From f805c4c11684ad447d955512cb705ebc2aba9ef3 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Sat, 4 Dec 2010 00:42:21 +0000 Subject: [PATCH] Vendor import of BIND 9.6-ESV-R3 --- CHANGES | 52 ++++++++ RELEASE-NOTES-BIND-9.6-ESV.html | 225 ++++++++++++++++++++++++++++++++ RELEASE-NOTES-BIND-9.6-ESV.pdf | Bin 0 -> 53051 bytes RELEASE-NOTES-BIND-9.6-ESV.txt | 133 +++++++++++++++++++ bin/check/check-tool.c | 31 ++++- bin/check/check-tool.h | 9 +- bin/check/named-checkconf.c | 12 +- bin/check/named-checkzone.c | 11 +- bin/dig/host.c | 10 +- bin/named/client.c | 8 +- bin/named/include/named/query.h | 6 +- bin/named/query.c | 25 ++-- bin/named/server.c | 41 +++--- lib/dns/api | 4 +- lib/dns/include/dns/view.h | 6 +- lib/dns/journal.c | 21 ++- lib/dns/rbtdb.c | 65 +++++++-- lib/dns/validator.c | 58 ++++++-- lib/dns/view.c | 8 +- lib/isc/api | 2 +- lib/isc/print.c | 6 +- release-notes.css | 60 +++++++++ version | 4 +- 23 files changed, 706 insertions(+), 91 deletions(-) create mode 100644 RELEASE-NOTES-BIND-9.6-ESV.html create mode 100644 RELEASE-NOTES-BIND-9.6-ESV.pdf create mode 100644 RELEASE-NOTES-BIND-9.6-ESV.txt create mode 100644 release-notes.css diff --git a/CHANGES b/CHANGES index cb2581a44b39..a44c804076ba 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,55 @@ + + --- 9.6-ESV-R3 released --- + +2972. [bug] win32: address windows socket errors. [RT #21906] + +2971. [bug] Fixed a bug that caused journal files not to be + compacted on Windows systems as a result of + non-POSIX-compliant rename() semantics. [RT #22434] + +2970. [security] Adding a NO DATA negative cache entry failed to clear + any matching RRSIG records. A subsequent lookup of + of NO DATA cache entry could trigger a INSIST when the + unexpected RRSIG was also returned with the NO DATA + cache entry. + + CVE-2010-3613, VU#706148. [RT #22288] + +2969. [security] Fix acl type processing so that allow-query works + in options and view statements. Also add a new + set of tests to verify proper functioning. + + CVE-2010-3615, VU#510208. [RT #22418] + +2968. [security] Named could fail to prove a data set was insecure + before marking it as insecure. One set of conditions + that can trigger this occurs naturally when rolling + DNSKEY algorithms. + + CVE-2010-3614, VU#837744. [RT #22309] + +2967. [bug] 'host -D' now turns on debugging messages earlier. + [RT #22361] + +2966. [bug] isc_print_vsnprintf() failed to check if there was + space available in the buffer when adding a left + justified character with a non zero width, + (e.g. "%-1c"). [RT #22270] + +2964. [bug] view->queryacl was being overloaded. Seperate the + usage into view->queryacl, view->cacheacl and + view->queryonacl. [RT #22114] + +2962. [port] win32: add more dependencies to BINDBuild.dsw. + [RT #22062] + +2952. [port] win32: named-checkzone and named-checkconf failed + to initialise winsock. [RT #21932] + +2951. [bug] named failed to generate a correct signed response + in a optout, delegation only zone with no secure + delegations. [RT #22007] + --- 9.6-ESV-R2 released --- 2939. [func] Check that named successfully skips NSEC3 records diff --git a/RELEASE-NOTES-BIND-9.6-ESV.html b/RELEASE-NOTES-BIND-9.6-ESV.html new file mode 100644 index 000000000000..946330dfd57c --- /dev/null +++ b/RELEASE-NOTES-BIND-9.6-ESV.html @@ -0,0 +1,225 @@ + + + + + + +
+ +

Introduction

+ +

+ BIND 9.6-ESV-R3 is a maintenance release for BIND 9.6-ESV. +

+

+ This document summarizes changes from BIND 9.6-ESV-R1 to BIND 9.6-ESV-R3. + Please see the CHANGES file in the source code release for a + complete list of all changes. +

+
+ +

Download

+ +

+ The latest release of BIND 9 software can always be found + on our web site at + http://www.isc.org/software/bind. + There you will find additional information about each release, + source code, and some pre-compiled versions for certain operating + systems. +

+
+ +

Support

+ +

Product support information is available on + http://www.isc.org/services/support + for paid support options. Free support is provided by our user + community via a mailing list. Information on all public email + lists is available at + https://lists.isc.org/mailman/listinfo. +

+
+ +

New Features

+ +

9.6-ESV-R2

+ +

None.

+
+

9.6-ESV-R3

+ +

None.

+
+
+ +

Feature Changes

+ +

9.6-ESV-R2

+ +

None.

+
+

9.6-ESV-R3

+ +

None.

+
+
+ +

Security Fixes

+ +

9.6-ESV-R2

+ +

None.

+
+

9.6-ESV-R3

+ +
  • + Adding a NO DATA signed negative response to cache failed to clear + any matching RRSIG records already in cache. A subsequent lookup + of the cached NO DATA entry could crash named (INSIST) when the + unexpected RRSIG was also returned with the NO DATA cache entry. + [RT #22288] [CVE-2010-3613] [VU#706148] +
  • + BIND, acting as a DNSSEC validator, was determining if the NS RRset + is insecure based on a value that could mean either that the RRset + is actually insecure or that there wasn't a matching key for the RRSIG + in the DNSKEY RRset when resuming from validating the DNSKEY RRset. + This can happen when in the middle of a DNSKEY algorithm rollover, + when two different algorithms were used to sign a zone but only the + new set of keys are in the zone DNSKEY RRset. + [RT #22309] [CVE-2010-3614] [VU#837744] +
+
+
+ +

Bug Fixes

+ +

9.6-ESV-R2

+ +
  • + Check that named successfully skips NSEC3 records + that fail to match the NSEC3PARAM record currently + in use. + [RT #21868] +
  • + Worked around a race condition in the cache database memory + handling. Without this fix a DNS cache DB or ADB could + incorrectly stay in an over memory state, effectively refusing + further caching, which subsequently made a BIND 9 caching + server unworkable. + [RT #21818] +
  • + BIND did not properly handle non-cacheable negative responses + from insecure zones. This caused several non-protocol-compliant + zones to become unresolvable. BIND is now more accepting of + responses it receives from less strict servers. + [RT #21555] +
  • + The resolver could attempt to destroy a fetch context too + soon, resulting in a crash. + [RT #19878] +
  • + The placeholder negative caching element was not + properly constructed triggering a crash (INSIST) in + dns_ncache_towire(). + [RT #21346] +
  • + Handle the introduction of new trusted-keys and + DS, DLV RRsets better. + [RT #21097] +
  • + Fix arguments to dns_keytable_findnextkeynode() call. + [RT #20877] +
+
+

9.6-ESV-R3

+ +
  • + Microsoft changed the behavior of sockets between NT/XP based + stacks vs Vista/windows7 stacks. Server 2003/2008 have the older + behavior, 2008r2 has the new behavior. With the change, different + error results are possible, so ISC adapted BIND to handle the new + error results. + This resolves an issue where sockets would shut down on + Windows servers causing named to stop responding to queries. + [RT #21906] +
  • + Windows has non-POSIX compliant behavior in its rename() and unlink() + calls. This caused journal compaction to fail on Windows BIND servers + with the log error: "dns_journal_compact failed: failure". + [RT #22434] +
  • + 'host -D' now turns on debugging messages earlier. + [RT #22361] +
  • + isc_print_vsnprintf() failed to check if there was + space available in the buffer when adding a left + justified character with a non zero width, + (e.g. "%-1c"). + [RT #22270] +
  • + view->queryacl was being overloaded. Seperate the + usage into view->queryacl, view->cacheacl and + view->queryonacl. + [RT #22114] +
  • + win32: add more dependencies to BINDBuild.dsw. + [RT #22062] +
  • + win32: named-checkzone and named-checkconf failed + to initialise winsock. + [RT #21932] +
  • + named failed to generate a correct signed response + in a optout, delegation only zone with no secure + delegations. + [RT #22007] +
+
+
+ +

Known issues in this release

+ +
  • +

    + "make test" will fail on OSX and possibly other operating systems. + The failure occurs in a new test to check for allow-query ACLs. + The failure is caused because the source address is not specified on + the dig commands issued in the test. +

    +

    + If running "make test" is part of your usual acceptance process, + please edit the file bin/tests/system/allow_query/test.sh + and add +

    + -b 10.53.0.2 +

    + to the DIGOPTS line. +

    +
+
+ +

Thank You

+ +

+ Thank you to everyone who assisted us in making this release possible. + If you would like to contribute to ISC to assist us in continuing to make + quality open source software, please visit our donations page at + http://www.isc.org/supportisc. +

+
+
diff --git a/RELEASE-NOTES-BIND-9.6-ESV.pdf b/RELEASE-NOTES-BIND-9.6-ESV.pdf new file mode 100644 index 0000000000000000000000000000000000000000..60fa9fa0f166a21bfa8dd49176f18c19f81fbecd GIT binary patch literal 53051 zcma%>Ly#^&o23i4Y}>Z|m2KU!ZQHhO+qP}%mTlWr^GEdbsykvPS8r}Ia*^kK&dE$N z1raeiCVDn#viaqaf6!b^gp7oChL(f?05pS)iLIHlIUxrl8{vNqXa+G0YiAQjLIyEw z17{Nv6C*og6KFm@XeVb!69XG)_l;{cX}fGj#NOMwJEY=+kAN61_PNp&Rh2+$6$^x9 z6OM9!5`3TU4{QKwS8`(MM8!cPzR{f7XO`V6exPf3{v+DEuor5LZY~&bA!?WqBdQG& z3bZm&f&wy(kYcmo+N@^RUrxQQyymxT)!MN?4w!zx;043qs69;T(24|3dN1nuCZ$EF z58kmM(6s*==(C!wFL>e*!xATE0|?`ori+_dDlQd;!krY^Q>0UhIBXV;JFft0%hTlL z8$?#xxpng`V<5=(hikH!@asjHph_l+Soyi>!bqoD8JF%XLFMLzF>|=Y5W`h3FRE%Y zxaydp2>$Ott#W-Du5;R^=5blAr-U_TdnJE=AbaC(d56fk3vRQ!jS_U>n&t{`z&9uGD{m_28fbAfq9DKWEaOUK1$DUO1e2H9r+>t9Q8|l zuoJ}E9XN7ifd_{C#)BJ529*^Ds4wnyED6BBN@X^ytbX}_5`OaeLA{+odpCa^7ygu$ z>(O8M**-(${}j2tx(%vjLq4K=72gGkzAYsjJ`SdV`b6Ck2<}$j6$mI1ezlSPrBwaV z&}kFqBJN;D8`b_s8oWsGF!gEpN1!cLQMB37Npm;We`q;h zJ;aqd?bqIpQ*y0<4#F>vaf#B^uuE#@(P(3xMLgT-$wH6f&ac|9w7YIeX-XlWVIIW$ z-iGu%?X>I0&TRpsJnzbTvuvX{tn$JVvhYW@%EwIWd{EQ1V|M=zb{U?-(^a#N#?DeJ zZEHLkV%dWOmzhv5CvaiQ-{I?H<>TvV(v=T+&=K=2#ANH%bhWbvxgMnl_%e4$e{Y_1 zWT^RoT^rm3?bb!UTp_VEX(hz2#CdzwMSB)kK4JP8^m4`E|H&k4K67uZ(Og9+Ni z*7*OP<^NRw(E&6QBlG`M1Q!R_|F@+r{#D9JVz5tVt|GX-as*pyW^2TGMU&Ym*ci(Txbi{tdDxR`ft9pm ze6Y8}Uzj%jd9g(EzGNz&LW%-n=Pb?@(<>zTxTgNNVrxC*`~u|NzJ3=XxwK8%;78NuwDNV>voJm#Cf2Vkxlp42ejOk3aGt&Hv3}zgSgv8mT91LD%8nX`9 zscdk|wJ%y-9ds5;8V?sBwyt=Q%Qu}*d-TsPa4HCAWwv3S#S9JtOK>WMxGcJH-ZE~9 z5tFBP!2}KK%RrWgtzRH_r2$5@2_QdLF{pEGo)XcoB!VQpJ)u%2L9o1I4#DbOgqPho z*QscGql?VXoxKwQ^ zZsnerYX?#R2u3!8nRRA)@`A^h(Ln{9KvcgK32)1FCFo3k+$8G|osI5OH^d;pE>$kU z>08S>OBp_$L0;7Baw0PLKKd4F0T3Z54t#QRAVxPQc5d}azCMY6+!#&@Fm6|JKi<%l z|2k%SBOdE|yBo&xiOh;9LJ&klFtE{>5fJ>!R048&!>3|qFknsVIJ!A{40mDb^}+OT zLBpki8-H>3x@b`czN-!*67*UdcfSykM!ZlIyK#`P&Qrz~iZdrZHV?go{Jsl5re16N zyo-MPxPMhhb(t|`%=UAGDRmL*K(cj*gpW=;#_bg#i4Hz@&mYMH&OLJMXAez4nl3V1 zb9SD7_JLA#_uV&0?T5r;Vni6As5Fnk)14##iVH7->oyT;ep0XjgzH7AHMaU`%!H+Q zxdHQh(IuwR2v32>3hV1f4<^PQ===b{j*n2fFmy~q4N1pUb>ek^>z$-Jbz_D>r9e7Z2x-VQz_yXnOSP>r)z zV9!OBL?$M8Y6X8YKzHg z_}hjzmJ}c{NR&mNIU?WdQQT*Zco2Z$F{i@bG8r&3(;D1VMYMmXNthi> z2D=@kj0_Z2Cj;VkoViR;mZ-`b1i+Z?vl@xoJE5Jxrf=V`IpC%p(>d&TxAWzV(i$$2 z#wBjvx!$9g^T!lwqm%rW;=R#BbFQxJxjBBsbE0ULdbu_GD%M`iI1E~MSdv!WHAtGL&LpjX z?L^2~b4cyk2zwV35lpbvruWAjR>KQ?-d>a2{pWl|iHSfS+j#~^YDt>15i2ftu}w#5 zg__VE0u7iO1StE;`8f?qH6R7?I49@>wiZ11U49SR^2=uK1M(2ZCGX@*!hL+8e2&a7 zqG&0zpk{jppvBD1PO{H|8+@z*1&uqA@MF2!G#3}PzBdtK?)PYL_^l?X7R&~o3G0M%??^G!Zpy7LXkxm}M@kdT5bUJLf2DS|x4XxgFNJ)vZ zpdnXBiu-V)HJzm=ceO-t%m3`##EY%)BV}=Kj?Jd!!YjnptDk^L>}qGG-#CW=)do9U z#r*_1oAjC`BlIQipuG+PdJNOM!kldz+6PH(w#NTWOHy!N2eV1PzFBc`1o%PAhEKCr_BMV{&k^Yk~y`6(?~rPS#^8yB%ii~1Q}W} z164G$Q|Ql1OSZ^4t>h!-6phG6wc*GgT8^p1i{bhoSQ_MqhEMwGoA#wqJTp0g zY?Yrq+6VC}4L;sHy)aR1nYx3ZgO~39(elso&Z#0!_u;A+Qy7NW?_%7+=wO zSQolz4S4!jyp!HdOb~_w3GzRdiZt8lr-`ZbyInhnXf^aJ;;Ic4m(uDZ16@^adGaYj zouRalV2~uMBZ{Mx(E1_i*#`0kbKBS{@6z03w?wKsvJT5XT`lS~-y-%?CQHKC0~Bazl)&e(5%0IU`!pHYts~yF z+j>}0eFUsgENjvAT<&OyulQ@>lN?vONC)`=&dAjW^z}vrjHz}!fqesY5M<+S1h17O z=MYNO{n%jV4Bm8sJJCRr{g?9vnzRtYA?Yduj{kAi@xcthk!cVATwSF9uxw%7ukC?? zF>kxKo^u;Yo&$HgK$7^bQT;ggC^L|U&a-aqH6^`>Lkb3 zAb5JsRB(_gg0XMvlzPa+mJ^uUsnmQ})U0Op9@c(~EVFduR+;w%4eP-KLO@Mc{up>x zr+9JrPxS0BrkAFpvL;NnVTuTGLJK*SJK$X0wU49*!FrJkI-7|*)4fceRv0rDzbY_5 znN{Cdda)k085qkA%cPnxglB}{DCzf;O2;5&^_QPNVnu9eHteVm@<@X=BIUOZ=KB(Z zP<$!17s?VByEHs)BhOHaq823&<5oLzC_npJPg;nOSd^7&&&YZ$V=AhkAOB~eQ;YiZ z0?xKdJM9;c181?LbKRXGu_wdpQIf5zn4gL{(d6DKQ2<}(J;EYgp(}iiJuvzU^mS@U}Ih+J;s{u{$ljb%-=rs1BMqJr?QMh9aU zTnq;mclj~q6+#XUmH&~Lhk8uq1hjE4q|ZBLaPiFX!8L(iH{@?elo@T^E$?TLUfqIF z4%hp(_50?S9D6cSY5u5KVE;IkHskK?$^50^Xky!)GIE_?f2%b5k4rxnI#NF#VA;=R z;BSDTGl1Q+iN~+l!sd}gwoupub(hS$C#HyiiAxlb@Ng){B7y%mS-5i^`#O$L#rR4# z-D(5oAEgm@xH1FCFPPBN$k$NA=m<`)0~sCFp@TihI2(fc7}W5-Cc;%C0lO~2pB}!u z-oWF-D}lELGmq%c*w7Xh(>o!8O_bf@umv!^AlCc^L>R55*xh_S=C9Yv2by&c9QL32 zT0InyQ=H1x`ukn!u3LTUZ%biBStK}Sf(6%VT*iV6xom83>X&YHaSLu~7RWc&%;SV# zRlxM^<4BbsP)r@o*#AOurvJt5GqG|0-vIpo&c7vUHg^AU`#(E+2E~}vzzIT%cB=fa z>YFy>+|?t7`gj|}`lK6%Me&uCBNBe!H|~E8%UpT#31Ac4#t!dqIxw0>Ob5{W_zmKE z8C2zGeQBmd(bT{g(5s$_Cp4xtIw&8QPb_-X*`i(tAZ8!$4lm+9ouXb9XVvfI(;EcN zM}q+ft?be613{|oqR8e&MQwKUv%5$=>>NI2!T1(lWLij$=v&k*h@uwUWny&}@tRxX z2()H*(&6OJ!b(Xu$-O&ftA&@=(W&&Q4yv>miiyK2H+l`0Xq0jTH<~i+G9c^oFG(5T zblh{GETX*BL92gN7_kfMhJwL_Ttq}|J?BCDy&ZnmXbiQuwn8QG#|N5PEv+NiS`#I5 z);Xirds`ear|)o$_cxNnHl^*3OE?hWPZ3lnMx$nfE#fJd5_W#^&}r2d0?M+@EM6S= zGZ(Jt`hkDtrt?}xKcFuBRX z80UgW#L7e;#?4Qz>3VJI8lO%0DS35wG_TPwA?AxkTMvacy8JOb6xtel$rClbRB0e2 zw`zDyB5a8W6H|jNoFU3l)p9Vzt-auy3B#%t?coskLDp?(bd*p7%&{NvC{aW%jy#K3 z$|hnjK#jE7Nfp}+fuhF)-h#QyLf zQBMBh3ebr}rd>hoxl|PoDLp-&O2WGpjt0{-LHIo~hiwS<0(A~NJ#ejJEsTT5XqOIz zTpbgNNm5X53it{wBf;hChrd0Sl#LNT5Ng5*K(0d|mUJfjJp&a99zm8S9c4wl;py9@ z$aTzl3WUki1Ob&~UzXSw*REt6-?ZF~JUkgH>7a19;-HHw$D(~nOdkKvG51!3RPV_i zIi5!?nB&m&H0d`C)x_wcIB*a-++Ky&En5C9R9>|Tu&S=8GomdT!KXwRzNV6|O#TI8 z%&AcCO!|%-NVh|htWVewhOY<=Z@~hOIL78swR!TkjBn-GkUD4w0oD_gS&B2omS{6;JoL$F;(D!+>Z(h5e)3Ngue@ertY73p7!5flo;YBo z;hcp*nmd3#389od3@mg0WR6A#uXBe}3#_fN1D)Kk055uIUSKoPhBIh{?Z*YCUw{5R z1TG10Y7X@Bn2vhbWa8;SS~Caw;0!yUxpohfmXKd@5%E5|lyK_>yU2=i6R}qim9nc= zQQLE9WBCXDg`{StEhrS*(^S+g$bk+B$`HQML%{Ac5A#W=Mt~QT?o*#xAb_Yz|NqE;6Og(83N651x2w84S=%u z%HPwI90O&_eY*jNfoYPuUQ@^dx+o84Q5tt($L%p@xcpoV`GXOlqZ6|+4+5Tt13A`1 z4wS@StIVH{jT<02<1vr2h$qfINdtHQaaN$9`b~Y`X~!S3{&Ro|TQWDV z>m^1B7&^0K&^f{*X|0hz*iJr>#KM^JqI<1@?V4Ou69XK_KZLlEC8BY`5mp^#Kinxq4WPusv2jLzuB9q zbT>D-gWKC|h+9Mg_Ry5sh4yY~f85&sxFOsm?%mu7f(R0vZr$|q-dw(x?S9|K+|#W) z&9t0sWTh&}CaEkAF2GV=o&gyg8y_Nql>1-JXzL{7;U%lH`K#9Yb5Jlq)77wInnMF~ zagV19`3nK*r8bAPcs zc+No@9f9V1zT1JXadWN$;Nv;Mf1d?q2@!!Bz(HsQT?PD`D>HMuBXRu&mqBF}wU&^MaF(g89S&r-l(9w8D>757aL}qg)??H$QR=cLMiWcmCBR z-|u(1vpg{|`*^z)>u2_j0f9ISW^OhSIymvHx`g|nx(R*cKlrm&IL@Qa4Z_Lwv)^X# z@-df=gZTC8kNLBKHOhfpiXIE^nhOMzPX^r;Npe&}>c8(-#=O}lf8-Z5{EHs&OZV{e z8}V6({oN-0_3M@Qi>A4{GAlQ-{9^_)-= z@dTPtOg+Jy2@$qlWL_d-3+@OyWCriq&aMwCkSlrC6a@oTiQWBPB4!8c%K)f^HL}S- z_cVLX;_>j_QZrt|xuN`9@RJA5JxzL7VtGN;uUlw&WVr=vz)2}A%R3u&*PEuc=|6vT zIJ>fmsj|XM0T9K@w>kwS(BEK!mTyCY+?o6G7`$bat&SYJ>9Yy!FQek;&6DBpe3#x5 zU}59F{lN5^r6qGw;Ag1*OP*(VPiKZYumI_;;P4CZvp;m(MOH-^t@JnHk+h7s#|!Q5 zn#YN^ehN*(jfOm6FmEI(l>M!^$y-98TAL=@!={==aOYsy9Oqo$?7z1H(f4+U+VYo~ znrdIyMi^z;Vhl2y5VCAVKGxcfLV2Xzd=5WZcQ8-B$&EYMgfGp%Njuy8ToHR7&^}vk zp+{0u#GcreVJ89VIP1)oez?$t>K?T51loo}rQHA0VW(HyY~O$6r3i3H?NMUd z&$Uj`I8O!Rl0iE=9J<8q|Akrs0UF)~L!ghZ#~g&;yBGXcPm+_DZk3hxxHh+YxwU9y zE{%tl>sK~Dddw>2nq^WYKslWFkt7}I#MoRKPX0bzGFGvcaUQ79|-IBJC zOzcr9#Ym}=jLzb`#ax}K;>2>TPsh4vJ2W-ZG!Cy`Y$I^M7WQ@9V5x@iv-l?YbtZTT zOcZ5ZQL3S`h@s!BFQ@e;ZDU|85}KIAQPL>HtwwYLdc!B95G?i}l;8*c0YO39#g!GS zk#|h;e%z)WPoKYsWAYWk+{za(Oy8*dS$^bBE)G8gmqZDlRFuvpRh92M66v-3VEag> zG%wy~e|v?|W?f;;iRq&Bo|`GLHYWspDlci=$ispi7iovJhJQ^c6bF0fhkU#*7|)R5^Nar^!ZGIfPDWg4$ja zt&zJ#;GPab-Pb*InYeT5EI;{g9cQ$Jen>S0?ZIBzTg7Z*O~&-?!JwJ9_q=QS2?TT6 zy3pX$?i?&AAGy~b4tmO7DV=d|c3pHh&x3pMvi-llM{zG<#EH3lADRJ52ro;YCV~VR zx2CX3#h7L}rfutYJ<|G=GmVF3$Ws^@#v8MD+Mg%0Kv~7~VdCHz2|3l5!6SB;&@J3; z0eVyjY{6bbo4E@q*f_^o%wm7#H9EAPjbjK%&nLFxa(+k<=YM1BXl8lRU$v z93};m9#~*)%!?;oXacFl7yPYJZ07xt@(n?gdkf||&EyS~9(60MeA3tg#1^m~Q;$V+O7z zg!iia@wCq9qnw`>b0|mI)H;#7|84K2EQtCsd~ry>Qz4VlKzd9_1zq-m#T)n;Mm;pN z0$@wm);|q3CI|hH{_w5-&-(-D=bmhHnnNT7ieyWRZQ;TeP)f;lDU|xuVwcwE24-yI zOTHC(Gn@~x*=tFU(Y$%Rl)j0g4HFr#N7|j!r65>CEQ1&oR{}4F@2%q0MdGT-?aJ5n-F)4?bJs(wK<9dFy!_12P+J!DFe2b6(!c9zZ2Olf+>(HzjqDcfONw1c6n#OQXF$fk!9$CkUp4h~Du?I<|?Io{anpxNX-Tv-^q{7Qo}K zzEDxXO3xT731Cvmb%{u&UjVPCQX6rfx1XiCFJ!1-u}6JP=y#IP??kDFj!kiB`XO!* z-=w!8%!Mnkp9!Kkl298w0=)RTyA*o-W|?0&Kl`jF_P8+?jtjn>>Mqu|aP=D^9WGfW zY_5-{CU8+mJ>@bp=*d+D#dyl&TJj@=Kd4iBmQfM53Pe}do1z)N>=#6hU&l!VEIM>Y z9hr^FXBr3oS!e9da5KG^D&fROIIvxQXrj>w#Q-_7=RO2N%KZn1rQLDSc1|OU(4nd2d#<4q%R$32=+toexiTmS= z1#%pyU#KzsmE)#snBg3kzvh(5ELz`HUK5~-ckauy8iCr%X9j+qfy4cMX9Y~%lV)Ai zZ_Tni^*tV`pX1`DiS!}4-*s)*xw@m4)-Rr(X z*qV*vJ;rfmkNuE$z+TC3Tf=_&UVEcRTU|n>9X`^@`lBtE-K}(<%FtUh#bv2(`(Vwi zodc?(Mhy);B(UTqVP;K(=OR!oYlLr^?h7{dxo!Q?a*8%%mmB#NHnB3z+?tdYi)TK9 zk$pvH9ewlP`Y1nliIPrSqmFZyCiG%g;;yvefFa^`jn4aE&P5SeoMLe2Z5k-sEMh>k z`))xRJE#NcXnQxT8CquI5wLyl3`VX^;+s#vg%oNrjyJ5(%4-V#$3s@$eOyVXQd_K~ z9FZ%Ssv?JTg>9|1137YDEJTZqn?zaTX!K7##yK|<-T?_QV&f#z)S_nz1sh_Y5CMy1 z#02t`Z3ckPez|kpbA**Zx8#Eq1&A&NfA!>3Ma2s&a<;Kz7N+_CXwN^n9| z#^-NNeax~L!6`xC{^%O;@!St31DLK@N|cS zl|k>S#?Cgzwj6>^L`NB>2k<37i9UAo|?=>0{Qj+d#KO zR0nAdqKP4;jCcCn_ogrW^4_vOt6C>2m9vv#?nA3r${%OGF@B~H#{E)Rff6jDXXYl8 zuOm;l*ueTEJMdMkm4wf2MGPB(DrCw&Tr2GkSdh8g>*rKq9&dT33>lrGpK_S!lnWGl6cel6pOV0OYkIlmD{@dqQ2#dIFT zIK^e=wL$L!yBHfLt$v;KtvJ0sJi3!_nalDoUF3b&3Cn^i4OR{{`AlHkrqQj9CxhWL zcD<3M;&@#b_23Xb4m?%6#fJzR;&F~j{a2^U4BN!VLh=@_fb9Xz{8fM(EA~Y()RNWd zN7xMLcBr<7?F(lw6dM#g#R9L$+Pt@tQ1w6s;{~pLL+jfr#DGwg1d~YODNU#`w7Zj8 z67@VohCcQ@sp@cJsX^O4LlG#*U{`r^oD7&taSK$#l^Fdk0tuA@jLk=_i^Rmkh+4ai z83S3Iu5lQw)Vr2mCE_D_E}$Glv)Bfu(NZIbdXB(pFv72M3vjZTm!!v&CTh!F?pc!p zu9vza)3Sd-e{&+{9XZ&ofLw9K3tu}GxuE#+SBD;Pu^4-|_4o)ymj%tCHak5x_ia!F zc6kZs+4?6QfO~BPU8T1AgtzfW82GcJrk|VQ`;Lfxl+*|W+a4wQz7dibH{E;Y-y2p? zM+Iijb#AHEkb*#i`THI>kvi19XB!za#dT{h`qD!#1g_hg5C&ozhVeqMK7};iVR{R3 zJ2=dqu{Un@n)a$}=!{=$&?9c|9A-4{6I@rWccZUZr0Tl5TxCkEDkpH=J(vvOT1fQW zRjU_syS>(VWgu@uWR&M4qM+=Cn^T9e5C1!Y)o-zZOQaGcT2=5#L9~p?`PH!#H_e8I z0rvKDcOTD!4GKHB4^xw-f+&bA-|6V0JYgu(tpDV3I)uNe0n&r%s$c3+uu8J2dH>u-228q`92W+|S)pL;Q>+xVyEKXUOpIJ%_ z&!yxxWRCYKc%g7X=_KMX>UcFX5cQ_5N=(%lwkdV|e4a$l#TPFAH-Uy*?}FsI$NJAo zY4L8lBAxuD#f7y+{&lmtz~(A_Y`<$XwSx$=x~1fNjC_G^y$0Ht{eB1%TW2!Q6U5 z&w={yEzI3DP);4M?kpCfRc%4oh~b z1zHbvEr)MO-TgsP6lRvdjVEkMi3rXk`sDNp*kLVWS{A#37|F8y{2gm#_JNN~pSyqP zQ4pVjszPO6mf`X z9Pue=lmWk1NQ#SWMwZUKaQq~NJ65uYt{T^}i0u`%bmNZ;!M6opN3RZ%)3RPuiB-C6 z7Wto$co^sbUQ%RmBo4NpJ7Kb-fZtIdq4KY~H)IA2*XQ*{VcvmtctB2+7UoUPXl6}8 zqwxL8Zs(6n_)@=Hzyw(<*F$Q8X7+Q+eDgh@?mUO|itE&Haq1_-OM3}bicx|4xMtDY z7p~PErU=0@B+_#4vpL#)b=xJ)i4|gltjbGp$G*BdBJ7mBEua$X*v3WYI$u27zI>8k zlUvk*H##5t9y$Nb&7?AqRTb_?H-35cs%)Yj^E|w<-RbWV52qZ*?$Qm593k8la*|S~ z`-}QN6}!MRM2-^a;4gIxu;jyTr;EAP^%b^no7rgiJazabw*8Cq|MP&PNmUuxm@<;JxIsN>2+HOVJWtxj1C-HCl{a!u(H6CBvvc) zx9hyzjJW75bYKRqSndc18iURrt8{-tSDtP=Tjvi2BAFBq;5I|sLX!sJtIrba0gYV6 zHlVp^eCGKb|7T#|akH-H@zJvFOt;I#0pJUu>!%K^OtY)!W9CIc4weFCEioF9*k{#c zi1hI38z}tP0~_^}xXn-3{eva24-gFU<|KlEK*?hV*8;Y9MGMs@iwS)cl z#Z9Y!>OzYai!oAp{Tw7fOyY^GQRjzI1A|v1N*z}W@O*6qBHkFb>UvOO*RExv+2}+R z``66iiM&IGi|tQbZ@1U|Bu@P1O7Tq8(3+~ciTpVAh3Bq_C&*LFOQe%`C03%oSj+h+ zuza1Xs7vp%f+ZN?NL|>i;u5D6qO(T9W3CC5gS2FOkubt0 zcIbbpw{nTUq1A3GEuTmsvbL;g7ENFW$I?7t?Jaa$+1yVjL=-yy^8bhzLNc)nG)|K- zr&nzw{kioa^|qG&_OBfS*(A?Cb+7`|w<1zjm!^@RB{2r=TkGY@>kfxUHKVTZx?@${ zZ#2)Z_-ts5#yKDf5Hc&exDlQgq_%EfRbK6;4_L46cZpzn=yS(7$GwSC%_v-WS zqr?%x*5oiq6-cb){mf3G^Oy*5MRPdkz#DyGWEtgkwiv^E5#gTiJ7V)#+8E*3CV|O+uI(hp6rB(zbKM@ zUo)bRtj&lb2hl$^zx}(6-{4;@g0Qf_9}UTp#iD>_Xv}U>%${W_P?I%ac^$pwTLXz< z?UT&8;)b91ERZrXaR`-puru@?_94r+@s-dn52*EwZCc{;)bj`I_9QBm{aQ1fF*oa> zN>vW&o=T1pD2Y6`V_2d%zZ8oJ-(u~7>0wR`*;3x}W};E;`zGWW2uZP;0UajyQjn`^ zHP{)8c`G-^P_c0y$G3$;XMU?@|8cyHjyN_I#VeCp3820een_UxU!=e#x)~a6p|H55YvxpB1I{(d1$(Hm82+jxCE~3#jXqEgrl6$e^yw9yRpcc zac_?pfPum9D&XF^a(D29^U0Wm?@2Ld`f%P2WsAIhK*FgW+?AugH{8*F?P_gwaM0tY za39@uWUb8+;o_})p3tlLVcC6KKR2mC0VU@RFB4l04MxEK%mXGuyDA(F{p5ax;8r?d z;;6<5ga2k`=zyPZ{CA_@?x}x*0H(vDmx|a&?+x~1?Z#bET@r;!47?jGFy)r!QYR9J z$LjQpOa*Kn7P~<9>d*rNVbjqeqEAj-HkWX|A zZVVUUCfDB=*F277w3Ic!Rkx=weVLG9YO@I`k8{qf7o45AZ=V zU}f*+xXtrv9s^j5ZS#w{=b^uN{^OM}!t;QDk+kbfy3;sL_kD3HApu}q_`2QoRZ$#% zZ{~1e;=V*9bZ##_d2?Jq2pm5aIP#QvCM<~o*r4I)&=hryVCh>6ByZerfR8x>v#oFxrKl~bn_!GWU9zGQ2vrysiDHWh(dYxAN zEca_0KcR<7MkVmtb5qgi_(PM~Ku#=VV0MDnWPkI4!_a$Kk1SPdIxRai3zGoIZFQzW zJKHKW^N_e&w8YYe6q6I1)#G`jUD`12v-;0B1=AKocZ){J?(S68l11mE7n$B|NNZ)suyS?R0(ybGij2b8bw|r|k4$3e`W9Hb z`#2%a*WR1%J*o{G&ZEJ5VS1BVqL41;nkp}G z=3vk#3sy~dd~hTwBkY&O$FqL6$Dt13L0Xb~)!V>}(cvcF_g0hbTZ#mMg7i+Rxts}5 z_Z9e?4gbRDNFGk)&l>xh`C0*CXYVho`EoJ%Sv1z6ZfMxoM=WBZ94BSCtN9mQ{YfTJ z`B&p92M5~6x4vjI@my!7(I*y*ozgK5Jfo@keO5ovk94Phg`>YWy}R+aVM7I3OO-MQ z#BE8C3z!8^)yod6*Oj5QsG&CJWa8<-Ltl9NOcQ$ee8|V8Ck}Y|BRRn)1H8t(OMQcVUORWXe{j;8ugsT1ENBvtE^E{XHkn-k8IgWdYu>(I$NeGt6;2j-@C#wmB@S(pw%<(allY&OQDg4WXkP`yAD*lM?GZIZ!G?IUvrd3+J zvLalVExiU0M*@nN{rc~2P28x3P|v%!>!o}z@L}jaztF3QwQe(K`+Vqi;gyA8esi2h z$NQGNklH|-rj;<~vGe$CjT?rNS@lf`(H{5a4lPPY->5G<#XqSDh7>i>cAH5O>pTu* z_z11nV}vi91@S;p3K@r!L=dWo?}uryi#B8q`K9Mf2=iW~A#{6@YNB%Bknj_dv+dy} z#VK-G2#z7%PYP(Y5``YVgy2siZSLRj637Sad`J)O1vnb*)AlLQ5F~!-gV>@9{%MrI z2AEI|L6=xO)P}`~C8ySesskj0IpI_sf0Xj$l{S6zYD&CzP5mXYz;?JW!lpd0kI75fos@$Y865iMnE#-)2poNZN(*Eb>;Fpu8dyyOpr=7LSj7HbId9 zD63O1zzSGyZ>!+1#&p+P^p$?ll5GOB4=^@K%FF>(rAfPlwqRNH4q3dw=%`H7J z^t(Sm7Js4*hB6v5PxgmCbtSLrvD))BgM}QiNk?^3r1iW>uORpgCI|AYdE8=iy!Bu& z+g(cZ_a6*5qr>-xXG{JvvCL-0e<)P_a#bUq*88Mi%lu)-JBI)Pmg&UnMe(e*84Pa4 zL&(r3%|YY%aq+r6=P08#*qmm@x4hZ#O$WB&_l-LGx{%l{z$(0Gy%B@RGd9ikfstnE zygd||`5#CQp#2x0XB+oktbGWxLfUSE8f0CB5jX#}M$kA(X-S)0ouL(jq zhtLlcJxz3e)fqQA>SQ#B{m{n1@HFEUrYtErd0nG$kMyciif4-)HZdtvFgNkPf@5;YVgm$ zSrpH2mbzl%E_@=i@~k&%`vS<6$NFN$g^P)zH{m1GjS4qJS7U;NT+?O{1ktoh=SbU9 zez`bK7S`5#Jgm2nzRAPyO4@^7R~lyseK$U@d;4e8jzO29FK3N4m zhD}-{p2)tX;nT73o|hNx$!+MiZYk`7Mrnv~n2(MM{Hk(Cz-$za2BLKw#FN%7xKT2p zyNVmn?aO8|Tra~m9oMvHsu=guPm_EMcW1K1EIopBDIqE7VA5bX7&!>Ye=+zwk=Fk_ z<1VB_}F)!4jsT?>2@RBb0Jdse+?By|q`O zB3$zxJZ-O>HrDl=V)h-7cz)^c@kdS)8sJ&Wtwt~xdQ1WS~seSt+OWvo!Drtw~x-nnf*t|7K*IRD=!%@(e5i+7` zegf$nhw|R>U5`ajEq@!GN}KsxP*KAaA46Kj?m^XrH1(K8xN{4XGw_wyGGm;F(klFO zzCQN?$(W0A!RsoS*kYN&;lW7*!-cIFo`3^-KR1&}ur=~mFkbre$ z`2j>zl&3f#+n1N}l8!yA;6JRlwUbjK?;~E4edq&NWa(Afz;Y;&c%X;<(Zt#1j_9t2 z_fDuP`jQ?Eod3R@u+@)l=DPFD6hzMGQ^+`=j>{uyGYSZb;6}VwYU!bdM;`DuM#6?N z9kiszZz;E`=UlCwsNTTeAFi3{_ZW+rpYs(Sbt_A?-1iVGRWc_rLk~99oW)N-9kPi# zGw5dJx&27&?y!hd57(%1KeB~5_|)RykI&yUP763l`Jqn2&>*h_6Hocft`B6RjT%Z$ z4|MAowDwkZ$Or!Ft)0Y~Lz3@P+(`!7X~{N@d1K}L(ZGFetzq-g=oDSX^%)CX#OB-RrltAfKq;HSN#xX5`Pe}?FoaJOk*kv{0MiSqCcPWV z2~Zd;J90aIjZ>7u1r)+i6i-@-KvFdpKqj~Wf4nJ#jPLcj5i*Vue6szZ;z)F7~P{u(xtJ!9qvVPpr0_*>`k2 z?f3XGyc~cU1#e?W^V}r=7Y>p&C3MidPC?gWq&TSR`HS*-J``2kZHM zMW3yWu5Pa->^bNAHun#VEV+>dqHFl|xfsvibhSQ`-YYdxC@VYSV>`x_H`u)?62!Tb z<_8!j(U(u5G_g{!KC!c;$mzb^MHOIWje}z#zluR&n@X}In^gC5%>NS1grRQXz^}cC zptaoGz<74d%0=88^c(Ve)ZNW^IQvLv{k{ZR^D!K>7MN|`PYhy?^_lzhA-&H1VJk_d z;ktm1IG&8c1JwZOicTf4pQtF?lVNhw4r|4Sv3zw96or-!NIi*!+p1^Hjd^ZLi3c zU3sw@0?}+dmA{(p;x_bUM^i4r4R>hXM`RSvX?0rkZcna9k2F=4-avB+3EKj-l; zaGx>zaUQfI{5Df^Lw}0JKO9JjY|JA|n|krY>UQ5pU_M)rVR`*VTrcj~W^7Q#TN5FO z7&jo^<($vK$`<7GuciRlBrTySnMGR79K6J@X=i8U$>z0zD8SaFQ;h@*R}lPK7{6lu z<>{e@cv2AzfmPkMuGEUzieq3^b$cp*=!<{O;G~ZD?gdz>M>|t_5>eEYwHTz9KctHAP@VxA+mj57{mv`r}~;iXv8dZl$7V46sJ-^`e0Be8!=|ac(>iUR*&_ zWjrsNr;MpWsjmtDhXsW0gy7xb)nxwlUsy}7EWB-8izq$@DRRk49Zw(eCMy?`WZ6`K znZtj;^b*=hL^Upzb;;C0cvwk!DdT1a`z^f)Cc~qu+TDhFJ$zjOMj_ODS@7KHfwwDU zRI|muDROw#x;M-*=`coD=xv%0EBEqG*GXQ(Pwru8tMk0df7fuy!(26->~NvDz=X4p z;kM^rJp?^uF=;Pf`>@8i`(%={&+hIzQAfTS!E=f}!(7cDV2Jr@l~HURBQFWw_$vca z#?va4Wwum&7pfKc5TJGeWqR2v8E&$G5AY^uEf}u>KU;V_jz_&;3xsazPm_!$9(fhq z*n}M9+oP}|I+Z4+uAG<0cO}pXXFfCiSwm~Xm|h|6J~?kyoLmBp-xr+^ksbz?mh^31 zLTLw7E$e;C=Qt+iguW7Dt6dx_^m&t#FOllIyQV9F6byS#=E+vV3 zv-ttWjwSjwAZ`&FF2jb)`PXUR6mpXT@9ylM;-vv>t<_Do-WhQbFDXUv+qUiLf98y5F|~P5 zEo%SPseA7ekrJsrwdqq`VM5U;1BtUf>>Y03?Jhld_Km0s5B=x=!TK`)-?fGRu)fT{ z|2xt9kM(6{WM}*D+y9OAW#;^M{6FjegY|X&AFMCTwQUGEWt*2hU3ENQOGn5a_8QFX z--5bEq748e_+MCGMI&#ou|G~V?au_F54xf`qLX;mmc;O`{`L0tjj%w;0?(zj^p^Tw zfeip2k%a-o?je{xP=Ej$jz8Gy+yb_- z2|VzuRiy$BaHURh@;;vUtrL`VNpqdUS zm53YGKe#cnwmK2cUsp^LmB?sMf6v+wQo(_(88ibJO~4cbfgS@6NV=Y-@0t+OAA7YQ z?@`@~zS>U1kRAxtKdLAM`;=}9Ffa+YW58tTn**#79PZyg!vnPgRcFiM5!tc$`vVg} zvT&f}>h>i2VZf0qX_1ra1B&>#TxUY$-E)}M29Xl{D&zXHESET?ujwe&=gResF+5FFYX z85~&~nr&@e{apq>Y&m|<(64q|SsYyJ9^X0e-`wZD9R5V~7_O<+zwol{*rtf=nrj3Q zep&lnMOFuqWA*iaBX+h|9r(R((q{hqQKdL4>!ZKu&+$ zsGGh&M84T2KJAcScSvr2^4fkX=lnVce|lfu^a@IJt}c^hE_X0?3GLu^uM(IXfV#R_ zfWZ6o5M!#oeo_n#5gQ*q{m8$p{M4!=I$fz7jyduPQ*W*}4$e{!)BSM00| z0CS_AYbezzrW4-6Z(ikLG=Nq!e(T_muQQV0&Y!otpTC;v#op-`hxNtQau4k@$4#b1 z7O)d~CAH+loe_mk)r0YV$#4&USPB~8%EhJWThSnNs)3@($@ZUNU!@(4Kz0Po?G^N2y{VW-lc&jTa#nN2Ql{~Zf0a1PeSz#2s)?-f3E+!qJtp9kQD0~~*SI!t~ zDWYnf37rU!$}^w#wfjlc|7c_KE)%|y5@rw0+yPIjVOLYBKgL;q?ht->gnhsKd6DAhjEDQ=l9kOx#JgoS$yBBh9^m|Tv< zNgIBATH;Vs@g%IJ8b7d*j<4&xkkt)7Wf{1(Ehj)?OEUonv)Y)eNm&UjFGJ*HQKVat zupN#e9-bX_{?b&}44%*PH{v1~EXC?1zeJXFBGhoBn)w(GwqK^xyiAX{yXPsquG!Iy zcrcl9XLgHrA@K{RvwV0pJqI4Y9lro}*XhufkL}}_RQYzxVUi#`)=q_f5-r}RLYjvo zs?8LZ<)h&mFW@*`i_$SNVxPWDuA}1kQLec#^=ClC@S8(Su-4xa?LR&-SA*mu4THTG zU)^A{3*i^QQutK*keui^m-QLw#UBkkDtQ-i-^%!x^J)BbUOpmQp#4RGCx0)`y=h5i_XDm$5{FscEVx zD7=q#FW#5IILb-g`^d#&rTg5bdt`}4O-5jw9Mo6}m;Bc*%GF8ythF&cn&0y}B0g4Y z8E7WDk`;TuW}6Bp2B$VGjV#ed;@4Fn;(t9pNZr=v8*zuPK;04ohIxBoFTB=^oj{wK z;LKHX97C{iZb6P+1lV~Ii#_ywPc`ISXi^2${;`lOE;JU#(E9ht-|j6r%hjnX&P%?( z1iNJWBia&17->t`Bn6Wh*yCJFW8A+I)`KSJCG3s z@Yl!>0=^6sYj9&T5*HRxzA2N#{~R1IQ%IbdGU%nnE4Ut8xDjA9^Fp(f?S#>xw#ZAQ zeI;QU{f=k)v3ieShi33Vl!)x~-lDWaYxr?qYMT0(X;0U_=)s9~R26~JUHAEb?2M|k zI$Cg>d<{?&wxQ0z+~j7n8kO9fU|92_!C4HXb)J0b)=#D;`4j@+L%Xpz3#`TR`}+P; z8R&3^m!}NdL#$Z8+zcJ~R^4ZdigObWj^n>3UI`3rV$zFNL$1~v81Hz!R;?WO7` zTvu-EgnHrPkZ>@^zS&FnY1GI1u6A;t8eD4U<9cm+_ZWv&BM6DdOnNjY6UNaVe4#g= zOKk+w?KnI#e#Aj=UZSSCSX>zjujdCNP(l}-A&tJ?7k{$Rh@!0r4~0>0^a~oxC194J z3d)B|CuoHLo1;b?%7P)#&qasroK)FyTC4Rgg7?MN$fo5&a~}fl z+K~gReAoNS1Caw>mx{aheIU7gWZKz^y8sJPymaFH2JXMW&*4mT7{^!3-zwQmHM0DF zr3Gxy2rZRi#VpZ5TlM;gE$B=sujIhO0icuFV?artY%~<%z3Zy%(7U+KS$2~f{!xq% zRZ>#mG?R;+GqRUT|MBm;R&uu7#d7w5_cb`Vt&dR8*Q9T5mCjOye@+ZO}sjwAXIu$E-S--K!E8E6EkC>NmJBtR+zD zmmHx-^p}`igTZ;}2@}OOQ(UHhL23L8BFre>LE~DC@90yN&p#vT-U$9etv0Cw@f_m? z&k6unQiQKLxslsO!6U|CUN${(jl4!O945q%77u?XzS1NBY-_B$6XGt2)Omc!}w`}^UPV^AXb^065lL7kE?+48+Gr8devdLcl)xwEdY(%%7kqc@Q z>v}=Njk>w`g#8=dxg^%0OhdGyvy=ypUk8mbzTem{Fj#q0|91JYowU#83a84IMz>=) zWyNePZrj~l>XoS38k&CF`2K4mI*s9migH)?{VBiPw@3akO{&__yJiTBR`mhS{R{Qd z24vA`Fg+Vx?4BZe1e)PnShd1liNX72N%>PG!$>CFLQwb<9d9^ChUO*a2h(|=cJzst z40k(&gMdmUGmBIT>qk%}H1k;(jfLCyOnfKaI%K0SuOx-XOMNl;p{OuI#+&(1w^NF+~rh%LfqD-wdcExkddl>7i-fpVe&x zl+K@fSrDV)eP_>k%TCb%KpfZ?qh6gS=}3i`s~AP0VEYKImLL zVD@R4H7RzDkT$f13dQGe4QNsLW|7b&kTTGfSMe!J_6*T^w8heNrAP((iCDChnJHaq zClm0!56B$OK$o1ISnhZgqV}5BI$h>#AhzRn4|RKd1un;@F|Dnsr(C)tepcVetB(bf#YqO%X3hz$$8D<+I3kz$9>%ZR(YRA);y*ThMVnm8<@=qhdXesJjv{KrkGc&JqWmNxG}2p zmzcQJaYU6M`!d?~^m{LjyB^0uNPmJqnm)uo{rj}|#{i42WH*C31) zW=|E8mWt23Wo$a>SQ12K_HSfttpvN)=Tc?(VAaRefDVgVo*2`C4cO2*$!d6$oe zV!cUMSQwI6%le6oP3>hsPFM;M#?=w_&p1+uw!fLCb~%*R@0*?SYpEvjzl_(6$uh#H z*_rRzk(;01V)TO;*gF+SEW%EPqA~SX-D|peBnHW^4f!>(LN9wDRKCQtt&I(Jn(`RK zoTApcf0O4){-3aYk?!YXz;Xy4$RtGwkZj(6?x0dSy8)&mxR@CV1Q=4e0pnH|<&KU8h=aJZkSi9o|g` zH0br3ueZbm52a6R3xndi)n~)yQ;mLZri`0&X8YE99qkmFSCoKz#18(_uJo}?Dy)z# zMgZHfS?eFt>33{yzKvwhbrER{(xN#hPew2F=*1XFmjdc~U)6a6nHBaDbAqU8l4S-a zpI!{;h(0R>((Jzo=-!@KFGtmJa`H5Sk=72q0Mws$_jX7dsekIO&*%_yzf*^J+x2Gskc@^zMP?IX~g}^rw67TisAX& z?$2`XDfe>Wo*uidWN$h`R;ml^=#&^_ing#Bu`dPvBs4E?n;AAXMN)c_3m2$yi;vF| zOvh&lI<1>;3gBp6&=7hbKC|E1imFW@cx&?{IGn>=90a1_@h3`WGu_1OBjEYXF!Zm$ zbNlt6(!Shp6$Yvj8Fa$H_oE65bJg{C64oY#9@k-`=TH~^#};?jnIo{fj$5sNM2ix~ zxSXvME@yxne`j5$zV^$5L271>8YjoBa&ExW&Sm@A=0Xr`UiS}$2kw+;`x5*vPi|!! zQDjw6a%`8IwV&iKytdFZAi!`v-(iiWhw3I(!kKt3+8jaIw|J@DEV#eT15;jT664`b z9aO4_hLbFuDLbh}liD4YQ5V(Z5|l1w-#V&H8Ba46-7=m6tELU8%z||vqPcy9d00Zc z_35Z3HLP!fd;t>L=^j&NKyFH_20SVUUuM2jKt=i$(S#b{-lZ4zGH2Ja{x}zT#j5-@ z7%$|~VfzjMDg7Yd5mM4q{rgO+DICckzY#Y65noE8DcVQ7q=a($cK9 z>{5C5d&7vW!%T8*L||&|-ZIPW^*U<9B)v?Z{XwKauk>{B2?%BZ=uW>$>J#Mca2oYs zAXvOkGA6gN?wgLTFW*@YYk}y3L~H#oepB~`l%5~4)0iDV_jG{}W64JunXTyIT5o7C zMmy!;BS=O1O2Ut2`^66qpL72MH8J~URlqI$CnXS(O5^Ng1#xA}YT;&Wu#gNxI^Lkm{vaOx13h#XCaJLyqck*BjMgBCORY*3PW9rs)ljgYljIqo$0$$TXm)QQDwp~f zFVqBL#%|3Tcp4@b1x8=d*}I4Ho+Aatmm$LkTGGN*;X{KFixlM?^!j28*R0aXKDhFb zgsvLPyR3g}2;Ekew|NbhoTH!4fbPC4uIkfZqpz-d^CqZ}7G?+Mb_e#JU1qi~iHxC0 zh!N+Aa#-tSt;|nHe5g(-$HRpbH7DR!i7u8GkL!eR>SsenfL?KJQR)|ni+b!IYA$T1 z(U}jGQ^%C=q&20-qKK5DhSg|Zj3_ty(s@BY9L2wlk&FrvEyWE6;wJ=(d zC3xaNxz>op9Zb(eTJmSg3Y!)DeE%*=!RxXvOJPyVCfx@oz@3ZtgMnN@9eD94AbVt1 z9Bm1mNT+Kb8FG#EXe|}~tp5@*sz=tL_EC7yu`F!eeHrZ(yuep92D#c_m-u_HD2lgW z+2Pb|N+`CkfSF-k#N#fG)3-m@=iy3e5aI)^xcwdst3oD4#xlI~mFWcl=;aZh;KzZW z=zqjg7USSk%cAYAxQ>ZKwmE6H=eFMO9eWBU{kZJ=e;P;m+vHE11kq+GAPO!L@hhvIwUd8_ z1te8v1Y6TfdhzHO;UY%&F0?42E03GcyK=MTDe;JPq0e`D?Q_TljYHU_U>OPNu8;Jo z(#BOhJl^>9K(5)$hb7Gyj(4LRSaTrSpxsufBf?qKta6mXISiUNvtb8cW?dp*Ri-q(p|rk4#cKix0VTc2MMiD%23xEcEk)i)8`-uN{G-nIM}VvdV>4qN0LgLj5xxG&4^vm%~ISYi+-S%wS})RW+UKq;W2X{u(>)6~tiq zC7yw&6l$|8C48tak)a|mv%W(*ajJc<(pkezI~hF$(W0=n2MZjApL84a%U5Pw$r_&^ zE3Eu;*v3?#ZuOPpfgo)1We$R-iyd~Seh&Fvc7%l@36`Qe{R$W4$c z%wk1gO>Q_e%+rh}o&a{Bt~!Vsw=wd&kXGBQByDmF%_|J277fduAceSDy@>Sh(fsX; zY`Zwr|Hcr^rgDJ{%2|N|23k_XQA!oX2QuhKv|Bsta=JC5Fz+B zIiY0_Rpq`s9%)!Ew$3C}O6#j11xwDC!h1&a&d-D%SB8$)R8E&t{Z&m$WV`=reL~A` zrHTexdI57zC?-Y7h|%z2n`4-k=OAy0%ST$tI_gDLIc=PisOZcHivRK*j8BOUToFSUuym8)ghiGb}%cH@D`@d*19#s@$*3HOm4#Z zReCwVk9lqD(hOJ|LknF_N71%KT#61+u+>MDO__l*lx|Y7r+9-b5zM2n;os0u0k2X_ zVWE$;AkNAUEdp82f713MEkG0qJQz}9YuF0G-O4V2+d!k(j*GDzyS| z7*KFvPB>9}3Tpr1vH$i4gGH5&ge{2L7$O1t1;+i|)8r6Ah`uuGVdx@{+P984e+lEm zNScm>-2O%VfJ^mcZY>-n-ONwG4iuvpAvC}+PFb)kB*LMA3wtTS*UfCR{yu7dH%SVx2TwNQ2#^zF;!(!5RbmYhBP**#6SxXCNZV9 zLGm>ofcDM@(Df7XMMt|)lq-2K;{G~WtmacE#Mj9JhZ7&N+7qt$V`}$dyuvNJ;LC%M zIyAG*=)Zmw@$`*x^yaM8B{GkfE&0TR@3jNTgX<@M!1>TKV`Jfv-h`2k4j++b**>2^ z=Gv6ujt%lMPcL0)312uw(}Jva)yk4vZ4@4`a0Xw80$SS?ibavJ>)_gb7mi1-!Ql^X_&heg@cS?IX}S1~L> z`S6mPX!~}3^Uj;%Fo94?a&Lu~!-j<+pDk8#FogR=z3@yCW)ye0`-8I|UvT9}C=RBg zzK3Nh5w(yBv{okc?vT++&xUzJVeczZpgR|J>ImJ_4`+}jQK z9Xb`A2nF=3eV=g2gRLt6dD^5bAAGej&&(B!c4AmBfMNQrBtS`n zZGOg!#yP#*TYpJ!HbEmS?)r`=FtjesI>I?@+@ikeX!<@+uU-z~^(ugJ^<((U^GHLY zl=de><-`CXL(8qG8#u;2%?Vw4@IrYr&6Fb~oiDV#Zd_}Q^i$o61zJ#_FGqmM##0^D z;1Q{a>F-8CCniq9YI8eIhKnkK;c_seDGhYtNf1He;|{C878!E;x9x9WJPVIH(TOd` zcKlK^S$9e8Cv2AT1C=7nyPgJbr=03FOTE{!P_~7O?Sk&5MoPiFdl42~bL+~0G5#b^ zW!Pkxh@Ncn{!XPtjy0LYERNzFT#@TEuWd`y05phMK})q|n?Dq%CQGPPSCvtkk_fk5 zWK3xxJjmV%#cX;T5t91(*Im49Ege(}Wn&>5vSq@j%{_*DvT@kaVfsyfNZHro253T@ z9bcBz=vWAJ2O$TiWE|y!7sPuhwlQk^(P3kbhK=dH0R|&09j#@b`j3OKX(#7{rG_!deh=3!ZbhY>-ddvSx8t7uFq05_L>Ic2q@B&3^h_URYM-2buEBt-OFT6B1E3-nJ+r0e9*_|$1Ee0zqqFG^d>!# z+XkN%Ox!ASV%j{H%zvrlnD9pULDx}@&%h;GvLg6dluBxwy-pv0GES+J9UI0NV^Pfb zpNLlYwz!#Hjg-ljTY=NSIULOV0;vbXu*!DyM{Cz-S629 zx5uPgT1OdyZVf8s1A$;dO)*?zCq?3Kl>DQ#S@&^wR+sVoSrUBkY>>v=f&>KL%S#q3og)9aSzZ%v<%)FtRk1D-h>}N%~ zp9cBt-q;UxKRhr6GKBe`=sLztWK|9|+luKm6YO)aA>$ER_U+*RmEwa%B`qoyXlgz! zHc^1(RvQschLh@Mn6*=uRWODL9$yOC!>_0-l*VWaxhV9>2oA*CVsg*uMzMKUfNRl16( zd9)s&U#a46%ijGISsHViay@&K*s#emCsy_w?SiGvRRXhnt7O0~UTMJs4LdGKr{Cx* zn>JdM=e%*Lw4yYKVFsO6H{U51n`NuZ2(R6GW7AS~xkQ_Y_LYOs>^aIz{V{3Bhq1Rv zsP5(h?K4y?>Xiby%nw0JPHVirB>Kmdc-SS>$;Oe{pcY#Szj zP0TJ$>u?o&2|fi{`&n4uBkr$1WfK&zFkNe93OwL?Hp=h1>0*wMFso$k^kDt>zFH7U zLB5Yhs+F4>OQjo7tlwtTYxGM?eVgSxPoQK10eGI>8;k84`shOB<*toPbn9#~GE9uNzE15u zQ)NuqXc}N7bhD~Ew2gWDv~rB>8F`g&cy{$AWSLZdBP}Q0ny_9PqZ&(nJNyHjJ||GV z2aj0vY&#ArJ_tP!9J%>kd-f<9_k-+rjWQBnw^uqPqKc{xG;`e+Z7`MLSWH$JemMjZ zRo(OsclxZqY&ajcld*KQ753nh3dP|WJ-X(tp}245r``Dg@&;%L@tkAjjcs;Cnb8uXB0~)Jp%dNPHb{f3H6yFT*gg`hCOdE&Cz{KA78Yh_AM4sT7%E# z43N?iF|&Wu15Be4RdWz~aibGpkTS(Sf&Os6p-CkAXBTJ)vQcc72@?Ig5=Y;}=vpJ% z8h-x%!|wtQXtDL4yV^(OU0=$rU_yAI{xq@EkHSQ$Z&jAC`s~(tjz_>=-;Uz)0+5DT_`eXnLb9le;@#rlTP!hYS z>Nk!jd;n4zx%S}+x`rX9=Y-KMebl01MR)`or-!bx&Ny;!Hp^GLbjn5-9Zl>*s?efR z0PgVnI-@hLrh$j&>FT!DR@FUhY}8cjD_h^D;ywltYhN6_hO>mbQol~35Kd_ieB2L~Qe$)xhhYVT| zTSL~+>LAw<^@YQMUQS;yV6$cL8UOu7I_$N2HnA$zu5JRAuY|FT4P( zwW~(jgzDH>`Io@-MJ$)DyNkVmTeF$`^}dP2BXSK5WSWudG|W6T>UI+35r zv`;l8kBS7@aN8S7yhKCBCLBsYF;{{yY!&)K)jA3uq?CZO=efK&>y@}8YKWS)J>SG%Hn-#uRH-GrlclN(%iHoNcp3?cK#}V-3j_I(_bL%RD zaF{pl@i|{H6ceRrD`wwyAVJ}4@?MC103b`FpC3q~C*Eghw?jC?0c#g+(f3=P9-_5vxOpk0#wYeB4 zI1WGBLGEHgW9g_U1fL&E$Y==SRU#Re**=mEAyMuwn`;ln=<(9^d;?E=|2WulE`XMn zSylX!g`3U?chC7fBXyxPZ@J-u_Ym0?!KT#DFAhOc`ysigDq`u(b!y;;x-@kvTG7}h*nq7Pz zgk)^xPHc(-)ai0Gg5Rwi{h%wu{xJpcQ-n08*XySYvu%T`ZYEt< zE_t5eKRt!LXeVcNk9wls#PzOCkb^Bs$sKszjQrj?wxb9%D1S8BTi)W<cFuv~k4IJEh)H^z+ z!323K+W+HUh=7rz*#+#D^iEt&Krhnhq4K$DE| z4ZoKIT+vKOUkpIFZ6wH4Kle!GLl!L;8y8z~q0I~J2UBp=R#)sT50_geA_6$L%DJMq z;cRt%z{w3Yq^?JU%c6q2v?xMWo6nwblYW7AXS98uq5ciC?o)~Ig`BL1?aI7Kz*297 zKt{o|=P$b*S%|nE>71W$k+H}(-CGllM$_e$SD;}yGjMx$xd_?L__&-{A*E66ASb>} z#ULWiE7N9J2;;hGWEGhsdflUUA`ZbwOw!w!|EJQ1SM8HA2>3GMSAY*Ny&KRpgJOeB z+rd`Z$o97eJOeu^zCKTSNPQZZmB14kb;YqbodBgM#I1RyQ;6ku3%C0>mJL) z?MUa;4*6;LX$d}Ce1pY)DGqQI&&|2bIyv|cPSGo4PQ}Aj2A3Fi;EwZpv;ay-c%+P{8k9WU>!~Sf zjAncGcp;q!)t@nX3uWn+;J%c+_hDTupCKY07qJWq_W>*(+b0$ubM5B>XSrc1vCWQX z#~g&IrU@?_>q{Ku{OnG2&2021F#0Vzh?`6R$(^w#PORh=pWzP|?+q&eTL@}68iwx8 zXQy;)LeIJCsQ)z0-oP%+cjYYwW|RwO{p?(LLd6T2IQPN^T|ue+qveXiVEc}Vw`SC+ zzSgpt`IGwaodoc15d(Ox+__Y+WK^>XeG7Q9#qcePFnaq}_W{gaec|{Orwuqnm`u|Y zXd<~x7xA@d3#_*=yxI_vQXneWT;eWTeCEfN>AcAhQBNO_8;-RVd9|$G_dO8REf0fC z4?GZKtSMmX>^E!R7$MJyh3!}<7+>yMg9E)v;jWVc6GE#n4Nxt#x&B4D?s^)<$`(oh z?Q7eiLGLnp-J^+3&ziZ?7}v~UzV0a3gz)0gi`#ZLGpCch1?GO z^zFO?z)i24Ifm`mkKd4Qpc$9vJJCTY@O0N zd7ARiu&?n;dE@g!?dbwHy=uJ2$nkQYk2~iPXBw*3hQlUPvxXiB%`d=ZGIs9r#_I-j zKv!P9*ha5RVozz@Rvr3_a9oli*t%V~cEHV6(jhFFSNBr4lyw<%lJb3pa}M_(TiBP< zFUPb_KffHFsKoqeRt7nmK%@jbv36YSknt>8SVRG7O+ZKa(V)N%dB7VsWp%&;#j z8FHUMZ4q zSA&8o+YEp!F!tq)+j`_C%AiLp?n9M$Ef)?(_zPN3-}BWXE!9DSADy4-ck6vz;z@M$ zXf|wuxiV^`aro+-(JJ(7iNLXN!`3Lt5Q%hT8wlho zsX?2NrNDw%03xJO$Vu>l83z~fEmaq}MLQz>oMlt5zQpYn-h^+w;cWvu-GIK|EK*Pw%HDAcf{TbdDRn z-cobdgS>Y=aIZqed?$BnSX<`$I1$d=o6hA?sTT>XE5Gjp7IzyUg*r;3-l7j zlWH_h!{@0hNx1@#Gy${`H(J@4=_@``6di(vF1FP?KKI>zT#vveBa8$^VEDCGI<9)1 zYBW3>yC$K~+5Ll3!F3J$EHLL)!mVygJ_3!Sf+>e}ZCnfSb&pd|9Tp73{Xe4H zblA^#>&-XFse=>uwf2#`u@dG`)lo%?0Gs_l=uXZKMMu=eY- zGzqX>(et*2#BEc6)H;hA(wK%p{!C(nIZs!E(V@C8!hi?&y8oB)@=sy;Kjw@6$9Q4+ z9}W9|#tS>=|BT)LZ^jD;I~(i&r}0wVq3mpG(@K$DY}jPD(PFdVZMfk&^zZwdx`n3Y zYvseI+v{c3??v*3Ps6C%Yd^E?n0JIrqc|95{BIzIs~8Xyx3-y<7#9RR2q!EqDJCU3 zH!df)9JUs@e+F#79w!YeRYg5%-|QM-T5WI^yH7M9fsq&q7z>q=37OH+(NQP~1!`l> zi$g0tgBw+$oVr3;NqOP3?2r%@gf#AF_VdZPk+F%K=;LD_roN@A6?m2FC*-x)RRsbF zDtihTtQ2Dz2*khxTvn3P0R+Z@Qx(L)pRR9iHdCN~XmlNrE-(zh(!T)9Cu3}OBCG#? z3Fup$ULM@fo6kP|HiYIv#zNs(1C6Hp?f~A50e=1|H;1|ej{S`xC+D{VO`8ohi3e|! z^Yh%d7TX6{US0oJKm_|9m%aK zNbfEh>YcZDXsl=Zn1M5g!UHx9jip!yqAcrW^lSJzoAz6lyzN!7Gqv2R7(!1Q5c8O%;T*~x&1e()!pe|*S(*cCo^gl_#{yMOEsztv;E)Bc6-J@bBO z{-#GYH)j`2?Et^N#1g-D8pGK@e_vyRUFKzKED*1&%4U+UV> z=GfR+-%)Zyn}F5vXF?Q>pBj+W%+D2=@A;>?&$Ez_rD7G4iXV2^XT4AuKgfQ~p@DBZ z+n*vFP41*0k5@=BiP7ntzNplMm>~buh@iWhua7JwO4O*CABw|Xf2^MeTC3Ab^F6uz zuU1=#VL#O${@fp)vu{i+MQtPQBtJ3nwYAyh!<)Zf^8NglMwsFwy<|UDz@Ihm{L?>~ zUO;{L`f%MX)@GCV))}c8*MGutxtYled1psnjmQRj{wkJ~_w^3ft}xJfr!~#*7X1#c zwFtea+A=zu{C-e~JU6etDP!}ngW07f90^Nr>;2*|_ZmqxuIai;EH?GI;}Oi~TK{acpg%@2+6(74~u}WvjxHs!FvRf=Y2|3iZQh z4Lt9V$rLk$=_?U?=29E!)n8D5?U&m66*VmyMQFvZfH(+0A$K)Vsk$C3&3o?@o3Fxv zIGQPHrxcc9kYo9UI+HureUjxX1~N7n;D~}DnVMO5RA@E`gh6Lf*=D`2rc2rZ}2Q|l7-J5!1Hhu4-WlQl@rf8@?#)wiNvfY!fp+%<8^NpUMA3g%=5$*O2r*F5?P^ zU2z{z7KjVw3LN-y2#{;J8a=G_Qh0{9gu>rM4PsSZzRZLRSxA5zB1>N)$rRfxkE`e2 zQHd+W{C^`}Skm_I9joTT5j*Zu`GR!bGrJQ5=Gac6TrP1JuGr0V`kQ_$?N3HUR}V*9 z*)J&z1SqPMzIC8ymDEpcIq7VvR=4CCH=7Ni zELHyw{|#JV@=kpHBxe~eUwbY1Tpk?<4l@}j00TysjffLY0`(G@CVI}WB=So?VG^T{ zLJI4>pYtOUWS5A-!||dg-=;ZD9{T>T$5I_hm^y9Cq}+SUH3q-tb0HY-wITcD>pNXV z!7Dvl6dW>k&kM%KgQ(40Wq*CZ$dR*?oQaV0b;Cxi$anD8RoY2ys3qNavog#8gYjd@ zndF)M>{oSuGydW6Uv4%7vbDwAjZiHOHtz22R6MA4lsDtrBzmr_9yoIzUH9t=wFPFu zTEo|H=u>D)+Mj@e{9I_}2a|Ht16gB@^NYt(!7{}MREakCk0KSko?tH9G`NEOhRp@V z68c=20jJQ$amTV>|Dx+I9n1}xk|_x}F`c`nO$W-mbk9?=pFB<2ZaC>Eoih>GF%Cu# zlVySw2au!g!Q=>2cofU$49D$UYL;pjgRDDj!mfdu=RuxH357zx(;>6}JlcyDxs~CF zuF<-%sE#CktD7djym6Vti`V7G1{!r%)pfO0=aU!b&5z3h>p(++NUxbMKE;^=NWNd~ zi$*wxHXO;63Ba~Xo#>$TwmFJ>V^sk+_nv9Px1pW=Li5)8E}}Xh@@8OKL*0OFit*8D zyP-~YdvPK_t2o~K!bwq?MI^~kva`1qy(5dU-+>xGk}k%vlXU!uIwi zKB5P4ZnM)zC>k`_6^etlqEtZseq@GND<7#P{8wzy?992D8T#6+a@N3x#=1~mc$;?C zlBDe0*y-tP22SU|>Ba%GJqz!0prCg?AVJ8_t7vv~f)Z_iuWl}6g4@x*`T0HQ!In_a z=2xsI%FAjR)3Wo7bM~5P`j4_Z1`jP?c&C$VhRX+N`5#s1HgN15SJo1KYcNQ9OdRg9 z(Bo?nhH;qZJ{pTF&dzD=N9elv=h`~AM$g!&WRXbck~t#(>M^S6r^jnozw1N=h1|6W z_6aeo8Gf)maSQ@6yQ+(1#c zB)gtrh9i@MQ&yzw6qy9Tj;w;_DVL2IJ!^qSZ;rms`o(L&#U8s6xx1 zGT*hPMj_If+vj{}9U2l@(_@&dQmjHT>Lm}L<#G8A;Csp4E)KFu>G+EzH0 zd3HqnB8mU~oDU~T=yiV-9z>we8f^Q52&dv*69XXvf$*5tYo>0cU!}C#b z=)*}j{hUDFW1=Kl!d1gqwExEbESei#FK#nXyhY%}Ia|t@gGj$Q$5q8{M}7M%FB{$~ zzW+5lYp!k^$~N@^v3yW=yRr>s$?2EH#e*qgroD1dc&ZklAW>56TJV$r?+-rPx9%o? zCOgJP4wRFH1Jgeaxdjh#h(7UUHQ>urn4s?n^ty}v@L+*z=zZcfzF zLKH2n*#v|*XfS(BtUwDrpx~r~v}@@&d#VDjMIWa(p+h9iW)FV6T3Lv31E)Wg%e(Wm zsyiz{giSRVTc)VKYxB2q43}lrzuI=a-J0tlx>=p;P3^xvO z^JwT9-OhG1u|i5J{322?SvYmPO8^d+5yvoYB4lcu)YLJzR7w2#ft5=v*uIjc)uloSlv;%sN_KjyPA$!|GK}(@r`~?9;za8BPb(omGZsv|K?Fo9Eht3ZK-y1YHxe1-UH?#MOoNhi zYb23+sj9e%QU$!D%f8!t6(iw}gm}@Dwf~!SR5YtrX3_|nV{J2g$6jphOgx>+c!HR| z7O4q7Q~H!r?W2noV3ycV_n!GixRmY;*1*fN>8O_CSRR9=75FLJ;_;Z7pS2#+sVXoM zTp@>Ik*e?UtS(rQJMf->sz6N-s*X0l3E=Kf-j7(Fcil6L&FX6vV$a!N*QVuQf6ycy zl#WSzUSETQ4;dn4WgVhmjw{Vy5Kes!mh+(yWPO1zDFyPbP7&L?+c(zPYzrbB<}?aM z;p&*qF7t0fM`ANkx&kS4Ec}v!Z1Qn*6dYgJgt^^x53?GngfohAl8F3q+;}Hurb$jlegiL$8ON&4IZp1P%zt6*oOXoa!Zq2pZQHhO+qP}n z{Mxo{+qP}n-ScOXNhaAR`yN(S@+S3ErEg9eM)PflZVp7kzVkxILD^9NF9TbK-fC{@ z=_6d4tb4T`TrqYxEL0B2`tP3$V7e|ZCAIUFkc=|Ju%F=#VK5Cu6TK?jP8K0(yT^)+ zlDQGXj>}6%Ls=B0oTGXcJ@11Hm1DyG+H8uY#-CeOq}wKk7ez2>!}xc_-2TX&PY_&a zqVVnPkMUX`aHV#&|3^-+qOTBS9VcNZX>-yh)4&%yD(^4Nf==*)vB3{gmtJ9GApJ@H z*2;eseT^(wS;eQWLc%|bB5eryE#NNghsv^DzucF0^KkL5 zd|!2{j+6?=&`Em;iH&vZ(^0`_hTPl?WQ0R zGBa|)XgfTIeS!E?3+-BB;q+A03g#K62ikB7@P&J2c0EwTX)T-vx30q=mwL~9ph`ig5lVGKe`Jb^Fd z$nFt{p>>|#0-CQKKn7d~<~Dx)C;J$v3+Wd#)BZJqtyF1=cF7u z(T6kW98W8PjX2q4QrL|aW>7|T%=qQz9$q>K%Sh2ho^JXtIVQ63Jot4OM?!nf(+S8T zhR-^f0cSQp@1@rSDB`$x;To&n9vUa&48m*kElO>CycN$4EoVzOSwFYT$_HWsh7;-?(A95<%`|w0mD~ZrZyK&$JLN)ubzc^n#pq}_ggC53P&dFF zRVXT|;F=)avFdj@#@3D)>X3i^=4;pt+K;ZG%Tu&~H*Pe>b^~b!i6~-MsKdiR4<~*o ztTr{0id9{F({6G$-xE1#GHaXhAf;TSUS`)L>9yfi{LPf8?Fw8|Gl_(4@69l1TBu&KSXgo9L z(2};!A}0Vz21e8%3>nGOI99q+W{6BMlv5YFNJbpZRHcSSLLX$jqesnSyu!VRuLFIr zj*+O*cbndXWQEnC46z{UB=g*!Ba9NuQ@P$OtFTzCv0p(st?ig`JUo?4^w_jM6+@(8fA!Xp)gCKaeYnP0_Nj_ZQBmH=)Q_q6nEX)r?Pa=dg zeABqC@M(`sD3x;svBaUDH+E|V4~>8bncO7EYx>K_QZ>MR+@0yS=ZS6S9QhxKv*rkh zK~}$e$1tAgAvh!V6Ui5fBaHCQ9K8r}e{)Ie0ut|L(F?C=^#HAF)mp(2KN<^xa809cq_+1F7FjaA#{-H`=n z*7Q~fD`kUgsiB^e=)}8G5oEu*Xesq!hpzwZvKZgYc71axW{#=~fNL;Mrq}D)13>uP z3Er&#^9pVKWXO;LR9hBSB7!(OLIrx5W7CU?NaZaNAf6oB=&U9r{R(wZ@$t~s&$)Vc zyC;Wrv9}PjL==vQ4mP?{Z5|I0cfK(*SV~Mye z0aETIsRv9nh_sLx`z$puR$51?__=8`D(EEwKBf~Plluz&wL*s!M;;xIV7YIwvz23XK5_q9$GMV z%w>2vRk74hhd<<1s8GgY+~@pTCfZs~=8L=L zvrSw#E&KwCOoqMIHNaqR5tppL8NMaVopCSld6~8; ze^d|($Hf(svLHYk3&~m+xS?XHk(;u)$~s! zHSt+==#voh`4mkoBghAd6^)Gc=?5`jhjSoz63-wrT3tnV!_gz5brpYg&;6D(sz|~g zPz94TZ`~kko!>MeDYvla--@yVGOhvr08o;@OATJq`G^)(v?&c!T344&j^))2L>7=~ z4-6G-r6~NGt-Jj3vh9_8&^$xKphA;w?k}bIvOI@3`@bX9kMK0dY!<9Cc(aFiIPUGS zGx+d<1b72tpZ|7F=iT{QBbE_gSwfs~(}$+L`r(C})#4e@n8EA}+LTyMDf*8jzQ7oMKPX12 zKd~sdsyeLJvFYvLsmndIFT@s1o0vpH8(rUlDA8r8XI^)(e>4>Dk_nHfC?=y{LqV37 zVBeRKN1gXi_E7Oj>!6Vf4?61b zrtd)ec;UAE@|i;13E3ZBNTh>hzODW>PrbHomJS!%4NBm;4xwqlfcqExTcuifoNku= z(^A?jLSBj*Kf`Di?RBy1zn9YQJgdRmE|By|51XDz#G5I`=i@$2$`t8?Nhs+qJ|cQ; z4+3YHBo8|8{$x&2XiColXOS%Wj&iAK{1^3;IXT5a7;+`-3|qCL^@&5O)XXI9EU|M) zO^-h!25}Sq_)bKCW_mTl{xl`3OM}ja1IsH;-MfLuIFp50i8Qqq644Ml2KWznDtn`* z(kZX(xknD5#;Jl-?U~{E)}z0hONN+ifW891ytAMq!w638%@?iIV__g*JED5xY@e6a zOn=}{csxC7%tZdE2Er6;{!(DluvOAzYu--imQeo>n@(HrZf<%gCdjoM9zvvTIIVAE zjso!*{_g^=DD5-kN;f(Z3~^F;rhCXd`fh>*i|o=p3dL3~I}jWUgo?YH5Tfz*-Fo~L ze9Vj#E{5VG-gHazQrH%K>bygX*XI_;Gl`U+&f|_D$Ah*d4L(ZZ;{CL9YDH*J1&uIc z_fpr!n^oi#7~Twbw$vt#oZF#n##n$P?-My64vKGNGaephh~or1s6=hHsW1Tv27{;!E6-=sQC^X+?C z%_Fc5hM(fv$|J^q`OBIAnvWnb74xHVnstj;T3>%I`Bem^^4*$2mDC}iDgx7^yfMDk zhO;k>Q?%xG*c+iptA7bb*ZV!GFd@4v1&lJxe?2mZ8w-p<4p;F%-4%Qr^(~TQ+M?Pg z50iI$0U<{05hu%A*PG|!2*3X(x#$+jaq})#lz`gWUkLs5s**u5Lb&C8C?Wv|Lo@M* zDamd$*xFHOX=;=!$)qy;#MafsWGzFk8Ks-$;oy6T!ur&qRv{&`LpUv@P|Y1Dg#q%Y zMp)m@{pTV$?OtXMvXHpV){H(}{O-vmk>nw6i+E1^z6}qWNv4(|&}wJ)y@#1EHeK6h z0J0OFT>leBsZvW(XDjK~5&xhNzlO2K7h^T7ll)Ar{b+mPyuaGqcr1dXr)0*kG>9a6 zalzuBEE?+Wzq)gE=-PHH1{?C)v4fuD(k`iENY-9y1r#$T#j^{6rbU~&4XQbyZ54$^ z2>EXE7!&e)oH%uUJ&d`dC|8}En1%;k;uB(o$A&my%TN&RCW(f_B1IB$OFH+g{ z+zboVNWLJ$bi%1(!zgfknO4KL?Wgd^r|ydKTVcknjiof*&EB2`cOsNmtxD-yR?>d$ ztW6fTCrBHb5s*F7yR@t2)wRXu!**fg-bz&)V^!WvQ2Df<1A~Zg2LtJ&sIsymZ3;`O zr@;Ky)MAC9NmZqsI5OaRu`4XF_g!4v7V96iY?xM7A=$& zK6+j~h||Fx)evLO@JvJZ%dItV2HjTpwe8gD*1}&m-haZ>0Hm%MC4Wo{-+mtG&wLvB zjpu~raB*JSc@z{RT?L3oCQAR+w?rJrM;fNeg@J?9X<(7V?VtQktTB}!2WuomSjf>@ znaipJN3vhuMXz-1iH*p*#^!{sNT_mKfwHeCx+C=aM&{p7VAo0+7g8b~eyY~B6}1kX z$xNF?{^WbH>`4&;JER>E?=~Lr+_YWIZ0lT@;lgMD>(be|7|5Tt&PoCOE_?NL8>dA! z^?FYn&vQs}*TT2k`z`x%%vTi+&%R71Ien}Aas0%PHAZ=WtlYP)4I;AsnZZC(jD;#N zcGQ=a&V0a%0pLygf~~3Cz34v9>`WJBLp&7+slPlN8QZ*4G+J^-Q}6b>TaG~dl+L4o zL#0Lj`}?;dJq%?^gY!G;!tMlV2S%z|+%O(~rJx~D$TksT&iw(xdIX=75)*28J)t^( zCSKkJsLh`|i^WWuBs{)z$}(sEpPTb8P4?;eh0t)(h?5nY9`(n4bbGU1+29q`oR!>) z?`MytVf~z#qBtMy?RgXmM2w-T!wf3b~*Vr~Nc8wW6B!z3j{S4U_5cf2O&sKgiSZ_NiH*uMRNAYx2?}%YC>-aN#?Y%INS* zVPzD6_0_aCZKJm&sC&dV%>?8XKOA_}Ms3zOU*smgESSyBUlxrIQz!8cUX)a&-1%EP#?3($1Gtq6=Ia{sUij8 zHm>?felswc?H0bYHOgr+S|oa5*4Dz$5Xv1iIU92~WQuso)&f!Pel%y1)Vl|Kj8L41 zN(V$-t(FKY#wMt2(7wVEzoBWgZ;DTMadj;sZ=#TP{UR9ExGwf= zJW79j`8fdbNz{LO>MVy4JKc13LHx5h8;?`zPfehz=~3;kzEtiI>z-w`fP9^YX37`b z9uJf$4R`L;m#@397!q&iKAi{fuGx%0|?I5k&6!y@t9-4^KAx0<~Z`*)O zCDh>&OT{tqkGRBR!npX^N*IHy;3~)p-?M@0A$1ixA?{%iY!TfS9J5?e+%yaS@her* zAIEMQZT{$qgi}BkCDrO${#U2nV~d$3Z!>EGJ@w~S({l>4#secz;x(TL#v2GnWJD*F z1y|$CN6LHn54z#BujH9(Esj)}KrK=O)`8fD6lS_QN&{FKCZdBy}L?_2R6Pc2@FEZ2EvN7tRzEd$8>!0`(<0@RJG6?5Lm=>s@ zQ7xCH0(eYcH${@DLP`VeaZ1Yo1l}+5L)<*|;8PT3TzuhZVI?r+=Lo<%_1@2xAE;aO z_SNj&BH?NE_FXk{8{TRRWJ@8JKw2NSR~BoUb5LvWb~Yg)h&_YX;7_ zfDE(;c3cU99Ch^7n6eWW;e(`51 zth5I~5I$&dR5sV@aygT`TE!GVfC#(m8jWaVR#crPdcHab?zr%DVnt6G zH0}-X!-eHV7yF#2U9N6B^84Dbt!@#GeUb=-1g2-u0hnp_J^2knoD& zII=|}PV7IWIc3NM-2Xr%G)yeZp1V;Eg;COQQY)^%vwc6l1}o`iCg0=@ba`dlp(c2J_&+Sx-e zFaHd2+2&k&z(UhdA+wz#%cO2@B|D$v;+2^vXxVR#Z(YKd*qLDIw2qb6tLvua__QVPvZSxy2d}&QiuzA%GAn&OoL7!u)qt#L2fB0(4X0<+=FOIVG)Ksw8DE zp9|f^Z4e(OKb}+i$n^v)FPFbOTw~C7z6lgx|J=)}Wg8B?EoC3pF$DS|$iK$0Su=uk zQLhCqY4UuM0%K8Il-=FPU!ER}a#v5x)MrGEK$uh4!o=@}6oo7Gr!c69IZ}cCm9FF; zd&_CjxVM}yGB|QX-lMhmoVJ@qf29^%g1F*|nb(f4P>^IEEOK)UqgCskjTG{1=R~E{ zUM*$yZ}xS}{=d)XdUZD`A*@xXx7QDbWygD7iKFUSfZr2!KiOC3kalqyP86lA zs^8HbrPmMEip1pb}^l zAv{C^GmG1fLP|a^ebRr9l4<|AZ1ZJJ9pDfP1gQ(HICC9E1i08c(H;N%CaEpQ4vGk~ zzy)ZWz>T=xL^?Ey#Fs}8rO`#4lp}`DaE41me0P_h5s1|0T$K~>Gv3oeO2~3RubKA6 z8o81b1}0PN;fKKow>ReK}DpFdQkrN#nEJ^o+TMh+3Kj?LCuKTO&u6*6-Wpiq zlblk(^?J&ikPCdtdRr$`m*PM*-u~QQNNGTS$x!z^R(q9a>mT7wQX(`+(`EndKB>** zDne8B`~+NIVf)YX1!ZAei`6X5nZTU83|m~x{xh}G5vk0b`s%ybb-#uv)>YF+FQsAe z*%m=Ivp4Mare5pT-EIrgswMK3$b1eBByz}0V@J0$(rIVWiy z0R__Y#G4^5H<9t&w29T7oAT0?Ihtf z(S{&5V`za*AiQZXDR^iAZsq1xkTyg*@A$A10l<=g#W~bztT#)RpA)=0wFpW*K7klG z8ii^zBv(_kfzg@pig{qGYm@$D^ja!|7v#(7wqONKWOizDIVD%h&rA!+bwK&>3E2Up zX2GBCw5jk&eWKDuO9>b*t@y^LT5>=ayg>Wf6tb0#n$KrQEXfJJ4U}QkpDqh<_DE&^ z!F$Do()sH17~+Uka~w>8f9bI2M2fD6vWEnVCJlNW=2ihknxK&5oXV3?gy<~lRGLFX zG1X;5Wg~HI#UPBfMO1IljLYS3>0x7R1I1f-95BIwKBudWxx+&7=*8zr_|MU`Cm~+i#upngA4n0 z)!DZ+lGj{*(6Vij_6|uHvl?`aPD6VjjgCO$s@OHiuTSr6Lih9fkhFvGOj`X%14QF1vk)}s~S#7R+ICD%%N>u)s1M=cUrT?oZjKu(E zyI~jYzkK7bLJHbgUxsf!yK+X@ev)5dO#^y1iW0@Z9gSJGo5kXx`XCB26x<4W|KuyZXC^l0TSBaX_= zON*g6a-zwD8+5Mv+71U*Ie5;OfBJBRsdF5)ps(NWxO34(#}5=$ti7>w8q#_P`Lv1(BtU{Ny-TG}b0= z#|6g}ZrNpYn))RwH>+*SR$7 zNyWp2c=^S)qRm*IM58&?sN}K>nPG=j?P;_!WB`iyCgn05`IX_d>D>=nDRQ4wO&{VQj5T}0bR z7-W0Dj9t1m*CC{u1HDpmd=pUF%2S1mnl_=7>k24t;JXb4Lce9(0r93$3{+>5y3d7u z-X@?Bk9drNAO}2gkWDZU_+gx!6d3zV+j~zU`=sEd&uEy}3v1XV7q|_Pl6J#l%kpf( zK0D3fSqLL`IUF!uQj-vrWJN@$$rIZ{iD1>A`TamYLL5i zvK6;CzjRc+xA2>WKMC8XbN+E`nx&`Xr9Lb>>5V%{fU})*wI;Y|Iv;4*7!U?wv9Z-n z6O2ucp7p=(#`x{;%*d==Q!x-8@J0Ixxg=aqYW8OT*c!ys-`Q>krMv>!HKo4;qf4iK z=-ewsQDmE+kIicl_p_C&_k;7?tyqU=XOsK~d2osQG<^IgL;3;cquK667zf|V+CkVf z^`;3xVRGR}k^Z-(X#RD7gbT0#9&#R)eb4fK|21+iLNx2gYlaFiK8pZ*K&Z)&bC}T5 z9F{nASR;EB)b>uRouB|ITJ@|JMj$7cHA!!odUQFJuwblPY~aS5)L+8?L`=;5{O`r$8|WK2-f22ebRg=f^GQa&5bntN_$+!>2FBbUL3-T@Zz26sVYwC80ipNFlS)= zOy9bkQ88YqeKzK0@=-ur@YSXdwcXrDEu>y3oJ(_FK*RuT4eL;f_u-2KL2%jDp@@Ug zyxG=6xZG3CwWb1ot69k-Hagw3sh9upauIa6PJF|(kiOvL&{8^ocGm=Bh42U~qTq-_ z`M~90cw{hc)F+}Ly(V5^O^J55Bs>m=HWzi~c~5NcSwNW_9tQB9q)>-nwTyR(63wwR z`h9}^IX`AJY}|86mHSYYFOSxspN}Vnldek&G}RP*K=kww=>(CSCUqa}cdzpJvMy{i~mn-RCMK3_$!XOXGIH+FTgog{TW zyYJ5I4jS^Uz`=$%#}F&%X``Y9_*Lj&WC@T-?S2UBA}$qTsr|7aaaZ@00@;8cFXC$z zgARp`^IcXFa7)?aM(~!;57CK`<2pFsEDU36P9BCTIPo4Z?oBSuF zA6gJq*ALeKi^Ga<1vo>|ifjD)%_X9rCQ0;y6=*Q?C=L@jP#d#=@P4w5Te$gq_@E7M z{we*9CwQRjRBki{YTYUWS7=S zetWNJU$DMK2qSM20cPU?4J3oAEb40(%~$8LHdn;{;@&BI3UO!Qdv2UgxHB61L;p{u zhw#6b_Nb2>q3%-=C;RXk)}hL^&JD5%(90p{|GE%8kRUQ;PfRVN%k+|0JD~%@?Rk~2 z)R=rQCF4;itEW5}8K)BZGZc&YO1@Gym|=CyP(1IG1Ew>ILFF3XWJWXhTd+;(c7fdX zG@?=w`otka5V{d|Y=3?&M&hRGOnUr}fjD*}aFY;^vp)0Rk4uFs_waa@sJeZWAa+KZ zOUUY*d>M6?mN^0`I!i!;r@OhM%u*@;uV`wNI$n-Wsum>4z+vI2E#9#7Fj{8DqRKdJ zuBs%p81f`fWyKD2=y8Sc2zrQJqCYxg+7p(_Yi)gO19He~}F?bU;p`opjOdAetE>Et3-pd~RLcsM>-?%|!OIgR+-$!Lboh zhh%4u%CQlOHQ8bd>%fJn_~=9-r69_kSoxS>tgsDe@lLW#kAH(`GG-Vd3jI~_`D7V+ z)kA%Xm(xod1Kl66F+s%9t!z4SkBp_E;i7o4lKvk&6L9<$NW^#t%8J*tv(#m`jT>bN zCOveO8|4^w$Dp(X!!VwVw#ipSPaVy%mKOtd4BhfKYX$vx`*qe|{qdXF-DH1Q+#{-< zxg_Tm-i3MhXA!8+D0NuA>YbX~WnZA+ z6Yn(=R};MNWui=5pWElLyB7{Mt;!OC`$J>OG+-laGiRIOYE?#Yk2Zty;|bV*KXKgc z$DwZ@U<5yE9{iTrz%nQgugL+e-^HZEqH=Co&mhKGA+E%08oUR8#>v6e4a6$0Ys%wte;7<4s#%pyE=N82mx7zd@*mDU5%#j`ZG|WIMa283z zY8ZM2R^Gtb>n6B1_9GSFdXsQ?|L*h-s zmCq<$64{4mjljxbMem2DjTH47X?vb5x9;;ZcZnsR=(MtCRhjY~`*JO?(bCA9{cvC<# zBD;W44;|Wqt4L+10Ke6|`>k;N&*_JCRT-Mj1nRcEx2gQsn*kdi8{q+G?+%{cM^3(` z6x3p}#IALXtav*VdzymZ7l)_g_ZCR)t4g#FZ4KQc55SA0`f{7D1gqO?qe*ZTSrGm+ z*rzt-yPVhCzm9JY0%JgWhUh~irJ_eE!{XVs*J=B^63eD0s#Wli(*K(~6Gx29X?NeZdoNSsaHv$6t}n-RxJ z9!Bul5c-U|1Vn>AAKx~>*M2=}2Nh67*MN*o?vqXlIIF2KiI0cov1)Z2VTaUjK6+|e z3^9?e*;X^_$qxXh`#`&QPnt8mnQd&sqw};;uq>2Zyf2%^x7<{KF{XJH9H%q+`>0TEHWxK)n4I zFq!|QiLf>#6q&}gCJabxBDCV1K5Dz>N%3=f@7^yjHD!tTAjm7A#MTbN=5BDI3fa%A&x1bGRX}gY5cj^afT{efLb!-%bSWCd9lGDCTWp9e6+0#jkVysjKkY!1i-B9VEI?7e~Vp4;`Y-++-0M;xLH`(+P?6 zyKx>e5!P`X#NM0RZ&Z7_K(P)|tcvCK=^=V+O{takPMAdu%dNVM#}!`D9-cFqO(B&S zn_`{C)0nEYw~;NrJ+Vly?3A+fFg@|!p{QRAw&6$UiVD27?h{tIS~Cg=A#x7GIUC6q zT^-S)hEygEHZ>Rsn!4s%O^7o|Jo+H^XDW%_ivXdx%XjYtE~hbU6sqRsM9ybVFfly; zxgNSjqBc}YgFw6f4$h8_1Tr*^=T4zRIcK|rx`zL=#s-={9~-k5y(S>vS5k#Qq9*EB zd!ALM4WwbR;z~GlV5anXrm-5Cik~&C3?CBzg8NRy-Z`>M)Nc&qraRwt3;zrW=Cbhd z5T{>vU>26o4@9i1^pgKsGN8f44vk1AAST^pje4{`DSeaF$v?F1+9oQ%ai_l|CkYeR z`Q`_3;GhX|<10wP4bzQSz;~d}P?th}sn8yRQ@*Fg9U^m1uwQ|jr!bVfrQF95e1`e% zfXTKUs4|&a7_bARrxWbtNh|G*+SN{t%5l zPkhC>l3Q}Vc1CI@S;MC`pm~||`nul5Z2Aone)``eOJp&WFq>4{p#|*~YWrMo7W9|E zSw=Fx6v83-!jzlSkvzk~4lWC2{w5g}^SPYhw>37~FaPD;dD}G5s~)4*>XYj>G>7JH z2K0ERJ=5P8E1^kvjG-XJWH}X8KYC|&GPeREXzuIjCtpIt=yK;Thg0=l(M?AI3?7b4 z;c1TRcDxuTV9z*MXVa91lcy%VSX;OsRJB39k(UtP(D;{=a`2@C^S*(8I=FW}#qKhn zgrnf+34r&MlU)Uor3{o1G@|GRtZPO7eV^nI2qM6r)fB&$aMG+GGBP2u1RWWGq8y670;NdAYj;~(wO0&Zog*2Z=Ap9j01@{Fhz8?x z*Z|lOFE%ge1+JzR&TCcsjr_zD?>8XiNL!do?_JmRa>Xlr^dT<)^PaH@dgt=lfkf3g zLoX5G=HMo4^DBSpgtXsw=0@~A)3XQJpAUITJ5f$P+4K4P@g}ZdcKLCG|*M|M4G1 zk@!W9jboU4CB3i1DGb{TpzT#kEOxpR5MxGm#oo3F45_uWw9KvKUTRO}`UwPo#(!sQ z8XWHY;cx5|Ielw`)jHDWOSwM?EsGg1i1>%Hlzaju36H}R<9kA}Vh#*mS^n#Mz4k6dFpgPY zy|GbGezh!El8LXplojxb9sj6zS@t*(vl2xQoTlFM-TG`+R3j$DD3|QaQ_DU@4g|)! z-sC$C_cVT`k|I0$X8U+gv0XwOa|VM-7QdB+tb|&Np2`Z+OoW1GMr&G2YV_C%!N0S0 zj`F@l{Es_KKj)taI1My&>K_3wtn5RQS=S;_!b@NNAW-rq?FxM=C=hpmQgoG|JL|5% zv!S&{cl`q~B`X;${+|YedHkG^^a3Efrp4ZII_BvT=W-(Q0)1uR>|R%T=*Pj8tz7bv z15aaGNV5#=Qq|pZ9b?x4>*hlcVa2~{ArCncpQL-WX(gZd-SQcQnhScdhCZSekcP({ z?kel%7jRW5N!Lu<3%+4=D9J$YXlrUbzJSk8%QIm>MeNy)HWY{>#~+B` z!y+}Y%ciU&!-VeJrn@%1z!=o;-W!_{tqeQSV@`Eek)S7zL@T1-yZIeF&nH`KN_Ib1 zV4pZH+oRn;1og_ZvufEQenO^{?p^JAEvq-C^j7cbPX;n3PuojHR^BSyc#$g+;UyTd z{re9*D?^!t-9sqXwu?JFqsu)VezYQR(^#O$${oxT>RTnPEH+0$VsvQuvORQlCalt= z;U~PG*klHnPljkjZZdf`rJ2wesU}-O_Foz&`k~Lb0J$74%Dj_Q;zA}bEu`?K80)}| zwytN+1L49mD19pILJTXG1;r%MT+SkbvdQ@rt#VDMJ21TL29G4T$3jZKcbt%~srHcAzFggfPz;OM! zCnHMo*!oOWO=J~pKO!pg>6PHpOjX_sOm$lD1T>>sz-GjZ0coizo! z#s$%k$3H=aJu*30k|RrJ9rl5=niADt+hG_GHISL~A@|Q;9%Phokcnq9QT;J8 z6Y!ZwknYEKmwKYsMDH|CcBvi(sF6i_3NUwCDZe7l6GQyYq+B_P@0Uq{Y_0GCtcJGRkZQ>XIDN{Zq0V^OkV1xeRj6aun8t<-{F=A3WrkaYhR=)w z@mewAoM^EHZ`5KAlgMN#uL*~{+wVwb3n}aH&OPBr2Ix;POB_1I<$?KQ>r>A^5s&lv zE=)G&Lr!TIMSn^P3NOpUU>}4za-YSWdI+R)=&}>tvPEqVxUnNMT*gEOn2L%WJk1^= zEF{dkrWb}UA@RqWZlHlFc%caKiFBO=icSnDMHlGAk~&34t`ZfjW(ut%*=kOz_RdPi zhBecXdIG)^RAO>tQANG-KYDJ6;kTlZg)gsNx<>yT-TMn<%PZZ5R0xlRGV|nXS>0Bm zwqH@~2989}*;5sX<1Yssr;%o$=c_q4)VzL1TqU}@`={!Kmn#spA4(hlJ?;Za>^FxJ z=z)A4NBL!s>6(h;EjWCYB8HrPp@gxTuOTz@)P+jEk_@|##H8Ly^@a8e$kFNMuE;!# zgiDd#*QJ!jN3LK#ppe?&QtyqyQ4)$7NMc73Kz05dYAQ^aD(D5#wNRCa-0U)yb;gr9%=1yGl^|@R5}8gD(`IRfxI010PtwYr||l8h3kV>d#0&;OA4_?-Io?8(*KBS zdBn3T+L>3uEI891;p2+|W`lkmRQjs1NXFC}4DC{OPXg!GNXwP6E7yvb%U-l8lBoU= z+v5rGkY1Z-1QGrd5254409qijxsZTzG&L5VXFan+4c#>ito^(MD;CFyuNTQPAbEVX zlW|+i#?McirFblHjZ9GO>tHy{c4G_CqQvbV5xI*mg)Dogfvmlxts6KPEb^Gm`SUV; zfj>l^Lq$hZ`Al&s^C&`YR0ew&gG&2OO4H__@6++^E8mCQ&D}^}Y6bx;?DjV=I+Aq3 z^CeE4*_F@-C6V(K82T)}!!&rs*2+41aqM`&x}Yf!TvHMHiuIrRu&|Q-a7nnm%i^tb z)fFvk&Jh+FQ0YE@*8A3b1!nER(^113O9-N5GIt*;RdqQj1>%38U*>MZ1-nxI9>pL} z-HAHI=MMwD)U%hr^|^MuY=EqS;MfWX;>ovrD&| zz?@2v>4o(J5dn-MfX;4hbX7eWdfFu*7;wr5Dr>#$2D1NlmOdmvLEk#pImh!5jucP2s79ZC1Z$wr46dqtYU!` z*ahrjEnF8|uCcX(GkYaeZS-=ZirCQ0dOY5Aab%-F)7=CVH5et(U2*&26>d-}4$m=? z%e#wDS-H7{Mn(k1gajkINY6`u)->1!k$@h$(f4o{oW@g+646)dW64>)AoQu~yfdA% ze9{e9TrssEY>V)#)^Q7XkWv{`z6Jubo!D>|<#-Dm)>_JnD2&fNWRr{6TjS8OIK3#O zNz>~5c$4TUBTOS?khd=ReUQ}(sZi;@JipWV4PI5{3t`GE2=qt^IB=%hWwU?kEk~x<>letVyVd@EoG&!4B8_V{@`UTj#|8v~J=8DG&&-tjuQJ5( zo7d*CEyqh1!>!bzGu5lr$i@foaPVtczF{M?e#$*jg*oV3ytUqi%`I_G7`DawlO{p2 zJNL4I@7~_4JESU}fD#qryN~GaNDfdt_%-j+S#;|`jB$`e)3tkTdcz^=VM|}yR2Bb+ z!2d|(rm9+C^yE*^7Amh!(h$+8?ON}iRzoivOp;V%3Hny8+Esp?q^G~65;cCL1 zP`whAfvGwfSkpQ?tpEo>7Bd`1T&}ApC|_NUt~eLZwsa9-S)qI2WG21s#ULc{cg0_v%2Gz$4HdVALUNp&(v~jLDyBJUTi>9RNj2LRJYY{Pgz5;jq z(0;G%rU&at{mly|+MCOS#Os>uL{*2To^cX!RYf6G#*ngy>lE3(#C1`Ibx*(W^@XCC z1JpHGUCSK0m<^GAbq*Zzq`Emu#e9z}b}Y#&Q9PyZd!gG&^&&#pI64$EqNTOsRk-u) zpN@88?ic*ABA87Mw`E8fzFGp&_h33jrJpT=DkW^inY)+$cZtdHHVSN{?%8f0FaCK@ zO+k2Zn;LqGhT}R+q_mli8~k?6%L66T^J?8pQF94nKE=b&VUyL1wGU#vBw?qj{2p-({gFu##sB2g+@c z1cf7TS7GiPr-3+WTl2QgAuJM}ZI4ZaZNEsD6Hct*Gnq53Ht~l1)g+r-(kVKKyatS< z8y3QTp5uP&?Ys_X>Me-%+i)8dTJXpB5hTV*4W`DGfHxE<&S14(E~J3V&8BausyySQ zH^JBXn`=!Bc6t*!M#W?1PaWW&>iL+3m!i=lv+~-|mUM7RnNaPwl+8)~0H%k~1Te+V zi~dh_6Vv}EZc_1dFeRXuH?mT8v4x_SBVc6s&)+0w>E!G}z|PL}|7zs~Ol*vt|JT>_ zzetqdXz4mHNuc?@)t!r%*Od45wU$>v1v1d!3x~o0XH5nlQADDNPiim)e!Mu_O*NvD zJKFSXf7Oes>?GA{o#i@zz1m_TBp06A9}&afSVN$55yz_7u}x<*t07#AEl%A zBV~;E@>nr8uS|onyhpd+Wh}L$r!$9fPGrXem!(H@&^!g4;NUE@5BkhcL!T1cNuU8t zQF}yW<>J5udU}*Uz9JKzP751Co>npwVD}&azlI zSO|uqTL?IlO4moJTbTk4Q8$kYJ7{4ifQM`XP%(n75__TXNf8d@3_c-# zZ*U|4nTT~G$Y2Qqi=6GYVz9L#HF55>JJ4>OIc);kZt?iUe?vtILP z%-2I>?Df-ebV6_jO=B1CJFP6u?-l5`>rF!XEOSRg3< z;{ZopC1k*9A;4@fmgJ69*NkU|;va|OMEH*lU=Prn&$a{1MMp^?$yQrtoaW9a?{eL!C^9C>GcEuR&aRZPwBnfCiIy+1eI zkf~gw?5%CuYQ#B^P~)y+PN<4>)2A zIbsVu(q1ZCdSXp@hfRE!O$b?iR*mE^5!ID{%0wl#ri;pyeRSlje)__XyBP{scw_!j zk+s*vBZP-?>&Mum&(z;w%;5KA+7I8WbsF7+oqGb@tC}RE&&nJz;ob-L)RiSC1`w2! zR^L4?8@ac9NyS|NC1(sT;=(fsfXpq1%$#PcPiefUNnfsDv^CxuZHcwdnrCBV z6>OG;=4vhqaZ8zxL)ugn;+C=yhrFQ}3&y@B7?9Wq6Uh+x8K^*&5 z|4q8Xop2G#jmL5`>7GuYOC%)BFEPPp0$x`G)q$_yGObdcmk%{8oa1@C#R+rBh^1C6 zr_H}-gO<3*g+i7&?bd@7wg(Jb(aaBR4n9yhtQln`dQv=(XbFxghYMrSbhsoGyJlNnNGDUV zaMe(NFjIUFZ?F->RVm3RyzChYx+1EbHMfIiU{F`l5Q%JMMBd~PiQJ0fNvF}GSK@*4 z0&(!bm|{B~uqjydjuRz>Qj^E)14T)v>BO&BGMC~>m-}X0R!pZ!?}nxkGP8oE&_)2~ z9-a;pl~d$18!b=045963Aau4%yiR?=WV53-9OjD=l^o~y`((E*W{!X8uE%7HJaOUq zKaE`nP!q@+HZ(CJr$|R6qCh|-jYI+@5IO`9X`+I(1cC$tAs{G%7=-T$B6{dd2eo%t7AKWr&yF`tgK zp7JG^)b((bXD*E>lmQsK66HI&Cb7;txgyTj0nepKQ3iJt+3##O*Rh8U!K5@MA}BG~ zBOc$BZFB|r+IDfkg;jI&V_$q>Syv9KJew4GUSXhSz11|iDLnr=5xZb%t2&-%#Omh zJuoh-ggJM=zTPZVGMbdnbGzhBr#Q4t_v3q?^n_-oK(ylE&~x>drzZ`#*9&fbv@Iso zsEUodkyV3J9 z?ZtmAiQ)5$g_D-*v(zq??Q!jXG#s8Zt@ew}V%%!=I9|E@+_9BG-Ju zaKQ@)YDwQuS6+c70d!;WR>Y^Wu`{8akW+f20!fCRC~NqG)-7d7zYJ+ z)WiVZXpU`=UpLx%O8~pR(@pHlrL0-)8CHf&%Bm1%9r0>JB-l|+i>#k zgYYlR%Wk7PbIO<0TIg+CG}4T9X*Tv_L~B_&ZDLejL2dl8x0yq@1YLGY83Z^&l7Gj;#a^(ickielaRXkc-tFI<{A<@xWR^}(Pe#U?ZqvoLh zuAxT7XgQ@tOF(Pk&gWjt8wu4N6XH1rAqrMa_tKLQ8R$L-l4_qc4S4|I^ZouNf6{Om zlSYW622qs0f32zyZ+%-8Ziv|i6b|>?U3N~}*pm#pCAyQcZfWc+{waBzv>-C_P#{$o zSiAo-lY2{7?hMmj_+TLM!H~3(aMz*PD%SwaQ^6}HNVl~K#b9Xpecpt zv9p5$M;$PE#gMAG$t`MdgtmneRdbx%wD%KlouG9Lv zg2pe}u3>x4{J*VX3(|1pjxLV;o=WD3$@rYTgO!MV!dBg!J*z?@QlaWd=AAoI`@UO& zkNSl&3?lRTU}HhrNwCG{V|oQ&5egqMkvxpE@58YfH5eoNti=VP;O@zL*MNQT6O*`a zQoGL5tOsevp_#n_h@Rf3g&Kw_Y3bYT67A5uR&cW3(Cln6{@94s`+b{+Y@Q~6yx{nQknxn&JBt0 zk9G6CV}G=bNlA4m{b@_;t((u~oCEzBvRc#N!HFt_P`*~V!doS}g~Yuz4bJgA@@u{x zMY_dZvg~H@LtplVtMrB4jG)2KLiR#A8@tKm?@8$lMo+mG{_?MkGO@EQOJWKrxjgCk%U;Yc|A0u&_&h03wzOeloE60xK@dU+8EAc&qL*@p;(m|5!DDCzl< z$xe=*o_9%j^iBuo9Y7jyRrVK-(;i%tDyZ~2%v&D%vAY(T_BIt)r z5EDmdGYXaF^KZ%?Di3n^a-@-bh>jq?|8#>=f+|7ffmkev=t-bB-2}qms6Pzf|3ZDZ z^6y9=rt;sQtsoRiXmPR;7ke!w(o~a~s`LPFK);0uo9`fyAJf>3xmz(pyObOzOK zsLPDc1s(%P_ou_wThJM28RO&RPAQLyS1tI(29HiPv%G_i*XYr^`u=eBw69XbX?H5? zOz=cS;`wa2B6h4n5}ex91khhR(PK8+oEwmx@0{Iky_sV5BBrhLrfyBHc?vs9B__27 zcZu~2T0eYs-|I}IJ4*IszcXyp|K3U!TsVSM;xK9iF(w!b^;;HR5htiNiPmdzp-)I6gAN;`QT7Jba;51hyJX-NwcI6)QX-O3or<~pOjH+C+i-j zz}@ln(HG<#E^wOErGYBiffi5WoPpIx0^et)jfPE!tm z1MrEt?u@?<+f)1LGg3V|hw08RQ5k%f^GkX0oMvmKsR`zZ3R;C9jia85;Vw4JkoH1Y zB|_yMMQ|)}%sj9aS-*(n7Xu!fNtnExeHIt{$Rakf_tO9)1RuWS6pu+rEj)QN0UF&G%_Bo-jI&E#rP0}tsPmNALZ|`^efv@gB)7) z@83Jzg}?ZJF1;`W@=v~CV@`AdLJU0#M1RnAC*OGQORSNS4LOGOz4L!oeb za6Mft=&wcCdW?ylt~3$|u7dj8PAJs()|?Y3_;9-ZB#0EsrPX&lWolWNSA5*=d%lhN z9-sON_izPk_2av)zjmh%4h~XNeS$-drrdQ2;6a3}4Owd66QUYCPUl5aBdqz>wtKxwh zBXUbA$4D)JtF9C+1b;{Mm7@bHXO{{K+NVoF}d=AI8MO%6G zV4>c|4yRwuX%%1|$*VhxNBOr($D1{#=)#}YL~@^U9DW|~m^sZQqEZfhQDUJ!bvmK) z&1)Hrb!IDdC9h(0Gw*ho$d2i^<%L%{z0dYqueryacl was being overloaded. Seperate the usage into + view->queryacl, view->cacheacl and view->queryonacl. [RT #22114] + * win32: add more dependencies to BINDBuild.dsw. [RT #22062] + * win32: named-checkzone and named-checkconf failed to initialise + winsock. [RT #21932] + * named failed to generate a correct signed response in a optout, + delegation only zone with no secure delegations. [RT #22007] + +Known issues in this release + + * "make test" will fail on OSX and possibly other operating systems. + The failure occurs in a new test to check for allow-query ACLs. The + failure is caused because the source address is not specified on + the dig commands issued in the test. + If running "make test" is part of your usual acceptance process, + please edit the file bin/tests/system/allow_query/test.sh and add + -b 10.53.0.2 + to the DIGOPTS line. + +Thank You + + Thank you to everyone who assisted us in making this release possible. + If you would like to contribute to ISC to assist us in continuing to + make quality open source software, please visit our donations page at + http://www.isc.org/supportisc. diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index e0a7208f3788..396f10520cf4 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.c,v 1.35.36.3 2009/01/20 02:03:18 marka Exp $ */ +/* $Id: check-tool.c,v 1.35.36.3.24.2 2010/09/07 23:46:25 tbox Exp $ */ /*! \file */ @@ -23,6 +23,10 @@ #include +#ifdef _WIN32 +#include +#endif + #include "check-tool.h" #include #include @@ -662,3 +666,26 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, return (result); } + +#ifdef _WIN32 +void +InitSockets(void) { + WORD wVersionRequested; + WSADATA wsaData; + int err; + + wVersionRequested = MAKEWORD(2, 0); + + err = WSAStartup( wVersionRequested, &wsaData ); + if (err != 0) { + fprintf(stderr, "WSAStartup() failed: %d\n", err); + exit(1); + } +} + +void +DestroySockets(void) { + WSACleanup(); +} +#endif + diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h index b0ba7e06ef44..01289266a7d2 100644 --- a/bin/check/check-tool.h +++ b/bin/check/check-tool.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */ +/* $Id: check-tool.h,v 1.14.628.2 2010/09/07 23:46:26 tbox Exp $ */ #ifndef CHECK_TOOL_H #define CHECK_TOOL_H @@ -43,6 +43,11 @@ isc_result_t dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, dns_masterformat_t fileformat, const dns_master_style_t *style); +#ifdef _WIN32 +void InitSockets(void); +void DestroySockets(void); +#endif + extern int debug; extern isc_boolean_t nomerge; extern isc_boolean_t docheckmx; diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index eba0d93b641d..7ed1043438d2 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.46.222.2 2009/02/16 23:47:15 tbox Exp $ */ +/* $Id: named-checkconf.c,v 1.46.222.2.24.2 2010/09/07 23:46:26 tbox Exp $ */ /*! \file */ @@ -453,6 +453,10 @@ main(int argc, char **argv) { if (conffile == NULL || conffile[0] == '\0') conffile = NAMED_CONFFILE; +#ifdef _WIN32 + InitSockets(); +#endif + RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS); @@ -494,5 +498,9 @@ main(int argc, char **argv) { isc_mem_destroy(&mctx); +#ifdef _WIN32 + DestroySockets(); +#endif + return (exit_status); } diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c index 0b49b51afc58..1fa015a88069 100644 --- a/bin/check/named-checkzone.c +++ b/bin/check/named-checkzone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkzone.c,v 1.51.34.4 2009/11/10 20:01:41 each Exp $ */ +/* $Id: named-checkzone.c,v 1.51.34.4.10.2 2010/09/07 23:46:26 tbox Exp $ */ /*! \file */ @@ -419,6 +419,10 @@ main(int argc, char **argv) { if (isc_commandline_index + 2 != argc) usage(); +#ifdef _WIN32 + InitSockets(); +#endif + RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); if (!quiet) RUNTIME_CHECK(setup_logging(mctx, errout, &lctx) @@ -453,5 +457,8 @@ main(int argc, char **argv) { isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); +#ifdef _WIN32 + DestroySockets(); +#endif return ((result == ISC_R_SUCCESS) ? 0 : 1); } diff --git a/bin/dig/host.c b/bin/dig/host.c index 8cd5b3db29a8..1a7d174146bf 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.116.216.3 2009/09/08 23:28:20 marka Exp $ */ +/* $Id: host.c,v 1.116.216.3.10.2 2010/10/19 23:46:25 tbox Exp $ */ /*! \file */ @@ -625,7 +625,9 @@ pre_parse_args(int argc, char **argv) { case 'v': break; case 'w': break; case 'C': break; - case 'D': break; + case 'D': + debugging = ISC_TRUE; + break; case 'N': break; case 'R': break; case 'T': break; @@ -792,7 +794,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { ndots = atoi(isc_commandline_argument); break; case 'D': - debugging = ISC_TRUE; + /* Handled by pre_parse_args(). */ break; case '4': if (have_ipv4) { diff --git a/bin/named/client.c b/bin/named/client.c index ae5386cb4893..a0e034ae2d27 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.259.12.3 2009/01/29 22:40:33 jinmei Exp $ */ +/* $Id: client.c,v 1.259.12.3.24.2 2010/09/29 23:46:31 tbox Exp $ */ #include @@ -1859,13 +1859,13 @@ client_request(isc_task_t *task, isc_event_t *event) { client->view->recursionacl, ISC_TRUE) == ISC_R_SUCCESS && ns_client_checkaclsilent(client, NULL, - client->view->queryacl, + client->view->cacheacl, ISC_TRUE) == ISC_R_SUCCESS && ns_client_checkaclsilent(client, &client->interface->addr, client->view->recursiononacl, ISC_TRUE) == ISC_R_SUCCESS && ns_client_checkaclsilent(client, &client->interface->addr, - client->view->queryonacl, + client->view->cacheonacl, ISC_TRUE) == ISC_R_SUCCESS) ra = ISC_TRUE; diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 500b57714e4f..3f019a3da691 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.40 2007/06/19 23:46:59 tbox Exp $ */ +/* $Id: query.h,v 1.40.626.2 2010/09/29 23:46:31 tbox Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 @@ -71,6 +71,8 @@ struct ns_query { #define NS_QUERYATTR_SECURE 0x0200 #define NS_QUERYATTR_NOAUTHORITY 0x0400 #define NS_QUERYATTR_NOADDITIONAL 0x0800 +#define NS_QUERYATTR_CACHEACLOKVALID 0x1000 +#define NS_QUERYATTR_CACHEACLOK 0x2000 isc_result_t ns_query_init(ns_client_t *client); diff --git a/bin/named/query.c b/bin/named/query.c index 73ed1a6b9095..0ba708bf7c06 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.313.20.16.10.2 2010/06/26 23:46:14 tbox Exp $ */ +/* $Id: query.c,v 1.313.20.16.10.3 2010/09/29 00:03:32 marka Exp $ */ /*! \file */ @@ -820,17 +820,15 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, return (DNS_R_REFUSED); dns_db_attach(client->view->cachedb, &db); - if ((client->query.attributes & - NS_QUERYATTR_QUERYOKVALID) != 0) { + if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) != 0) { /* - * We've evaluated the view's queryacl already. If - * NS_QUERYATTR_QUERYOK is set, then the client is + * We've evaluated the view's cacheacl already. If + * NS_QUERYATTR_CACHEACLOK is set, then the client is * allowed to make queries, otherwise the query should * be refused. */ check_acl = ISC_FALSE; - if ((client->query.attributes & - NS_QUERYATTR_QUERYOK) == 0) + if ((client->query.attributes & NS_QUERYATTR_CACHEACLOK) == 0) goto refuse; } else { /* @@ -844,16 +842,15 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")]; result = ns_client_checkaclsilent(client, NULL, - client->view->queryacl, + client->view->cacheacl, ISC_TRUE); if (result == ISC_R_SUCCESS) { /* - * We were allowed by the default - * "allow-query" ACL. Remember this so we - * don't have to check again. + * We were allowed by the "allow-query-cache" ACL. + * Remember this so we don't have to check again. */ client->query.attributes |= - NS_QUERYATTR_QUERYOK; + NS_QUERYATTR_CACHEACLOK; if (log && isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(3))) { @@ -876,9 +873,9 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, } /* * We've now evaluated the view's query ACL, and - * the NS_QUERYATTR_QUERYOK attribute is now valid. + * the NS_QUERYATTR_CACHEACLOKVALID attribute is now valid. */ - client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; + client->query.attributes |= NS_QUERYATTR_CACHEACLOKVALID; if (result != ISC_R_SUCCESS) goto refuse; diff --git a/bin/named/server.c b/bin/named/server.c index 8f6778666a07..5fbe043e644a 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.520.12.11.10.1 2010/03/03 22:06:36 marka Exp $ */ +/* $Id: server.c,v 1.520.12.11.10.4 2010/11/16 22:42:03 marka Exp $ */ /*! \file */ @@ -1132,6 +1132,14 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, dns_acache_setcachesize(view->acache, max_acache_size); } + CHECK(configure_view_acl(vconfig, config, "allow-query", actx, + ns_g_mctx, &view->queryacl)); + + if (view->queryacl == NULL) { + CHECK(configure_view_acl(NULL, ns_g_config, "allow-query", actx, + ns_g_mctx, &view->queryacl)); + } + /* * Configure the zones. */ @@ -1606,13 +1614,13 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, * configured in named.conf. */ CHECK(configure_view_acl(vconfig, config, "allow-query-cache", - actx, ns_g_mctx, &view->queryacl)); + actx, ns_g_mctx, &view->cacheacl)); CHECK(configure_view_acl(vconfig, config, "allow-query-cache-on", - actx, ns_g_mctx, &view->queryonacl)); - if (view->queryonacl == NULL) + actx, ns_g_mctx, &view->cacheonacl)); + if (view->cacheonacl == NULL) CHECK(configure_view_acl(NULL, ns_g_config, "allow-query-cache-on", actx, - ns_g_mctx, &view->queryonacl)); + ns_g_mctx, &view->cacheonacl)); if (strcmp(view->name, "_bind") != 0) { CHECK(configure_view_acl(vconfig, config, "allow-recursion", actx, ns_g_mctx, @@ -1628,14 +1636,14 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, * "allow-recursion" inherits from "allow-query-cache" if set, * otherwise from "allow-query" if set. */ - if (view->queryacl == NULL && view->recursionacl != NULL) - dns_acl_attach(view->recursionacl, &view->queryacl); - if (view->queryacl == NULL && view->recursion) + if (view->cacheacl == NULL && view->recursionacl != NULL) + dns_acl_attach(view->recursionacl, &view->cacheacl); + if (view->cacheacl == NULL && view->recursion) CHECK(configure_view_acl(vconfig, config, "allow-query", - actx, ns_g_mctx, &view->queryacl)); + actx, ns_g_mctx, &view->cacheacl)); if (view->recursion && - view->recursionacl == NULL && view->queryacl != NULL) - dns_acl_attach(view->queryacl, &view->recursionacl); + view->recursionacl == NULL && view->cacheacl != NULL) + dns_acl_attach(view->cacheacl, &view->recursionacl); /* * Set default "allow-recursion", "allow-recursion-on" and @@ -1651,16 +1659,13 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, "allow-recursion-on", actx, ns_g_mctx, &view->recursiononacl)); - if (view->queryacl == NULL) { + if (view->cacheacl == NULL) { if (view->recursion) CHECK(configure_view_acl(NULL, ns_g_config, "allow-query-cache", actx, - ns_g_mctx, &view->queryacl)); - else { - if (view->queryacl != NULL) - dns_acl_detach(&view->queryacl); - CHECK(dns_acl_none(ns_g_mctx, &view->queryacl)); - } + ns_g_mctx, &view->cacheacl)); + else + CHECK(dns_acl_none(ns_g_mctx, &view->cacheacl)); } /* diff --git a/lib/dns/api b/lib/dns/api index b1adf7845b24..82e6786c1d0a 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 57 +LIBINTERFACE = 58 LIBREVISION = 0 -LIBAGE = 2 +LIBAGE = 0 diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 5b53c1644f72..0b4dedc9bf45 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.111.88.4 2009/01/29 22:40:35 jinmei Exp $ */ +/* $Id: view.h,v 1.111.88.4.24.2 2010/09/29 23:46:31 tbox Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -118,6 +118,8 @@ struct dns_view { isc_boolean_t enablevalidation; isc_boolean_t acceptexpired; dns_transfer_format_t transfer_format; + dns_acl_t * cacheacl; + dns_acl_t * cacheonacl; dns_acl_t * queryacl; dns_acl_t * queryonacl; dns_acl_t * recursionacl; diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 638e64755b54..933576f3f1f0 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.103.48.6 2009/11/04 23:47:25 tbox Exp $ */ +/* $Id: journal.c,v 1.103.48.6.10.2 2010/11/17 23:46:16 tbox Exp $ */ #include @@ -2173,6 +2173,12 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, indexend = new->header.end.offset; } + + /* + * Close both journals before trying to rename files (this is + * necessary on WIN32). + */ + dns_journal_destroy(&j); dns_journal_destroy(&new); /* @@ -2180,12 +2186,14 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, * Any IXFR outs will just continue and the old journal will be * removed on final close. * - * With MSDOS / NTFS we need to do a two stage rename triggered - * bu EEXISTS. Hopefully all IXFR's that were active at the last - * rename are now complete. + * With MSDOS / NTFS we need to do a two stage rename, triggered + * by EEXIST. (If any IXFR's are running in other threads, however, + * this will fail, and the journal will not be compacted. But + * if so, hopefully they'll be finished by the next time we + * compact.) */ if (rename(newname, filename) == -1) { - if (errno == EACCES && !is_backup) { + if (errno == EEXIST && !is_backup) { result = isc_file_remove(backup); if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) @@ -2202,7 +2210,6 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, } } - dns_journal_destroy(&j); result = ISC_R_SUCCESS; failure: diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 538c228df023..f61b83b8ba91 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.270.12.16.10.3 2010/08/13 07:25:21 marka Exp $ */ +/* $Id: rbtdb.c,v 1.270.12.16.10.6 2010/11/16 07:46:23 marka Exp $ */ /*! \file */ @@ -5421,14 +5421,14 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, dns_rdataset_t *addedrdataset, isc_stdtime_t now) { rbtdb_changed_t *changed = NULL; - rdatasetheader_t *topheader, *topheader_prev, *header; + rdatasetheader_t *topheader, *topheader_prev, *header, *sigheader; unsigned char *merged; isc_result_t result; isc_boolean_t header_nx; isc_boolean_t newheader_nx; isc_boolean_t merge; dns_rdatatype_t rdtype, covers; - rbtdb_rdatatype_t negtype; + rbtdb_rdatatype_t negtype, sigtype; dns_trust_t trust; int idx; @@ -5466,7 +5466,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader_nx = NONEXISTENT(newheader) ? ISC_TRUE : ISC_FALSE; topheader_prev = NULL; - + sigheader = NULL; negtype = 0; if (rbtversion == NULL && !newheader_nx) { rdtype = RBTDB_RDATATYPE_BASE(newheader->type); @@ -5475,26 +5475,34 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * We're adding a negative cache entry. */ covers = RBTDB_RDATATYPE_EXT(newheader->type); - if (covers == dns_rdatatype_any) { + sigtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, + covers); + for (topheader = rbtnode->data; + topheader != NULL; + topheader = topheader->next) { /* - * We're adding an negative cache entry + * If we're adding an negative cache entry * which covers all types (NXDOMAIN, * NODATA(QTYPE=ANY)). * * We make all other data stale so that the * only rdataset that can be found at this * node is the negative cache entry. + * + * Otherwise look for any RRSIGs of the + * given type so they can be marked stale + * later. */ - for (topheader = rbtnode->data; - topheader != NULL; - topheader = topheader->next) { + if (covers == dns_rdatatype_any) { set_ttl(rbtdb, topheader, 0); topheader->attributes |= RDATASET_ATTR_STALE; - } - rbtnode->dirty = 1; - goto find_header; + rbtnode->dirty = 1; + } else if (topheader->type == sigtype) + sigheader = topheader; } + if (covers == dns_rdatatype_any) + goto find_header; negtype = RBTDB_RDATATYPE_VALUE(covers, 0); } else { /* @@ -5732,6 +5740,11 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, if (rbtversion == NULL) { set_ttl(rbtdb, header, 0); header->attributes |= RDATASET_ATTR_STALE; + if (sigheader != NULL) { + set_ttl(rbtdb, sigheader, 0); + sigheader->attributes |= + RDATASET_ATTR_STALE; + } } idx = newheader->node->locknum; if (IS_CACHE(rbtdb)) { @@ -7071,6 +7084,8 @@ dns_rbtdb_create * change. */ if (!IS_CACHE(rbtdb)) { + dns_rbtnode_t *nsec3node; + rbtdb->origin_node = NULL; result = dns_rbt_addnode(rbtdb->tree, &rbtdb->common.origin, &rbtdb->origin_node); @@ -7093,6 +7108,32 @@ dns_rbtdb_create rbtdb->origin_node->locknum = dns_name_hash(&name, ISC_TRUE) % rbtdb->node_lock_count; +#endif + /* + * Add an apex node to the NSEC3 tree so that NSEC3 searches + * return partial matches when there is only a single NSEC3 + * record in the tree. + */ + nsec3node = NULL; + result = dns_rbt_addnode(rbtdb->nsec3, &rbtdb->common.origin, + &nsec3node); + if (result != ISC_R_SUCCESS) { + INSIST(result != ISC_R_EXISTS); + free_rbtdb(rbtdb, ISC_FALSE, NULL); + return (result); + } + nsec3node->nsec3 = 1; + /* + * We need to give the nsec3 origin node the right locknum. + */ + dns_name_init(&name, NULL); + dns_rbt_namefromnode(nsec3node, &name); +#ifdef DNS_RBT_USEHASH + nsec3node->locknum = nsec3node->hashval % + rbtdb->node_lock_count; +#else + nsec3node->locknum = dns_name_hash(&name, ISC_TRUE) % + rbtdb->node_lock_count; #endif } diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 90c18bc95b3f..fc6f4544c3c8 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.11.10.6 2010/09/03 02:55:18 marka Exp $ */ +/* $Id: validator.c,v 1.164.12.11.10.7 2010/11/16 01:48:32 marka Exp $ */ #include @@ -393,6 +393,7 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { isc_boolean_t want_destroy; isc_result_t result; isc_result_t eresult; + isc_result_t saved_result; UNUSED(task); INSIST(event->ev_type == DNS_EVENT_FETCHDONE); @@ -429,6 +430,17 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { val->keyset = &val->frdataset; } result = validate(val, ISC_TRUE); + if (result == DNS_R_NOVALIDSIG && + (val->attributes & VALATTR_TRIEDVERIFY) == 0) + { + saved_result = result; + validator_log(val, ISC_LOG_DEBUG(3), + "falling back to insecurity proof"); + val->attributes |= VALATTR_INSECURITY; + result = proveunsecure(val, ISC_FALSE, ISC_FALSE); + if (result == DNS_R_NOTINSECURE) + result = saved_result; + } if (result != DNS_R_WAIT) validator_done(val, result); } else { @@ -619,6 +631,7 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { isc_boolean_t want_destroy; isc_result_t result; isc_result_t eresult; + isc_result_t saved_result; UNUSED(task); INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); @@ -645,6 +658,17 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { if (val->frdataset.trust >= dns_trust_secure) (void) get_dst_key(val, val->siginfo, &val->frdataset); result = validate(val, ISC_TRUE); + if (result == DNS_R_NOVALIDSIG && + (val->attributes & VALATTR_TRIEDVERIFY) == 0) + { + saved_result = result; + validator_log(val, ISC_LOG_DEBUG(3), + "falling back to insecurity proof"); + val->attributes |= VALATTR_INSECURITY; + result = proveunsecure(val, ISC_FALSE, ISC_FALSE); + if (result == DNS_R_NOTINSECURE) + result = saved_result; + } if (result != DNS_R_WAIT) validator_done(val, result); } else { @@ -1875,9 +1899,11 @@ validate(dns_validator_t *val, isc_boolean_t resume) { * was known and "sufficiently good". */ if (!dns_resolver_algorithm_supported(val->view->resolver, - event->name, - val->siginfo->algorithm)) + event->name, + val->siginfo->algorithm)) { + resume = ISC_FALSE; continue; + } if (!resume) { result = get_key(val, val->siginfo); @@ -1888,16 +1914,12 @@ validate(dns_validator_t *val, isc_boolean_t resume) { } /* - * The key is insecure, so mark the data as insecure also. + * There isn't a secure DNSKEY for this signature so move + * onto the next RRSIG. */ if (val->key == NULL) { - if (val->mustbesecure) { - validator_log(val, ISC_LOG_WARNING, - "must be secure failure"); - return (DNS_R_MUSTBESECURE); - } - markanswer(val, "validate"); - return (ISC_R_SUCCESS); + resume = ISC_FALSE; + continue; } do { @@ -3703,6 +3725,20 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) */ result = DNS_R_NOVALIDNSEC; goto out; + } else if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { + /* + * If we have "trust == answer" then this namespace + * has switched from insecure to should be secure. + */ + result = create_validator(val, tname, + dns_rdatatype_ds, + &val->frdataset, + NULL, dsvalidated, + "proveunsecure"); + if (result != ISC_R_SUCCESS) + goto out; + return (DNS_R_WAIT); } else if (val->frdataset.trust < dns_trust_secure) { /* * This shouldn't happen, since the negative diff --git a/lib/dns/view.c b/lib/dns/view.c index 3726eefa5fb6..54f0d264162a 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.150.84.3.10.1 2010/03/03 22:06:39 marka Exp $ */ +/* $Id: view.c,v 1.150.84.3.10.2 2010/09/29 00:03:32 marka Exp $ */ /*! \file */ @@ -168,6 +168,8 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->acceptexpired = ISC_FALSE; view->minimalresponses = ISC_FALSE; view->transfer_format = dns_one_answer; + view->cacheacl = NULL; + view->cacheonacl = NULL; view->queryacl = NULL; view->queryonacl = NULL; view->recursionacl = NULL; @@ -294,6 +296,10 @@ destroy(dns_view_t *view) { dns_acl_detach(&view->matchclients); if (view->matchdestinations != NULL) dns_acl_detach(&view->matchdestinations); + if (view->cacheacl != NULL) + dns_acl_detach(&view->cacheacl); + if (view->cacheonacl != NULL) + dns_acl_detach(&view->cacheonacl); if (view->queryacl != NULL) dns_acl_detach(&view->queryacl); if (view->queryonacl != NULL) diff --git a/lib/isc/api b/lib/isc/api index 823f692fe3c4..b765f45fee6b 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -1,3 +1,3 @@ LIBINTERFACE = 53 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 3 diff --git a/lib/isc/print.c b/lib/isc/print.c index b892e3a2ed09..6b9819505584 100644 --- a/lib/isc/print.c +++ b/lib/isc/print.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.c,v 1.35 2008/02/18 23:46:59 tbox Exp $ */ +/* $Id: print.c,v 1.35.418.2 2010/10/18 23:46:34 tbox Exp $ */ /*! \file */ @@ -468,7 +468,7 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { if (width > 0) { count += width; width--; - if (left) { + if (left && size > 1) { *str++ = c; size--; } diff --git a/release-notes.css b/release-notes.css new file mode 100644 index 000000000000..411eb8bfb83b --- /dev/null +++ b/release-notes.css @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: release-notes.css,v 1.1.4.3 2010/11/29 01:16:39 tbox Exp $ */ + +body { + background-color: #ffffff; + color: #333333; + font-family: "Helvetica Neue", "ArialMT", "Verdana", "Arial", "Helvetica", sans-serif; + font-size: 14px; + line-height: 18px; + margin: 2em auto; + width: 700px; +} + +.command { + font-family: "Courier New", "Courier", monospace; + font-weight: normal; +} + +.note { + background-color: #ddeedd; + border: 1px solid #aaccaa; + margin: 1em 0 1em 0; + padding: 0.5em 1em 0.5em 1em; + -moz-border-radius: 10px; + -webkit-border-radius: 10px; +} + +.screen { + background-color: #ffffee; + border: 1px solid #ddddaa; + padding: 0.25em 1em 0.25em 1em; + margin: 1em 0 1em 0; + -moz-border-radius: 10px; + -webkit-border-radius: 10px; +} + +.section.title { + font-size: 150%; + font-weight: bold; +} + +.section.section.title { + font-size: 130%; + font-weight: bold; +} diff --git a/version b/version index a16a96f2e012..d736ecf00acc 100644 --- a/version +++ b/version @@ -1,4 +1,4 @@ -# $Id: version,v 1.43.12.8.4.3 2010/09/03 02:57:11 marka Exp $ +# $Id: version,v 1.43.12.8.4.4 2010/11/18 23:37:13 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MAJORVER=9 MINORVER=6 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R2 +RELEASEVER=-R3