+?85?Hidy+dǂXO:?oL<9!R#tURw&[}फ़y>ehnE5٤]F'䋢x^9x92WՉYlhVzhl AGސ;~2lZ2qM}f>|QUchҲI#iB70Ppb8 ; _ݞkc.P5>sN(#g@]?9#a"sx GPzT, xS˧8{ _N_;;cX|UtWBHqqeUųMo @jq>kZVA]6u6: 7^?$v;CmZRTc} )}~,1x"_#w3XOE9%WiM _j6X|-oH<ů1a_#}Ӿ93usGrؕL`0ayHZM_x2g8 $'/73.-KfPn+%͔22$j(>f? -:;㼶62,  *lpwIa%:wڅs[zj6 ]Nm(MQ|1yKϏY$q$DIOtsʱ'Gz!7VcKJ磛0Upi. 1HiújD3=z%TxS3߱yl:* ~aGvC55P⧿aQ]L0(3S'.jsq w{@V.UŧŪ]z(.'!FV6VnsίiţM2,hߞ+IӾF.m.[ӶZiq4'g-@jx0Q]'7 h%or&9bYhNg'CjUHy41֫YL?<\cYNǭ]:W +dM\J ͻ,f@@ÖWj :ksm+++% XExsP+jBG8?%2?AAŠ߆QײJfYxw畛gRY1DSO/N$K|6%E4lz\0M)fPqRp3"g˔qNo #~Vi윶Z5L|,#yIgP4S,AM]qP)Ze{sd>S٤7'֫s d# Qyh 8xڹPhmIMxgJB=}#8$'ᄒ&h`pшٲžt%zDpYl ]'JD@!LJzeLbjΨ_)DVgscxkovE܄jxe} 6hYr!rr)羠 ڳU Ա.%&-N>U~{O>VurqwE-+)ggꡮ.sϙxi~ p 9yr*}N2]뵊MZ5-K9 X;~1+K4+3*>sZfMYb3FyV0>4.Z&x'|\qvFv/B (2w$i-ɐ!s%oyL>nnAXI{w~gY/l=A)𷞬21jG-eZv矅pW 8 J7F8<% x8JaaW"dTXʰ,!R͓!_u %OǼ4g0--kʁAߪcWY >IP7ulL-i//6Oҭ<0F_1aoMH;> #jP7kv=nwV} a" g 0zfD>OYS!ujF>5oȞGA;bN.ӗ![ว.`Hsni?,X -cM%"(>#駮d,7kQBx~l|V f'at{S6.l/W =;p>₿z(%Y2Y ?-T5c cjqPev"S+(lt(Ee~,ϐy2 j 맬`APA>lHQN!ÆдK?@BZFp钓dyv[k!fv;a8#aC,k'kV稂jܲ\ rp-m5i4V {ϾСp͒_+ ef/a'{/렐 !y2;P%@k!M"T|<&0Z ^$#9v\p|^?/cPh!TCF<Ѿoުk~N]|P-PҢ{pFi=dFCNG_ƶ\ygSvAH,HoV mڻR)T`Bk" ^jwc5s)WH``F8㏰T񲉛8o/ >S=ڳ=cf/G;Ȳb;6q %ڍd.%4^FguKM,.(e\<@5 |aD/x2 Kqt3)KFپgQdL)N)Y GcWJCҎt@i.Ve~wG}ay0s1ޔ,ke@M=A K;-ST1rm:qvxGM-D;*9p!`-x- m_~ ,J]I&q͉7+=05a J2nY1kU؄hDn.T: 1Qn7[wt``8 }T`K "9ίf{PYX@sW_XӽDM*ffwj1wfG!?/9 ((r\o7YjrcN,tI}"Bp4jcn{q#*9'7yWo&/ޗU@$7j0OԟoGᏌk")?Q 3a{溑=jJvp*{g _(=$o!Vb=FȢpC[%܆X[xόycbExZ_K8~33<P$S&O`!UͭуgxT fdGH7dX!j|Q ߽͏jEj8'̂փ$.gѕӒ҄,FTK -ĻX 3Šlqڟmo0te-K)$"0s=86{ņ\H/+{^ az?Oc$+dX V ЄC-e:tMLSV磛mvێD)@.P:kZ sj8/,7( T߷3 7.nSV7J]+e \7_2*M'2_tҗOACiSw2`vcɪn.4u੸}yUesҩ\5#Y-V.tdO+TL)YO݁"f)sGɀsx)hxmXc\ueׯ] b=h(sKeVF+;ز h(|gL=c"m} a V&ćzjEiH7̡TVYo. ƲӞe~/A'!,/[-"\_*J(?R"ѴF' 〰vp9Bd262\cn$сCr[+g||dO4O$NI ^J@T8%!bdv(;>@/`PLBmE0~aEAQ;'pE~zH}`#( aS51ez5M`:Ɖ^ }!;$P8"BV/؎5FtֈDk6։@;i~"̒ݳrT#u3QZyM^ 46#}*t CfyZЅB8: LtK_@U +<58SQ*Jgڷ oܺa>=1ۢ)R_Q(I]BYg⯬`| g8ꝅ8xڏEX( miA YTxykdG/q^m}gҵ˞PݭXj҄Y]D8gu12~ތKPl{ iVED\oP#+υ/:{ Õ>rƜJ$1@rҡ=ǡ/|kRqCiXsA˅*udOPQ?eckϯm*]GM'wC/kO!&8x݈&z.1S~W HLqj΄c+;(b[jjHmB&`2dh>̎#ȁ٪MsEH_H6$c⊅AEsvETO 8 ΑfQ+L^ʡ02i8fDC+fix+v - P/W? 0?j.TPA$ (@a^/l`0G[;_"*LV&#qiU'/bN'W:S_v7ur5;hV @vԞdS@*F dN]Pz&7Rmȝ ;QQcV%2ϲ~_#HSzr0!|gߟ0 ]`#'r2O8oJ?]VkLS5;A5:Q}>b@O1j24# eܓ^np}?”Bc(gk} $ O\>2@+Q P[U:Z`΅ρ.;'B{йNM)d ڃ-{Y|D]%GQW΅9&;84n3Lƺ`q:=<׊1<*rmyYw C\}׋9YSI}GTz^?P/AMFO""pAʝR[yx\ؤF7|͚YOԞ7WhZ -kuļ쪐`ե( < xͽr ]0|lx=|&ghaz[}`­H7@N4,[ND62G%?hvݠ"+0s"XkT+S 4"ڹuCv͛/~7d?fnAO.uqu5sYaZF~d4#a 7K~ 3GeZ!wb톻bf C;j7PIl5 =Ӏ-Lf]t~RdžCjl^$^zWlqk)i5Jc Gc<p[8Tz.RR"h(bϋڣp{n~.v#;7yiAgC#_K|J[K7L/K:c.:.M%OO;XTL[\+atA7B,F6'5'L \qX˥㫥@iq.9JōkZ`4zg1F܀I=#*BN]όCi -~>CJIqij;f9g۔:!8UDnLoЅFJ-)w$1g仮%jW'a$|̑@Y'D3(M #4zcvn0gFfϐ/Ze$j֔W[d_HԫnqR 2a יy/*mxQ&j#jխmV:~mepﵻ #-{ӻb|lc-uX  צ@]~Fo;Ip'Ռ٤UGPJ7ȜP0F8V X)%l->0ac^> m;YtܭWRR]Š%V͊SL%N׊8ō~^a< -]_/9z^E`1L3NkL8Mn1C a_1 7wP\ ='i !h=S2|rcKݠhhMM;fā% Wljq\B+r 81g =`SL!pI.AJL19l=؄ȍ%pmkvV kS%jG) D\K6ٗOjn˳}CT*3bз ;jbVIPL/:7G%'- G/`.t.v0L.۞\h -ض0Yo@5<f,:JcƾPF`38y~TRvw?Srmycl'R*3Ѵp=# /L8b. [2E4)ȕ)_%wQR͕wQd9Mb.hڨ տ]#KԻV `>2eҒgQ CǑn5NJ z!ETeˎQp2 K$/xJr;3Sv" DGh=x$1c7v.1ysOE3mf.cN oLǟ:E,b]lToU"&s+2Eu^:Ҍ >ZZhl_}$RW ?PQL i#6qz";R%W\i- 29JF*Ek}h~x"GȎ͸ M|aRo! *_lAfBZ5ETZ4]I1&@.D1j`H[ ;fFr{h5m`w*PXHɒP6M؂,=ُ͆v|GTw*MKP8<9SJV: e~j)qB™IlbEM\ށӡwx'%:'c:N_pdv]D)qHơ$rҧu\u[.TQ\6l/p&UCXQwPs$ Z0l Udz-ė'=8.B/v?TSݝj_k1'Hwγ-&\:ҀH"d0`R#-x>~@"`u,2,-ft Z:3rG>>wWxn]-q~Qa @Ѐfȁs65AAQDnmEt`^ 1oo]5c2ⷯ]d3)7]r#=zPC0uON(UB;Vx޹w[ qwY"-H+;}>ǧ[qd.&gx/o;JDYfu$#F$rV0wpx9ݳҚ)Y?5tdQ;̧@48Y!;YDS#p&YZĦwVeߘpx.cjDSA0C\.>X9] @Yb2;D‰. $XvT ~P)'#!=6 CK aS#xriz[fYΖ{2Rs"ZZ*aвaCcAȦz.0 AY:Xas/XM)%ã=TO^ө F q1]Azf9qU̩4 SSq{\]U 5,\E%;ǿ l"KA 0R Їeg*ifH;o V`ȹznoE j(iZCۙW} %&-j8G:( %@jt8%{n}@Zg)|Uic|Li QJC&VՐ"=$-ߟ o<:K ,⬖}RC>fvn5oR鶩.RI_ig;HY"*ޖ˜f!2(sMg:E0/POh.gZa=-uuz)i|x|m#G^W 1 % hhX7^q+[榬A)E|,TAF|j)AuX{L 4]: Tt/@PZEo S'1/rWb_=n2p61GNe^EoЯuZɷY3\4K2l`eŦMӭ@DEw|!fJ;Mi %k;Möۨ6/$ȔpAueYmuBmnΥl7$mKh\ VHR"lYȩ{y#X_o҃w;'8( לI%cUn3Vflu\\ ct!$] ԾQo"xFt؎>p׺4/u/}Dw?gLVG$R CO3jCn!i2IX裾.vD.|c3XP}BWc?VEfюjX_J,HdDT޿&6:6vg~8Op[[wS+-DK_~w 9 K"=n|wjm8X+pvݹk^DetEFUNC'UFtl yhYc;>K(r6JTj4NHtxT{G!kJ=k)lٛQhC$/q)d9o~0Tt؎qcq_Y!˦73^#xQ !2AS։WG|SƪXk#fwX#7S*x:'kȰ¥GgGD dL}졤;gID#ߧ\_&7Sno'̴=T@u&6umIYx'w-! qI|PRrٜz& n+ӕEXѠZ$\ǎC~VW߻ٯ#9ͭ|o],* n{/7~DE̒oE98X zWDG2<@Kxܰd8yT1-eZIi<}@Bv.&: P\n?T}MlnV@ '>ڵxiۺ;@5v?1 H`*xrD>ޚG#$p/heMՑwI!ZN@4Π !k0=U9mE4 xvUVCTTAJ\%˞6e$2UoEU1iAZ:&M7 tpN@:nڼQM~b>e YbV+dvĥ8P ̢'f}~/T ]pF+")&xi!ɭ0/>iOyv+/F˰ȋ-/_2JkT9wcAOYqK)SC='a}NlFy:ԑtbaRHRmV f|5런؄ʜo Rش;!uH}5cEu0(33Ǜ zFKPq ֣\w Tko6o| j0g0oOd$s1.9lYQylL΀2@QHz݃B)_TB%:K"?ϡQF#q-mn)LA ܈Y~%v p3 ?XNF6ûz; kO{Sr|nbb #SkVmb(>T1pC<uLjv#tOقV1r_ Ov,#q>Ԡ"D4?+ \'|CII8tb|E}r?46}a0NA'7b:s\9r]T6XS$|Jt(|_ޒα:%4&n%l4ׅYx ^J,,hX״_$IȬ%?Up|pZx*CRAzπޕ#T6Є:ڪl~Ayȕ-d>E ^y9ѓQ[QŔ6[v##sux :7WᜀVH0&G43rޙ5O^۪ BQV UߒD7*E@ &dAV2٩K5 {x- ]1k8lh9L#B^> ;cb<,ٿgu QKBK'DKa6MĻn Qe9Cxaa}Gbg.! &+z뀞bCY)8\R40S}}pvϕ{)AGEX*P&#V&S~"~o_g.t|uO1&_RI=YR\mf%ƲOBLNK|X|t8.| 6Д!*7`j`*Yf\DP(2-[c9';/(qI顎L' *VF]Yeٲ̴D|䔊v4{'|;P\aynYJA\% =\zCn;D[?Z Uۧ.* 7+:Y@98Fl W␠{Xk4ܙaḦ[;$l}c@HrgQg *|w;eb3tU,U~֤z",bT<^Wg=v%GjgVyO^EqѵsQ߂C،Ⱦ2^=yulXJjq>A;Y"ŏ_ a{΁;;nt8 }ZTR[oiԺBP ˲> HQWSS*@2|G[ѫ N<]dDzNWcUi~ܖ_RjfPkdߦ:YIhvgW+sۆt ቢ3 熩: ڰ 2Ax{"d xۄoPIX=|:8X1ӯnG+Ǖ@bUHcJŢ#8:* DB6ɲ/X |FCs[IUg1 ~ .4 jB#zv4\Kz4K!ڭ,?XB9FµQ,tҭl`NrϷ>٧-X~7@RX{Ш=>$TLZ'C7t?Ok͝%O40qěY qzH(DTC?Vߐh#/.T[T)P㥊r:ʜSHD3ڱ~||:Ejc{T 1vS‹xmCZY>Vn-N+t3v֙{K;}'ia=w3=cW(&d]F&wZi4 6#PZ5#1U *)#nUŵdGa1dvvS8N=iSsXh)P':XdesDYz!0[Jk zjJE v$| EbRr\5R{Y9; 10ZVQPbc{tmh OΔ ӯ,yAư!@>MygX5P4ry=jn po*t,a:s2̡&BgHBLWmj*?/(A'Nfya  ttI)ax(o2M?_>?#SD8+$x?\eyb7chWi"q4udnuaVk'1 k)QL]Nۧ] uvF!&ai>ˊޯMb!%֍=EYCP8zrUپ~)W|@!*iLE}v֮K nCtum?:&5ޙ[տj8Cٔ=Lu:Z:r lDaw>R:guf]gCQEc Μ$k:xEYOKAcBF<.zn Mg6T"NיULЌ;\&>V#e&w$%&x: > M^c_L]`ܟMgO..!JmXxc ȿ32xzkKnYIZ*'4ZVi(c|c MPOd씙ӼTU`!nTOywSdF0_HXc {GO.UF־=M )$ >E7]ssYc`ʐj㎒՜X\}DxD)9k'36NBch1Pi6F;>O dGĨj5.W+vDNEzS,HlJ,1RҍwLHY*YLZFufOTitܚ3O":\6J) eAݭTDӳX"kΒ%md3(z\=9ڮ}rLLygqN]ro Oų͚i9N=dfFj{ԷVw-ch鎣 *\Z@Җ{cRv*Q,oŲ %^X>Z}PK4Eu<aa$J ?WwȒuRTsyTNM)3F,§#raG0 с _*nlO5B[u[#o:Z?-O{nok CɽPEԑ5'7p1?dV8iB6G5ʥL}A>5]R£KIG!`H:3жdψpYH:-1jփ~Q 57 "@;P u0/Y>~5&h+y+mV?X'iP*3opmk 8)lڷCוm'dF<8|.l0!9ͲVZ؟H1.3$C(]?T*_(VT4yثW;n$Q݈#owX.>j}7%!u͟gEОanOTT'^[_6fj xGRd -̛TjVq`X —?K_]ڈ& ,bP@Gh6X8I*W>L[Ms(#Dn1OvFsj[X)ꩧn/޿)),T3dbqѐ07uAdzң0@1U^Ts(OyB0%RkJZRl!26*2$N; F˲0k T)*Wpk/h,ia` 7J#u7 X{y73Q8w+),j VTC}gBuD V= QИ}֤1DD8Q aFZŤ^O}Ej|оt𹷮-a\nO@4m$Fz(hWZkCxgIW#BeHu.&]vJ_vGʋ DV䒉U v )a f~1 7Zub*P5d+cZ~{˕l\;>]xa(U CرVXǡ$x3k8PtspF!).VJFr@ZzBC$["v\jZ 1s TJ={h n'e } ؜k@71FЈ) ri޿IƎ>DjS0m35T-6khh4. o,d Br0o-;,(mѐ9|ƛZ@Ӹ6mlRzpsiC !(?v00QŚG&ۉMni'vD9ѓP%G>q%n|ʳ5 _J0Q KYMV y~d96 Mes\XḰw^fE{XVu{mӢ ʚw.;O!dEZNښKvlA_M@b{*:=p>㳈Qs P!Fv9 > 3* C93&Eg0IL&W]!ioAҟux##O]z6hq޽g?=QߵL b66Ќܵ]e6\UơEiU\}tѶV+Gq08܄܃'UQ@+k/;N3H/=j z)f}? aIlϼ}|;Oj|.R⨌HhSaLnDc6-n]9lҒ '~g+n &D"}0hU"uvse.]d%r/F$P`W(5^TFC;DUS1> ڱ,/kjbOJfW{};]7PjtYvsཅA~ h+Ed :csBfuK|DF,EoN+Wr(vrF.zhePY-}5p9#%[rz5[[ٰeI_-[䲽k8!7v wN2<*6?QYZ^[ ($HscC@=,~" X?}A&Vݥ m{3ͨ@diObUP ~0Z@ 3poe mx KMVF;1Ssx1/P| VrC7d+Ij 8f [2S$PbGG 4nr¹E%VƒR@)2|*Y9 0vElOr^\n^re~q115-Yo]5x8# Mx &Л]m6s^\L1vC&:yځOqG#fJY^{qok|}o,1z)%B;pZ'ApyWa(rԴsU+ʀحFl*cgGeu*雇05T2 l^r,`r®$~4CͲll%#"qQ 'u@R5a⦋Ah0s~=jV BS=VW&,f>ܜ,7/QS_:GZ)< Os>Θ@\" @FڢͶbZ·)#cNA'QyXn>;l'EZdsF Y},_|͏owX+gZK\`w@3[?C ʼ9hc#@ys^]B;wlBU*lCUTN"勸` a\aLF }$փxr*Y^A;ꭳb(oQ=]6dF#K Kx:/P@;U4%SYP z!m勓 QxUV9,~zV+ F| i? ZoVjFڇP/ ݐf~ŏcuBHxu|`,"xi-ήUKQupHTCHK>* .Kg{+UEQ%}aҰLg^0;bOqI;? QZA3k3eN/^,[W!Mܘ=ɓ x5;bE E^,s(Sػ=u?6S|A4\GJж4$Emr)Y`Q+X,-3򩏨Yf h~2DbOg_NeR0^oB?9lQFЂl,۫A4s]^uk !jb,^~JM7gKDz[BSl -{O~YD!Ո},6I"Y&N39 "@lO~E?mJҌTv^ET`ǘ8p[V"Jk:fvSxuCj 82g9c(AZ Lh,(V#E)dtDb4_͸enm1n!h'*v2?F :Jr>V`>܉6Us*7Ś9+l+c׺NEzfsA|g30'>= 1&_9J %3"%&zB\˳ݐ`KԸh> N'LـQJ:|W^-L~@AB]a1$b5Ecv~{z B2lfXܰ0&qK tSԷ <+/2 9a {>&c'Y qӰDW kd ŷ6 34=BG?}:i!:݅a!<(K[):r>tMΔ8FcV8~E::X;JC"}тjƾ L,OJg;z/u_lߦshD669VlLG;%;rvTS .xLf+H6W7ʆ=6EȨn#Z }AjPQ7֎ o&W`/ [wЋcS'hrB+VA>WCWRЖBfG_ve3 ]/{Uv%N[)?xbL4 JV/I ?vK WǢ%oڷ|%HyEҝ~yPtlי`hcŤ{ 19;S:>=`OpHѫL?/2_ 4;cb,$ϫ3kZdiK{GaO7N_,=`, )0`,<ϐ}G]֏k+"`ųO1S5qIvWAS@McVӚ^ & ~*pmhPm@zɛo.eRSWRE_0e|`v|Tϓ%mlx`<1ĺ5z$V B;,lo3' |!1cd fkG=ZBF]&ٝp%"lQY:YFS}@ڝBqˏ6?Rv ^y:˔2;j/.󹐅|LR ^ܚ:hq Q۲*=j>k7|_a}B"X.,]&{Cg*RT}@xaFbHa:7CiݞmtOUͷ]A%*ƭċKO>A4^I? oj~co_zeQ ht3)+ |p+`y#:8(ʌ,%9,@P;Q?\9 z| @8[i+h17>/;k*TLkbotVC$HY*N qZEQFew>jF7jX|,-gor4B$URUU^A;@е9#&:Tq$+ڜ?y,ڪ\lǑkWWP4[G ;DȳdئσjmǭH$}NLSџ |t6}2!2a!61Gri erք%AEe[?(N[0G4LQ+ Dk>̍`]qރvByM1Q5qdt_ 8{`>kxv 22ڜ8jxoq(oTݗ܇S0"|k89۴@'jRX?vPdc<@JtF?O !aKҖlDŽҞJ|?2?YTCN2:[@tf@[-FceQ]tR^]a' ,9ma|C;9 .oƩ1=+;efel=kԾ,SY>hvSQ FsTZ=as'p)paki B<U7C'Ȥ$Q\(zkN \˚0!eK?[u Jx剤nL_wp93E@caN+t".msN%Mbk$ =x?e p65%~ldDɷGu۽Y'/!#1D) jw]Q ) :>M*P1-+}7 5vvj(s٭/أoxr= ba^(y- DJ퍛FAjLh{❅T2\!].XA,PBҫHءb?3=MO/@( #=]tDj|V0.ƻ˓$N'!uU YR+G9¨|6R8͐dKzSxL*a\&n݁}I\͎oorMgblUCJ.wf;Iz.  WeR!GMyN*$?BؐĜݸh+kdˈՋFzHsh+W XCP4?ʺUqjHG1<M#Yd>:3 {F#]+fpyZ-Bi/=k"ϵY[]?r#^x:% 1b و *1g0b+lif]gQٞc 7cžg @қ}\LGx~&<6 x@+?rD{_}8b9$ڔHXBt lHkT|pbWњ3<򋅻-YDoA8 sBG^0zHK_CeFlV[FgCEVz yBn?&hD3* @u9۔^?J CF:?4,]ӓE5q5 |`r\4H1RDE1V݄,vwx ŘtƯ4Hʊ`MYMFpKjldc tuYqD3zo)mƙ,#X"BVӐYT2tA]tLgcf TLJC6xIv-5a6㷈Xu"V:bUF-ˠʀbD60s}[fN} @xf%kzLxj`/[a&1wMO=աeЊmьDiUNfh.Ḯ<=&1s0Q\TuCcؙ(h߻ЖF 06usx?U{)Rp`u>הS>oU,Ѹ-B' 2[x%R[92T`RT*+uc̬Ohl#MA\M9X~M؋lcEkzw:ko :B4{Q(l>^;2x+ڞb& Q*X iy<_7nEs$n%bDGM_@95ús)EhG_5e!UEg< %fwK!2pFܙ?yoD^RGLQi&ijq;thP͉CW_lMօ3ln28 tXMC+9X۵jp&c561WSomt]Vε"Vtnz8@`@\Q54ɴ[ H<0G0ƞ5Q.tҥXK^KS&4j{U 0v8YPkK'{I%{[p]lh-«_ ?JGIː"[UfE0=1cjמ1`څ((9 +R.Zʾ.7tO"K@LQ kՎ(A|Ř"ẍ́Sx'MbwJ tbkY^yJ=@Ìpq?kAh S =;;XI<?/_!F8]YHHVA}V1- ix"͞ƚD{9Fti'}_ Ĭlp=CI/>Н,w_DNW7e, eFlr];̨\5lrq 5>@3F+2D!* 9)Bۀ@$_׻d0<Jn%"(.9Lw'ܓ,\M- Nojwdy!x2+NwٚEWOAfQܲ쓉:3% <d.Y'Eb 3'UoOٵ侺B #FDԶ;7_[ 9̩Kp<~%-P{&m'wf/ [4.9'= +w;,D:y};ǹq-'^]U=~?~X/1Ƅ ztQt0lW ܽH`MfrU/~ٚkW7}gimqb}ᥲuh:Ln1e쪷aݭh c)Ҩ6L+LD:H4]㬟u걖ep Bo Zz|3"93Dvm7 YT5lmU^<|2hɻ\YR6 G?ܤ>30Q3ΏY^|bCz %^oA4n; kxr;fe1A0E Qh$6%cqWM'Wof :Vٔ׍%>|_W,Ol͈>ʳ ~<_۬=GAvr̦S!1Kqv %h*Ƣ]Ds<osS(t[8I}q~5clk+璃)Nj g kxڞ.2A oH%~׫p"9T_P2呄U59o{ŗcjax-P#^{`7 5̜-2V)4ωAC @콙fLh%ľ >41ʓKV牽IvA4g06ztڷe_+p(uns6T Q#7C?*!%;B,e'31/i)vwYk![}[ʌu{H}=TCp-Nd/mD 7( R_EqiUc]O'N(܋C"Vo]qMJaؕ.x%l6 ! 1{`;lY6s| MHk2Nk.qހbz)(ȩg_w|\dH_A&y evsV` =ֆbh}4/Yv4$K q`?J)xŻ2sPEL//> ޮ'_;]Ůٸ|<~%&FBԕڙ,_)9> T &Lשlng9߻$7LBˆf/L!2FyUj}prA`E\ҵt0tիxoG<~Br k iڶ@Ĩ#6aԯh$ĻΞ‰ء v (jhBԓg!lb}Sn~T.GW.Ge]WJ2j?e vKM4=}-XTjJ[76ORfް8ف\]B;{(NHwivh4OlaQ^m iB|xF]*Cl96-P|;#wsU$5E!abvLےA Q?. KRC'؟sXՄ ߺDyfR -n!zp!)rm{6r؃[N'&>}6ľ [!ÀKGߺ`km=`IRuf(S#KrvWh<  f:U/ޥyi+ !D0a}T'l54A&cHIzteg 17M@͞$/vx/ʻCEh2}nBlӣCtkl׷U,'W^~1Wl{x#]&`&`NUdaΡVgCQ .l;xZٽAj /%-Ӈ˺sPXlc'5;k]͛毱Q!u:yޜ,);Rc" r^]>Q4?to%2AcUy'EdW)N Jyyu历~J#$PXY*-{A/tj%k-!e9O8Ӳ AJs#P4?]jӴe@/,0 w_d 2Kp}X: [ɇT ?AYoNr̟.rGQ+ߟtsO4:zV[ր:hh0c.MpFն? %'=Yޜ6]vb+*CP3?.ɦR%+O4qd_!{5wԼE=o7]r8Barӓdt93%M~tbW*o5dzΧ2wk'4N'95-gLiNyyH.'B77|1Gk,4th@Pm+VBt'tDpTXK<׈6922 EږkM\yr|ƲdnM~E\uỞ#j~GO l!^QG_KH60ŠFQ=NAyZO6D0|!Y 8 mPpKCڻ叆զ˶B Im&2FW*3SdΥ0pˤWA{Zɟr*J&briy+x55~̥8yɔDCK@0| ,(Cye|NsS*%Ft#!0mPǪR.>rBg=]{vijKDJٝT$xjSKJy cw?pGmumi2wޝ9nv!!`6+Y MXlU+-{'{VnM*ߏ 6E, `D#Ӿ%NIwe;$-cT 6ݐ ѺI,*C~֚v. E=ӀCoH?}K7bd!h6#?@P_fL!){aFCtQp> _V\0Bm>%XK`!6ݵYJ!^e!rPA6hRjg`rPLs[(TR~_`V+ XfF+Yf<O4GV#Ճ(4ɣp[xt|CK<%~DISYtH_H|u/R2ztxՊT+ZTd<šyxJ0D{Ժn:iT\f4?^' ļc+c<;adCz+d["͈(m)$ssz`5I 01 Ÿt0d `=v V>@ئbAílETW#'Vx&5{^S)%rzGQlǾf/WV esTu8* -qQ#  _SHo9j/W7\?d˹،i؈MP?D?wg;v$DN*fGԆ&k[$t"UCEOΧ43P{(6]CKEſ^99:f!㊄sXڋh6_(/wL&cϚ4شE8~BYXRC}lo!]HC6BZ8H6혼זHxl9(-sN__4ATi&e;.~?@Wkȡ$lTym=e#dJJ%HiˣqEnb^e[!/:g/m(QdXӌe0 _UoZ[O^XIŞP4i|jωTޑ5jy>RiC Y34bDSٗx#i/ Bg !*MO3GiAN&fS,C ࢩLI+BWa "M)$l`\ΕUΏP,KXM/yD.W8X윴\P#(ԯp7P;Pi;k5xA0]p1hb@4pۤ[̍WO+i"h3I nˇ\<.mRQy;ԍ Eudg*r,x4ު "\a0($6d=aX(.Iu  ib(/xWwf-Qh5fC'hI@e dߓ-]) #*{c4*ɵvw0ɝ]g`4ڶs1Y-B] ٜ$|q EMtQVʅwҶɃ4хzp)fU0y8\cW.<*QĄddXrOcZ4'x.;;oƄD$jCFw&j"M .ڡ=vxH3-N΁_/\w^$%\+aςʋ0٬ 4ix,5}E<{ri!AA-n҅K+|~]Mۏ 2Xm>lD;LQfֻ]@JH +\*"^Y64eE ׭bSao3$816w*vMK(w[!7 tg/~䩠 HghRv ;ۑ*M[?{Wc!UN2_Ceuw(K+|`!&VjA|7.| I3_ E[=2>'S3P/ssDҪKfj)gle>>>rkz]A y ߙiWUC mno6)QK{.:BC+t=EwdE>5QI͞,?SQ BNӱ'q  99 31{MG'PJz#]E⇖E\fqghquMqxѬ NOx⽁eaN''xV`S;]H C` FOevDK'+F O$FkjT4܂(dx \hhJmC>}Z?xmoMWҭqT0 "$׭fNDǸSg:-_&:7O/ )<;w5g{?J$gA15nkU'k\.-gE=7W:E {cm9xv˺S^4rUxOۼ0PjjVl,шD⹳+Lo:2/q:Yj+8f9|o>i?0xs>fz$M-mEI8a-E`oukV/k\Ƌg)F,1{.,HGuPRxW/&{b#%PTEIT2cͥQC8z|c\v2>z3fkzxZ"}dḁt2K8'"}XO Y`<1{G3mV'եW2o7ѹJO,#VNMۉD'*;h !:5Ugh%U&򀍮`ޏ#Y@kEJBQ\AX?n"YhnZ~ߏfsbUMFؤukD/]_iz?6ߍ3`軧h^)_ibzՐkly SLݫ <3=\|W<|KˇPb3[q%M <-[sJ7Ӵ1j/= "pU  u$euSۘW)c -o^onkt E߼/ZuHH~#rV@E M?; A5,rn~,qMVo}82^W} CUCb%AtM ˩`Iߐ`l`RwiHs"-d1ISʁXԧ-4dgwq"tj~dw؄nqOi\/ZQ}Òwl9+ JdV4eOG'\80@}]o+dc]xoqJF Q޳5\Z>&d齆or(KUO4Fddȫ2|Uܮɺd\3Rr qsGe*cͺ p5񓿽S<ǟo<%>__ ]l荩k9,vsR\]|1N}3ոAlŏyBA #:IsoYSPrj+a[ZG C7e9UЎˇ,ʿ}#I.NC< VkUn1HsxR&jFR X,&}n ID?Ik`/J'?lX~h̚%#b-j~BF*mOFWbs.G7:jAQǓ&f}342+FW:j)re#;rhz%leD40dwxS,9tD/4FE#ߊ|""(Y~.6cN 39Kdb.?,*Is !uDu#⭧e$x%!kaM&Tx)L;r9_8{fI13^C`_<"uٍ{Ry6ʍ#b:sMD!W\QѶ ,ŏ^-T=#>8Z@lZK wlh y)`Ƣ`S;eه \GpIh(6Z3 dBN x=UJŞTG S^dcֆxKcg@HͱXY\?lW$@U߁wƨI<ș0\zGS<4pK Nv/o\^} --q$|*ip@L\[gXV3xFS7|`bi STi<u)OɸKv6|/rY7 $J#>ĹE )e5me8Sh*\x0tyPh?@&t&LQŠ-SCjaQxLꂹa1hPNA]Wc<8THrEaSX(X^EȁSάL#F >i FS 3(MF,Q &/'20[QGOUU*!o0 ℌ%ty $N0ߔ1c֠ u\Nl =^jFň&Xb;Lr:}\ <~)Mo95Z2cc;) 2>dyЈC[t^aQrtF?^ܱ׳J]64c+viD3gyX m|+!$l@ ~#T)TI :4[+5Ɛݚ l9޿30\ڛ˓Cc D[)R]cE@^`;i<`4 gW"BtW,k=ՖK<kX!6r&8lѼߕd"ڭ?NN^ xdE)InT0c0Cu;F0 =fzF}]\r0z\+ԥ YE>{Xzݜ?*~cy*G89عK;0谾'1ɬɪB v;WH5saEd>Kطq[<1$hToy$Xgc ѽ}jkew5jFH;4uԋ3{qJ21NDZQ>!nxkGnM_4?ZCI[@y|dD@$42ek(to2wysm-zѾ }O*I_]܄1geNK׀Ҏsoȇ"c F{VȬ K3ij2q8yI }~jY~4jbEJ,?۳ki<{/%S˥CjxzYB K^xy0WBm'~aFb25(=ك0JܑwJy̶t(iW?yȔs z6M w紐"yO<;M{R4hw"t oicV+xOkԲxQQ$k ݉q/+ ieϗ=oclϚR̶ ?ˢE%WB®$BlؿWhWPuAJ#lJD9J {;&7Tס %&1],:㜅 .S F:$h $$U+R}Ikjh碖9>iNT`@@,Ŕ]x3dt& w,IP#=h"ŠAMr[}&'}MC!WM+D:*^=E &uv]rBYs~#w˰bGLݼ Γ uq$c5yQ_Qh}58gҺgĪf!$j*NόnPg^篺]6(aP8S96d͋|y/@ylħQ{v8xCK-ACS#dX}ư5äϝ!%..iͶ6SVD$w˒Ţr1Р 4`/eQ|Q \맲+ K?Ldƈ__'=Y569e f<6T vTo?1kٟKĺ(+BsMD̘-=A&#X@ 6 Ex% |(`Pd9 ,W+AP\ċ;G>(rtӨogoe wqvy*_g-r%ò5uRf3P#3i $WXxK|GZ֗6Codb<rxcqd۪P)fzBh8&CU8fȢw ڝG#,b.qj$Ĺ~ {~ ,U1Fk:hň+\E t шݨ%̨ػ+eo|@bR \튩 ~s}9 :T,k٤T䵛p' !تbRn]Q ">߾ml}+dgm,=}2H-j-5 Kzy86@SȅQ_S&Ώ7; d׿Y~N$R:QTAAC;>2x87ed*'{Ֆy$ߣC^5g+ȤqBsZTӺw.ßq歗֧dYi r4g ZC\-0{aS71x]l9=$Z*밆Ze2bu*? t$fYOFKS|/ (d? M2;!m67$1\rjp`Ҫywb?X$Ejr9eg;_Rջp&Z׫y:,A u{p'^Kt-y >NEzi}v@PsLsw?a!YEQc8 ,oNGqD Bz'jZx`lkXm-sFX#(zVr%¬'A7_5F~FA/Ko  "pqr`e6Ϝv]&͌ Z#}!DN\9EFfgMw8C}F|{`:2bsAfq@1 '\qB Tcmށ!|ovRHUl\K"ݡ59 0E21g9&x-@<mD9qawH}fS*R'q߰v뎃Ox]XS[0'qXh۫[!]n$& lM)t5N,-KH_zD[r@f_@\#m/QDu!dC mm`B>e_|kT,سE)k^n>}S$# o i(ҋLŦdͪ~9ɵ[|_Ùr{ EwO6=+;ATY-KvK.D+ȗ kH )RBc}Դ~1~"!_euMR霗:Cl1/nsF~NiT5&4&E3.JXw;/iQљ<$Lc]fcA67-rBܝ@OA rrFL 6oIPŸFVSkd6iS-㏨^/1<amM 2ژgZU/lY.vĻ"zŏ-Q1%vۀ #7w#fR\.Ee=gQߛ1"D^/#܀W2s) źO2C"_&q#c7^EsG UN 6p/puzF)VqCPmuہ^5{yd6# ZCM̙L+ȿ š8]BzU{+C#v\p)NOtqc0 {ca^>n&fёxII {9@ևXwQ̸@ ,1 8@ܮ ~T{InTBq?,.Zݙl0ܿ~թrJZ7/2R_¹ 2!߫\i܂%McOvrҔXK& ('{k(q>p-&=L!.-o+:2}NE,4) VZDјŠ֡hSZ(mYؓyXўg{}4Y:49d.\7|AQJ\aV9xvPC2pcCnwZE}-2g¥\F4A/y:+BÌU֧Ӕ5r/β5X wn9j Īeq2đj:gjK'/ےO~QXVG7Odžٱ>ig=}f êFE;âB׫$0L% +۰ -zvPXd[*&d"cqֿ/KdwV#w=UoLZAo@q˜AX䪃S(Ra?6/y,n]z9283#د8qѳՏxC^Q|DLmfhܽwѫ KVuTOw tKyCr&<Cr̈-u,7xؼ)(&i)UڃaN5 n9e',+Fcw̤msH3b޾+OT1y8c _a/5.p_$hp.i v(|^ڕj9΋P@A ϛ}Nw"xm B2A4eVF6h4L `K puY#o$mhK!eWȧN?ߝItڸQᄂ'Assw-@vcr>7D3H\ڻ-82]S\ .\QۄE|,cC4iP KϜ{hUDT 3sƚcvZ.Q[]RqP̵|j7 d2g8`O1!@Vlm⽇p|'ശ7wPũtF>Uaz[8KDnġ!?8AUB%V6&F'rt?#bcކ)'Y_X g~^ Pt`k7̙RsiU {{l}kӚUE6O=%') PFMQ'2Py0b/%(wRdL-/L/<ݾ,hג U@P$fWJB!֗QR@u$Z|AF\ӠED|BP9B]ڪv \ճ&4a-e|`3kjrߎkt[*G}pАK%c(F'Uōȏꗚ> gڵV.]ZoGL?(Ǖ(".>@ZM)f !>UM`U7='{5bɃU~H;VHqV`eKlhVmrh(RIm][H|n4~/WC#S(r%̡_VΜ z\`J1|?I.ɽBߔ̞~eƧ |IT?Ks:1M:`qq!LWj" 7dh*^ߕΈd29}=qcW!n_UW)X>Fpc3N[1 cpe CdG<O{`>7gCIa _h5cA{q̲L0-|\,Q@G?hE6r6j?À-jNEht+\Kۻ]U1Jq l.fz|%+.|~-֑ {/nӌq3n]<>Bm#񷬒v3ɴ;+sfFcX(m뭽Y}]wAW1aY_ASl|#1ӿ fe1(peգU*Gz񮓕R jY/2+]Wc c;02!ơ撕Z[xs1v[`B5=ȡ.E0O$ŷ( CUi3=򃪖l80Ϊge| 9. 7}L')gY4XANNi91g>F- eHdh߫j\"  )J.X*#p2~o'<%eZw*{gCmyKG&܃;R웹Vlp'fUyո iEbÇ P>z:_p6;3ON*Vlg"kmi1\J,MۯdkbN Iҽk)mvF ok| V_!F ` ƮK 9S;3_v urd$9X*z-}ډ Á]rƸO"\O8VYw&GjԳ1V#TMN3$9EZY9nMR9&doKj5=0r,vZFfIyM4@f ^ŃLx ֜~茅c`;q'/.Po> O wi3=.X`2okTIDl.5O~X|Lt+~D3 Kum}4 L4Ӓ{l~,Zv՜EGZwAy?ᾣ^ ,&KUJ7Aj:5L޻ ѬKomUJΖW`bSr+9+ס;Y>T"+s, SkOa*ZuP.@0)b [*.&My 1Fv$g ^WnRtu#gASCJmJư$I]64HWg\m }$ܦSM acO Hܪü #<^׳Ŝnz79eBJ~M$PP+xŝ(i,{JRk4L7@U[Hy$Ćԟ lGjj 9x4V₷sX޲MtEbR=]$WN\᪇:6MS n4o`:rۇ&S%sq: ZMdMu!/1sv9;>bCڈVhcM5"2b­5Y<Ɯ}Z (q)BN:3gh{:e4 vt8B5,= B}&~RDG׶ [ )d`١w4:b_u#d}n('$0Wpqbp]2|.ro}]xF'=QdBsE6S 8n!qg <9;‘cn2jjpHjܤPNOlvx9mk>?/3EiC%4#Ѕf+jST#TcDws -brp>&՜k>E'#+eԙIpd.j0QaWP@zvU9LlS:3/hru_eW||9\B1B!}*DayM">3K32gv!I۠r}x3͑4r(}sB C5&MP\b gn_ISbR\`U |RGQܐ=mʖT7!dvyooî{hx6Nc .F] Ǘ-uT>fqCI`ZLLjabŮ&< y 0F|%hK[[6N|'LrrPwUa&o;lv("X>5^r>%8p<ԑ&t<L+e+:n6}_HT$F` t] ӆ~;(b **ޮgMH X*:Lߠ|e7I8Fr{u(2έLU>0MWTy?W6=<%IѸ9I)y_#H6TmJ ~~oTV{Lhu.TYY-Xu ,['wo]4p؏v=^42F-` N׆uc\)FfʣNfonГ%+<1ozO{wusC4s<B<\n7%N LD ]cMlM.:O[@R" ǟI!fJ{Bw1{-Ó~"+h A,|i閲lvV:ԜNM%,2ũ,e ߱ J,r ʗ̹NG|uz# lw]S$; L ZZe,3 seM}XrQšt_ɐ};]r%01:Irk{tCnQSϪM ;j՗ Jj34ma @ !y}W[o4fL}S;ut&}I%Q0o-mk [՞nhB96FW(ce}YyyʈE)[u Fte41{`݄,R>CB)[@+~wu\&ys&i6W,yja$ B5U<;cKN%Тȹ/nְHYbM^*d 8Xf{W)6-I .FQz= V]Ȗm\f(ȅPJ =Js#9j٨@R8=ZI 8nQοX!#U/oǵ`|\][^Ξ$[& J>YY;2`arYP ]®p^LN6Cj2 -fi]&ggKSuw'_v3F@qK!3l/Zа`SWQ$SN$!ZrTpI큲fM8gզ^i5]?js {K9[E ꪙ ^[A1dߐ~z+(h}?1?f1ZyxFl1;)iT?NYo~Գ4%iCrdalP1xjs\U>i9 "_6 Ɨ5شd :z:De8 /Y閬/Dq^M2 į~XIn5)q#p/DJ/҉#- 'a@O}#\|J>9i*UL8, pWm;`i֩LrA?򚸄Ub1&۹BI5dMx߭)(T3V&4~9O- R{Q#__OP,|;_.tP͍_ٵ`ə'k榾.qPQz҈m-;_li3lF`9(0% )˝&?鼗NRy2 qK %R$ɻDRg}bL蝜-1YLe* 7-eA|Y2 P$Z 77PU< jt_8Oi4 +TSWUKf~gdϘwvqܭD7^;Tc L.$s!D¡m-\;8)}28@G˷G.աw#sdvROzy#>1Nw˺S\'DF /eaGڭ0;'yo3WjjAMz=IIZ{FAq{Gp.}<$}x>qyL&=t&a԰-u(nR}W^>a!qaoڹ:(|qtq׍a/G@,w(Ppc1Tz=w,x'{`}U G%O&]w3Us32ߙ^aBIm} S]j.he{DrdAdptyjZ_◴;s8_Yek 2D{7Yg_ceQ`&$\!Y-=F-9n1t""]2ϟRۃJh` ֗j\on)ՠ<ǣ/ drE!) u2Pc)wE ƙePP+CW6x7{h9G+Pρ+s bZQ@3餏`4G&VeX6ȥ;&vXoJ jy3&,@BCďi xxa)Ӏqga),0fQN쨱 ˱0^ "b|jgr֤i;݊=$[EHCk{hLs'*>foI:Tư\'aG4 ٿY3xu5<S5䌼1da /4qQ^& 9}3ȃј]!mΰ2ΖBO/3/8 Ӯ4P0]pDRoJT/A!$q0Jh佶!>+OQi#gMQ4  F % ִ:čHt䒮0ѓ3l^׬b~$Қt˃R&۲+YpA:/,z"Kz,g)*J*iAOY69Pq f=1VF*Ui.m473NwQY4b=))3&0|g@ ~Zr,>t4o+!T(i}N p/3^;V])Wu3 IBe1yh,+\W#ؔEyWCuña3:Bh1A= DJT|ӓBq6/Ihw7i`]I:(ZPla>%ѓ~LDsuT5-`W. 8+K9!qb8W! `xqW<@60yoS*HvrNLk)wX%5Rk߶6μN@K~066O=e編}5 RV3$V۷rF]T6h-u5zJp6C]%NzcIРГ/J/p{f!>٣EuR{΢_6%5e@RWj*qXoTKt5!H 7SCUD}, #_Oұ$}RE D_myi#kQ"3VHjT5DJ78Avs&R*F}S8_hcWtIuhU'A2һybUų^$,媤[#ssڃ{1^w\;|~4XAhj4rڼTf%2Vw+?!M7΍c EŽoYt&ẊovM V;EjTl*k\ۯM o CW?;lxVoFsB{6dԇ.&j̳#QxuG䬇Le@NN50ۇo V`A?b1 Oee뎱HqqQUhQ*KR@_-n@Qw2L< n2S (b XcY괉(0IĖ FTBmޛXJ+5ZqlhAȷ*:kv`㏂Y8& U+]M购8('ꨈ0ch XvSXJrF/ q}b`EkUL\ VowGAyԬ$9B j 1?ˬn%""94=?_ja* c fm*w\QaF+Mf gƺug8 &f;nndžTrwxj}9E1y{P]U3ӣuCw(lҌTڧ0ABQ5c_-"T&QBp/~ՏJUe4ӐbtLMp`-L+VʾBOf!̊y,R)OWxaCZ~E԰VqQc~_1IIHB1ʓlRӮ<;zS/el0fUDH?[%@lv`}4c P%; "l(-SEз눤%3WdP]. e,/zp.&4*_2\NUES;%.  C"&49 >|캩[Sf,Q.1dsh !BA53|4E xA;swG;XYn3Ln]KsCJF$SI&T3S1ºii=>rRzPm2Єuhe $m}o~r#ާ4١5vgbr62h?<z^'S;PGtւ$ORT(}W$ n%6=3gE<5'' s[*J'}]-7D/ƛ6HK_j 3F¨!8A(`ba0/9'))x`khn1.#cc h4Fe3_#Ƀ~|lKD3wn 2ڶ> s?~#ۣtlgafr; g ~exwn{?1? gĘ3ý7Y2byBBGKYQ E\,)T]w2J1}`mх',u!W ؈=?B:@ch/~ew6)0rg ur%U~ PL樂x\r ,͖ËLzwlPVydri$Q>&ry SWTw3cPW5q5՚dKǀ0Ax!{D]bP-*J*d=&5?O/p֕ ޾7|tz ^[Z1nYOzSI]m4\3M00aI^x!֮AaFt VV H 7@&`E ?BF@f[Qy|Ybm$?۫~[[EQy00V[~C/탶 YZ