pdns-backend-lua-4.1.2-lp150.3.13.1<>,q]Jo/=„rC &y*/Do|ow8u{ZٴG~R_~F> 'Yȵz-h.5E#O,Cz~oym+HHNk:еi 3'-➋~XM390ī[ eSCԮ; c C4Sդ c)qf`-Wsyp^=W=ʂagKd*|Lrk4w4hǛY4Yg" y->>Lx?Lhd & ; .Rkqx| ~    @(8*9|*:*FI_GItHIxII|XIYI\I]I^IbIcJdKeKfKlKuK0vK4wKxKyKzLLLL"LdCpdns-backend-lua4.1.2lp150.3.13.1Lua backend for pdnsThe PowerDNS Nameserver is a authoritative-only nameserver. It conforms to contemporary DNS standards documents. This package holds the Lua backend for pdns.]Jobuild84PopenSUSE Leap 15.0openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgProductivity/Networking/DNS/Servershttp://www.powerdns.com/linuxx86_64P]Jh03b7c19481ad4d5a2743cb727a92d539614db6a0b5d88ca287881152e32c1808rootrootpdns-4.1.2-lp150.3.13.1.src.rpmlibluabackend.so()(64bit)pdns-backend-luapdns-backend-lua(x86-64)@@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)liblua5.3.so.5()(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)libstdc++.so.6(GLIBCXX_3.4.11)(64bit)libstdc++.so.6(GLIBCXX_3.4.21)(64bit)libstdc++.so.6(GLIBCXX_3.4.9)(64bit)pdnsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.1.23.0.4-14.6.0-14.0-15.2-14.14.1]A\[@ZZZЛZZZ@Z@YeYY5Y}@YMYMXDX@X~@Xx@Xx@XN@WW@WJVV8UUv@U>$U8TPTи@Tи@Tи@Tto@Ta@T_W@TR(@TO@TO@TO@Adam Majer Adam Majer adam.majer@suse.dekbabioch@suse.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.demrueckert@suse.deadam.majer@suse.dejengelh@inai.deadam.majer@suse.devcizek@suse.comwr@rosenauer.orgmichael@stroeder.commichael@stroeder.commrueckert@suse.deadam.majer@suse.demichael@stroeder.comadam.majer@suse.deadam.majer@suse.dedimstar@opensuse.orgmichael@stroeder.commrueckert@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commichael@stroeder.commrueckert@suse.demichael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demichael@stroeder.comLed michael@stroeder.commrueckert@suse.demrueckert@suse.demrueckert@suse.de- CVE-2019-10162.patch: fixes a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (bsc#1138582, CVE-2019-10162) - CVE-2019-10163.patch: fixes a denial of service of slave server when an authorized master server sends large number of NOTIFY messages (bsc#1138582, CVE-2019-10163) - CVE-2019-10203.patch: update postgresql schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (bsc#1142810, CVE-2019-10203) To fix the issue, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;- CVE-2019-3871-auth-4.1.6.patch: fixes insufficient validation in HTTP remote backend (bsc#1129734, CVE-2019-3871)- CVE-2018-10851-auth-4.1.4.patch: fixes DoS via crafted zone record (bnc#1114157, CVE-2018-10851) - CVE-2018-14626-auth-4.1.4.patch: fixes an issue allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures leading to a potential DoS (bsc#1114169, CVE-2018-14626)- Update to 4.1.2 - Improvements * API: increase serial after dnssec related updates * Auth: lower ‘packet too short’ loglevel * Make check-zone error on rows that have content but shouldn’t * Auth: avoid an isane amount of new backend connections during an axfr * Report unparseable data in stoul invalid_argument exception * Backport: recheck serial when axfr is done * Backport: add tcp support for alias - Bug Fixes * Auth: allocate new statements after reconnecting to postgresql * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) * Rather than crash, sheepishly report no file/linenum * Document undocumented config vars * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate - misc * Move includes around to avoid boost L conflict * Backport: update edns option code list * Auth: link dnspcap2protobuf against librt when needed * Fix a warning on botan >= 2.5.0 * Auth 4.1.x: unbreak build * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)- add patch for upstream issue #6228 https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch- geoip not available on SLE15 but protobuf support is available.- Update to version 4.1.1: bug-fix only release, with fixes to the LDAP and MySQL backends, the pdnsutil tool, and PDNS internals- Update to version 4.1.0: + Recursor passthrough removal. Migration plans for users of recursor passthrough are in documentation and available at, https://doc.powerdns.com/authoritative/guides/recursion.html + Improved performance: 4x speedup in some scenarios + Crypto API: DNSSEC fully configurable via RESTful API + Database: enhanced reconnection logic solving problems associated with idle disonnection from database servers. + Documentation improvements + Support for TCP Fast Open + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK - pkgconfig(krb5) is now always required for building LDAP backend - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed- package schema files in ldap subpackage- Update to version 4.0.5: + fixes CVE-2017-15091: Missing check on API operations + Bindbackend: do not corrupt data supplied by other backends in getAllDomains + For create-slave-zone, actually add all slaves, and not only first n times + Check return value for all getTSIGKey calls. + Publish inactive KSK/CSK as CDNSKEY/CDS + Treat requestor’s payload size lower than 512 as equal to 512 + Correctly purge entries from the caches after a transfer + LuaWrapper: Allow embedded NULs in strings received from Lua + Stubresolver: Use only recursor setting if given + mydnsbackend: Add getAllDomains + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace + gpgsql: make statement names actually unique + API: prevent sending nameservers list and zone-level NS in rrsets- Ensure descriptions are neutral. Remove ineffective --with-pic. - Do not ignore errors from useradd. - Trim idempotent %if..%endif around %package.- Added pdns.keyring linked from https://dnsdist.org/install.html- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322) * upstream support for Botan was dropped in favor of OpenSSL, see https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released- This makes the schema fit storage requirements of various mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch - preset uid and gid in configuration- fixed use of pdns_protobuf- update to 4.0.4 - fixes ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. - send a notification to all slave servers after every dnsupdate for complete list of changes, see https://blog.powerdns.com/2017/06/23/powerdns-authoritative-server-4-0-4-released/- added pdns-4.0.3_allow_dacoverride_in_capset.patch: Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 backend- use individual libboost-*-devel packages instead of boost-devel- update to 4.0.3 which obsoletes b854d9f.diff- b854d9f.diff: revert upstream change that caused a regression with multiple-backends- update to 4.0.2: The following security issues were fixed: - 2016-02: Crafted queries can cause abnormal CPU usage (CVE-2016-7068, boo#1018326) - 2016-03: Denial of service via the web server (CVE-2016-7072, boo#1018327) - 2016-04: Insufficient validation of TSIG signatures (CVE-2016-7073, CVE-2016-7074, boo#1018328) - 2016-05: Crafted zone record can cause a denial of service (CVE-2016-2120, boo#1018329) For complete changelog, see https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402- BuildRequire pkgconfig(libsystemd) instead of pkgconfig(libsystemd-daemon): these libs were merged in systemd 209 times. The build system is capable of finding either one.- update to 4.0.1 Bug fixes - #4126 Wait for the connection to the carbon server to be established - #4206 Don't try to deallocate empty PG statements - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer) - #4252 Don't include bind files if length <= 2 or > sizeof(filename) - #4255 Catch runtime_error when parsing a broken MNAME Improvements - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi) - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler) - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - #4192 dnsreplay: Only add Client Subnet stamp when asked - #4250 Use toLogString() for ringAccount (Kees Monshouwer) Additions - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172) - #4142 Add used filedescriptor statistic (Kees Monshouwer)- update to 4.0.0 https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/ https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ - packaging changes: - remotebackend split out now - enabled experimental_gss_tsig support - enabled protobuf based stats support - no more xdb and lmdb backend - added odbc backend where supported - drop pdns-3.4.0-no_date_time.patch: replaced with - -enable-reproducible- update to 3.4.9 * use OpenSSL for ECDSA signing where available * allow common signing key * Add a disable-syslog setting * fix SOA caching with multiple backends * whitespace-related zone parsing fixes [ticket #3568] * bindbackend: fix, set domain in list()- update to 3.4.8 * Use AC_SEARCH_LIBS (Ruben Kerkhof) * Check for inet_aton in libresolv (Ruben Kerkhof) * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof) * pdnssec: don't check disabled records (Pieter Lexis) * pdnssec: check all records (including disabled ones) only in verbose mode (Kees Monshouwer) * traling dot in DNAME content (Kees Monshouwer) * Fix luabackend compilation on FreeBSD i386 (RvdE) * silence g++ 6.0 warnings and error (Kees Monshouwer) * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)- update to 3.4.7 Bug fixes: * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler) * Don't reply to truncated queries (Christian Hofstaedtler) * don't log out-of-zone ents during AXFR in (Kees Monshouwer) * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien Cauquil at Sysdream for pointing this out. * Handle NULL and boolean properly in gPGSql (Aki Tuomi) * Improve negative caching (Kees Monshouwer) * Do not divide timeout twice (Aki Tuomi) * Correctly sort records with a priority. Improvements: * Direct query answers and correct zone-rectification in the GeoIP backend (Aki Tuomi) * Use token names to identify PKCS#11 keys (Aki Tuomi) * Fix typo in an error message (Arjen Zonneveld) * limit NSEC3 iterations in bindbackend (Kees Monshouwer) * Initialize minbody (Aki Tuomi) New features: * OPENPGPKEY record-type (James Cloos and Kees Monshouwer) * add global soa-edit settings (Kees Monshouwer)- update to 3.4.6 [boo#943078] CVE-2015-5230 Bug fixes: * Avoid superfluous backend recycling * Removal of dnsdist from the authoritative server distribution * Add EDNS unknown version handling and tests EDNS unknown version handling Improvements: * Update YaHTTP to v0.1.7 * Make trailing/leading spaces stand out in pdnssec check_zone * GCC 5.2 support and sync boost.m4 macro with upstream * Log answer packets only if log-dns-details is enabled- update to 3.4.5 Bug fixes: * be careful reading empty lines in our config parser and prevent integer overflow. * prevent crash after --list-modules (Ruben Kerkhof) * Limit the maximum length of a qname Improvements: * Support /etc/default for our debian/ubuntu packages (Aki Tuomi) * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof) * Various PKCS#11 fixes and improvements (Aki Tuomi) * Several fixes for building on OpenBSD (Florian Obser) * Fix several issues found by Coverity (Aki Tuomi) * Look for mbedtls before polarssl (Ruben Kerkhof) * Detect Lua on OpenBSD (Ruben Kerkhof) * Let pkg-config determine botan dependency libs (Ruben Kerkhof) * kill some further mallocs and add note to remind us not to add them back * Move remotebackend-unix test socket to testsdir (Aki Tuomi) * Defer launch of coprocess until first question (Aki Tuomi) * pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)- no longer ship dnsdist here, we will ship a new package based on the snapshots from http://dnsdist.org/- update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit ac3ae09: fix rectify-(all)-zones for mixed case domain names - commit 2dea55e, commit 032d565, commit 55f2dbf: fix CVE-2015-1868 - commit 21cdbe5: Blocking IO in busy-wait for remote backend (Wieger Opmeer) - commit cc7b2ac: fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer) - commit c40307b: Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi) - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof) New Features: - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out zones - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and f12fcf7: TKEY record type (Aki Tuomi) - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350, fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9, c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki Tuomi) - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi) Improvements: - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on one rectify when securing a NSEC3 zone - commits cce95b9, e2e9243 and e82da97: Improvements to the config-file parsing (Aki Tuomi) - commit 2180e21: postgresql check should not touch LDFLAGS (Ruben Kerkhof) - commit 0481021: Log error when remote cannot do AXFR (Aki Tuomi) - commit 1ecc3a5: Speed improvements when AXFR is disabled (Christian Hofstaedtler) - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) - commits dd943dd and 58c4834: Change ifdef to check for __GLIBC__ instead of __linux__ to prevent errors with other libc's (James Taylor) - commit c929d50: Try to raise open files before dropping privileges (Aki Tuomi) - commit 69fd3dc: Add newline to carbon error message on auth (Aki Tuomi) - commit 3064f80: Make sure we send servfail on error (Aki Tuomi) - commit b004529: Ship lmdb-example.pl in tarball (Ruben Kerkhof) - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing stack usage - commit 267fdde: throw if getSOA gets non-SOA record- update to 3.4.3 Bug fixes: - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben Kerkhof) - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) - [commit 3ca050f]: always set di.notified_serial in getAllDomains (Kees Monshouwer) - [commit d9d09e1]: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: - [commit 2f67952]: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: - [commit d7bec64]: respond REFUSED instead of NOERROR for "unknown zone" situations - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof) - [commit d09931d]: Check compiler for relro support instead of linker (Ruben Kerkhof) - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) - [commit 5a85152]: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) - [commit 97bd444]: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): - [commit ca44706]: API: move shared DomainInfo reader into it's own function - [commit 102602f]: API: allow writing to domains.account field - [commit d82f632]: API: read and expose domain account field - [commit 2b06977]: API: be more strict when parsing record contents - [commit 2f72b7c]: API: Reject unknown types (TYPE0) - [commit d82f632]: API: read and expose domain account field- set $LD for now. this fixes the configure check for relro,now.- remove custom PIE handling. upstream does it for us now.- update to 3.4.2 This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 - move man pages to section 1 to follow upstream change- disable botan and geoip on SLE_12 because of missing dependencies.- Fixed broken _localstatedir- fix bashisms in pre script- update to version 3.4.1 Changes since 3.4.0: * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”. * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key) * commit 4a95ab4: Use transaction for pdnssec increase-serial * commit 6e82a23: Don't empty ordername during pdnssec increase-serial * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.- only enable geoip backend on distros newer than 12.3 before the package lacks the pkg-config file and there is no fallback to finding geoip without it.- fix permissions of the home directory- enable some backends that we had forgotten: - pipe (main package) - random (main package) - geoip (new subpackage) - new BR: yaml-cpp-devel and GeoIP-develbuild84 15651830874.1.2-lp150.3.13.14.1.2-lp150.3.13.1libluabackend.so/usr/lib64/pdns/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10740/openSUSE_Leap_15.0_Update/d41edf56faad09bc988db5b8e79fadb8-pdns.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0958ea18392559a275be74d141f31ac002ad9a3b, strippedPRRRRR RR R R R RRRR0utf-8c75a253035bc66b3bc765f7a9dea42d861e94ef2a69b5628d858fa093c786773? 7zXZ !t/9 ]"k%Y60E<$#]!wh n}\B64\uiy)-Ӆ12`VPge V bR6P3f:uNO=pF~u|JӸ*kAU`qdE Q W 6y|rݠ/^{"峙C흇O%1$٘#̦_1~<&D_|ߩR9ruZ~n ᦗ %$E8D@8ǀ k4*J{xF<(hGrvfse\%1!H? Ɇy],I*"[ YY`ĎSB2@H` I#К_@[r}{Fâ!q-b4h%wѡY rX y:  ֵ}.^pֱ})d8KWD{8V&"ɻβ"3ca5IAH˜ -s{!o@I@#6(Wxy uv\6sx#M(P?.#= KKcZAòNw B@51DHK[.b q{ j}TkUFX"ϸԺ8*Ү1Jaܯ 7\3Y2x[ BA0TFß"s9g B38_q[īD8)d;%Jg>a#&dn0zZW ӆ 2𨭒{/q_r`\1/䏋LbrE`Dm2l;=-xCjpk==g,6F{Oa +k pҋE([at>g !7 KSP ,v{$+GQ܈2/q$TJ9zjuwx#^L<7yq*S0Ӵq[)u*GjiK4Fnfg7|qh>A1>D,,5͒L9 ~J Y>yōxt V.[_k gۋyZEeuBg܁_~ 򲌾YwQPp3ڗ/ԀEC F -VR() g_N."rNx#ýֹfqC` 4dki/zʜ t wD D'ScԖ_S妶 ly7F'3"$P<,ʛ`fQ`^}VAF~9^/Tji?.9Hx *0 3M{Ҋ|k!T8溲mY#K/ O`,AFq )d #$gW3Y}y /rW"PRv8 _8z RfAQf, ^BZC@kIo߅R$EtjyTS ("1bRX[D` Qڥ1bU%5\׬8>)cR`&⭂T,fؼmQTmCRS%F@4s йrn tbo(Ә-QF`2a)p7S@1܌!SP徰hn Bc@n;Eo?|LϤVѻ4pr }A.fbW{҉ PlcOm+",<hӪ>sB譻Q^#>8 Pg}::#PRŊ^*`@zV H\qj=- ~:~ŻY2 +z 0xIUq譸Q׷Kv6b+rcr.b:H}tqkQI D)̑SskOr5 D󓽓iGp7GJдau)gɊy3a% R"Q$ džs:gOw٭{MI BѴ, y1xhkxSpmPCRݩoBcT|Y煹$R)l.|{/h+ c!s!P#1.Fq ,IH^(OwH _hHPy5?5v|=em;:f }k*)ǁ sUHkO6M٬uEs (;;|0NyW_ϤghtwM$cȫMPcCo'ȭ"oÆiy8^ο K,\6r@YWyTeᒉ@R( "Ph+ʓO=c2qo9ƕvsMT0xFfԍFx<^鏱‘L;N9/ $ m1"F=TɔQ!THKe_>̑o8 E:kH& ?_3tρJ#g]찐WVD0_9vUˆ q :\ޞVi rI[= Q lM~vCL0YXdqQr$-YjYRUOZI=1NMԄ tg|o+ : 4#XLc. C#ro[ThGOAR&WD c(2,(yt5Au\h^j3x9FнvUYIADy`_@۱"dR @h LjM K=mhߺ 7S5|_J~kg\"ԞdhGq1t? /Yc_T+?_NܭՎ^lnqoj|7BGlAZR;#&e/qucûQ CݢmKҸ xĔq2f;e"͗!8 +8Ix(i 6GHZZYC @I"@DlS(#+~\agmV܆FXl+(Q"A `~(8IvBO r$ Qg9't ^w/x^"au{#~ P }C= U>f=%dRL (;WoD#ro^ N J~yҦ|lk B%v\\1.*tb%dad@5W60rn˿L3lxHVn6GtMЌ2;R`w#7{͊\;4ıJaeN2,:k7K8*DuvdcZV@Aix阣5|JZ4ƙvlt&W_vxM ))ql5#Ǭ|mE OAO =۟>tG­s$t{a{4f=9,%to &$818L&hXVIQ(f#EFT(vR<T9{7kx!G]JIwlY!`C|ϥ؊ڕMkI (jXSAdO7jd/|Z"6ڔ5džNC Bgqn}z-Ew oXI(];UK(lͩ W*J!G j~C U,՜Ԕd\1@I[-5$ʬ!/:06tTm;)R"QsdxƵfKU<"co3'VJ#?Aӿu'}t~&O?W#]HN+H=ԫlPES [9 >m%ߋqƩG(v{ 8[BCM8Ha]Ιne&`80tdnܹa;2rM\!>0#4ѠsC&Wupd!G@$?JۜKuzBf ^:.mڑrJo$<5'#ibok?%J~Y`鉣E &b>6{)To]C-zCD~akW0Ws[;9/ÃM ~ EvjM8]qb4&Xf~&6 Hmq\Ua` AɼFs s$3l\83+R[v;m Eza3V;Wd1_.%VnZQ}q[|A+D[~T~Q@!o.["&pHXR >_9N*(57)2P#m˶L(Z7hLR~b(YȲ {BJeVGs`d@H;b x05b$9V6Ir CyҞW1`Ȓ=N`xԊ'Lohs[;4ۧÐ۠9fET.H|KIy5-!g K7_T2 QZO,*fMiTj(4o5 d4uX6pF 7U;+S.ZKt2*ffe G@d->TL#x9󼒑B.#hp8h*6XK$ms8%{Z΄mH= O+c)YPH ySpyK-f5lq/Jh? $rwcf%_?[<9$#mjD40g8GLDz4Pnݪ`!b!afxXsu9d*n`XbÙ[Re}nQՎ9h}z"bzealL}:ǥ"e/):MSo/sg &g⿧(ު5N,XیB67 0xQc杍ryK͌LG\G5+2 ~ Tm`1+K)>ɜĤkWlD ԜXsw/9e)־+ݯO;ڦ\DE'NA4nς!Ih{B;ы(đoFm_’62$[\zҶf5qmT*D^eF -ĩ |6vpˊO9JN\٧0\x$Fzn$DLbR>DӸfı^#a&y| ʰ}еN݆g 3+OhXo;ocOh$X"p9.F8|,rN UB*o h(a-w)u^_zf21#%R6F=ll{Ⱥ`چ6YW3V6JxvCv|%nhn@T('W{D)hT:V"7vз: a>S qb{OQ[u"Vu 9di taJtద ԏ"pO$%^ Ըo7붜3W7h-R- IX?bIݞ)Bn mMfD&-.>R-&7~. ]l W6:{*H 0QO:>D*c#WyŚjm8GRm|fh4= gVdC16 \ͻlr4xZ$槷SΜ DL`aLyv(p1'/!h򁿇-L<,7x!Z@ Lƒc\LTgy}wu0|F/T~2ŰI.V1\&KĨ7f0de%q?tʬN8"b/u%SUN}Q;<סɐmԚH qT5wع0JSA) B `x;!`e#{e;d@QvΕjlSpMk_} *ȃ1=B<4A^ o|,.M<O wJ\i`=@X0?;`@F0 +֓eoCqK7-r%>o;hyU5P h_hRF2j8zc  g\?7:KɺI0"-B|R*#{h5y ꬏>aG!vTr 9[?PeuVzǓol!KGz4ϑH| `t i9ikji?zl>)iuWhszxSc~VicSF6hg,2q$ 1a]!R=.U$[@ \Na&eVnVlv?mM[h3uVs z"E@~eI &b5o@gmGa'+~ KaWSݿFlL'fHy7%CF۟-^dےdT)5 K?Ś 6~W8LϦԯam]0R; uеR0EBs3 YZ