mosquitto-1.5.7-bp151.3.3.1<>,p]O!M@eeeHIb i> u+NoZgU^BHv2J@W>BwWɈnܒx]+<.Os-￾?}jQMoڦsԳeĩ 特aCn M,bVF?d   8tx  PLL L L L $,L $L%L'1L()L*@*p*-m(-8-9.,:09=>'?/@7F?GTLHLILXY \DL]tL^bAcdefluLvwLxLyDzCmosquitto1.5.7bp151.3.3.1A MQTT v3.1/v3.1.1 BrokerMosquitto is a message broker that implements the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers like the Arduino. A good example of this is all of the work that Andy Stanford-Clark (one of the originators of MQTT) has done in home monitoring and automation with his twittering house and twittering ferry.]Os390p23R8SUSE Linux Enterprise 15openSUSEEPL-1.0http://bugs.opensuse.orgProductivity/Networking/Otherhttps://mosquitto.org/linuxs390xgetent group mosquitto || /usr/sbin/groupadd -r mosquitto getent passwd mosquitto || /usr/sbin/useradd -g mosquitto -s /bin/false -r -c "mosquitto" -d /var/lib/mosquitto mosquitto # START BIG SYSTEMD test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in mosquitto.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in mosquitto.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-mosquitto-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-mosquitto-update-$service-new-in-upgrade" fi done for service in mosquitto.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset mosquitto.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in mosquitto.service ; do if [ ! -e "/run/rpm-mosquitto-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-mosquitto-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in mosquitto.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable mosquitto.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop mosquitto.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart mosquitto.service ) || : fi else # package uninstall for service in mosquitto.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fi # /END BIG SYSTEMDAIcj0OL !- HEu .6"WS' & '~$c `%8 AA큤A聠A큤A큤A큤큤A큤AA큤A큤A큤AA큤AA큤A큤A큤A큤A]O]O]O]O]O\d]O]O]O]O]O]O\d\d\d]O]O]O]O]O]O\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d]Oq]Oq]O\d\d\d\d\d\d]O0a01a95c7b67e9e81c2c31f285cd0f81915d863fa1652c13cefcd854c69cdcdb4b9ea4d974fe3e73f385480aba0f3f7eba010f9a6a341821c3052dab9a0e01b6dea34f98b5b2d1eb72c566c691b7e70ab1683df5ae37230613cb6d1af52ecbed9817034f6fc16b96721b51687a010883fe6bd4f920d3e56d7d57529e6312254d107814dcfd6c79003ca7f379f25ba882c70fb719ec5a7716cc1971f9768fc925f977924d2581a8cc1244ccc2ddfdd725737cf767b56f3df7dcfff711137ddd51cad5c6ae4ecf25e2709e88f2b92d75905ac4aedc622df6e9a536238c0b047856f8e6c377ada750e97cbd354f56410d5d0e2bbf1a14dd77403e289d9a42970c5cc6d5f6ed55ce07a25a437921f16ed0f2bfab347e61bbe3f74f046ff18eb1bc779ffa7265c8ff0e71a68c66d3a3bf19094f96e3808927866baf0265d7765ce87ebe70a265b9a6e7ce2c0351be5c0eff9faba5b72da71e77c3c43ac3af25673e2f296c3875383b4b5ce1a5cd6d66e4cf8f090ae28f7a593745cbc43ed49bbebaed4d61e4e202822174485feb1f0f0e5155c37c644c95514f445e8a26de902edfa129c022cd1979d93bb7a17ea3e89f23543494f921cf61cdf4f991cbece87024dabab83cf0e197db9f362e541aa343462b503572ef1a2e393184fc82a442dc029f23244bb721345dfd9a86ae7b2499b96da49d62cf7d0f999bea03aaf4163a267adea34f98b5b2d1eb72c566c691b7e70ab1683df5ae37230613cb6d1af52ecbede8cf7d54ea46c19aba793983889b7f7425e1ebfcaaccec764a7db091646e203c3b9be6b894d0769de796e653571ff6cef494913c0ce78c35a97db939e7d9087ce2f6c8d08b1e7f7218f9dce16304e675c54e7d04da856ea239d13b13c261123fa955d26a1b03f870f8b5501a73072db0796766cfb400da08727264a393cf9e4a6ad55f83f47884074e772435ffe06ad770b240187ff3398255ed22f7cbbcb4ea492d4173d1bb2a71087e4cb9a04bdcd293e7465f76a9d9c2af2aaf4c4249359085bb133707b0b3b256c15d85236bf0144d3c36b63064420d9b6983aed3247d96021d5040e46dbf227d1219569effcfc4425d964404f01808f136132a11a925cfd2ab286032fc621ee692bb6bfc68d7a412b4a3810bc1a35822d7cb66d21ebfebc440058c672fd5eb4d42c6541ddf47aeda36cbdab6145f147f8e036819bc0b7d2c95bf7ac16849f61acec6cd35b94f87e2ae0dbc73426a0c7e166b2061d23e252874289c12f02ef85e8d6e7beae67f239879a55c003f583d030ae965b6896be19c2430662a436cadba6dd2833d8f190d68aeadeb021941c7013726f759a40d756d03d5dd7710a4fd5246741fb5dc49820bcb23d46c4afb5bb2a6f46c84f79fe0245370e7cc48bd2651d8d2b887cd77fab7075d82f09ca787942cd47dcb32a1784331f44d8fd5a9cc7a44bfc490652db5356989bbb705ad9d631b9e2425f768dedfc233ac635686f7a8b70e0a1bf118a5aaa74fd52fe9c40bc258bc2d25cd97387b53690062f7b61f2047233834f1dfbddb90545d124bf6abd4c0a7b507f64a783925b728e0275cd5abfdb2640255303781a65f54d31b31731cf3951cd1f285092406e8d4b43d6b7a5252fa5305af286d95ab4d56c636a38001abe9e5adaf499c38dcbd5d0dc1a035ef535eaf9ff0ea98276164e9d6fb6c2e7da6c784bd7cc675f95e793c2b2b74dbd3825f33e4bfb3e3ec78779d042bc9b25c32dd6e86dbec30981363eaf9c01c370f1922f8c5f0a0ab7a2ca6ccffc5427555200f669a22366766463e30a4a51385d3ceea358745dcb9ddf25eef58d5fa1f600b0445af514c1a9e5c3730a0c0f9ba78537cd805bf7d9cdc8c632cc91b4cb01b04633bb114d869250b683a3b22eff3c4a7126718c397a1dbc3c901edf3f0b29a7eb5a6e59c9ab39e496f3b48a7164129f3c7c185b17c14b6f3d514c53028ff6710c9b0332c86127e233f2cd6ad4355a50bf62cab6fda1ec54949a6a8bd80738e5c367ffa05e50e64f7164fe440d94d0d655fc7af8fd1df82b6108e7bff548477a1802a67187a0df8e6c377ada750e97cbd354f56410d5d0e2bbf1a14dd77403e289d9a42970c5cc6d5f6ed55ce07a25a437921f16ed0f2bfab347e61bbe3f74f046ff18eb1bc77f5f868d4519e78602c301e6673cd2bc151c0c17a48c16e7b5adf8180a6fa91bd4b9ea4d974fe3e73f385480aba0f3f7eba010f9a6a341821c3052dab9a0e01b6cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc16501146ead2de75bba29b520ab010f11a77b0e04bb1d993ccbbe8169bdbbd76b9c50a22c988a70c74ae1a6908cab201099d95370c92e3e9f3ba14fcbd0699cada6a9c91f754e4125554033af18794397c9c6f79864b015a7faf5704839157d8dab5ab65d29fade6fbb100d1f20626909c80830d772cfd3935c0b8ea03f8e6e18e9777d258129201c56f719fe45ab42e61240060b01f508f7af6b2482aed315d4servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmosquittorootrootrootrootmosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittomosquittorootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmosquittomosquitto-1.5.7-bp151.3.3.1.src.rpmconfig(mosquitto)mosquittomosquitto(s390-64) @@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/shconfig(mosquitto)libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.2)(64bit)librt.so.1()(64bit)librt.so.1(GLIBC_2.2)(64bit)libssl.so.1.1()(64bit)libssl.so.1.1(OPENSSL_1_1_0)(64bit)libuuid.so.1()(64bit)libuuid.so.1(UUID_1.0)(64bit)libwebsockets.so.12()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)shadowsystemdsystemdsystemdsystemd1.5.7-bp151.3.3.13.0.4-14.6.0-14.0-15.2-14.14.1]\j@\eX@\d\[Ѱ@[y[ZZ@Y*@Y4Y_wY\Y, @XrWrfVVwVhVhVhVetV<@UpUL@UCjUCjUCjMartin Hauke Martin Hauke Martin Hauke Martin Hauke mardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.demardnh@gmx.dejengelh@inai.deantoine.belvire@opensuse.orgmardnh@gmx.demardnh@gmx.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.demrueckert@suse.de- Add patch to fix security issue: CVE-2019-11779 * mosquitto-1.5.x-cve-2019-11779.patch- Use HTTPS for all URLs - Verify source signature- Update to version 1.5.7 Broker: - Ensure that an error occurs if `per_listener_settings true` is given after other security options. - Fix case where old unreferenced msg_store messages were being saved to the persistence file, bloating its size unnecessarily. Library: - Fix `mosquitto_topic_matches_sub()` not returning MOSQ_ERR_INVAL for invalid subscriptions like `topic/#abc`. This only affects the return value, not the match/no match result, which was already correct.- Update to version 1.5.6 Security: * Fix CVE-2018-12551 (bsc#1125021): If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. * Fix CVE-2018-12550 (bsc#1125021): If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. This is now fixed. * Fix CVE-2018-12546 (bsc#1125019): If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option `check_retain_source` has been introduced to enforce checking of the retained message source on publish. Broker: * Fixed comment handling for config options that have optional arguments. * Improved documentation around bridge topic remapping. * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly. * Fix spaces not being allowed in the bridge remote_username option. * Allow broker to always restart on Windows when using `log_dest file`. * Fix Will not being sent for Websockets clients. * Windows: Fix possible crash when client disconnects. * Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. * Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Library: * Fix TLS connections not working over SOCKS. * Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.- FIX CVE-2018-20145: mosquitto: ACL bypass (bnc#1119536) - Update to version 1.5.5 Security: * If `per_listener_settings` is set to true, then the `acl_file` setting was ignored for the "default listener" only. This has been fixed. This does not affect any listeners defined with the `listener` option. Broker: * Add `socket_domain` option to allow listeners to disable IPv6 support. This is required to work around a problem in libwebsockets that means sockets only listen on IPv6 by default if IPv6 support is compiled in. * When using ADNS, don't ask for all network protocols when connecting, because this can lead to confusing "Protocol not supported" errors if the network is down. * Fix outgoing retained messages not being sent by bridges on initial connection. * Don't reload auth_opt_ options on reload, to match the behaviour of the other plugin options. * Print message on error when installing/uninstalling as a Windows service. * All non-error connect/disconnect messages are controlled by the `connection_messages` option. Library: * Fix reconnect delay backoff behaviour. * Don't call on_disconnect() twice if keepalive tests fail. Client: * Always print leading zeros in mosquitto_sub when output format is hex. Build: * Fix building where TLS-PSK is not available. - Update to version 1.5.4 Security: * When using a TLS enabled websockets listener with "require_certificate" enabled, the mosquitto broker does not correctly verify client certificates. This is now fixed. All other security measures operate as expected, and in particular non-websockets listeners are not affected by this. Broker: * Process all pending messages even when a client has disconnected. This means a client that send a PUBLISH then DISCONNECT quickly, then disconnects will have its DISCONNECT message processed properly and so no Will will be sent. * $SYS/broker/clients/disconnected should never be negative. * Give better error message if a client sends a password without a username. * Fix bridge not honoring restart_timeout. * Don't disconnect a client if an auth plugin denies access to SUBSCRIBE. Library: * Fix memory leak that occurred if mosquitto_reconnect() was used when TLS errors were present. * Fix TLS connections when using an external event loop with mosquitto_loop_read() and mosquitto_write(). Build: * Fix clients not being compiled with threading support when using CMake. * Use _GNU_SOURCE to fix build errors in websockets and getaddrinfo usage.- Update to version 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Fix retained messages not sent by bridges on outgoing topics at the first connection. * Fix duplicate clients being added to by_id hash before the old client was removed. - Update to version 1.5.2 Broker: * Fix incorrect call to setsockopt() for TCP_NODELAY. * Fix excessive CPU usage when the number of sockets exceeds the system limit. * Fix round_robin false behaviour. * Fix segfault on HUP when bridges and security options are configured. Library: * Fix situation where username and password is used with SOCKS5 proxy. * Fix SOCKS5 behaviour when passing IP addresses.- Update to version 1.5.1 Broker: * Fix plugin cleanup function not being called on exit of the broker. * Print more OpenSSL errors when loading certificates/keys fail. * Use AF_UNSPEC etc. instead of PF_UNSPEC to comply with POSIX. * Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined. * Fix IPv6 addresses not being able to be used as bridge addresses. * All clients now time out if they exceed their keepalive*1.5, rather than just reach it. This was inconsistent in two places. * Fix segfault on startup if bridge CA certificates could not be read. * Fix problem opening listeners on Pi caused by unsigned char being default. * ACL patterns that do not contain either %c or %u now produce a warning in the log. * Fix bridge publishing failing when per_listener_settings was true. * Fix `use_identity_as_username true` not working. * Fix UNSUBACK messages not being logged. * Fix possible endian issue when reading the `memory_limit` option. * Fix building for libwebsockets < 1.6. * Fix accessor functions for username and client id when used in plugin auth check. Library: * Fix some places where return codes were incorrect, including to the on_disconnect() callback. This has resulted in two new error codes, MOSQ_ERR_KEEPALIVE and MOSQ_ERR_LOOKUP. * Fix connection problems when mosquitto_loop_start() was called before mosquitto_connect_async(). Clients: * When compiled using WITH_TLS=no, the default port was incorrectly being set to -1. This has been fixed. * Fix compiling on Mac OS X <10.12. Build: * Fixes for building on NetBSD. * Fixes for building on FreeBSD. * Add support for compiling with static libwebsockets library.- Update to version 1.5 Security: * Fix memory leak that could be caused by a malicious CONNECT packet. This does not yet have a CVE assigned. Closes #533493 (on Eclipse bugtracker) Broker features: * Add per_listener_settings to allow authentication and access control to be per listener. * Add limited support for reloading listener settings. This allows settings for an already defined listener to be reloaded, but port numbers must not be changed. * Add ability to deny access to SUBSCRIBE messages as well as the current read/write accesses. Currently for auth plugins only. * Reduce calls to malloc through the use of UHPA. * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. This change in behaviour can be justified by considering when the timeout may have occurred. + If a connection is unreliable and has dropped, but without one end noticing, the messages will be retried on reconnection. Sending additional PUBLISH or PUBREL would not have changed anything. + If a client is overloaded/unable to respond/has a slow connection then sending additional PUBLISH or PUBREL would not help the client catch up. Once the backlog has cleared the client will respond. If it is not able to catch up, sending additional duplicates would not help either. * Add use_subject_as_username option for certificate based client authentication to use the entire certificate subject as a username, rather than just the CN. Closes #469467. * Change sys tree printing output. This format shouldn't be relied upon and may change at any time. Closes #470246. * Minimum supported libwebsockets version is now 1.3. * Add systemd startup notification and services. Closes #471053. * Reduce unnecessary malloc and memcpy when receiving a message and storing it. Closes #470258. * Support for Windows XP has been dropped. * Bridge connections now default to using MQTT v3.1.1. * mosquitto_db_dump tool can now output some stats on clients. * Perform utf-8 validation on incoming will, subscription and unsubscription topics. * new $SYS/broker/store/messages/count (deprecates $SYS/broker/messages/stored) * new $SYS/broker/store/messages/bytes * max_queued_bytes feature to limit queues by real size rather than than just message count. Closes Eclipse #452919 or Github #100 * Add support for bridges to be configured to only send notifications to the local broker. * Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on client sockets. Closes #433. * The behaviour of allow_anonymous has changed. In the old behaviour, the default if not set was to allow anonymous access. The new behaviour is to default is to allow anonymous access unless another security option is set. For example, if password_file is set and allow_anonymous is not set, then anonymous access will be denied. It is still possible to allow anonymous access by setting it explicitly. Broker fixes: * Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665. * Produce an error if two bridges share the same local_clientid. * Miscellaneous fixes on Windows. * queue_qos0_messages was not observing max_queued_** limits * When using the include_dir configuration option sort the files alphabetically before loading them. Closes #17. * IPv6 is no longer disabled for websockets listeners. * Remove all build timestamp information including $SYS/broker/timestamp. Close #651. * Correctly handle incoming strings that contain a NULL byte. Closes #693. * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. * Maximum connections on Windows increased to 2048. * When a client with an in-use client-id connects, if the old client has a will, send the will message. Closes #26. * Fix parsing of configuration options that end with a space. Closes #804. Client library features: * Outgoing messages with QoS>1 are no longer retried after a timeout period. Messages will be retried when a client reconnects. * DNS-SRV support is now disabled by default. * Add mosquitto_subscribe_simple() This is a helper function to make retrieving messages from a broker very straightforward. Examples of its use are in examples/subscribe_simple. * Add mosquitto_subscribe_callback() This is a helper function to make processing messages from a broker very straightforward. An example of its use is in examples/subscribe_simple. * Connections now default to using MQTT v3.1.1. * Add mosquitto_validate_utf8() to check whether a string is valid UTF-8 according to the UTF-8 spec and to the additional restrictions imposed by the MQTT spec. * Topic inputs are checked for UTF-8 validity. * Add mosquitto_userdata function to allow retrieving the client userdata member variable. Closes #111. * Add mosquitto_pub_topic_check2(), mosquitto_sub_topic_check2(), and mosquitto_topic_matches_sub2() which are identical to the similarly named functions but also take length arguments. * Add mosquitto_connect_with_flags_callback_set(), which allows a second connect callback to be used which also exposes the connect flags parameter. Closes #738 and #128. * Add MOSQ_OPT_SSL_CTX option to allow a user specified SSL_CTX to be used instead of the one generated by libmosquitto. This allows greater control over what options can be set. Closes #715. * Add MOSQ_OPT_SSL_CTX_WITH_DEFAULTS to work with MOSQ_OPT_SSL_CTX and have the default libmosquitto SSL_CTX configuration applied to the user provided SSL_CTX. Closes #567. Client library fixes: * Fix incorrect PSK key being used if it had leading zeroes. * Initialise "result" variable as soon as possible in mosquitto_topic_matches_sub. Closes #654. * No need to close socket again if setting non-blocking failed. Closes #649. * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against foo/+/#. Closes #670. * SNI host support added. Client features: * Add -F to mosquitto_sub to allow the user to choose the output format. * Add -U to mosquitto_sub for unsubscribing from topics. * Add -c (clean session) to mosquitto_pub. * Add --retained-only to mosquitto_sub to exit after receiving all retained messages. * Add -W to allow mosquitto_sub to stop processing incoming messages after a timeout. * Connections now default to using MQTT v3.1.1. * Default to using port 8883 when using TLS. * mosquitto_sub doesn't continue to keep connecting if CONNACK tells it the connection was refused. Client fixes: * Correctly handle empty files with "mosquitto_pub -l". Closes #676. Build: * Add WITH_STRIP option (defaulting to "no") that when set to "yes" will strip executables and shared libraries when installing. * Add WITH_STATIC_LIBRARIES (defaulting to "no") that when set to "yes" will build and install static versions of the client libraries. * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636. * Support for openssl versions 1.0.0 and 1.0.1 has been removed as these are no longer supported by openssl. Documentation: * Replace mentions of deprecated 'c_rehash' with 'openssl rehash'. - Remove patch: * mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch (not longer needed) - Support for tcp-wrapper is broken atm, disable for now- Update to version 1.4.15 Security: * Fix CVE-2017-7652. If a SIGHUP is sent to the broker when there are no more file descriptors, then opening the configuration file will fail and security settings will be set back to their default values. * Fix CVE-2017-7651. Unauthenticated clients can cause excessive memory use by setting "remaining length" to be a large value. This is now mitigated by limiting the size of remaining length to valid values. A "memory_limit" configuration option has also been added to allow the overall memory used by the broker to be limited. Broker: * Use constant time memcmp for password comparisons. * Fix incorrect PSK key being used if it had leading zeroes. * Fix memory leak if a client provided a username/password for a listener with use_identity_as_username configured. * Fix use_identity_as_username not working on websockets clients. * Don't crash if an auth plugin returns MOSQ_ERR_AUTH for a username check on a websockets client. Closes #490. * Fix 08-ssl-bridge.py test when using async dns lookups. Closes #507. * Lines in the config file are no longer limited to 1024 characters long. Closes #652. * Fix $SYS counters of messages and bytes sent when message is sent over a Websockets. Closes #250. * Fix upgrade_outgoing_qos for retained message. Closes #534. * Fix CONNACK message not being sent for unauthorised connect on websockets. Closes #8. Client library: * Fix incorrect PSK key being used if it had leading zeroes. * Initialise "result" variable as soon as possible in mosquitto_topic_matches_sub. Closes #654. * No need to close socket again if setting non-blocking failed. Closes #649. * Fix mosquitto_topic_matches_sub() not correctly matching foo/bar against foo/+/#. Closes #670. Clients: * Correctly handle empty files with "mosquitto_pub -l". Closes #676. Build: * Don't run TLS-PSK tests if TLS-PSK disabled at compile time. Closes #636.- Update to 1.4.14 * Broker: - Fix regression from 1.4.13 where persistence data was not being saved.- Fix incorrect RPM groups. - Remove repeated license declaration from description. Trim package descriptions for size. - Errors from user creation must not be ignored.- Add mosquitto-1.4.12-use-SOURCE_DATE_EPOCH.patch: Determine build timestamp from latest revision of .changes file in order to make the build reproducible and avoid useless republishing.- Update to 1.4.13 * Security: - Fix CVE-2017-9868. The persistence file was readable by all local users, potentially allowing sensitive information to be leaked. This can also be fixed administratively, by restricting access to the directory in which the persistence file is stored. * Broker: - Fix for poor websockets performance. - Fix lazy bridges not timing out for idle_timeout. - Fix problems with large retained messages over websockets. - Set persistence file to only be readable by owner, except on Windows. - Fix CONNECT check for reserved=0, as per MQTT v3.1.1 check MQTT-3.1.2-3. - When the broker stop, wills for any connected clients are now "sent". - Auth plugins can be configured to disable the check for +# in usernames/client ids with the auth_plugin_deny_special_chars option. Partially closes #462. - Restrictions for CVE-2017-7650 have been relaxed - '/' is allowed in usernames/client ids. Remainder of fix for #462. Clients: - Don't use / in auto-generated client ids.- Update to 1.4.12 * Security: - Fix CVE-2017-7650, which allows clients with username or client id set to '#' or '+' to bypass pattern based ACLs or third party plugins. The fix denies message sending or receiving of messages for clients with a '#' or '+' in their username or client id and if the message is subject to a pattern ACL check or plugin check. * Broker: - Fix mosquitto.db from becoming corrupted due to client messages being persisted with no stored message. Closes #424. - Fix bridge not restarting properly. Closes #428. - Fix unitialized memory in gets_quiet on Windows. Closes #426. - Fix building with WITH_ADNS=no for systems that don't use glibc. Closes #415. - Fixes to readme.md. - Fix deprecation warning for OpenSSL 1.1. PR #416. - Don't segfault on duplicate bridge names. Closes #446. - Fix CVE-2017-7650.- update to 1.4.11 - Broker: - Fix crash when "lazy" type bridge attempts to reconnect. Closes #259. - maximum_connections now applies to websockets listeners. Closes #271. - Allow bridges to use TLS with IPv6. - Don't error on zero length persistence files. Closes #316. - For http only websockets clients, close files served over http in all cases when the client disconnects. Closes #354. - Fix error message when websockets http_dir directory does not exist. - Improve password utility error message. Closes #379. - Clients: - Use of --ciphers no longer requires you to also pass - -tls-version. Closes #380. - Client library: - Clients can now use TLS with IPv6. - Fix potential socket leakage when reconnecting. Closes #304. - Fix potential negative timeout being passed to pselect. Closes #329. - update 1.4.10 - Broker: - Fix TLS operation with websockets listeners and libwebsockts 2.x. Closes #186. - Don't disconnect client on HUP before reading the pending data. Closes #7. - Fix some $SYS messages being incorrectly persisted. Closes [#191]. - Support OpenSSL 1.1.0. - Call fsync after persisting data to ensure it is correctly written. Closes #189. - Fix persistence saving of subscription QoS on big-endian machines. - Fix will retained flag handling on Windows. Closes #222. - Broker now displays an error if it is unable to open the log file. Closes #234. - Client library: - Support OpenSSL 1.1.0. - Fixed the C++ library not allowing SOCKS support to be used. Closes #198. - Fix memory leak when verifying a server certificate with a subjectAltName section. Closes #237. - Build: - Don't attempt to install docs when WITH_DOCS=no. Closes #184.- update to 1.4.9 - Broker: - Ensure websockets clients that previously connected with clean session set to false have their queued messages delivered immediately on reconnecting. Closes #476314. - Reconnecting client with clean session set to false doesn't start with mid=1 again. - Will topic isn't truncated by one byte when using a mount_point any more. - Network errors are printed correctly on Windows. - Fix incorrect $SYS heap memory reporting when using ACLs. - Bridge config parameters couldn't contain a space, this has been fixed. Closes #150. - Fix saving of persistence messages that start with a '/'. Closes #151. - Fix reconnecting for bridges that use TLS on Windows. Closes [#154]. - Broker and bridges can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix websockets listeners not being able to bind to an IP address. Closes #170. - mosquitto_passwd utility now correctly deals with unknown command line arguments in all cases. Closes #169. - Fix publishing of $SYS/broker/clients/maximum - Fix order of #includes in lib/send_mosq.c to ensure struct mosquitto doesn't differ between source files when websockets is being used. Closes #180. - Fix possible rare crash when writing out persistence file and a client has incomplete messages inflight that it has been denied the right to publish. - Client library: - Fix the case where a message received just before the keepalive timer expired would cause the client to miss the keepalive timer. - Return value of pthread_create is now checked. - _mosquitto_destroy should not cancel threads that weren't created by libmosquitto. Closes #166. - Clients can now cope with unknown incoming PUBACK, PUBREC, PUBREL, PUBCOMP without disconnecting. Closes #57. - Fix mosquitto_topic_matches_sub() reporting matches on some invalid subscriptions. - Clients: - Handle some unchecked malloc() calls. Closes #1. - Build: - Fix string quoting in CMakeLists.txt. Closes #4. - Fix building on Visual Studio 2015. Closes #136.- update to 1.4.8 - Broker: - Wills published by clients connected to a listener with mount_point defined now correctly obey the mount point. This was a potential security risk because it allowed clients to publish messages outside of their restricted mount point. This is only affects brokers where the mount_point option is in use. Closes #487178. - Fix detection of broken connections on Windows. Closes #485143. - Close stdin etc. when daemonised. Closes #485589. - Fix incorrect detection of FreeBSD and OpenBSD. Closes #485131. - Client library: - mosq->want_write should be cleared immediately before a call to SSL_write, to allow clients using mosquitto_want_write() to get accurate results.- update to 1.4.7 - Broker: - Fix support for libwebsockets 1.22. - changes from 1.4.6 - Broker: - Add support for libwebsockets 1.6. - Client library: - Fix _mosquitto_socketpair() on Windows, reducing the chance of delays when publishing. Closes #483979. - Clients: - Fix "mosquitto_pub -l" stripping the final character on a line. Closes #483981.- enable websocket supports- enabled tcp wrapper support- pass the config file in the service file. it does not load it otherwise.- update to 1.4.5 - Broker - Fix possible memory leak if bridge using SSL attempts to connect to a host that is not up. - Free unused topic tree elements (fix in 1.4.3 was incomplete). Closes #468987. - Clients - “mosquitto_pub -l” now no longer limited to 1024 byte lines. Closes #478917.- update to 1.4.4 - Broker: - Don't leak sockets when outgoing bridge with multiple addresses cannot connect. Closes #477571. - Fix cross compiling of websockets. Closes #475807. - Fix memory free related crashes on openwrt. Closes #475707. - Fix excessive calls to message retry check.- update to 1.4.3 - Broker - Fix incorrect bridge notification on initial connection. Closes #467096. - Build fixes for OpenBSD. - Fix incorrect behaviour for autosave_interval, most noticable for autosave_interval=1. Closes #465438. - Fix handling of outgoing QoS>0 messages for bridges that could not be sent because the bridge connection was down. - Free unused topic tree elements. Closes #468987. - Fix some potential memory leaks. Closes #470253. - Fix potential crash on libwebsockets error. - Client library - Add missing error strings to mosquitto_strerror. - Handle fragmented TLS packets without a delay. Closes [#470660]. - Fix incorrect loop timeout being chosen when using threaded - interface and keepalive = 0. Closes #471334. - Increment inflight messages count correctly. Closes #474935. - Clients - Report error string on connection failure rather than error code.- update to 1.4.2 Broker: - Fix bridge prefixes only working for the first outgoing message. Closes #464437. - Fix incorrect bridge connection notifications on local broker. - Fix persistent db writing on Windows. Closes #464779. - ACLs are now checked before sending a will message. - Fix possible crash when using bridges on Windows. Closes [#465384]. - Fix parsing of auth_opt_ arguments with extra spaces/tabs. - Broker will return CONNACK rc=5 when a username/password is not authorised. This was being incorrectly set as rc=4. - Fix handling of payload lengths>4096 with websockets. Client library: - Inflight message count wasn't being decreased for outgoing messages using QoS 2, meaning that only up to 20 QoS 2 messages could be sent. This has been fixed. Closes #464436. - Fix CMake dependencies for C++ wrapper building. Closes [#463884]. - Fix possibility of select() being called with a socket that is >FD_SETSIZE. This is a fix for #464632 that will be followed >up by removing the select() call in a future version. - Fix calls to mosquitto_connect*_async() not completing.- added mosquitto-1.4.1_apparmor.patch to make the profile work in newer apparmor- merge a few things from the other packages - create dir structure in the config dir + readmes - splitout the client - provide the splitted devel package names - install the apparmor profile - install firewall config- initial package/bin/sh/bin/sh/bin/sh/bin/shs390p23 1569673115  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL1.5.7-bp151.3.3.11.5.7-bp151.3.3.11.5.7-bp151.3.3.1      apparmor.dlocalusr.sbin.mosquittousr.sbin.mosquittomosquittoaclfile.exampleca_certificatesREADMEcertsREADMEconf.dREADMEmosquitto.confpskfile.examplepwfile.examplemosquittomosquitto_passwdmosquitto.servicemosquittorcmosquittomosquittoCONTRIBUTING.mdChangeLog.txtabout.htmlaclfile.exampleedl-v10epl-v10examplesmysql_logMakefilemysql_log.csubscribe_simpleMakefilecallback.cmultiple.csingle.ctemperature_conversionMakefilemain.cppreadme.txttemperature_conversion.cpptemperature_conversion.hlogolegacymosquitto-14x14.pngmosquitto-16x16.pngmosquitto.svgmosquitto-logo-min.svgmosquitto-logo-only.svgmosquitto-text-below.svgmosquitto-text-side.svgmosquitto.icomisccurrentcostcc128_log_mysql.plcc128_parse.plcc128_read.plcc128_read.pygnome-panelCurrentCostMQTT.pyCurrentCostMQTT.servercurrentcost.pngnotice.htmlpskfile.examplepwfile.examplereadme.mdsecuritymosquitto.apparmormosquittoLICENSE.txtmosquitto_passwd.1.gzmosquitto.conf.5.gzmosquitto-tls.7.gzmqtt.7.gzmosquitto.8.gzmosquitto/etc//etc/apparmor.d//etc/apparmor.d/local//etc/mosquitto//etc/mosquitto/ca_certificates//etc/mosquitto/certs//etc/mosquitto/conf.d//etc/sysconfig/SuSEfirewall2.d/services//usr/bin//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/mosquitto//usr/share/doc/packages/mosquitto/examples//usr/share/doc/packages/mosquitto/examples/mysql_log//usr/share/doc/packages/mosquitto/examples/subscribe_simple//usr/share/doc/packages/mosquitto/examples/temperature_conversion//usr/share/doc/packages/mosquitto/logo//usr/share/doc/packages/mosquitto/logo/legacy//usr/share/doc/packages/mosquitto/misc//usr/share/doc/packages/mosquitto/misc/currentcost//usr/share/doc/packages/mosquitto/misc/currentcost/gnome-panel//usr/share/doc/packages/mosquitto/security//usr/share/licenses//usr/share/licenses/mosquitto//usr/share/man/man1//usr/share/man/man5//usr/share/man/man7//usr/share/man/man8//var/lib/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protectionobs://build.opensuse.org/openSUSE:Maintenance:11164/openSUSE_Backports_SLE-15-SP1_Update/cf830f2483518c6bf8ba2c7d810b2f58-mosquitto.openSUSE_Backports_SLE-15-SP1_Updatedrpmxz5s390x-suse-linux  directoryASCII textC source, ASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld6, for GNU/Linux 3.2.0, BuildID[sha1]=36326bfda4050c28b955f0d315f0d6615951d8d5, not strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld6, for GNU/Linux 3.2.0, BuildID[sha1]=550bf6ee9310ae67aeddcb053257edfa4762e602, not strippedHTML document, ASCII textmakefile script, ASCII textC++ source, ASCII textPNG image data, 14 x 14, 8-bit/color RGB, non-interlacedPNG image data, 16 x 16, 8-bit/color RGB, non-interlacedSVG Scalable Vector Graphics imagePerl script text executablePython script, ASCII text executablePNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedXML 1.0 document, ASCII text, with very long linestroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRR R RRRR RRRRRR RR R R RRRRjS݌7]["h utf-8f75528cad5278f687a07f80e6f7166f74c52b38ecfd93670854850ebcc6c874f?7zXZ !t/@]"k%rqTAY &'GQ>o FHݽuLU1P+8K@.azr[Kej& -.5Y|;T̘}eժGrMآ=E[⢗9wzCKaZ?_jK ӳGTɿDSڅ2*è0!z9ĖFml ]'Wnk@lu_3#aM` AJWKGi~_M@GH[.AtaVU* imZslY_ܷߒ{KLԂj{>!/C( f*rbCM-*$R(:l* Z$EHW-W∈wW^Sp)k ?h%! a^ NòI-МH#!b0sul'g@B:5҉[x&C"udb/:23$ FjUD8KvZW3CYbN\ۼIz]KD<%4vHWW#:]ltJ-viBho2W3t76)F0EԶŵKׇ,g}\Q]:Np3{${= o>rPIb7JejO@* ,OEέ^o\Be>8QӪO)B F? 3^#Ttp~̑@x}qăH$Ӿ y(_f4HؽhJE7F]Tj n#T6Ki]/HZI[sJ|oVR?;o.G3i-1qx 'y|@ׇx ~E=I-W&}Asvh&?AxJ*sN GӬUOԭ)5 *tf}jx~hGL\k~KvnNB]t jQ=^ tN̒Cƌ5%\X^IM hၿ-(a}8U̇Sym;=\kq?ӈD-,&&X+&9 ETLD+!^H T&ԕ Je0v"pИ3M0[6~-0O4h)#!@u۝&A22Iƿ8~DgIu=_߹'-g%vbs\|(`x1 `>Ԣ Mg`mv_/J[1 s˔䖒'x=V,NZ`cw2ĪV-L_e;_+&ÐM EpWQ 3+ˆ!O2=dyxoXuCw٩bOI LHv'CE{{~IcB A(xE4|-sb~ S\Çg_ Taz}+Oϗ:ޮTG(6m6(=*ԕZF6uI$B83Gv|d AX"O=8~'mnp_J45k4:<$praB|NBu=3+5b8 dg'0V鷿{q B*79dq]Ӕ,:8^)r(lW()S72.zҡI{A7]럢wU]=h[ %S:cV[**L}mnOV}o ncyz9 8mXrۭ,esuW>!k=N:ܦ_Լk^ :Z?P9*۔*i( ߗ: VgDȭ3|~DݛT7&r%!MluZUbm$X^Cf]S4W!rw Ans]o)!eaG]Y:4Nq*̨BA/m[L9/ɓC@){LX,3aM8q6~J/!g˴~1˞~uYZ-A"#.s]l#5U1=c^0ɛR^ 'e^:Г\(sەK x *[T6n$x8_- iᩁL֖RYw1Ⱥ$wy5k\zy-%o5pxq6VeH!_50%KjB|z(<] [x=l{TS~OiY;eAϋ1kl52V[l3"MTZ*JX%U] Vmzz3>ݽx3ޗ=Oá<+?csuGY{Ezf8pБoH>R'4]ȓ2T- 4ZO%3 Qea0 Yp: Xyך]ph %' I'bQ 8G)&߻/g*PY?PQF7fJ(AZ sy/G9[2_}g0S \~[e\+?&&q8U8uڝw?g&,6'' ib^#)ftN2=Ŝޙ|{V9}DW} ۴ _bIk3, ~PЅA mVJ CKiT t q6xjk/05JbٿÂ'eJؤdsJXγx?ߪ N6d9t/SWqlFMW#84s3@aiEBЫ-IЫͤ$WA%=&Ԉo#r[M“gX>-B F  suQ1+DDЏ__wp0@)$f?0 ڏXq9,!gsr c{wTY19%>< JCTr=\Ɖ(=ԈdB7622嶲Ocd/Z+֞u8G SNA{GYzL%AG~`è ڽƢH8kw)V? +TǂchnIUQO3Ccl>HZM}N:BdXteF*S?1@mߵR2Yrj]G~=& B̘WQuE|x4Vk=]Nn2k'#XZFLXPt]I]S~L 'Efu6h+m:5:kHs{-rk58,Շa0 ] 1uoz-ɗ{Q W~+OD5wPBfaBp5`>"cnRM&"Ȣu@>֎KmʼnNv!y2#&B^M& -❭BpYaw Ӳ:T#Nf߰1;=1\P20H#3Ӧ9sp` !v<`^>xDa!{Q9]"'Xa]UxȬEvxʮzj N+|fߨ>p,uTPOr\x)qIٸ[D.SDsanf\3W_.?Zq)--zl>~Щy\tqřeO W,Sx0hGκu֡6hYŬXNWCM:a,ܙOja27ԫQ!١/Xn-CS:R`˒#;Rc@KBVqLRܦfOQO iq "?1ƼX"s> +!pLrT!4߶'I:˳tmxC"O:B;piR1*X6Z1>[ZffmfB7n v' cFK[$k;fd2S6jݝTV,\߸֢ao@T`Q=M!U"QT$yMQ?Zxk\ˌ0M;wʨ/XلSh[_N)ýn33Z$xb T0w&{rWW QO 9F'G/T${ۗh$='V4Z~Q/kx!ǰ(xS5emUzAiLyuc3[.Nxe}瘠^E)#̞f/*de ̸weVP9S$COfQ3u@-5Q0J H 6?&4yQa{~@6 U$#JuP 8q[Db,1ii)]%ֶ|9ⳗRw!sG!41x蹤C͜rhA^W,*`Q8[ |*p\ĉOҖ*~ZZ"ލl㍌q?sI3D⭇d{{F6I("}Q an#*K/Oֳ-34 yA7U'+-T*ժ aL7)4qO' $ZDJIoԼ[ -;LJyQ05ֺFq mn 6{)7! FO.M)[]U wm 6mٲwӇ{^3UFܪÐBgJ4:G~M~Z Cs\]d%ECpfȏA=zήr4t*qm&8ͿRvo}I%L&9O1yIDfC9DakN~qF/8ѢT_z@3?SF1շG+6uM eY`S{8f*ovW1;G{st]};ktAZ!iqr {LB.[YWZ .z({%2ϟX^;Sv^&! L$;Q~Fk+?_87VGF.w齟o<-ˋVkۈNc1TŐ^ҡ([ t DQbXѥ <#^9#yW39:Ĩ:~BFXs CTre:<$HJ{oT3x\OVARO_cU3ABJxc1eFD$9zFb]55ޮ&*Iݢ]c8.ړdu:=\`~(_!JrW.zzM-QR@1n >~K+9D{2R4 \v#ϭź2Kjga*6lߩK`Z+KJKNnIP# 3 oUC< 44 wS '_T̗H\S.u:뙣W1 MB@ru%5T-!Enk.oT|jI`r*~6"4P§ )iWV؈٦Hms*Vf%LgZLtߘ)t&VopDU㲱or`'b +Rje?:^ZRQ X5QY_$e|L]j'p0ĩs96{z -'Mx2-P)<mLDuUa ]:^p<\cX`f_X(;I07|*BH _^-ZYMKa-k@QcHj@ys}` yF`尬0u8Mmdm:/'MrB!ؘyWys'\KdY5q $okglf!(#5;wRLllT$+HQ W斋}5?th(kܿ9|dZ&v"Ό嗑}׮WJ_m4A]n!F)&hR6?))tzc cUhx01%wYu^sc#=51_d=DRi)) FXuw~pcܭa-jg@ &C{,⮱YDDln&Mͦ1b;)AsX҃(NKQ%u W_/d6ayK,Х0|͈= w<kq 0=u 2&rH7hla!gs/#-M0cEQR^ 2|`{Viےי@^g Y΃[M+N,Ƞu ߐ̐.bR^6,.DQ&xmhtu}E꺶E_eCFm;AF[ \/$q@3ܩ8czcv<}$ osӆѤ똠"5f/j/Ԯ&AS-lzL QՑ]BX{g&l3kRH9ev@ooyVɌe83JYvdՃp%vCn}.xEjmw:EQ@sO 4ës0X!_vH?[w@]*:%̀/~fG rB 5kȳ uqDb|[s }s網d97VR@*wQR6?^!,SKA PѾkl4_4tniqPTz*?_?>4dR nI[X$WoEyQ+){.hhrnODjhFƃ#hHG^xy3"_UBFؓ3FHa$?Y66CLUF0>KXC|Ӝʸs#Uɇ.jә#BPԶCdDJ%rz xg@R 1TdxE̪P<[y+%XxC<;T.UgZNcDػjռ8#+תzY"c@Ӹ ͊5edWny r(z$Kdk17G^9ޞe Ph`~Y`5wpg`F9erLygʆ`w7G 3%s>H98E")7k41;`>yE'*XU v9}>@U<{Cxb謙QHq撃J?7Po;>etcB (EY75O%G""m$UlZL]ƴ0^"C8kt#LWV.\LI#EA;;ۍ,c~JHa.LA^@_8焃kVFMO\1nGG#[$qJЄ .Mxi ҎL mq8/[\iq׵P}o֍`R4]OSL/,"2{vH-+"kFNяfc(93ٵXD,* ϋN| ^~,f,@!1k5cY(Kl-gЎ؂dSG w"R|8pa I4h@B"=4(`iz~XF.26)/z3R;[^;UnFLcv] G]}D$%u/ɊR/$VFq|k, fhj-jBu`ЬRIerM\̭J';^~W*sN6\lvrۆqc%c^XyŤ+6&zʻ: Bj^*gT{T8R2!HYJnYI怄O:}wv52JioN}4:ZDLC bn}=-4״!8HmbjC)XMe/Žl:BTLqRhT))4gLO1HkP>ϝlw[OD(ߗY(iI%Wi ?~VcjDZCgLP?8N)ՊYO<3^*V1s-XcV6ߜ=n-h ع<.jh$r!imk-BQZëi%]uIKlIsj&z[& ;7*eqZЃڊگ-Æ 쾛)jk{?Nmٴqsbb_}'5ےB)?{4s>lt{Rӵ߉s長uMiޞD`3'ON$9~qk 8^/WӁQ`j`0U_riS*} qB={腢߷֍ڙw%8 DA =gɑ׸x#YR,lj0C6Jyʊ>:wյf`"*&T ׉ThL$-wIc(z\\6TBY|i(a4L'p%Hdn"1DGرxֵ$;4}aHxms@P,)kZt }q<43{n10%j"ނW{cܦxs.Q!7.tX-EiiуߩhQgߩn^ gWJ d#$[KUpRϹ]k-&Čh!>Y.rӨP[ܵ3羴}^i)|ynrJJg '%&*3p?SCӢ_ t9  y;C˅5m Gz>9i3KΑkFGHn\=pj]i ʡ(qך!ڀiIkRwf4MZT=nș&ϜqۜE <VNNZ!.ja{Egfӱh_@R2w˛;KWVu㜃mͻwGY ݜ8Fw?G$b/EE ّZuMt}y-j^[ꋡ KydQUW՛!?ؼ/@٤K WPлBkD))WR׾EYЊP >"i`sƜ i;&؞b$Q?Hֱd;Sqk6~1' zޙծLع*gR'LJtΗw|T~y aB olg J`bC_yJFtl'ٖP'5ƉY{( CR6S"`qϹr tKQV2g&v'E>FIN˰`V戺j<(8y&ɕ,R;e+Z+&&zLZ#sR3C~ 0Gj+U/t"!sǣ0/&xO.UقQS$,ASK HL^{̀^6)[ijd[JS]m\ PJ>{sBmMW ҽ12\M\9lNwI% bU3FCRg'%E/>N',e|ّ._7@I+J &i5# Jgk&÷ {le8Հ̘&S  šӥp"vt*1Zji?Q (cV[ysyD3#}@W.>wk;޿0R&4 !o.M)ခO3זb;ZWDv AEOi[:9vٻ[\ӵ+ĔFy.ӷ'q-}U WZ|߲ (xdR{tk ~1wq蘢xH^$+F}'_x߫Y~E;I/Uy`D/#7? @Pt c5sH_kucP?vgLp4ޗ@cmzA`}"pr7ZɱYp'xWKh5\쎇*Elu_bH̷jb k3ǥ=Us@9)&t=.X "Ҩ3vjv:躹5VRhkQljN8G21.kq[\Ul"8|V!Xf$_n #݈ .k뾷#Ql4 EZR@Hën}ܰsuvdig/V}+m@Ijo|B6*BWRX¯ssCЩr5G%0`gb+H7`NsZl8;y|bC9~(W*5@=;Õ_ni{_VlkAqĖX (kf2eEڝ*lmH$4EN"**LXI`?gR27t,D-dV9 ;ZE cS/uM@3@2LjPO)d" Em8,zwwFt*0 $l/h—ڳ9/XlgDkar!6ʁЙB YZ